An anonymous reader shares a report: Linux computer manufacturer System76 made its mark in part because of its commitment to open source principles and doing what it believes is right. Last year it released its homegrown Linux, Pop!_OS. In early March, System76 founder Carl Richell tweeted about the company's plans to locate its computer manufacturing factory in Denver, Colorado. By moving its manufacturing from China to the United States, System76 is offering more proof that it's not afraid to buck prevailing tech norms to do things "the System76 way." Carl Richell, founder and CEO of System76, says in a Twitter exchange that they anticipate shipping products from the factory by the end of the year.

Catalin Cimpanu, writing for BleepingComputer: A vulnerability in the "beep" package that comes pre-installed with Debian and Ubuntu distros allows an attacker to probe for the presence of files on a computer, even those owned by root users, which are supposed to be secret and inaccessible. The vulnerability, tracked as CVE-2018-0492, has been fixed in recent versions of Debian and Ubuntu (Debian-based OS). At its core, the bug is a race condition in the beep utility that allows the OS to emit a "beep" sound whenever it is deemed necessary. Security researchers have discovered a race condition in the beep package that allows an attacker to elevate his code to root-level access.

An anonymous reader quotes Phoronix: The kernel lockdown feature further restricts access to the kernel by user-space with what can be accessed or modified... Pairing that with UEFI SecureBoot unconditionally is meeting some resistance by Linus Torvalds. The goal of kernel lockdown, which Linus Torvalds doesn't have a problem with at all, comes down to "prevent both direct and indirect access to a running kernel image, attempting to protect against unauthorised modification of the kernel image and to prevent access to security and cryptographic data located in kernel memory, whilst still permitting driver modules to be loaded." But what has the Linux kernel creator upset with are developers trying to pair this unconditionally with UEFI SecureBoot. Linus describes Secure Boot as being "pushed in your face by people with an agenda." But his real problem is that Secure Boot would then imply Kernel Lockdown mode... "Tying these things magically together IS A BAD IDEA."

Long-time Slashdot reader Billly Gates writes: Debian is now available in the Windows app store. It joins Ubuntu, Suse Leap, SuSe enterprise, and Kali Linux for those who cannot or do not want to bother with a virtual machine or a full install of the OS. However, it included stable 9.3. 9.4 is available from the repository if you run apt-get update and apt-get upgrade.
"Fedora is not yet available, although Microsoft has stated openly that it is working to make it so," reports Computer Weekly. And there's more: Microsoft has also provided an open source tool called Microsoft WSL/DistroLauncher for users who want to build their own Linux package where a particular distribution is either a) not available yet or b) is available, but the user wants to apply a greater degree of customisation to it than comes as standard.

An anonymous reader writes: For years, embedded device manufacturers have been illegally using Linux. Typically, they use Linux without publishing their device's source code, which Linux's GNU General Public License version 2 (GPLv2) requires them to do. Well, guess what? Another vendor, this time Symantec, appears to be the guilty party. This was revealed when Google engineer and Linux security expert Matthew Garrett was diving into his new Norton Core Router. This is a high-end Wi-Fi router. Symantec claims it's regularly updated with the latest security mechanisms. Garrett popped his box open to take a deeper look into Symantec's magic security sauce.

What he found appears to be a Linux distribution based on the QCA Software Development Kit (QSDK) project. This is a GPLv2-licensed, open-source platform built around the Linux-based OpenWrt Wi-Fi router operating system. For Symantec's purposes, QSDK and OpenWrt are an excellent choice. Instead of a read-only firmware, OpenWrt has a fully writable filesystem with package management. This enables Symantec to easily customize its router with updated security features. But -- and it's a big but -- if it's indeed based on QSDK and OpenWrt, Symantec needs to share the Norton Core Router's code with the world.

An anonymous reader writes: Ubuntu Linux 18.04 "Bionic Beaver" is almost here -- it is due on April 26. In the interim, today, the second -- and final -- beta becomes available. Bionic Beaver is very significant, as it is an LTS version, meaning "Long Term Support." This is important to those that prefer stability to bleeding edge and don't want to deal with the hassle of upgrades. In other words, you can install 18.04 and be confident that it will be supported for 5 years. In comparison, non-LTS Ubuntu versions get a mere 9 months.

There is plenty to be excited about with Ubuntu Linux 18.04 LTS 'Bionic Beaver' Beta 2, including the GNOME 3.28 desktop environment -- Beta 1 did not include GNOME at all. Of course, all the other DE flavors are available too, such as KDE and Xfce. The kernel is at 4.15, which while not the most current version, is still quite modern. Also included is LibreOffice 6.0 -- an essential tool that rivals Microsoft Office. Wayland is available as a technical preview, although X remains the default display server -- for now.

An anonymous reader writes: Valve recently removed Steam Machines from the Steam Store navigation menus which naturally led people to believe that Valve was giving up on that initiative, also leading to concern about its operating system, SteamOS. In a statement posted on its blog today, the firm said that it's still committed to SteamOS and Linux. It said the main reason for removing Steam Machines from the navigation menu was due to the low amount of traffic the page was getting. In a statement, Valve said, "We've noticed that what started out as a routine cleanup of the Steam Store navigation turned into a story about the delisting of Steam Machines. That section of the Steam Store is still available, but was removed from the main navigation bar based on user traffic. Given that this change has sparked a lot of interest, we thought it'd make sense to address some of the points we've seen people take away from it."

An anonymous reader writes: Today, version 28 of the Fedora finally achieves beta status. After a short delay -- it was scheduled to be available a week earlier -- the distro is back on track, and looking better than ever. As is typical now, there are three versions of the operating system -- Atomic Host, Server, and Workstation. While all three have their places, normal desktop computer users will want to focus on Workstation. While there are plenty of new features (and bugs), the most exciting aspect of Fedora 28 Workstation is the inclusion of the GNOME 3.28 desktop environment.

To mark Red Hat's 25th anniversary, TechCrunch spoke with the company's CEO Jim Whitehurst to talk about the past, present and future of the company, and open-source software in general. An excerpt: "Ten years ago, open source at the time was really focused on offering viable alternatives to traditional software," he told me. "We were selling layers of technology to replace existing technology. [...] At the time, it was open source showing that we can build open-source tech at lower cost. The value proposition was that it was cheaper." At the time, he argues, the market was about replacing Windows with Linux or IBM's WebSphere with JBoss. And that defined Red Hat's role in the ecosystem, too, which was less about technological information than about packaging. "For Red Hat, we started off taking these open-source projects and making them usable for traditional enterprises," said Whitehurst.

About five or six ago, something changed, though. Large corporations, including Google and Facebook, started open sourcing their own projects because they didn't look at some of the infrastructure technologies they opened up as competitive advantages. Instead, having them out in the open allowed them to profit from the ecosystems that formed around that. "The biggest part is it's not just Google and Facebook finding religion," said Whitehurst. "The social tech around open source made it easy to make projects happen. Companies got credit for that." He also noted that developers now look at their open-source contributions as part of their resume. With an increasingly mobile workforce that regularly moves between jobs, companies that want to compete for talent are almost forced to open source at least some of the technologies that don't give them a competitive advantage.
In October, Whitehurst also answered questions from Slashdot readers.

An anonymous reader writes: Linus Torvalds has released Linux 4.16. Linux 4.16 integrates more of the VirtualBox guest drivers into the kernel, provides AMDGPU DC multi-display synchronization, continues with mitigation improvements for Spectre and Meltdown mitigation, tightens up access to /dev/mem by default, and many other improvements and changes.

Microsoft has released a tool to help Linux distribution maintainers bring their distros to the Windows Store to run on Windows 10's Windows Subsystem for Linux. From a report: Microsoft describes the tool as a "reference implementation for a Windows Subsystem for Linux (WSL) distribution installer application," which is aimed at both distribution maintainers and developers who want to create custom Linux distributions for running on WSL. "We know that many Linux distros rely entirely on open-source software, so we would like to bring WSL closer to the OSS community," said Tara Raj of Microsoft's WSL team. "We hope open-sourcing this project will help increase community engagement and bring more of your favorite distros to the Microsoft Store." WSL helps programmers build a full Linux development environment for testing production code on a Windows machine.

Microsoft announced this week that it will launch the next major release of Windows Server later this year with better support for hybrid workloads, Linux workloads, and hyper-converged infrastructure. From a report: This release will succeed Windows Server 2016, which was made generally available in October 2016. While Microsoft moved to twice-yearly updates for Windows Server starting last year, the company bundles those changes into a long-term servicing channel once every two or three years for administrators who prefer less frequent releases. Those companies that haven't moved over to the semi-annual channel will get their first taste of Windows Server's Linux and Kubernetes support, which are currently in beta.

Microsoft is joining Red Hat, Facebook, Google and IBM in committing to extending right to "cure" open source licensing noncompliance before taking legal measures. From a report: On March 19, officials from Microsoft -- along with CA Technologies, Cisco, HPE, SAP and SUSE -- said they'd work with open together with the already-committed vendors to provide more "predictability" for users of open source software. "The large ecosystems of projects using the GPLv2 and LGPLv2.x licenses will benefit from adoption of this more balanced approach to termination derived from GPLv3," explained Red Hat in a press release announcing the new license-compliance partners. The companies which have agreed to adopt the "Common Cure Rights Commitment" said before they file or continue to prosecute those accused of violating covered licenses, they will allow for users to cure and reinstate their licenses.

Mint developers say they feel the app-launching time on the Linux distro seemed slow when using the Cinnamon desktop environment. So, they are working on fixing it. BetaNews reports: Windows build time was four times slower with Cinnamon compared to Metacity, while recovery time was nearly four times slower too. So yes, app-launching on Cinnamon -- as of today -- is slow comparatively. The big benefit to pinpointing a problem, however, is that it is the first step in solving it. And so, Linux Mint 19 Cinnamon will be faster as a result. "We developed a little script and a method to measure how long it took to flood the desktop environment with the creation of 200 windows. We could then measure the time reported by the script to build these 200 windows, and the time it actually took the desktop environment to recover from it and have these windows placed/mapped correctly and ready to be interacted with. Both measures were significantly higher in Cinnamon than in other desktops," says The Linux Mint Team.

The newly-relaunched Linux Journal is conducting its annual "Reader's Choice Awards," and this month announced the winners for Best Text Editor, Best Laptop, and Best Domain Registrar. Vim was chosen as the best editor by 35% of respondents, handily beating GNU Emacs (19%) Sublime Text (10%) and Atom (8%). Readers' Choice winner Vim is an extremely powerful editor with a user interface based on Bill Joy's 40-plus-year-old vi, but with many improved-upon features including extensive customization with key mappings and plugins. Linux Journal reader David Harrison points out another great thing about Vim "is that it's basically everywhere. It's available on every major platform."
For best laptop their readers picked Lenovo (32%), followed by Dell (25%) and System76 (11%). The ThinkPad began life at IBM, but in 2005, it was purchased by Lenovo along with the rest of IBM's PC business. Lenovo evolved the line, and today the company is well known as a geek favorite. Lenovo's ThinkPads are quiet, fast and arguably have one of the best keyboards (fighting words!). Linux Journal readers say Lenovo's Linux support is excellent, leaving many to ponder why the company doesn't ship laptops with Linux installed.
In February readers also voted on the best web browser, choosing Firefox (57%) over Chrome (17%) and Chromium (7%). And they also voted on the best Linux distribution, ultimately selecting Debian (33%), open SUSE (12%), and Fedora (11%).

Earlier this week, CTS Labs, a Tel Aviv-based cybersecurity startup claimed it has discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Linus Torvalds, Linux's creator doesn't buy it. ZDNet reports: Torvalds, in a Google+ discussion, wrote: "When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah." Or, as a commenter put it on the same thread, "I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?" CTS Labs claimed in an interview they gave AMD less than a day because they didn't think AMD could fix the problem for "many, many months, or even a year" anyway. Why would they possibly do this? For Torvalds: "It looks more like stock manipulation than a security advisory to me."

These are real bugs though. Dan Guido, CEO of Trail of Bits, a security company with a proven track-record, tweeted: "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works." But, Guido also admitted, "Yes, all the flaws require admin [privileges] but all are flaws, not expected functionality." It's that last part that ticks Torvalds off. The Linux creator agrees these are bugs, but all the hype annoys the heck out of him. Are there bugs? Yes. Do they matter in the real world? No. They require a system administrator to be almost criminally negligent to work. To Torvalds, inflammatory security reports are annoying distractions from getting real work done.

BrianFagioli writes: GNOME 3.28 is the latest version of GNOME 3, and is the result of 6 months' hard work by the GNOME community. It contains several major new features, as well as many smaller improvements and bug fixes. In total, the release incorporates 24105 changes, made by approximately 778 contributors.

The Project explains, "GNOME 3.28 comes with more beautiful things! First, and most significantly, GNOME's default interface font (called Cantarell) has undergone a significant update. Character forms and spacing have been evolved, so that text is more readable and attractive. Several new weights have also been added -- light and extra bold -- which are being used to produce interfaces that are both modern and beautiful. Other beautiful things include GNOME's collection of background wallpapers, which has been updated to include a lovely set of photographs, and the selection of profile pictures, which has been completely updated with attractive new images to pick from."

Unfortunately, you can't just click on a button and upgrade to GNOME 3.28 today. Actually, for the most part, you will need to wait for it to become available for your operating system. Sadly, this can take a while. Fedora users, for instance, will have to wait for a major OS upgrade for it to become available.

From a report: This week, Ubuntu Linux 18.04 'Bionic Beaver' Beta 1 became available for download. Ubuntu 18.04 is significant, as it will be an LTS (Long Term Support) version. As was the case when Unity was the primary DE, GNOME is not available in this beta stage. Instead, there are other flavors from which to choose, such as Kubuntu with KDE Plasma and Xubuntu, which uses Xfce.

"Pre-releases of the Bionic Beaver are not encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage. They are, however, recommended for Ubuntu flavor developers and those who want to help in testing, reporting, and fixing bugs as we work towards getting this release ready. Beta 1 includes some software updates that are ready for broader testing. However, it is quite an early set of images, so you should expect some bugs," says Dustin Krysak, Ubuntu Budgie team member.

Former Linux developer Patrick McHardy dropped his Gnu General Public License version 2 (GPLv2) violation case against Geniatech in a German court this week. ZDNet explains why some consider this a big "win": People who find violations typically turn to organizations such as the Free Software Foundation, Software Freedom Conservancy (SFC), and the Software Freedom Law Center to approach violators. These organizations then try to convince violating companies to mend their ways and honor their GPLv2 legal requirements. Only as a last resort do they take companies to court to force them into compliance with the GPLv2. Patrick McHardy, however, after talking with SFC, dropped out from this diplomatic approach and has gone on his own way. Specifically, McHardy has been accused of seeking his own financial gain by approaching numerous companies in German courts. Geniatech claimed McHardy has sued companies for Linux GPLv2 violations in over 38 cases. In one, he'd requested a contractual penalty of €1.8 million. The company also claimed McHardy had already received over €2 million from his actions...

In July 2016, the Netfilter developers suspended him from the core team. They received numerous allegations that he had been shaking down companies. McHardy refused to discuss these issues with them, and he refused to sign off on the Principles of Community-Oriented GPL Enforcement. In October 2017, Greg Kroah-Hartman, Linux kernel maintainer for the stable branch, summed up the Linux kernel developers' position. Kroah-Hartman wrote: "McHardy has sought to enforce his copyright claims in secret and for large sums of money by threatening or engaging in litigation...."

Had McHardy continued on his way, companies would have been more reluctant to use Linux code in their products for fear that a single, unprincipled developer could sue them and demand payment for his copyrighted contributions... McHardy now has to bear all legal costs for both sides of the case. In other words, when McHardy was faced with serious and costly opposition for the first time, he waved a white flag rather than face near certain defeat in the courts.

An anonymous reader quotes Debian.org: The Debian project is pleased to announce the fourth update of its stable distribution Debian 9 (codename "stretch"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems... Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old "stretch" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.
Phoronix adds that Debian 9.4 "has a new upstream Linux kernel release, various dependency fixes for some packages, an infinite loop fix in Glade, several CVE security fixes, a larger stack size for NTP, a new upstream release of their NVIDIA proprietary driver package, Python 3 dependency fixes, and other security fixes."