Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Linux Traffic Hijack Flaw Also Affects Most Android Phones, Tablets ( 39

Zack Whittaker, writing for ZDNet: As many as 80 percent of Android devices are vulnerable to a recently disclosed Linux kernel vulnerability. Security firm Lookout said in a blog post on Monday that the flaw affects all phones and tablets that are running Android 4.4 KitKat and later, which comes with the affected Linux kernel 3.6 or newer. According to recent statistics, the number of devices affected might run past 1.4 billion phones and tablets -- including devices running the Android Nougat developer preview. Windows and Macs are not affected by the vulnerability. The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from "anywhere". However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack.The exploitability isn't easy, though.

Linux Developer Loses GPL Suit Against VMware ( 162

An anonymous Slashdot reader quotes ITWire: Linux kernel developer Christoph Hellwig has lost his case against virtualisation company VMware, which he had sued in March 2015 for violation of version 2 of the GNU General Public Licence... The case claimed that VMware had been using Hellwig's code right from 2007 and not releasing source code as required. The Linux kernel, which is released under the GNU GPL version 2, stipulates that anyone who distributes it has to provide source code for the same...

In its ruling, the court said that Hellwig had failed to prove which specific lines of code VMware had used, from among those over which he claimed ownership.

In a statement, Hellwig said he plans to appeal, adding that "The ruling concerned German evidence law; the Court did not rule on the merits of the case, i.e. the question whether or not VMware has to license the kernel of its product vSphere ESXi 5.5.0 under the terms of the GNU General Public License, version 2." The Software Freedom Conservancy has described the lawsuit as "the regretful but necessary next step in both Hellwig and Conservancy's ongoing effort to convince VMware to comply properly with the terms of the GPLv2, the license of Linux and many other Open Source and Free Software included in VMware's ESXi products."

New RancherOS Offers Lean Linux Functionality Within Docker Containers ( 49

RancherOS is a lean Linux distribution aiming to offer "the minimum necessary to get Docker up and running," and tucking many actual Linux services into Docker containers. An anonymous Slashdot reader quotes Distrowatch: Josh Curl has announced the release of a new version of RancherOS [which] moves the project out of its alpha status and introduces new features, including an official Raspberry Pi image... "We're especially excited about this since it offers users a cheap method of getting started with Docker and RancherOS."
Open Source

New FreeBSD 11.0 Release Candidate Tested By Phoronix ( 61

"The first release candidate for the upcoming FreeBSD 11.0 is ready for testing," reports Distrowatch, noting various changes. ("A NULL pointer dereference in IPSEC has been fixed; support for SSH protocol 1 has been removed; OpenSSH DSA keys have been disabled by default...") Now an anonymous Slashdot reader writes: Sunday Phoronix performed some early benchmark testing, comparing FreeBSD 10.3 to FreeBSD 11.0 as well as DragonFlyBSD, Ubuntu, Intel Clear Linux and CentOS Linux 7. They reported mixed results -- some wins and some losses for FreeBSD -- using a clean install with the default package/settings on the x86_64/amd64 version for each operating system.

FreeBSD 11.0 showed the fastest compile times, and "With the SQLite benchmark, the BSDs came out ahead of Linux [and] trailed slightly behind DragonFlyBSD 4.6 with HAMMER. The 11.0-BETA4 performance does appear to regress slightly for SQLite compared to FreeBSD 10.3... With the BLAKE2 crypto test, all four Linux distributions were faster than DragonFlyBSD and FreeBSD... with the Apache web server benchmark, FreeBSD was able to outperform the Linux distributions..."


Researchers Warn Linux Vendors About Cloud-Memory Hacking Trick ( 73

An anonymous Slashdot reader writes: Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS)...and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed...

Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer.

The researchers demonstrated two attacks on Debian and Ubuntu systems -- flipping a bit to change a victim's RSA public key, and installing a software package infected with malware by altering a URL used by apt-get. "Debian, Ubuntu and other companies involved in the research were notified before the paper was published, and have all responded to the issue."

Google Working On New 'Fuchsia' OS ( 146

An anonymous reader writes: Google is working on a new operating system dubbed Fuchsia OS for smartphones, computers, and various other devices. The new operating system was spotted in the Git repository, where the description reads: "Pick + Purple == Fuchsia (a new Operating System). Hacker News reports that Travis Geiselbrech, who worked on NewOS, BeOS, Danger, Palm's webOS and iOS, and Brian Swetland, who also worked on BeOS and Android will be involved in this project. Magenta and LK kernel will be powering the operating system. "LK is a kernel designed for small systems typically used in imbedded applications," reads the repository. "On the other hand, Magenta targets modern phones and modern personal computers with fast processors, non-trivial amounts of RAM with arbitrary peripherals doing open-ended computation." It's too early to tell exactly what this OS is meant for. Whether it's for an Android and Chrome OS merger or something completely new, it's exciting nonetheless.
Operating Systems

Linux 4.9 Will Be the Next LTS Kernel Branch, Says Greg Kroah-Hartman ( 30

Reader prisoninmate writes: Renowned Linux kernel developer and maintainer Greg Kroah-Hartman said on Friday that the next LTS (Long-Term Support) kernel branch will be Linux 4.9. The development cycle of a new Linux kernel branch doesn't take more than a month and a half or a maximum of two months, depending if the respective series will receive seven or eight Release Candidate (RC) milestones, but LTS releases are picked by veteran kernel developers from time to time when older ones reach end of life (EOL). If Linux kernel 4.8 will be a normal release with a total of seven RCs and it'll be announced on day of September 25, then the development cycle of the Linux 4.9 kernel should start with the first Release Candidate development snapshot on October 9, 2016. But if Linux kernel 4.8 will have eight RCs, then we should see Linux kernel 4.9 LTS RC1 one week later, on October 16.
Operating Systems

Canonical Releases Snapcraft 2.14 For Ubuntu With New Rust Plugin, Improvements ( 44

Marius Nestor, reporting for Softpedia News: Canonical, through Sergio Schvezov, has had the great pleasure of announcing the release and general availability of Snapcraft 2.14 Snap creator tool for the Ubuntu 16.04 LTS (Xenial Xerus) operating system. Coming hot on the heels of Snapcraft 2.13, the new 2.14 maintenance update is here to introduce a bunch of new plugins, namely rust, godeps, and dump. You can find more information about each one by running the "snapcraft help " command in a terminal window. Also new in the Snapcraft 2.14 release is support for alternate relocation mechanisms in the "make" plugin (for example, you can use DESTDIR alternatives), as well as many improvements to the "go" plugin, such as support for local sources, which are now preferred instead of fetching new ones, and proper handling of the source entry. The list of improvements implemented in Snapcraft 2.14 continues with support for building a kernel Snaps for multiple hardware architectures using a single snapcraft.yaml file, support for "oneshot" daemons, better wiki parser source management, as well as proper setting of "shebangs" and support for requirement files in the "python" plugin.
Operating Systems

Arch Linux Is Now Officially Powered by Linux Kernel 4.7, Update Your Systems 54

Marius Nestor, writing for Softpedia: After a few weeks from its official release, it finally happened, Linux kernel 4.7 has just landed in the stable software repositories of the popular, lightweight and highly customizable Arch Linux operating system. Linux kernel 4.7 is the most stable and advanced kernel branch, and only a few GNU/Linux distributions have adopted since its launch on July 24, 2016. It's still marked as "mainline" not "stable" or "longterm" on the website, which means that it didn't receive a maintenance update at the moment of writing this article. As for its new features, Linux kernel 4.7 comes with an updated AMDGPU graphics driver with support for AMD Radeon RX 480 GPUs, LoadPin, a brand new security module that ensures all modules loaded by the kernel originate from the same filesystem, and support for upgrading firmware using the EFI "Capsule" mechanism. Linux kernel 4.7 also marks the sync_file fencing mechanism used in the Android mobile operating system as stable and ready for production, implements support for generating virtual USB Device Controllers in USB/IP, supports parallel directory lookups, and introduces the "schedutil" frequency governor, which is faster and more accurate than the current ones.

Linux Trojan Mines For Cryptocurrency Using Misconfigured Redis Servers ( 62

An anonymous reader writes: In another installment of "Linux has malware too," security researchers have discovered a new trojan that targets Linux servers running Redis, where the trojan installs a cryptocurrency miner. The odd fact about this trojan is that it includes a wormable feature that allows it to spread on its own. The trojan, named Linux.Lady, will look for Redis servers that don't have an admin account password, access the database, and then download itself on the new target. The trojan mines for the Monero crypto-currency, the same one used by another worm called PhotoMiner, which targets vulnerable FTP servers. According to a recent Risk Based Security report from last month, there are over 30,000 Redis servers available online without a password, of which 6,000 have already been compromised by various threat actors.

Linux Bug Leaves USA Today, Other Top Sites Vulnerable To Serious Hijacking Attacks ( 115

Dan Goodin, reporting for Ars Technica: Computer scientists have discovered a serious Internet vulnerability that allows attackers to terminate connections between virtually any two parties and, if the connections aren't encrypted, inject malicious code or content into the parties' communications. The vulnerability resides in the design and implementation of RFC 5961, a relatively new Internet standard that's intended to prevent certain classes of hacking attacks. In fact, the protocol is designed in a way that it can easily open Internet users to so-called blind off-path attacks, in which hackers anywhere on the Internet can detect when any two parties are communicating over an active transmission control protocol connection. Attackers can go on to exploit the flaw to shut down the connection, inject malicious code or content into unencrypted data streams, and possibly degrade privacy guarantees provided by the Tor anonymity network. At the 25th Usenix Security Symposium on Wednesday, researchers with the University of California at Riverside and the US Army Research Laboratory will demonstrate a proof-of-concept exploit that allows them to inject content into an otherwise legitimate USA Today page that asks viewers to enter their e-mail and passwords.

Chrome Is Nearly Ready To Talk To Your Bluetooth Devices ( 151

Jon Fingas, writing for Engadget: Don't look now, but your web browser is about to become aware of the devices around you. After months of testing, Google has switched on broader experimental support in Chrome and Chrome OS for Web Bluetooth, which lets websites interact with your nearby Bluetooth gear. You could use a web interface to control your smart home devices, for instance, or send data directly from your heart rate monitor to a fitness coach. At the moment, trying Web Bluetooth requires the stars to align in just the right way. You'll need a pre-release version of Chrome 53, and you'll naturally want to find (or create) a website that uses the tech in the first place.

Linux Kernel 4.8 Adds Microsoft Surface 3 Support ( 133

Brian Fagioli, writing for BetaNews:If you are a Windows user, and want a really great computer, you should consider Microsoft's Surface line. Not only do they serve as wonderful tablets, but with the keyboard attachment, they can be solid laptops too. While many Linux users dislike Microsoft, some of them undoubtedly envy Windows hardware. While it is possible to run Linux distros on some Surface tablets, not everything will work flawlessly. Today, release candidate 1 of Linux Kernel 4.8 is announced, and it seems a particularly interesting driver has been added -- the Surface 3 touchscreen controller. "This seems to be building up to be one of the bigger releases lately, but let's see how it all ends up. The merge window has been fairly normal, although the patch itself looks somewhat unusual: over 20 percent of the patch is documentation updates, due to conversion of the drm and media documentation from docbook to the Sphinx doc format. There are other doc updates, but that's the big bulk of it," says Linus Torvalds, Linux creator. Will Microsoft's lower-priced (starting at $499) hybrid computer become the ultimate mobile Linux machine?

Linux on Windows Exposes a New Attack Surface ( 228

An anonymous Slashdot reader writes: The Linux in Windows 10 isn't running inside of a hypervisor; it's "running on the raw hardware, getting all the benefits of performance and system access, as well as expanding the potential attack surface." eWeek reports on a new threat discovered by Alex Ionescu, the chief architect at cybersecurity company Crowdstrike, which begins with the fact that "The Windows file system is also mapped to Linux, such that Linux will get access to the same files and directories."

Ionescu says "There are a number of ways that Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows." According to eWeek, "The modified Linux code in turn could then call Windows APIs and get access to system calls to perform malicious actions that might not be mitigated."
Ionescu describes it as "a two-headed beast that can do a little Linux and can also be used to attack the Windows side of the system."
Operating Systems

LibreOffice 5.2 Officially Released ( 103

prisoninmate writes from a report via Softpedia: LibreOffice 5.2 is finally here, after it has been in development for the past four months, during which the development team behind one of the best free office suites have managed to implement dozens of new features and improvements to most of the application's components. Key features include more UI refinements to make it flexible for anyone, standards-based document classification, forecasting functions in Calc, the spreadsheet editor, as well as lots of Writer and Impress enhancements. A series of videos are provided to see what landed in the LibreOffice 5.2 office suite, which is now available for download for GNU/Linux, Mac OS X, and Microsoft Windows operating systems.

Windows 10 Anniversary Update Borks Dual-Boot Partitions ( 281

Windows 10 Anniversary Update may affect and even delete other partitions on the same disk, OMGUbuntu is reporting, citing several complaints by users. "Broken boot loaders on an update are one thing but losing data, even entire partitions?" asks the author. Microsoft-centric news blog WindowsReport is corroborating on the report, adding that in some cases, the new OS was not able to detect some partitions. It says (edited): Many users are reporting that some of their partitions disappeared after installing the Anniversary Update. Usually, it's the smallest partition that disappears, although we couldn't say for sure whether the partition is deleted or if Windows simply doesn't detect it. Some users are saying that the partition is not allocated, while others can detect it once they install third-party partition management applications.We have reached out to Microsoft for clarification, and will update the post when we hear back from them.

Microsoft Brings ChakraCore to Linux and OS X ( 106

An anonymous reader quotes a columnist at CIO: A few days ago I wrote about Microsoft's revival of Skype for Linux. I called it "a big deal" -- less because of Skype itself and more because it signified Microsoft's recognition that Linux is a platform worth supporting... Now the company has done it again. At Node Summit this week, Microsoft announced the availability of ChakraCore for Linux. ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge and Universal Windows Platform. With this move, Microsoft is putting one of its core technologies on a competing platform. This, more than any other Linux-friendly move the company has made, is a clear departure from the Microsoft of Gates and Ballmer that used its technologies to lock users into Windows...

While Ubuntu is the primary Linux distribution that Microsoft is using to showcase its ChakraCore technologies, the company said that the support should easily translate to other modern Linux distributions.

Microsoft's blog post says the experimental implementation runs not only on x64 Linux but also on OS X.

Onion Debian Services Are Now Available ( 40

"I just set up a lot of Onion Services for many of Debian's static websites," announced Debian sys-admin Peter "weasel" Palfrader on Friday. "You can find the entire list of services on More might come in the future." Longtime Slashdot reader alfino writes: Yay for privacy. We don't care about where you come from, and now you don't even have to tell anyone that you're using Debian. The archive at is already in the list. Support for more redundant Debian archive access is expected to come When It's Ready.
Open Source

New Crowdfunding Campaign Offers Modular EOMA68 Computing Devices ( 122

A new crowdfunding campaign by Rhombus Tech "introduces the world's first devices built around the EOMA68 standard," which separates a "modular" CPU board from the rest of the system so that it can be easily used in multiple devices and upgraded more simply. Rhombus Tech is now offering a 15.6-inch laptop, a laser-cut wooden Micro-Desktop housing, and two types of computer cards, both using A20 dual-core ARM Cortex A7 processors. The cards are available with four flavors of the GNU/Linux operating system, and they're hoping to receive RYF certification from the Free Software Foundation.

"No proprietary software," explains their campaign's video. "No backdoors. No spyware. No NDAs." They envision a world where users upgrade their computers by simply popping in a new card -- reducing electronic waste -- or print new laptop casings to repair defects or swap in different colors. (And they also hope to eventually see the cards also working with cameras, phones, tablets, and gaming consoles.) Rhombus Tech CTO Luke Leighton did a Slashdot interview in 2012, and contacted Slashdot this weekend to announce: A live-streamed video from Hope2016 explains what it's about, and there is a huge range of discussions and articles online. The real burning question is: if a single Software Libre Engineer can teach themselves PCB design and bring modular computing to people on the budget available from a single company, why are there not already a huge number of companies doing modular upgradeable hardware?

Windows 10 Anniversary Update: the Best New Features ( 375

A year after the release of Windows 10, Microsoft is gearing up for Anniversary Update, the first major update to the company's desktop operating system. Ahead of the public release of Anniversary Update on August 2, Microsoft provided media outlets with the Anniversary Update, and their first impressions and reviews are out. The Verge has listed the big changes Windows 10 Anniversary ships with. From the article: Windows Ink: Windows Ink is without a doubt the best part of the Anniversary Update. It's essentially a central location to find built-in or third-party apps that work with your stylus. You can use the new sticky notes to note down reminders, and they'll even transform into true reminders as Cortana understands what you write.
Microsoft Edge extensions: If you're a fan of Chrome extensions, then you'll be glad to hear that they're heading to Microsoft's Edge browser. The Anniversary Update brings support for extensions, and it's now up to third-party developers to fill the Windows Store with their add-ons.
Cortana improvements: Microsoft's digital assistant, Cortana, debuted on Windows 10 last year, and the software maker is bringing it to the lock screen with the Anniversary Update. You'll be able to ask it to make a note, play music, set a reminder, and lots more without ever logging in. Cortana is also getting a little more intelligent, with the ability to schedule appointments in Outlook or options to send friends a document you were working on a week ago.
Dark theme and UI tweaks: You can switch on what I call even darker mode in settings, and it will switch built-in apps that typically use a white background over to black.
Other improvements include things like Windows 10's ability to set your time zone automatically, and opening up of Windows Hello, the biometric feature to apps and websites. Additionally, the Xbox One is getting Windows apps. The Verge adds, "It feels like a promise that was made years ago, but it's finally coming true with the Anniversary Update. As Windows 10 now powers the Xbox One, Microsoft will start rolling out an update to its console to provide support for Cortana on Xbox One and the new universal apps." Microsoft is also adding Bash, the Linux command line to Windows with the new update. It's an optional feature and users will need to enable it to use it. Users will also be able to "project to PC," a feature that will allow one to easily find a PC to project to from a phone or another PC. There's also a new Skype app, and syncing of notifications between PC and phone is getting better.
Going by the reviews, it appears Windows 10 Anniversary Update is substantially more stable, and has interesting new features. You can read the first impressions of it on ZDNet, and review on PCWorld.

Slashdot Top Deals