Slashdot reader stiebing.ja writes: IoT devices, like DVR recorders or webcams, which are running Linux with open telnet access and have no passwords or default passwords are currently a target of attacks which try to install malware which then makes the devices a node of a botnet for DDoS attacks. As the malware, called Linux/Mirai, only resides in memory, once the attack has been successful, revealing if your device got captured isn't so easy, and also analyzing the malware is difficult, as it will vanish on reboot.
Plus the malware lays low at first, though "it is obvious that the main purpose is still for a DDoS botnet," according to MalwareMustDie, and it's designed to spread rapidly to other IoT devices using a telnet scanner. "According to the experts, several attacks have been detected in the wild," according to the article, which warns that many antivirus solutions are still unable to detect the malware, and "If you have an IoT device, please make sure you have no telnet service open and running."

A new announcement on their web site reads: LinuxScreenshots.org is closed. An archive of all screenshot tours from this site has been made freely available to the community, which consists of 2300 releases from 580 distributions. You may download this archive for fun, or to start your own Linux screenshots website. Please help seed torrents. I contacted the site's owner, who confirmed the news, saying their goal is to let the community take control of the screenshots. The archives are available on Dropbox and BitTorrent.

Clement Lefebvre, otherwise known as the man behind Linux Mint, announced on Friday the release and immediate availability of the final version of Linux Mint 18 "Sarah" KDE Edition OS. Sarah KDE has been available in beta for a few months now, but you can get the Live ISO images from the company's website. The new version is based on Ubuntu 16.04 LTS (Xenial Xerus) distro, Lefebvre said. The new version comes with Plasma 5.6 desktop environment and associated apps. BrianFagioli writes: If you have at least 2GB of RAM, the Linux-based operating system could bring your aging computer into 2016 and beyond. Plasma offers plenty of options to 'make it yours', but it can sometimes be confusing -- there can be such a thing as too much choice. If after installing it you find it overwhelming, I would suggest going with the tried and true Cinnamon desktop environment instead. That seems to be the major focus of the Linux Mint team too. The Mint team is also including the Kubuntu backports ppa, which it promises will provide newer updates to KDE Plasma. Fans of the desktop environment should enjoy this immensely.

An anonymous reader writes:IBM on Thursday rolled out its latest Power8 processor, which is designed to move data faster, and new servers with OpenPower features. For IBM, the OpenPower Foundation community is critical for its Power8 processor. A bevy of companies are in OpenPower, a group that aims to be a counterweight to x86-based servers. With the new systems, IBM is hoping to target more artificial intelligence, analytics, and deep learning workloads. The systems will be lumped into the Power Systems LC family of Linux servers. Big Blue's Power S822LC for High Performance Computing server is the headliner of the group, with the Power8 processor with Nvidia's Tesla P100 Pascal GPUs. The system also has Nvidia's NVLink processor that allows for high-speed bidirectional interconnects. IBM said the combination of IBM and Nvidia technology allows data to flow five times faster than an x86-based system.

An anonymous reader writes: The Raspberry Pi has sold 10 million units -- continuing its success as the most popular British computer ever. The computer, about the same size as a credit card, was first released in 2012 and is widely used as an educational tool for programming. However, it can also be used for many practical purposes such as streaming music to several devices in a house. A new starter kit for Raspberry Pi, including a keyboard and mouse, has been released to celebrate the success. The kit also includes an SD storage card, official case, power supply, HDMI cable, mouse, keyboard and guidebook -- it costs $130 and will be available in the coming weeks. The Pi, which is manufactured in Wales, has been adopted by pupils, programmers and inventors around the world.

New submitter Kinwolf writes: Security researchers have identified a new family of Linux rootkits that, despite running from user mode, can be hard to detect and remove. Called Umbreon, after a Pokemon character that hides in the darkness, the rootkit has been in development since early 2015 and is now being sold on the underground markets. [It targets Linux-based systems on the x86, x86-64 and ARM architectures, including many embedded devices such as routers.] According to malware researchers from antivirus firm Trend Micro, Umbreon is a so-called ring 3 rootkit, meaning that it runs from user mode and doesn't need kernel privileges. Despite this apparent limitation, it is quite capable of hiding itself and persisting on the system. The reports adds: "The rootkit uses a trick to hijack the standard C library (libc) functions without actually installing any kernel objects. Umbreon hijacks these functions and forces other Linux executables to use its own libc-like library. This puts the rootkit in a man-in-the-middle position, capable of modifying system calls made by other programs and altering their output. The rootkit also creates a hidden Linux account that can be accessed via any authentication method supported by Linux, including SSH (Secure Shell). This account does not appear in files like /etc/passwd because the rootkit can modify the output of such files when read, the Trend Micro researchers said in a blog post. Umbreon also has a backdoor component called Espereon, named after another Pokemon character, that can establish a reverse shell to an attacker's machine when a TCP packet with special field values are received on the monitored Ethernet interface of an affected device."

An anonymous reader quotes a report from Neowin: Four years ago, Adobe made a decision to stop updating the Flash Player package (NPAPI) on Linux, aside from delivering security patches. It has made an about turn on this decision in the last week and has said that it will keep it in sync with the modern release branch going forward. In its announcement, Adobe wrote: "In the past, we communicated that NPAPI Linux releases would stop in 2017. This is no longer the case and once we have performed sufficient testing and received community feedback, we will release both NPAPI and PPAPi Linux builds with their major version numbers in sync and on a regular basis." Although this is great news for Linux users who don't want to struggle to watch Flash content online, there also a few drawbacks. Adobe writes: "Because this change is primarily a security initiative, some features (like GPU 3D acceleration and premium video DRM) will not be fully implemented. If you require this functionality we recommend that you use the PPAPI version of Flash Player." You can download the new NPAPI binaries from the Adobe Labs download page.

prisoninmate writes: What's Kali Linux 2016.2? Well, it's an updated Live ISO image of the popular GNU/Linux distribution designed for ethical hackers and security professionals who want to harden the security of their networks, which contains the latest software versions and enhancements for those who want to deploy the OS on new systems. It's been quite some time since the last update to the official Kali Linux Live ISOs and new software releases are announced each day, which means that the packages included in the previous Kali Linux images are very old, and bugs and improvements are always implemented in the most recent versions of the respective security tools. Best of all, the new Kali Linux 2016.2 release comes in KDE, MATE, Xfce, LXDE, and Enlightenment E17 flavors.
Their blog also points out that Kali recently appeared in an episode of Mr. Robot.

An anonymous reader writes: The FBI seems to have solved the mysterious case of the 2011 kernel.org hack, when an unknown attacker breached kernel.org servers and attempted to install a rootkit in the kernel code. As years went by, the Linux Kernel Organization kept avoiding releasing an incident response surrounding the event, irking their community accustomed to more open communications from their leaders. The mystery seems to have been solved when yesterday a Florida man was arrested and charged with "hacking the Linux Kernel Organization" and installing a "rootkit and trojan software," just like in the 2011 kernel.org server breach. Donald Ryan Austin is his name. He was arrested during a routine traffic stop last Sunday, on August 28, 2016, and faces a maximum sentence of ten years in prison, a fine of $250,000, and any other restitution.

prisoninmate quotes a report from Softpedia: By following a rolling release model, TrueOS promises to be a cutting-edge and modern FreeBSD-based operating system for your personal computer, designed with security and simplicity in mind -- all while being stable enough to be deployed on servers. TrueOS will also make use of the security technologies from the OpenBSD project, and you can get your hands on the first Beta ISO images right now. The development team promises to offer you weekly ISO images of TrueOS, but you won't have to download anything anymore due to constant updates thanks to the rolling release model. TrueOS will use LibreSSL instead of OpenSSL, offer Linux DRM 4.7 compatibility for supporting for Intel Skylake, Haswell, and Broadwell graphics, and uses the pkg package manage system by default. "TrueOS combines the convenience of a rolling release distribution with the failsafe technology of boot environments, resulting in a system that is both current and reliable. TrueOS now tracks FreeBSD's 'Current' brand and merges features from select FreeBSD developer branches to enhance support for newer hardware and technologies," reads today's announcement.

LichtSpektren writes: Version 6.0 of the free operating system OpenBSD has just been released. This release features much improved hardware and armv7 support, a new tool called proot for building software ports in an isolated chroot environment, W^X that is now strictly enforced by default, and removal of official support for Linux emulation, usermount, and systrace. The release announcement can be read here. The release is OpenBSD's 40th release on CD-ROM and 41st release via FTP/HTTP.

An anonymous reader writes: Today, Fedora 25 Alpha sees a release. While the pre-release distribution is not ready for end users, it does give testers an early start at poking around.
Keep in mind what an Alpha release is folks -- this is pre-Beta. In other words, it is littered with bugs, and you should definitely not run it on a production machine. There are already some show-stopping known issues -- a couple are related to dual-booting with Windows (scary). One bug can destroy OS X data when dual-booting on a Mac!

Today the San Jose Mercury News asked several prominent security experts which security products they were actually using for their own data. An anonymous Slashdot reader writes: The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security. ("I don't like to get complacent and rely on it in any way...") He does regularly encrypt his e-mail, "but he doesn't recommend that average users scramble their email, because he thinks the encryption software is just too difficult to use."

The newspaper also interviewed security expert Eugene Spafford, who rarely updates the operating system on one of his computers -- because it's not connected to the internet -- and sometimes even accesses his files with a virtual machine, which he then deletes when he's done. His home router is equipped with a firewall device, and "he's developed some tools in his research center that he uses to try to detect security problems," according to the article. "There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me."
Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."

Long-time Slashdot reader sfcrazy writes: During LinuxCon, Torvalds was full of praise for GNU GPL: "The GPL ensures that nobody is ever going to take advantage of your code. It will remain free and nobody can take that away from you. I think that's a big deal for community management... FSF [Free Software Foundation] and I don't have a loving relationship, but I love GPL v2. I really think the license has been one of the defining factors in the success of Linux because it enforced that you have to give back, which meant that the fragmentation has never been something that has been viable from a technical standpoint."

And he thinks the BSD license is bad for everyone: "Over the years, I've become convinced that the BSD license is great for code you don't care about," Torvalds said.
But Linus also addressed the issue of enforcing the GPL on the Linux foundation mailing list when someone proposed a discussion of it at Linuxcon. "I think the whole GPL enforcement issue is absolutely something that should be discussed, but it should be discussed with the working title 'Lawyers: poisonous to openness, poisonous to community, poisonous to projects'... quite apart from the risk of loss in a court, the real risk is something that happens whether you win or lose, and in fact whether you go to court or just threaten: the loss of community, and in particular exactly the kind of community that can (and does) help. You lose your friends."

An anonymous reader quotes a report from BetaNews: Today, the first beta of Ubuntu Linux 16.10 sees release. Once again, a silly animal name is assigned, this time being the letter "Y" for the horned mammal, "Yakkety Yak." This is also a play on the classic song "Yakety Yak" by The Coasters. Please be sure not to "talk back" while testing this beta operating system! "Pre-releases of the Yakkety Yak are not encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage. They are, however, recommended for Ubuntu flavor developers and those who want to help in testing, reporting and fixing bugs as we work towards getting this bos grunniens ready. Beta 1 includes a number of software updates that are ready for wider testing. These images are still under development, so you should expect some bugs," says Set Hallstrom, Ubuntu Studio project lead. He adds: "While these Beta 1 images have been tested and work, except as noted in the release notes, Ubuntu developers are continuing to improve the Yakkety Yak. In particular, once newer daily images are available, system installation bugs identified in the Beta 1 installer should be verified against the current daily image before being reported in Launchpad. Using an obsolete image to re-report bugs that have already been fixed wastes your time and the time of developers who are busy trying to make 16.10 the best Ubuntu release yet. Always ensure your system is up to date before reporting bugs." Here are the following download links: Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio.

The creator of Linux, Linus Torvalds, posted his famous message announcing Linux on August 25, 1991, claiming that it was "just a hobby, won't be big and professional like gnu." ZDNet's Steven J. Vaughan-Nichols caught up with Linus Torvalds and talked about Linux's origins in a series of interviews: "SJVN: What's Linux real birthday? You're the proud papa, when do you think it was? When you sent out the newsgroup post to the Minix newsgroup on August 25, 1991? When you sent out the 0.01 release to a few friends?

LT: I think both of them are valid birthdays. The first newsgroup post is more public (August 25), and you can find it with headers giving date and time and everything. In contrast, I don't think the 0.01 release was ever announced in any public setting (only in private to a few people who had shown interest, and I don't think any of those emails survived). These days the way to find the 0.01 date (September 17) is to go and look at the dates of the files in the tar-file that still remains. So, both of them work for me. Or either. And, by the way, some people will argue for yet other days. For example, the earliest public semi-mention of Linux was July 3: that was the first time I asked for some POSIX docs publicly on the minix newsgroup and mentioned I was working on a project (but didn't name it). And at the other end, October 5 was the first time I actually publicly announced a Linux version: 'version 0.02 (+1 (very small) patch already).' So you might have to buy four cakes if you want to cover all the eventualities." Vaughan-Nichols goes on to pick Linus' brain about what he was doing when he created Linux. In honor of Linux's 25th birthday today, let's all sing happy birthday... 1... 2... 3...

The Linux operating system kernel is 25 years old this month, ArsTechnica writes. It was August 25, 1991 when Linus Torvalds posted his famous message announcing the project, claiming that Linux was "just a hobby, won't be big and professional like gnu." From the article: But now, Linux is far bigger and more professional than Torvalds could have imagined. Linux powers huge portions of the Internet's infrastructure, corporate data centers, websites, stock exchanges, the world's most widely used smartphone operating system, and nearly all of the world's fastest supercomputers. The successes easily outweigh Linux's failure to unseat Microsoft and Apple on PCs, but Linux has still managed to get on tens of millions of desktops and laptops and Linux software even runs on Windows.Do you use any Linux-based operating system? Share your experience with it. What changes would you want to see in it in the next five years?

An anonymous Slashdot reader writes: I'm surprised this hasn't surfaced on Slashdot already, but yesterday Phoronix reported that systemd will soon be handling file system mounts, along with all the other stuff that systemd has encompassed. The report generated the usual systemd arguments over on Reddit.com/r/linux with Lennart Poettering, systemd developer and architect, chiming in with a few clarifications.
Lennart argued it will greatly improve the handling of removable media like USB sticks.

An anonymous Slashdot reader quotes a report from fossBytes: Linux Mint 18 'Sarah' KDE Edition Beta is now available for download and testing. This release is based on the long-term supported Linux 4.4 kernel and KDE Plasma 5.6 desktop environment. The final release of this widely popular distro is expected to arrive in September... Just like MATE, Cinnamon, and Xfce releases, the KDE release is a long term release that will remain supported until 2021.

Linux Mint 18 'Sarah' KDE Edition ships with Mozilla Firefox as default web browser and LibreOffice as the default office suite. The Linux distro also features a wide range of popular KDE apps like Kontact, Dolphin, Gwenview, KMail, digiKam, KTorrent, Skanlite, Konversation, K3b, Konsole, Amarok, Ark, Kate, Okular, and Dragon Player.
"Unlike other Linux Mint editions, the KDE edition will ship with the SDDM display manager," reports the Linux Mint blog. Distrowatch notes that it's based on Ubuntu 16.04, and suggests "Mint's 'KDE' flavour might turn out to be the most interesting of the bunch, especially if the project's usually excellent quality assurance is applied to this edition in the same manner as in its 'MATE' and 'Cinnamon' variants."

Intel demoed their new robotics compute module this week. Scheduled for release in 2017, it's equipped with various sensors, including a depth-sensing camera, and it runs Ubuntu on a quad-core Atom. Slashdot reader DeviceGuru writes: Designed for researchers, makers, and robotics developers, the device is a self contained, candy-bar sized compute module ready to pop into a robot. It's augmented with a WiFi hotspot, Bluetooth, GPS, and IR, as well as proximity, motion, barometric pressure sensors. There's also a snap-on battery.

The device is preinstalled with Ubuntu 14.04 with Robot Operating System (ROS) Indigo, and can act as a supervisory processor to, say, an Arduino subsystem that controls a robot's low-level functions. Intel demoed a Euclid driven robot running an obstacle avoidance and follow-me tasks, including during CEO Brian Krzanich's keynote (YouTube video).
Intel says they'll also release instructions on how to create an accompanying robot with a 3D printer. This plug-and-play robotics module is a proof-of-concept device -- the article includes some nice pictures -- but it already supports programming in Node.js (and other high-level languages), and has a web UI that lets you monitor performance in real-time and watch the raw camera feeds.