Friday Linux.com published their list of "what might well be the best Linux distributions to be found from the ever-expanding crop of possibilities... according to task." Here's their winners (as chosen by Jack Wallen), along with a short excerpt of his analysis.

• Best distro for sysadmins : Parrot Linux. "Based on Debian and offers nearly every penetration testing tool you could possibly want. You will also find tools for cryptography, cloud, anonymity, digital forensics, programming, and even productivity."
• Best lightweight distribution: LXLE. "Manages to combine a perfect blend of small footprint with large productivity."
• Best desktop distribution: Elementary OS "I'm certain Elementary OS Loki will do the impossible and usurp Linux Mint from the coveted 'best desktop distribution' for 2017."
• Best Linux for IoT: Snappy Ubuntu Core "Can already be found in the likes of various hacker boards (such as the Raspberry Pi) as well as Erle-Copter drones, Dell Edge Gateways, Nextcloud Box, and LimeSDR."
• Best non-enterprise server distribution: CentOS. "Since 2004, CentOS has enjoyed a massive community-driven support system."
• Best enterprise server distribution: SUSE. "Don't be surprised if, by the end of 2017, SUSE further chips away at the current Red Hat market share."

Wallen also chose Gentoo for "Best distribution for those with something to prove," saying "This is for those who know Linux better than most and want a distribution built specifically to their needs... a source-based Linux distribution that starts out as a live instance and requires you to then build everything you need from source." And surprisingly, he didn't mention his own favorite Linux distro, Bodhi Linux, which he describes elsewhere as "a melding of Ubuntu and Enlightenment".

The first day of 2017 starts off for Linux users with the release of the second RC (Release Candidate) development version of the upcoming Linux 4.10 kernel, as announced by Linus Torvalds himself. From a report on Softpedia: As expected, Linux kernel 4.10 entered development two weeks after the release of Linux kernel 4.9, on Christmas Day (December 25, 2016), but don't expect to see any major improvements or any other exciting things in RC2, which comes one week after the release of the first RC, because most of the developers were busy partying. With a total of 26 changes, Linux kernel 4.10 Release Candidate 2 is extremely small for an RC build, but Linus Torvalds decided not to skip it and interrupt the development cycle of Linux 4.10 just because of the Christmas and New Year's holidays. "It's been a really slow week between Christmas Day and New Years Day, and I am not complaining at all. It does mean that RC2 is ridiculously and unrealistically small," said Linus Torvalds in the mailing list announcement. "I almost decided to skip RC2 entirely, but a small little meaningless release every once in a while never hurt anybody."

Readers BrianFagioli writes: Some operating systems are targeted at a single use to minimize the overhead and maximize the power of the hardware. One such focused OS is OpenELEC. This Linux distribution is designed to serve as a media center -- nothing more, nothing less. Today, the popular distro reaches stable version 7.0. There are images for both x86 and Raspberry Pi 2 and 3, meaning there is a very good chance you own compatible hardware. OpenELEC 7.0 release contain a Kodi major version bump. If you are updating from OpenELEC 6.0 or earlier we strongly recommend you perform a full backup before performing a manual update. If you experience issues please perform a soft-reset to clear OpenELEC and Kodi settings. "The OpenELEC 7.0 (internal version 7.0.0) release has been published. Users running OpenELEC 6.95.1 or later with auto-update enabled will be prompted on-screen to reboot and apply the update once it has been downloaded and enabled in some hours. Users running older OpenELEC releases or with auto-update disabled will need to manually update," says Stephan Raue, maintainer, OpenELEC Mediacenter Project.

Bufferbloat is that "undesirable latency that comes from a router or other network equipment buffering too much data," according to the site for an ongoing project trying to address it. Now long-time Slashdot reader mtaht writes:Inside the lede-project, two core new bufferbloat-fighting techniques are poised to enter the linux mainline kernel and thousands of routers -- the first being a fq-codel'd and airtime fair scheduler for wifi, and the second, the new "cake" qdisc, which outperforms fq_codel across the board for shaping inbound and outbound connections.
His submission ends with a question for Slashdot readers. "It's been nearly six years since the start of the bufferbloat project. Have you or has your ISP fixed your bufferbloat yet?"

From a report on BetaNews: If you own a Raspberry Pi, you're probably familiar with PIXEL. The desktop environment is included in the Raspbian OS. The Raspberry Pi Foundation describes PIXEL as the "GNU/Linux we would want to use" and understandably so. It offers a smart, clean interface, a decent selection of software, the Chromium web browser with plug-ins, and more -- and from today it's available for PC and Mac. The version of Debian+PIXEL for x86 platforms is described as "experimental" but having taken it for a spin, it seems pretty stable to me. To run PIXEL on your PC or Mac, download the image, burn it onto a DVD or flash it onto a USB memory stick, and boot from it. The desktop environment will load ready for use.

An anonymous reader writes: Adobe released today Flash Player 24 for Linux, after previously abandoning the application without explanation in 2012. The NPAPI architecture of Flash Player for Linux is now on par with Windows and Mac releases on version 24, after spending the last few years stuck at version 11.2 and only receiving small patches and security fixes, but no new features. Today's Flash Player 24 for Linux release comes after Adobe teased its release on August 31, and later released a Beta version (v23) in October. Despite updating Flash Player for Linux to the same version number as its Windows and Mac alternatives, the Linux variant still lags behind on features. While Flash Player 24 includes all the security features included in the Windows and Mac versions, the Linux version doesn't support accelerated GPU 3D acceleration and video DRMs. If users need these features, Adobe says users should use Chrome for Linux, where Google's own port, the Pepper Flash plugin (PPAPI architecture) supports them.

An anonymous reader writes: The non-profit association that sponsors Linus Torvalds' work on Linux also offers self-paced online training and certification programs. And now through December 22, they're available at a 50% discount. "Make learning Linux and other open source technologies your New Year's Resolution this holiday season," reads a special page at LinuxFoundation.org. There's training in Linux security, networking, and system administration, as well as software-defined networking and OpenStack administration. (Plus a course called "Fundamentals Of Professional Open Source Management," and two certification programs that can make you a Linux Foundation-certified engineer or system administrator.)
And if you order right now, they'll also give you a free mug with a penguin on it.

mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.
Citing the security note, CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time."

Long-time Slashdot reader paranoidd writes: GoboLinux announced Thursday the availability of a new major release. What's special about it is that it comes together with a container-free filesystem virtualization that's kind of unique thanks to the way that installed programs are arranged by the distro. Rather than having to create full-fledged containers simply to get around conflicting libraries, a lightweight solution simply plays with overlays to create dynamic filesystem views for each process that wants them. Even more interesting, the whole concept also enables 32-bit and 64-bit programs to coexist with no need for a lib64 directory (as implemented by mostly all bi-arch distributions out there).
"Instead of having parts of a program thrown at /usr/bin, other parts at /etc and yet more parts thrown at /usr/share/something/or/another, each program gets its own directory tree, keeping them all neatly separated and allowing you to see everything that's installed in the system and which files belong to which programs in a simple and obvious way."

Long time reader BrianFagioli writes: if you love Linux Mint and use it regularly, I have very good news -- version 18.1 'Serena' is finally here. There are two desktop environments from which to choose -- Cinnamon and Mate. Regardless of which version you choose, please know that it is based on Ubuntu 16.04, which offers long-term support (LTS). In other words, Linux Mint 18.1 will be supported until 2021. Linux Mint 18.1 comes with the updated Cinnamon 3.2 which looks to be wonderful. The Mint team touts a new screensaver/ login screen in the desktop environment, and yeah, it looks good.

An anonymous reader writes: It's the year of the Linux desktop getting pwned. Chris Evans (not the red white and blue one) has released a number of linux zero day exploits, the most recent of which employs specially crafted audio files to compromise linux desktop machines. Ars Technica reports: "'I like to prove that vulnerabilities are not just theoretical -- that they are actually exploitable to cause real problems,' Evans told Ars when explaining why he developed -- and released -- an exploit for fully patched systems. 'Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability. I'm helping to stamp that out.' Like Evans' previous Linux zero-day, the proof-of-concept attacks released Tuesday exploit a memory-corruption vulnerability closely tied to GStreamer, a media framework that by default ships with many mainstream Linux distributions. This time, the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles. The two audio files are encoded in the SPC music format used in the Super Nintendo Entertainment System console from the 1990s. Both take aim at a heap overflow bug contained in code that emulates the console's Sony SPC700 processor. By changing the .spc extension to .flac and .mp3, GSteamer and Game Music Emu automatically open them."

An anonymous reader writes: To protect Tor users from FBI hacking tools that include all sorts of Firefox zero-days, the Tor Project started working on a sandboxed version of the Tor Browser in September. Over the weekend, the Tor Project released the first alpha version of the sandboxed Tor Browser. "Currently, this version is in an early alpha stage, and only available for Linux," reports BleepingComputer. "There are also no binaries available, and users must compile it themselves from the source code, which they can grab from here." The report notes: "Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can't be leveraged to extend access to the underlying operating system. This is because the sandboxed application works with its own separate portion of disk and memory that isn't linked with the OS."

"As expected, today, December 11, 2016, Linus Torvalds unleashed the final release of the highly anticipated Linux 4.9 kernel," reports Softpedia. prisoninmate shares their article: Linux kernel 4.9 entered development in mid-October, on the 15th, when Linus Torvalds decided to cut the merge window short by a day just to keep people on their toes, but also to prevent them from sending last-minute pull requests that might cause issues like it happened with the release of Linux kernel 4.8, which landed just two weeks before first RC of Linux 4.9 hit the streets... There are many great new features implemented in Linux kernel 4.9, but by far the most exciting one is the experimental support for older AMD Radeon graphics cards from the Southern Islands/GCN 1.0 family, which was injected to the open-source AMDGPU graphics driver...

There are also various interesting improvements for modern AMD Radeon GPUs, such as virtual display support and better reset support, both of which are implemented in the AMDGPU driver. For Intel GPU users, there's DMA-BUF implicit fencing, and some Intel Atom processors got a P-State performance boost. Intel Skylake improvements are also present in Linux kernel 4.9.
There's also dynamic thread-tracing, according to Linux Today. (And hopefully they fixed the "buggy crap" that made it into Linux 4.8.) LWN.net calls this "by far the busiest cycle in the history of the kernel project."

BrianFagioli writes: If you want to use Fedora but do not want to spend time manually installing packages and repos, there is a solid alternative -- Korora. Despite the funny-sounding name, it is a great way to experience Fedora in a more user-friendly way. Wednesday, version 25, code-named 'Gurgle', became available for release.

msm1267 quotes Kaspersky Lab's ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introd in August 2011.

A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.
"Basically it's a bait-and-switch," the researcher told Threatpost. "The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react."

BrianFagioli quotes a report from BetaNews: The Nintendo NES Classic is quite an amazing console. True, it is not as powerful as modern game systems like Xbox One and PlayStation 4, but it comes pre-loaded with many classic NES titles. Unfortunately, its strength is also its weakness -- those pre-loaded titles are the only games you can play. You cannot load other games, so you are stuck with what you got. As an alternative, some folks use software emulation and ROMs on their computers to play countless video game titles. Of course, there are moral concerns here, as you are often downloading the games illegally -- unless you own the physical copy, that is. Even then, it is a gray area. Today, a company called Doyodo launched a new Linux-powered emulation console on Indiegogo. The device not only plays NES games, but Atari, Game Boy, PlayStation 1, Genesis, and more. You play using USB controllers. In addition, it can serve as a media player (with Kodi) or a full-fledged Linux desktop. Some other features include 4K video playback, Wi-Fi networking built in, and a compact and portable design. There's even a deluxe version that ships with Bluetooth, an extra controller and 32GB of storage; the basic configuration includes just one controller and 16GB of storage. You can view the Indiegogo page here.

BrianFagioli shares his story on Beta News: Feeling fatigued by Windows 10 and its constant updates and privacy concerns? Can't afford one of those beautiful new MacBook Pro laptops? Don't forget, Linux-based desktop operating systems are just a free download away, folks!

If you do decide to jump on the open source bandwagon, a good place to start is Linux Mint. Both the Mate and Cinnamon desktop environments should prove familiar to Windows converts, and since it is based on Ubuntu, there is a ton of compatible packages. Today, the first beta of Linux Mint 18.1 'Serena' becomes available for download.
Here's the release notes for both Cinammon and MATE.

Long-time Slashdot reader Billly Gates writes, "For all the systemd haters who want a modern distro feel free to rejoice. The Debian fork called Devuan is almost done, completing a daunting task of stripping systemd dependencies from Debian." From The Register: Devuan came about after some users felt [Debian] had become too desktop-friendly. The change the greybeards objected to most was the decision to replace sysvinit init with systemd, a move felt to betray core Unix principles of user choice and keeping bloat to a bare minimum. Supporters of init freedom also dispute assertions that systemd is in all ways superior to sysvinit init, arguing that Debian ignored viable alternatives like sinit, openrc, runit, s6 and shepherd. All are therefore included in Devuan.
Devuan.org now features an "init freedom" logo with the tagline, "watching your first step. Their home page now links to the download site for Devuan Jessie 1.0 Beta2, promising an OS that "avoids entanglement".

Long-Time Slashdot reader sconeu is finally replacing his 10-year-old Toshiba Satellite laptop, and needs suggestions on the best current laptops for running Linux. I'm looking to run some flavor of Linux (probably KDE-based UI, but not mandatory) while using a virtual machine to run Windows 7 (for stuff needed for work). For me personally, battery life and weight are more important than raw power. I'm not going to be running games on this. I've been considering an XPS 13 Developer Edition, or something from System76, ZaReason or Emperor Linux. What laptop do you use? Do you have any suggestions?
It's your chance to share useful information, recommendations, and your own experiences with various brands of laptop. So leave your best answers in the comments. What's the best Linux laptop?

Canonical isn't pleased with cloud providers who are publishing broken, insecure images of Ubuntu despite being notified several times. In a blogpost, Mark Shuttleworth, the founder of Ubuntu, and the Executive Chairman and VP, Product Strategy at Canonical, made the situation public for all to see. An excerpt from the blog post: We are currently in dispute with a European cloud provider which has breached its contract and is publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly. The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways (the internet is full of fun examples). We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that. We have spent many months of back and forth in which we unsuccessfully tried to establish the same operational framework on this cloud that already exists on tens of clouds around the world. We have on multiple occasions been promised it will be rectified to no avail. We are now ready to take legal steps to remove these images. We will seek to avoid affecting existing running users, but we must act to prevent future users from being misled. We do not make this move lightly, but have come to the view that the value of Ubuntu to its users rests on these commitments to security, quality and updates.