Long-time Slashdot reader sosume quotes the Register: Redox OS, written in Rust and currently under development, is only "a few months of work away" from self-hosting, meaning that the Rustc compiler would run on Redox itself, according to its creator Jeremy Soller...

Redox has a POSIX-compliant C library written in Rust, called relibc. It is Linux-compatible both at the syscall API level and at the syscall ABI (Application binary interface) level, subject to the same architecture.
The article notes that the OS's latest release was version 0.5 last March, arguing that it's "best described as experimental..."

"Still, if Rust continues to grow in popularity, its characteristics of safety and unimpeded performance seem ideal for creating a new operating system, so perhaps Redox will become more prominent."

SomeoneFromBelgium writes: Yesterday I spoke to a friend of mine who works for a company developing mostly integrated network solutions which are purely Linux-based. He complained that he was unable to convince his IT department to provide him and his fellow developers and testers with a Linux desktop. They stated that "it was more secure when using a VM".

We both agreed that the more likely problem is that the IT department is solely geared towards a Windows desktop environment and that they have neither the skills nor the inclination to support any other platform.

This got me wondering: is this also your experience?
I bet Slashdot's readers have stories to tell, with enlightening experiences in corporate workplaces over the years gone by. So feel free to share your thoughts, opinions, and anecdotes in the comments.

And is your company using Linux desktops?

Long-time Slashdot reader jaromil (Denis "Jaromil" Roio) writes: A few days ago Devuan ASCII 2.1 was announced and one update has been overlooked by most media outlets: our dbus patch to re-generate machine-id at every boot.

This patch matters for everyone's privacy and I hope more distributions will follow our example, let alone Debian. We are dealing with important privacy implications: non-consensual user tracking is illegal in many countries and is not even mentioned in the machine-id documentation so far.
"In theory, the machine-id should be a persistent identifier of the current host," explains the README documentation. "In practice, this causes some privacy concerns..."

diegocg writes: Linux 5.4 has been released, featuring the new kernel lockdown mode, intended to strengthen the boundary between UID 0 and the kernel; virtio-fs, a high-performance virtio driver which allows a virtualized guest to mount a directory that has been exported on the host; fs-verity, for detecting file tampering, like dm-verity, but works on files rather than block devices; dm-clone, which allows live cloning of dm targets; two new madvise() flags for improved app memory management on Android, support for new Intel/AMD GPUs, support for the exfat file system and removing the experimental status of the erofs file system; a new haltpoll cpuidle driver and governor that greatly improves performance for virtualized guests wanting to do guest-side polling in the idle loop; and blk-iocost, a new cgroup controller that attempts to calculate more accurately the cost of IO. As always, many other new drivers and improvements can be found in the changelog.

An anonymous reader writes: Called "Zorin OS 15 Lite," it is not only lightweight, but thanks to the Xfce desktop environment and integrated Flatpak support, it should be quite familiar to those switching from Windows. In fact, the developers are intentionally targeting existing Windows 7 users, as Microsoft's operating system will be unsupported beginning January 2020. Zorin OS 15 Lite, in comparison, is based on Ubuntu 18.04 LTS and supported until 2023! It even comes with the very modern Linux kernel 5.0. "With Zorin OS 15 Lite, we've condensed the full Zorin OS experience into a streamlined operating system, designed to run fast on computers as old as 15 years. With version 15, we've gone the extra mile to make the XFCE 4.14-based desktop feel familiar and user-friendly to new users, especially those moving away from Windows 7 leading up to the end of its support in January 2020. By pairing the most advanced and efficient software with a user-friendly experience, we've made it possible for anyone to extend the lifespan of their computers for years to come," explains the Zorin OS developers.

b-dayyy quotes Linux Security: A new and particularly troublesome ransomware variant has been identified in the wild. Dubbed NextCry, this nasty strain of ransomware encrypts data on NextCloud Linux servers and has managed to evade the detection of public scanning platforms and antivirus engines. To make matters worse, there is currently no free decryption tool available for victims.

Ransomware hunter and creator of ID Ransomware Michael Gillespie notes that the NextCry ransomware, which is a Python script compiled in a Linux ELF binary using pyInstaller, oddly uses Base64 to encode file names as well as the content of files which have already been encrypted. Gillespie has also confirmed that NextCry encrypts data using the AES algorithm with a 256-bit key.

The ransom note that NextCry victims receive reads "READ_FOR_DECRYPT", and demands 0.025 BTC for a victim's files to be unlocked.

"Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines," reports Bleeping Computer: The malware dubbed ACBackdoor is developed by a threat group with experience in developing malicious tools for the Linux platform based on the higher complexity of the Linux variant as Intezer security researcher Ignacio Sanmillan found. "ACBackdoor provides arbitrary execution of shell commands, arbitrary binary execution, persistence, and update capabilities," the Intezer researcher found.

Both variants share the same command and control (C2) server but the infection vectors they use to infect their victims are different: the Windows version is being pushed through malvertising with the help of the Fallout Exploit Kit while the Linux payload is dropped via a yet unknown delivery system... Besides infecting victims via an unknown vector, the Linux malicious binary is detected by only one of the anti-malware scanning engines on VirusTotal at the time this article was published, while the Windows one is detected by 37 out of 70 engines. The Linux binary is also more complex and has extra malicious capabilities, although it shares a similar control flow and logic with the Windows version...

ACBackdoor can receive the info, run, execute, and update commands from the C2 server, allowing its operators to run shell commands, to execute a binary, and to update the malware on the infected system.
The article warns that the Linux version will disguise itself as the Ubuntu UpdateNotifier utility, renaming its process as the Linux kernel thread [kworker/u8:7-ev].

An anonymous reader quotes a report from Forbes: Denver-based PC manufacturer and Pop!_OS Linux developer System76 plans to follow-up its custom Thelio desktop PC with an in-house laptop beginning next year, according to founder and CEO Carl Richell. During a recent interview, Richell was quick to emphasize that the entire process of designing, prototyping and iterating the final product could take two to three years. But the company is eager to break into this market and put the same signature "stamp" on its laptop hardware that graces its custom-built Thelio desktop.

System76 sells an extensive lineup of laptops, but the machines are designed by the likes of Sager and Clevo. The company doesn't merely buy a chassis and slap Pop!_OS on it, but Richell tells me he's confident that with the experience gained from developing Thelio -- and the recent investment into a factory at the company's Denver headquarters -- System76 is capable of building a laptop from the ground up that meets market needs and carries a unique value proposition. Richell says the company's first priority is locking down the aesthetic of the laptop and how various materials look and feel. It will simultaneously begin working on the supply chain aspects and speaking with various display and component manufacturers. System76 will design and build a U-class laptop first (basically an Ultrabook form factor like the existing Darter and Galago) and then evaluate what it might do with higher-end gaming and workstation notebooks with dedicated graphics.

Android is built on top of the Linux kernel, but it has always used a heavily-modified version with changes from OEMs, chip manufacturers like Qualcomm and MediaTek, and Google. There have been efforts over the years to close the gap between the two kernels, but now Google is getting more serious about it. From a report: At this year's Linux Plumbers Conference, Google engineers held talks about the company's efforts to get Android as close as possible to the mainline Linux kernel. Not only would this reduce technical overhead for Google and other companies, because they would no longer have to merge thousands of changes into each new Linux kernel version (and Google would no longer have to support Linux kernel versions for six years), but it could also benefit the Linux project as a whole. For example, the growing number of ARM-based Linux phones and computers could see improved performance and battery life. The first stage of this process is merging as many of Android's modifications as possible back into the mainline Linux kernel.

As of Feburary 2018, the Android common kernel (which OEMs make additional changes to) has over 32,000 insertions and over 1,500 deletions compared to mainline Linux 4.14.0. That's an improvement from a few years ago, when Android added over 60,000 lines of code on top of Linux. To show off how much progress has been made, Tom Gall, the director of the Linaro Consumer Group, brought a Xiaomi Pocophone on stage that was running Android 10 on top of a mainline Linux kernel. He told the audience, "there are major, major props to be given to the Google Kernel Team in particular for getting their code upstream so that we can boot devices with a mainline kernel." It's likely that some of the phone's features were non-functional (the battery percentage in the picture reads as 0%), but it's still impressive.

An anonymous reader quotes a report from ZDNet: In the latest Top 500 supercomputer ratings, the average speed of these Linux-powered racers is now an astonishing 1.14 petaflops. The fastest of the fast machines haven't changed since the June 2019 Top 500 supercomputer list. Leading the way is Oak Ridge National Laboratory's Summit system, which holds top honors with an HPL result of 148.6 petaflops. This is an IBM-built supercomputer using Power9 CPUs and NVIDIA Tesla V100 GPUs. In a rather distant second place is another IBM machine: Lawrence Livermore National Laboratory's Sierra system. It uses the same chips, but it "only" hit a speed of 94.6 petaflops.

Close behind at No. 3 is the Sunway TaihuLight supercomputer, with an HPL mark of 93.0 petaflops. TaihuLight was developed by China's National Research Center of Parallel Computer Engineering and Technology (NRCPC) and is installed at the National Supercomputing Center in Wuxi. It is powered exclusively by Sunway's SW26010 processors. Sunway's followed by the Tianhe-2A (Milky Way-2A). This is a system developed by China's National University of Defense Technology (NUDT). It's deployed at the National Supercomputer Center in China. Powered by Intel Xeon CPUs and Matrix-2000 accelerators, it has a top speed of 61.4 petaflops. Coming at No. 5, the Dell-built, Frontera, a Dell C6420 system is powered by Intel Xeon Platinum processors. It speeds along at 23.5 petaflops. It lives at the Texas Advanced Computing Center of the University of Texas. The most powerful new supercomputer on the list is Rensselaer Polytechnic Institute Center for Computational Innovations (CCI)'s AiMOS. It made the list in the 25th position with 8.0 petaflops. The IBM-built system, like Summit and Sierra, is powered by Power9 CPUs and NVIDIA V100 GPUs. In closing, ZDNet's Steven J. Vaughan-Nichols writes: "Regardless of the hardware, all 500 of the world's fastest supercomputers have one thing in common: They all run Linux."

Debian "is heading toward a new general resolution to decide at what level init systems other than systemd should be supported," reports LWN.net.

"I'm absolutely convinced we've reached a point where in order to respect the people trying to get work done, we need to figure out where we are as a project," writes Debian project leader Sam Hartman. "We can either decide that this is work we want to facilitate, or work that we as a project decide is not important."

LWN.net reports: The immediate motivation for a reconsideration would appear to be the proposed addition of elogind, a standalone fork of the systemd-logind daemon, to Debian. Elogind would provide support for systemd's D-Bus-based login mechanism -- needed to support small projects like the GNOME desktop -- without the need for systemd itself. The addition of elogind has been controversial; it is a difficult package to integrate for a number of reasons. Much of the discussion has evidently been carried out away from the mailing lists, but some context on the problem can be found in this bug report. In short: merging elogind appears to be complex enough that it would be hard to justify in the absence of a strong commitment to the support of non-systemd init systems. It seems possible that this commitment no longer exists across the distribution as a whole; the purpose of a general resolution would be to determine whether that is the case or not.

Unsurprisingly, Debian developers have a variety of opinions on this issue. This response from Russ Allbery is worth reading in its entirety. He argues that the 2014 decision (of which he was a part) never really nailed down the project's position toward other init systems. That was a necessary compromise at the time, he said, but it is causing stress now: "while I feel somewhat vindicated by the fact that this didn't immediately fall apart and has sort of worked, I think it's becoming increasingly untenable".... Josh Triplett zeroed in on one of the issues that is testing the init-system peace now. There is, he said, an increasingly long list of features that are only available with systemd, and application developers want to use those features... The responses to this argument took a couple of different approaches. Ted Ts'o described those features as "the 'embrace, extend, and extinguish' phenomenon of systemd which caused so much fear and loathing."
There's much more information in LWN.net's 1,600-word article -- but where do things stand now? Hartman posted a draft general resolution last week with three choices.

• Affirm init diversity
• Support "exploring" alternatives to systemd, "but believing sysvinit is a distraction in achieving that." [Marco d'Itri later noted that less than 1% of new installs use sysvinit]
• "Systemd without diversity as a priority." There would be no requirement to support anything but systemd in Debian.

"It should be noted, though, that this is explicitly a draft," concludes LWN.net. "It is likely to evolve considerably before it reaches the point where the project will vote on it."

Both Microsoft and the Linux kernel teams have added ways to disable support for Intel Transactional Synchronization Extensions (TSX). From a report: TSX is the Intel technology that opens the company's CPUs to attacks via the Zombieload v2 vulnerability. Zombieload v2 is the codename of a vulnerability that allows malware or a malicious threat actor to extract information processed inside a CPU, information to which they normally shouldn't be able to access due to the security walls present inside modern-day CPUs. This new vulnerability was disclosed earlier this week. Intel said it would release microcode (CPU firmware) updates -- available on the company's Support & Downloads center. But, the reality of a real-world production environment is that performance matters. Past microcode updates for other attacks, such as Meltdown, Spectre, Foreshadow, Fallout, and Zombieload v1, have been known to introduce performance hits of up to 40%. Seeing that all the CPU attacks listed above are not only theoretical but also hard to pull off, some companies don't see this performance hit as an option.

slack_justyb writes: Mozilla has been heavily invested in WebAssembly with Firefox, and today, the organization teamed up with a few others to form the new Bytecode Alliance, which aims to create "new software foundations, building on standards such as WebAssembly and WebAssembly System Interface (WASI)." Mozilla has teamed up with Intel, Red Hat, and Fastly to found the alliance, but more members are likely to join over time. The goal of the Bytecode Alliance is to create a new runtime environment and language toolchains which are secure, efficient, and modular, while also being available on as many platforms and devices as possible. The technologies being developed by the Bytecode Alliance are based on WebAssembly and WASI, which have been seen as a potential replacement for JavaScript due to more efficient code compiling, and the expanded capabilities of being able to port C and C++ code to the web. To kick things off, the founding members have already contributed a number of open-source technologies to the Bytecode Alliance, including Wasmtime, a lightweight WebAssembly runtime; Lucet, an ahead-of-time compiler; WebAssembly Micro Runtime; and Cranelift.

"Microsoft is bringing Edge to Linux, for all the Microsoft fans running Linux," jokes the headline at the Inquirer. ("We can just imagine the amount of bunting and party poppers that the Linux community has just ordered. After all, why wouldn't you want a browser from the company that you joined Linux to get away from?") And the headline at Liliputting quips that the Edge browser "is coming to Linux (whether you want it or not)," calling the move "the latest evidence that Microsoft's relationship to Linux has changed a lot in recent years.

But TechRadar had an even more sardonic headline. "Hell freezes over as Microsoft Edge comes to Linux." One other thing to consider is that the introduction of Edge to Linux is something of a thorny subject in that the folks who choose a Linux distro often do so to break away from the chains of Microsoft and Windows (or indeed Apple). So certainly some of the more fervent open source types out there may not welcome a Microsoft browser with open arms, and doubtless it will be regarded with suspicion in some quarters. No matter how much Microsoft has been banging the open source drum in many different ways in recent times.

That said, there will doubtless be Linux users who are curious, and may want to pick up a mainstream alternative to Firefox on Linux which, when compared to Chrome -- with its famous memory hogging antics -- makes a far preferable choice in some respects. Edge will also do streaming better (by default Chrome limits you to 720p when you're trying to watch a spot of Netflix). All the testing feedback about Edge has been pretty positive in the main thus far, too, so maybe that will persuade even doubters to at least consider it.

One thing's for sure: it will certainly be interesting to see the reaction Microsoft's browser gets when it is deployed to Linux.
Edge may face a rocky reception. "I am not feeling a tingling all over at the thought of Edge coming to Linux," posted one commenter on Beta News. "It's not really necessary to bring Linux down to the level of Windows 10."

But how do Slashdot's readers feel? What's your reaction to the news that Microsoft's Edge browser is coming to Linux?

Microsoft is planning to bring its Defender antivirus to Linux systems next year, reports ZDNet: Microsoft announced the brand change from Windows Defender to Microsoft Defender in March after giving security analysts the tools to inspect enterprise Mac computers for malware via the Microsoft Defender console.

Rob Lefferts, corporate vice president for Microsoft's M365 Security, told ZDNet that Microsoft Defender for Linux systems will be available for customers in 2020.
In October TechSpot reported that Defender placed in the top 10 among all major antivirus programs, narrowly beating established software like Bitdefender, Kaspersky, and Mcafee with an online protection rate of 99.96%, according to testing by independent lab AV-Comparative.

The latest version of Chrome OS, version 78, adds separate browser and device settings, click-to-call, and picture-in-picture support for YouTube. It also introduces virtual desktop support for the operating system with a feature called Virtual Desks. 9to5Google reports: Chrome is getting another cross-device sharing feature after "Send this page" widely rolled in September. With "click-to-call," you can right-click on phone number links -- like tel:800-800-8000 -- to have them sent to your Android device. It's quicker than manually entering those digits or transferring via email. Chrome OS 78 will separate browser and device settings. The former is accessible directly at chrome://settings and what opens when clicking "Settings" at the bottom of the Overflow menu in the top-right corner of any browser window. It opens as a tab and provides web-related preferences. Meanwhile, chrome://os-settings opens as its own window, and can be accessed from the quick settings sheet. It provides device options like Wi-Fi, Bluetooth, and Assistant in a white Material Theme UI with an icon in the launcher/app shelf.

YouTube for Android now supports picture-in-picture with Chrome OS 78. After starting a video in the mobile client, switching to another window, covering, or minimizing the app will automatically open a PiP in the bottom-right corner. Available controls include switching to audio, play/pause, and skipping to the next track. In the top-left, you can expand the window and a settings gear on the other side allows you to open system settings. Tapping in the center expands and returns you to the YouTube Android app. Chrome OS 78 simplifies the printing experience by automatically listing compatible printers without any prior setup required. There are also a number of Linux on Chrome OS enhancements in this version:

- Backups of Linux apps and files can now be saved to local storage, external drive, or Google Drive. That copy can be then restored when setting up a new computer.
- Crostini GPU support will be enabled by default for a "crisp, lower-latency experience."
- You'll be warned when using a Linux app that does not support virtual keyboard in tablet mode.

An anonymous reader quotes ZDNet: Linus Torvalds, Linux's creator, doesn't make speeches anymore. But, what he does do, and he did again at Open Source Summit Europe in Lyon France is have public conversations with his friend Dirk Hohndel, VMware's Chief Open Source Officer. In this keynote discussion, Torvalds revealed that he doesn't think he's a programmer anymore.

So what does the person everyone thinks of as a programmer's programmer do instead? Torvalds explained:

"I don't know coding at all anymore. Most of the code I write is in my e-mails. So somebody sends me a patch ... I [reply with] pseudo code. I'm so used to editing patches now I sometimes edit patches and send out the patch without having ever tested it. I literally wrote it in the mail and say, 'I think this is how it should be done,' but this is what I do, I am not a programmer."

So, Hohndel asked, "What is your job?" Torvalds replied, "I read and write a lot of email. My job really is, in the end, is to say 'no.' Somebody has to say 'no' to [this patch or that pull request]. And because developers know that if they do something that I'll say 'no' to, they do a better job of writing the code."

On Hackaday's hosting site Hackaday.io, an electrical engineer with a background in semiconductor physics argues that Linux's small market share is due to a lack of marketing: Not only does [Linux] have dominance when raw computing ability is needed, either in a supercomputer or a webserver, but it must have some ability to effectively work as a personal computer as well, otherwise Android wouldn't be so popular on smartphones and tablets. From there it follows that the only reason that Microsoft and Apple dominate the desktop world is because they have a marketing group behind their products, which provides customers with a comfortable customer service layer between themselves and the engineers and programmers at those companies, and also drowns out the message that Linux even exists in the personal computing realm...

Part of the problem too is that Linux and most of its associated software is free and open source. What is often a strength when it comes to the quality of software and its flexibility and customizablity becomes a weakness when there's no revenue coming in to actually fund a marketing group that would be able to address this core communications issue between potential future users and the creators of the software. Canonical, Red Hat, SUSE and others all had varying successes, but this illistrates another problem: the splintered nature of open-source software causes a fragmenting not just in the software itself but the resources. Imagine if there were hundreds of different versions of macOS that all Apple users had to learn about and then decide which one was the best for their needs...

I have been using Linux exclusively since I ditched XP for 5.10 Breezy Badger and would love to live in a world where I'm not forced into the corporate hellscape of a Windows environment every day for no other reason than most people already know how to use Windows. With a cohesive marketing strategy, I think this could become a reality, but it won't happen through passionate essays on "free as in freedom" or the proper way to pronounce "GNU" or the benefits of using Gentoo instead of Arch. It'll only come if someone can unify all the splintered groups around a cohesive, simple message and market it to the public.

Fedora 31 has just rolled out the door. From a report: Is it an exciting release? No, not really. Sure, enthusiasts will find themselves thrilled withe inclusion of the GNOME 3.34 desktop environment (with Qt Wayland by default), Linux 5.3 kernel, and Mesa 9.2, but otherwise, it is fairly boring. You know what? That's not a bad thing. In 2019, Fedora is simply a mature and stable operating system that only needs to follow an evolutionary path at this time -- not revolutionary. It stands alone as the world's best desktop Linux distribution. "Fedora 31 Workstation provides new tools and features for general users as well as developers with the inclusion of GNOME 3.34. GNOME 3.34 brings significant performance enhancements which will be especially noticeable on lower-powered hardware. Fedora 31 Workstation also expands the default uses of Wayland, including allowing Firefox to run natively on Wayland under GNOME instead of the XWayland backend as with prior releases," says The Fedora Project.

During his Open Source Summit Europe keynote speech, Greg Kroah-Hartman, the stable Linux kernel maintainer, said Intel CPU's security problems "are going to be with us for a very long time" and are "not going away." He added: "They're all CPU bugs, in some ways they're all the same problem," but each has to be solved in its own way. "MDS, RDDL, Fallout, Zombieland: They're all variants of the same basic problem." ZDNet reports: And they're all potentially deadly for your security: "RIDL and Zombieload, for example, can steal data across applications, virtual machines, even secure enclaves. The last is really funny, because [Intel Software Guard Extensions (SGX)] is what supposed to be secure inside Intel ships" [but, it turns out it's] really porous. You can see right through this thing." To fix each problem as it pops up, you must patch both your Linux kernel and your CPU's BIOS and microcode. This is not a Linux problem; any operating system faces the same problem.

OpenBSD, a BSD Unix devoted to security first and foremost, Kroah-Hartman freely admits was the first to come up with what's currently the best answer for this class of security holes: Turn Intel's simultaneous multithreading (SMT) off and deal with the performance hit. Linux has adopted this method. But it's not enough. You must secure the operating system as each new way to exploit hyper-threading appears. For Linux, that means flushing the CPU buffers every time there's a context switch (e.g. when the CPU stops running one VM and starts another). You can probably guess what the trouble is. Each buffer flush takes a lot of time, and the more VMs, containers, whatever, you're running, the more time you lose. "The bad part of this is that you now must choose: Performance or security. And that is not a good option," Kroah-Hartman said. He added: "If you are not using a supported Linux distribution kernel or a stable/long term kernel, you have an insecure system."