Canonical's Martin Wimpress addresses Snaps, Flatpak, and other competing standards, and community unease around Canonical's control of the Snap store. intensivevocoder writes: With these advances in hardware support, the last significant challenge users face when switching from Windows or Mac to a Linux distribution is app distribution and installation. While distribution-provided repositories are useful for most open source software, the release model of distributions such as Ubuntu or Fedora lock in users to a major version for programs for the duration of a particular release. Because of differences in how they interact with the underlying system, certain configuration tasks are different between Snaps or Flatpaks than for directly-installed applications. Likewise, initial commits for the Snap and Flatpak formats were days apart -- while the formats were developed essentially in parallel, the existence of two 'universal' package formats has led to disagreement about competing standards. TechRepublic interviewed Martin Wimpress, engineering manager for Snapcraft at Canonical, about Ubuntu's long term plans for Snaps, its adoption and support in other Linux distributions, Canonical's position as the operator of the Snap Store, and the benefits Snaps provide over Flatpak. An excerpt from the interview: TechRepublic: Practically speaking, there are two competing standards for cross-platform application packaging -- three, if you count AppImage. What's the practical benefit that Canonical's Snap format offers over Flatpak or AppImage?
Martin Wimpress: If you look at the initial commits of both of those projects, Snaps have a lineage back to Click packages, which were developed for [Ubuntu Phone] originally. The Snap project developed out of what had been learned from doing the phones, with a view to solving problems in IoT. So, although technically snapd and xdg-apps -- and consequently Flatpak -- look like they emerged around the same time, Snaps can trace their lineage back to the Click project from several years previous. If we're looking at Flatpak specifically, we can probably include AppImage in most of these comparisons as well. Some of the similarities are that Snaps are self-contained software packages, which is something that Flatpak and AppImage strive to be as well. I think that Flatpak achieves that better than AppImage. I think AppImage still makes some assumptions on what's installed on the host operating system. It doesn't bundle everything inside the AppImage. Similarly, Snaps, Flatpak, and AppImage work across all the major Linux distributions without modification. We haven't all arrived at this solution by accident. We've clearly, independently, all realized that this is a problem that we need to solve in order to encourage software vendors to publish their applications on Linux, because Linux is a very broad platform to target. If you can lower the hurdles... to getting your software in front of users on Linux, then that's a good thing. And we're all aiming to do the same thing there.

GNOME and KDE are co-hosting this year's Linux App Summit (LAS) in Barcelona from November 12th to 15th.

An anonymous reader shared the big announcement: LAS is the first collaborative event co-hosted by the two organizations since the Desktop Summit in 2009. Both organizations are eager to bring their communities together in building an application ecosystem that transcends individual distros and broadens the market for everyone involved.

KDE and GNOME will no longer be taking a passive role in the free desktop sector. With the joint influence of the two desktop projects, LAS will shepherd the growth of the FOSS desktop by encouraging the creation of quality applications, seeking opportunities for compensation for FOSS developers, and fostering a vibrant market for the Linux operating system.

• "I am excited to see GNOME and KDE working together on LAS, and I believe that the event will help lay down strong foundations for collaborative cross-project development that would benefit Linux users across all distributions and on any compatible device." -- Christel Dahlskjaer, Private Internet Access and freenode Project Lead.

• "Together with GNOME, counting with the collaboration of many distributions and application developers, we'll have the opportunity to work side by side, share our perspectives and offer the platform that the next generation of solutions will be built on." -- Aleix Pol Gonzalez, KDE e.V Vice-President says about the inaugural effort about LAS.

• "By partnering with KDE we show the desire to build the kind of application ecosystem that demonstrates that Open Source and Free Software are important; the technology and organization we build to achieve this is valuable and necessary." -- GNOME executive director, Neil McGovern

• "The desktop wars is not really a thing any more. It makes more sense to work together and pool resources." -- Paul Brown, a KDE Communications Specialist (quoted by ZDNet)

ZDNet called the collaboration "a major step forward," giving their story the headline "GNOME and KDE work together on the Linux desktop." But the Twitter feed for the KDE community quickly clarified that KDE "is working with GNOME to create a common, fair, sustainable and open app ecosystem, not a desktop."

"The GNOME and KDE communities want to provide users with free and open applications that will respect their privacy and rights. That is what Linux App Summit is about."

The Linux Mint project today released the Linux Mint 19.2 "Tina", which is now available for download as Cinnamon, MATE, and Xfce editions. From a report: If your computer is fairly modern, take my advice and opt for the excellent Cinnamon. MATE and Xfce are solid choices too, although they are more appropriate for computers with meager hardware. For new users, choosing amongst three interfaces can be confusing -- thankfully, the Mint developers stopped using KDE almost two years ago. Linux Mint 19.2 "Tina" is based on the wildly popular Ubuntu operating system, but on 18.04 rather than the new 19.04. Why use an older version of Ubuntu as a base? Because 18.04 is an LTS or "Long Term Support" variant. While version 19.04 will be supported for less than a year, 18.04 is being supported for a mind-boggling 10 years! The Linux kernel is version 4.15 and not part of the newer 5.x series.

mfilion writes: Want to use the GNOME or KDE Linux desktops on your virtual-reality headset? A new open-source project aims to let you play games and use your Linux desktop with your VR head-mounted display. Xrdesktop is an open-source project "designed to let you work with traditional desktop environments, such as GNOME and KDE, in VR," reports ZDNet. "It does this by making window managers aware of VR. It then uses VR runtimes to render desktop windows in 3D space. Once there, you'll be able to work on the desktop using VR controllers in place of a mouse and keyboard."

You can find installation instructions on xrdesktop Wiki. The Valve-backed program is available in packages for Arch Linux and Ubuntu Linux. You can also install it on other distributions, but you'll need to install xrdesktop from source.

Freshly Exhumed writes: When Linus Torvalds first created Linux in 1991, he built it on a 386-powered PC with a floppy drive. Things change. In 2012, Torvalds bid the i386 processor adieu saying, "I'm not sentimental. Good riddance." Now, it's the floppy drive's turn to bid Linux adieu. Torvalds has declared the floppy drive project "orphaned." Why? Because floppy drives have become historical relics. No one's using them. Indeed, Jiri Kosina, the Czech Linux kernel developer in charge of the floppy drive driver, said he "no longer has working hardware." Torvalds continued, "Actual working physical floppy hardware is getting hard to find, and while Willy was able to test this, I think the driver can be considered pretty much dead from an actual hardware standpoint. The hardware that is still sold seems to be mainly USB-based, which doesn't use this legacy driver at all."

An anonymous reader shares a report from VentureBeat: Google today launched Chrome 76 for Windows, Mac, Linux, Android, and iOS. The release includes Adobe Flash blocked by default, Incognito mode detection disabled, multiple PWA improvements, and more developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. Google has been taking baby steps to kill off Flash for years. In 2015, Chrome started automatically pausing less important Flash content. In 2016, Chrome started blocking "behind the scenes" Flash content and using HTML5 by default. In July 2017, however, Adobe said it would kill Flash by 2020. With Chrome 76, Flash is now blocked by default. Users can still turn it on in settings, but next year, Flash will be removed from Chrome entirely.

New submitter Grindop53 shares a report: Widespread reports of a "critical security issue" that supposedly impacted users of VLC media player have been debunked as "completely bogus" by developers. Earlier this week, German computer emergency response team CERT-Bund -- part of the Federal Office for Information Security (BSI) -- pushed out an advisory warning network administrators and other users of a high-impact vulnerability in VLC. It seems that this advisory can be traced back to a ticket that was opened on VLC owner VideoLAN's public bug tracker more than four weeks ago. The alleged heap-based buffer overflow flaw was disclosed by a user named "topsec(zhangwy)," who stated that a malicious .mp4 file could be leveraged by an attacker to take control of VLC media player users' devices. The issue was flagged as high-risk on the CERT-Bund site, and the vulnerability was assigned a CVE entry (CVE-2019-13615).

However, according to VideoLAN president Jean-Baptiste Kempf, the exploit does not work on the latest VLC build. In fact, any potential issues relating to the vulnerability were patched more than a year ago. "There is no security issue in VLC," Kempf told The Daily Swig in a phone conversation this morning. "There is a security issue in a third-party library, and a fix was pushed [out] 18 months ago." When asked how or why this oversight generated so much attention, Kempf noted that the reporter of the supposed vulnerability did not approach VideoLAN through its security reporting email address. "The guy never contacted us," said Kempf, who remains a lead developer at the VLC project. "This is why you don't report security issues on a public bug tracker." Kempf and his team were unable to replicate the issue in the latest version of VLC, leading many to believe that the bug reporter was working on a computer running an outdated version of Ubuntu. "If you report a security issue, at least update your Linux distribution," Kempf said.

Melissa Di Donato, SAP's former COO, has been named SUSE's new CEO. ZDNet reports: London-based Di Donato is a well-known technology leader. In particular, she has a proven track record in sales and business operations. Besides being SAP's COO, she was also the company's chief revenue officer. In SAP's latest quarter, SAP saw an increase of 11% year-over-year revenues. Much of that came from the cloud -- where SAP saw 40% year-over-year growth. SAP's cloud is built on SUSE's Linux servers and OpenStack cloud.

Di Donato succeeds Nils Brauckmann. While officially Brauckmann is retiring, there seems to be more to the story. On LinkedIn, Brauckmann wrote: "I care very deeply for the SUSE business and its employees, and this difficult decision is based entirely on personal reasons. I am pleased to be handing over the reins to such a talented and accomplished leader as Melissa Di Donato." In his SUSE statement, Brauckman added: "She is a proven and dynamic change agent, and many of her achievements have occurred in subscription businesses that exist in high-growth cloud environments." In April, then-CEO Nils Brauchmann said his company would soon be the largest independent Linux company. This comes after Brauckmann delivered eight years of continuous expansion during his tenure, including record-breaking revenues in FY18, reports ZDNet.

"Under Di Donato's leadership, SUSE will continue to focus on growth and expansion. What that means is she's expected to advance SUSE's core business and emerging technologies, both organically and through add-on acquisitions."

Speaking of Dropbox, the online storage cloud service has enabled support for ZFS and XFS on 64-bit Linux systems, and eCryptFS and Btrfs on all Linux systems. The move comes after it recently pulled support for all file storage systems on Linux except Ext4. From a report: Dropbox stopped supporting folder syncing to drives with filesystems it deemed "uncommon", which on Linux meant anything but Ext4, upsetting quite a few users. The reason cited for this was that "a supported file system is required as Dropbox relies on extended attributes (X-attrs) to identify files in the Dropbox folder and keep them in sync", which doesn't really make sense since there are many filesystems that support xattr (extended attributes) on Linux. After this change was announced, various workarounds started to appear online, including one that I posted on Linux Uprising. There was even a new unofficial, open source Dropbox client developed for this reason (which is also much lighter than the official client by the way). But this didn't last long though, as last week, the Dropbox 77.3.127 beta changelog says that Dropbox has added back support for ZFS (on 64-bit systems only), XFS (on 64bit systems only), Btrfs and eCryptFS.

diegocg writes: Linux 5.2 has been released. This release includes Sound Open Firmware, a project that brings open source firmware to DSP audio devices; open firmware for many Intel products is also included. This release also improves the Pressure Stall Information resource monitoring to make it usable by Android; the mount API has been redesigned with new syscalls; the BFQ I/O scheduler has gained some performance improvements; a new CLONE_PIDFD flag lets clone(2) return pidfs usable by pidfd_send_signal(2); Ext4 has gained support for case-insensitive name lookups; there is also a new device mapper target that simulates a device that has failing sectors and/or read failures; open source drivers for the ARM Mali t4xx and newer 6xx/7xx have been added. Many other new drivers, features and changes can be found in the changelog.
But there's more besides supporting "a handful of extra ARM-powered single-board computers," according to CRN: The biggest feature in 5.2 is probably support for Intel's forthcoming Comet Lake architecture, which will power the tenth generation of its Core desktop and mobile CPUs due. The new silicon is due to ship late in 2019 and appear in products early the next year.

Linux 5.2 also includes many tweaks that improve its performance on laptops.

intensivevocoder quotes TechRepublic: Following Canonical's pivot away from its internally-developed Unity user interface and Mir display server, Ubuntu has enjoyed two relatively low-drama years, as the Linux Desktop market homogenized during its transition back to a customized GNOME desktop. In a review of the most recent release, TechRepublic's Jack Wallen declared that "Ubuntu 19.04 should seriously impress anyone looking for a fast and reliable Linux desktop platform."

Largely, it's been a slow-and-steady pace for Ubuntu since the pivot from Unity to GNOME, though the distribution made headlines for plans to end support for 32-bit support. This prompted Valve, operators of games marketplace Steam, to re-think its approach toward Ubuntu, which it previously characterized as "as the best-supported path for desktop users."

TechRepublic's James Sanders interviewed Will Cooke, director of engineering for Ubuntu Desktop at Canonical, about the distribution's long-term plans for legacy 32-bit support, shipping a desktop in a post-Unity-era Ubuntu, and why Linux should be the first choice for users migrating from Windows 7 prior to the end of support.
From the interview:
When we did the switch to GNOME Shell from Unity, we did a survey [asking] people straightforward questions like, "What sort of features do you want to see continue in Ubuntu Desktop?" The answer came through very, very clearly that people liked having the launcher on the left, and they wanted to keep that feature there. They liked having desktop icons and they wanted to keep that feature there.

We've made decisions based on data from our user base, from our community. They have provided that feedback and we've done what the majority of people want.

Sometimes that doesn't go with the ideals of GNOME design, but we're comfortable with delivering what we see as value on top of GNOME. That's delivering a product which gives people consistency between the old days of Unity 7, and the new days of GNOME Shell. That transition was as easy as possible, everybody had a chance to have a say in it, and the answers were pretty clear.

sfcrazy writes: Linode today launched new GPU-optimized cloud computing instances tailored specifically for developers and businesses requiring massive parallel computational power. The new instances are built on NVIDIA Quadro RTX 6000 GPU cards with all three major types of processing cores (CUDA, Tensor, and Real-Time Ray Tracing) available to users. Linode is one of the first cloud providers to deploy NVIDIA's latest GPU architecture. These new GPU instances give scientists, artists, and engineers working on artificial intelligence, graphic visualization, and complex modeling a cost-competitive alternative to hyperscale cloud providers.

An anonymous reader shares a report: The official Skype Snap app for Linux has not been updated in nearly six months, and Microsoft is yet to say why. When introducing the cross-distro build in early 2018, the company said the Skype Snap app would give it the "... ability to push the latest features straight to our users, no matter which device or distribution they happen to use." Clearly, not. Because at the time of writing this post the Skype Snap app sits on version 8.34.0.78, which the Snapcraft store reports was 'last updated' in November 2018. However, the "regular" Linux version available to download from the Skype website is on version 8.47.0.73, released June 2019.

IBM closed its $34 billion acquisition of Red Hat, the companies announced Tuesday. From a report: The deal was originally announced in October, when the companies said IBM would buy all shares in Red Hat for $190 each in cash. The acquisition of Red Hat, an open-source, enterprise software maker, marks the close of IBM's largest deal ever. It's one of the biggest in U.S. tech history. Excluding the AOL-Time Warner merger, it follows the $67 billion deal between Dell and EMC in 2016 and JDS Uniphase's $41 billion acquisition of optical-component supplier SDL in 2000. Under the deal, Red Hat will now be a unit of IBM's hybrid cloud division, according to the original announcement. The companies said Red Hat's CEO, Jim Whitehurst, would join IBM's senior management team and report to CEO Ginni Rometty. IBM previously said it hoped its acquisition of Red Hat will help it do more work in the cloud, one of its four key growth drivers, which are also social, mobile and analytics. The company lags behind Amazon and Microsoft in the cloud infrastructure business. IBM has seen three consecutive quarters of declining year-over-year revenue. But some analysts are hopeful about the Red Hat deal's opportunity to bring in new business.

"After 25 months of development the Debian project is proud to present its new stable version 10 (code name 'buster'), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team."

An anonymous reader quotes Debian.org: In this release, GNOME defaults to using the Wayland display server instead of Xorg. Wayland has a simpler and more modern design, which has advantages for security. However, the Xorg display server is still installed by default and the default display manager allows users to choose Xorg as the display server for their next session.

Thanks to the Reproducible Builds project, over 91% of the source packages included in Debian 10 will build bit-for-bit identical binary packages. This is an important verification feature which protects users against malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive.

For those in security-sensitive environments AppArmor, a mandatory access control framework for restricting programs' capabilities, is installed and enabled by default. Furthermore, all methods provided by APT (except cdrom, gpgv, and rsh) can optionally make use of "seccomp-BPF" sandboxing. The https method for APT is included in the apt package and does not need to be installed separately... Secure Boot support is included in this release for amd64, i386 and arm64 architectures and should work out of the box on most Secure Boot-enabled machines.
The announcement touts Debian's "traditional wide architecture support," arguing that it shows Debian "once again stays true to its goal of being the universal operating system." It ships with several desktop applications and environments, including the following:

• Cinnamon 3.8

• GNOME 3.30

• KDE Plasma 5.14

• LXDE 0.99.2

• LXQt 0.14

• MATE 1.20

• Xfce 4.12

"If you simply want to try Debian 10 'buster' without installing it, you can use one of the available live images which load and run the complete operating system in a read-only state via your computer's memory... Should you enjoy the operating system you have the option of installing from the live image onto your computer's hard disk."

If you're looking to try out a Linux distro that is not based on Ubuntu, Mageia 7 might be worth your consideration. It arrives two years after the release of Mageia 6 -- so unsurprisingly, the changelog is fairly long. The Mageia developers share the significant packages that have been updated below. Significant package updates include: kernel 5.1.14, rpm 4.14.2, dnf 4.2.6, Mesa 19.1, Plasma 5.15.4, GNOME 3.32, Xfce 4.14pre, Firefox 67, Chromium 73, and LibreOffice 6.2.3. Donald Stewart, Mageia developer, adds: There are lots of new features, exciting updates, and new versions of your favorite programs, as well as support for very recent hardware. There are classical installer images for both 32-bit and 64-bit architectures, as well as live DVDs for 64-bit Plasma, GNOME, Xfce, and 32-bit Xfce.

An anonymous reader shares a report: Three and a half years ago, Mark Russinovich, Azure CTO, Microsoft's cloud, said, "One in four [Azure] instances are Linux." Next, in 2017, Microsoft revealed that 40% of Azure virtual machines (VM) were Linux-based. Then in the fall of 2018, Scott Guthrie, Microsoft's executive VP of the cloud and enterprise group, told me in an exclusive interview, "About half Azure VMs are Linux". Now, Sasha Levin, Microsoft Linux kernel developer, in a request that Microsoft be allowed to join a Linux security list, revealed that "the Linux usage on our cloud has surpassed Windows." Shocking you say? Not really. Linux is largely what runs enterprise computing both on in-house servers and on the cloud. Windows Server has been declining for years. In the most recent IDC Worldwide Operating Systems and Subsystems Market Shares report covering 2017, Linux had 68% of the market. Its share has only increased since then.

Linux founder Linus Torvalds "warns that managing software is about to become a lot more challenging, largely because of two hardware issues that are beyond the control of DevOps teams," reports DevOps.com.

An anonymous reader shares their report about Torvalds remarks at the KubeCon + CloudNative + Open Source Summit China conference: The first, Torvalds said, is the steady stream of patches being generated for new cybersecurity issues related to the speculative execution model that Intel and other processor vendors rely on to accelerate performance... Each of those bugs requires another patch to the Linux kernel that, depending on when they arrive, can require painful updates to the kernel, Torvalds told conference attendees. Short of disabling hyperthreading altogether to eliminate reliance on speculative execution, each patch requires organizations to update both the Linux kernel and the BIOS to ensure security. Turning off hyperthreading eliminates the patch management issue, but also reduces application performance by about 15 percent.

The second major issue hardware issue looms a little further over the horizon, Torvalds said. Moore's Law has guaranteed a doubling of hardware performance every 18 months for decades. But as processor vendors approach the limits of Moore's Law, many developers will need to reoptimize their code to continue achieving increased performance. In many cases, that requirement will be a shock to many development teams that have counted on those performance improvements to make up for inefficient coding processes, he said.

"Linux frontman Linus Torvalds thinks he's 'more self-aware' these days and is 'trying to be less forceful' after his brief absence from directing Linux kernel developers because of his abusive language on the Linux kernel mailing list," reports ZDNet.

"But true to his word, he's still not necessarily diplomatic in his communications with maintainers..." Torvalds' post-hiatus outburst was directed at Dave Chinner, an Australian programmer who maintains the Silicon Graphics (SGI)-created XFS file system supported by many Linux distros. "Bullshit, Dave," Torvalds told Chinner on a mailing list. The comment from Chinner that triggered Torvalds' rebuke was that "the page cache is still far, far slower than direct IO" -- a problem Chinner thinks will become more apparent with the arrival of the newish storage-motherboard interface specification known as Peripheral Express Interconnect Express (PCIe) version 4.0. Chinner believes page cache might be necessary to support disk-based storage, but that it has a performance cost....

"You've made that claim before, and it's been complete bullshit before too, and I've called you out on it then too," wrote Torvalds. "Why do you continue to make this obviously garbage argument?" According to Torvalds, the page cache serves its correct purpose as a cache. "The key word in the 'page cache' name is 'cache'," wrote Torvalds.... "Caches work, Dave. Anybody who thinks caches don't work is incompetent. 99 percent of all filesystem accesses are cached, and they never do any IO at all, and the page cache handles them beautifully," Torvalds wrote.

"When you say the page cache is slower than direct IO, it's because you don't even see or care about the *fast* case. You only get involved once there is actual IO to be done."
"The thing is," reports the Register, "crucially, Chinner was talking in the context of specific IO requests that just don't cache well, and noted that these inefficiencies could become more obvious as the deployment of PCIe 4.0-connected non-volatile storage memory spreads."

Here's how Chinner responded to Torvalds on the mailing list. "You've taken one single statement I made from a huge email about complexities in dealing with IO concurrency, the page cache and architectural flaws in the existing code, quoted it out of context, fabricated a completely new context and started ranting about how I know nothing about how caches or the page cache work."

The Register notes their conversation also illustrates a crucial difference from closed-source software development. "[D]ue to the open nature of the Linux kernel, Linus's rows and spats play out in public for everyone to see, and vultures like us to write up about."

Microsoft's transformation into a fully paid-up member of the Linux love-train continued this week as the Windows giant sought to join the exclusive club that is the official linux-distros mailing list. From a report: The purpose of the linux-distros list is used by Linux distributions to privately report, coordinate, and discuss security issues yet to reach the general public; oss-security is there for stuff that is already out in the open or cannot wait for things to bounce around for a few days first. Sasha Levin, who describes himself as a "Linux kernel hacker" at the beast of Redmond, made the application for his employer to join the list, which if approved would allow Microsoft to tap into private behind-the-scenes chatter about vulnerabilities, patches, and ongoing security issues with the open-source kernel and related code.

These discussions are crucial for getting an early heads up, and coordinating the handling and deployment of fixes before they are made public. To demonstrate that Microsoft qualifies for membership alongside the likes of Ubuntu, Debian, and SUSE, he cited Microsoft's Azure Sphere and the Windows Subsystem For Linux (WSL) 2 as examples of distro-like builds.