"Developers of the Deno JavaScript and TypeScript runtime are exploring the possibility of JavaScript containers — and the JavaScript sandbox itself — as a higher-level alternative to Linux containers," reports InfoWorld, citing a blog post by Node.js and Deno creator Ryan Dahl: Dahl also noted that Docker popularized the use of Linux containers, with operating system-level virtualization for distributing server software. Each container image is a dependency-free, ready-to-run software package. But browser JavaScript offers a similar hermetic environment at a higher level of abstraction, he said.

Dahl said he expects JavaScript container technology to unfold over the next couple of years.
In the blog post Dahl says scripting languages are "all pretty much the same" — but that JavaScript is "by far more widely used and future proof." [A JavaScript sandbox container] isn't meant to address the same breadth of problems that Linux containers target. Its emergence is a result of its simplicity. It minimizes the boilerplate for web service business logic. It shares concepts with the browser and reduces the concepts that the programmer needs to know. (Example: when writing a web service, very likely any systemd configuration is just unnecessary boilerplate.)

Every web engineer already knows JavaScript browser APIs. Because the JavaScript container abstraction is built on the same browser APIs, the total amount of experience the engineer needs is reduced. The universality of Javascript reduces complexity.... In this emerging server abstraction layer, JavaScript takes the place of Shell. It is quite a bit better suited to scripting than Bash or Zsh. Instead of invoking Linux executables, like shell does, the JavaScript sandbox can invoke Wasm.... Maybe the majority of "web services" can be simplified by thinking in terms of JavaScript containers, rather than Linux containers.

At Deno we are exploring these ideas; we're trying to radically simplify the server abstraction. We're hiring if this sounds interesting to you.

The Register noted this week that two "unofficial" Ubuntu remixes "came out on the same day as the official flavors."

- Ubuntu Cinnamon (Linux Mint's flagship desktop environment)

- Ubuntu Unity, a revival of what used to be the official Ubuntu desktop by Ubuntu team member Rudra B. Saraswat (described the Register as "a 12-year-old wunderkind") Ubuntu Cinnamon is the older of the two and first appeared in 2019, while Ubuntu Unity came out in May 2020, soon after the release of Ubuntu 20.04.

Ubuntu Unity....has the macOS-like desktop that was Ubuntu's standard offering from 2011 until the company pensioned it off in 2017.... Ubuntu Unity is as free as Ubuntu itself, and the new remix continues to evolve. In 22.04, most of the GNOME-based accessory apps have been replaced with the MATE equivalents, such as the Pluma text editor and Atril document viewer. (A handful remain, such as the GNOME system monitor rather than the MATE one, but the differences are trivial.) The System Settings app is the original Unity one, and the Unity Tweaks app comes pre-installed.... The new "Jammy Jellyfish" version of Ubuntu Unity also adds support for Flatpak packages alongside Ubuntu's native Snap packages. To do this, it replaces Ubuntu's Software Store with version 41.5 of GNOME Software. Interestingly, this also supports Snap packages, so sometimes, when you search for a package, you might get multiple results: one for the OS-native DEB package, possibly one for a Flatpak, and maybe a Snap version too....

[I]f you dislike both the Unity and GNOME desktops and want something more Windows-like, but you don't mind GNOME's CSD windows, then Joshua Peisach's Ubuntu Cinnamon remix may appeal. Cinnamon is the default desktop of both Ubuntu-based Linux Mint and its Debian variant. Ubuntu Cinnamon combines the latest upstream version of Mint's Cinnamon desktop, 5.2.7, with the standard app selection of upstream Ubuntu. This means most of its apps lack menu bars, except for the Nemo file manager and LibreOffice. For these classic-style apps, the Ubuntu Cinnamon distro has tweaked the GNOME title-bar layout to be more Windows-like: minimize/maximize/close buttons at top right, and a window-management menu at top left....

Cinnamon's roots as a fork of GNOME 3 do offer a significant potential feature that MATE, Xfce and indeed Unity cannot do: fractional scaling. This is clearly labelled as an experimental feature, and in testing, we couldn't get it to work, so for now, this remains a theoretical advantage.... These caveats aside, though, Ubuntu Cinnamon is maturing nicely in the new version. While Ubuntu and Ubuntu Unity are now purple-toned, Ubuntu Cinnamon has switched to a restrained theme in shades of dark orange and brown, which reminded us of the tasteful earth-toned Ubuntu of the old GNOME 2 days...

Both these desktops are X.11-based, so there's not a trace of Wayland in either distro. Both also benefit from having working 3D acceleration.
Both remixes "are aiming for inclusion as official Ubuntu flavors," the article points out.

But then again, "There are dozens of Ubuntu remixes and flavors out there. The official Ubuntu Derivatives page links to 30, and DistroWatch has more than five times as many, including many which are no longer maintained."

Fedora project leader Matthew Miller spoke to TechRepublic's Jack Wallen this week, sharing some thoughts on the future of Linux — and on open source in general: Matthew Miller: I think it's a lost cause to try to "sell" our quirky technology interest to people who don't see it already. We need to take a different approach.... I think our message, at its root, has to be around open source.... [W]ith Linux, when you install an open-source distro, you're not just part of a fan community. You're part of a colossal, global effort that makes software more available to everyone, makes that software better and better, and makes the whole world better through sharing... Just by using it you're sharing in this amazing undertaking, part of a move away from scarcity to an economy based on abundance....

Jack Wallen: What's the biggest difference in Linux today vs. Linux of 10 years ago?

Matthew Miller: I think first we have to start with just the amazing ubiquity of it. Ten years ago, it was cute to find a TV that ran Linux. Now, not only is it definitely powering your TV, you've probably got Linux running on your lightbulbs! It's everywhere. And while Linux had pushed proprietary Unix from the server room, ten years ago Windows-based servers were pushing back. The cloud changed that — now, the cloud is Linux, almost completely. (Anything that isn't is a legacy app that it was too much trouble to port!) From tiny devices to the most powerful mainframes and supercomputers: Linux, Linux, Linux....

Jack Wallen: If Linux has an Achilles' heel, what is it?

Matthew Miller: Linux and the whole free and open-source software movement grew up with the rise of the internet as an open communication platform. We absolutely need that to continue in order to realize our vision, and I don't think we can take it for granted.

That's more general than an Achilles' heel, though, so right now let me highlight one thing that I think is troubling: Chrome becoming the dominant browser to the point where it's often the only way to make sites work. Chromium (the associated upstream project) is open source, but isn't really run as a community project, and, pointedly, very very few people run Chromium itself. I'd love to see that change, but I'd also like to see Firefox regain a meaningful presence.
Miller also said Fedora's next release is focused on simplicity. ("When the OS gets in the way, it drops from the conversation I want to have about big ideas to ... well, the boring technical details that people never want to deal with")

And he also shared his thoughts on what Linux needs most. "What I'd really like to see more of are more non-technical contributors. I mean, yes, we can always benefit from more packagers and coders and engineers, but I think what we really need desperately are writers, designers, artists, videographers, communicators, organizers and planners. I don't think big companies are likely to provide those things, at least, not for the parts of the Linux world which aren't their products."

"We need people who think the whole grand project I've been talking about is important, and who have the skills and interests to help make it real."

An anonymous reader quotes a report from Ars Technica: Vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights -- the latest elevation of privileges flaw to come to light in the open source OS. [...] Nimbuspwn, as Microsoft has named the EoP threat, is two vulnerabilities that reside in the networkd-dispatcher, a component in many Linux distributions that dispatch network status changes and can run various scripts to respond to a new status. When a machine boots, networkd-dispatcher runs as root. [...] A hacker with minimal access to a vulnerable desktop can chain together exploits for these vulnerabilities that give full root access. [The step-by-step exploit flow can be found in the article. The researcher also was able to gain persistent root access using the exploit flow to create a backdoor.]

The proof-of-concept exploit works only when it can use the "org.freedesktop.network1" bus name. The researcher found several environments where this happens, including Linux Mint, in which the systemd-networkd by default doesn't own the org.freedodesktop.network1 bus name at boot. The researcher also found several processes that run as the systemd-network user, which is permitted to use the bus name required to run arbitrary code from world-writable locations. The vulnerable processes include several gpgv plugins, which are launched when apt-get installs or upgrades, and the Erlang Port Mapper Daemon, which allows running arbitrary code under some scenarios. The vulnerability has been patched, although it's unclear which version of Linux the patch is in.

UnknowingFool writes: In 2020, Paragon Software announced they wanted to upstream their previously proprietary NTFS driver into Linux. After a year of review, the NTFS3 driver was added to the Linux 5.15 kernel. While Paragon pledged to maintain their driver, there have been no major updates to the driver despite a growing list of patches that have submitted. Developer Kari Argillander has raised his concerns on the mailing list that the driver is orphaned, and that the Paragon maintainer has not responded to any messages about fixes. An offer to co-maintain the driver has also been met with "radio silence".

"We have worked on Overgrowth for 14 years," begins their new announcement. Development first began in 2008, and the game runs on Windows, macOS and Linux platforms. Overgrowth's page on Wikipedia describes the realistic 3D third-person action game as "set in a pre-industrial world of anthropomorphic fighter rabbits, wolves, dogs, cats and rats."

And now, "Just like they did with some earlier games, Wolfire Games have now open sourced the game code for Overgrowth," reports GamingOnLinux. "[J]ump, kick, throw, and slash your way to victory.... The source code is available on GitHub. You can buy it on Humble Store and Steam."

The Overwatch site adds as a bonus that "we're also permanently reducing the game's price by a third worldwide" (so U.S. prices drop from $29.99 to $19.99).

"Only the code is getting open sourced," the announcement notes, "not the art assets or levels, the reason is that we don't want someone to build and sell Overgrowth as their own." Wolfire CEO Max Danielsson explains in a video that "you'll still have to own the game to play and mod it." "What it does mean, however, is that everyone will have full and free access to all our source code, including the engine, project files, scripts, and shaders.

"We'll be releasing it under the Apache 2.0 license, which allows you to do whatever you want with the code, including relicensing and selling it, with very few obligations. We tried to keep this easy...

"This isn't the next big engine. We don't intend to compete with any other great open source game engines like Godot, which is a great option if you're looking for a general-purpose game engine. But if you're interested in looking at what shipped game code can look like, want to look at specific code, like the procedural animation system, or if you're an Overgrowth modder who wants to make an involved total conversion mod, then this is for you.
"We have wanted to open source Overgrowth for a long time," says the announcement on Wolfire's site, "and we are incredibly grateful to our team and community for making this happen.

"We are excited to see what people do with this code and we look forward to the spirit of Overgrowth living on for another 14 years."

Dirk Hohndel gets frequently mentioned on Slashdot. He was a very early contributor to Linux (and for the last five years the chief open source officer and vice president at VMware). But he's also the guy who interviews Linus Torvalds in the keynote sessions of Open Source Summits.

Hohndel "has a well known track record with Linux going back to the 1990's," reports Phoronix, and was even a member of the Linux Foundation Board of Directors.

But they add that now Hohndel has "somewhat surprisingly has moved on to promoting a blockchain effort."

Dirk Hohndel was CTO at SUSE going back to the mid-90's before joining Intel for a fifteen year run that ended in 2016 where he was Intel's Chief Linux and Open-Source Technologist...

When Dirk left VMware unexpectedly at the beginning of the year, he wrote on LinkedIn that he felt he completed his job at the company in driving open-source transformation. He was leaving to go "look for the next opportunity, the next step in my career" and now it apparently is with blockchain. The surprising news today is that he's joined the Cardano Foundation. The Cardano Foundation is a Swiss-based foundation built around the Cardano public blockchain platform. Cardano is open-source and is the most notable proof-of-stake blockchain that was started by Ethereum co-founder Charles Hoskinson. Cardano has its own cryptocurrency, ADA....

Dirk will be serving as the Cardano Foundation's Chief Open-Source Officer.
Interestingly, Linus Torvalds appears to be less enthralled with blockchain technologies. Last year ZDNet reported on the reaction when Linux Foundation executive director Jim Zemlin suggested Torvalds sell an NFT of the 1991 email that first announced Linux to the world.

"An amused and appalled Torvalds replied, "I'm staying out of the whole craziness with crypto and NFTs. Those people are cuckoo!"

A headline at Hot Hardware calls it "a sexy Linux laptop with deep learning chops... being pitched as the world's most powerful laptop for machine learning workloads."

And here's how Ars Technica describes the Razer x Lambda Tensorbook (announced Tuesday): Made in collaboration with Lambda, the Linux-based clamshell focuses on deep-learning development. Lambda, which has been around since 2012, is a deep-learning infrastructure provider used by the US Department of Defense and "97 percent of the top research universities in the US," according to the company's announcement. Lambda's offerings include GPU clusters, servers, workstations, and cloud instances that train neural networks for various use cases, including self-driving cars, cancer detection, and drug discovery.

Dubbed "The Deep Learning Laptop," the Tensorbook has an Nvidia RTX 3080 Max-Q (16GB) and targets machine-learning engineers, especially those who lack a laptop with a discrete GPU and thus have to share a remote machine's resources, which negatively affects development.... "When you're stuck SSHing into a remote server, you don't have any of your local data or code and even have a hard time demoing your model to colleagues," Lambda co-founder and CEO Stephen Balaban said in a statement, noting that the laptop comes with PyTorch and TensorFlow for quickly training and demoing models from a local GUI interface without SSH. Lambda isn't a laptop maker, so it recruited Razer to build the machine....

While there are more powerful laptops available, the Tensorbook stands out because of its software package and Ubuntu Linux 20.04 LTS.
The Verge writes: While Razer currently offers faster CPU, GPU and screens in today's Blade lineup, it's not necessarily a bad deal if you love the design, considering how pricey Razer's laptops can be. But we've generally found that Razer's thin machines run quite hot in our reviews, and the Blade in question was no exception even with a quarter of the memory and a less powerful RTX 3060 GPU. Lambda's FAQ page does not address heat as of today.

Lambda is clearly aiming this one at prospective MacBook Pro buyers, and I don't just say that because of the silver tones. The primary hardware comparison the company touts is a 4x speedup over Apple's M1 Max in a 16-inch MacBook Pro when running TensorFlow.
Specifically, Lambda's web site claims the new laptop "delivers model training performance up to 4x faster than Apple's M1 Max, and up to 10x faster than Google Colab instances." And it credits this to the laptop's use of NVIDIA's GeForce RTX 3080 Max-Q 16GB GPU, adding that NVIDIA GPUs "are the industry standard for parallel processing, ensuring leading performance and compatibility with all machine learning frameworks and tools."

"It looks like a fine package and machine, but pricing starts at $3,499," notes Hot Hardware, adding "There's a $500 up-charge to have it configured to dual-boot Windows 10."

The Verge speculates on what this might portend for the future. "Perhaps the recently renewed interest in Linux gaming, driven by the Steam Deck, will push Razer to consider Linux for its own core products as well."

The Fedora 37 development team is considering dropping support for non-UEFI BIOS. Linuxiac reports: The Unified Extensible Firmware Interface, or UEFI, is a modern method of handling the boot process. UEFI is similar to Legacy; however, the boot data is stored in a .efi file rather than the firmware. In the case of Fedora, while the change may take some time, the new Fedora x86_64 installations will no longer work on non-UEFI platforms. On x86_64 architectures, Fedora 37 will mark legacy BIOS installation as deprecated in favor of UEFI. While systems already using Legacy BIOS to boot will continue to be supported, new Legacy BIOS installations on these architectures will be impossible.

UnknowingFool writes: Google has proposed a change on how Linux kernel handles shutdowns specifically when NVMe drives are used. The issue that Google is finding is that the current NVMe drivers use synchronous APIs when shutting down and it can take 4.5 seconds for each NVMe drive. For a system with 16 NVMe drives that could take more than a minute longer. While this is a problem that only large enterprise systems face currently, more enterprises are replacing their mechanical disk RAID servers with SSD ones.

[...] The proposed patches from Google allow for an optional asynchronous shutdown interface at the bus level. The new interface maintains backwards compatibility with the synchronous implementation. As part of the patches, all PCI Express based devices are moved to use the async interface, implements the changes at the PCIe level, and then the changes to the NVMe driver to exploit the async shutdown interface.

"Rolling Rhino is a tool long ago created by Martin Wimpress, who until recently was part of the Canonical team," one Linux blog pointed out recently. "What it does is basically change the repositories of the DailyLive developers...."

Neowin sees it as a competitive advantage. After more than 17 years, there's a way to get a Ubuntu distro offering the same "rolling" release cycles that helped popularize Arch Linux: While there are many positive qualities that would draw a user into the world of Arch, its headlining feature would be the one that remains the most relevant in today's world of continuous integration and delivery and that's its rolling release strategy. While I don't think Judd Vinet could have predicted the proliferation of DevOps or the massive shift to cloud computing, it must be interesting to see that the entire industry is following the Arch strategy in all sorts of different places. One could even argue that Microsoft Windows has become a rolling release.

While many of Arch's contemporaries have joined the fray, one notable open-source giant has yet to make the leap.

Rolling Rhino looks to change that by converting Ubuntu into a rolling release.
Thanks to Slashdot reader segaboy81 for submitting the story...

An anonymous reader quotes a report from Ars Technica: For months, a small group of volunteers has worked to get this Arch Linux-based distribution up and running on Apple Silicon Macs, adapting existing drivers and (in the case of the GPU) painstakingly writing their own. And that work is paying off -- last week, the team released its first alpha installer to the general public, and as of yesterday, the software supports the new M1 Ultra in the Mac Studio. In the current alpha, an impressive list of hardware already works, including Wi-Fi, USB 2.0 over the Thunderbolt ports (USB 3.0 only works on Macs with USB-A ports, but USB 3.0 over Thunderbolt is "coming soon"), and the built-in display. But there are still big features missing, including DisplayPort and Thunderbolt, the webcam, Bluetooth, sleep mode, and GPU acceleration. That said, regarding GPU acceleration, the developers say that the M1 is fast enough that a software-rendered Linux desktop feels faster on the M1 than a GPU-accelerated desktop feels on many other ARM chips.

Asahi's developers don't think the software will be "done," with all basic M1-series hardware and functionality supported and working out of the box, "for another year, maybe two." By then, Apple will probably have introduced another generation or two of M-series chips. But the developers are optimistic that much of the work they're doing now will continue to work on future generations of Apple hardware with relatively minimal effort. [...] If you want to try Asahi Linux on an M1 Mac, the current installer is run from the command line and requires "at least 53GB of free space" for an install with a KDE Plasma desktop. Asahi only needs about 15GB, but the installer requires you to leave at least 38GB of free space to the macOS install so that macOS system updates don't break. From there, dual-booting should work similarly to the process on Intel Macs, with the alternate OS visible from within Startup Disk or the boot picker you can launch when your start your Mac. Future updates should be installable from within your new Asahi Linux installation and shouldn't require you to reinstall from scratch.

Slashdot reader mmanciop reminded us that Ubuntu released a new version of its "circle of friends" logo this week (which its designer says gives it "a more contemporary look and feel.")

From the Ubuntu blog: We proudly present to you the transformation of the Circle of Friends logo for Ubuntu. The new logo isn't a revolution; rather, it's an evolution of the Circle of Friends. As you can see at the top of the post, the classic white-on-orange colour scheme hasn't changed. But the new version sports sleek lines which bind the Circle of Friends even more closely together.

While it is important to have a respectful continuity with the previous Circle of Friends, the updated version is leaner, more focused, more sophisticated. It also makes a little more sense that the heads are now inside the circle, facing each other and connecting more directly. The rectangular orange tag is a break from the conventional square or circle, as it allows for the boldness of the orange to express itself and provides a recognisable colourful mark across media. Finally, the logo moves from a tiny superscript to a large, dynamic and leading presence.

Some might wonder why we had to touch the Ubuntu logo at all. As one can imagine, it is a daunting honour to work on something so many of us have such a strong connection to. But in the end, a logo should match what it represents. Similar to how Ubuntu continues to evolve and adapt to new uses in technology, its logo should follow suit to encapsulate and reflect such ongoing change.
For comparison, here's the original logo.

Share your reactions in the comments. (For example, how do you think it compares to other logos?) Do you like it more or less than, say, the logo for Raku?

An anonymous Slashdot reader summarizes some important news from the web page of Jason Donenfeld (creator of the open-source VPN protocol WireGuard): The Linux kernel's random number generator has seen its first set of major improvements in over a decade, improving everything from the cryptography to the interface used. Not only does it finally retire SHA-1 in favor of BLAKE2s [in Linux kernel 5.17], but it also at long last unites '/dev/random' and '/dev/urandom' [in the upcoming Linux kernel 5.18], finally ending years of Slashdot banter and debate:

The most significant outward-facing change is that /dev/random and /dev/urandom are now exactly the same thing, with no differences between them at all, thanks to their unification in random: block in /dev/urandom. This removes a significant age-old crypto footgun, already accomplished by other operating systems eons ago. [...] The upshot is that every Internet message board disagreement on /dev/random versus /dev/urandom has now been resolved by making everybody simultaneously right! Now, for the first time, these are both the right choice to make, in addition to getrandom(0); they all return the same bytes with the same semantics. There are only right choices.
Phoronix adds: One exciting change to also note is the getrandom() system call may be a hell of a lot faster with the new kernel. The getrandom() call for obtaining random bytes is yielding much faster performance with the latest code in development. Intel's kernel test robot is seeing an 8450% improvement with the stress-ng getrandom() benchmark. Yes, an 8450% improvement.

"Asahi Linux aims to bring you a polished Linux experience on Apple Silicon Macs," explains the project's web site.

And now that first Asahi Linux alpha release is out — ready for testing on M1, M1 Pro, and M1 Max machines (except Mac Studio): We're really excited to finally take this step and start bringing Linux on Apple Silicon to everyone. This is only the beginning, and things will move even more quickly going forward!

Keep in mind that this is still a very early, alpha release. It is intended for developers and power users; if you decide to install it, we hope you will be able to help us out by filing detailed bug reports and helping debug issues. That said, we welcome everyone to give it a try — just expect things to be a bit rough.... Asahi Linux is developed by a group of volunteers, and led by marcan as his primary job. You can support him directly via Patreon and GitHub Sponsors....

Can I dual-boot macOS and Linux?

Yes! In fact, we expect you to do that, and the installer doesn't support replacing macOS at this point. This is because we have no mechanism for updating system firmware from Linux yet, and until we do it makes sense to keep a macOS install lying around for that. You can have as many macOS and Linux installs as you want, and they will all play nicely and show up in Apple's boot picker. Each Linux install acts as a self-contained OS and should not interfere with the others.

Note that keeping a macOS install around does mean you lose ~70GB of disk space (in order to allow for updates, since the macOS updater is quite inefficient). In the future we expect to have a mechanism for firmware updates from Linux and better integration, at which point we'll be comfortable recommending Linux-only setups....

Is this just Arch Linux ARM?

Pretty much! Most of our work is in the kernel and a few core support packages, and we rely on Linux's excellent existing ARM64 support. The Asahi Linux reference distro images are based off of Arch Linux ARM and simply add our own package repository, which only adds a few packages. You can freely convert between Arch Linux ARM and Asahi Linux by adding or removing this repository and the relevant packages, although vanilla Arch Linux ARM kernels will not boot on these machines at this time.
The project's home page adds that "All contributors are welcome, of any skill level!"

"Doing this requires a tremendous amount of work, as Apple Silicon is an entirely undocumented platform," the team explains. "In particular, we will be reverse engineering the Apple GPU architecture and developing an open-source driver for it." But they're already documenting the Apple Silicon platform on their GitHub wiki. We will eventually release a remix of Arch Linux ARM, packaged for installation by end-users, as a distribution of the same name. The majority of the work resides in hardware support, drivers, and tools, and it will be upstreamed to the relevant projects....

Apple allows booting unsigned/custom kernels on Apple Silicon Macs without a jailbreak! This isn't a hack or an omission, but an actual feature that Apple built into these devices. That means that, unlike iOS devices, Apple does not intend to lock down what OS you can use on Macs (though they probably won't help with the development). As long as no code is taken from macOS to build the Linux support, the result is completely legal to distribute and for end-users to use, as it would not be a derivative work of macOS.
An interesting observataion from Slashdot reader mrwireless: It once again seems Apple is informally supportive of these efforts, as the recent release of OS Monterey 12.3 makes the process even simpler. As Twitter user Matthew Garrett writes:

"People who hate UEFI should read https://github.com/AsahiLinux/... — Apple made deliberate design choices that allow third party OSes to run on M1 hardware without compromising security, and with much less closed code than on basically any modern x86."

Sophos threat researcher Nick Gregory discovered a hole in Linux's netfilter firewall program that's "exploitable to achieve kernel code execution (via ROP [return-oriented programming]), giving full local privilege escalation, container escape, whatever you want." ZDNet reports: Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. [...] This problem exists because netfilter doesn't handle its hardware offload feature correctly. A local, unprivileged attacker can use this to cause a denial-of-service (DoS), execute arbitrary code, and cause general mayhem. Adding insult to injury, this works even if the hardware being attacked doesn't have offload functionality! That's because, as Gregory wrote to a security list, "Despite being in code dealing with hardware offload, this is reachable when targeting network devices that don't have offload functionality (e.g. lo) as the bug is triggered before the rule creation fails."

This vulnerability is present in the Linux kernel versions 5.4 through 5.6.10. It's listed as Common Vulnerabilities and Exposures (CVE-2022-25636), and with a Common Vulnerability Scoring System (CVSS) score of 7.8), this is a real badie. How bad? In its advisory, Red Hat said, "This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat." So, yes, this is bad. Worse still, it affects recent major distribution releases such as Red Hat Enterprise Linux (RHEL) 8.x; Debian Bullseye; Ubuntu Linux, and SUSE Linux Enterprise 15.3. While the Linux kernel netfilter patch has been made, the patch isn't available yet in all distribution releases.

juul_advocate shares a report from iTWire: A developer who had more than two decades of service in the Debian GNU/Linux project was stripped of his status in December leading to him deciding to leave the project. Norbert Preining told iTWire in response to a query he decided that having been graded down to Debian maintainer was not something he wanted after all these years. He has now joined the Arch Linux project.

Preining said what basically happened was that the [Debian account manager (DAM) team] thought he was bullying members of the project. "I guess they are referring to my run-in with Martina Ferrari where she called me out in very strange and unfounded ways, which started a long lasting disagreement between her and me, and the blog post about Lars [Wirzenius, a project member] which was nothing more than a selection of quotes from Lars' own blogs," he added.

"Anyway, these were all old things, but DAM still prefers to paint me in the light of 'You have been bullying members of the project for years' (quote from Enrico Zini on the debian-private mailing list) and that I cannot communicate with the Community Team, which back then included Martina, and which has again hit me in the back by allowing other members in Debian (I refrain from naming them here, but will do in my blog post) to bully me, even in unrelated forums and on IRC. The bottom line is that Martina, Lars, and those others are close friends of DAM and CT [community team] and the 'leading circle' in Debian, and thus it seems that they are exempted from adhering to the same community standards." Preining said the situation that led to his demotion was "more or less" about political correctness, adding that he'll explain more about the events in a blog post later on.

"Arch Linux, the rolling Linux distribution that powers Valve's Steam Deck is now 20 years old," reports Neowin.

Slashdot reader segaboy81 writes that "What's cool to see here is that everything changed behind the scenes, but on the surface, things are the same." From the article: Announced on March 11th, 2002, and codenamed Homer, version 0.1 was released to minor fanfare. The release notes were a far cry from today's, essentially announcing it had broken ground and the foundation was going in, as it were.

Homer's release notes:

I've finally got a bootable iso image on the ftp site. The bad news is that you don't get a pretty interactive installer. But if you wanted one of those, you would have gone with RedHat, right? ;)

I'll try to get the docs up for ABS (Arch Build System) which, IMHO, is one of the best advantages of Arch. With ABS, you can easily create new packages, and it's trivial to rebuild existing packages with your own customizations....

It shipped with Linux kernel 2.4.18 which many of the Linux old-timers (myself included) will remember was right before we started to get nice things like auto-mounting USB drives in kernel 2.6. XFree86 4.2.0 was also in stow, which is what we now call Xorg. If you wanted to build software, you had to use an absolutely ancient gcc toolchain (2.95.3). Web browsing was covered by the ghost of Netscape Navigator, Mozilla 0.9.9. Heady days, these were!

Red Hat, the Raleigh-based open-source software company, said Tuesday it is halting all sales and services to companies in Russia and Belarus -- a response to the Russian invasion of Ukraine that has put Red Hat employees in harm's way. Raleigh News & Observer reports: Paul Cormier, Red Hat's chief executive officer, announced the decision in an email to employees, saying: "As a company, we stand in unity with everyone affected by the violence and condemn the Russian military's invasion of Ukraine." Red Hat's announcement comes a day after its parent company, IBM, which also has a large presence in the Triangle, suspended all business operations in Russia.

"While relevant sanctions must guide many of our actions, we've taken additional measures as a company," Cormier wrote. "Effective immediately, Red Hat is discontinuing sales and services in Russia and Belarus (for both organizations located in or headquartered in Russia or Belarus)." Red Hat said it has approximately two dozen employees in Ukraine, which has become an important tech hub in Eastern Europe in recent years. It is home to tens of thousands of contractors and employees for U.S. firms. In his email, Cormier said that Red Hat has helped dozens of employees and family members in Ukraine relocate to safer locations. Many of them have gone to neighboring Poland, he noted. [...] However, Ukraine has barred men ages 18 to 60 from leaving the country, meaning many of Red Hat's employees can't be relocated from the country. We "continue to help those who remain in the country in any way possible," Cormier wrote.

Cognitive Dissident writes: Ars Technica is reporting a major new vulnerability in Linux. Named "Dirty Pipeline" it involves abuse of 'pipes' at the shell level as you might guess.

An anonymous reader quotes a report from The Verge: When will Bungie let Destiny 2 come to Valve's Steam Deck handheld gaming PC? It's looking like the answer is never -- because the soon-to-be Sony subsidiary has published a help page that not only says the game's unsupported, but outright threatens to ban prospective Steam Deck players (via Wario64). The help page has a new section titled "Steam Deck and Destiny 2," which reads: "Destiny 2 is not supported for play on the Steam Deck or on any system utilizing Steam Play's Proton unless Windows is installed and running. Players who attempt to launch Destiny 2 on the Steam Deck through SteamOS or Proton will be unable to enter the game and will be returned to their game library after a short time. Players who attempt to bypass Destiny 2 incompatibility will be met with a game ban."

To be fair, Bungie isn't the only one to reject the Steam Deck without necessarily providing a satisfying explanation -- Epic Games CEO Tim Sweeney explained to me why Fortnite won't get updated for the Steam Deck last month, even though Epic's own Easy Anti-Cheat (EAC) claims game developers can enable it with "just a few clicks." And while both Apex Legends and Elden Ring now fully work on Deck despite using anti-cheat, it's also true that many other top multiplayer games have yet to fully arrive.

"We all know Linux is written in C," writes ZDNet. "What you may not know is that it's written in a long-outdated C dialect: The 1989 version of the C language standard, C89."

But that's about to change, explains long-time Slashdot reader UnknowingFool: Linus Torvalds has decided that Linux will move to the C11 standard starting with kernel 5.18.... Linux had planned to move to a newer standard eventually with C99 being the next version. However a recent patch to a security problem revealed that there could be problems with C99.

In order to patch a potential security problem with Linux's linked-list primitive speculative-execution functions, it was found that C99 would require the iterator must be declared outside the loop which would expose it to another security problem. Since C99 was not very popular, it was agreed to skip it and use C11. Backwards compatibility with most compilers like gcc should allow for an easily transition of most of the code.
ZDNet adds that "This isn't as big a transition as it may seem. C89 still has almost universal support. Because any C compiler is backward compatible with earlier versions, you won't have any trouble compiling or running a C89 program. So, a C11 compliant compiler won't have any trouble with any C89 legacy code."

Intel has acquired Linutronix, the German-based Linux consulting firm that is focused on embedded Linux and real-time computing. From a report: Intel's acquisition of Linutronix appears to be primarily focused as an acqui-hire with getting Linutronix's very talented staff at Intel. Among the prominent Linutronix engineers is their CTO Thomas Gleixner as a longtime kernel maintainer and important contributor on the x86 side, including with Linux's CPU security mitigations and perhaps most notably for the real-time (PREEMPT_RT) work.

UnknowingFool writes: Linux kernel developers have discussed on the kernel developers forum to remove ReiserFS from the kernel starting in 2022. ReiserFS was added as Linux's first journaling file system 21 years ago with SUSE using it as the default filesystem until 2006. However, since Hans Reiser was sent to jail 15 years ago for murder, there has not been much development or interest in it. Noting that there have been no user-spotted fixes since 2019, longtime kernel developer Matthew Wilcox also cited that ReiserFS was only block for some kernel changes he wished to implement. These days there are better alternatives like EXT4, Btrfs, XFS, and OpenZFS.

Linux programmers fixed bugs faster than anyone — in an average of just 25 days (improving from 32 days in 2019 to just 15 in 2021). That's the conclusion of Google's "Project Zero" security research team, which studied the speed of bug-fixing from January 2019 to December 2021.

ZDNet reports that Linux's competition "didn't do nearly as well." For instance, Apple, 69 days; Google, 44 days; and Mozilla, 46 days. Coming in at the bottom was Microsoft, 83 days, and Oracle, albeit with only a handful of security problems, with 109 days.

By Project Zero's count, others, which included primarily open-source organizations and companies such as Apache, Canonical, Github, and Kubernetes, came in with a respectable 44 days.

Generally, everyone's getting faster at fixing security bugs. In 2021, vendors took an average of 52 days to fix reported security vulnerabilities. Only three years ago the average was 80 days. In particular, the Project Zero crew noted that Microsoft, Apple, and Linux all significantly reduced their time to fix over the last two years.

As for mobile operating systems, Apple iOS with an average of 70 days is a nose better than Android with its 72 days. On the other hand, iOS had far more bugs, 72, than Android with its 10 problems.

Browsers problems are also being fixed at a faster pace. Chrome fixed its 40 problems with an average of just under 30 days. Mozilla Firefox, with a mere 8 security holes, patched them in an average of 37.8 days. Webkit, Apple's web browser engine, which is primarily used by Safari, has a much poorer track record. Webkit's programmers take an average of over 72 days to fix bugs.

ZDNet reports: Cyber criminals are increasingly targeting Linux servers and cloud infrastructure to launch ransomware campaigns, cryptojacking attacks and other illicit activity — and many organisations are leaving themselves open to attacks because Linux infrastructure is misconfigured or poorly managed. Analysis from cybersecurity researchers at VMware warns that malware targeting Linux-based systems is increasing in volume and complexity, while there's also a lack of focus on managing and detecting threats against them.

This comes after an increase in the use of enterprises relying on cloud-based services because of the rise of hybrid working, with Linux the most common operating system in these environments. That rise has opened new avenues that cyber criminals can exploit to compromise enterprise networks, as detailed by the research paper, including ransomware and cryptojacking attacks tailored to target Linux servers in environments that might not be as strictly monitored as those running Windows. These attacks are designed for maximum impact, as the cyber criminals look to compromise as much as the network as possible before triggering the encryption process and ultimately demanding a ransom for the decryption key.

The report warns that ransomware has evolved to target Linux host images used to spin up workloads in virtualised environments, enabling the attackers to simultaneously encrypt vast swathes of the network and make incident response more difficult. The attacks on cloud environments also result in attackers stealing information from servers, which they threaten to publish if they're not paid a ransom.... Cryptojacking and other malware attacks are also increasingly targeting Linux servers. Cryptojacking malware steals processing power from CPUs and servers in order to mine for cryptocurrency....

Many of the cyberattacks targeting Linux environments are still relatively unsophisticated when compared with equivalent attacks targeting Windows systems — that means that with the correct approach to monitoring and securing Linux-based systems, many of these attacks can be prevented. That includes cybersecurity hygiene procedures such as ensuring default passwords aren't in use and avoiding sharing one account across multiple users.

The Linux 5.18 kernel is adding support this spring for the Intel Hardware Feedback Interface to make better decisions about where to place given work among available CPU cores/threads, reports Phoronix.

This is significant because Intel's Alder Lake CPUs "are the first x86-64 processors to embrace a hybrid paradigm with two separate CPU architectures on the same die," explains Hot Hardware: These two separate CPU architectures have different strengths and capabilities. The Golden Cove "performance cores" (or P-cores) feature Intel's latest high-performance desktop CPU architecture, and they are blisteringly fast. Meanwhile, the Gracemont "efficiency cores" (or E-cores) are so small that four of them, along with 2MB of shared L2 cache, can nearly fit in the same space as a single Golden Cove core. They're slower than the Golden Cove cores, but also much more efficient, at least in theory.

The idea is that background tasks and light workloads can be run on the E-cores, saving power, while latency-sensitive and compute-intensive tasks can be run on the faster P-cores. The benefits of this may not have been exactly as clear as Intel would have liked on Windows, but they were even less visible on Linux. That's because Linux isn't aware of the unusual configuration of Alder Lake CPUs.

Well, that's changing in Linux 5.18, slated for release this spring. Linux 5.18 is bringing support for the Intel Enhanced Hardware Feedback Interface, or EHFI...

This is essentially the crux of Intel's "Thread Director," which is an intelligent, low-latency hardware-assisted scheduler.

Liliputing reports: When Valve's Steam Deck begins shipping to customers later this month, the handheld gaming PC will be running a Linux-based operating system called Steam OS. And that could give gaming on Linux a bit of a boost.

While Valve's game client has been able to run on Linux for years, as of last month just over 1% of Steam users were running Linux (and fewer than 3% were using macOS, with Windows holding a 96% share). It'll be interesting to see if that starts to change once the Steam Deck hits the streets. And if it does, maybe we'll see more game makers add support for Linux... but one of the most popular games around isn't going to add Linux support anytime soon: Epic CEO Tim Sweeney says the company has no plans to port Fortnite to Linux.

He says it's because Epic doesn't "have confidence that we'd be able to combat cheating at scale under a wide array of kernel configurations including custom ones," but it's an interesting take since Epic has already ported its anti-cheat software to support Mac and Linux devices including the Steam Deck.

ZDNet reporter Steven Vaughan-Nichols has solved the mystery of whether Linus Torvalds is Bitcoin creator Satoshi Nakamoto: no.

But what's interesting is why the reporter had to ask in the first place: In a GitHub Linux kernel repository, it appeared Torvalds had changed a single line in the Linux Kernel. The change: 'Name = I am Satoshi....' Torvalds himself has been suspected of being Nakamoto several times over the years. But no one who knows him well, and I consider myself one of those, have ever thought he was the Bitcoin mastermind. It's just so, so not Linus.

So, while many people were discussing the "evidence," I decided just to ask Linus. Here's what he had to say.

"I'm afraid that is just a jokester taking advantage of how GitHub works — it shares git objects between different repositories, so you can use the SHA1 'name' of an object to specify something you did in your own tree, and then use my repository as the web name, and make it look like your object is in my tree...." Torvalds went on, "So the "torvalds/linux" part of that URL is basically just empty noise, designed to fool people into thinking it's in my tree. You could replace it with [another] GitHub repository name — the actual relevant part is just the SHA1 hash part...."

"So no," Torvalds concluded, "I'm sadly not the owner of a huge stash of original bitcoins."

And, there you have it, folks. Nakamoto's real identity remains a secret.
Late last year Vaughan-Nichols also reported on what happened when Linux Foundation executive director Jim Zemlin suggested Torvalds sell an NFT of the 1991 email that first announced Linux to the world .

"An amused and appalled Torvalds replied, "I'm staying out of the whole craziness with crypto and NFTs. Those people are cuckoo!"

slack_justyb writes: "Quietly making its v1.0 debut yesterday was system76-scheduler as a Rust-written daemon aiming to improve Linux desktop responsiveness and catering to their Pop!_OS distribution," reports Phoronix.

The daemon will work with the kernel's CFS scheduler to give priority to components that System76 deems important for its distro. Out of the box, the scheduler will assign priority to the X.Org Server and desktop window managers/compositors, while pushing compilers and other background tasks lower. However, the scheduler will be configurable via Rusty Object Notation (RON) files found in /etc/system76-scheduler/assignments/ and /usr/share/system76-scheduler/assignments/.

Over on the GitHub page for the project, the team indicates that they are indeed making a trade-off from the default CFS to benefit Desktop configurations over the typical load a server might see.

Slashdot reader sombragris writes: Slackware, the oldest actively maintained Linux distribution, released version 15.0 yesterday after a long release cycle that goes all the way back to 2016 where the last version (14.2) was released. According to the release notes, the whole spirit of this release is: "Keep it familiar, but make it modern."

Among the news, this release offers kernel 5.15.19, PAM, PipeWire and PulseAudio, Wayland and X11 graphical systems, and Rust and Python 3. As graphical environments, both Xfce 4.16 and the latest Plasma 5 (Plasma 5.23.5, Frameworks 5.90, KDE apps 21.12 running under Qt 5.15.3) are available, with Cinnamon and Mate also available from third parties. The main compilers are gcc-11.2 and llvm 13.0. The default browser is Firefox 91.5esr, with Chromium available as a third-party repository. And... no systemd at all.

Slackware can be downloaded from a variety of mirrors. BitTorrent downloads are going to be available too. I've used Slackware for 20 years and it's always impressed me with its stability and speed. I encourage everyone interested to try it. Slashdot readers arfonrg and saxa also shared the news.

An anonymous reader quotes a report from ZDNet: [S]ecurity company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034. Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution. This vulnerability is easy to exploit. And, with it, any ordinary user can gain full root privileges on a vulnerable computer by exploiting this vulnerability in its default configuration. As Qualsys wrote in its brief description of the problem: "This vulnerability is an attacker's dream come true." Why is it so bad? Let us count the ways:

- Pkexec is installed by default on all major Linux distributions.
- Qualsys has exploited Ubuntu, Debian, Fedora, and CentOS in their tests, and they're sure other distributions are also exploitable.
- Pkexec has been vulnerable since its creation in May 2009 (commit c8c3d83, "Add a pkexec(1) command").
- An unprivileged local user can exploit this vulnerability to get full root privileges.
- Although this vulnerability is technically a memory corruption, it is exploitable instantly and reliably in an architecture-independent way.
- And, last but not least, it's exploitable even if the polkit daemon itself is not running.

Red Hat rates the PwnKit as having a Common Vulnerability Scoring System (CVSS) score of 7.8. This is high. [...] This vulnerability, which has been hiding in plain sight for 12+ years, is a problem with how pkexec reads environmental variables. The short version, according to Qualsys, is: "If our PATH is "PATH=name=.", and if the directory "name=." exists and contains an executable file named "value", then a pointer to the string "name=./value" is written out-of-bounds to envp[0]." While Qualsys won't be releasing a demonstration exploit, the company is sure it won't take long for exploits to be available. Frankly, it's not that hard to create a PwnKit attack. It's recommended that you obtain and apply a patch ASAP to protect yourself from this vulnerability.

"If no patches are available for your operating system, you can remove the SUID-bit from pkexec as a temporary mitigation," adds ZDNet. "For example, this root-powered shell command will stop attacks: # chmod 0755 /usr/bin/pkexec."

The Linux Foundation has released three new training courses on the edX platform: Open Source Software Development: Linux for Developers (LFD107x), Linux Tools for Software Development (LFD108x), and Git for Distributed Software Development (LFD109x). The three courses can be taken individually or combined to earn a Professional Certificate in Open Source Software Development, Linux, and Git. ZDNet reports: The first class, Open Source Software Development: Linux for Developers (LFD107x) explores the key concepts of developing open-source software and how to work productively in Linux. You don't need to know Linux before starting this class, as it's an introduction to Linux designed for developers. In it, you'll learn how to install Linux and programs, how to use desktop environments, text editors, important commands and utilities, command shells and scripts, filesystems, and compilers. For this class, the Foundation recommends you use a computer installed with a current Linux distribution. I'd go further and recommend you use one with one of the professional Linux distributions. In particular, you should focus on one of the three main enterprise Linux families: Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), and Ubuntu. There are hundreds of other distros, but these are the ones that matter to companies looking for Linux developers.

The next course, Linux Tools for Software Development (LFD108x) examines the tools necessary to do everyday work in Linux development environments and beyond. It is designed for developers with experience working on any operating system who want to understand the basics of open-source development. Upon completion, participants will be familiar with essential shell tools, so they can work comfortably and productively in Linux environments. In addition, I recommend you come to this class with a working knowledge of the C programming language.

Finally, Git for Distributed Software Development (LFD109x) provides a thorough introduction to Git. Git is Linux Torvalds' other great accomplishment. This source control system was first used by the Linux kernel community to enable developers from around the world to operate efficiently. In addition, thanks to such sites as GitHub and GitLab, Git has become the lingua franca of all software development. Everyone uses Git today. With this class, you'll learn to use Git to create new repositories or clone existing ones, commit new changes, review revision histories, examine differences with older versions, work with different branches, merge repositories, and work with a distributed development team. Whether or not you end up programming in Linux, knowing how to use Git is essential for the modern programmer. As ZDNet's Steven Vaughan-Nichols notes, you can take the three courses through edX in audit mode for no cost. However, you'll need to earn the professional certificate so employers will know you're capable of open-source programming.

"To do this, you must enroll in the program, complete all three courses, and pay a verified certificate fee of $149 per course."

How popular is Linux? The Windows Central site admits Linux is starting to tempt them. "It made such an imprint on Windows Central that not all of us even bother much with Windows anymore."

"Heck, Germany (part of it, to be specific) is taking another stab at ditching Windows for Linux..."

But what are the odds really that Linux overtakes Windows' market share? "That is the tantalizing question at the kernelled core of the great Linux debate, and it's the one we reached out to analysts to hear their thoughts on...." Every year is a special year for Linux in some way, shape, or form, but in terms of eating Windows' lunch, that's probably not in the cards for a long time, if ever.

Forrester Senior Analyst Andrew Hewitt gave figures to further bolster the argument that Linux is a long ways off from toppling Windows. "Overall, just 1% of employees report usage of Linux on their primary laptop used for work," he said. "That's compared to 60% that still use Windows, and small numbers that use Chrome OS and macOS on a global basis. It is very unlikely that Linux will overtake Windows as the main operating system."

With that said, Hewitt did foresee diversification and growth when it came to Linux, Chrome OS, and macOS, but nothing to a degree that would signal Windows is at risk of losing its dominant market share.

"We commonly see Linux used in Virtual Desktop Infrastructure (VDI) deployments," he stated, mentioning that he'd expect growth there since "VDI has grown 2% year over year according to our 'State Of VDI, 2021' report."
Gartner VP Analyst Steve Kleynhans also tells the site that the biggest challenge to Windows "on anything that looks like a PC is probably Chrome OS... Could Linux continue to grow? Yes. But it's not likely to grow as a direct competitor replacing Windows."

An anonymous reader quotes a report from Ars Technica: Pine64 is launching a major hardware upgrade in its quest to build a Linux smartphone. After the launch of the original PinePhone in 2019, the organization is now taking preorders for the PinePhone Pro, a new smartphone it's calling "the fastest mainline Linux smartphone on the market." The phone was announced in October, and you can now secure a unit. The MSRP is $599, but it's up for preorder now at an introductory price of $399.

Since Pine64 wants to make an open source Linux smartphone, its choice of hardware components is limited. Most big chip companies like Qualcomm or Samsung don't want to share open drivers or schematics, and you saw that with the original PinePhone, which was based on a 40 nm Cortex A53 SoC made by Allwinner. The PinePhone Pro is upgrading things with a Rockchip RK3399 SoC. The chip sports two Cortex A72 CPUs and four Cortex A53 CPUs, and Pine64 says it worked with Rockchip to get the chip "binned and voltage locked for optimal performance with sustainable power and thermal limits." Pine64 doesn't cite a process node, but other companies list the RK3399 at 28 nm. If that's true and you're looking for something roughly comparable in Qualcomm's lineup, the Snapdragon 618/650 (a mid-range chip from 2016) would seem to fit the bill.

The phone has a 6-inch, 1440x720 LCD, 4GB of RAM, 128GB of eMMC storage, and a 3,000 mAh battery. There's a USB-C port with 15 W charging, a headphone jack, a 13MP main camera, and an 8MP front camera. The back cover pops off, and inside the phone, you'll find a removable battery (whoa!), a microSD slot, pogo pins, and a series of privacy DIP switches that let you kill the modem, Wi-Fi/Bluetooth, microphone, rear camera, front camera, and headphones. The pogo pins support a variety of attachable backs, which are compatible with both the original PinePhone and the PinePhone Pro. [...] As for the software you'll be running on this thing, that's up to you. This is a phone for the Linux enthusiast who is willing to deal with some rough edges. It ships with Manjaro Arm and the Plasma Mobile interface, which Pine64 calls "pre-beta."

The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks. BleepingComputer reports: A Crowdstrike report looking into the attack data from 2021 summarizes the following:

- In 2021, there was a 35% rise in malware targeting Linux systems compared to 2020.
- XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all Linux-targeting malware attacks observed in 2021.
- Mozi, in particular, had explosive growth in its activity, with ten times more samples circulating in the wild the year that passed compared to the previous one.
- XorDDoS also had a notable year-over-year increase of 123%.
[...]
The Crowstrike findings aren't surprising as they confirm an ongoing trend that emerged in previous years. For example, an Intezer report analyzing 2020 stats found that Linux malware families increased by 40% in 2020 compared to the previous year. In the first six months of 2020, a steep rise of 500% in Golang malware was recorded, showing that malware authors were looking for ways to make their code run on multiple platforms. This programming, and by extension, targeting trend, has already been confirmed in early 2022 cases and is likely to continue unabated.

"Linux fans rejoice!" writes Hot Hardware. " Pine64's newest smartphone is officially available for pre-order." PinePhone Pro Explorer Edition pre-orders opened up Tuesday. Devices that are pre-ordered before January 18th will be shipped from Pine64's Hong Kong warehouse by January 24th and should arrive by early February.... According to Pine64, the PinePhone Pro Explorer Edition is the "fastest mainline Linux smartphone on the market." It uses a Rockchip RK3399S SoC that is composed of two ARM A72 cores (1.5GHz) and four A53 efficiency cores (1.5GHz)....

Consumers will also likely be pleased with the price of the device. The PinePhone Pro Explorer Edition currently rings in at $399 USD. The production run is purportedly "large" and interested consumers should therefore be able to easily purchase the device at this price.
Liliputing adds: While the PinePhone Pro has better hardware than the original PinePhone, Pine64 plans to continue selling both phones indefinitely. The first-gen phone will continue to sell for $150 to $200, offering an entry-level option for folks that want to experiment with mobile Linux, while the higher-priced PinePhone Pro should offer a hardware experience closer to what folks would expect from a modern mid-range phone....

In addition to the PinePhone Keyboard, the recently launched PinePhone wireless charging case, fingerprint reader case, and LoRa cases should all work with either phone.

But the new phone has a faster processor, more memory and storage, higher-resolution cameras, a higher-speed USB-C port and support for WiFi 5 and Bluetooth 4.1. And those features should make it a little more viable as a replacement for an iPhone or Android device... if you're comfortable running work-in-progress software.
They also add that "Thanks to the recent launch of the $50 PinePhone Keyboard, you can also think of the PinePhone Pro as a $400 phone that can be used as a $449 mini-laptop...."

And the Pine64 site's January update also points out that "Pico 8 Raspberry Pi port works on the PinePhone," adding "yes, it does run DOOM."

Earlier this year TechRepublic argued that while 2021 wasn't the year of the Linux desktop, "there was no denying the continued dominance of Linux in the enterprise space and the very slow (and subtle) growth of Linux on the desktop. And in just about every space (minus the smartphone arena), Linux made some serious gains."

So would 2022 be the year of the Linux desktop? "Probably not."

But developer Tim Wells honestly believes we're getting closer: The idea of the year of the Linux desktop is that there would come a year that the free and open source operating system would reach a stage that the average user could install and use it on their pc without running into problems. Linus Sebastian from Linus Tech Tips recently did an experiment where he installed Linux on his home PC for one month to see if he could use it not only for everyday tasks, but for gaming and also streaming. Ultimately he concluded (in a video just released) that this year will not be the year of the Linux desktop and that while doing everyday stuff was reasonably okay, the state of gaming on Linux (despite Valve's lofty goals) is to put it simply, a shit-show. (That's my word, not his)... The experiment done by Linus seems to show that while some games do indeed run well using [Valve's Windows compatibility layer] Proton, there are just as many that run with issues. Some of those issues can be game breaking. Such as the game running, but its multiplayer functionality not working at all. Some games just plain don't work at all due to dependencies on services such as Easy Anti Cheat...

In his video Linus mentions that the main problem preventing the "year of the Linux desktop" is the fragmentation. By fragmentation, he means the range of available distributions and the fact that each distribution has (potentially) different versions of libraries and drivers and software that makes the behind the scenes operate.... Flatpak and Snap as well as AppImage are making progress towards fixing this fragmentation issue, but those are not yet perfect either. Flatpak works by ensuring that the expected versions of libraries required for that software are installed along side it and independent of the existing library the distro may provide...

Valve have said that the Steamdeck will also use an immutable core operating system for the same reasons.

So while Linus is sure that 2022 isn't yet the year of the Linux desktop and that fragmentation is the biggest problem. I think maybe, just maybe, we're closer to solving those problems and closer perhaps to the year of the Linux desktop that some might realise.

An anonymous reader quotes a report from Ars Technica: Humble, the bundle-centric games retailer that launched with expansive Mac and Linux support in 2010, will soon shift a major component of its business to Windows-only gaming. The retailer's monthly subscription service, Humble Choice, previously offered a number of price tiers; the more you paid, the more new games you could claim in a given month. Starting February 1, Humble Choice will include less choice, as it will only offer a single $12/month tier, complete with a few new game giveaways per month and ongoing access to two collections of games: Humble's existing "Trove" collection of classic games, and a brand-new "Humble Games Collection" of more modern titles.

But this shift in subscription strategy comes with a new, unfortunate requirement: an entirely new launcher app, which must be used to access and download Humble Trove and Humble Games Collection games going forward. Worse, this app will be Windows-only. Current subscribers have been given an abrupt countdown warning (as spotted by NeoWin). Those subscribers have until January 31 to use the existing website interface to download DRM-free copies of any games' Mac or Linux versions. Starting February 1, subscription-specific downloads will be taken off the site, and Mac and Linux versions in particular will disappear altogether. Interestingly, the current Trove library consists of 79 games, but Humble says that the Trove collection will include "50+ games" starting February 1. This week's warning to Humble's Mac and Linux subscribers notes that "many" of the current Trove games will appear on the Humble Launcher, which is likely a nice way of saying that some of the existing games will not -- perhaps around 20 or so, based on the aforementioned numbers. Despite these changes, Trove's selection of games will remain DRM-free. FAQs about the Humble Launcher suggest that subscribers can download Trove files and continue accessing them in DRM-free fashion, no Humble Launcher or ongoing subscription required. The same promise has not been made for the more modern game collection found in the new Humble Games Collection.

Brian Fagioli, reporting for BetaNews: The developers of the Ubuntu-based operating system have agreed to accept an undisclosed amount of money from Mozilla in exchange for making significant changes to Linux Mint. This includes removal of modifications to Firefox and a big change for search. The devs share the upcoming changes to Firefox in Linux Mint 19 and higher.
The default start page no longer points to https://www.linuxmint.com/start/
The default search engines no longer include Linux Mint search partners (Yahoo, DuckDuckGo...) but Mozilla search partners (Google, Amazon, Bing, DuckDuckGo, Ebay...)
The default configuration switches from Mint defaults to Mozilla defaults.
Firefox no longer includes code changes or patches from Linux Mint, Debian or Ubuntu.

Another 12 months gone by, and with it nearly 8,000 new Slashdot headlines — so which ones drew the most views?

Click here for lists of Slashdot's top 10 most-visited and most-commented stories of the year — and also the all-time top 10 lists since Slashdot's creation in 1997.

Here's some of 2021's highlights:

• Two of this year's most-visited stories involved Linus Torvalds. (Although one just reported Torvalds "Tells Anti-Vaxxer To Shut Up On Linux Mailing List.") Another story in April found Torvalds saying Rust was at least closer to use in Linux kernel development — while also calling C++ "a crap language."

• One of the biggest stories of the year was Richard Stallman's return to the Free Software Foundation. The third most-visited story of the year covered the pushback against his return from the EFF, the Tor Project, Mozilla, and the creator of Rust.

• Remember that big electrical outage that left millions of Texans without power in the middle of a winter storm? As the crisis was still raging, CNN asked the million-dollar question: who's actually to blame? This became Slashdot's 9th most-visited story of the year — and also the 7th most-commented.

• Two of the 10 most-visited stories of the year were "Ask Slashdot" technical questions: In April RockDoctor (Slashdot reader #15,477) asked whether a software RAID is better than a hardware RAID? And in January of 2020 Slashdot reader lsllll asked for suggestions on a a battery-powered wi-fi security camera supporting FTP/SMB
  
  Interestingly, one of the year's most-commented poll topics had asked whether bitcoin would break $100,000 before the end of 2021. 4,951 voters — a full 25% — had said "Yes" — and were off by more than half, with bitcoin actually tumbling 8% in the last week of 2021 to wind up somewhere near $46,371 as of late Friday afternoon.
  
  At the time of the poll — October 8th — the price of Bitcoin was already up to $53,963. One month later it had reached it's highest price of 2021 — $67,582 — before dropping 31.7% over the next 53 days.
  
  In the October poll asking whether bitcoin would reach $100,000 in the final 84 days of 2021 — another 14,687 Slashdot readers voted "No."

Phoronix reports: The Linux 5.17 kernel when it kicks off next month is slated to introduce a new driver "x86-android-tablets" just for dealing with all the quirky/buggy x86 tablets out there.

Longtime Linux developer Hans de Goede of Red Hat has been responsible for numerous x86 laptop/tablet improvements in recent years along with other desktop-related improvements at Red Hat. He has now queued up into the x86 platform drivers tree the x86-android-tablets driver he wrote for dealing with the mess of x86 (mostly Android) tablets that don't behave properly out-of-the-box with Linux.

As part of the ACPI DSDT (Differentiated System Description Table), many x86 tablets have simply invalid entries and other problems that cause issue when trying to run mainline Linux on said hardware. Hans explains as part of the commit currently in the platform-drivers-x86 "for-next" branch....

"This driver, which loads only on affected models based on DMI matching, adds DMI based instantiating of kernel devices for devices which are missing from the DSDT, fixing e.g. battery monitoring, touchpads and/or accelerometers not working."

This new x86-android-tablets driver will basically be a catch-all solution for overrides based on device matching. Hans ended the patch message with, "This is the least ugly option to get these devices to fully work and to do so without adding any extra code to the main kernel image (vmlinuz) when built as a module."

71-year-old Jon "maddog" Hall has been involved with Linux from the very beginning, and for Christmas shared two of the earliest recordings ever made of young Linus Torvalds speaking about Linux — recordings long thought to be lost.

Hall shares the story at Archive.org. In February of 1994 the chair of a user group for the Digital Equipment Computer Users' Society "started sending emails (and copying me for some reason) about wanting to bring this person I had never heard about from Finland (of all places) to talk about a project that did not even run on Ultrix or DEC/OSF1.... After many emails and no luck in raising money for this trip I took mercy...and asked my management to fund the trip. I sat down to use it, and was amazed. It was good. It was very, very good."

24-year-old Torvalds was giving his first talks ever at a major conference — this one attended by 19,000 people — and he was nervous. In the end only 40 people showed up for "An Introduction to Linux" and "Implementation Issues in Linux", but Hall remembers that "there was great applause." Unfortunately the talks that Linus gave were lost.

Until now.

As I was cleaning my office I found some audio tapes made of Linus' talk, and which I purchased with my own money. Now, to make your present, I had to buy a good audio tape playback machine and capture the audio in Audacity, then produce a digital copy of those tapes, which are listed here...

Here is your Christmas present, from close to three decades ago. Happy Linuxing" to all, no matter what your religion or creed.

75% of the top 1,000 games run on Linux now, and the figure is even higher, at 80%, for the top 100 games. gHacks reports: Valve Software, the company behind the popular Steam gaming platform and smash hits such as Dota 2, Half-Life and Team Fortress, announced plans in 2018 to improve Windows game support for Linux. [...] The independent database protondb keeps track of compatibility using user reports. Compatibility has improved significantly in recent years. The site highlights compatibility for the top 10, top 100 and top 1000 games on Steam.

75% of the top 1000 games run on Linux now, and the figure is even higher, at 80%, for the top 100 games. Only the top 10 games are not well represented, as only 40% of them run on Linux without major issues according to the database. Users have submitted more than 150,000 reports for over 21,000 games to the site. Of these 21,000 games, more than 17,600 are working according to the site. Games on the database are ranked using a medal system. Platinum and Gold rated games run perfectly, and silver games may have minor issues. Bronze games may crash or have serious issues. Borked games won't work at all or are unplayable, and native Linux games are just the opposite of that.

Protondb has a search feature that Linux gamers may use to find out if games that they are interested in work well on Linux. All games that match the search term are returned, which means that you can search for entire series of games, e.g. King's Bounty, Final Fantasy or Civilization, and get all reported games and their compatibility rating returned. Compatibility is improving, and while there are still games that won't run on Linux, it is clear that compatibility has improved significantly in the past couple of years.

Open source is no place for secrets. From a report: This is a critical time for the Good Chip Intel. After the vessel driftied through the Straits of Lateness towards the Rocks of Irrelevance, Captain Pat parachuted into the bridge to grab the helm and bark "Full steam ahead!" Its first berth at Alder Lake is generally seen as a return to competitive form, but that design started well before Gelsinger's return and there's still zero room for navigational errors in the expeditions ahead. At least one of the course corrections looks a bit rum. Intel has long realised the importance of supporting open source to keep its chips dancing with Linux. Unlike the halcyon days of Wintel dominance, though, this means being somewhat more open about the down-and-dirty details of exactly how its chips do their thing. You can't sign an NDA with the Linux kernel.

Chipmakers are notoriously paranoid: Silicon Valley was born in intrigue and suspicion. Despite Intel's iconic CEO Andy Grove making paranoia a corporate mantra, Intel became relatively relaxed. Qualcomm and Apple would throw you into their piranha pools merely for asking questions if they could, while Intel has learned to give as well as take. But it may be going back to bad habits. One of the new things not open to discussion is something called Software Defined Silicon (SDSi), about which Intel has nothing to say. Which is odd because it has just submitted supporting code for it to the Linux kernel. The code itself doesn't say anything about SDSi, instead adding a mechanism to control whatever it is via some authorised secure token. It basically unlocks hardware features when the right licence is applied. That's not new. Higher performance or extra features in electronic test equipment often comes present but disabled on the base models, and the punter can pay to play later. But what might it mean in SDSi and the Intel architecture?

It is expensive for Intel and OEMs alike to have multiple physical variants of anything; much better if you make one thing that does everything and charge for unlocking it. It's a variant of a trick discovered by hackish school kids in the late 1970s, where cheaper Casio scientific calculators used exactly the same hardware as the more expensive model. Casio just didn't print all the functions on the keyboards of the pleb kit. Future Intel chips will doubtless have cores and cache disabled until magic numbers appear, and with the SoC future beckoning that can extend to all manner of IO, acceleration, and co-processing features. It might even be there already. From engineering, marketing, and revenue perspectives, this is great. Intel could make an M1-like SoC that can be configured on the fly for different platforms, getting the design, performance, and fab efficiencies that Apple enjoys while making sense for multiple OEMs. There could be further revenue from software upgrades, or even subscription models.

"In 2022 we will very likely see the experimental Rust programming language support within the Linux kernel mainlined," writes Phoronix, citing patches sent out Monday "introducing the initial support and infrastructure around handling of Rust within the kernel."

This summer saw the earlier patch series posted for review and discussion around introducing Rust programming language support in the Linux kernel to complement its longstanding C focus. In the months since there has been more progress on enabling Rust for the Linux kernel development, Linus Torvalds is not opposed to it, and others getting onboard with the effort. Rust for the Linux kernel remains of increasing interest to developers over security concerns with Rust affording more memory safety protections, potentially lowering the barrier to contributing to the kernel, and other related benefits....

Miguel Ojeda sent out the "v2" patches for Rust support in the kernel. With these updated packages, the Rust code is now relying on stable Rust releases rather than the beta compiler state previously, new modularization options added, stricter code enforcements, extra Rust compiler diagnostics enabled, new abstractions for in-kernel use, and other low-level code improvements.

Red Hat is also now joining Arm, Google, and Microsoft in voicing their support for Rust code within the Linux kernel.
ZDNet contributing editor Steven J. Vaughan-Nichols also expects the first Rust code in Linux's kernel sometime in 2022: As Ryan Levick, a Microsoft principal cloud developer advocate, explained, "Rust is completely memory safe." Since roughly two-thirds of security issues can be traced back to handling memory badly, this is a major improvement. In addition, "Rust prevents those issues usually without adding any runtime overhead," Levick said.

ZDNet reports: By and large, the public cloud runs on Linux. Most users, even Microsoft Azure customers, run Linux on the cloud. In the case of market giant Amazon Web Services (AWS), the cloud provider will let you run many Linux distros or their own homebrew Linux, Amazon Linux. Now, AWS has released an early version of its next distro, Amazon Linux 3, which is based on Red Hat's community Linux, Fedora.

AWS has long tried to incorporate Red Hat Enterprise Linux (RHEL) compatibility into Amazon Linux, but this latest release takes that to new heights. By using Fedora as its upstream, the new Amazon distro, also called AL2022, is a stable distribution. It's gone through extensive testing to offer package stability, and it also includes all available security updates....
TechRadar adds some more details: The distro has had two major releases till now; the first in 2010, and the second in 2017. However, with the third AL2022 release the service is committing to a two year release cycle, with each release supported for a period of five years... AWS argues that the two year major release cycle, with updates shipped quarterly via minor releases, will help keep the software current, while the five year support commitment for each major release will give customers the stability they need to manage long project lifecycles.

Years after its failed Steam Machines, Valve is slowly but surely improving the state of Linux gaming. From a report: The company's upcoming Steam Deck handheld runs atop Linux, and its Proton compatibility layer lets it -- and other computers -- play Windows games as well. Now, Valve has officially added support for Nvidia's DLSS machine learning temporal upscaling technique to Proton, potentially bringing big FPS boosts and less flicker in games that support the technology.

Proton 6.3-8 is the first stable release to include support for DLSS, after the feature previously hit experimental builds in October, though it appears you'll still need to set PROTON_ENABLE_NVAPI=1 and dxgi.nvapiHack = False to turn it on. DLSS won't come to the AMD-powered Steam Deck, of course, since it requires proprietary Nvidia machine learning silicon, but we recently learned the Steam Deck will support AMDâ(TM)s arguably much less capable FSR.

The north-German state of Schleswig-Holstein plans to switch to open source software..." reports Mike Saunders from LibreOffice.

"By the end of 2026, Microsoft Office is to be replaced by LibreOffice on all 25,000 computers used by civil servants and employees (including teachers), and the Windows operating system is to be replaced by GNU/Linux."

The tech site Foss Force writes: This seems to be a done deal, as the steps for the transition from proprietary to open have already been codified by the Schleswig-Holstein state parliament, and explained in plain language in an interview with Jan Philipp Albrecht, the state's digital minister, that was published in c't, a German language computer magazine (Google Translate version here). In the interview, Albrecht said that part of the transition to open source is already in the works, and pointed out that 90% of state administration conferencing is conducted using the open source video conferencing platform Jitsi.

"We have been testing LibreOffice in our IT department for two years, and our experience is clear: it works," he said. "This also applies, for example, when editing Microsoft Word documents with comments... No Linux distribution has been chosen yet to use as a standard, although Albrecht said they're currently looking at five distributions that suit their purposes.

shoor writes: As much as 38 percent of the Internet's domain name lookup servers are vulnerable to a new attack that allows hackers to send victims to maliciously spoofed addresses masquerading as legitimate domains, like bankofamerica.com or gmail.com. The exploit, unveiled in research presented today, revives the DNS cache-poisoning attack that researcher Dan Kaminsky disclosed in 2008. He showed that, by masquerading as an authoritative DNS server and using it to flood a DNS resolver with fake lookup results for a trusted domain, an attacker could poison the resolver cache with the spoofed IP address. From then on, anyone relying on the same resolver would be diverted to the same imposter site.

The sleight of hand worked because DNS at the time relied on a transaction ID to prove the IP number returned came from an authoritative server rather than an imposter server attempting to send people to a malicious site. The transaction number had only 16 bits, which meant that there were only 65,536 possible transaction IDs. Kaminsky realized that hackers could exploit the lack of entropy by bombarding a DNS resolver with off-path responses that included each possible ID. Once the resolver received a response with the correct ID, the server would accept the malicious IP and store the result in cache so that everyone else using the same resolver -- which typically belongs to a corporation, organization, or ISP -- would also be sent to the same malicious server.