ZDNet reports: By and large, the public cloud runs on Linux. Most users, even Microsoft Azure customers, run Linux on the cloud. In the case of market giant Amazon Web Services (AWS), the cloud provider will let you run many Linux distros or their own homebrew Linux, Amazon Linux. Now, AWS has released an early version of its next distro, Amazon Linux 3, which is based on Red Hat's community Linux, Fedora.

AWS has long tried to incorporate Red Hat Enterprise Linux (RHEL) compatibility into Amazon Linux, but this latest release takes that to new heights. By using Fedora as its upstream, the new Amazon distro, also called AL2022, is a stable distribution. It's gone through extensive testing to offer package stability, and it also includes all available security updates....
TechRadar adds some more details: The distro has had two major releases till now; the first in 2010, and the second in 2017. However, with the third AL2022 release the service is committing to a two year release cycle, with each release supported for a period of five years... AWS argues that the two year major release cycle, with updates shipped quarterly via minor releases, will help keep the software current, while the five year support commitment for each major release will give customers the stability they need to manage long project lifecycles.

Years after its failed Steam Machines, Valve is slowly but surely improving the state of Linux gaming. From a report: The company's upcoming Steam Deck handheld runs atop Linux, and its Proton compatibility layer lets it -- and other computers -- play Windows games as well. Now, Valve has officially added support for Nvidia's DLSS machine learning temporal upscaling technique to Proton, potentially bringing big FPS boosts and less flicker in games that support the technology.

Proton 6.3-8 is the first stable release to include support for DLSS, after the feature previously hit experimental builds in October, though it appears you'll still need to set PROTON_ENABLE_NVAPI=1 and dxgi.nvapiHack = False to turn it on. DLSS won't come to the AMD-powered Steam Deck, of course, since it requires proprietary Nvidia machine learning silicon, but we recently learned the Steam Deck will support AMDâ(TM)s arguably much less capable FSR.

The north-German state of Schleswig-Holstein plans to switch to open source software..." reports Mike Saunders from LibreOffice.

"By the end of 2026, Microsoft Office is to be replaced by LibreOffice on all 25,000 computers used by civil servants and employees (including teachers), and the Windows operating system is to be replaced by GNU/Linux."

The tech site Foss Force writes: This seems to be a done deal, as the steps for the transition from proprietary to open have already been codified by the Schleswig-Holstein state parliament, and explained in plain language in an interview with Jan Philipp Albrecht, the state's digital minister, that was published in c't, a German language computer magazine (Google Translate version here). In the interview, Albrecht said that part of the transition to open source is already in the works, and pointed out that 90% of state administration conferencing is conducted using the open source video conferencing platform Jitsi.

"We have been testing LibreOffice in our IT department for two years, and our experience is clear: it works," he said. "This also applies, for example, when editing Microsoft Word documents with comments... No Linux distribution has been chosen yet to use as a standard, although Albrecht said they're currently looking at five distributions that suit their purposes.

shoor writes: As much as 38 percent of the Internet's domain name lookup servers are vulnerable to a new attack that allows hackers to send victims to maliciously spoofed addresses masquerading as legitimate domains, like bankofamerica.com or gmail.com. The exploit, unveiled in research presented today, revives the DNS cache-poisoning attack that researcher Dan Kaminsky disclosed in 2008. He showed that, by masquerading as an authoritative DNS server and using it to flood a DNS resolver with fake lookup results for a trusted domain, an attacker could poison the resolver cache with the spoofed IP address. From then on, anyone relying on the same resolver would be diverted to the same imposter site.

The sleight of hand worked because DNS at the time relied on a transaction ID to prove the IP number returned came from an authoritative server rather than an imposter server attempting to send people to a malicious site. The transaction number had only 16 bits, which meant that there were only 65,536 possible transaction IDs. Kaminsky realized that hackers could exploit the lack of entropy by bombarding a DNS resolver with off-path responses that included each possible ID. Once the resolver received a response with the correct ID, the server would accept the malicious IP and store the result in cache so that everyone else using the same resolver -- which typically belongs to a corporation, organization, or ISP -- would also be sent to the same malicious server.

"[N]ow, after SCO went bankrupt; court after court dismissing SCO's crazy copyright claims; and closing in on 20-years into the saga, the U.S. District Court of Utah has finally put a period to the SCO vs. IBM lawsuit," writes ZDNet's Steven J. Vaughan-Nichols. From the report: According to the Court, since: "All claims and counterclaims in this matter, whether alleged or not alleged, pleaded or not pleaded, have been settled, compromised, and resolved in full, and for good cause appearing, IT IS HEREBY ORDERED that the parties' Motion is GRANTED. All claims and counterclaims in this action, whether alleged or not alleged, pleaded or not pleaded, have been settled, compromised, and resolved in full, and are DISMISSED with prejudice and on the merits. The parties shall bear their own respective costs and expenses, including attorneys' fees. The Clerk is directed to close the action." Finally!

Earlier, the US Bankruptcy Court for the District of Delaware, which has been overseeing SCO's bankruptcy had announced that the TSG Group, which represents SCO's debtors, has settled with IBM and resolved all the remaining claims between TSG and IBM: "Under the Settlement Agreement, the Parties have agreed to resolve all disputes between them for a payment to the Trustee [TLD], on behalf of the Estates [IBM], of $14,250,000." In return, TLD gives up all rights and interests in all litigation claims pending or that may be asserted in the future against IBM and Red Hat, and any allegations that Linux violates SCO's Unix intellectual property. "While we're one step closer, the SCO lawsuits still live on just like one of those Halloween monsters that just won't die," concludes Vaughan-Nichols, noting the lawsuit Xinuos filed against IBM and Red Hat in March for allegedly copying their software code for its server operating systems. "But, in this go-around, there aren't many people in the audience."

Phoronix reports: System76's Pop!_OS Linux distribution already has their own "COSMIC" desktop that is based on GNOME, but moving ahead they are working on their own Rust-written desktop that is not based on GNOME or any existing desktop environment.

Stemming from a Reddit discussion over the possibility of seeing a KDE flavor of Pop!_OS, it was brought up by one of their own engineers they are working on their "own desktop". System76 engineer and Pop!_OS maintainer Michael Murphy "mmstick" commented that System76 will be its own desktop. When further poked about that whether that means a fork from GNOME, the response was "No it is its own thing written in Rust."

Word of System76 making their "own" desktop not based on GNOME does follow some recent friction between Pop!_OS and GNOME developers over their approach to theming and customizations.
Or, as Murphy wrote (in response to a later comment): What are you expecting us to do? We have a desktop environment that is a collection of GNOME Shell extensions which break every GNOME Shell release. Either we move towards maintaining tens of thousands of lines of monkey patches, or we do it the right way and make the next step a fully fledged desktop environment equal to GNOME Shell.
In other comments Murphy clarified that essentially the gist of it would be an independent/distro-agnostic desktop environment, and that they'd be "using tooling that already exists (mutter, kwin, wlroots), but implementing the surrounding shell in Rust from scratch..." And he added later that "We already do our best to follow freedesktop specifications with our software. So there's no reason to think we'd do otherwise."

One of the most interesting exchanges happened when one long-time Reddit user questioned the need for another desktop. That user had posted, "Linux is great, choices are great, but our biggest problem is that in the pursuit of choices for the sake of choices we have a ton of projects that are 95% of the way to prime time readiness, but none that are fully there, because instead of fixing problems, everyone decides they just want to start over."

Murphy responded: "You have it backwards. Choice is the best part about open source. None of us would be here today if people weren't brave enough to take the next step with a new solution to an existing problem..."

"Intel is gearing up to go to a war with Nvidia," writes Slashdot reader labloke11. "They have their OneAPI and their GPU. It will be interesting... For me, I like competition." Phoronix reports: While Intel Alder Lake is dominating today's news cycle, Intel and Microsoft also announced today that they have brought oneAPI Level Zero and Intel OpenCL support to Windows Subsystem for Linux (WSL2) while employing Intel graphics hardware acceleration. Similar to NVIDIA bringing CUDA and their accelerated GPU support to WSL2 as well as similar efforts by AMD on the Radeon side, Intel and Microsoft are now having Intel graphics compute working within the Linux confines on Windows 11 or Windows 10 21'H2. Hardware-accelerated oneAPI Level Zero, OpenVINO, and OpenCL on Intel graphics hardware can now be enjoyed within the WSL2 environment when using the latest updates and drivers. Like with the rest of the WSL2 stack and capabilities from other GPU vendors, this is at a near-native level of performance. More information can be found via the Microsoft Command Line blog and Intel blog.

Next year, IBM's Red Hat plans to cut back on hiring senior engineers in an effort aimed largely at controlling costs. The Register reports: An internal email sent on Wednesday by Timothy Cramer, SVP of software engineering, to Red Hat managers directs hiring requisitions to be made at a lower level of seniority than usual. "All new plan reqs should be opened at a level below senior (e.g., Associate Software Engineer or Software Engineer)," the message says. "While this change allows us to use our budget more effectively, it also helps us balance the organization as we have many engineers with senior titles. We recognize that this will mean we need to plan for training and mentoring, promotions, and internal mobility as well, and we are here to support you in that."

The hiring budget update also says that current requisitions and backfills -- positions vacated that need to be filled -- should be offered at a reduced level. "All current reqs and future backfills will be down-leveled by one level by default (e.g., Senior Software Engineer to Software Engineer)," the memo explained. [...] Our source expressed concern that this decision, which applies to new hires, will harm the company. If Red Hat is unable to offer competitive pay or hire senior people, our source suggested, that's likely to limit the company's access to talent and to make it more difficult to retain existing skilled employees. "The best talent wants to work with other like-minded and skilled people," our source said.

An anonymous reader quotes a report from ZDNet: LFX supports projects and empowers open source teams by enabling them to write better, more secure code, drive engagement, and grow sustainable software ecosystems," the Linux Foundation says. Now, to address the growing threat of software supply chain attacks, the foundation is upgrading its LFX Security module to deal with these attacks. Jim Zemlin, the Linux Foundation's executive director, announced this new tooling today at the Linux Foundation Membership Summit.

Enhanced and free to use, LFX Security makes it easier for open source projects to secure their code. Specifically, the LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing automated vulnerability detection capabilities. Software security firm BluBracket is contributing this functionality to the LFX as part of its mission to make software safer and more secure. This functionality builds on contributions from open source developer security company Snyk, helping make LFX the leading vulnerability detection platform for the open source community. [...] LFX Security will be further scaled out in 2022, helping to solve challenges for hundreds of thousands of critical open source projects under the Open Source Security Foundation. LFX Security is free and available now.

A year after releasing the first preview build of its Chromium-based Edge browser for Linux, Microsoft is announcing its general availability. From a report: The new release supports a variety of Linux distributions, including Ubuntu, Debian, Fedora and openSUSE. Microsoft announced Linux on Edge's availability milestone during the first day of its Ignite IT Pro conference. As of the release of Edge for Linux to the "stable" (mainstream user) channel, Edge is now available on Windows, Mac, iOS, Android and Linux. As it did when introducing the new Edge on macOS, Microsoft has been positioning Edge on Linux as more of an offering for IT pros and developers who want to test web sites than as a browser for "normal" users on those platforms. However, any user on any supported platform can use the new Edge.

Phoronix ran some fun performance tests this week. "Now that Windows 11 has been out as stable and the initial round of updates coming out, I've been running fresh Windows 11 vs. Linux benchmarks for seeing how Microsoft's latest operating system release compares to the fresh batch of Linux distributions." First up is the fresh look at the Windows 11 vs. Linux performance on an Intel Core i9 11900K Rocket Lake system... The Windows 11 performance was being compared to all of the latest prominent Linux distributions, including:

- Ubuntu 20.04.3 LTS
- Ubuntu 21.10
- Arch Linux (latest rolling)
- Fedora Workstation 35
- Clear Linux 35150

[...] Each operating system was cleanly installed and then run at its OS default settings for seeing how the out-of-the-box OS performance compares for these five Linux distributions to Microsoft Windows 11 Pro...

The geometric mean for all 44 tests showed Linux clearly in front of Windows 11 for this current-generation Intel platform. Ubuntu / Arch / Fedora were about 11% faster overall than Windows 11 Pro on this system. Meanwhile, Clear Linux was about 18% faster than Windows 11 and enjoyed about 5% better performance overall than the other Linux distributions.
Out of 44 tests, here's a breakdown of how many first-place wins were scored by each OS:

• Clear Linux: 33 (75%)
• Fedora Workstation 35: 4 (9.1%)
• Windows 11 Pro: 3 (6.8%)
• Ubuntu 20.04.3 LTS: 2 (4.5%)
• Arch Linux: 1 (2.3%)
• Ubuntu 21.10: 1 (2.3%)

Hive, a ransomware group that has hit over 30 organizations since June 2021, now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms. BleepingComputer reports: However, as Slovak internet security firm ESET discovered, Hive's new encryptors are still in development and still lack functionality. The Linux variant also proved to be quite buggy during ESET's analysis, with the encryption completely failing when the malware was executed with an explicit path. It also comes with support for a single command line parameter (-no-wipe). In contrast, Hive's Windows ransomware comes with up to 5 execution options, including killing processes and skipping disk cleaning, uninteresting files, and older files. The ransomware's Linux version also fails to trigger the encryption if executed without root privileges because it attempts to drop the ransom note on compromised devices' root file systems.

Phoronix: Now that Windows 11 has been out as stable and the initial round of updates coming out, I've been running fresh Windows 11 vs. Linux benchmarks for seeing how Microsoft's latest operating system release compares to the fresh batch of Linux distributions. First up is the fresh look at the Windows 11 vs. Linux performance on an Intel Core i9 11900K Rocket Lake system. Microsoft Windows 11 Pro with all stable updates as of 18 October was used for this round of benchmarking on Intel Rocket Lake. The Windows 11 performance was being compared to all of the latest prominent Linux distributions, including: Ubuntu 20.04.3 LTS, Ubuntu 21.10, Arch Linux (latest rolling), Fedora Workstation 35, Clear Linux 35150. All the testing was done on the same Intel Core i9 11900K test system at stock speeds (any frequency differences reported in the system table come down to how the information is exposed by the OS, i.e. base or turbo reporting) with 2 x 16GB DDR4-3200 memory, 2TB Corsair Force MP600 NVMe solid-state drive, and an AMD Radeon VII graphics card.

Each operating system was cleanly installed and then run at its OS default settings for seeing how the out-of-the-box OS performance compares for these five Linux distributions to Microsoft Windows 11 Pro. But for the TLDR version... Out of 44 tests run across all six operating systems, Windows 11 had just three wins on this Core i9 11900K system. Meanwhile Intel's own Clear Linux platform easily dominated with coming in first place 75% of the time followed by Fedora Workstation 35 in second place with first place finishes 9% of the time. The geometric mean for all 44 tests showed Linux clearly in front of Windows 11 for this current-generation Intel platform. Ubuntu / Arch / Fedora were about 11% faster overall than Windows 11 Pro on this system. Meanwhile, Clear Linux was about 18% faster than Windows 11 and enjoyed about 5% better performance overall than the other Linux distributions.

An indie developer has found an interesting observation: Though only 5.8% of his game's buyers were playing on Linux, they generated over 38% of the bug reports. Not because the Linux platform was buggier, either. Only 3 of the roughly 400 bug reports submitted by Linux users were platform specific, that is, would only happen on Linux. PC Gamer reports: The developer, posting as Koderski for developer Kodera Software on Reddit, makes indie game [Delta] V: Rings of Saturn -- that's Delta V, or DV, for the non-rocket-science-literate. [...] Koderski says he's sold a little over 12,000 copies of his game, and about 700 of those were bought by Linux players. "I got 1040 bug reports in total, out of which roughly 400 are made by Linux players," says Koderski's post. "That's one report per 11.5 users on average, and one report per 1.75 Linux players. That's right, an average Linux player will get you 650% more bug reports." Koderski's numbers are a limited sample size drawn from one person's experience, but tell a compelling story.

Koderski also says that very few of those bugs were specific to Linux, being clear that "This 5.8% of players found 38% of all the bugs that affected everyone." The bug reports themselves were also pretty high quality, he said, including software and OS versions, logs, and steps for replication. Multiple commenters on the post chalked this up to the kind of people who use Linux: Software professionals, IT employees, and engineers who would already be familiar with official bug reporting processes. It's a strong theory as to why this might be, though the sheer passion that the gaming on Linux community has for anyone who supports their favorite hobby may be another.

Luna (Slashdot reader #20,969) quotes the Devuan web site.

"Dear Friends and Software Freedom Lovers," its announcement begins: "Devuan Developers are delighted to announce the release of Devuan Chimaera 4.0 as the project's new stable release. This is the result of many months of painstaking work by the Team and detailed testing by the wider Devuan community."
This release is Based on Debian Bullseye (11.1) with Linux kernel 5.10, according to the announcement, and lets you choose your init system : sysvinit, runit, and OpenRC.

Another feature it's touting: Improved desktop support. "Virtually all desktop environments available in Debian are now part of Devuan, systemd-free."

Long-time Slashdot reader ArchieBunker writes: Everyone's favorite security focused operating system OpenBSD released version 7.0 Thursday. In addition to the usual bug fixes and performance enhancements, support for RISC-V processors has been added.
It's 26 years old, and still chugging along. One interesting feature highlighted by Phoronix: Improving the ARM64 platform support with improved drivers for the Apple Silicon / Apple M1 but still not considered ready yet for end-users. OpenBSD 7.0 improvements on the Apple M1 include support for installing on a disk with a GPT and various Apple driver improvements for USB, GPIO, SPMI, NVMe storage, and other Apple M1 hardware components.
Also check out the 7.0 Song: "The Style Hymn" (part of an archive of all the OpenBSD release songs).

Pine64 today announced its latest Linux-powered device, the PinePhone Pro, an update to the original PinePhone which sees a more powerful device running mainline Linux (Manjaro in this case) on a mobile device that works as a cellphone and a desktop computer. Tom's Hardware reports: This combination of hardware and software makes the still slightly futuristic idea of confluence between mobile and desktop devices seem a step closer. Carry it around with you, and it's a phone. Plug it into a monitor, and it's a desktop PC. The KDE Plasma Mobile front-end adapts to the circumstances. Inside, it's much like any other phone, with a Rockchip RK3399S six-core SoC operating at 1.5GHz, 4GB of dual-channel LPDDR4 RAM, and 128GB of internal eMMC flash storage. It features a 13MP main camera sensor and a 5MP front-facing camera. There's a Micro-SD slot for expanded storage, and a six-inch 1440 x 720 IPS touchscreen. The PinePhone Pro is not a typical cell phone, rather the concept of convergence, the ability to use your phone as a computer is intriguing. Plug your PinePhone Pro into an external display and use it as a low-power desktop computer is something that has been attempted by a number of companies, including Canonical's attempt with Ubuntu Edge.

PinePhone Pro offers something that is missing from the majority of phones, privacy. A series of hardware DIP-switches, hidden under a rear cover, cut off access to the cameras, microphone, Wi-Fi 5 and Bluetooth 4.1 chips, headphone jack, and LTE modem (including GPS) should you ever need to. The layout and Pogo Pins of the new phone are identical to the original PinePhone, so all existing accessories should work. Retailing at $399, the PinePhone Pro's makers are realistic about the challenges of putting desktop Linux on a mobile device, especially in an ecosystem dominated by iOS and Android.

Following a brief beta-testing period, Ubuntu 21.10 has finally become available to download in the "final" stable form. BetaNews: Code-named "Impish Indri," this version of Ubuntu is not a Long Term Support (LTS) version, so it is only supported for nine months. Ubuntu 21.10 features Linux kernel 5.13 and a Snap variant of the Mozilla Firefox browser. "Ubuntu 21.10 brings the all-new PHP 8 and GCC 11 including full support for static analysis, greatly improving everyday developer security awareness in low-level programming. With Gnome 40 desktop users gain dynamic workspaces and touchpad gestures. The new Firefox snap, published by Mozilla, improves security and guarantees access to both the latest and the extended support release versions of the browser. The exact same versions of the browser are available on multiple different versions of Ubuntu, simplifying enterprise developer platform management," says Canonical.

Microsoft has announced that new WSL features will be even easier to get in the future. From a report: The company has posted a preview version of WSL to the Microsoft Store so that Windows 11 users can download and update WSL independently of other Windows updates. Many of Windows' built-in apps have already moved to being updated through the Microsoft Store rather than through regular Windows Updates. This gives the company more flexibility when deciding when to update apps, though one side effect has been that many of Windows 11's pre-installed apps still haven't been fully updated for Windows 11. But long-term, it also means you don't need to wait for a new Windows update to benefit from updated apps. For WSL, this means you won't need to install major, potentially disruptive Windows updates (like, say, Windows 11) just to take advantage of new WSL additions.

Security Week reports: A previously unknown, modular malware family that targets Linux systems has been used in targeted attacks to collect credentials and gain access to victim systems, ESET reported on Thursday. Dubbed FontOnLake, the malware family employs a rootkit to conceal its presence and uses different command and control servers for each sample, which shows how careful its operators are to maintain a low profile.

What's more, the malware developers are constantly modifying the FontOnLake modules, and use three categories of components that have been designed to work together, namely trojanized applications, backdoors, and rootkits.

Evidence suggests that FontOnLake has been used in attacks aimed at organizations in Southeast Asia. The first malware samples related to this family emerged last May. The malware was previously described by Avast and Lacework as the HCRootkit / Sutersu Linux rootkit, as well as by Tencent Security Response Center in a February report.

The various trojanized applications that ESET's researchers have identified during their investigation are used to load custom backdoor or rootkit modules, but also to collect sensitive data when needed. Posing as standard Linux utilities, these files were also designed to achieve persistence on the compromised systems. What the researchers haven't figured out yet is the manner in which the trojanized applications are delivered to the victims. ESET's analysis of FontOnLake has revealed the use of three different backdoors, all written in C++, all using the same Asio library from Boost, and all capable of exfiltrating sshd credentials and bash command history.

The simplest of the three was designed to launch and mediate access to a local SSH server, update itself, and transmit collected credentials. The malware appears to be under development.
The second backdoor was also capable of file manipulation, updating itself, and uploading and downloading files, according to the article, while the third backdoor "accepts remote connections, serves as a proxy and can download and run Python scripts, in addition to exfiltrating credentials."