Hyundai has become the latest car company to explore serious open source alternatives for developing its in-car services. From a report: Ahead of CES 2019, the South Korean automotive giant today announced that it has joined the Linux Foundation and the nonprofit's seven-year-old Automotive Grade Linux (AGL) effort as it looks to contribute to -- and reap benefit from -- software developed by over 140 companies. For Hyundai, open collaboration is crucial as it pursues a "connected car vision," Paul Choo, VP and head of Infotainment Technology Center at Hyundai, said in a statement. Car companies have traditionally taken three years or longer to develop in-vehicle services, such as infotainment systems. The bottleneck usually lies in the quality of code their in-house programmers create. According to a case study published by AGL, a connected car uses some 100 million lines of code, which is about 11 times more than the number that went into the F-35 fighter jet. Getting on AGL's bandwagon would also help Hyundai speed up development of its in-car technologies.

One of the most refreshing aspects of Linux in 2018 was the popularity of Snaps. Canonical revealed that the containerized packages have been a smashing success. Today, the Ubuntu-maker highlights what it feels are the top 10 Snaps of 2018. From a report: "With 2018 drawing to a close, and many of us spending with family during the holiday season, I thought we'd take a look back over some of our favourite Linux applications in the Snap Store. Some have been in the store for over a year, and a few landed only recently, but they're all great," says Alan Pope, Canonical. [...] Canonical shares the Top 10 Snaps: Spotify, Slack, VLC, Nextcloud, Android Studio, Discord, Plex Media Server, Xonotic, Notepad++, and Shotcut.

MojoKid writes: ARM-based server processors have threatened to take on Intel in the data center for some time but not much has materialized thus far in terms of significant deployments. However, a new breed of low cost ARM server implementations may be in the works with a many-core platform called Banana Pi. The latest Banana Pi device being teased is something very different in the form of a 24-core ARM server that speculation suggests might be sold as a Banana Pi server board or as a finished server product.

A video has surfaced that reportedly shows a 24-core ARM Cortex-A53 processor with 32GB of RAM, though the OS only sees 29.4GB of that RAM. The OS is Ubuntu 18.04.1 LTS with MATE desktop. Unless the processor used in this device is something unannounced, and that seems unlikely, the chip itself would likely be a SocioNext SC2A11. The same processor is used in the Linaro Developer Box. The demo shows the server fully loaded at 100% CPU utilization building a Linux kernel and reportedly the system also supports NVMe storage as well as TensorFlow workloads for machine learning. Not much else is known about the system at this time but it's an interesting development in the Linux server space to be sure.

Linus Torvalds has announced the general availability of v4.20 of the Linux kernel. In a post to the Linux Kernel Mailing List, Torvalds said that there was no point in delaying the release of the latest stable version of the kernel just because so many people are taking a break for the holiday season. From a report: He says that while there are no known issues with the release, the shortlog is a little longer than he would have liked. However "nothing screams 'oh, that's scary'", he insists. The most notable features and changes in the new version includes: New hardware support! New hardware support includes bringing up the graphics for AMD Picasso and Raven 2 APUs, continued work on bringing up Vega 20, Intel has continued putting together its Icelake Gen 11 graphics support, there is support for the Hygon Dhyana CPUs out of China based upon AMD Zen, C-SKY 32-bit CPU support, Qualcomm Snapdragon 835 SoC enablement, Intel 2.5G Ethernet controller support for "Foxville", Creative Sound Blaster ZxR and AE-5 sound card support, and a lot of smaller additions.

Besides new hardware support when it comes to graphics processors, in the DRM driver space there is also VCN JPEG acceleration for Raven Ridge, GPUVM performance work resulting in some nice Vulkan gaming boosts, Intel DRM now has full PPGTT support for Haswell/IvyBridge/ValleyView, and HDMI 2.0 support for the NVIDIA/Nouveau driver. On the CPU front there are some early signs of AMD Zen 2 bring-up, nested virtualization now enabled by default for AMD/Intel CPUs, faster context switching for IBM POWER9, and various x86_64 optimizations. Fortunately the STIBP work for cross-hyperthread Spectre V2 mitigation was smoothed out over the release candidates that the performance there is all good now.

Btrfs performance improvements, new F2FS features, faster FUSE performance, and MDRAID improvements for RAID10 round out the file-system/storage work. One of the technical highlights of Linux 4.20 that will be built up moving forward is the PCIe peer-to-peer memory support for device-to-device memory copies over PCIe for use-cases like data going directly from NICs to SSD storage or between multiple GPUs.

Lubuntu, a popular Ubuntu flavor which announced earlier this year that it would stop supporting old hardware, is now dropping support for 32-bit x86 releases. BetaNews adds: "Lubuntu has been and continues to be the go-to Ubuntu flavor for people who want the most from their computers, especially older hardware that cannot handle today's workloads. However, the project and computing as a whole has drastically changed in many ways since its origin ten years ago. Computers have become faster, more secure, and most notably, have moved off of the traditional 32-bit i686 (generalized as i386 in Debian and Ubuntu) architecture," says Simon Quigley, Lubuntu.

Quigley further says , "As an increasing number of Linux distributions have focused their attention on the 64-bit x86 architecture (amd64) and not on i386, we have found that it is harder to support than it once was. With i386-only machines becoming an artifact of the past, it has become increasingly clear to the Lubuntu Team that we need to evaluate its removal from the architectures we support. After careful consideration, we regret to inform our users that Lubuntu 19.04 and future versions will not see a release for the i386 architecture. Please do note that we will continue to support Lubuntu 18.04 LTS i386 users as a first-class citizen until its End of Life date in April of 2021."

quantic_oscillation7 shares a report: The latest notes from the Debian anti-harassment team on Wednesday caught my attention when reading, "We were requested to advice on the appropriateness of a certain package in the Debian archive. Our decision resulted in the package pending removal from the archive." Curiosity got the best of me... What package was deemed too inappropriate for the Debian archive?

When digging further, the package raised to the Debian Anti-Harassment Team was "Weboob." Weboob is short for "Web Outside of Browsers" as it's an open-source collection of software to script and automate the parsing/scraping/gathering-via-API of web data so that it can be consumed by different modules/applications. Weboob.org describes itself as "Weboob is a collection of applications able to interact with websites, without requiring the user to open them in a browser. It also provides well-defined APIs to talk to websites lacking one."

Weboob is Python-based and offers Qt-based user interfaces for accessing these different modules for reading data from different web-sites outside of any conventional web browser. Those interested can learn more about the software at Weboob.org. But, yes, the name is juvenile and likely inappropriate in most professional/corporate environments.

Mark Wilson writes: Earlier in the year open-source software startup Whitewater Foundry brought WLinux to the Windows Subsystem for Linux (WSL). Not content with creating the first native Linux distribution for WSL, the company has now gone a step further, targeting enterprise users with WLinux Enterprise. Whitewater Foundry says that WLinux Enterprise is the first product to support the industry-standard Red Hat Enterprise Linux on Windows Subsystem for Linux.

140Mandak262Jamuna writes: CleanTechnica is reporting that someone hacked the infotainment system of a Tesla Model 3 and got root access and installed Linux distribution Ubuntu. Redditor trsohmers is able to show an Ubuntu command shell running alongside the Tesla OS. Since Tesla supports a browser that allows you to visit any site, could this be leveraged into remote hacks? It could also mean that if Tesla sells a long-range version of the Model 3, but limits it via software, people might try to remove the block. One could potentially get a 15-day trial of full self-driving for free and extend that 15-day window forever. At least he had some guts messing with $50,000 hardware that phones home all the time. Will Tesla brick his car to attempt to disprove the security issue?

An anonymous reader shared a report: It was just several years ago that the open-source ecosystem began supporting the x32 ABI, but already kernel developers are talking of potentially deprecating the support and for it to be ultimately removed..

[...] While the x32 support was plumbed through the Linux landscape, it really hasn't been used much. Kernel developers are now discussing the future of the x32 ABI due to the maintenance cost involved in still supporting this code but with minimal users. Linus Torvalds is in favor of sunsetting x32 and many other upstream contributors in favor of seeing it deprecated and removed.

In a report published last week by cyber-security firm ESET, the company detailed 21 "new" Linux malware families. All operate in the same manner, as trojanized versions of the OpenSSH client. From a report: They are developed as second-stage tools to be deployed in more complex "botnet" schemes. Attackers would compromise a Linux system, usually a server, and then replace the legitimate OpenSSH installation with one of the trojanized versions.

Seeking compliance with Linux's new Code of Conduct, Intel software engineer Jarkko Sakkinen recently requested comments on a set of changes to kernel code comments which Neowin described as "replacing the F-word with 'hug'. "

80 comments quickly followed on the Linux Kernel Maintainer's List: Several contributors responded to the alterations calling them insane. One wondered if Sakkinen was just trying to make a joke, and another called it censorship and said he'd refuse to apply any sort of patches like this to the code he's in charge of...

Some of the post-change comments read "Some Athlon laptops have really hugged PST tables", "If you don't see why, please stay the hug away from my code", and "Only Sun can take such nice parts and hug up the programming interface".
Eventually LWN.net publisher Jonathan Corbet deflated most of the controversy by pointing out that Linux's new Code of Conduct applies to future comments but clearly indicates that it does not apply explicitly to past comments.

And Jarkko Sakkinen acknowledged that he had missed that part of the discussion.

"2019 just might be the Year of Linux -- the year in which Linux is fully recognized as the powerhouse it has become," writes Network World's "Unix dweeb." The fact is that most people today are using Linux without ever knowing it -- whether on their phones, online when using Google, Facebook, Twitter, GPS devices, and maybe even in their cars, or when using cloud storage for personal or business use. While the presence of Linux on all of these systems may go largely unnoticed by consumers, the role that Linux plays in this market is a sign of how critical it has become. Most IoT and embedded devices -- those small, limited functionality devices that require good security and a small footprint and fill so many niches in our technology-driven lives -- run some variety of Linux, and this isn't likely to change. Instead, we'll just be seeing more devices and a continued reliance on open source to drive them.

According to the Cloud Industry Forum, for the first time, businesses are spending more on cloud than on internal infrastructure. The cloud is taking over the role that data centers used to play, and it's largely Linux that's making the transition so advantageous. Even on Microsoft's Azure, the most popular operating system is Linux. In its first Voice of the Enterprise survey, 451 Research predicted that 60 percent of nearly 1,000 IT leaders surveyed plan to run the majority of their IT off premises by 2019. That equates to a lot of IT efforts relying on Linux. Gartner states that 80 percent of internally developed software is now either cloud-enabled or cloud-native.
The article also cites Linux's use in AI, data lakes, and in the Sierra supercomputer that monitors America's nuclear stockpile, concluding that "In its domination of IoT, cloud technology, supercomputing and AI, Linux is heading into 2019 with a lot of momentum."

And there's even a long list of upcoming Linux conferences...

"The Linux Foundation and RISC-V Foundation announced yesterday a joint collaboration project to promote open source development and commercial adoption of the RISC-V instruction set architecture (ISA)," reports TechRepublic: Though some devices that integrate RISC-V will use real-time operating systems rather than Linux, the use of Linux in development will be instrumental as existing tools are being extended to support the RISC-V ISA when developing software on traditional computers. "This joint collaboration with the Linux Foundation will enable the RISC-V Foundation to offer more robust support and educational tools for the active RISC-V community, and enable operating systems, hardware implementations and development tools to scale faster," said Rick O'Connor, executive director of the RISC-V Foundation, in a press release.

In many ways, RISC-V is a hardware equivalent to the open source principles that guide the Linux project, as the ISA is open source, is not subject to patent encumbrances, and is available under the BSD license. [L]icensing fees for Arm or MIPS ISAs -- both of which are fundamentally RISC in principle -- can be avoided by using RISC-V.... As alternatives like Alpha, SuperH, MIPS, and even Intel's own Itanium processors have fallen by the wayside, organizations using those ISAs in their products have had difficult adjustment periods transitioning away, while patent encumbrances largely prevent third parties from continuing development or providing drop-in replacements for those technologies. RISC-V's open nature prevents these issues, as it is possible for any organization to extend or customize their own implementation, and any organization can produce their own RISC-V processors.
Manufacturers like how RISC-V CPUs aren't restricted to a single manufacturer, according to the article, which points out that NVIDIA and Western Digital have both announced plans to use RISC-V in some upcoming products.

RISC-V is also "gaining popularity in Internet of Things, low-power, and embedded applications," and Western Digital even plans to ultimately transition its annual consumption of processors -- one billion cores per yer -- to RISC-V.

Friday Greg Kroah-Hartman released stable point releases of Linux kernel 4.19.4, as well as 4.14.83 and 4.9.139. While they were basic maintenance updates, the 4.19.4 and 4.14.83 releases are significant because they also reverted the performance-killing Spectre patches (involving "Single Thread Indirect Branch Predictors", or STIBP) that had been back-ported from Linux 4.20, according to Phoronix:

There is improved STIBP code on the way for Linux 4.20 that by default just applies STIBP to SECCOMP threads and processes requesting it via prctl() but otherwise is off by default (that behavior can also be changed via kernel parameters). Once that code is ready to go for Linux 4.20, we may see it then back-ported to these stable trees.

Aside from reverting STIBP, these point releases just have various fixes in them as noted for 4.19.4, 4.14.83, and 4.9.139.
Last Sunday Linus Torvalds complained that the performance impact of the STIPB code "was clearly way more expensive than people were told," according to ZDNet: "When performance goes down by 50 percent on some loads, people need to start asking themselves whether it was worth it. It's apparently better to just disable SMT entirely, which is what security-conscious people do anyway," wrote Torvalds. "So why do that STIBP slow-down by default when the people who *really* care already disabled SMT?"

Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by. ZDNet reports: The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn't have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174. But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora of malicious features it includes. The trojan itself is a giant shell script of over 1,000 lines of code. This script is the first file executed on an infected Linux system. The first thing this script does is to find a folder on disk to which it has write permissions so it can copy itself and later use to download other modules. Once the trojan has a foothold on the system it uses one of two privilege escalation exploits CVE-2016-5195 (also known as Dirty COW) and CVE-2013-2094 to get root permissions and have full access to the OS.

At the OpenStack Summit in Berlin last week, Ubuntu Linux founder Mark Shuttleworth said in a keynote that Ubuntu 18.04 Long Term Support (LTS) support lifespan would be extended from five years to 10 years. "I'm delighted to announce that Ubuntu 18.04 will be supported for a full 10 years," said Shuttleworth, "In part because of the very long time horizons in some of industries like financial services and telecommunications but also from IoT where manufacturing lines for example are being deployed that will be in production for at least a decade." ZDNet reports: Ubuntu 18.04 released in April 2018. While the Ubuntu desktop gets most of the ink, most of Canonical's dollars comes from server and cloud customers. It's for these corporate users Canonical first extended Ubuntu 12.04 security support, then Ubuntu 14.04's support, and now, preemptively, Ubuntu 18.04. In an interview after the keynote, Shuttleworth said Ubuntu 16.04, which is scheduled to reach its end of life in April 2021, will also be given a longer support life span.

When it comes to OpenStack, Shuttleworth promised again to support versions of OpenStack dating back to 2014's IceHouse. Shuttleworth said, "What matters isn't day two, what matters is day 1,500." He also doubled-down on Canonical's promise to easily enable OpenStack customers to migrate from one version of OpenStack to another. Generally speaking, upgrading from one version of OpenStack is like a root canal: Long and painful but necessary. With Canonical OpenStack, you can step up all the way from the oldest supported version to the newest one with no more than a second of downtime.

Freshly Exhumed writes: An intentional kernel change in Linux kernel 4.20 for enhanced Spectre mitigation is unfortunately causing Intel Linux performance to be much slower than with 4.19. That change is 'STIBP' (Single Thread Indirect Branch Predictors), which allows for preventing cross-hyperthread control of decisions that are made by indirect branch predictors. It affects Intel systems that have up-to-date microcode and CPU Hyper Threading enabled. Phoronix gives the evidence.

At the 2018 Uber Open Summit, Uber announced it was joining the Linux Foundation as a Gold Member, making a firm commitment to using and contributing to open source tools. TechCrunch reports: Uber CTO Thuan Pham sees the Linux Foundation as a place for companies like his to nurture and develop open source projects. "Open source technology is the backbone of many of Uber's core services and as we continue to mature, these solutions will become ever more important," he said in a blog post announcing the partnership. "Uber has made significant investments in shared software development and community collaboration through open source over the years, including contributing the popular open source project Jaeger, a distributed tracing system, to the Linux Foundation's Cloud Native Computing Foundation in 2017," an Uber spokesperson told TechCrunch. As the report mentions, it took the ride-hailing service a long time for them to join the Linux Foundation. "Uber has been long known for making use of open source in its core tools working on over 320 open source projects and repositories from 1500 contributors involving over 70,000 commits, according to data provided by the company," reports TechCrunch.

AmiMoJo writes: Apple's new-generation Macs come with a new so-called Apple T2 security chip that's supposed to provide a secure enclave co-processor responsible for powering a series of security features, including Touch ID. At the same time, this security chip enables the secure boot feature on Apple's computers, and by the looks of things, it's also responsible for a series of new restrictions that Linux users aren't going to like.

The issue seems to be that Apple has included security certificates for its own and Microsoft's operating systems (to allow running Windows via Bootcamp), but not for the certificate that was provided for systems such as Linux. Disabling Secure Boot can overcome this, but also disables access to the machine's internal storage, making installation of Linux impossible.

puddingebola shares a report: WLinux is a $20 open-source, Debian-based distribution, designed to run on Windows 10's Windows Subsystem for Linux (WSL). The WSL allows Windows 10 to run various GNU/Linux distros inside Windows as Microsoft Store apps, providing access to Ubuntu, openSUSE, Debian, Fedora, Kali Linux, and others. The WSL has disadvantages over a running a dedicated GNU/Linux system. For example, there's no official support for desktop environments or graphical applications, and I/O performance bottlenecks, but it is being improved over time. The developers of WLinux describe it as a "fast Linux terminal environment for developers", saying it is the first distribution to be "pre-configured and optimized to run specifically on Windows Subsystem for Linux". Announcing WLinux's availability, Microsoft program manager Tara Raj, called out the wlinux-setup tool, "which allows users to easily set up common developer toolchains, and removes unsupported features like systemd."