Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Operating Systems

Severe Flaws Found In Libarchive Open Source Library (talosintel.com) 82

Reader itwbennett writes: Researchers from Cisco Systems' Talos group have found three memory corruption errors in the widely used open-source library libarchive that can result in arbitrary code execution and can be exploited by passing specially crafted files to applications that contain the vulnerable code. "The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS," writes Lucian Constantin. "Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it." (Original blog post) So, while the libarchive maintainers have released patches for the flaws, it will likely take a long time for them to trickle down through all the affected projects.
Microsoft

Microsoft: Nearly One In Three Azure Virtual Machines Now Are Running Linux (zdnet.com) 52

Mary Jo Foley, reporting for ZDNet: Microsoft's self-professed Linux love is helping the company in the cloud. During his keynote at DockerCon 2016 in Seattle today, Azure Chief Technology Officer Mark Russinovich showed off some of the new and upcoming ways Microsoft is adding more container support to its cloud and server products. He also revealed a couple of new interesting datapoints. In the past year, Russinovich said, Microsoft has gone from one in four of its Azure virtual machines running Linux to nearly one in three. The other two-thirds of Azure customers are running Windows Server in their virtual machines. Russinovich showed off the promised Windows Server support that officials said would be coming at some point to the company's Azure Container Service (ACS). Microsoft made Azure Container Service generally available in April 2016, but for Linux containers only. Last year, company execs said Microsoft also would bring Windows Server support to ACS.
GNOME

Fedora 24 Featuring GNOME 3.20, Tons Of Improvements Released (betanews.com) 174

After several delays, the Fedora Project on Tuesday released Fedora 24 (download link), the latest version of its Linux-based operating system. Fedora 24 brings with it a number of interesting features and changes, including the GNOME 3.20 desktop environment. The latest version of GNOME comes with media-player controls in the notification panel, and improved search feature in the Files application. New GNOME will also let you easily upgrade to Fedora 25, by simply using its Software application. There's also improved font-rendering. Among other things Fedora 24 has an upgraded version of glibc, or GNU C Library, which comes with improved performance and bug fixes across the entire operating system. You can learn more about the features at TechRepublic..
Open Source

Red Hat Launches Ansible-Native Container Workflow Project (helpnetsecurity.com) 35

Orome1 quotes a report from Help Net Security: Red Hat launched Ansible Container under the Ansible project, which provides a simple, powerful, and agent-less open source IT automation framework. Available now as a technology preview, Ansible Container allows for the complete creation of Docker-formatted Linux containers within Ansible Playbooks, eliminating the need to use external tools like Dockerfile or docker-compose. Ansible's modular code base, combined with ease of contribution, and a community of contributors in GitHub, enables the powerful IT automation platform to manage today's infrastructure, but also adapt to new IT needs and DevOps workflows. Help Net Security reports: "The automated container creation and deployment offered by Ansible factor into Red Hat's existing container infrastructure stack, which now includes: A stable, container-centric operating system in Red Hat Enterprise Linux Atomic Host; An enterprise-grade, Kubernetes- and Docker-native container application platform through Red Hat OpenShift and the recently announced next-generation OpenShift Online public cloud service; Infrastructure management, automation and monitoring across hybrid environments with Red Hat CloudForms, Red Hat insights, Red Hat Satellite and Ansible Tower by Red Hat; Massively-scalable private and hybrid cloud architecture for large-scale container deployment through Red Hat OpenStack Platform and Red Hat Cloud Suite, which also includes Red Hat OpenShift."
Debian

Fedora QA Lead Pans Canonical 'Propaganda' On Snap Apps (happyassassin.net) 170

Long-time Slashdot reader JImbob0i0 shares a scathing article by Red Hat's Fedora QA "community monkey"/senior QA engineer on Canonical's announcement about their application delivery mechanism "snap"... ...and how it's going to unite all distributions and kill apt and rpm! This is, to put it diplomatically, a heaping pile of steaming bullshit... The press release and the stories together give you the strong impression that this thing called Snappy is going to be the cross-distribution future of application delivery, and it's all ready for use today and lots of major distributions are buying into it... The stories have headlines like "Adios apt and yum? Ubuntu's snap apps are coming to distros everywhere" and "Snap Packages Become Universal Binary Format for All GNU/Linux Distributions"...

Now, does Snappy actually have the cross-distribution buy-in that the press release claims (but never outright states) that it has? No... The sum total of communication between Canonical and Fedora before the release of this press release was that they mailed us asking about the process of packaging snappy for Fedora, and we told them about the main packaging process and COPR. They certainly did not in any way inform Fedora that they were going to send out a press release strongly implying that Fedora, along with every other distro in the world, was now a happy traveler on the Snappy bandwagon... They just decided to send out a wildly misleading press release and actively encourage the specialist press to report that Snappy was all set to take over the world and everyone was super happy with that.

Debian

Adios Apt and Yum? Ubuntu's Snap Apps Are Coming To Distros Everywhere (arstechnica.com) 274

An anonymous reader shares an Ars Technica report: Ubuntu's "snappy" new way of packaging applications is no longer exclusive to Ubuntu. Canonical today is announcing that snapd, the tool that allows snap packages to be installed on Ubuntu, has been ported to other Linux distributions including Debian, Arch, Fedora, and Gentoo among others. To install snap packages on non-Ubuntu distributions, Linux desktop and server users will have to first install the newly cross-platform snapd. This daemon verifies the integrity of snap packages, confines them into their own restricted space, and acts as a launcher. Instructions for creating snaps and installing snapd on a variety of distributions are available at this website. Snaps can exist on the same system as either deb or RPM packages. Snaps aren't the only new package manager for Linux distributions that aims to simplify installation of applications. There's also AppImage and OrbitalApps.
Android

Maru OS Exits Private Beta, Lets You Use an Android Phone As a Linux Desktop (liliputing.com) 60

Maru OS has exited beta, and is now available to anyone who wants to give it a try. For those unaware, Maru OS offers a platform that runs Android as well as Debian Linux on a smartphone. When you connect a Maru OS-powered smartphone to an external display, you get "full-fledged Linux desktop environment." Maru OS was unveiled in February, and currently supports only one smartphone: Nexus 5. The developers behind it have also started to work on making the project open source. They hope that doing this will help them support other devices as well. Brad Linger, writes for Liliputing: Work has also begun on making Maru OS an open source project, which could allow additional developers to contribute to the project or port it to run on other phones, although the current version of the Maru OS does require phones that support HDMI via MHL or SlimPort, which means not all phones will be able to run the software unless wireless display support is added in the future.
GNU is Not Unix

Ubuntu 16.10 To Be Powered By Linux Kernel 4.8 (softpedia.com) 58

Reader prisoninmate shares a Softpedia report: We've been monitoring the Ubuntu 16.10 development cycle for quite some time now to see what Linux kernel version the upcoming GNU/Linux operating system will be based on, and for now, it remains powered by the same kernel packages as Ubuntu 16.04 LTS (Xenial Xerus). Also, it looks like Ubuntu 16.10 has been switched to a universal local DNS resolver service. However, the Ubuntu Kernel Team published the other day a new installation of their weekly newsletter, informing the community that Ubuntu 16.10 (Yakkety Yak) would soon be rebased on the latest stable Linux 4.6 kernels. Then, it will move to the Release Candidate builds of Linux kernel 4.7, and after that, the operating system will finally be switched to Linux kernel 4.8.
Firefox

Firefox 47 Arrives With Synced Tabs Sidebar, Better YouTube Playback (venturebeat.com) 129

An anonymous reader quotes a report from VentureBeat: Mozilla today launched Firefox 47 for Windows, Mac, Linux, and Android. The browser has gained a sidebar for synced tabs from other devices, improvements to YouTube playback and HTML5 support, and is seeing the end of support for Android Gingerbread. [If you're logged in with your Firefox Account, the sidebar will show all your open tabs from your smartphone and other computers. The sidebar even lets you search for specific tabs. Next, Firefox 47 supports the open source VP9 video codec on machines with powerful multiprocessors. VP9 is the successor to VP8, both of which fall under Google's WebM project of freeing web codecs from royalty constraints.] Firefox 47 is available for download on Firefox.com, and will be slowly released on Google Play. You can view the full Firefox 47 changelog here. If you're a developer, Firefox 47 for developers offers more details for you.
Debian

Security Updates Released for Debian 8 and 7 (debian.org) 76

An anonymous reader writes: The Debian Project just released Debian 8.5, which adds 65 security updates to the stable release. They're also releasing the final update to Debian 7 (codenamed 'wheezy'), which includes "all other security updates released during the lifetime of 'wheezy' that have not previously been part of a point release."

They're emphasizing that each of the new updates "does not constitute a new version...but only updates some of the packages included. There is no need to throw away old...CDs or DVDs but only to update via an up-to-date Debian mirror after an installation to cause any out of date packages to be updated."

Python

Python/Unix Hybrid Demoed at PyCon (xon.sh) 181

A new shell "combines the Python language with features of Bash Unix and the fish and zsh shells," according to InfoWorld. An anonymous reader writes: Pronounced "conch," but spelled Xonsh, it runs on Linux, Windows, and Mac OS X systems, bringing Python libraries to the command line -- for example, the ability to use regular expressions when globbing files. "The first thing you'll notice about Xonsh is that it's really meant to be used as a general-purpose shell," the lead developer explained in a presentation at PyCon. "But on the other hand, it really is Python, so you can do things like add two numbers together."

They're describing it as "a Python-ish, BASHwards-looking shell language and command prompt...a superset of Python 3.4+ with additional support for the best parts of shells that you are used to, such as Bash, zsh, fish, and IPython...the superglue that bonds Python to a command-line interface and other shells."

Bug

Linux Kernel 4.6.1 Released; Some Users Report Boot Issue 161

Marius Nestor, reporting for Softpedia (condensed): Linux kernel 4.6.1 is already here, only two weeks after the official launch of the Linux 4.6 kernel series. For those not in the loop, Linux 4.6 branch is the latest and most advanced kernel branch available right now for GNU/Linux operating systems, but it looks like its adoption is a little slow at the moment. "I'm announcing the release of the 4.6.1 kernel. All users of the 4.6 kernel series must upgrade," says Greg Kroah-Hartman. "The updated 4.6.y git tree can be browsed at the normal kernel.org git web browser."
Some users are apparently facing boot failure issue on the latest version. An anonymous tipster tells Slashdot: Several folks on the web have reported a regression in the latest Linux kernels, starting with 4.6.1 and including the 4.7 beta that prevents booting and drops to busybox, at least the one supplied by the Ubuntu PPA. The boot sequence ends with "address family not supported by protocol: error getting socket" and then, "error initializing udev control socket" (screenshot here).
Debian

Systemd Starts Killing Your Background Processes By Default (blog.fefe.de) 924

New submitter nautsch writes: systemd changed a default value in logind.conf to "yes", which will kill all your processes, when you log out... There is already a bug-report over at debian: Debian bug tracker.
The new change means "user sessions will be properly cleaned up after," according to the changelog, "but additional steps are necessary to allow intentionally long-running processes to survive logout. To effectively allow users to run long-term tasks even if they are logged out, lingering must be enabled for them."
Open Source

NetBSD 7.0.1 Released (netbsd.org) 41

New submitter fisted writes: The NetBSD Project is pleased to announce NetBSD 7.0.1, the first security/bugfix update of the NetBSD 7.0 release branch. It represents a selected subset of fixes deemed important for security or stability reasons... For more details, please see the release notes at netbsd.org/releases. Complete source and binaries for NetBSD are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, SUP, and other services may be found at netbsd.org/mirrors/ This release addresses three security advisories, and includes six more security fixes -- all courtesy of a non-profit organization with no commercial backing.
Open Source

CentOS Linux 6.8 Released (softpedia.com) 91

An anonymous reader writes: CentOS team is pleased to announce the immediate availability of CentOS Linux 6.8 and install media for i386 and x86_64 Architectures. Release Notes for 6.8 are available here. Softpedia writes: "CentOS Linux 6.8 arrives today with major changes, among which we can mention the latest Linux 2.6.32 kernel release from upstream with support for storing up to 300TB of data on XFS filesystems. The VPN endpoint solution implemented in the NetworkManager network connection manager utility is now provided on the libreswan library instead of the Openswan IPsec implementation used in previous release of the OS, and it looks like the SSLv2 protocol has been disabled by default for the SSSD (System Security Services Daemon), which also comes with support for smart cards now." In addition, the new release comes with updated applications, including the LibreOffice 4.3.7 office suite and Squid 3.4 caching and forwarding web proxy, many of which are supporting the Transport Layer Security (TLS) 1.2 protocol, including Git, YUM, Postfix, OpenLDAP, stunnel, and vsftpd. The dmidecode open-source tool now supports SMBIOS 3.0.0, you can now pull kickstart files from HTTPS (Secure HTTP) sources, the NTDp (Network Time Protocol daemon) package has an alternative solution as chrony, SSLv3 has been disabled by default, and there's improved support for Hyper-V.
Android

Google To Bring Official Android Support To the Raspberry Pi 3 (arstechnica.com) 59

An anonymous reader shares an Ars Technica report: The Raspberry Pi 3 is not hurting for operating system choices. The tiny ARM computer is supported by several Linux distributions and even has a version of Windows 10 IoT core available. Now, it looks like the Pi is about to get official support for one of the most popular operating systems out there: Android. In Google's Android Open Source Project (AOSP) repository, a new device tree recently popped up for the Raspberry Pi 3. The AOSP device tree contains mostly Nexus devices with the occasional "generic" entry or developer board tossed into the mix. It's rare to see a non-Google device in AOSP, so it seems Google has taken quite a shine to the tiny computer. With officially supported source code, it should be much easier for hackers to get Android up and running on the Pi 3. And once that's done, you should be able to sideload more than 1.5 million apps onto the Pi to make the device do whatever you want.
Businesses

Linux Advocate Suggests Using More Closed-Source Software (techrepublic.com) 268

An anonymous reader writes: Open Source advocate Jack Wallen is a writer for Linux.com and Tech Republic. He predicts that both Windows and OS X will be Open Source within 5 years, writing that "neither Microsoft nor Apple make serious money from operating systems any longer" (with both companies giving away major OS upgrades), but argues that smaller software companies still see close-sourced code as a profit center. So yesterday Wallen wrote a surprising column urging Linux fans to begin considering closed-source software.

"That doesn't mean, in any way, you are giving up on the idea of freedom. What it means is that the best tool for the job is the one you should be using...be that open, closed, or somewhere in between. Should you close your mind to close sourced tools, you could miss out on some seriously amazing applications. On top of that (and this is something I've harped on for decades), the more you use closed source applications on open source environments, the more will be made available."

I'd be curious to hear how many Slashdot readers agree with Mr. Wallen...
Security

Symantec Antivirus Products Vulnerable To Horrid Overflow Bug (zdnet.com) 79

An anonymous reader writes: Tavis Ormandy of Google's Project Zero team has discovered a vulnerability in Symantec Antivirus Engine. The said engine is vulnerable to a buffer overflow when parsing malformed portable-executable (PE) header files, reports ZDNet. "Such malformed PE files can be received through incoming email, downloading of a document or application, or by visiting a malicious web site," Symantec said. "No user interaction is required to trigger the parsing of the malformed file." For Linux, OS X, and other Unix-like systems, the exploit results in a remote heap overflow as root in the Symantec or Norton process, Ormandy said in the Project Zero issue tracker. "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability -- this is about as bad as it can possibly get," he said.The vulnerability, if exploited, results in kernel memory corruption without user action and instant blue-screening on Windows.
Open Source

Linux Kernel 4.6 Officially Released (softpedia.com) 149

An anonymous coward writes: Just like clockwork, the Linux 4.6 kernel was officially released today. Details on the kernel changes for Linux 4.6 can be found via Phoronix and KernelNewbies.org. NVIDIA GeForce GTX 900 Maxwell support and Dell XPS 13 Skylake support are among the many hardware changes for 4.6. For Linux 4.7 there are already several new features to look forward to from new DRM display drivers to a new CPU scaling governor expected.
prisoninmate also writes: Linus Torvalds announced the final release of the anticipated Linux 4.6 kernel, which, after seven Release Candidate builds introduces features like "the OrangeFS distributed file system, support for the USB 3.1 SuperSpeed Plus (SSP) protocol, offering transfer speeds of up to 10Gbps, improvements to the reliability of the Out Of Memory task killer, as well as support for Intel Memory protection keys," [according to Softpedia].

"Moreover, Linux kernel 4.6 ships with Kernel Connection Multiplexor, a new component designed for accelerating application layer protocols, 802.1AE MAC-level encryption (MACsec) support, online inode checker for the OCFS2 file system, support for the BATMAN V protocol, and support for the pNFS SCSI layout."

Debian

ZFS For Linux Finally Lands In Debian GNU/Linux Repos (softpedia.com) 150

prisoninmate quotes a report from Softpedia: It took the Debian developers many years to finally be able to ship a working version of ZFS for Linux on Debian GNU/Linux. For those not in the known, ZFS on Linux is the official OpenZFS implementation for Linux, which promises to offer native ZFS filesystem support for any Linux kernel-based operating system, currently supporting Arch Linux, Ubuntu, Fedora, Gentoo, Red Hat Enterprise Linux, CentOS, openSUSE, and now Debian. And it looks like their ZFS for Linux implementation borrows a lot of patches from Ubuntu, at least according to the changelog for zfs-linux 0.6.5.6-2, the version that is now available in the unstable channel for Debian users to install and test.

Slashdot Top Deals