Okian Warrior writes "As a followup to Linus's opinion about people skeptical of the Linux random number generator, a new paper analyzes the robustness of /dev/urandom and /dev/random . From the paper: 'From a practical side, we also give a precise assessment of the security of the two Linux PRNGs, /dev/random and /dev/urandom. In particular, we show several attacks proving that these PRNGs are not robust according to our definition, and do not accumulate entropy properly. These attacks are due to the vulnerabilities of the entropy estimator and the internal mixing function of the Linux PRNGs. These attacks against the Linux PRNG show that it does not satisfy the "robustness" notion of security, but it remains unclear if these attacks lead to actual exploitable vulnerabilities in practice.'" Of course, you might not even be able to trust hardware RNGs. Rather than simply proving that the Linux PRNGs are not robust thanks to their run-time entropy estimator, the authors provide a new property for proving the robustness of the entropy accumulation stage of a PRNG, and offer an alternative PRNG model and proof that is both robust and more efficient than the current Linux PRNGs.

dryriver writes with an except from Polygon's interview with DICE creative directory Lars Gustavsson, who says it would only take one "killer" game for Linux to break into mainstream gaming (something some would argue it already has): "We strongly want to get into Linux for a reason," Gustavsson said. "It took Halo for the first Xbox to kick off and go crazy — usually, it takes one killer app or game and then people are more than willing [to adopt it] — it is not hard to get your hands on Linux, for example, it only takes one game that motivates you to go there." "I think, even then, customers are getting more and more convenient, so you really need to convince them how can they marry it into their daily lives and make an integral part of their lives," he explained, sharing that the studio has used Linux servers because it was a "superior operating system to do so." Valve's recently announced Steam OS and Steam Machines are healthy for the console market, Gustavsson said when asked for his opinion on Valve's recent announcements."

PengPod is running a crowdfunder to create a GNU Linux/Android tablet, the PengPod 1040. This is their second such product; the first was mentioned on Slashdot last year. PengPod has pledged to make all source and tools used to build the images available, so users can build their own OS top to bottom to guarantee that it's free of NSA tracking. The PengPod has previously found some success as a low-cost touch platform for industrial/commercial control systems and is partnered with ViewTouch, the original inventors of the graphical POS to offer PengPod1040s as restaurant register systems. The feature that the developers seem keenest to emphasize is that the PengPod is built to run conventional desktop Linux distros without special hacking required; Android is the default OS, but it's been tested with several others (including Ubuntu Touch) listed on their Indiegogo page.

jrepin writes "Google is offering rewards as high as $3,133.70 for software updates that improve the security of OpenSSL, OpenSSH, BIND, and several other open-source packages that are critical to the stability of the Internet. The program announced Wednesday expands on Google's current bug-bounty program, which pays from $500 to $3,133.70 to people who privately report bugs found in the company's software and Web properties." Google isn't the only company that sees the value in rewarding those who find security problems: Microsoft just paid British hacker James Forshaw $100,000 for finding a serious security flaw in Windows 8.1.

Lucas123 writes "There are efforts underway within the auto industry to create a standard, Linux-based platform for In-Vehicle Infotainment (IVI) systems so that cars will act more like smartphones instead of having only about 10% of that functionality today. For example, Tesla's Model S IVI system, which is based on Linux, is designed to allow drivers to navigate using Google Maps with live traffic information, listen to streaming music from any online radio station and have access to an Internet browser for news or restaurant reviews. Having an industry-wide open-source IVI operating system would create a reusable platform consisting of core services, middleware and open application layer interfaces that eliminate the redundant efforts to create separate proprietary systems by automakers and their tier 1 suppliers like Microsoft. By developing an open-source platform, carmakers can share upgrades as they arrive."

Hugh Pickens DOT Com writes "Ed Felton writes about an incident, in 2003, in which someone tried to backdoor the Linux kernel. Back in 2003 Linux used BitKeeper to store the master copy of the Linux source code. If a developer wanted to propose a modification to the Linux code, they would submit their proposed change, and it would go through an organized approval process to decide whether the change would be accepted into the master code. But some people didn't like BitKeeper, so a second copy of the source code was kept in CVS. On November 5, 2003, Larry McAvoy noticed that there was a code change in the CVS copy that did not have a pointer to a record of approval. Investigation showed that the change had never been approved and, stranger yet, that this change did not appear in the primary BitKeeper repository at all. Further investigation determined that someone had apparently broken in electronically to the CVS server and inserted a small change to wait4: 'if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) ...' A casual reading makes it look like innocuous error-checking code, but a careful reader would notice that, near the end of the first line, it said '= 0' rather than '== 0' so the effect of this code is to give root privileges to any piece of software that called wait4 in a particular way that is supposed to be invalid. In other words it's a classic backdoor. We don't know who it was that made the attempt—and we probably never will. But the attempt didn't work, because the Linux team was careful enough to notice that that this code was in the CVS repository without having gone through the normal approval process. 'Could this have been an NSA attack? Maybe. But there were many others who had the skill and motivation to carry out this attack,' writes Felton. 'Unless somebody confesses, or a smoking-gun document turns up, we'll never know.'"

An anonymous reader writes "NVIDIA was caught removing features from their Linux driver and days later Linux developers have caught and confirmed AMD imposing artificial limitations on their graphics cards in the DVI-to-HDMI adapters that their driver will support. Over years AMD has quietly been adding an extra EEPROM chip to their DVI-to-HDMI adapters that are bundled with Radeon HD graphics cards. Only when these identified adapters are detected via checks in their Windows and Linux Catalyst driver is HDMI audio enabled. If using a third-party DVI-to-HDMI adapter, HDMI audio support is disabled by the Catalyst driver. Open-source Linux developers have found this to be a self-imposed limitation and that the open-source AMD Linux driver will work fine with any DVI-to-HDMI adapter."

badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe."

RemyBR writes "Softpedia points to a Nvidia Developer Zone forum post revealing that the company has removed a specific Linux feature as of the v310 drivers due to the Windows platform. A BaseMosaic user on Ubuntu 12.04 noticed a change in the number of displays that can be used simultaneously after upgrading from the v295 drivers to v310. Another user, apparently working for Nvidia, gave a very troubling answer: 'For feature parity between Windows and Linux we set BaseMosaic to 3 screens.'"

DeviceGuru writes "At the Maker Faire Rome this week, Arduino announced a next-generation Arduino single board computer featuring a dual-processor architecture, and able to run a 'full Linux OS', in contrast to the lightweight OpenWRT Linux variant (Linino) buried inside the Yun's Atheros WiFi module. The Arduino TRE features a 1GHz 32-bit TI Sitara AM335x ARM Cortex-A8 SoC for running Linux software, plus an 8-bit Atmel ATmega MCU for AVR-compatible control of expansion modules (aka shields). The TRE's Sitara subsystem includes HDMI video, 100Mbps Ethernet, and 5 USB 2.0 ports, and is claimed to provide up to 100X the performance the Arduino Leonardo and Uno boards. Interestingly, the TRE's development reportedly benefited from close collaboration between Arduino and the BeagleBoard.org foundation."

An anonymous reader writes "Valve has revealed their first Steam Machines prototype details. The first 300 Steam Machine prototypes to ship will use various high-end Intel CPUs and NVIDIA GPUs while running their custom SteamOS Linux distribution. The Intel Haswell CPU + NVIDIA GPU combination should work well on Linux with the binary drivers. Using a range of CPUs/GPUs in the prototypes will allow them to better gauge the performance and effectiveness. Valve also said they will be releasing the CAD design files to their custom living room console enclosure for those who'd like to reproduce them." Valve is careful to point out that these specs aren't intended as a standard: "[T]o be clear, this design is not meant to serve the needs of all of the tens of millions of Steam users. It may, however, be the kind of machine that a significant percentage of Steam users would actually want to purchase — those who want plenty of performance in a high-end living room package. Many others would opt for machines that have been more carefully designed to cost less, or to be tiny, or super quiet, and there will be Steam Machines that fit those descriptions."

angry tapir writes "arkOS is a Linux distribution that runs on the Raspberry Pi. It's an initiative of the CitizenWeb Project, which promotes decentralization and democratization of the Internet. arkOS is aiming to aid this effort by making it super-simple for people to host their own email, blogs, storage and other services from their own home, instead of relying on cloud services run by third parties. about the project."

jones_supa writes "France's National Gendarmerie — the national law enforcement agency — is now running 37,000 desktop PCs with a custom distribution of Linux, and by summer of 2014, the agency plans to switch over all 72,000 of its desktop machines. The agency claims that the TCO of open source software is about 40 percent less than proprietary software from Microsoft, referring to their article published by EU's Interoperability Solutions for Public Administrations. Initially Gendarmerie has moved to Windows versions of cross-platform OSS applications such as OpenOffice, Firefox, and Thunderbird. Now they are completing the process by changing the OS. This is one of the largest known government deployments of Linux on the desktop."

First time accepted submitter slack_justyb writes "Matthew Garrett, former employee of Red Hat, comments on the current state of XMir and Canonical's recent decision to not ship XMir as the default display server in Ubuntu 13.10. Noting the current issues outstanding in XMir, the features yet to be implemented, the security loopholes, and Intel's recent rejection to support Mir in general. All of this leading Garrett to the conclusion that 'It's clear that XMir has turned into a larger project than Canonical had originally anticipated, but that's hardly surprising.'"

jones_supa writes "Things are starting to look even better for the status of open specifications for AMD Radeon HD hardware. AMD's Alex Deucher announced via his personal blog that programming guides and register specifications on the 3D engines for the Evergreen, Northern Islands, Southern Islands, and Sea Islands GPUs are now in the NDA-free public domain. These parts represent the 3D engines on the Radeon HD 5000 through Radeon HD 8000 series graphics processors."

kthreadd writes "Version 3.10 of the GNOME software collection has been released. New in this release is improved support for Wayland, the upcoming X replacement. The system status menus have been consolidated into one single menu. Many of the applications in GNOME now features header bars instead of title bars, which merges the titlebar and toolbar into a single element and allows applications to offer more dynamic user interfaces. GNOME now also includes an application for searching, browsing and installing applications called Software. Several other new applications have also been added to GNOME including Music, Photos, Notes and Maps."

jammag writes "'When the history of free software is written, I am increasingly convinced that this last year will be noted as the start of the decline of Ubuntu,' opines Linux pundit Bruce Byfield. After great initial success, Ubuntu and Canonical began to isolate themselves from the mainstream of the free software community. Canonical, he says, has tried to control the open source community, and the company has floundered in many of its initiatives. Really, the mighty Ubuntu, in decline?"

sl4shd0rk writes "Nvidia, perhaps inspired by the infamous Torvalds Salute, has decided to do something about its crummy image with Open Source developers. The company has begun to release public documentation on certain aspects of its GPUs. Reactions from developers have been mixed; much of what's already been released wasn't a big mystery, but Nvidia says more is coming and they will also provide guidance in needed areas as well. Linus said, 'I'm cautiously optimistic that this is a real shift in how Nvidia perceives Linux. The actual docs released so far are fairly limited, and in themselves they wouldn't be a big thing, but if Nvidia really does follow up and start opening up more, that would certainly be great. They've already been much better in the ARM SoC space than they were on the more traditional GPU side, and I really hope that some day I can just apologize for ever giving them the finger.'"

An anonymous reader writes "Select to copy and middle-click to paste. That's very convenient usability feature associated with UNIX graphical environments. But it is confusing for new users, so the ability to middle-click paste was briefly removed from GNOME 3.10. It was restored few days later, but with clear message: middle-click paste will be permanently removed from next GNOME version." I hope that "we'll defer this change until the next cycle" also means that it's getting re-thought, rather than just delayed.

darthcamaro writes "It was ten years ago this past Sunday September 22nd, that the Red Hat sponsored Fedora project was born. The first Fedora release didn't come until six weeks later in November of 2003. Over the last 10 years the project has transformed itself from being entirely controlled by Red Hat to being a true community effort. In a video interview, the current Fedora Project Leader, Robyn Bergeron talks about the past and the future of Fedora. 'We need to think about how we're actually making the sausage,' Bergeron said. 'I think we can try and abstract and automate the things we have to do a lot, so our really awesome people's brains can be applied to solving problems that aren't yet automate-able.'"