prisoninmate writes: On Monday, February 22, 2016, Softpedia reported on the availability of new kernel updates for several of Canonical's supported Ubuntu Linux operating systems, including Ubuntu 15.10, for which five kernel vulnerabilities have been patched at that point in time. And from the looks of it, the respective kernel updates introduced a regression, which Canonical patched four days later, on February 26, 2016, saying that the issue was introduced along with the fixed vulnerabilities for Ubuntu 15.10 (Wily Werewolf) and it broke graphics displays for those running the OS in VMWare VMs.

WheatGrass writes to note that the company T-Platforms has introduced the first mass production unit based upon the Russian Baikal-T1 processor, mentioned here last in 2014. The new Baikal-based workstation is called the "Meadowsweet terminal," according to T-Platform's official website; the feature list says it's running a Debian-based Linux distro. "Congratulations, Russia," Says WheatGrass. (According to Google's translation of this Russian-language story at RG.RU Digital, "[Y]ou can install many conventional applications, such as the LibreOffice office suite, Firefox web browser, and so on, the developers say," but the main use seems to be as a thin client.)

LichtSpektren writes: Phoronix reports that Bradley M. Kuhn and Karen M. Sandler at the Software Freedom Conservancy (SFS) have posted a blog post today arguing that Canonical's plan to distribute Ubuntu 16.04 LTS "Xenial Xerus" with support for the ZFS file system violates the Linux kernel's GPLv2 license.

On February 18, Dustin Kirkland at Canonical wrote on his blog: "We at Canonical have conducted a legal review, including discussion with the industry's leading software freedom legal counsel, of the licenses that apply to the Linux kernel and to ZFS. And in doing so, we have concluded that we are acting within the rights granted and in compliance with their terms of both of those licenses...The CDDL cannot apply to the Linux kernel because zfs.ko is a self-contained file system module — the kernel itself is quite obviously not a derivative work of this new file system. And zfs.ko, as a self-contained file system module, is clearly not a derivative work of the Linux kernel but rather quite obviously a derivative work of OpenZFS and OpenSolaris. Equivalent exceptions have existed for many years, for various other stand alone, self-contained, non-GPL kernel modules. Our conclusion is good for Ubuntu users, good for Linux, and good for all of free and open source software."

The SFS's blog post of today states: "We are sympathetic to Canonical's frustration in this desire to easily support more features for their users. However, as set out below, we have concluded that their distribution of zfs.ko violates the GPL."

An anonymous reader writes: On February 20th, a hacker working under the handle 'Peace' took control of the website of Linux Mint, a popular Linux distribution derived from Ubuntu (and Debian) targeted toward non-technical users and power users unhappy with modern desktop environments. While these attacks are regrettable, and part of an infrastructure problem rather than a problem with the distribution itself, it increasingly appears that the Linux Mint team is spread too thin when it comes to security. The distribution itself blacklists updates that work perfectly in Ubuntu and Debian, and the graphical utilities don't update the kernel. Because the value added by Linux Mint is in Cinnamon, why do the developers need to distribute a broken version of Ubuntu when the Cinnamon DE could be distributed as an Ubuntu spin?

An anonymous reader writes: The milestone release FFmpeg 3.0 "Einstein" has been unleashed. For those who need a reminder, FFmpeg comprises several libraries and command-line tools (the main command-line tool being "ffmpeg") that encode, decode, transcode, and stream audio/visual data, etc. FFmpeg supports a multitude of codecs, filters, and container formats too numerous to mention here. FFmpeg is used by MPlayer, VLC, HandBrake, Chrome, and many other projects. Changes from 2.x to 3.0 include: a much better native AAC encoder, better hardware acceleration, and some API/ABI breakage. See this, this, this, this, and the changelog for much better descriptions of the improvements.

New submitter mmoorebz writes: The Linux Foundation is announcing new areas of focus for its Open Mainframe Project. The Open Mainframe Project is a collaborative effort launched six months ago as a focal point for the deployment and use of the Linux OS on the mainframe.

jones_supa writes: Vijay Pandurangan from Twitter warns about a Linux kernel bug that causes containers using Virtual Ethernet devices for network routing to not check TCP checksums. Examples of software stacks that use Virtual Ethernet devices are Docker on IPv6, Kubernetes, Google Container Engine and Mesos. The kernel flaw results in applications incorrectly receiving corrupt data in a number of situations, such as with bad networking hardware. The bug dates back at least 3 years or more – it is present in kernels as far back as the Twitter engineering team has tested. Their patch has been reviewed and accepted into the kernel, and is currently being backported to -stable releases back to 3.14 in various distributions. If you use containers in your setup, Pandurangan recommends that you deploy a kernel with this patch.

An anonymous reader writes: The Linux Mint website was hacked last night and was pointing to malicious ISOs that contained an IRC bot known as TSUNAMI, used as part of an IRC DDoSing botnet. While the Linux Mint team says they were hacked via their WordPress site, security experts have discovered that their phpBB forum database was put up for sale on the Dark Web at around the same time of the hack. Also, it seems that after the Linux Mint team cleaned their website, the hackers reinfected it, which caused the developers to take it down altogether.

prisoninmate writes: As some of you may know, Linux 4.3 was not an LTS (Long Term Support) release, so the last maintenance build is now Linux kernel 4.3.6, as announced earlier by Greg Kroah-Hartman, a renowned kernel developer and maintainer. While he's telling users of the Linux 4.3 series to update to the 4.3.6 point release, he also urges them, especially OS vendors, to move to the most advanced stable series, in this case, Linux kernel 4.4 LTS, which just received its second point release the other day. However, it appears that Linux kernel 4.3.6 is quite an update, as it changes a total of 197 files, with 2310 insertions and 963 deletions, bringing some much-needed improvements.

prisoninmate writes: Ubuntu 14.04.4 LTS (Long-Term Support) builds are available for download in the form of Live and Installable ISO images for Desktop, Server, Cloud, and Core products, on both 64-bit and 32-bit platforms, and that existing Ubuntu 14.04.3 LTS users can now update their systems. But not only Ubuntu 14.04 LTS (Trusty Tahr) users can update, as all the official flavors have been updated as well, so users of Kubuntu 14.04 LTS, Edubuntu 14.04 LTS, Xubuntu 14.04 LTS, Lubuntu 14.04 LTS, Ubuntu Studio 14.04 LTS, Mythbuntu 14.04 LTS, Ubuntu GNOME 14.04 LTS, and Ubuntu Kylin 14.04 LTS can also update their systems today or grab the new ISOs.

DeviceGuru writes: The Linux Foundation has launched the Zephyr Project, to foster an open source, small footprint, modular, scalable, connected, real-time OS for IoT devices. The Zephyr Project's RTOS implements both a small footpoint microkernel and an even tinier nanokernel, and is the result of Wind River contributing its Rocket RTOS kernel to the Zephyr Project. (Wind's Rocket RTOS will now become a downstream commercial distribution based on Zephyr sources.) To get a sense of Zephyr's benefit, its nanokernel is said to be able to run in as little as 10KB of RAM on 32-bit microcontrollers, whereas a minimalistic Linux implementation like uClinux needs upwards of 200KB. The Linux Foundation hopes to see cross-project collaboration between the Zephyr and Linux communities. Technical details are at the Zephyr site.

msm1267 writes: The glibc vulnerability disclosed this week has some experts on edge because of how DNS can leveraged in exploits. Dan Kaminsky said that while man-in-the-middle attacks are one vector, it would appear that it's also possible to exploit the bug and attack most Linux servers via DNS caching-only servers. 'This would be substantially worse if it went through the caching ecosystem; 99 percent of attack vectors go through that system,' Kaminsky said. Glibc, or the GNU C library, is used by most flavors of Linux and also a number of popular web services and frameworks, giving attacks potentially massive horizontal scale. The major Linux distros have patched and pushed updates to servers; source code is also available for homegrown Linux builds.

LichtSpektren writes: Ubuntu developer Dustin Kirkland has posted on his blog that Canonical plans to officially support the ZFS file system for the next Ubuntu LTS release, 16.04 "Xenial Xerus." The file system, which originates in Solaris UNIX, is renowned for its feature set (Kirkland touts "snapshots, copy-on-write cloning, continuous integrity checking against data corruption, automatic repair, efficient data compression") and its stability. "You'll find zfs.ko automatically built and installed on your Ubuntu systems. No more DKMS-built modules!" N.B. ext4 will still be the default file system due to the unresolved licensing conflict between Linux's GPLv2 and ZFS's CDDL.

Last week you asked questions of Ubuntu Unleashed author Matthew Helmke, about everything from system D to the future of Ubuntu and Canonical; he's responded, at length. Read on for Matthew's answers.

An anonymous reader writes: Today Google's online security team publicly disclosed a severe vulnerability in the Gnu C Library's DNS client. Due to the ubiquity of Glibc, this affects an astounding number of machines and software running on the internet, and raises questions about whether Glibc ought to still be the preferred C library when alternatives like musl are gaining maturity. As one example of the range of software affected, nearly every Bitcoin implementation is affected. Reader msm1267 adds some information about the vulnerability, discovered independently by security researchers at Red Hat as well as at Google, which has since been patched: The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory. "A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches," Red Hat said in an advisory. It's likely that all Linux servers and web frameworks such as Rails, PHP and Python are affected, as well as Android apps running glibc.

An anonymous reader writes: If an application can embed fonts with special characters, then it's probably using the Graphite font processing library. This library has several security issues which an attacker can leverage to take control of your OS via remote code execution scenarios. The simple attack would be to deliver a malicious font via a Web page's CSS. The malformed font loads in Firefox, triggers the RCE exploit, and voila, your PC has a hole inside through which malware can creep in.

An anonymous reader writes: In late 2014 NVIDIA announced their GPUs would begin requiring signed firmware images before the open-source driver could enable hardware acceleration. That led the Nouveau developers to call the latest GPUs "very open-source unfriendly", but that criticism can now be laid to rest as NVIDIA has finally released the signed firmware and basic open-source driver code. The open-source driver can now move on with its open-source 3D enablement for Maxwell GPUs and the NVIDIA developer is hoping it will be ready for the next kernel cycle (Linux 4.6).

The Linux Foundation is announcing FD.io ("Fido"), a Linux Foundation Project. FD.io is an open source project to provide an IO services framework for the next wave of network and storage software. Early support for FD.io comes from founding members 6WIND, Brocade, Cavium, Cisco, Comcast, Ericsson, Huawei, Inocybe Technologies, Intel Corporation, Mesophere, Metaswitch Networks (Project Calico), PLUMgrid and Red Hat.

Architected as a collection of sub-projects, FD.io provides a modular, extensible user space IO services framework that supports rapid development of high-throughput, low-latency and resource-efficient IO services. The design of FD.io is hardware, kernel, and deployment (bare metal, VM, container) agnostic.

jones_supa writes: Software developer Pavlo Rudyi has written a blog post about his experiences with the various desktop environments currently supporting Wayland. The results are not a big surprise, but nevertheless it is great to see the continued interest in Wayland and the ongoing work by many different parties in ensuring that Wayland will eventually be able to dominate the Linux desktop. To summarize, Pavlo found Weston to be "good," GNOME is "perfect," KDE is "bad," and Enlightenment is "good." He also created a video from his testing. Have you done any testing? What's your experience?

An anonymous reader writes: The popular Linux process viewer htop got a new major revision, and now runs natively on FreeBSD, OpenBSD and Mac OS X. The author discussed the process of making the tool cross-platform earlier this year at FOSDEM. Htop also got some new features, including mouse wheel support via ncurses 6 and listing process environment variables.