"More top-tier computer OEMs are now offering a broad assortment of Linux desktops," reports ZDNet.

"In the latest move, Lenovo, currently the top PC vendor in the world according to Gartner, will roll Ubuntu Linux 20.04 LTS out across 30 of Lenovo's ThinkPads and ThinkStations..." While Lenovo started certifying most of its laptop and PC line on the top Linux distributions since June 2020, this is a much bigger step. Now, instead of simply acknowledging its equipment will be guaranteed to run Linux, Lenovo's selling Ubuntu Linux-powered hardware to ordinary Joe and Jane users.

Previously, you could only buy most of these machines if you were a business and had specified you wanted Ubuntu on a customized bid. Now, nearly 30 Ubuntu-loaded devices will now be available for purchase via Lenovo.com. These include 13 ThinkStation and ThinkPad P Series Workstations and an additional 14 ThinkPad T, X, X1, and L series laptops, all with the 20.04 LTS version of Ubuntu...

No one's predicting a "Year of the Linux desktop." Companies such as Dell and Lenovo aren't predicting such a game-changing event, but they're selling largely to enterprise companies, which have seen the virtues of using high-end Linux desktops for powerful, forward-looking technologies such as AI, ML, containers, and cloud-native computing.
"Our announcement of device certification in June was a step in the right direction to enable customers to more easily install Linux on their own," explains Lenovo's vice president of PCSD software and cloud — but now they're going even further.

"Our goal is to remove the complexity and provide the Linux community with the premium experience that our customers know us for. This is why we have taken this next step to offer Linux-ready devices right out of the box."

Most of Microsoft's money now comes from its cloud service Azure, points out open-source advocate Eric S. Raymond. Now he posits a future where Windows development will "inevitably" become a drag on Microsoft's business: So, you're a Microsoft corporate strategist. What's the profit-maximizing path forward given all these factors? It's this: Microsoft Windows becomes a Proton-like emulation layer over a Linux kernel, with the layer getting thinner over time as more of the support lands in the mainline kernel sources. The economic motive is that Microsoft sheds an ever-larger fraction of its development costs as less and less has to be done in-house. If you think this is fantasy, think again. The best evidence that it's already the plan is that Microsoft has already ported Edge to run under Linux. There is only one way that makes any sense, and that is as a trial run for freeing the rest of the Windows utility suite from depending on any emulation layer.

So, the end state this all points at is: New Windows is mostly a Linux kernel, there's an old-Windows emulation over it, but Edge and the rest of the Windows user-land utilities don't use the emulation. The emulation layer is there for games and other legacy third-party software. Economic pressure will be on Microsoft to deprecate the emulation layer... Every increment of Windows/Linux convergence helps with that — reduces administration and the expected volume of support traffic.

Eventually, Microsoft announces upcoming end-of-life on the Windows emulation. The OS itself , and its userland tools, has for some time already been Linux underneath a carefully preserved old-Windows UI. Third-party software providers stop shipping Windows binaries in favor of ELF binaries with a pure Linux API...

...and Linux finally wins the desktop wars, not by displacing Windows but by co-opting it. Perhaps this is always how it had to be.

Long-time Slashdot reader Bismillah quotes iTnews: A software engineer in Melbourne is whiling away the city's lockdown by creating a tool that DOS users so far have lacked: an integrated Linux environment similar to what Windows 10 users enjoy...

"I first started out just seeing if I could get Linux booting from the DOS command line, and that turned out to be straightforward enough so I thought it'd be fun to see if I could continue executing DOS once Linux was running," Charlie Somerville said. "I'm mostly surprised by how smoothly the whole thing works given how *dodgy* it all is haha," he added. DOS Subsystem for Linux runs a real copy of MS-DOS under the QEMU virtual machine, and starts up from that, Somerville said...

"Helpfully Linux seems to leave the first megabyte of memory (where DOS lives) intact during its own boot process, so it's just a matter of jumping back to the right place to continue DOS execution," he added. Somerville had it pointed out to him that this approach of running DOS under vm8086 is actually how early Windows worked.

"Kinda cool to rediscover the technique so many years later," Somerville said.

On August 7, 2019, Linux Journal laid off all staff members and was left with no operating funds to continue in any capacity. Today, the technology magazine announced that they've secured a deal to keep the site alive indefinitely under the ownership of Slashdot Media. Linux Journal writes: We will begin publishing digital content again as soon as we can. If you're a former Linux Journal contributor or a Linux enthusiast that would like to get involved, please contact us and let us know the capacity in which you'd like to contribute. We're looking for people to cover Linux news, create Linux guides, and moderate the community and comments. We'd also appreciate any other ideas or feedback you might have. Right now, we don't have any immediate plans to resurrect the subscription/issue model, and will be publishing exclusively on LinuxJournal.com free of charge. Our immediate goal is to familiarize ourself with the Linux Journal website and ensure it doesn't ever get shut down again.

We're ecstatic to be able to take the helm at Linux Journal, and ensure that this legendary Linux resource and community not only stays alive forever, but continues to grow and improve. Reach out if you'd like to get involved!

Krystalo writes: Edge is finally coming to Linux. At Ignite 2020 today, Microsoft announced that Edge for Linux will be available in the Dev preview channel starting in October. Linux users will be able to download the preview from the Microsoft Edge Insider website or from their native Linux package manager. Microsoft will start with the Ubuntu and Debian distributions, with support for Fedora and openSUSE coming afterwards. "Linux stands out in that, while it has a relatively small desktop population in terms of what you might call typical consumer or end user, developers are often overrepresented in that population, and especially in areas like test automation, or CI/CD workloads for their web apps," Edge program manager Kyle Pflug told VentureBeat. "Edge on Linux is a natural part of our strategy to reduce fragmentation and test overhead for web developers. By providing the same rendering behavior and tools across platforms, developers can build and test sites and web apps in their preferred environment and be confident in the experience their customers will have."

AmiMoJo writes: The GNOME 3 desktop environment was officially released in 2011, and in 2020 we are still on version 3.x. Yeah, despite many massive changes over the last (almost) decade, we have been stuck with point releases for GNOME 3. For instance, just last week, GNOME 3.38 was released. Historically, the stable releases all ended in even numbers, with pre-release versions ending in odd. For fans of the DE, such as yours truly, we have simply learned to live with this odd versioning scheme. Well, folks, with the next version of GNOME, the developers have finally decided to move on from version 3.x. You are probably thinking the new version will be 4.0, but you'd be very wrong. Actually, following GNOME3.38 will be GNOME 40. "After nearly 10 years of 3.x releases, the minor version number is getting unwieldy. It is also exceedingly clear that we're not going to bump the major version because of technological changes in the core platform, like we did for GNOME 2 and 3, and then piling on a major UX change on top of that. Radical technological and design changes are too disruptive for maintainers, users, and developers; we have become pretty good at iterating design and technologies, to the point that the current GNOME platform, UI, and UX are fairly different from what was released with GNOME 3.0, while still following the same design tenets," says Emmanuele Bassi, The GNOME Foundation.

"Microsoft has submitted a series of patches to Linux kernel developers," reports ZDNet, "requesting that Linux run as the root partition on the Hyper-V, its hypervisor software for running Windows and non-Windows instances on hardware." Microsoft "wants to create a complete virtualization stack with Linux and Microsoft Hypervisor", according to Microsoft principle software engineer Wei Liu. Liu has proposed an RFC or request for comment that for now merely implements what are only the "absolutely necessary components to get things running... There will be a subsequent patch series to provide a device node (/dev/mshv) such that userspace programs can create and run virtual machines. We've also ported Cloud Hypervisor over and have been able to boot a Linux guest with Virtio devices since late July." Cloud Hypervisor is an experimental open-source hypervisor implementation from Intel written in the Rust programming language. It's a virtual-machine monitor that runs on top of KVM, the Kernel-based Virtual Machine hypervisor in the Linux kernel that's designed for cloud workloads...

Liu points out three more changes beyond amendments to the Hyper-V Top-Level Functional Specification. For example, Microsoft wants Linux to set up existing Hyper-V facilities differently. It also wants Linux kernel developers to change the kernel's behavior when accessing hardware memory in a way that affects driver access to the GPU and CPU that's being managed by an operating system memory manager. It's this issue that Microsoft engineers are least confident about and are asking for Linux developer support, according to Liu....

As Microsoft's executive VP of the cloud and enterprise group, Scott Guthrie, told ZDNet last year, Microsoft's shift to Linux and open source started over a decade ago when it open-sourced ASP.NET. "We recognized open source is something that every developer can benefit from. It's not nice, it's essential. It's not just code, it's community," explained Guthrie.

Esther Schindler (Slashdot reader #16,185), shares some thoughts from long-time tech reporter Steven J. Vaughan-Nichols: We'd like an easy way to judge open-source programs. It can be done. But easily? That's another matter... Plenty of people have created systems to collect, judge, and evaluate open-source projects, including information about a project's popularity, reliability, and activity. But each of those review sites — and their methodologies — have flaws.
The article looks at a variety of attempts, including freshmeat.net; Eric Raymond's attempt to revive Freecode; GitHub's star (which Docker's co-founder calls a "bullshit metric"); Synopsys's Black Duck Open Hub (formerly Ohloh); and even Google Trends. But it wraps up by pointing out that Brian Profitt, Red Hat's Open Source Program Office (OSPO) manager, is working with others on "Project CHAOSS," a new Linux Foundation project to make it easy to evaluate open-source projects.
This pulled together Grimoirelab and similar programs, such as Augur and Red Hat's own Prospector... Its metrics include what kinds of contributions are being made; when the contributions are made; and who's making the contributions. All of which are vital to understanding the overall health of a project.

CHAOSS is still a work in progress. Its official release is scheduled for February 2021... Ultimately, this data will be available to all, from end users to the project leads. "In fact, I hope this happens a lot, because we can refine our models more quickly," says Profitt.

Microsoft has submitted a series of patches to the Linux kernel with its aim being "to create a complete virtualization stack with Linux and Microsoft Hypervisor." The Register reports: The patches are designated "RFC" (Request for comments) and are a minimal implementation presented for discussion. The key change is that with the patched kernel, Linux will run as the Hyper-V root partition. In the Hyper-V architecture, the root partition has direct access to hardware and creates child partitions for the VMs it hosts. "Just think of it like Xen's Dom0," said Microsoft principal software engineer Wei Liu. Hyper-V's architecture is more similar to Xen than it is to KVM or to VMware's ESXi, and Liu acknowledged that "we drew inspiration from the Xen code in Linux," specifically for code handing interrupts. Until now, the Hyper-V root partition had to run Windows.

Microsoft has also ported Intel's open-source Cloud Hypervisor, a Virtual Machine Monitor (VMM) written in Rust that normally runs on KVM, the hypervisor that is built into the Linux kernel. Cloud Hypervisor itself is currently in "very early pre-alpha stage." Even when Linux is the root partition, it will still run on top of Microsoft's hypervisor, a thin layer running with ring -1 privileges. It will no longer be necessary to run Windows on that hypervisor, though, enabling Microsoft to call the new arrangement "a complete virtualization stack with Linux."

Researchers at Kaspersky "have warned that sophisticated hackers and crooks are increasingly targeting Linux-based devices — using tools specifically designed to exploit vulnerabilities in the platform," reports TechRepublic: While Windows tends to be more frequently targeted in mass malware attacks, this is not always the case when it comes to advanced persistent threats (APTs), in which an intruder — often a nation-state or state-sponsored group — establishes a long-term presence on a network. According to Kaspersky, these attackers are increasingly diversifying their arsenals to contain Linux tools, giving them a broader reach over the systems they can target.

Many organisations choose Linux for strategically important servers and systems, and with a "significant trend" towards using Linux as a desktop environment by big business as well as government bodies, attackers are in turn developing more malware for the platform... According to Kaspersky, over a dozen APT actors have been observed to use Linux malware or some Linux-based modules. Most recently, this has included the LightSpy and WellMess malware campaigns, both of which targeted both Windows and Linux devices. The LightSpy malware was also found to be capable of targeting iOS and Mac devices.

While targeted attacks on Linux-based systems are still uncommon, a suite of webshells, backdoors, rootkits and custom-made exploits are readily available to those that seek to use them. Kaspersky also suggested that the small number of recorded attacks was not representative of the danger they posed, pointing out that the compromise of a single Linux server "often leads to significant consequences", as the malware travelled through the network to endpoints running Windows or macOS, "thus providing wider access for attackers which might go unnoticed".

"Security researchers from Amsterdam have publicly detailed 'BlindSide' as a new speculative execution attack vector for both Intel and AMD processors," reports Phoronix: BlindSide is self-described as being able to "mount BROP-style attacks in the speculative execution domain to repeatedly probe and derandomize the kernel address space, craft arbitrary memory read gadgets, and enable reliable exploitation. This works even in face of strong randomization schemes, e.g., the recent FGKASLR or fine-grained schemes based on execute-only memory, and state-of-the-art mitigations against Spectre and other transient execution attacks."

From a single buffer overflow in the kernel, researchers claim three BlindSide exploits in being able to break KASLR (Kernel Address Space Layout Randomization), break arbitrary randomization schemes, and even break fine-grained randomization.
There's more information on the researcher's web site, and they've also created an informational video.

And here's a crucial excerpt from their paper shared by Slashdot reader Hmmmmmm: In addition to the Intel Whiskey Lake CPU in our evaluation, we confirmed similar results on Intel Xeon E3-1505M v5, XeonE3-1270 v6 and Core i9-9900K CPUs, based on the Skylake, KabyLake and Coffee Lake microarchitectures, respectively, as well as on AMD Ryzen 7 2700X and Ryzen 7 3700X CPUs, which are based on the Zen+ and Zen2 microarchitectures.

Overall, our results confirm speculative probing is effective on a modern Linux system on different microarchitectures, hardened with the latest mitigations.

rastos1 writes: Starting with Windows Insiders preview build 20211, WSL 2 will be offering a new feature: wsl --mount. This new parameter allows a physical disk to be attached and mounted inside WSL 2, which enables you to access filesystems that aren't natively supported by Windows (such as ext4).

The Amiga Fast File System (AFFS) is making a minor comeback in the new version of the Linux kernel. The Register reports: As noted by chief penguin Linus Torvalds in his weekly state-of-the-kernel report, a change to AFFS popped up among what he described as a collection of "the usual suspects" in new submissions to the kernel over the last week. The Amiga was ahead of its time, but is now largely a curiosity. However Suse developer David Sterba has noticed that "The basic permission bits (protection bits in AmigaOS) have been broken in Linux' AFFS - it would only set bits, but never delete them. Also, contrary to the documentation, the Archived bit was not handled."

"Let's fix this for good, and set the bits such that Linux and classic AmigaOS can coexist in the most peaceful manner," he added. Torvalds appears to have agreed inasmuch as Sterba's code has made it into rc4 of version 5.9 of the Linux kernel. Torvalds said that while rc4 is a big release -- he rated it as "larger than usual" -- it's still "well within the normal range, and not something I'll lose any sleep over."

An anonymous reader shares this enthusiastic report from ZDNet: Earlier this year, Linus Torvalds approved of adding drivers and other components in Rust to Linux.* Last week, at the virtual Linux Plumbers Conference, developers gave serious thought to using the Rust language for new Linux inline code. ["Nothing firm has been determined yet," reported Phoronix, "but it's a topic that is still being discussed."] And, now Amazon Web Services (AWS) has announced that its just-released Bottlerocket Linux for containers is largely written in Rust.

Mozilla may have cut back on Rust's funding, but with Linux embracing Rust, after almost 30-years of nothing but C, Rust's future is assured. Rust was chosen because it lends itself more easily to writing secure software. Samartha Chandrashekar, an AWS Product Manager, said it "helps ensure thread safety and prevent memory-related errors, such as buffer overflows that can lead to security vulnerabilities." Many other developers agree with Chandrashekar.

Bottlerocket also improved its security by using Device-mapper's verity target. This is a Linux kernel feature that provides integrity checking to help prevent attackers from overwriting core system software or other rootkit type attacks. It also includes the extended Berkeley Packet Filter (eBPF), In Linux, eBPF is used for safe and efficient kernel function monitoring.
* Linus's exact words were "people are actively looking at, especially doing drivers and things that are not very central to the kernel itself, and having interfaces to do those, for example, in Rust. People have been looking at that for years now. I'm convinced it's going to happen one day."

The article also reminds readers that AWS's Bottlerocket "is also designed to be quick and easy to maintain... by including the bare essentials needed to run containers..."

"Besides its standard open-source elements, such as the Linux kernel and containerd container runtime, Bottlerocket's own code is licensed under your choice of either the Apache 2.0 or the MIT license."