Researchers have discovered an advanced piece of Linux malware that has escaped detection bypasses antivirus products and appears to be actively used in targeted attacks. Ars Technica reports: HiddenWasp, as the malware has been dubbed, is a fully developed suite of malware that includes a trojan, rootkit, and initial deployment script, researchers at security firm Intezer reported on Wednesday. At the time Intezer's post went live, the VirusTotal malware service indicated Hidden Wasp wasn't detected by any of the 59 antivirus engines it tracks, although some have now begun to flag it. Time stamps in one of the 10 files Intezer analyzed indicated it was created last month. The command and control server that infected computers report to remained operational at the time this article was being prepared.

Some of the evidence analyzed -- including code showing that the computers it infects are already compromised by the same attackers -- indicated that HiddenWasp is likely a later stage of malware that gets served to targets of interest who have already been infected by an earlier stage. It's not clear how many computers have been infected or how any earlier related stages get installed. With the ability to download and execute code, upload files, and perform a variety of other commands, the purpose of the malware appears to be to remotely control the computers it infects. That's different from most Linux malware, which exists to perform denial of service attacks or mine cryptocurrencies. Some of the code appears to be borrowed from Mirai, while other code has similarities to other established projects or malware including the Azazel rootkit, the ChinaZ Elknot implant, and the recently discovered Linux variant of Winnti, a family of malware that previously had been seen targeting only Windows.

This week Phoronix marked a very special anniversary: Five years ago today was the story on Phoronix how the systemd source tree was approaching 550k lines so curiosity got the best of me to see how large is the systemd Git repository today. Well, now it's over 1.2 million lines.

After surpassing one million lines in 2017, when running GitStats on the systemd Git repository today it's coming in at 1,207,302 lines. Those 1.2 million lines are spread across 3,260 files and made over 40,057 commits from nearly 1,400 different authors... So far this year there have been 2,145 commits while last year saw 6,245 commits while 2016 and 2017 each saw less than four thousand commits total. Lennart Poettering continues being the most prolific contributor to systemd with more than 32% of the commits so far this year.

The letter is addressed to the maintainers of Linux distributions who elect to ship custom GTK and icons themes by default in lieu of upstream defaults. From a report: By publicizing the issues they feel stem from the practice of "theming" it's hoped that distros and developers might work together to create a "healthier GNOME third party app ecosystem." So what's the actual rub here? It often feels like the ability to control how our desktop looks and works is part of some unwritten Linux constitution, one we're all secret adherents to.

But theming on the GNOME platform isn't all it seems. It's not without complications or compromises. As superficial as these changes might seem, usability is actually more than skin deep. Now, elephant in the room time: many leading Linux distros use custom GTK themes and icon sets as a way create a brand identity for themselves; an experience that feels uniquely their own. This includes Ubuntu (with Ambiance and Yaru), Linux Mint (with Mint-X), Pop OS (with Pop GTK) and Manjaro.

Suren Enfiajyan writes: An Arch Linux based distribution, Antergos, has been discontinued. The project's primary goal was to make Arch Linux available to a wider audience of users by providing a streamlined, user friendly experience including a safe place for users to communicate, learn, and help one another. There have been 931,439 unique downloads of Antergos Linux since 2014. The primary reason for ending support for it was that the developers no longer have enough free time to properly maintain the distribution. They came to this decision because they believe that continuing to neglect the project would be a huge disservice to the community. Taking this action now, while the project's code still works, provides an opportunity for interested developers to take what they find useful and start their own projects.

For existing Antergos users: there is no need to worry about installed systems as they will continue to receive updates directly from Arch. Soon, an update will be released that will remove the Antergos repos from system along with any Antergos-specific packages that no longer serve a purpose due to the project ending. Once that is completed, any packages installed from the Antergos repo that are in the AUR will begin to receive updates from there. The Antergos Forum and Wiki will continue to be available until such time it becomes clear that users have moved on to other projects.

New submitter Nico Schottelius writes: It's 2019 -- who has switched to systemd, who hasn't and what can I use if I don't like systemd? Here's the answer in short.From the blog post: If you are reading this post you're very much likely not a fan of systemd already. So we won't preach on why systemd is bad, but today we'll focus more on what are the alternatives out there. Our approach is obviously not for settling for less but for changing things for the better. We have started the world after systemd project some time ago and the search isn't over. So what are the non-systemd distros out there? The author makes a case for why you should consider the suggested distros, but here's the list: Devuan, Alpine Linux, Artixlinux, Void, Slackware, Gentoo, and GNU GUIX.

jwhyche (Slashdot reader #6,192) shared this article from Sophos: Linux systems running kernels prior to 5.0.8 require patching after news emerged of a high-severity flaw that could be remotely exploited.

According to the NIST advisory, CVE-2019-1181 is a race condition affecting the kernel's rds_tcp_kill_sock in net/rds/tcp.c "leading to a use-after-free, related to net namespace cleanup." The RDS bit refers to systems running the Reliable Datagram Sockets (RDS) for the TCP module, which means only systems that run applications using this are affected.

The attention-grabbing part is that this opens unpatched systems to remote compromise and denial of service without the need for system privileges or user interaction. On the other hand, the attack complexity is described as 'high', and any such attack would need to be launched from the local network.

An anonymous reader shares a report: With just seven more months of support left for Windows 7, the South Korean government is planning to migrate to Linux, according to the Korea Herald, which notes that the Interior Ministry will begin "test-running Linux on its PCs, and if no security issues arise, Linux systems will be introduced more widely within the government. The Herald quotes the Interior Ministry as indicating that the transition to Linux, and the purchase of new PCs, would cost about 780 billion won ($655 million), but also anticipates long-term cost reductions with the adoption of Linux. The report doesn't mention a specific distro, instead "hopes to avoid building reliance on a single operating system." "Before the government-wide adoption, the ministry said it would test if the system could be run on private networked devices without security risks and if compatibility could be achieved with existing websites and software which have been built to run on Windows," the report stated.

An anonymous reader shares a report: Project Campfire turned up in the Chromium world this past August. The intent was to let a Chromebook boot not just into Chrome OS but directly into another operating system such as Linux or Windows. I thought the latter was a positive outcome since it would allow Chromebooks to natively run Windows desktop apps on a Chromebook, and add value to devices. Unfortunately, the project is shutting down. Spotted in code, there are comments and code removals that make it clear Project Campfire is being deprecated.

sfcrazy writes: Mark Shuttleworth, founder and CEO of Canonical, summed it in a few words: "I think the bigger challenge has been that we haven't invented anything in the Linux that was like deeply, powerfully ahead of its time." He also said that "if in the free software community we only allow ourselves to talk about things that look like something that already exists, then we're sort of defining ourselves as a series of forks and fragmentations." He added that it seems the desktop Linux people want to be angry at something. We wanted to do amazing things with Unity but the community won't let us do it, so here we are. He also commended Google folks for what they have built for Chrome OS.

"2019 is truly, finally shaping up to be the year of Linux on the desktop," writes PC World's senior editor, adding "Laptops, too!" But most people won't know it. That's because the bones of the open-source operating system kernel will soon be baked into Windows 10 and Chrome OS, as Microsoft and Google revealed at their respective developer conferences this week... Between lurking in Windows 10 and Chrome OS, and the tiny portion of actual Linux distro installs, pretty much any PC you pick up will run a Linux kernel and Linux software. Macs won't, but it's based on a Unix-like BSD system that already runs many Linux apps with relative ease (hence Apple's popularity with developers).

You have to wonder where that leaves proper Linux distributions like Ubuntu and Linux Mint, though. They already suffer from a minuscule user share, and developers may shift toward Windows and Chrome if the Linux kernels in those operating systems get the same job done. Could this fruit wind up poisonous over the long term? We'll have to see. That said, Linux is healthier than ever. The major distros are far more polished than they used to be, with far fewer hardware woes than installs of yesteryear. You can even get your game on relatively well thanks to Valve's Proton technology, which gets many (but not all) Steam games working on Linux systems. And hey, Linux is free.

Normal users may never be aware of it, but 2019 may finally be the year of Linux on the desktop -- just not Linux operating systems on the desktop.

An anonymous reader quote CRN: IBM chief executive Ginni Rometty and Microsoft CEO Satya Nadella shared the keynote-session stage with Red Hat CEO Jim Whitehurst at the 15th-year installment of the open-source technology event. Rometty talked up IBM's pending $34 billion acquisition of Red Hat and their future relationship. Nadella was there to help herald Azure Red Hat OpenShift, the new enterprise-grade Kubernetes platform that allows developers to run container-based applications on-premises and across Azure, Microsoft's public cloud. Microsoft will jointly manage the platform with Red Hat.

"The CEOs of (two of the) largest technology companies in the world on stage in the same keynote, and it's a Red Hat keynote," Whitehurst said. "Who would have expected that? Hopefully it says something about open source and our role, but it also certainly says something about those companies and their desire to serve customers and their desire to embrace open source."
During the presentation Red Hat's CEO told Microsoft's CEO, "To be blunt, five years ago we had, I guess to be polite, it would be called an adversarial relationship."

Earlier in the presentation, Microsoft CEO Satya Nadella had said, "Everything has a time," adding later that the Red Hat/Microsoft partnership "is driven by what I believe is fundamentally what our customers expect of us. They expect us to...really interoperate, be committed to open source."

Red Hat's chief marketing officer discovered their logo was rendering poorly in digital formats (especially on small devices like smartphones). But then they discovered even bigger problems in surveys (including with potential customers) about what feelings the logo evoked: Sinister. Secretive. Evil. Sneaky. These respondents might not have known anything about Red Hat, but they did believe that man lurking in the shadows didn't immediately inspire their trust. In their survey responses, they wondered who he was and what he was doing in the logo.... Our iconic logo -- including the partially veiled, fedora-wearing "Shadowman," as we Red Hatters affectionately call him -- wasn't squaring with the values we firmly believed the logo stands for...

When we decided to undertake an evolution of the Red Hat logo -- the first in nearly 20 years -- we set two guiding principles for ourselves. First, we'd do the work the Red Hat way, in the open. And second, we'd take this opportunity not just to improve our logo, but to make a bold statement about the ways Red Hat has evolved over its 26-year history... In December 2017, I announced our plans to update our look with a global invitation to collaborate. And since then, Red Hat's Brand team has been collecting feedback from customers and partners, coordinating work with well-known design consultancy Pentagram, poring over survey data, and iterating, iterating, iterating on the new design -- which we're now ready to unveil....

The new logo reflects Red Hat's evolution -- from a scrappy upstart "sneaking" into data centers with boxed copies of a Linux-based operating system (not to mention mugs and t-shirts) to the world's leading provider of open source solutions for enterprise hybrid cloud environments, someone working daily with the largest companies and agencies in the world to develop and run mission-critical solutions. We've truly stepped out of the shadows.

At Google I/O in Mountain View, Google said "all devices [Chromebook] launched this year will be Linux-ready right out of the box." From a report: In case you've missed it, last year, Google started making it possible to run desktop Linux on Chrome OS. Since then, more Chromebook devices are able to run Linux. Going forward, all of them will be able to do so, too. Yes. All of them. ARM and Intel-based.

diegocg writes: Linux 5.1 released has been released. The main feature in this release is io_uring, a high-performance interface for asynchronous I/O; there are also improvements in fanotify to provide a scalable way of watching changes on large file systems; it also adds a method to allow safe delivery of signals in presence of PID reuse; persistent memory can be used now as hot-plugabble RAM; Zstd compression levels have been made configurable in Btrfs; there is a new cpuidle governor that makes better power management decisions than the menu governor; all 32 bit architectures have added the necessary syscalls to deal with the y2038 problem; and live patching has added support for creating cumulative patches. There are many other features and new drivers in the changelog.

To not a lot of surprise compared to the world of proprietary graphics drivers on Windows where once the support is retired the driver releases stop, old open-source Linux OpenGL drivers are found to be better maintained. From a report: Blender developers working on shipping Blender 2.80 this July as the big update to this open-source 3D modeling software today rolled out the Linux GPU requirements for this next release. The requirements themselves aren't too surprising and cover NVIDIA GPUs released in the last ten years, AMD GCN for best support, and Intel Haswell graphics or newer. In the case of NVIDIA graphics they tend to do a good job maintaining their legacy driver branches. With the AMD Radeon and Intel graphics, Blender developers acknowledge older hardware may work better on Linux.

Canonical's real money comes from the cloud and Internet of Things, but AI and machine learning developers are demanding -- and getting -- Ubuntu Linux desktop with enterprise support. From a report: In a wide-ranging conversation at Open Infrastructure Summit, Mark Shuttleworth, founder of Ubuntu Linux and its corporate parent Canonical, said: "We have seen companies signing up for Linux desktop support, because they want to have fleets of Ubuntu desktop for their artificial intelligence engineers." This development caught Shuttleworth by surprise. "We're starting actually now to commercially support the desktop in a way that we've never been asked to before," he said. Of course, Ubuntu has long been used by developers, but Shuttleworth explained, "Previously, those were kind of off the books, under the table. You know, 'Don't ask don't tell deployments.' "But now suddenly, it's the AI team and they've got to be supported."

Fedora 30, the newest release of the venerable Linux distribution that serves (in part) as the staging environment for Red Hat Enterprise Linux, was released Tuesday, bringing with it a number of improvements and performance optimizations. From a report: he most exciting aspect, for workstation/desktop users at least, is the update to GNOME 3.32. Of course, that is hardly the only notable update -- the DNF package manager is getting a performance boost, for instance. In other words, this is a significant operating system upgrade that should delight both existing Fedora users and beginners alike. "Fedora 30 brings enhancements to all editions with updates to the common underlying packages, from bug fixes and performance tweaks to new versions. In Fedora 30, base updates include Bash shell 5.0, Fish 3.0, the GNU Compiler Collection (GCC) 9 and Ruby 2.6. Fedora 30 also now uses the zchunk format for data compression within the DNF repository. When metadata is compressed using zchunk DNF will only download the differences between earlier copies of metadata and the current versions, saving on resources and increasing efficiency," says The Fedora Project.

Red Hat technology evangelist Gordon Haff explains why it's hard to say exactly when the MIT license created. Citing input from both Jim Gettys (author of the original X Window System) and Keith Packard (a senior member on the X Windows team), he writes that "The best single answer is probably 1987. But the complete story is more complicated and even a little mysterious."

An anonymous reader quotes his article at OpenSource.com, which begins with the X Window System at MIT's "Project Athena" (first launched in 1983): X was originally under a proprietary license but, according to Packard, what we would now call an open source license was added to X version 6 in 1985... According to Gettys, "Distributing X under license became enough of a pain that I argued we should just give it away." However, it turned out that just placing it into the public domain wasn't an option. "IBM would not touch public domain code (anything without a specific license). We went to the MIT lawyers to craft text to explicitly make it available for any purpose. I think Jerry Saltzer probably did the text with them. I remember approving of the result," Gettys added.

There's some ambiguity about when exactly the early license language stabilized; as Gettys writes, "we weren't very consistent on wording." However, the license that Packard indicates was added to X Version 6 in 1985 appears to have persisted through X Version 11, Release 5. A later version of the license language seems to have been introduced in X Version 11, Release 6 in 1994... But the story doesn't end there. If you look at the license used for X11 and the approved MIT License at the Open Source Initiative (OSI), they're not the same. Similar in spirit, but significantly different in the words used.

The "modern" MIT License is the same as the license used for the Expat XML parser library beginning in about 1998. The MIT License using this text was part of the first group of licenses approved by the OSI in 1999. What's peculiar is that, although the OSI described it as "The MIT license (sometimes called called [sic] the 'X Consortium license')," it is not in fact the same as the X Consortium License. How and why this shift happened -- and even if it happened by accident -- is unknown. But it's clear that by 1999, the approved version of the MIT License, as documented by the OSI, used language different from the X Consortium License.
He points out that to this day, this is why "some, including the Free Software Foundation," avoid the term "MIT License" altogether -- "given that it can refer to several related, but different, licenses."

Scientific Linux, a 14-year-old operating system based on Red Hat Enterprise Linux (RHEL) and which was maintained by some significant members of the scientific community such as The Fermi National Accelerator Laboratory and CERN, is being discontinued. From a report: While current versions (6 and 7) will continue to be supported, future development has permanently ended, with the organizations instead turning to CentOS -- another distro based on RHEL. "Scientific Linux is driven by Fermilab's scientific mission and focused on the changing needs of experimental facilities. Fermilab is looking ahead to DUNE and other future international collaborations. One part of this is unifying our computing platform with collaborating labs and institutions," said James Amundson, Head of Scientific Computing Division, Fermi National Accelerator Laboratory.

"Red Hat is taking over maintenance responsibilities for OpenJDK 8 and OpenJDK 11 from Oracle," reports InfoWorld: Red Hat will now oversee bug fixes and security patches for the two older releases, which serve as the basis for two long-term support releases of Java. Red Hat's updates will feed into releases of Java from Oracle, Red Hat, and other providers... Previously, Red Hat led the OpenJDK 6 and OpenJDK 7 projects. Red Hat is not taking over OpenJDK 9 or OpenJDK 10, which were short-term releases with a six-month support window.