Today the San Jose Mercury News asked several prominent security experts which security products they were actually using for their own data. An anonymous Slashdot reader writes: The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security. ("I don't like to get complacent and rely on it in any way...") He does regularly encrypt his e-mail, "but he doesn't recommend that average users scramble their email, because he thinks the encryption software is just too difficult to use."

The newspaper also interviewed security expert Eugene Spafford, who rarely updates the operating system on one of his computers -- because it's not connected to the internet -- and sometimes even accesses his files with a virtual machine, which he then deletes when he's done. His home router is equipped with a firewall device, and "he's developed some tools in his research center that he uses to try to detect security problems," according to the article. "There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me."
Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."

Long-time Slashdot reader sfcrazy writes: During LinuxCon, Torvalds was full of praise for GNU GPL: "The GPL ensures that nobody is ever going to take advantage of your code. It will remain free and nobody can take that away from you. I think that's a big deal for community management... FSF [Free Software Foundation] and I don't have a loving relationship, but I love GPL v2. I really think the license has been one of the defining factors in the success of Linux because it enforced that you have to give back, which meant that the fragmentation has never been something that has been viable from a technical standpoint."

And he thinks the BSD license is bad for everyone: "Over the years, I've become convinced that the BSD license is great for code you don't care about," Torvalds said.
But Linus also addressed the issue of enforcing the GPL on the Linux foundation mailing list when someone proposed a discussion of it at Linuxcon. "I think the whole GPL enforcement issue is absolutely something that should be discussed, but it should be discussed with the working title 'Lawyers: poisonous to openness, poisonous to community, poisonous to projects'... quite apart from the risk of loss in a court, the real risk is something that happens whether you win or lose, and in fact whether you go to court or just threaten: the loss of community, and in particular exactly the kind of community that can (and does) help. You lose your friends."

An anonymous reader quotes a report from BetaNews: Today, the first beta of Ubuntu Linux 16.10 sees release. Once again, a silly animal name is assigned, this time being the letter "Y" for the horned mammal, "Yakkety Yak." This is also a play on the classic song "Yakety Yak" by The Coasters. Please be sure not to "talk back" while testing this beta operating system! "Pre-releases of the Yakkety Yak are not encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage. They are, however, recommended for Ubuntu flavor developers and those who want to help in testing, reporting and fixing bugs as we work towards getting this bos grunniens ready. Beta 1 includes a number of software updates that are ready for wider testing. These images are still under development, so you should expect some bugs," says Set Hallstrom, Ubuntu Studio project lead. He adds: "While these Beta 1 images have been tested and work, except as noted in the release notes, Ubuntu developers are continuing to improve the Yakkety Yak. In particular, once newer daily images are available, system installation bugs identified in the Beta 1 installer should be verified against the current daily image before being reported in Launchpad. Using an obsolete image to re-report bugs that have already been fixed wastes your time and the time of developers who are busy trying to make 16.10 the best Ubuntu release yet. Always ensure your system is up to date before reporting bugs." Here are the following download links: Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio.

The creator of Linux, Linus Torvalds, posted his famous message announcing Linux on August 25, 1991, claiming that it was "just a hobby, won't be big and professional like gnu." ZDNet's Steven J. Vaughan-Nichols caught up with Linus Torvalds and talked about Linux's origins in a series of interviews: "SJVN: What's Linux real birthday? You're the proud papa, when do you think it was? When you sent out the newsgroup post to the Minix newsgroup on August 25, 1991? When you sent out the 0.01 release to a few friends?

LT: I think both of them are valid birthdays. The first newsgroup post is more public (August 25), and you can find it with headers giving date and time and everything. In contrast, I don't think the 0.01 release was ever announced in any public setting (only in private to a few people who had shown interest, and I don't think any of those emails survived). These days the way to find the 0.01 date (September 17) is to go and look at the dates of the files in the tar-file that still remains. So, both of them work for me. Or either. And, by the way, some people will argue for yet other days. For example, the earliest public semi-mention of Linux was July 3: that was the first time I asked for some POSIX docs publicly on the minix newsgroup and mentioned I was working on a project (but didn't name it). And at the other end, October 5 was the first time I actually publicly announced a Linux version: 'version 0.02 (+1 (very small) patch already).' So you might have to buy four cakes if you want to cover all the eventualities." Vaughan-Nichols goes on to pick Linus' brain about what he was doing when he created Linux. In honor of Linux's 25th birthday today, let's all sing happy birthday... 1... 2... 3...

The Linux operating system kernel is 25 years old this month, ArsTechnica writes. It was August 25, 1991 when Linus Torvalds posted his famous message announcing the project, claiming that Linux was "just a hobby, won't be big and professional like gnu." From the article: But now, Linux is far bigger and more professional than Torvalds could have imagined. Linux powers huge portions of the Internet's infrastructure, corporate data centers, websites, stock exchanges, the world's most widely used smartphone operating system, and nearly all of the world's fastest supercomputers. The successes easily outweigh Linux's failure to unseat Microsoft and Apple on PCs, but Linux has still managed to get on tens of millions of desktops and laptops and Linux software even runs on Windows.Do you use any Linux-based operating system? Share your experience with it. What changes would you want to see in it in the next five years?

An anonymous Slashdot reader writes: I'm surprised this hasn't surfaced on Slashdot already, but yesterday Phoronix reported that systemd will soon be handling file system mounts, along with all the other stuff that systemd has encompassed. The report generated the usual systemd arguments over on Reddit.com/r/linux with Lennart Poettering, systemd developer and architect, chiming in with a few clarifications.
Lennart argued it will greatly improve the handling of removable media like USB sticks.

An anonymous Slashdot reader quotes a report from fossBytes: Linux Mint 18 'Sarah' KDE Edition Beta is now available for download and testing. This release is based on the long-term supported Linux 4.4 kernel and KDE Plasma 5.6 desktop environment. The final release of this widely popular distro is expected to arrive in September... Just like MATE, Cinnamon, and Xfce releases, the KDE release is a long term release that will remain supported until 2021.

Linux Mint 18 'Sarah' KDE Edition ships with Mozilla Firefox as default web browser and LibreOffice as the default office suite. The Linux distro also features a wide range of popular KDE apps like Kontact, Dolphin, Gwenview, KMail, digiKam, KTorrent, Skanlite, Konversation, K3b, Konsole, Amarok, Ark, Kate, Okular, and Dragon Player.
"Unlike other Linux Mint editions, the KDE edition will ship with the SDDM display manager," reports the Linux Mint blog. Distrowatch notes that it's based on Ubuntu 16.04, and suggests "Mint's 'KDE' flavour might turn out to be the most interesting of the bunch, especially if the project's usually excellent quality assurance is applied to this edition in the same manner as in its 'MATE' and 'Cinnamon' variants."

Intel demoed their new robotics compute module this week. Scheduled for release in 2017, it's equipped with various sensors, including a depth-sensing camera, and it runs Ubuntu on a quad-core Atom. Slashdot reader DeviceGuru writes: Designed for researchers, makers, and robotics developers, the device is a self contained, candy-bar sized compute module ready to pop into a robot. It's augmented with a WiFi hotspot, Bluetooth, GPS, and IR, as well as proximity, motion, barometric pressure sensors. There's also a snap-on battery.

The device is preinstalled with Ubuntu 14.04 with Robot Operating System (ROS) Indigo, and can act as a supervisory processor to, say, an Arduino subsystem that controls a robot's low-level functions. Intel demoed a Euclid driven robot running an obstacle avoidance and follow-me tasks, including during CEO Brian Krzanich's keynote (YouTube video).
Intel says they'll also release instructions on how to create an accompanying robot with a 3D printer. This plug-and-play robotics module is a proof-of-concept device -- the article includes some nice pictures -- but it already supports programming in Node.js (and other high-level languages), and has a web UI that lets you monitor performance in real-time and watch the raw camera feeds.

An anonymous reader writes: A trojan that targeted Drupal sites on Linux servers last May that was incredibly simplistic and laughable in its attempt to install (and fail) web ransomware on compromised websites, has now received a major update and has become a top threat on the malware scene. That trojan, named Rex, has evolved in only three months into an all-around threat that can: (1) compromise servers and devices running platforms like Drupal, WordPress, Magento, Jetspeed, Exarid, AirOS; (2) install cryptocurrency mining in the background; (3) send spam; (4) use a complex P2P structure to manage its botnet; and (5) install a DDoS agent which crooks use to launch DDoS attacks.

Worse is that they use their DDoS capabilities to extort companies. The crooks send emails to server owners announcing them of 15-minute DDoS tests, as a forewarning of future attacks unless they pay a ransom. To scare victims, they pose as a known hacking group named Armada Collective. Other groups have used the same tactic, posing as Armada Collective, and extorting companies, according to CloudFlare.

A long-time loyal KDE user "always felt that it was the more complete and integrated of the many Linux desktop environments...thus having the most potential to win over new Linux converts." And while still using KDE exclusively without any major functional issues, now Slashdot reader fwells shares concerns about the future of desktop development, along with a personal opinion -- that KDE is becoming stale and stagnant: KDE-Look.org, once a fairly vibrant and active contributory site, has become a virtual ghost town... Various core KDE components and features are quite broken and have been so for some time... KDEPIM/KMail frankly seems targeted specifically at the poweruser, maintaining over many years its rather plain and arguably retro interface. The Konqueror web browser has been a virtual carcass for several years, yet it mysteriously remains an integral component...

So, back to my opening question... Is KDE Dying? Has innovation and development evaporated in a development world dominated by the mobile device? And, if so, can it be reinvigorated? Will the pendulum ever swing back? Can it? Should it?
The original submission has some additional thoughts on Windows 10 and desktop development -- but also specific complaints about KDE's Recent Items/Application Launcher History and the KDE theming engine (which "seems disjointed and rather non-intuitive".) The argument seems to be that KDE lacks curb appeal to fulfill that form-over-function preference of the larger community of users, so instead it's really retaining the practical appeal of "my 12 year old Chevy truck, feature rich for its time... Solid and reliable, but definitely starting to fade and certainly lacking some modern creature comforts."

So leave your own thoughts in the comments. Does desktop development need to be reinvigorated in a world focused on mobile devices -- and if so, what is its future? And is KDE slowly dying?

An anonymous reader writes: Fedora 25 will finally be the first release for this Linux distribution -- and the first tier-one desktop Linux OS at large -- that is going ahead and using Wayland by default. Wayland has been talked about for years as a replacement to the xorg-server and finally with the upcoming Fedora 25 release this is expected to become a reality. The X.Org Server will still be present on Fedora systems for those running into driver problems or other common issues.
Fedora's steering committee agreed to the change provided the release notes "are clear about how to switch back to X11 if needed." In addition, according to the Fedora Project's wiki, "The code will automatically fall back to Xorg in cases where Wayland is unavailable (like NVIDIA)."

An anonymous reader quotes a report from VentureBeat: Google today announced plans to kill off Chrome apps for Windows, Mac, and Linux in early 2018. Chrome extensions and themes will not be affected, while Chrome apps will continue to live on in Chrome OS. Here's the deprecation timeline:

Late 2016: Newly published Chrome apps will not be available to Windows, Mac, and Linux users (when developers submit apps to the Chrome Web Store, they will only show up for Chrome OS). Existing Chrome apps will remain available as they are today and developers can continue to update them.
Second half of 2017: The Chrome Web Store will no longer show Chrome apps on Windows, Mac, and Linux.
Early 2018: Chrome apps will not load on Windows, Mac, and Linux. There appears to be two main reasons why Google is killing Chrome apps off now. First, as Google explains in a blog post: "For a while there were certain experiences the web couldn't provide, such as working offline, sending notifications, and connecting to hardware. We launched Chrome apps three years ago to bridge this gap. Since then, we've worked with the web standards community to enable an increasing number of these use cases on the web. Developers can use powerful new APIs such as service worker and web push to build robust Progressive Web Apps that work across multiple browsers." Secondly, Chrome apps aren't very popular: "Today, approximately 1 percent of users on Windows, Mac and Linux actively use Chrome packaged apps, and most hosted apps are already implemented as regular web apps. Chrome on Windows, Mac, and Linux will therefore be removing support for packaged and hosted apps over the next two years."

Microsoft announced on Thursday that it is open sourcing PowerShell, its system administration, scripting, and configuration management tool that has been a default part of Windows for several years. The company says it will soon release PowerShell on Mac and Linux platforms. PCWorld reports: The company is also releasing alpha versions of PowerShell for Linux (specifically Ubuntu, Centos and Redhat) and Mac OS X. A new PowerShell GitHub page gives people the ability to download binaries of the software, as well as access to the app's source code. PowerShell on Linux and Mac will let people who have already built proficiency with Microsoft's scripting language take those skills and bring them to new platforms. Meanwhile, people who are used to working on those platforms will have access to a new and very powerful tool for getting work done. It's part of Microsoft's ongoing moves to open up products that the company has previously kept locked to platforms that it owned. The company's open sourcing of its .NET programming frameworks in 2014 paved the way for this launch, by making the building blocks of PowerShell available on Linux and OS X. By making PowerShell available on Linux, Microsoft has taken the skills of Windows administrators who are already used to the software, and made them more marketable. It has also made it possible for hardcore Linux users to get access to an additional set of tools that they can use to manage a variety of systems.

Reader prisoninmate writes: Immediately after announcing the availability of the first point release for the Linux 4.7 kernel series, Greg Kroah-Hartman also informed the community about the launch of Linux kernel 4.6.7, which is the seventh maintenance update for the Linux 4.6 stable kernel branch, but it also looks like it's the last one for the series, which has now officially reached end of life. Therefore, if you're using a GNU/Linux operating system powered by a kernel from the Linux 4.6 branch, you are urged to move to Linux kernel 4.7 as soon as possible by installing the brand new Linux kernel 4.7.1 build.

An anonymous reader writes from a report via Softpedia: "Researcher Jerry Decime revealed details about a security vulnerability that allows an attacker to gain a Man-in-the-Middle position and intercept HTTPS traffic thanks to flaws in the implementation of proxy authentication procedures in various products," reports Softpedia. The flaw can be used to collect user credentials by tricking victims into re-authenticating, sending data to a third-party. Multiple software vendors deploy applications that can handle proxy connections. Until now, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected. Lenovo said this bug does not impact its software. Other software vendors that are still evaluating the FalseCONNECT bug and may be affected include multiple Linux distros, Cisco, Google, HP, IBM, Juniper, Mozilla, Nokia, OpenBSD, SAP, Sony, and others.

Zack Whittaker, writing for ZDNet: As many as 80 percent of Android devices are vulnerable to a recently disclosed Linux kernel vulnerability. Security firm Lookout said in a blog post on Monday that the flaw affects all phones and tablets that are running Android 4.4 KitKat and later, which comes with the affected Linux kernel 3.6 or newer. According to recent statistics, the number of devices affected might run past 1.4 billion phones and tablets -- including devices running the Android Nougat developer preview. Windows and Macs are not affected by the vulnerability. The flaw, disclosed at the Usenix security conference last week, is complicated and difficult to exploit. If an attacker can pull off an exploit, they could inject malicious code into unencrypted web traffic from "anywhere". However, the source and destination IP address would need to be known in order to intercept the traffic, adding to the complexity of carrying out a successful attack.The exploitability isn't easy, though.

An anonymous Slashdot reader quotes ITWire: Linux kernel developer Christoph Hellwig has lost his case against virtualisation company VMware, which he had sued in March 2015 for violation of version 2 of the GNU General Public Licence... The case claimed that VMware had been using Hellwig's code right from 2007 and not releasing source code as required. The Linux kernel, which is released under the GNU GPL version 2, stipulates that anyone who distributes it has to provide source code for the same...

In its ruling, the court said that Hellwig had failed to prove which specific lines of code VMware had used, from among those over which he claimed ownership.
In a statement, Hellwig said he plans to appeal, adding that "The ruling concerned German evidence law; the Court did not rule on the merits of the case, i.e. the question whether or not VMware has to license the kernel of its product vSphere ESXi 5.5.0 under the terms of the GNU General Public License, version 2." The Software Freedom Conservancy has described the lawsuit as "the regretful but necessary next step in both Hellwig and Conservancy's ongoing effort to convince VMware to comply properly with the terms of the GPLv2, the license of Linux and many other Open Source and Free Software included in VMware's ESXi products."

RancherOS is a lean Linux distribution aiming to offer "the minimum necessary to get Docker up and running," and tucking many actual Linux services into Docker containers. An anonymous Slashdot reader quotes Distrowatch: Josh Curl has announced the release of a new version of RancherOS [which] moves the project out of its alpha status and introduces new features, including an official Raspberry Pi image... "We're especially excited about this since it offers users a cheap method of getting started with Docker and RancherOS."

"The first release candidate for the upcoming FreeBSD 11.0 is ready for testing," reports Distrowatch, noting various changes. ("A NULL pointer dereference in IPSEC has been fixed; support for SSH protocol 1 has been removed; OpenSSH DSA keys have been disabled by default...") Now an anonymous Slashdot reader writes: Sunday Phoronix performed some early benchmark testing, comparing FreeBSD 10.3 to FreeBSD 11.0 as well as DragonFlyBSD, Ubuntu, Intel Clear Linux and CentOS Linux 7. They reported mixed results -- some wins and some losses for FreeBSD -- using a clean install with the default package/settings on the x86_64/amd64 version for each operating system.

FreeBSD 11.0 showed the fastest compile times, and "With the SQLite benchmark, the BSDs came out ahead of Linux [and] trailed slightly behind DragonFlyBSD 4.6 with HAMMER. The 11.0-BETA4 performance does appear to regress slightly for SQLite compared to FreeBSD 10.3... With the BLAKE2 crypto test, all four Linux distributions were faster than DragonFlyBSD and FreeBSD... with the Apache web server benchmark, FreeBSD was able to outperform the Linux distributions..."

An anonymous Slashdot reader writes: Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS)...and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed...

Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer.
The researchers demonstrated two attacks on Debian and Ubuntu systems -- flipping a bit to change a victim's RSA public key, and installing a software package infected with malware by altering a URL used by apt-get. "Debian, Ubuntu and other companies involved in the research were notified before the paper was published, and have all responded to the issue."