International Business Machines (IBM) is acquiring software maker Red Hat in a deal valued at $34 billion, the companies said Sunday. From a report: The purchase, announced on Sunday afternoon, is the latest competitive step among large business software companies to gain an edge in the fast-growing market for Internet-style cloud computing. In June, Microsoft acquired GitHub, a major code-sharing platform for software developers, for $7.5 billion. IBM said its acquisition of Red Hat was a move to open up software development on computer clouds, in which software developers write applications that run on remote data centers. From a press release: This acquisition brings together the best-in-class hybrid cloud providers and will enable companies to securely move all business applications to the cloud. Companies today are already using multiple clouds. However, research shows that 80 percent of business workloads have yet to move to the cloud, held back by the proprietary nature of today's cloud market. This prevents portability of data and applications across multiple clouds, data security in a multi-cloud environment and consistent cloud management.

IBM and Red Hat will be strongly positioned to address this issue and accelerate hybrid multi-cloud adoption. Together, they will help clients create cloud-native business applications faster, drive greater portability and security of data and applications across multiple public and private clouds, all with consistent cloud management. In doing so, they will draw on their shared leadership in key technologies, such as Linux, containers, Kubernetes, multi-cloud management, and cloud management and automation. IBM's and Red Hat's partnership has spanned 20 years, with IBM serving as an early supporter of Linux, collaborating with Red Hat to help develop and grow enterprise-grade Linux and more recently to bring enterprise Kubernetes and hybrid cloud solutions to customers. These innovations have become core technologies within IBM's $19 billion hybrid cloud business. Between them, IBM and Red Hat have contributed more to the open source community than any other organization.

Swapnil Bhartiya, who runs the blog TFIR, had a chance to interview Linus Torvalds at Open Source Summit in the second half of August this year. (Some context: The interview, which was published this week, took place before Mr. Torvalds said he needs to take a step back to reflect on how he has dealt with the community over the years. Since then, we have learned that Mr. Torvalds is returning to his position.) In the wide-ranging interview, Mr. Torvalds has touched a wide-range of subjects, including formulating workarounds for the problematic hardware bugs (Meltdown, Spectre), and Chromebooks gaining traction (though it is still not a machine that he could use for his work yet). He also talked about companies gleaning a lot of data about their users, regulations, (a tad bit of politics), Linux community.

Greg Kroah-Hartman (aka Greg K-H) joined Mr. Bhartiya and Mr. Torvalds for the second half of the interview. On Sunday, Mr. Bhartiya published an additional interview of Mr. Kroah-Hartman.

The Register reports that a new security bug in systemd "can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box" by a malicious host on the same network segment as the victim. According to one Red Hat security engineer, "An attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution." According to the bug description, systemd-networkd "contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisements are received."

OneHundredAndTen shared this article from the Register: In addition to Ubuntu and Red Hat Enterprise Linux, systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the vulnerable component by default.

Systemd creator Leonard Poettering has already published a security fix for the vulnerable component -- this should be weaving its way into distros as we type. If you run a systemd-based Linux system, and rely on systemd-networkd, update your operating system as soon as you can to pick up the fix when available and as necessary.

Canonical is applauding what it calls "exceptional adoption" of snaps -- and has shared some new statistics about its whole "Snappy" software deployment and package management system. Long-time Slashdot reader AmiMoJo shared this article from Neowin: snaps are seeing 100,000 installs every day on cloud, server, container, desktop and on IoT devices, which works out to around three million installs each month. Of course, these statistics don't only take into account snap installs on Ubuntu, but other distributions too. Canonical said that snaps are supported on 41 Linux distributions including Ubuntu, Debian, Linux Mint, Arch Linux, Fedora, and many more...

Snap packages first launched alongside Ubuntu 16.04 which was released in 2016. They have several benefits over typical Linux packages, for example, their dependencies are bundled into the package making them easy to install, they get automatic updates and can be rolled back by the maintainer if issues arise, and they're sandboxed, giving the user more security.

An anonymous reader quotes a report from Bleeping Computer: A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment. The flaw is now identified as CVE-2018-14665 (credited to security researcher Narendra Shinde). It has been present in xorg-server for two years, since version 1.19.0 and is exploitable by a limited user as long as the X server runs with elevated permissions.

An advisory on Thursday describes the problem as an "incorrect command-line parameter validation" that also allows an attacker to overwrite arbitrary files. Privilege escalation can be accomplished via the -modulepath argument by setting an insecure path to modules loaded by the X.org server. Arbitrary file overwrite is possible through the -logfile argument, because of improper verification when parsing the option. Apart from OpenBSD, other operating systems affected by the bug include Debian and Ubuntu, Fedora and its downstream distro Red Hat Enterprise Linux along with its community-supported counterpart CentOS.

At Open Source Summit Europe in Edinburgh, Scotland, Linus Torvalds is meeting with Linux's top 40 or so developers at the Maintainers' Summit. This is his first step back in taking over Linux's reins. From a report: A little over a month ago, Torvalds stepped back from running the Linux development community. In a note to the Linux Kernel Mailing List (LKML), Torvalds said, "I need to change some of my behavior, and I want to apologize to the people that my personal behavior hurt and possibly drove away from kernel development entirely. I am going to take time off and get some assistance on how to understand people's emotions and respond appropriately." That time is over. Torvalds is back.

Whether he'll be a kinder and gentler Torvalds remains to be seen. In the Linux 4.19 announcement, Greg Kroah-Hartman, Linux's temporary leader and maintainer of the stable branch, wrote: "Linus, I'm handing the kernel tree back to you. You can have the joy of dealing with the merge window :)"

Ubuntu 18.10 Cosmic Cuttlefish, the latest version of Ubuntu, is now available to download. From a report: Under the hood, the Cosmic Cuttlefish boasts the 4.18 Linux Kernel. This updates comes with better support for for AMD and Nvidia GPU, USB Type-C and Thunderbolt, a way for unprivileged users to mount Filesystem in Userspace (FUSE) can be mounted by, and CPUfreq performance improvements. On top of this, you'll find the freshest version of GNOME 3.30. You can, of course, use other desktops, but GNOME, since Ubuntu 17.10, is Ubuntu's default desktop. You'll be glad to know that GNOME is faster than it has been for a while. That's because some nasty memory leaks have been patched. Canonical has also added some performance tweaks that didn't make it into the GNOME 3.30 upstream. Ubuntu 18.10 also comes with a new desktop theme, the Yaru Community theme installed by default, for your visual enjoyment. Further reading: Ubuntu 18.10: What's New? [Video]; Ubuntu 18.10 Review; and Ubuntu 18.10 Flavors Released, Ready to Download.

Earlier this week, Microsoft announced that it was joining the open-source patent consortium Open Invention Network (OIN). The press release the two shared this week was short on details on how the two organizations intend to work together and what does the move mean to, for instance, the billions of dollars Microsoft earns each year from its Android patents (since Google is a member of OIN, too.) Software Freedom Conservancy (SFC), a non-profit organization that promotes open-source software, has weighed in on the subject: While [this week's] announcement is a step forward, we call on Microsoft to make this just the beginning of their efforts to stop their patent aggression efforts against the software freedom community. The OIN patent non-aggression pact is governed by something called the Linux System Definition. This is the most important component of the OIN non-aggression pact, because it's often surprising what is not included in that Definition especially when compared with Microsoft's patent aggression activities. Most importantly, the non-aggression pact only applies to the upstream versions of software, including Linux itself.

We know that Microsoft has done patent troll shakedowns in the past on Linux products related to the exfat filesystem. While we at Conservancy were successful in getting the code that implements exfat for Linux released under GPL (by Samsung), that code has not been upstreamed into Linux. So, Microsoft has not included any patents they might hold on exfat into the patent non-aggression pact.

We now ask Microsoft, as a sign of good faith and to confirm its intention to end all patent aggression against Linux and its users, to now submit to upstream the exfat code themselves under GPLv2-or-later. This would provide two important protections to Linux users regarding exfat: (a) it would include any patents that read on exfat as part of OIN's non-aggression pact while Microsoft participates in OIN, and (b) it would provide the various benefits that GPLv2-or-later provides regarding patents, including an implied patent license and those protections provided by GPLv2 (and possibly other GPL protections and assurances as well).

An anonymous reader shares a report: Today, a very popular app, Plex Media Server, gets the Snap treatment. In other words, you can install the media server program without any headaches -- right from the Snap store. "In adopting the universal Linux app packaging format, Plex will make its multimedia platform available to an ever-growing community of Linux users, including those on KDE Neon, Debian, Fedora, Manjaro, OpenSUSE, Zorin and Ubuntu. Automatic updates and rollback capabilities are staples of Snap software, meaning Plex users will always have the best and latest version running," says Canonical.

jrepin writes: KDE has released Plasma 5.14 desktop. Among many other things, Plasma 5.14 simplifies managing multiple displays thanks to its new Display Configuration widget; Global Menus a la macOS now work also with GTK applications like GIMP; a new safeguard feature warns you if other users are logged in when you log out; and Discover now lets you install Snaps from all available channels (not just the default), orders software by release date, and shows package dependencies. Downloads can be found here.

"Linux runs the world, right? So we want to make sure that things are secure," says Linux kernel maintainer Greg Kroah-Hartman. When asked in a new video interview which bug makes them most angry, he first replies "the whole Spectre/Meltdown problem. What made us so mad, in a way, is we were fixing a bug in somebody else's layer!" One also interesting thing about the whole Spectre/Meltdown is the complexity of that black box of a CPU is much much larger than it used to be. Right? Because they're doing -- in order to eke out all the performance and all the new things like that, you have to do extra-special tricks and things like that. And they have been, and sometimes those tricks come back to bite you in the butt. And they have, in this case. So we have to work around that.
But a companion article on Linux.com notes that "Intel has changed its approach in light of these events. 'They are reworking on how they approach security bugs and how they work with the community because they know they did it wrong,' Kroah-Hartman said." (And the article adds that "for those who want to build a career in kernel space, security is a good place to get started...")

Kroah-Hartman points out in the video interview that "we're doing more and more testing, more and more builds," noting "This infrastructure we have is catching things at an earlier stage -- because it's there -- which is awesome to see." But security issues can persist thanks to outside vendors beyond their control. Linux.com reports: Hardening the kernel is not enough, vendors have to enable the new features and take advantage of them. That's not happening. Kroah-Hartman releases a stable kernel every week, and companies pick one to support for a longer period so that device manufacturers can take advantage of it. However, Kroah-Hartman has observed that, aside from the Google Pixel, most Android phones don't include the additional hardening features, meaning all those phones are vulnerable. "People need to enable this stuff," he said.

"I went out and bought all the top of the line phones based on kernel 4.4 to see which one actually updated. I found only one company that updated their kernel," he said. "I'm working through the whole supply chain trying to solve that problem because it's a tough problem. There are many different groups involved -- the SoC manufacturers, the carriers, and so on. The point is that they have to push the kernel that we create out to people."
"The good news," according to Linux.com, "is that unlike with consumer electronics, the big vendors like Red Hat and SUSE keep the kernel updated even in the enterprise environment. Modern systems with containers, pods, and virtualization make this even easier. It's effortless to update and reboot with no downtime."

At an event this month (you can find the video of it here), Davide Cavalca, a production engineer at Facebook, spoke about the growing adoption of systemd at the data centers of the company. From a report: Facebook continues making use of systemd's many features inside their data centers. Some of their highlights for systemd use in 2018 includes: Facebook's servers have been relying on systemd for about the past two years. Facebook is using CentOS 7 everywhere from hosts to containers. While relying on CentOS 7, Facebook backports a lot of packages including new systemd releases, Meson, other dependencies, and of course new Linux kernel releases. Facebook is working on "pystemd" as a Python (Cython) wrapper on top of SD-BUS.

Roughly three weeks ahead of the scheduled release of Ubuntu Linux 18.10 "Cosmic Cuttlefish", the latest major update for the popular Linux distro, beta of all of its flavors -- desktop, cloud and server -- is now available for download. From a report: Codenamed 'Cosmic Cuttlefish,' 18.10 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs," says Adam Conrad, Software Engineer, Canonical. Conrad further says, "This beta release includes images from not only the Ubuntu Desktop, Server, and Cloud products, but also the Kubuntu, Lubuntu, Ubuntu Budgie, UbuntuKylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu flavours. The beta images are known to be reasonably free of showstopper CD build or installer bugs, while representing a very recent snapshot of 18.10 that should be representative of the features intended to ship with the final release expected on October 18th, 2018." Further reading: Canonical Shares Desktop Plans For Ubuntu 18.10.

Michael Larabel, writing for Phoronix: Apple announced the Magic Trackpad 2 almost three years ago to the day while the mainline Linux kernel will finally be supporting this multi-touch device soon. The Magic Trackpad 2 is a wired/wireless touchpad with haptic feedback support and is a much larger touchpad compared to the original Magic Trackpad. There unfortunately hasn't been any mainline Linux kernel support for the Magic Trackpad 2, but some out-of-tree options. [...] However, as seen by this bug report there have been plenty of people since 2015 interested in using the Magic Trackpad 2 on Linux. Fortunately, Sean O'Brien of Google's Chrome OS team has been working on Magic Trackpad 2 support with a focus on getting it mainlined. The patch, which was also reviewed by other Google/ChromeOS developers, is now up to its third and perhaps final revision.

Brian Fagioli, writing for BetaNews: When you buy a System76 computer today, you aren't buying a machine manufactured by the company. Instead, the company works with other makers to obtain laptops, which it then loads with a Linux-based operating system -- Ubuntu or its own Pop!_OS. There's nothing really wrong with this practice, but still, System76 wants to do better. The company is currently working to manufacture its own computers ("handcrafted") right here in the USA. By doing this, System76 controls the entire customer experience -- software, service, and hardware.

This week, the company announces that the fruits of its labor -- an "open-source computer" -- will be available to pre-order in October. Now, keep in mind, this does not mean the desktop will be available next month. Hell, it may not even be sold in 2018. With that said, pre-ordering will essentially allow you to reserve your spot. To celebrate the upcoming computer, System76 is launching a clever animated video marketing campaign.

An anonymous reader quotes iTWire: Linux developers who contribute code to the kernel cannot rescind those contributions, according to the software programmer who devised the GNU General Public Licence version 2.0, the licence under which the kernel is released. Richard Stallman, the head of the Free Software Foundation and founder of the GNU Project, told iTWire in response to queries that contributors to a GPLv2-covered program could not ask for their code to be removed. "That's because they are bound by the GPLv2 themselves. I checked this with a lawyer," said Stallman, who started the free software movement in 1984.

There have been claims made by many people, including journalists, that if any kernel developers are penalised under the new code of conduct for the kernel project -- which was put in place when Linux creator Linus Torvalds decided to take a break to fix his behavioural issues -- then they would ask for their code to be removed from the kernel... Stallman asked: "But what if they could? What would they achieve by doing so? They would cause harm to the whole free software community. The anonymous person who suggests that Linux contributors do this is urging them to [use a] set of nuclear weapons in pique over an internal matter of the development team for Linux. What a shame that would be."
Slashdot reader dmoberhaus shared an article from Motherboard with more perspetives from Eric S. Raymond and LWN.net founder Jonathan Corbet, which also traces the origins of the suggestion. "[A]n anonymous user going by the handle 'unconditionedwitness' called for developers who end up getting banned through the Code of Conduct in the future to rescind their contributions to the Linux kernel 'in a bloc' to produce the greatest effect.

"It is worth noting that the email address for unconditionedwitness pointed to redchan.it, a now defunct message board on 8chan that mostly hosted misogynistic memes, many of which were associated with gamergate."

An anonymous reader shares a report: Three years ago, Mark Russinovich, CTO of Azure, Microsoft's cloud program, said, "One in four [Azure] instances are Linux." Then, in 2017, it was 40 percent Azure virtual machines (VM) were Linux. Today, Scott Guthrie, Microsoft's executive vice president of the cloud and enterprise group, said in an interview, "Slightly over half of Azure VMs are Linux. That's right. Microsoft's prize cloud, Linux, not Windows Server, is now the most popular operating system. Windows Server isn't going to be making a come back. Every month, Linux goes up," Guthrie said. And it's not just Azure users who are turning to Linux.

"Native Azure services are often running on Linux," Guthrie added. "Microsoft is building more of these services. For example, Azure's Software Defined Network (SDN) is based on Linux." It's not just on Azure that Microsoft is embracing Linux. "Look at our simultaneous release of SQL Server on Linux. All of our projects now run on Linux," Guthrie said.

Linus Torvalds oversees every line of code added to the Linux kernel, but in recent years the male-dominated community has become increasingly divided, reports BBC. Rows about sexism and rudeness led to the creation of a Code of Conflict (CoC) in 2015 which was short -- simply recommending people "be excellent to each other." That has now been replaced by a more detailed Code of Conduct -- which retains the acronym, but attempts to be more inclusive and eliminate insulting and derogatory comments and behaviour. Reader sinij writes: Recently Linux Community adopted a new controversial Code of Conduct authored by Contributor Covenant also known for authoring the Post-Meritocracy Manifesto. In an exclusive email interview with the BBC, Mr Torvalds shared his thoughts on his decision to temporarily step aside, the controversy behind the CoC, and the defects of the community he set up. His thoughts on CoC: The advantage of concentrating on technology is that you can have some mostly objective measures, and some basis for agreement, and you can have a very nice and healthy community around it all. I really am motivated by the technology, but the community around Linux has been a big positive too. But there are very tangible and immediate common goals in any technical project like Linux, and while there is occasionally disagreement about how to solve some particular issue, there is a very real cohesive force in that common goal of improving the project. And even when there are disagreements, people in the end often have fairly clear and objective measures of what is better. Code that is faster, simpler, or handles more cases naturally is just objectively 'better', without people really having to argue too much about it.

In contrast, the arguments about behaviour never seem to end up having a common goal. Except, in some sense, the argument itself. Have you read the Twitter feeds and other things by the people who seem to care more about the non-technical side? I think your 'hyped stories' is about as polite as you can put it. It's a morass of nastiness. Instead of a 'common goal', you end up with horrible fighting between different 'in-groups'. It's very polarising, and both sides love egging the other side on. It's not even a 'discussion', it's just people shouting at each other. That's actually the reason I for the longest time did not want to be involved with the whole CoC discussion in the first place. That whole subject seems to very easily just devolve and become unproductive. And I found a lot of the people who pushed for a CoC and criticised me for cursing to be hypocritical and pointless. I could easily point you to various tweet storms by people who criticise my 'white cis male' behaviour, while at the same time cursing more than I ever do.

So that's my excuse for dismissing a lot of the politically correct concerns for years. I felt it wasn't worth it. Anybody who uses the words 'white cis male privilege' was simply not worth my time even talking to, I felt. "And I'm still not apologising for my gender or the colour of my skin, or the fact that I happen to have the common sexual orientation. What changed? Maybe it was me, but I was also made very aware of some of the behaviour of the 'other' side in the discussion. Because I may have my reservations about excessive political correctness, but honestly, I absolutely do not want to be seen as being in the same camp as the low-life scum on the internet that think it's OK to be a white nationalist Nazi, and have some truly nasty misogynistic, homophobic or transphobic behaviour. And those people were complaining about too much political correctness too, and in the process just making my public stance look bad. And don't get me wrong, please -- I'm not making excuses for some of my own rather strong language. But I do claim that it never ever was any of that kind of nastiness. I got upset with bad code, and people who made excuses for it, and used some pretty strong language in the process. Not good behaviour, but not the racist/etc claptrap some people spout. So in the end, my 'I really don't want to be too PC' stance simply became untenable. Partly because you definitely can find some emails from me that were simply completely unacceptable, and I need to fix that going forward. But to a large degree also because I don't want to be associated with a lot of the people who complain about excessive political correctness.

The Fedora Project announced Tuesday the beta availability of Fedora 29 -- the latest version of the free and open-source Fedora OS. From a report: It features updated packages, improved support for Raspberry Pi, and more. "Highlighting Fedora 29 Beta is the addition of modularity across all Fedora editions. First delivered in Fedora 28 Server, modularity enables multiple versions of the same software (like Node.js) to be selected on a per-system basis, with parallel installation done through containers. This can provide some users the ability to use tried-and-true versions of software while enabling other users to work with just-released innovation without impacting the overall stability of the Fedora operating system," says Matthew Miller, Fedora Project Leader.

Miller further says, "The importance of ARM to IoT has not been lost on Fedora, and Fedora 29 Beta aims to make the Fedora operating system a home for both ARM and IoT. These features start with enhanced ZRAM support for swap on ARMv7 and aarch64, which can improve the performance and reliability of Fedora 29 Beta on ARM Single Board Computers, like the Raspberry Pi. These devices are used by 'makers' and in developmental IoT solutions."

An anonymous reader quotes MSPowerUser: Nearly every Linux distro is already available in the Microsoft Store, allowing developers to use Linux scripting and other tools running on the Windows Subsystem for Linux (WSL). Now another distro has popped up in the Store, and unlike the others it claims to be specifically optimised for WSL, meaning a smaller and more appropriate package with sane defaults which helps developers get up and running faster.

WLinux is based on Debian, and the developer, Whitewater Foundry, claims their custom distro will also allow faster patching of security and compatibility issues that appear from time to time between upstream distros and WSL... Popular development tools, including git and python3, are pre-installed. Additional packages can be easily installed via the apt package management system... A handful of unnecessary packages, such as systemd, have been removed to improve stability and security.
The distro also offers out of the box support for GUI apps with your choice of X client, according to the original submission.

WLinux is open source under the MIT license, and is available for free on GitHub. It can also be downloaded from Microsoft Store at a 50% discount, with the development company promising the revenue will be invested back into new features.