Windows

Microsoft Windows 10 Gains Linux/WSL Console Copy and Paste Functionality (betanews.com) 167

BrianFagioli writes: For better or worse, the Windows Subsystem for Linux (WSL) initiative seems to be moving full steam ahead. There are some very respectable distributions available in the Microsoft Store, such as Debian, Ubuntu, and Kali to name a few. Not to mention, Microsoft is trying to encourage even more maintainers to submit their distros with a new tool.

Apparently, some Windows 10 users have been clamoring for the ability to copy and paste both from and to WSL consoles -- a reasonable request. Well, as of Insider Build 17643, this is finally possible.

'As of Windows 10 Insider build #17643, you can copy/paste text from/to Linux/WSL Consoles!!! We know that this is a feature MANY of you have been waiting for -- our sincerest thanks for your patience and continued support while we untangled the Console's internals, allowing us to implement this feature. To ensure that we don't break any existing behaviors, you'll need to enable the 'Use Ctrl+Shift+C/V as Copy/Paste' option in the Console 'Options' properties page,' says Rich Turner, Microsoft.

Security

Linux: Beep Command Can Be Used to Probe for the Presence of Sensitive Files (bleepingcomputer.com) 109

Catalin Cimpanu, writing for BleepingComputer: A vulnerability in the "beep" package that comes pre-installed with Debian and Ubuntu distros allows an attacker to probe for the presence of files on a computer, even those owned by root users, which are supposed to be secret and inaccessible. The vulnerability, tracked as CVE-2018-0492, has been fixed in recent versions of Debian and Ubuntu (Debian-based OS). At its core, the bug is a race condition in the beep utility that allows the OS to emit a "beep" sound whenever it is deemed necessary. Security researchers have discovered a race condition in the beep package that allows an attacker to elevate his code to root-level access.
Microsoft

Microsoft Open Source Tool Lets You 'Bring Your Own Linux' To Windows (microsoft.com) 135

Long-time Slashdot reader Billly Gates writes: Debian is now available in the Windows app store. It joins Ubuntu, Suse Leap, SuSe enterprise, and Kali Linux for those who cannot or do not want to bother with a virtual machine or a full install of the OS. However, it included stable 9.3. 9.4 is available from the repository if you run apt-get update and apt-get upgrade.
"Fedora is not yet available, although Microsoft has stated openly that it is working to make it so," reports Computer Weekly. And there's more: Microsoft has also provided an open source tool called Microsoft WSL/DistroLauncher for users who want to build their own Linux package where a particular distribution is either a) not available yet or b) is available, but the user wants to apply a greater degree of customisation to it than comes as standard.
Open Source

Vim Beats Emacs in 'Linux Journal' Reader Survey (linuxjournal.com) 195

The newly-relaunched Linux Journal is conducting its annual "Reader's Choice Awards," and this month announced the winners for Best Text Editor, Best Laptop, and Best Domain Registrar. Vim was chosen as the best editor by 35% of respondents, handily beating GNU Emacs (19%) Sublime Text (10%) and Atom (8%). Readers' Choice winner Vim is an extremely powerful editor with a user interface based on Bill Joy's 40-plus-year-old vi, but with many improved-upon features including extensive customization with key mappings and plugins. Linux Journal reader David Harrison points out another great thing about Vim "is that it's basically everywhere. It's available on every major platform."
For best laptop their readers picked Lenovo (32%), followed by Dell (25%) and System76 (11%). The ThinkPad began life at IBM, but in 2005, it was purchased by Lenovo along with the rest of IBM's PC business. Lenovo evolved the line, and today the company is well known as a geek favorite. Lenovo's ThinkPads are quiet, fast and arguably have one of the best keyboards (fighting words!). Linux Journal readers say Lenovo's Linux support is excellent, leaving many to ponder why the company doesn't ship laptops with Linux installed.
In February readers also voted on the best web browser, choosing Firefox (57%) over Chrome (17%) and Chromium (7%). And they also voted on the best Linux distribution, ultimately selecting Debian (33%), open SUSE (12%), and Fedora (11%).
Debian

Debian 9.4 Released (debian.org) 78

An anonymous reader quotes Debian.org: The Debian project is pleased to announce the fourth update of its stable distribution Debian 9 (codename "stretch"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems... Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old "stretch" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.
Phoronix adds that Debian 9.4 "has a new upstream Linux kernel release, various dependency fixes for some packages, an infinite loop fix in Glade, several CVE security fixes, a larger stack size for NTP, a new upstream release of their NVIDIA proprietary driver package, Python 3 dependency fixes, and other security fixes."
Windows

Ask Slashdot: Should We Worry Microsoft Will 'Embrace, Extend, and Extinguish' Linux? (betanews.com) 431

BrianFagioli writes: While there is no proof that anything nefarious is afoot, it does feel like maybe the Windows-maker is hijacking the Linux movement a bit by serving distros in its store. I hope there is no "embrace, extend, and extinguish" shenanigans going on.

Just yesterday, we reported that Kali Linux was in the Microsoft Store for Windows 10. That was big news, but it was not particularly significant in the grand scheme, as Kali is not very well known. Today, there is some undeniably huge news -- Debian is joining SUSE, Ubuntu, and Kali in the Microsoft Store. Should the Linux community be worried?

My concern lately is that Microsoft could eventually try to make the concept of running a Linux distro natively a thing of the past. Whether or not that is the company's intention is unknown. The Windows maker gives no reason to suspect evil plans, other than past negative comments about Linux and open source. For instance, former Microsoft CEO Steve Ballmer once called Linux "cancer" -- seriously.

Debian

Best Linux Distribution (linuxjournal.com) 215

Linux Journal: We started things off with Best Linux Distribution, and nearly 10,000 readers voted. The winner was Debian, with many commenting "As for servers, Debian is still the best" or similar. One to watch that is rising in the polls is Manjaro (7 percent), which is independently based on the Arch Linux. Manjaro is a favorite for Linux newcomers and is known for its user-friendliness and accessibility. And, now for the top three LJ winners: Debian (33 percent), openSUSE (12 percent), and Fedora (11 percent).
Nintendo

Hackers Manage To Run Linux On a Nintendo Switch (techcrunch.com) 119

Romain Dillet reports via TechCrunch: Hacker group fail0verflow shared a photo of a Nintendo Switch running Debian, a distribution of Linux. The group claims that Nintendo can't fix the vulnerability with future firmware patches. According to fail0verflow, there's a flaw in the boot ROM in Nvidia's Tegra X1 system-on-a-chip. When your console starts, it reads and executes a piece of code stored in a read-only memory (hence the name ROM). This code contains instructions about the booting process. It means that the boot ROM is stored on the chip when Nvidia manufactures it and it can't be altered in any way after that. Even if Nintendo issues a software update, this software update won't affect the boot ROM. And as the console loads the boot ROM immediately after pressing the power button, there's no way to bypass it. The only way to fix it would be to manufacture new Nvidia Tegra X1 chips. So it's possible that Nintendo asks Nvidia to fix the issue so that new consoles don't have this vulnerability.
Google

Google Moves To Debian For In-house Linux Desktop (zdnet.com) 142

Google has officially confirmed the company is shifting its in-house Linux desktop from the Ubuntu-based Goobuntu to a new Linux distro, the DebianTesting-based gLinux. From a report: Margarita Manterola, a Google Engineer, quietly announced Google would move from Ubuntu to Debian-testing for its desktop Linux at DebConf17 in a lightning talk. Manterola explained that Google was moving to gLinux, a rolling release based on Debian Testing. This move isn't as surprising as it first looks. Ubuntu is based on Debian. In addition, Google has long been a strong Debian supporter. In 2017, Debian credited Google for making [sic] "possible our annual conference, and directly supports the progress of Debian and Free Software." Debian Testing is the beta for the next stable version of Debian. With gLinux, that means it's based on the Debian 10 "Buster" test operating system. Google takes each Debian Testing package, rebuilds it, tests it, files and fixes bugs, and once those are resolved, integrates it into the gLinux release candidate. GLinux went into beta on Aug. 16, 2017.
Software

Slack Now Available As a Snap For Linux (betanews.com) 140

BrianFagioli writes: Today, yet another wildly popular program gets the Snap treatment, and quite frankly, it is arguably more significant than Spotify. What is it? Slack! Yes, Canonical announces that the ubiquitous communication app can be installed as a Snap. True, Slack was already available on the Linux desktop, but this makes installing it and keeping it updated much easier. "In adopting the universal Linux app packaging format, Slack will open its digital workplace up to an-ever growing community of Linux users, including those using Linux Mint, Manjaro, Debian, Fedora, OpenSUSE, Solus, and Ubuntu. Designed to connect us to the people and tools we work with every day, the Slack snap will help Linux users be more efficient and streamlined in their work. And an intuitive user experience remains central to the snaps' appeal, with automatic updates and rollback features giving developers greater control in the delivery of each offering," says Canonical.
Debian

Does Systemd Makes Linux Complex, Error-Prone, and Unstable? (ungleich.ch) 751

"Systemd developers split the community over a tiny detail that decreases stability significantly and increases complexity for not much real value." So argues Nico Schottelius, talking about his experiences as the CEO of a Swiss company providing VM hosting, datacenters, and high-speed fiber internet. Long-time Slashdot reader walterbyrd quotes Nico's essay: While I am writing here in flowery words, the reason to use Devuan is hard calculated costs. We are a small team at ungleich and we simply don't have the time to fix problems caused by systemd on a daily basis. This is even without calculating the security risks that come with systemd. Our objective is to create a great, easy-to-use platform for VM hosting, not to walk a tightrope...

[W]hat the Devuan developers are doing is creating stability. Think about it not in a few repeating systemd bugs or about the insecurity caused by a huge, monolithic piece of software running with root privileges. Why do people favor Linux on servers over Windows? It is very easy: people don't use Windows, because it is too complex, too error prone and not suitable as a stable basis. Read it again. This is exactly what systemd introduces into Linux: error prone complexity and instability. With systemd the main advantage to using Linux is obsolete.

The essay argues that while Devuan foisted another choice into the community, "it is not their fault. Creating Devuan is simply a counteraction to ensure Linux stays stable. which is of high importance for a lot of people."
Debian

Updated Debian Linux 9.3 and 8.10 Released (debian.org) 49

An anonymous reader writes: The Debian project is pleased to announce the third update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. The Debian project also announces the tenth update of its oldstable distribution Debian 8 (codename jessie).

Please note that the point release does not constitute a new version of Debian 9 or 8 but only updates some of the packages included. There is no need to throw away old jessie or stretch DVD/CD media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. This stable update adds a few important corrections to packages. New installation images will be available soon at the mirrors. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. One can use the apt command or apt-get command to apply updates. A step-by-step update guide is posted here.

Intel

Clear Linux Beats CentOS, openSUSE, and Ubuntu in (Enterprise) Benchmark Tests (phoronix.com) 136

An anonymous reader writes: Recently completed Linux distro benchmarks by Phoronix show Intel's Clear Linux is the most powerful on x86 hardware. A six-way, enterprise-focused Linux distro comparison show Clear Linux being the fastest with a Core i9 and Xeon systems, easily beating CentOS, openSUSE, and Ubuntu in a majority of the tests.

When doing an 11-way Linux distro boot test they also found Clear Linux easily booted the fastest followed by the Clear-inspired Solus distribution. Clear Linux does work on AMD hardware and works on Intel CPUs back to Sandy Bridge but leverages its speed from optimized compiler settings, specially built libraries capable of AVX instructions on supported systems, a specially tuned kernel configuration, and other optimizations/patches.

Debian 9.2 and Fedora 27 "ended up being dropped from this article due to data overload," the article concludes, "and those distributions really not offering anything really different in terms of the performance."
Wireless Networking

Every Patch For 'KRACK' Wi-Fi Vulnerability Available Right Now (zdnet.com) 140

An anonymous reader quotes a report from ZDNet: As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. In total, ten CVE numbers have been preserved to describe the vulnerability and its impact, and according to the U.S. Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. A list of the patches available is below. For the most up-to-date list with links to each patch/statement (if available), visit ZDNet's article.
Cellphones

Security, Privacy Focused Librem 5 Linux Smartphone Successfully Crowdfunded (softpedia.com) 82

prisoninmate shares a report from Softpedia: Believe it or not, Purism's Librem 5 security and privacy-focused smartphone has been successfully crowdfunded a few hours ago when it reached and even passed its goal of $1.5 million, with 13 days left. Librem 5 wants to be an open source and truly free mobile phone designed with security and privacy in mind, powered by a GNU/Linux operating system based on Debian GNU/Linux and running only Open Source software apps on top of a popular desktop environment like KDE Plasma Mobile or GNOME Shell. Featuring a 5-inch screen, Librem 5 is compatible with 2G, 3G, 4G, GSM, UMTS, and LTE mobile networks. Under the hood, it uses an i.MX 6 or i.MX 8 processor with separate baseband modem to offer you the protection you need in today's communication challenges, where you're being monitored by lots of government agencies.
Communications

Microsoft Releases 'Next Generation' Preview of Skype For Linux (skype.com) 92

BrianFagioli writes: Friday, Microsoft released a refreshed preview of Skype for Linux. There are both DEB and RPM packages available, making it easy to install on, say, Ubuntu, Debian, or Fedora. In fact, I successfully installed it on Pop!_OS earlier today. Believe it or not, the new interface is quite nice, making it something I could possibly enjoy using on my Linux machine.

"Great news for Skype for Linux users -- the next generation of Skype for Linux is launching!" says The Skype Team. "Starting today, you can download Skype Preview for Linux and start enjoying new features across all your devices -- including screen sharing and group chat. With Skype for Linux, you can take advantage of the screen sharing feature on your desktop screen. Now, you can share content with everyone on the call -- making it even easier to bring your calls to life and collaborate on projects."

Debian

OpenSource.com Test-Drives Linux Distros From 1993 To 2003 (opensource.com) 80

An anonymous reader quotes OpenSource.com: A unique trait of open source is that it's never truly EOL (End of Life). The disc images mostly remain online, and their licenses don't expire, so going back and installing an old version of Linux in a virtual machine and getting a precise picture of what progress Linux has made over the years is relatively simple... Whether you're new to Linux, or whether you're such an old hand that most of these screenshots have been more biographical than historical, it's good to be able to look back at how one of the largest open source projects in the world has developed. More importantly, it's exciting to think of where Linux is headed and how we can all be a part of that, starting now, and for years to come.
The article looks at seven distros -- Slackware 1.01 (1993), Debian 0.91 (1994), Jurix/S.u.S.E. (1996), SUSE 5.1 (1998), Red Hat 6.0 (1999), Mandrake 8.0 (2001), and Fedora 1 (2003). Click through for some of the highlights.
Debian

OpenSSL Support In Debian Unstable Drops TLS 1.0/1.1 Support (debian.org) 76

An anonymous reader writes: Debian Linux "sid" is deprecating TLS 1.0 Encryption. A new version of OpenSSL has been uploaded to Debian Linux unstable. This version disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2 as the only supported SSL/TLS protocol version. This will likely break certain things that for whatever reason still don't support TLS 1.2. I strongly suggest that if it's not supported that you add support for it, or get the other side to add support for it. OpenSSL made a release 5 years ago that supported TLS 1.2. The current support of the server side seems to be around 90%. I hope that by the time Buster releases the support for TLS 1.2 will be high enough that I don't need to enable them again. This move caused some concern among Debian users and sysadmins. If you are running Debian Unstable on server tons of stuff is going to broken cryptographically. Not to mention legacy hardware and firmware that still uses TLS 1.0. On the client side (i.e. your users), you need to use the latest version of a browser such as Chrome/Chromium and Firefox. The Older version of Android (e.g. Android v5.x and earlier) do not support TLS 1.2. You need to use minimum iOS 5 for TLS 1.2 support. Same goes with SMTP/mail servers, desktop email clients, FTP clients and more. All of them using old outdated crypto.

This move will also affect for Android 4.3 users or stock MS-Windows 7/IE users (which has TLS 1.2 switched off in Internet Options.) Not to mention all the mail servers out there running outdated crypto.

Open Source

Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk) 307

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Slashdot Top Deals