Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Hardware Hacking

How I Freed My Android Tablet: A Journey in Reverse Engineering (www.thanassis.space) 79

Slashdot reader ttsiod is an embedded software engineer at the European Space Agency, and shares this story about his quest to "dominate" his new tablet: Just like it's predecessor, I wanted to run a Debian chroot inside it -- that would allow me to apt-get install and run things like Privoxy, SSH SOCKS/VPN tunnels, Flask mini-servers, etc; and in general allow me to stay in control. But there was no open-source way to do this... and I could never trust "one-click roots" that communicate with servers in China... It took me weeks to reverse engineer my tablet -- and finally succeed in becoming root. The journey was quite interesting, and included both hardware and software tinkering. I learned a lot while doing it -- and wanted to share the experience with my fellow Slashdotters...
He writes that "I trust Debian. Far more than I trust the Android ecosystem," and describes everything from how he probed the boot process and created his own boot image to hunting for a way "to tell SELinux to get off my lawn".
Operating Systems

Mythbuntu Linux Has Been Discontinued (softpedia.com) 49

"Mythbuntu as a separate distribution will cease to exist. We will take the necessary steps to pull Mythbuntu specific packages from the repositories unless someone steps up to take these packages over," read Friday's announcement. prisoninmate writes: Mythbuntu was an operating system based on the widely-used Ubuntu Linux distro and built around the MythTV free and open source digital video recorder (DVR) project... The Mythbuntu team recommends users who want to use Mythbuntu to install the latest release of the Xubuntu Linux operating system and then add the Mythbuntu PPA (Personal Package Archive), which will continue to provide the latest MythTV releases and other related packages...

The first release of the OS was back when Ubuntu 7.10 (Gutsy Gibbon) was announced, and the last one was Mythbuntu 16.04.1 LTS (Xenial Xerus). From this point...there will be no new ISO images anymore. Also, the mythbuntu-desktop and Mythbuntu-Control-Centre packages are now discontinued and won't be available from the Ubuntu repositories anymore. However, users will still be able to install the MythTV software and configure it as they see fit.

Classic Games (Games)

The NES Classic is a $60 Single Board Computer Running Linux 121

"Nintendo's accurate NES emulator apparently needs no less than a quad-core CPU," joked Ars Technica. "The next step, of course, is unscrewing of the nostalgic little box to see how it ticks -- and whether its limited functionality might ever be expanded, either officially or by hackers." Slashdot reader romiz summarizes what's inside Nintendo's new miniature emulator for classic games: With a quad-core ARM Cortex-A7, 256 MB of RAM, and 512 MB of NAND Flash, it is typical of the hardware found in Linux single board computers, like the Raspberry Pi 2. Surprisingly for Nintendo, there does not seem to be any custom components in it, and it looks like it even does run Linux. [YouTube video] The GPL license for the kernel and many other open source components is visible in the legal information screen. The source, however, is not yet available on Nintendo's open source page.

But it is the re-edition a 1980s video console: there is no network access, no hardware expansion port, and the 30 games cannot be changed. Changing the system running on it will probably be difficult.
Linux

Meet VoCore2 Lite, a $4 Coin-Sized, Open Source Linux Computer (zdnet.com) 106

An anonymous reader shares a report on ZDNet:Four bucks buys a lot of hardware these days, and nothing highlights this more than a project like the VoCore2 Lite. VoCore2 is an open source Linux computer and a fully-functional wireless router that is smaller than a coin. It can also act as a VPN gateway for a network, an AirPlay station to play lossless music, a private cloud to store your photos, video, and code, and much more. The Lite version of the VoCore2 features a 580MHz MT7688AN MediaTek system on chip (SoC), 64MB of DDR2 RAM, 8MB of NOR storage, and a single antenna slot for Wi-Fi that supports 150Mbps. Spend $12 and go for the full VoCore2 option and you get the same SoC, but you get 128MB of DDR2 RAM, 16MB of NOR storage, two antenna slots supporting 300Mbps, an on-board antenna, and PCIe 1.1 support.
Cloud

AWS Releases Amazon Linux Container Image For Use in On-Premises Data Centers (venturebeat.com) 33

Amazon Web Services, a division of Amazon that offers cloud computing and storage services, has released a container image of its Amazon Linux operating system -- which has, until now, only been accessible on AWS virtual machine instances -- that customers can now deploy on their own servers. From a report on VentureBeat: Of course, other Linux distributions are available for use in companies' on-premises data centers -- CentOS, CoreOS, Red Hat Enterprise Linux, Canonical's Ubuntu, and so on. Now companies that are used to Amazon Linux in the cloud can work with it on-premises, too. It's available from AWS' EC2 Container Registry. Amazon Linux is not currently available for instant deployment on other public clouds, whether Oracle's, Google's, Microsoft's, or IBM's. "It is built from the same source code and packages as the AMI and will give you a smooth path to container adoption," AWS chief evangelist Jeff Barr wrote in a blog post. "You can use it as-is or as the basis for your own images."
Botnet

New, More-Powerful IoT Botnet Infects 3,500 Devices In 5 Days (arstechnica.com) 56

An anonymous reader quotes a report from Ars Technica: There's a new, more powerful Internet-of-things botnet in town, and it has managed to infect almost 3,500 devices in just five days, according to a recently published report. Linux/IRCTelnet, as the underlying malware has been named, borrows code from several existing malicious IoT applications. Most notably, it lifts entire sections of source code from Aidra, one of the earliest known IoT bot packages. Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected more than 420,000 Internet-connected devices in an attempt to measure the security of the global network. As reported by the anonymous researcher, Aidra forced infected devices to carry out a variety of distributed denial-of-service attacks but worked on a limited number of devices. Linux/IRCTelnet also borrows telnet-scanning logic from a newer IoT bot known as Bashlight. It further lifts a list of some 60 widely used username-password combinations built into Mirai, a different IoT bot app whose source code was recently published on the Internet. It goes on to add code for attacking sites that run the next-generation Internet protocol known as IPv6. The best-of-breed approach "is driving a high infection speed of Linux/IRCTelnet (new Aidra) so it can [infect] almost 3,500 bot clients within only five days from the moment its loader was first detected," a researcher who goes by the handle Unixfreakjp wrote in a blog post reporting on the new malware. "To incarnate a legendary botnet code into a new version that can [target] the recent vulnerable threat landscape is really inviting more bad news."
Desktops (Apple)

MacBook Pro (2016) Disappointment Pushes Some Apple Loyalists To Ubuntu Linux (betanews.com) 535

Linux distributions have emerged as one of the beneficiaries in the aftermath of the MacBook Pros launch. Many people aren't pleased with the offering and prices of Apple's three new laptops and some of them are resorting to Linux-powered laptops. From a report on BetaNews: Immediately after the Apple Keynote, famed Ubuntu laptop and desktop seller, System76, saw a huge jump in traffic from people looking to buy its machines. The traffic was so intense, that it needed to upgrade servers to keep up, it said. "We experienced much more traffic than we had prepared for, the website didn't go hard down but experienced slowness. We had to scale up to return to normal. It was a pretty big surge, I don't have the details in front of me at the moment but I've not really heard of anything like this before. People being so underwhelmed by a product that immediately following a new product release they actively seek out competitor's products," says Ryan Sipes, Community Manager, System76. I decided to compare specifications and pricing on my own, so I headed to both Apple.com and System76.com to compare. Apple's new 15-inch MacBook Pro starts at $2,400. This machine has a Quad-core Sklyake i7, maxes out at 16GB of RAM, has an NVMe 256GB SSD, and a Radeon Pro 450 with a paltry 2GB memory. Alternatively, I headed to System76 and configured its 15-inch Oryx Pro. I closely matched the MacBook Pro specs, with a Quad-core Sklyake i7 and NVMe 256GB SSD. Instead of 16GB of RAM as found on the Apple, I configured with 32GB (you can go up to 64GB if needed). By default, it comes with a 6GB Nvidia GTX 1060. The price? Less than $2,000! In other words, the System76 machine with much better specs is less expensive than Apple's.
Red Hat Software

Red Hat CEO: Linux Is Now The 'Default Choice' For The Cloud (bizjournals.com) 89

Speaking at the "All Things Open" conference, Red Hat CEO Jim Whitehurst remembered when Linux "was just a 'bunch of geeks' getting together figuring it all out on an 8286 chip" 25 years ago. An anonymous reader quotes BizJournals: "It went from being kind of a hacker movement to truly what I'll say [is] a viable alternative to traditional software," Whitehurst says, adding that Red Hat was a part of that push. Over the years, it came out from under the radar, being what Whitehurst calls "the default choice for a next-generation of infrastructure," particularly when it comes to cloud architectures... He points to Google, Microsoft and Facebook, all having open sourced their machine learning systems. "They recognize the company that builds the community around that piece of technology, that technology is going to win."
Education

How Linux Saved A School's Failing Windows Laptop Program (opensource.com) 255

OpenSource.com reports on a Minnesota school's 1:1 program -- one device per child -- where "Lots of the Windows laptops were in very poor condition and needed to be replaced." An anonymous reader writes: An Indiegogo campaign triggered extra money and donations of laptops, allowing the school's Linux club to equip much of the school with Linux laptops. "When you're using open source software you're free to use operating systems and application software without the hassle of license keys or license tracking inherent with proprietary software," says Stu Keroff, the school's technology coordinator. "This allows a school to experiment [and] gives them the freedom to make mistakes...

But there's also another benefit. "By empowering the students to be part of that process we were able to get more done, and to generate more excitement about the learning that the students were taking part in." There's now a waiting list for the school's Linux club, where they'd planned to cap membership at 35...until 62 students applied. Instead, they found themselves creating two Linux clubs, one for the sixth graders, and one for the 7th and 8th graders.

And to answer the obvious question -- they're using Ubuntu, with the Unity desktop.
Portables

Ask Slashdot: What's The Best Cheap Linux-Friendly Netbook? 187

Seems like a good time to revisit this question -- assuming anyone's still using a netbook. Long-time Slashdot reader Qbertino writes: I'm looking for a cheap lightweight netbook that is Linux-friendly, i.e. lets me install Linux without any shoddy modern BIOS getting in my way... The Lenovo 100S-11 looks really neat, but I just read about installation problems... Are there any alternatives?

And if there aren't, what experience do you guys have running Linux on a Chromebook using Crouton -- the Linux-parallel-to-Chrome-OS hack? Is it a feasible alternative to dumping ChromeOS and installing a 100% lightweight Linux?

His budget is around $200, and he ends his submission with "Many thanks from a fellow Slashdotter." So leave your suggestions in the comments. What's the best cheap Linux-friendly netbook?
Open Source

NetBSD Project Releases NetBSD 7.0.2 (softpedia.com) 22

An anonymous reader writes: "After spending six months in development, the NetBSD 7.0.2 release is now available for those running NetBSD 7.0 or NetBSD 7.0.1," reports Softpedia, "but also for those who are still using an older version of the BSD-based operating system and haven't managed to upgrade their systems, bringing them a collection of security patches and recent software updates." Release engineer Soren Jacobsen wrote that "It represents a selected subset of fixes deemed important for security or stability reasons. If you are running an earlier release of NetBSD, we strongly suggest updating to 7.0.2."

The security fixes eliminate a race condition in mail.local(8), and also update OpenSSL, ntp and BIND. In addition, "there are various MIPS pmap improvements, a patch for an NFS (Network File System) crash, as well as a crash that occurred when attempting to mount an FSS snapshot as read and write. NetBSD 7.0.2 also fixes an issue with the UFS1 file system when it was created outside the operating system."
Download NetBSD 7.0.2 at one of these mirror sites.
Operating Systems

Linux Marketshare is Above 2-Percent For Third Month in a Row (omgubuntu.co.uk) 205

For the third month in a row the share of worldwide desktop computer users running Linux has been above two percent -- up from one percent -- according to data from web analytics company Net Market Share. From a OMGUbuntu report: We reported back in July that Linux marketshare had passed two percent for the first time, and that figure remains the highest they've ever reported for Linux, at 2.33 percent. But the share for September 2016 was almost as good at 2.23 percent. It's the third consecutive month that Linux marketshare has been above 2 percent. Those of us who use Linux as our primary desktop computing platform can take a degree of pride in these figures. They do show a clear trend towards Linux, rather than away from it. But we should also remember that statistics, numbers and reporting methods vary between analytics companies and that all figures, however positive, remain open to interpretation and debate.
Android

Rowhammer Attack Can Now Root Android Devices (softpedia.com) 100

An anonymous reader writes from a report via Softpedia: Researchers have discovered a method to use the Rowhammer RAM attack for rooting Android devices. For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack. The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable. The research team says the Drammer attack has far more wide-reaching implications than just Android, being able to exploit any device running on ARM chips. In the past, researchers have tested the Rowhammer attack against DDR3 and DDR4 memory cards, weaponized it via JavaScript, took over PCs via Microsoft Edge, and hijacked Linux virtual machines. There's an app to test if your phone is vulnerable to this attack. "Rowhammer is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access," according to Wikipedia. "This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times."
Open Source

Linux Kernel 4.7 Reaches End of Life, Users Urged To Move To Linux 4.8 (softpedia.com) 77

prisoninmate writes: The Linux 4.7 kernel branch officially reached end of life, and it has already been marked as EOL on the kernel.org website, which means that the Linux kernel 4.7.10 maintenance update is the last one that will be released for this branch. It also means that you need to either update your system to the Linux 4.7.10 kernel release or move to a more recent kernel branch, such as Linux 4.8. In related news, Linux kernel 4.8.4 is now the latest stable and most advanced kernel version, which is already available for users of the Solus and Arch Linux operating systems, and it's coming soon to other GNU/Linux distributions powered by a kernel from the Linux 4.8 series. Users are urged to update their systems as soon as possible.
Open Source

Fedora 25 Beta Linux Distro Now Available For Raspberry Pi (betanews.com) 52

Slashdot reader BrianFagioli writes: Fedora 25 Beta Workstation is now available for both the Raspberry Pi 2 and Raspberry Pi 3. In addition to the Workstation image, Fedora 25 Beta Server is available too. Owners of ARMv6-powered Pi models, such as the Pi Zero, are out of luck, as the operating system will not be made available for them.
Peter Robinson (from the Fedora release engineering team) writes, "The most asked question I've had for a number of years is around support of the Raspberry Pi. It's also something I've been working towards for a very long time on my own time... The kernel supports all the drivers you'd expect, like various USB WiFi dongles, etc. You can run whichever desktop you like or Docker/Kubernetes/Ceph/Gluster as a group of devices -- albeit it slowly over a single shared USB bus!"
Ubuntu

Canonical Names Ubuntu Linux 17.04 'Zesty Zapus' (betanews.com) 67

"Linux distributions and silly names go together like peanut butter and jelly," notes BetaNews. BrianFagioli writes: One of the most well-known Linux distributions to use funny names is Ubuntu. It famously uses the convention of an adjective and a lesser-known animal, each starting with the same letter... For example, Ubuntu 16.10 uses the letter "Y" -- "Yakkety Yak". The next version of the operating system will use the letter "Z" [and] Canonical has chosen "Zesty Zapus"... It is apparently a type of jumping mouse...

"As we come to the end of the alphabet, I want to thank everyone who makes this fun. Your passion and focus and intellect, and occasionally your sharp differences, all make it a privilege to be part of this body incorporate. Right now, Ubuntu is moving even faster to the centre of the cloud and edge operations. From AWS to the zaniest new devices, Ubuntu helps people get things done faster, cleaner, and more efficiently, thanks to you...", says Mark Shuttleworth, CEO, Canonical... "we are a tiny band in a market of giants, but our focus on delivering free software freely together with enterprise support, services and solutions appears to be opening doors, and minds, everywhere. So, in honour of the valiantly tiny leaping long-tailed over the obstacles of life, our next release which will be Ubuntu 17.04, is hereby code named the Zesty Zapus".

My favorite was Xenial Xerus.
Mozilla

Rust Implements An IDE Protocol From Red Hat's Collaboration With Microsoft and Codenvy (infoworld.com) 49

An anonymous reader quotes InfoWorld: Developers of Mozilla's Rust language, devised for fast and safe system-level programming, have unveiled the first release of the Rust Language Service, a project that provides IDEs and editors with live, contextual information about Rust code. RLS is one of the first implementations of the Language Server Protocol, co-developed by Microsoft, Codenvy, and Red Hat to standardize communications between IDEs and language runtimes.

It's another sign of Rust's effort to be an A-list language across the board -- not only by providing better solutions to common programming problems, but also cultivating first-class, cutting-edge tooling support from beyond its ecosystem...

The Rust Language Service is "pre-alpha", and the whole Language Service Protocol is only currently supported by two IDEs -- Eclipse and Microsoft's Visual Studio Code. Earlier InfoWorld described it as "a JSON-based data exchange protocol for providing language services consistently across different code editors and IDEs," and one of the Rust developers has already developed a sample RLS client for Visual Studio Code.
Botnet

Mirai and Bashlight Join Forces Against DNS Provider Dyn (arstechnica.com) 56

A second wave of attacks has hit dynamic domain name service provider Dyn, affecting a larger number of providers. As researchers and government officials race to figure out what is causing the outages, new details are emerging. Dan Drew, chief security officer at Level 3 Communications, says the attack is at least in part being mounted from a "botnet" of Internet-of-Things (IoT) devices. "We're seeing attacks coming from a number of different locations," Drew said. "An Internet of Things botnet called Mirai that we identified is also involved in the attack." Ars Technica reports: The botnet, made up of devices like home WiFi routers and internet protocol video cameras, is sending massive numbers of requests to Dyn's DNS service. Those requests look legitimate, so it's difficult for Dyn's systems to screen them out from normal domain name lookup requests. Earlier this month, the code for the Mirai botnet was released publicly. It may have been used in the massive DDoS attack against security reporter Brian Krebs. Mirai and another IoT botnet called Bashlight exploit a common vulnerability in BusyBox, a pared-down version of the Linux operating system used in embedded devices. Mirai and Bashlight have recently been responsible for attacks of massive scale, including the attacks on Krebs, which at one point reached a traffic volume of 620 gigabits per second. Matthew Prince, co-founder and CEO of the content delivery and DDoS protection service provider CloudFlare, said that the attack being used against Dyn is an increasingly common one. The attacks append random strings of text to the front of domain names, making them appear like new, legitimate requests for the addresses of systems with a domain. Caching the results to speed up responses is impossible. Prince told Ars: "They're tough attacks to stop because they often get channeled through recursive providers. They're not cacheable because of the random prefix. We started seeing random prefix attacks like these three years ago, and they remain a very common attack. If IoT devices are being used, that would explain the size and scale [and how the attack] would affect: someone the size of Dyn."
Security

'Most Serious' Linux Privilege-Escalation Bug Ever Is Under Active Exploit (arstechnica.com) 109

Reader operator_error shares an ArsTechnica report: A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time." The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."

Operating Systems

Researchers Bypass ASLR Protection On Intel Haswell CPUs (softpedia.com) 72

An anonymous reader writes: "A team of scientists from two U.S. universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research," reports Softpedia. The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory -- the very thing that ASLR protection was meant to hide. While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows. From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing. You can read the research paper, titled "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR," here.

Slashdot Top Deals