An anonymous reader quotes a report from ZDNet: For years, there's been a known security vulnerability hiding in the GNU C Library (glibc). This library, which is critical for Linux and many other operating systems and programs, had a dynamic memory management security hole that could be used for denial of service (DoS) attacks. Now, the security company, Check Point, has issued an open-source patch, which will make it much more difficult to exploit this memory allocation (malloc) problem. Check Point re-encountered this known problem when it discovered that so-called smart light bulbs could be used to hack into networks by exploiting unprotected single-linked-lists. The double-linked-list version of this problem had been fixed back in 2005 with Safe-Unlinking. But, the single-linked-list version, which is present in the memory primitive functions Fast-Bins and Thread Cache (TCache), remained vulnerable.

Now, the fix is in for this problem. This new built-in security mechanism is called Safe-Linking. It protects malloc by signing its single-linked-list pointers with random numbers derived from Linux's Address Space Layout Randomization (ASLR) functionality. Combined with memory chunk alignment integrity checks, it protects the memory pointers from hijacking attempts and thus the system itself. The patch is now being integrated with the most common standard C library implementation, glibc. Safe-Linking will be released in glibc 2.32 in August 2020. It's already up and running in glibc's popular embedded counterpart: uClibc-NG.

At Build 2020 today, Microsoft gave developers a slew of new tools to coax them into using Windows over macOS or Linux. From a report: Windows Terminal is now out of preview for enterprises, and Windows Subsystem for Linux (WSL) 2 is getting support for GPUs, Linux GUI apps, and a simplified install experience. Microsoft even released a Windows Package Manager in preview. Windows 10 runs on 1 billion monthly active devices (PCs, Xbox One consoles, and HoloLens devices), making it a massive platform for developers to target. [...] Microsoft today released Windows Terminal 1.0, which means it is stable for enterprise use. The open source application features multiple tabs, panes, tear-away windows, shortcuts, Unicode and UTF-8 character support, emojis, ligatures, extensions, GPU-accelerated text rendering engine, and custom themes, styles, and configurations. Windows Terminal is for users of PowerShell, Cmd, WSL, and other command-line tools. Microsoft also unveiled WSL improvements today, including support for GPUs, Linux GUI apps, and a simplified install experience. WSL is a compatibility layer for running Linux binary executables natively on Windows. Microsoft first shared it was working on WSL 2 a year ago at Build 2019. WSL 2 is slated to arrive in the next major Windows 10 update coming later this month (brilliantly called the Windows 10 May 2020 Update), but it won't have these new features. In the second half of the year, WSL 2 will get support for GPU compute workflows.

Huawei denied on Monday having any official involvement in an insecure patch submitted to the Linux kernel project over the weekend; patch that introduced a "trivially exploitable" vulnerability. From a report: The buggy patch was submitted to the official Linux kernel project via its mailing list on Sunday. Named HKSP (Huawei Kernel Self Protection), the patch allegedly introduced a series of security-hardening options to the Linux kernel. Big tech companies that heavily use Linux in their data centers and online services, often submit patches to the Linux kernel. Companies like Google, Microsoft, Amazon, and others have been known to have contributed code. On Sunday, the HKSP submission sparked interest in the Linux community as could signal Huawei's wish to possibly contribute to the official kernel. Due to this, the patch came under immediate scrutiny, including from the developers of Grsecurity, a project that provides its own set of security-hardening patches for the Linux kernel. In a blog post published on the same day, the Grsecurity team said that it discovered that the HKSP patch was introducing a "trivially exploitable" vulnerability in the kernel code -- if the patch was to be approved.

Tom's Hardware "put five of the most popular desktop environments up against each other in a no-holds-barred, seven-round face-off. We've rated GNOME, KDE, Cinnamon, Awesome and Regolith on a 10-point scale based on Installation, Applications, User Experience, User Documentation, Performance, Extensions and Configurability."

It's a good read, with a detailed and thoughtful 3,700-word analysis, especially about memory performance: When you use the standard desktops, Gnome and KDE, you will likely notice that you are using a lot of memory... If you haven't noticed yet, try running htop in a separate window while you try out your choices. You should see a substantial difference with Awesome, i3 and, if you are elite, dwm. The difference in memory footprint is staggering when you start measuring. GNOME starts with somewhere in the region of 3GB at boot. This can be trimmed down by serious tweaking, but not very much. In comparison, the Awesome window manager weighs in at around 600MB... You can put a lot of eye candy and daemons before you weigh down your system as much as the others...

Getting the advantage comes at a cost, though: you need to learn a few new habits to use Awesome desktop environment.
Among GNOME, KDE, and Cinnamon, the article ultimately calls KDE "the most polished... decorative and versatile of the bunch. This comes at a cost, though." Cinnamon has the best balance between extensions and ease of use, while it is also fast and responsive. At the same time, it is not that heavy on resources. You can also add a wide range of extensions in the shape of widgets that send you ongoing and updated information.

Regolith requires a bit more training, but it does set itself up for you so you can continue as you did with GNOME. Adding extensions and other gadgets is a bit more tricky, however... With Awesome you have to set up and practice to use it! It's easily the hardest in the group to get started with. When you are up and running, Awesome does deliver the most benefits from a resource point of view...

Overall Winner: Cinnamon...because of its strong combination of user experience, performance and customization.

Click through to read reactions and share your own thoughts. (And to see a short list of some of the article's other highlights.)

Inkscape, the free and open-source vector graphics editor, has released version 1.0 for Linux, Windows, and macOS. It comes after three years in development and over 16 years after Inkscape's initial release. BetaNews reports: "Built with the power of a team of volunteers, this open source vector editor represents the work of many hearts and hands from around the world, ensuring that Inkscape remains available free for everyone to download and enjoy. In fact, translations for over 20 languages were updated for version 1.0, making the software more accessible to people from all over the world. A major milestone was achieved in enabling Inkscape to use a more recent version of the software used to build the editor's user interface (namely GTK+3). Users with HiDPI (high resolution) screens can thank teamwork that took place during the 2018 Boston Hackfest for setting the updated-GTK wheels in motion," explains the developers.

The devs further explain, "The extensions system has undergone some fundamental changes in version 1.0. Over the years, Inkscape users have become used to working with third-party extensions, such as various ones used for laser cutting and exporting to file formats which are not a native part of Inkscape. While outreach to extension developers was undertaken as Inkscape migrates towards Python 3 and a more logical and fully tested extensions API (now hosted in a separate repository), not all third-party extensions have been brought forward to be compatible yet. This will mean that 1.0 may not allow some users to continue with their normal extensions workflow." The blog post, official release notes, and download page are available at their respective links.

Camel Pilot (Slashdot reader #78,781) writes: Leannart Poettering is proposing homed to alter the way Linux systems handle user management. All user information will be placed in a cryptographically signed JSON record, such as username, group membership, and password hashes. The venerable /etc/passwd and /etc/shadow will be a thing of the past. One of the claimed advantages will be home directory portability.

"Because the /home directory will no longer depend on the trifecta of systemd, /etc/passwd, and /etc/shadow, users and admins will then be able to easily migrate directories within /home," writes Jack Wallen at TechRepublic. "Imagine being able to move your /home/USER (where USER is your username) directory to a portable flash drive and use it on any system that works with systemd-homed. You could easily transport your /home/USER directory between home and work, or between systems within your company."

What is not clear is that for portability, systems would have to have identical user_id, group names, group_id, etc. And what mechanism is going to provide user authorization to login to a system?
"At the moment, systemd 245 is still in RC2 status," the article notes, adding "The good news, however, is that systemd 245 should be released sometime this year (2020).

"When that happens, prepare to change the way you manage users and their home directories."

The world's biggest PC company (in terms of shipments) now offers select models with Linux pre-installed. In doing so, it joins the existing club that includes Dell and other smaller players like Purism, ZaReason, and System76. From a report: If Linux has a special place in your heart, you will want to know Lenovo is partnering with the Fedora Project to give you your dream machine in the form of ThinkPad laptops that make it easy even for a newcomer to get started with Fedora. This is supposed to be a pilot program dubbed Linux Community Series -- Fedora Edition, which will include the ThinkPad P1 Gen2, ThinkPad X1 Gen8, ThinkPad P53, with the possibility that the company will expand the selection in the near future if it sees enough demand. These models will come with the newly released Fedora 32 Workstation Linux pre-installed, and will presumably be certified to play nice with it while only using first party repositories. That means the ThinkPad P53 and ThinkPad P1 Gen2 won't come with Nvidia drivers installed by default. However, that's easy to fix by downloading them from proprietary sources.

Today, Fedora 32 becomes available for download. From a report: It comes with GNOME 3.36 which you can read more about here. If you don't like GNOME, it isn't the end of the world -- you can instead choose KDE Plasma, Cinnamon, MATE, and more. There is even a special ARM variant of Fedora 32 that will work with Raspberry Pi devices. "Fedora 32 includes new features aimed at addressing issues facing modern developers and IT teams. Highlights include key updates to Fedora's desktop-focused edition, Fedora 32 Workstation, and a new computational neuroscience lab image, aimed at bringing those working in science fields to open source software. Each Fedora edition is designed to address specific use cases for modern developers and IT teams with Fedora Workstation and Fedora Server providing open operating systems built to meet the needs of forward-looking developers and server projects," says The Fedora Project development team.

Canonical has released the newest version of its Ubuntu Linux distribution, Ubuntu 20.04. This long-term-support (LTS) version is more than just the latest version of one of the most popular Linux distributions; it's a major update for desktop, server, and cloud users. From a news story: Called "Focal Fossa," it is an LTS version, meaning "Long Term Support." Just how long is that support? An impressive five years! Ubuntu 20.04 will feature many new visual cues and tweaks too thanks to a refreshed theme. "Ubuntu has become the platform of choice for Linux workstations. Canonical certifies multiple Dell, HP, and Lenovo workstations, and supports enterprise developer desktops. Machine learning and AI tools from a range of vendors are available immediately for Ubuntu 20.04 LTS, along with 6,000 applications in the Snapcraft Linux App Store including Slack, Skype, Plex, Spotify, the entire JetBrains portfolio and Visual Studio Code. WireGuard is a new, simplified VPN with modern cryptography defaults. WireGuard is included in Ubuntu 20.04 LTS and will be backported to Ubuntu 18.04 LTS to support widespread enterprise adoption," says Canonical.

Remember when BlackBerry reported Advanced Persistent Threat groups have been infiltrating critical Linux servers for at least eight years? What's the lesson to be learned?

LinuxSecurity Founder Dave Wreski argues "Although it may be easy to blame the rise in attacks targeting Linux in recent years on security vulnerabilities in the operating system as a whole, this is simply not the truth. The majority of exploits on Linux systems can be attributed to misconfigured servers and poor administration."

Writing for Linux Security, Slashdot reader b-dayyy gathered some additional responses: Some experts argue that it is the popularity of Linux that makes it a target. Joe McManus, Director of Security at Canonical, explains: "Linux and, particularly Ubuntu, are incredibly secure systems but, that being said, it is their popularity that makes them a target." Ian Thornton-Trump, a threat intelligence expert and the CISO at Cyjax, adds: "From an economic and mission perspective, it makes sense for a threat actor to invest in open-source skills for flexibility and the ability to target the systems where the good stuff is happening."

Despite the increasing number of threats targeting Linux systems, there is still a sound argument for the inherent security of Linux, which can be attributed to the core fundamentals of Open Source. Due to the transparency of open-source code and the constant scrutiny that this code undergoes by a vibrant global community, vulnerabilities are identified and remedied quicker than flaws that exist in the opaque source code of proprietary software and operating systems. Threat actors recognize this, and are still directing the majority of their attacks at proprietary operating systems.

These attacks do; however, serve as a much-needed wakeup call for the security community that more needs to be done to protect Linux servers. BlackBerry's report reveals that security solutions and defensive coverage available within Linux environments is "immature at best". Endpoint protection, detection and response products are inadequately utilized by too many Linux users, and endpoint solutions available for Linux systems are often insufficient in combating advanced exploits. Eric Cornelius, Chief Product Officer at BlackBerry, evaluates: "Security products and services that support Linux, offerings that might detect and give us insight into a threat like this, are relatively lacking compared to other operating systems, and security research about APT use of Linux malware is also relatively sparse."

Paul Cormier became Red Hat's new CEO this week -- while the entire company was working from home. He had to make his inaugural address to over 12,000 employees around the world using BlueJeans videoconferencing tools, reports a North Carolina newspaper: In some ways, Red Hat was well prepared to work through the disruptions of coronavirus. For years, the company has encouraged and accepted employees who have wanted to work from home. It's been a big part of its recruiting efforts, Cormier said. "Especially in engineering, our strategy has always been hire the best person, we don't care where they are."

That doesn't mean it has been unscathed. The company has had to change its sales and product conference this year into a virtual event and social isolation obviously puts a strain on relationships with customers. And while the company wouldn't give out an exact number of employees who have be infected by COVID-19, a spokeswoman for Red Hat said, "We have cases around the globe -- people who are presumed to be sick, people who are sick and, happily, people who have recovered."

Cormier said he's committed to taking care of the thousands of employees affected by work-from-home orders across the globe. Red Hat, he said, will pay all of its employees during this time regardless of whether "you're 140% productive or 40% productive."
Cormier also emphasized he's committed to keeping Red Hat a "totally, totally separate company" from IBM, saying that was agreed upon from the beginning with IBM's new CEO Arvind Krishna. "If we're not independent, then the other cloud guys won't feel safe working with us... Intel, for example, shares their road map, which is super top secret, with us five years in advance, because we have to build the OS to support all their features...." He also noted that Red Hat's finance, legal, communications and human resources teams are all separate from IBM. "IBM doesn't set our road map. We set our road map," he said.

Where the company has seen a lot of success together, though, is in combining sales efforts. In its last earnings call, IBM said Red Hat was seeing an increase in large deals worth more than $10 million after joining IBM. One of them was with Verizon, for example.

Linux malware is real and Advanced Persistent Threat (APT) groups have been infiltrating critical servers with these tools for at least eight years, according to a new report from BlackBerry. From a report: In "Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android," security researchers found that these groups have attacked companies around the world and across all industries with goals ranging from simple cybercrime to full-blown economic espionage. The RATs report describes how five APT groups are working with the Chinese government and the remote access trojans (RATs) the cybercriminals are using to get and maintain access to Linux servers.

According to the report, the groups appeared to be using WINNTI-style tooling to take aim at Linux servers and remain relatively undetected for almost a decade. These groups are targeting Red Hat Enterprise, CentOS, and Ubuntu Linux environments for espionage and intellectual property theft. The APT groups examined include the original WINNTI GROUP, PASSCV, BRONZE UNION, CASPER (LEAD), and a newly identified group BlackBerry researchers are tracking as WLNXSPLINTER. The BlackBerry researchers think all five groups are working together, given the distinct similarities in their preferred tools, tactics, and procedures.

Microsoft is planning to fully integrate Linux file access into the built-in File Explorer. The Verge reports: A new Linux icon will be available in the left-hand navigation pane in File Explorer, providing access to the root file system for any distros that are installed in Windows 10. The icon that will appear in File Explorer is the famous Tux, the penguin mascot for the Linux kernel. Microsoft is testing the Linux File Explorer integration in a new build of Windows 10 that's available for testers today. Previously, Windows 10 users would have to manually navigate to a UNC path to get access to Linux files from the Windows Subsystem for Linux (WSL). If you have WSL enabled, then the Tux will appear in File Explorer, and Microsoft is now seeking feedback on the integration before it's finalized as part of a future Windows 10 update. The software maker will ship this update to all Windows 10 users later this year.

Microsoft has revealed details about a new project it has been working on for Linux kernel. From a report: Named Integrity Policy Enforcement -- or IPE -- the project is a Linux security module (LSM). LSMs are optional add-ons for the Linux kernel that enable additional security features. According to a documentation page published on Monday, IPE is Microsoft's attempt to solve the code integrity problem for Linux -- an operating system the company broadly uses in its Azure cloud service. On Linux systems where IPE is enabled, system administrators can create a list of binaries that are allowed to execute and then add the verification attributes the kernel needs to check for each binary before allowing it to run. If binaries have been altered by an attacker, IPE can block the execution of the malicious code.

Linux 5.6 "has a bit more changes than I'd like," Linus Torvalds posted on the kernel mailing list, "but they are mostly from davem's networking fixes pulls, and David feels comfy with them. And I looked over the diff, and none of it looks scary..." TechRadar reports that the new changes include support for USB4 and GeForce RTX 2000 series graphics cards with the Nouveau driver: Yes, Turing GPU support has arrived with the open source Nouveau driver, along with the proprietary firmware images, as Phoronix.com reports. However, don't get too excited, as re-clocking doesn't work yet (getting the GPU to operate at stock clocks), and other important pieces of the puzzle are missing (like no Vulkan support with Nouveau). For the unfamiliar, Nouveau is an alternative to Nvidia's proprietary drivers on Linux, and although it remains in a relatively rough state in comparison, it's still good to see things progressing for Linux gamers with one of Nvidia's latest cards in their PC.

Linux 5.6 also introduces fresh elements on the AMD front, with better reset support for Navi and Renoir graphics cards (which helps the GPU recover if it hits a problem)... Another notable move is the introduction of WireGuard support, a newcomer VPN protocol which makes a potentially nifty alternative to OpenVPN.

Linux 5.6 also supports the Amazon Echo speaker, and naturally comes with a raft of other minor improvements...
Linus's post also notes that for the next release's timing they'll "play it by ear... It's not like the merge window is more important than your health, or the health of people around you." But he says he hasn't seen signs that the pandemic could affect its development (other than the possibility of distraction by the news).

"I suspect a lot of us work from home even normally, and my daughter laughed at me and called me a 'social distancing champ' the other day..."

An anonymous reader shares a report: Today, we learn some new details about the upcoming Linux Mint 20. While most of the newly revealed information is positive, there is one thing that is sure to upset many Linux Mint users. First things first, Linux Mint 20 will be based on the upcoming Ubuntu 20.04. This shouldn't come as a surprise, as Mint only uses Long Term Support versions of Ubuntu, and 20.04 will be an LTS. We also now know the name of Linux Mint 20. The Mint team always uses female names, and this time they chose "Ulyana." This is apparently a Russian name meaning "youthful." So far, all of the news is positive, so what exactly will upset some users? The Linux Mint developers are finally dropping 32-bit support and will only produce 64-bit ISOs.

couchslug shares an excerpt from Ars Technica: When software and operating system giant Microsoft announced its support for inclusion of the exFAT filesystem directly into the Linux kernel back in August, it didn't get a ton of press coverage. But filesystem vendor Paragon Software clearly noticed this month's merge of the Microsoft-approved, largely Samsung-authored version of exFAT into the VFS for-next repository, which will in turn merge into Linux 5.7 -- and Paragon doesn't seem happy about it. Yesterday, Paragon issued a press release about European gateway-modem vendor Sagemcom adopting its version of exFAT into an upcoming series of Linux-based routers. Unfortunately, it chose to preface the announcement with a stream of FUD (Fear, Uncertainty, and Doubt) that wouldn't have looked out of place on Steve Ballmer's letterhead in the 1990s.

Linus Torvalds himself "changed around the kernel's pipe code to use exclusive waits when reading or writing," reports Phoronix.

"While this doesn't mean much for traditional/common piping of data, the GNU Make job-server is a big benefactor as it relies upon a pipe for limiting the parallelism" -- especially on high-core-count CPUs.

This drew an interesting follow-up from Slashdot reader rockyb, who was wondering if anyone could verify that GNU Make 4.3 speeds up build times: I updated and released a fork of that called remake which includes hooks to profile a build, and has a complete debugger in it (although most of the time the better tracing that is in there is enough).

The most recent version has a feature though that I really like and use a lot which is adding an option to look in parent directories for a Makefile if none is found in the current directory.

You can download the source code from either github or sourceforge. Both have a full list of the release notes.

Sorry, at the time of this writing no packagers have picked up the newest release. Repology has a list of packages for older versions though.

Today, we get another diminutive desktop option, but this one is designed for Linux and privacy. From a report: Yes, Purism is finally launching a tiny desktop, and it will come pre-installed with the Debian-based PureOS. Called "Librem Mini," the cute bugger has 4 USB-A ports on the front, along with a 3.5mm audio jack, and the power button. On the rear, there are two more USB-A ports, a single USB-C port, Ethernet, HDMI, DisplayPort, and the power port. "Announcing the Purism Librem Mini. Our small form-factor mini-PC that puts freedom, privacy and security first. We're really excited about the Librem Mini, it's a device our community have wanted and we've wanted to offer for some time. The Librem Mini is accessible, small, light and powerful featuring a new 8th gen quad core i7 processor, up to 64 GB of fast DDR4 memory and 4k 60 fps video playback. It's a desktop for your home or oïfce, a media center for your entertainment, or an expandable home server for your files and applications," says Purism.

ZDNet reports that there'll be some changes in Microsoft's second version of the Windows Subsystem for Linux, WSL2: Microsoft has decided to remove the Linux kernel from the Windows OS image with WSL2. Instead, the company will deliver it to users' machines using Windows Update. Users will be able to manually check for new kernel updates by clicking the "Check for Updates" button or by waiting for Windows to do this automatically. "Our end goal is for this change to be seamless, where your Linux kernel is kept up to date without you needing to think about it. By default this will be handled entirely by Windows, just like regular updates on your machine," said Microsoft Program Manager Craig Loewen in a blog post today outlining the coming change...

When Microsoft first introduced WSL in Windows 10 in 2016 WSL was more of an Linux interface at that point designed in partnership with Canonical. But Microsoft has been busy rearchitecting WSL with WSL 2 so that it actually will provide a Microsoft-written Linux kernel running in a lightweight virtual machine that's based on the subset of Hyper V. Users can put basically any Linux distribution of their choice on that kernel.
Engadget reports that the new version "should load and run faster, with reduced memory consumption to free up your RAM for other tasks." And they also speculate about Microsoft's motivations.

"Now that Microsoft is less dependent on Windows sales and more on services like Azure, it benefits when it treats Linux like a first-class citizen."