Bug

Botched npm Update Crashes Linux Systems, Forces Users to Reinstall (bleepingcomputer.com) 84

Catalin Cimpanu, reporting for BleepingComputer: A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot. Changing ownership of these files either crashes the system, various local apps, or prevents the system from booting, according to reports from users who installed npm v5.7.0. -- the buggy npm update. Users who installed this update -- mostly developers and software engineers -- will likely have to reinstall their system from scratch or restore from a previous system image.
Nintendo

Enthusiasts have Turned the Nintendo Switch into a Functional Linux Tablet (theverge.com) 96

An anonymous reader shares a report: A couple of weeks ago, the fail0verflow hacking collective showed a still image on Twitter of a Nintendo Switch booting Linux. They're one of a small handful of hacker teams who are teasing exploits of the Nvidia Tegra hardware inside the Switch. But now fail0verflow has video of a full-on Linux distro running on the hacked Switch, complete with touchscreen support, a fully operational web browser, and even a GPU-powered demo application. On Twitter, fail0verflow claims the bug they're exploiting to sidestep the Switch's security can't be patched on currently released hardware, and doesn't require a modchip. But as for now there aren't any details on how to do this yourself at home.
Software

Ask Slashdot: Could Linux Ever Become Fully Compatible With Windows and Mac Software? 353

dryriver writes: Linux has been around for a long time now. A lot of work has gone into it; it has evolved nicely and it dominates in the server space. Computer literate people with some tech skills also like to use it as their desktop OS. It's free and open source. It's not vendor-locked, full of crapware or tied to any walled garden. It's fast and efficient. But most "everyday computer users" or "casual computer buyers" still feel they have to choose either a Windows PC or an Apple device as the platform they will do their computing on. This binary choice exists largely because of very specific commercial list of programs and games available for these OSs that is not available for Linux.

Here is the question: Could Linux ever be made to become fully compatible with all Windows and Mac software? What I mean is a Linux distro that lets you successfully install/run/play just about anything significant that says "for Windows 10" or "for OSX" under Linux, without any sort of configuring or crazy emulation orgies being needed? Macs and PCs run on the exact same Intel/AMD/Nvidia hardware as Linux. Same mobos, same CPUs and GPUs, same RAM and storage devices. Could Linux ever be made to behave sufficiently like those two OSs so that a computer buyer could "go Linux" without any negative consequences like not being able to run essential Windows/Mac software at all? Or is Linux being able to behave like Windows and OSX simply not technically doable because Windows and OSX are just too damn complex to mimic successfully?
Ubuntu

Ubuntu Wants To Collect Data About Your System -- Starting With 18.04 LTS (fossbytes.com) 207

In an announcement on Ubuntu mailing list, Will Cooke, on behalf of the Ubuntu Desktop team, announced Canonical's plans to collect some data related to the users' system configuration and the packages installed on their machines. From a report: Before you read anything further, it's important to note that users will have the option to opt-out of this data collection. The company plans to add a checkbox to the installer, which would be checked by default. The option could be like: "Send diagnostics information to help improve Ubuntu." As per your convenience, you can opt-out during the installation. An option to do the same will also be made available in the Privacy panel of GNOME Settings. With this data collection, the team wishes to improve the daily experiences of the Ubuntu users. It's worth noting that the collected data will be sent over encrypted connections and no IP addresses will be tracked. To be precise, the collected data will include: flavour and version of Ubuntu, network connectivity or not, CPU family, RAM, disk(s) size, screen(s) resolution, GPU vendor and model, OEM manufacturer, location (based on the location selection made during install), no IP information, time taken for Installation, auto-login enabled or not, disk layout selected, third party software selected or not, download updates during install or not, livePatch enabled or not.
Debian

Best Linux Distribution (linuxjournal.com) 215

Linux Journal: We started things off with Best Linux Distribution, and nearly 10,000 readers voted. The winner was Debian, with many commenting "As for servers, Debian is still the best" or similar. One to watch that is rising in the polls is Manjaro (7 percent), which is independently based on the Arch Linux. Manjaro is a favorite for Linux newcomers and is known for its user-friendliness and accessibility. And, now for the top three LJ winners: Debian (33 percent), openSUSE (12 percent), and Fedora (11 percent).
Software

The Most Popular Linux Desktop Programs (zdnet.com) 228

The most recent Linux Questions poll results are in. Steven J. Vaughan-Nichols, writing for ZDNet: LinuxQuestions, one of the largest internet Linux groups with 550,000 members, has just posted the results from its latest survey of desktop Linux users. In the always hotly-contested Linux desktop environment survey, the winner was the KDE Plasma Desktop. It was followed by the popular lightweight Xfce, Cinnamon, and GNOME. If you want to buy a computer with pre-installed Linux, the Linux Questions crew's favorite vendor by far was System76. Numerous other computer companies offer Linux on their PCs. These include both big names like Dell and dedicated small Linux shops such as ZaReason, Penguin Computing, and Emperor Linux. Many first choices weren't too surprising. For example, Linux users have long stayed loyal to the Firefox web browser, and they're still big fans. Firefox beat out Google Chrome by a five-to-one margin. And, as always, the VLC media player is far more popular than any other Linux media player. For email clients, Mozilla Thunderbird remains on top. That's a bit surprising given how Thunderbird's development has been stuck in neutral for some time now. When it comes to text editors, I was pleased to see vim -- my personal favorite -- win out over its perpetual rival, Emacs. In fact, nano and Kate both came ahead of Emacs.
Software

'Razer Doesn't Care About Linux' (gnome.org) 377

An anonymous reader shares a blog post: Razer is a vendor that makes high-end gaming hardware, including laptops, keyboards and mice. I opened a ticket with Razor a few days ago asking them if they wanted to support the LVFS project by uploading firmware and sharing the firmware update protocol used. I offered to upstream any example code they could share under a free license, or to write the code from scratch given enough specifications to do so. This is something I've done for other vendors, and doesn't take long as most vendor firmware updaters all do the same kind of thing; there are only so many ways to send a few kb of data to USB devices. The fwupd project provides high-level code for accessing USB devices, so yet-another-update-protocol is no big deal. I explained all about the LVFS, and the benefits it provided to a userbase that is normally happy to vote using their wallet to get hardware that's supported on the OS of their choice. I just received this note on the ticket, which was escalated appropriately: "I have discussed your offer with the dedicated team and we are thankful for your enthusiasm and for your good idea. I am afraid I have also to let you know that at this moment in time our support for software is only focused on Windows and Mac." The post, written by Richard -- who has long been a maintainer of GNOME Software, PackageKit, GNOME Packagekit, points out that Razer executive Min-Liang Tan last year invited Linux enthusiasts to suggest ideas to help the company make the best notebook that supports Linux.
Nintendo

Hackers Manage To Run Linux On a Nintendo Switch (techcrunch.com) 119

Romain Dillet reports via TechCrunch: Hacker group fail0verflow shared a photo of a Nintendo Switch running Debian, a distribution of Linux. The group claims that Nintendo can't fix the vulnerability with future firmware patches. According to fail0verflow, there's a flaw in the boot ROM in Nvidia's Tegra X1 system-on-a-chip. When your console starts, it reads and executes a piece of code stored in a read-only memory (hence the name ROM). This code contains instructions about the booting process. It means that the boot ROM is stored on the chip when Nvidia manufactures it and it can't be altered in any way after that. Even if Nintendo issues a software update, this software update won't affect the boot ROM. And as the console loads the boot ROM immediately after pressing the power button, there's no way to bypass it. The only way to fix it would be to manufacture new Nvidia Tegra X1 chips. So it's possible that Nintendo asks Nvidia to fix the issue so that new consoles don't have this vulnerability.
Ubuntu

Ubuntu 18.04 LTS Could Come with Snap Apps Preinstalled (omgubuntu.co.uk) 139

Ubuntu 18.04 LTS 'Bionic Beaver' could ship with Snap apps installed by default. From a report: A proposal from Ubuntu developer Steve Langasek suggests that Snapcraft now stand as a 'first-class' alternative to traditional packages, making them ripe for inclusion. "As more software becomes available as snaps, we want to take advantage of this body of packages as part of the default Ubuntu experience," he writes. As part of his proposal -- which is just a suggestion for the moment, so don't get excited/angry -- Langasek wants to iron out policy and rules around seeded snap app. This is to ensure they are updated and maintained accordingly, inline with Ubuntu practice. While Snaps by default would be something of a first for the regular version Ubuntu, it wouldn't be a first in general. That honour goes to Ubuntu MATE 17.10, the first distro to ship with a preinstalled Snap app.
Open Source

LKRG: A Loadable Linux Kernel Module for Runtime Integrity Checking (bleepingcomputer.com) 36

An anonymous reader quotes BleepingComputer: Members of the open source community are working on a new security-focused project for the Linux kernel. Named Linux Kernel Runtime Guard (LKRG), this is a loadable kernel module that will perform runtime integrity checking of the Linux kernel. Its purpose is to detect exploitation attempts for known security vulnerabilities against the Linux kernel and attempt to block attacks. LKRG will also detect privilege escalation for running processes, and kill the running process before the exploit code runs.

Since the project is in such early development, current versions of LKRG will only report kernel integrity violations via kernel messages, but a full exploit mitigation system will be deployed as the system matures... While LKRG will remain an open source project, LKRG maintainers also have plans for an LKRG Pro version that will include distro-specific LKRG builds and support for the detection of specific exploits, such as container escapes. The team plans to use the funds from LKRG Pro to fund the rest of the project.

The first public version of LKRG -- LKRG v0.0 -- is now live and available for download on this page. A wiki is also available here, and a Patreon page for supporting the project has also been set up. LKRG kernel modules are currently available for main Linux distros such as RHEL7, OpenVZ 7, Virtuozzo 7, and Ubuntu 16.04 to latest mainlines.

Microsoft

Microsoft Releases Skype As a Snap For Linux (betanews.com) 166

BrianFagioli writes: While Microsoft has long been viewed as an enemy of the Linux community -- and it still is by some -- the company has actually transformed into an open source champion. One of Microsoft's biggest Linux contributions, however, is Skype -- the wildly popular communication software. By offering that program to desktop Linux users, Microsoft enables them to easily communicate with friends and family that aren't on Linux, thanks to its cross-platform support. Today, Microsoft further embraces Linux by releasing Skype as a Snap. This comes after two other very popular apps became available in Snap form -- Spotify and Slack.

"Skype is used by millions of users globally to make free video and voice calls, send files, video and instant messages and to share both special occasions and everyday moments with the people who matter most. Skype has turned to snaps to ensure its users on Linux, are automatically delivered to its latest versionupon release. And with snaps' roll-back feature, whereby applications can revert back to the previous working version in the event of a bug, Skype's developers can ensure a seamless user experience," says Canonical.

IBM

The SCO Vs IBM Zombie Shambles On (uscourts.gov) 127

Long-time Slashdot reader UncleJosh writes: At the end of last October, the 10th Circuit issued an opinion overturning the lower court's summary judgement in favor of IBM on one of SCO's claims, sending it back to the lower court for trial. Shortly thereafter, IBM filed for a re-hearing en banc. On January 2nd, the 10th circuit essentially denied IBM's request, issuing a slightly revised opinion with the same conclusions and result.
The charge being reheard accuses IBM of "stealing and improperly using [SCO's] source code to strengthen its own operating system, thereby committing the tort of unfair competition by means of misappropriation" -- though that charged is based on an implied duty that SCO says IBM incurred by entering into a development relationship with SCO. "SCO believes that IBM merely pretended to go along with the arrangement in order to gain access to Santa Cruz's coveted source code."

The court's 46-page document adds that "We are now almost fifteen years into this litigation."
Open Source

Linus Finally Releases Linux 4.15 Kernel, Blames Intel For Delay (phoronix.com) 55

An anonymous reader writes: Linus Torvalds has released Linux 4.15 following the lengthy development cycle due to the Spectre v2 and Meltdown CPU vulnerability mitigation work. This update comes with many kernel improvements including RISC-V architecture support, AMDGPU Display Code support, Intel Coffee Lake graphics support, and many other improvements.
"This obviously was not a pleasant release cycle, with the whole meltdown/spectre thing coming in in the middle of the cycle and not really gelling with our normal release cycle," Linus writes. "The extra two weeks were obviously mainly due to that whole timing issue... [T]he news cycle notwithstanding, the bulk of the 4.15 work is all the regular plodding 'boring' stuff. And I mean that in the best possible way. It may not be glamorous and get the headlines, but it's the bread and butter of kernel development, and is in many ways the really important stuff.

"Go forth and play with it, things actually look pretty good despite everything. And obviously this also means that the merge window for 4.16 is open... Hopefully we'll have a _normal_ and entirely boring release cycle for 4.16. Because boring really is good."
Open Source

Are the BSDs Dying? Some Security Researchers Think So (csoonline.com) 196

itwbennett writes: The BSDs have lost the battle for mindshare to Linux, and that may well bode ill for the future sustainability of the BSDs as viable, secure operating systems, writes CSO's JM Porup. The reason why is a familiar refrain: more eyeballs mean more secure code. Porup cites the work of Ilja von Sprundel, director of penetration testing at IOActive, who, noting the "small number of reported BSD kernel vulnerabilities compared to Linux," dug into BSD source code. His search 'easily' turned up about 115 kernel bugs. Porup looks at the relative security of OpenBSD, FreeBSD and NetBSD, the effect on Mac OS, and why, despite FreeBSD's relative popularity, OpenBSD may be the most likely to survive.
Operating Systems

Linux 4.15 Becomes Slowest Release Since 2011 (theregister.co.uk) 68

An anonymous reader shares a report: Linus Torvalds has decided that Linux 4.15 needs a ninth release candidate, making it the first kernel release to need that much work since 2011. Torvalds flagged up the possibility of an extra release candidate last week, with the caveat that "it obviously requires this upcoming week to not come with any huge surprises" after "all the Meltdown and Spectre hoopla" made his job rather more complicated in recent weeks. Fast-forward another week and Torvalds has announced "I really really wanted to just release 4.15 today, but things haven't calmed down enough for me to feel comfy about it."
The Media

LWN.Net Celebrates Its 20th Birthday (lwn.net) 24

Free software/Linux news site LWN.net just celebrated its 20th birthday, with publisher Jonathan Corbet calling the last two decades "an amazing journey." LWN published the first edition of their weekly newsletter on January 22, 1998, and Corbet (who also contributes to the Linux kernel) writes today that "It has been quite a ride. We in the free-software community set out to change the world, and we succeeded beyond our wildest expectations."

Here's how he described their second edition the next week... We were arguably helped by the lead news in that edition: Netscape's decision to open-source its "Communicator" web browser. That quickly brought the world's attention to open-source software, though that term would not be invented for a few months yet, and to Linux in particular. LWN was a shadow of what it is now, but it was evidently good enough to ride on that wave and establish itself as a part of the Linux community.
Corbet reviews the highlights. ("Companies discovered our little hobbyist system and invested billions into it, massively accelerating development at all levels of the system...") But he also adds that "Through all of this, we also got to learn some lessons about successfully running a community information source on the net." For the last 16 years the site has supported itself with $7.00-a-month subscriptions, offering early access to their Weekly Edition plus subscriber-only mailing lists, "allowing our content to quickly become part of the community record."

Plus, through events around the world, "we have met -- and become friends with -- many of our readers and many people in the community as a whole. This community is an amazing group of people; it has been a honor and a joy to be a part of it..."

"The free-software community's work is not done, and neither is ours. "
Intel

Linus Torvalds Calls Intel Patches 'Complete and Utter Garbage' (lkml.org) 507

An anonymous reader writes: On the Linux Kernel Mailing List, Linus Torvalds ended up responding to a long-time kernel developer (and former Intel engineer) who'd been describing a new microcode feature addressing Indirect Branch Restricted Speculation "where a future CPU will advertise 'I am able to be not broken' and then you have to set the IBRS bit once at boot time to *ask* it not to be broken."

Linus calls it "very much part of the whole 'this is complete garbage' issue. The whole IBRS_ALL feature to me very clearly says 'Intel is not serious about this, we'll have a ugly hack that will be so expensive that we don't want to enable it by default, because that would look bad in benchmarks'. So instead they try to push the garbage down to us. And they are doing it entirely wrong, even from a technical standpoint. I'm sure there is some lawyer there who says 'we'll have to go through motions to protect against a lawsuit'. But legal reasons do not make for good technology, or good patches that I should apply."

Later Linus says forcefully that these "complete and utter garbage" patches are being pushed by someone "for unclear reasons" -- and adds another criticism. The whole point of having cpuid and flags from the microarchitecture is that we can use those to make decisions. But since we already know that the IBRS overhead is huge on existing hardware, all those hardware capability bits are just complete and utter garbage. Nobody sane will use them, since the cost is too damn high. So you end up having to look at "which CPU stepping is this" anyway. I think we need something better than this garbage.
Desktops (Apple)

Ask Slashdot: What's the Fastest Linux Distro for an Old Macbook 7,1? 248

Long-time Slashdot reader gr8gatzby writes: I have an old beautiful mint condition white Macbook 7,1 with a 2.4Ghz Core 2 Duo and 5GB RAM. Apple cut off the upgrade path of this model at 10.6.8, while a modern-day version of any browser requires at least 10.9 these days, and as a result my browsing is limited to Chrome version 49.0.2623.112.

So this leaves me with Linux. What is the fastest, most efficient and powerful distro for a Mac of this vintage?

It's been nearly eight years since its release, so leave your best thoughts in the comments. What's the best Linux distro for an old Macbook 7,1?
Red Hat Software

Red Hat Reverts Spectre Patches to Address Boot Issues (bleepingcomputer.com) 78

An anonymous reader quotes BleepingComputer: Red Hat is releasing updates for reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot. "Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday. "The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd," Red Had added.

Instead, Red Hat is recommending that each customer contact their OEM hardware provider and inquire about mitigations for CVE-2017-5715 on a per-system basis. Besides Red Hat Enterprise Linux, other RHEL-based distros like CentOS and Scientific Linux are also expected to be affected by Red Hat's decision to revert previous Spectre Variant 2 updates, so these users will also have to contact CPU/OEM vendors.

At least one site "characterized the move as Red Hat washing its hands of the responsibility to provide customers with firmware patches," writes Data Center Knowledge, arguing instead that Red Hat "isn't actually involved in writing the firmware updates. It passes the microcode created by chipmakers to its users 'as a customer convenience.'" "What I would have said if they'd asked us ahead of time is that microcode is something that CPU vendors develop," Jon Masters, chief ARM architect at Red Hat, told Data Center Knowledge in a phone interview Thursday. "It's actually an encrypted, signed binary image, so we don't have the capability, even if we wanted to produce microcode. It's a binary blob that we cannot generate. The only people who can actually generate that are the CPU vendors."
Google

Google Moves To Debian For In-house Linux Desktop (zdnet.com) 142

Google has officially confirmed the company is shifting its in-house Linux desktop from the Ubuntu-based Goobuntu to a new Linux distro, the DebianTesting-based gLinux. From a report: Margarita Manterola, a Google Engineer, quietly announced Google would move from Ubuntu to Debian-testing for its desktop Linux at DebConf17 in a lightning talk. Manterola explained that Google was moving to gLinux, a rolling release based on Debian Testing. This move isn't as surprising as it first looks. Ubuntu is based on Debian. In addition, Google has long been a strong Debian supporter. In 2017, Debian credited Google for making [sic] "possible our annual conference, and directly supports the progress of Debian and Free Software." Debian Testing is the beta for the next stable version of Debian. With gLinux, that means it's based on the Debian 10 "Buster" test operating system. Google takes each Debian Testing package, rebuilds it, tests it, files and fixes bugs, and once those are resolved, integrates it into the gLinux release candidate. GLinux went into beta on Aug. 16, 2017.

Slashdot Top Deals