"6.9 is now out," Linus Torvalds posted on the Linux kernel mailing list, "and last week has looked quite stable (and the whole release has felt pretty normal)."

Phoronix writes that Linux 6.9 "has a number of exciting features and improvements for those habitually updating to the newest version." And Slashdot reader prisoninmate shared this report from 9to5Linux: Highlights of Linux kernel 6.9 include Rust support on AArch64 (ARM64) architectures, support for the Intel FRED (Flexible Return and Event Delivery) mechanism for improved low-level event delivery, support for AMD SNP (Secure Nested Paging) guests, and a new dm-vdo (virtual data optimizer) target in device mapper for inline deduplication, compression, zero-block elimination, and thin provisioning.

Linux kernel 6.9 also supports the Named Address Spaces feature in GCC (GNU Compiler Collection) that allows the compiler to better optimize per-CPU data access, adds initial support for FUSE passthrough to allow the kernel to serve files from a user-space FUSE server directly, adds support for the Energy Model to be updated dynamically at run time, and introduces a new LPA2 mode for ARM 64-bit processors...

Linux kernel 6.9 will be a short-lived branch supported for only a couple of months. It will be succeeded by Linux kernel 6.10, whose merge window has now been officially opened by Linus Torvalds. Linux kernel 6.10 is expected to be released in mid or late September 2024.
"Rust language has been updated to version 1.76.0 in Linux 6.9," according to the article. And Linus Torvalds shared one more details on the Linux kernel mailing list.

"I now have a more powerful arm64 machine (thanks to Ampere), so the last week I've been doing almost as many arm64 builds as I have x86-64, and that should obviously continue during the upcoming merge window too."

An anonymous reader shared this report from Phoronix: For the past several months AMD Linux engineers have been working on AMD Core Performance Boost support for their P-State CPU frequency scaling driver. The ninth iteration of these patches were posted on Monday and besides the global enabling/disabling support for Core Performance Boost, it's now possible to selectively toggle the feature on a per-CPU core basis...

The new interface is under /sys/devices/system/cpu/cpuX/cpufreq/amd_pstate_boost_cpb for each CPU core. Thus users can tune whether particular CPU cores are boosted above the base frequency.

This week, The Register reported: If you are still running RHEL 7, which is now approaching a decade old, there's good news. Red Hat is offering four more years of support for RHEL 7.9, which it terms Extended Life Cycle Support or ELS.

If you are running the free version, CentOS Linux 7, that hits its end-of-life on the same date: June 30, 2024. CIQ, which offers CentOS Linux rebuild Rocky Linux, has a life cycle extension for that too, which it calls CIQ Bridge. The company told The Reg: "CIQ Bridge, essentially a long-term support service tailored for CentOS 7 users on the migration path to Rocky Linux, is offered under an annual, fixed-rate subscription. CIQ Bridge includes access to CentOS 7 extended life package updates for an additional three years and security updates for CVSS 7 issues and above. Security updates for CVSS 5 and 6 are available at an elevated subscription tier. CIQ Bridge is designed to support CentOS 7 users until they are ready for CIQ guidance and support in migration to Rocky Linux." CIQ believes there's a substantial market for this, and points to research from Enlyft that suggests hundreds of thousands of users still on CentOS Linux 7.

Red Hat Enterprise Linux 9.4 has been released. But also released is Rocky Linux 9.4, reports 9to5Linux: Rocky Linux 9.4 also adds openSUSE's KIWI next-generation appliance builder as a new image build workflow and process for building images that are feature complete with the old images... Under the hood, Rocky Linux 9.4 includes the same updated components from the upstream Red Hat Enterprise Linux 9.4
This week also saw the release of Alma Linux 9.4 stable (the "forever-free enterprise Linux distribution... binary compatible with RHEL.") The Register points out that while Alma Linux is "still supporting some aging hardware that the official RHEL 9.4 drops, what's new is largely the same in them both."

And last week also saw the launch of the AlmaLinux High-Performance Computing and AI Special Interest Group (SIG). HPCWire reports: "AlmaLinux's status as a community-driven enterprise Linux holds incredible promise for the future of HPC and AI," said Hayden Barnes, SIG leader and Senior Open Source Community Manager for AI Software at HPE. "Its transparency and stability empowers researchers, developers and organizations to collaborate, customize and optimize their computing environments, fostering a culture of innovation and accelerating breakthroughs in scientific research and cutting-edge AI/ML."
And this week, InfoWorld reported: Red Hat has launched Red Hat Enterprise Linux AI (RHEL AI), described as a foundation model platform that allows users to more seamlessly develop and deploy generative AI models. Announced May 7 and available now as a developer preview, RHEL AI includes the Granite family of open-source large language models (LLMs) from IBM, InstructLab model alignment tools based on the LAB (Large-Scale Alignment for Chatbots) methodology, and a community-driven approach to model development through the InstructLab project, Red Hat said.

SiliconANGLE looks at how starting in 2021, Microsoft and Red Hat have formed "an unlikely partnership set to reshape the landscape of cloud computing..." First, their collective open-source capabilities will lead to co-developed solutions to simplify the modernization and migration of Red Hat technologies to the cloud, seamlessly integrating them with Microsoft's Azure platform, according to João Couto, EMEA VP and COO of cloud commercial solutions at Microsoft. "We have acquired GitHub, which is also one of the largest repositories of open source worldwide," he said. "In that context, it makes a lot of sense to work together with Red Hat."
Transcribed from their interview: What we have been doing so far is making sure that we are co-developing solutions together with Red Hat. And making these solutions available to our customers — making it easy for customers to transform, to modernize [their] Red Hat technology running on-prem, and moving them into cloud using our own Microsoft cloud technology, but Red Hat solutions, in a very, very seamless, integrated way. And also leveraging all the entire portfolio of Red Hat automation tools, so that they can make it easier for customers not just to do the migration, but also to do management, run the operation, and all the troubleshooting also from the customer-care perspective. So that's basically an end-to-end partnership approach that we are taking...

"[Customers] get an integrated support experience from Red Hat technical teams and Microsoft technical teams. And this means that these two technical teams are often colocated, so whenever a customer has a challenge, they are being answered by Microsoft and Red Hat technical teams, all working together to solve this challenge from the customer. So this brings also an increased level of confidence to customers to move to cloud...

"We have both engineering teams from both sides working together to achieve this level of integration between the two solutions. So when you talk about Red Hat Enterprise Linux or when you have the Azure Red Hat OpenShift, which is a new solution that we have recently launched — these are solutions that using open source, are bringing in an additional level of integration, flexibility, automation to customers. So that they can migrate, and manage, their solutions in a more seamless way, and in a more easy way. So we are embedding this kind of overlying partnership from an open source perspective to bring these innovations live to customers."

Michael Larabel reports via Phoronix: Building off the recent release of Fedora 40, Fedora Asahi Remix 40 is now available for this downstream of Fedora Linux that's optimized to run on Apple Silicon ARM systems. Fedora Asahi Remix continues to be one of the best ways of enjoying a Linux experience atop recent Apple Macs making use of their in-house M1/M2/M3 SoCs. With the Fedora Asahi Remix 40 release there is now conformant OpenGL 4.6 support thanks to the upgraded Mesa. There is also improved device compatibility with its newer kernel.

Fedora Asahi Remix continues to cater to using the KDE Plasma desktop by default. With the upgrade to Fedora Asahi Remix 40 this also means now transitioning to the KDE Plasma 6.0 desktop environment for their flagship desktop experience. A GNOME variant using GNOME 46 is also available. You can learn more about the release via FedoraMagazine.org. Installation options are available at FedoraProject.org.

The blog It's FOSS is "pissed at the casual arrogance of Ubuntu and its parent company Canonical..... The sheer audacity of not caring for its users reeks of Microsoft-esque arrogance." If you download a .deb package of a software, you cannot install it using the official graphical software center on Ubuntu anymore. When you double-click on the downloaded deb package, you'll see this error, "there is no app installed for Debian package files".

If you right-click and choose to open it with Software Center, you are in for another annoyance. The software center will go into eternal loading. It may look as if it is doing something, but it will go on forever. I could even livestream the loading app store on YouTube, and it would continue for the 12 years of its long-term support period.
Canonical software engineer Dennis Loose actually created an issue ticket for the problem himself — back in September of 2023. And two weeks ago he returned to the discussion to announce that fix "will be a priority for the next cycle". (Though "unfortunately we didn't have the capacity to work on this for 24.04...)

But Its Foss accused Canonical of "cleverly booting out deb in favor of Snap, one baby step at a time" (noting the problem started with Ubuntu 23.10): There is also the issue of replacing deb packages with Snap, even with the apt command line tool. You use 'sudo apt install chromium', you get a Snap package of Chromium instead of Debian
The venerable Linux magazine argues that Canonical "has secretly forced Snap installation on users." [I]t looks as if the Software app defaults to Snap packages for everything now. I combed through various apps and found this to be the case.... As far as the auto-installation of downloaded .deb files, you'll have to install something like gdebi to bring back this feature.

An anonymous reader quotes a report from Foss Outpost: Systemd lead developer Lennart Poettering has posted on Mastodon about their upcoming v256 release of Systemd, which is expected to include a sudo replacement called "run0". The developer talks about the weaknesses of sudo, and how it has a large possible attack surface. For example, sudo supports network access, LDAP configurations, other types of plugins, and much more. But most importantly, its SUID binary provides a large attack service according to Lennart: "I personally think that the biggest problem with sudo is the fact it's a SUID binary though -- the big attack surface, the plugins, network access and so on that come after it it just make the key problem worse, but are not in themselves the main issue with sudo. SUID processes are weird concepts: they are invoked by unprivileged code and inherit the execution context intended for and controlled by unprivileged code. By execution context I mean the myriad of properties that a process has on Linux these days, from environment variables, process scheduling properties, cgroup assignments, security contexts, file descriptors passed, and so on and so on."

He's saying that sudo is a Unix concept from many decades ago, and a better privilege escalation system should be in place for 2024 security standards: "So, in my ideal world, we'd have an OS entirely without SUID. Let's throw out the concept of SUID on the dump of UNIX' bad ideas. An execution context for privileged code that is half under the control of unprivileged code and that needs careful manual clean-up is just not how security engineering should be done in 2024 anymore." [...]

He also mentioned that there will be more features in run0 that are not just related to the security backend such as: "The tool is also a lot more fun to use than sudo. For example, by default, it will tint your terminal background in a reddish tone while you are operating with elevated privileges. That is supposed to act as a friendly reminder that you haven't given up the privileges yet, and marks the output of all commands that ran with privileges appropriately. It also inserts a red dot (unicode ftw) in the window title while you operate with privileges, and drops it afterwards."

ReneR writes: A major T2 Linux milestone has been released, shipping with full support for 25 CPU architectures and several C libraries, as well as restored support for Intel IA-64 Itanium. Additionally, many vintage X.org DDX drivers were fixed and tested to work again, as well as complete support for the latest KDE 6 and GNOME 46.

T2 is known for its sophisticated cross compile support and support for nearly all existing CPU architectures: Alpha, Arc, ARM(64), Avr32, HPPA(64), IA64, M68k, MIPS(64), Nios2, PowerPC(64)(le), RISCV(64), s390x, SPARC(64), and SuperH x86(64). T2 is an increasingly popular choice for embedded systems and virtualization. It also still supports the Sony PS3, Sgi, Sun and HP workstations, as well as the latest ARM64 and RISCV64 architectures.

The release contains a total of 5,140 changesets, including approximately 5,314 package updates, 564 issues fixed, 317 packages or features added and 163 removed, and around 53 improvements. Usually most packages are up-to-date, including Linux 6.8, GCC 13, LLVM/Clang 18, as well as the latest version of X.org, Mesa, Firefox, Rust, KDE 6 and GNOME 46!

More information, source and binary distribution are open source and free at T2 SDE.

Tobias Mann reports via The Register: Canadian systems builder 45 Drives is perhaps best known for the dense multi-drive storage systems employed by the likes of Backblaze and others, but over the last year the biz has expanded its line-up to virtualization kit, and now low-power clients and workstations aimed at enterprises and home enthusiasts alike. 45 Drives' Home Client marks a departure from the relatively large rack-mount chassis it normally builds. Founder Doug Milburn told The Register the mini PC is something of a passion project that was born out of a desire to build a better home theater PC.

Housed within a custom passively cooled chassis built in-house by 45 Drive's parent company Protocase, is a quad-core, non-hyperthreaded Intel Alder Lake-generation N97 processor capable of boosting to 3.6GHz, your choice of either 8GB or 16GB of memory, and 250GB of flash storage. The decision to go with a 12-gen N-series was motivated in part by 45 Drives' internal workloads, Milburn explains, adding that to run PowerPoint or Salesforce just doesn't require that much horsepower. However, 45 Drives doesn't just see this as a low-power PC. Despite its name, the box will be sold under both its enterprise and home brands. In home lab environments, these small form factor x86 and Arm PCs have become incredibly popular for everything from lightweight virtualization and container hosts to firewalls and routers. [...]

In terms of software, 45 Drives says it will offer a number of operating system images for customers to choose from at the time of purchase, and Linux will be a first-class citizen on these devices. It's safe to say that Milburn isn't a big fan of Microsoft these days. "We run many hundreds of Microsoft workstations here, but we're kind of moving away from it," he said. "With Microsoft, it's a control thing; it's forced updates; it's a way of life with them." Milburn also isn't a fan of Microsoft's registration requirements and online telemetry. "We want control over what all our computers do. We want no traffic on our network that's out of here," he said. As a result, Milburn says 45 Drives is increasingly relying on Linux, and that not only applies to its internal machines but its products as well. Having said that, we're told that 45 Drives recognizes that Linux may not be appropriate for everyone and will offer Windows licenses at an additional cost. And, these both being x86 machines, there's nothing stopping you from loading your preferred distro or operating system on them after they've shipped. These workstations aren't exactly cheap. They start at $1,099 without the dedicated GPU. "The HL15 will set you back $799-$910 for the bare chassis if you opted for the PSU or not," adds The Register. "Meanwhile, a pre-configured system would run you $1,999 before factoring in drives."

prisoninmate shares a report from 9to5Linux: Canonical released today Ubuntu 24.04 LTS (Noble Numbat) as the latest version of its popular Linux-based operating system featuring some of the latest GNU/Linux technologies and Open Source software. Powered by Linux kernel 6.8, Ubuntu 24.04 LTS features the latest GNOME 46 desktop environment, an all-new graphical firmware update tool called Firmware Updater, Netplan 1.0 for state-of-the-art network management, updated Ubuntu font, support for the deb822 format for software sources, increased vm.max_map_count for better gaming, and Mozilla Thunderbird as a Snap by default.

It also comes with an updated Flutter-based graphical desktop installer that's now capable of updating itself and features a bunch of changes like support for accessibility features, guided (unencrypted) ZFS installations, a new option to import auto-install configurations for templated custom provisioning, as well as new default installation options, such as Default selection (previously Minimal) and Extended selection (previously Normal)."

An anonymous reader quotes a report from Ars Technica: There's a new Linux distro on the scene today, and it's a bit specialized. Its development was led by the automotive electronics supplier Elektrobit, and it's the first open source OS that complies with the automotive industry's functional safety requirements. [...] With Elektrobit's EB corbos Linux for Safety Applications (that sure is a long name), there's an open source Linux distro that finally fits the bill, having just been given the thumbs up by the German organization TUV Nord. (It also complies with the IEC 61508 standard for safety applications.) "The beauty of our concept is that you don't even need to safety-qualify Linux itself," said Moritz Neukirchner, a senior director at Elektrobit overseeing SDVs. Instead, an external safety monitor runs in a hypervisor, intercepting and validating kernel actions.

"When you look at how safety is typically being done, look at communication -- you don't safety-certify the communication specs or Ethernet stack, but you do a checker library on top, and you have a hardware anchor for checking down below, and you insure it end to end but take everything in between out of the certification path. And we have now created a concept that allows us to do exactly that for an operating system," Neukirchner told me. "So in the end, since we take Linux out of the certification path and make it usable in a safety-related context, we don't have any problems in keeping up to speed with the developer community," he explained. "Because if you start it off and say, 'Well, we're going to do Linux as a one-shot for safety,' you're going to have the next five patches and you're off [schedule] again, especially with the security regulation that's now getting toward effect now, starting in July with the UNECE R155 that requires continuous cybersecurity management vulnerability scanning for all software that ends up in the vehicle."

"In the end, we see roughly 4,000 kernel security patches within eight years for Linux. And this is the kind of challenge that you're being put up to if you want to participate in that speed of innovation of an open source community as rich as that of Linux and now want to combine this with safety-related applications," Neukirchner said. Elektrobit developed EB corbos Linux for Safety Applications together with Canonical, and together they will share the maintenance of keeping it compliant with safety requirements over time.

prisoninmate writes: Fedora Linux 40 distribution has been officially released -- powered by the latest Linux 6.8 kernel series, and featuring the GNOME 46 and KDE Plasma 6 desktop environments, reports 9to5Linux:

"Powered by the latest and greatest Linux 6.8 kernel series, the Fedora Linux 40 release ships with the GNOME 46 desktop environment for the flagship Fedora Workstation edition and the KDE Plasma 6 desktop environment for the Fedora KDE Spin, which defaults to the Wayland session as the X11 session was completely removed."

"Fedora Linux 40 also includes some interesting package management changes, such as dropping Delta RPMs and disabling support in the default configuration of DNF / DNF5. It also changes the DNF behavior to no longer download filelists by default. However, this release doesn't ship with the long-awaited DNF5 package manager. For AMD GPUs, Fedora Linux 40 ships with AMD ROCm 6.0 as the latest release of AMD's software optimized for AI and HPC workload performance, which enables support for the newest flagship AMD Instinct MI300A and MI300X datacenter GPUs."

SiliconANGLE reports that to help organizations detect vulnerabilities earlier, Red Hat has "announced updates to its Trusted Software Supply Chain that enable organizations to shift security 'left' in the software supply chain." Red Hat announced Trusted Software Supply Chain in May 2023, pitching it as a way to address the rising threat of software supply chain attacks. The service secures software pipelines by verifying software origins, automating security processes and providing a secure catalog of verified open-source software packages. [Thursday's updates] are aimed at advancing the ability for customers to embed security into the software development life cycle, thereby increasing software integrity earlier in the supply chain while also adhering to industry regulations and compliance standards.

They start with a new tool called Red Hat Trust Artifact Signer. Based on the open-source Sigstore project [founded at Red Hat and now part of the Open Source Security Foundation], Trust Artifact Signer allows developers to sign and verify software artifacts cryptographically without managing centralized keys, to enhance trust in the software supply chain. The second new release, Red Hat Trusted Profile Analyzer, provides a central source for security documentation such as Software Bill of Materials and Vulnerability Exploitability Exchange. The tool simplifies vulnerability management by enabling proactive identification and minimization of security threats.

The final new release, Red Hat Trusted Application Pipeline, combines the capabilities of the Trusted Profile Analyzer and Trusted Artifact Signer with Red Hat's internal developer platform to provide integrated security-focused development templates. The feature aims to standardize and accelerate the adoption of secure development practices within organizations.
Specifically, Red Hat's announcement says organizations can use their new Trust Application Pipeline feature "to verify pipeline compliance and provide traceability and auditability in the CI/CD process with an automated chain of trust that validates artifact signatures, and offers provenance and attestations."

Michael Larabel reports via Phoronix: While Fedora 41 in late 2024 is aiming to have more reproducible package builds, openSUSE Factory has already achieved a significant milestone in bit-by-bit reproducible builds. Since last month openSUSE Factory has been producing bit-by-bit reproducible builds sans the likes of embedded signatures. OpenSUSE Tumbleweed packages for that rolling-release distribution are being verified for bit-by-bit reproducible builds. SUSE/openSUSE is still verifying all packages are yielding reproducible builds but so far it's looking like 95% or more of packages are working out. You can learn more via the openSUSE blog.