Steve Parrish writes: I needed a new laptop and found a great deal on an Asus Transformer TP500L. It's one of the laptops where you can flip the screen back and use it as a tablet. I'd like to replace Windows 8.1, and I'm having a difficult time finding a Linux distro that will work on it. I'm familiar with Mint, SolydX, and older Ubuntu versions. I tried the latest Ubuntu with Unity and didn't like it, but the OS installed with only a few minor issues. Has anyone tried any other distros on a hybrid laptop with a touchscreen? I've used Linux for several years, but I'm no guru -- I'm not comfortable with the command line or other advanced workings. Any suggestions would be appreciated.

An anonymous reader writes: Along with the open-source AMD Linux driver having a great 2014, the AMD Catalyst proprietary driver for Linux has also improved a lot. Beyond the open-source Radeon Gallium3D driver closing in on Catalyst, the latest Phoronix end-of-year tests show the AMD Catalyst Linux driver is beating Catalyst on Windows for some OpenGL benchmarks. The proprietary driver tests were done with the new Catalyst "OMEGA" driver. Is AMD beginning to lead real Linux driver innovations or is OpenGL on Windows just struggling?

jones_supa writes: Siddhesh Poyarekar from Red Hat has taken a professional look into mathematical functions found in Glibc (the GNU C library). He has been able to provide an 8-times performance improvement to slowest path of pow() function. Other transcendentals got similar improvements since the fixes were mostly in the generic multiple precision code. These improvements already went into glibc-2.18 upstream. Siddhesh believes that a lot of the low hanging fruit has now been picked, but that this is definitely not the end of the road for improvements in the multiple precision performance. There are other more complicated improvements, like the limitation of worst case precision for exp() and log() functions, based on the results of the paper Worst Cases for Correct Rounding of the Elementary Functions in Double Precision (PDF). One needs to prove that those results apply to the Glibc multiple precision bits.

jfruh writes Heartbleed, Shellshock, Poodle — all high-profile vulnerabilities in widely used libraries that rocked the software industry in 2014. Sadly, experts are now beginning to believe that these aren't the only bugs lurking out there in widely used open source code, just the ones that grabbed the most attention. It's beginning to look like one of the foundation concepts of open source — that with enough eyes, all bugs are shallow — is a myth. Of course, probably no one believes that all bugs are instantly shallow, no matter how open is the source, or that open source software is immune from bugs -- particularly ESR, coiner of the phrase.

DeviceGuru writes As seen in this year-end summary of 40 hacker-friendly SBCs, 2014 brought us plenty of new Linux and Android friendly single-board computers to tinker with — ranging from $35 bargains, to octa-core powerhouses. Many of the new arrivals feature 1-2GHz multicore SoCs, 1-2GB RAM, generous built-in flash, gigabit Ethernet, WiFi, on-board FPGAs, and other extras. However, most of the growth has been in the sub-$50 segment, where the Raspberry Pi and BeagleBone reign supreme, but are now being challenged by a growing number of feature-enhanced clones, such as the Banana Pi and Orange Pi. Best of all, there's every reason to expect 2015 to accelerate these trends.

An anonymous reader writes Linux 3.18 was recently released, thus making Linux 3.19 the version under development as the year comes to a close. Linux 3.19 as the first big kernel update of 2015 is bringing in the new year with many new features: among them are AMDKFD HSA kernel driver, Intel "Skylake" graphics support, Radeon and NVIDIA driver improvements, RAID5/6 improvements for Btrfs, LZ4 compression for SquashFS, better multi-touch support, new input drivers, x86 laptop improvements, etc.

An anonymous reader writes Developer Jonathan Rudenberg has discovered and pointed out a glaring security hole in Docker's system. He says, "Recently while downloading an 'official' container image with Docker I saw this line: ubuntu:14.04: The image you are pulling has been verified

I assumed this referenced Docker's heavily promoted image signing system and didn't investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security.

Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities." Docker's lead security engineer has responded here.

DeviceGuru writes: Erle Robotics has launched what is claimed to be the first drone to run both a Pixhawk APM autopilot and ROS directly on Linux. Over the last year Erle Robotics and 3DRobotics have collaborated on developing an open source, all-Linux BeagleBone Black-based autopilot for drones using the popular 3DR APM architecture, but without using Nuttx RTOS for the real-time bits. In addition to being used on a new 'Erle-copter' quadcopter drone, the new all-Linux 'Erle-brain' APM will ship in both a two-winged UAV and a four-wheeled robotic vehicle, due next spring.

zdzichu writes: The group of anonymous Italians behind the recent Debian fork have published their first progress report. It covers a wide range of topics: the 4.5k€ of donations received so far, moving distro infrastructure from GitHub to GitLab, progress on LoginKit (which replaces systemd's logind), fraud accusations, logo discussions, and few more important points.

An anonymous reader writes: After ten years of development focused on improving and simplifying Linux networking, NetworkManager 1.0 was released. NetworkManager 1.0 brings many features including an increasingly modernized client library, improved command-line support, a lightweight internal DHCP client, better Bluetooth support, VPN enhancements, WWAN IPv6 support, and other features.

Their website says, 'Come for the code, stay for the people! We have awesome attendees and electrifying parties. Check out the robotics club, the automated home brewing system running on Linux, or the game room for extra conference fun.' This is an all-volunteer conference, and for a change the volunteers who run it are getting things together far in advance instead of having sessions that don't get scheduled until a few days before the conference, which has happened more than once with LFNW.

So if you have an idea for a session, this is the time to start thinking about it. Sponsors are also welcome -- and since LFNW sponsorships regularly sell out, it's not to soon to start thinking about becoming a sponsor -- and if you are part of a non-profit group or FOSS project, LFNW offers free exhibit space because this is a conference that exists for the community, not to make money for a corporate owner. But don't delay. As you can imagine, those free exhibit spots tend to fill up early. (Alternate Video Link)

itwbennett writes In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September. Update: 12/19 04:47 GMT by S : Reader deathcamaro points out that Red Hat and others say this is not a flaw at all, but expected behavior.

DeviceGuru writes: Hardkernel has again set its sights on the Raspberry Pi with a new $35 Odroid-C1 hacker board that matches the RPI's board size and offers a mostly similar 40-pin expansion connector. Unlike the previous $30 Odroid-W that used the same Broadcom BCM2835 SoC as the Pi and was soon cancelled due to lack of BCM2835 SoC availability, the Odroid-C1 is based on a quad-core 1.5GHz Cortex-A5 based Amlogic S805 SoC, which integrates the Mali-400 GPU found on Allwinner's popular SoCs. Touted advantages over the similarly priced Raspberry Pi Model B+ include a substantially more powerful processor, double the RAM, an extra USB2.0 port that adds Device/OTG, and GbE rather than 10/100 Ethernet.

judgecorp writes: Canonical just announced Ubuntu Core, which uses containers instead of packages. It's the biggest Ubuntu shakeup for 20 years, says Canonical's Mark Shuttleworth, and is based on a tiny core, which will run Docker and other container technology better, quicker and with greater security than other Linux distros. Delivered as alpha code today, it's going to become a supported product, designed to compete with both CoreOS and Red Hat Atomic, the two leading container-friendly Linux approaches. Shuttleworth says it came about because Canonical found it had solved the "cloud" problems (delivering and updating apps and keeping security) by accident — in its work on a mobile version of Ubuntu.

linuxscreenshot writes: The Fedora Project has announced the release of Fedora 21. "As part of the Fedora.next initiative, Fedora 21 comes in three flavors: Cloud, Server, and Workstation. Cloud is now a top-level deliverable for Fedora 21, and includes images for use in private cloud environments like OpenStack, as well as AMIs for use on Amazon, and a new "Atomic" image streamlined for running Docker containers. The Fedora Server flavor is a common base platform that is meant to run featured application stacks, which are produced, tested, and distributed by the Server Working Group. The Fedora Workstation is a new take on desktop development from the Fedora community. Our goal is to pick the best components, and integrate and polish them. This work results in a more polished and targeted system than you've previously seen from the Fedora desktop." Here are screenshots for Fedora 21: GNOME, KDE, Xfce, LXDE, and MATE.

An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.

sfcrazy writes If you have tried the live images of Ubuntu Next you may worry that Canonical is trying to do a Windows 8 with Ubuntu. That's not true. There is no need to worry though: A great deal of work is happening at a deeper level that may not have yet surfaced. It will surface eventually, however. Will Cooke of Canonical clarifies: "We are trying to make it clear that Unity 8 desktop will look like the traditional desktop and will behave like a normal desktop. We are very aware that our users expect a normal desktop there."

Unity 8 will offer the traditional desktop interface when it detects a desktop. The same OS will switch to a touch-based interface on touch-based devices such as tablets and smartphones.

An anonymous reader writes: Researchers from Moscow-based Kaspersky Labs have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.

The malware may have sat unnoticed on at least one victim computer for years, although Kaspersky Lab researchers still have not confirmed that suspicion. The trojan is able to run arbitrary commands even though it requires no elevated system privileges.

jones_supa writes As anticipated, Linus Torvalds officially released Linux 3.18. The new version is now out there, though that nasty lockup issue has still yet to be resolved. Dave Jones is nearing the end of dissecting the issue, but since it also affects Linux 3.17 and not too many people seem to get hit by the lockups, Linus Torvalds decided to go ahead and do the 3.18 release on schedule. Linus was also concerned that dragging out the 3.18 release would then complicate the Linux 3.19 merge window due to the holidays later this month. Now the Linux 3.19 kernel merge window is open for two weeks of exciting changes.

schmaustech writes: A lot of businesses pay for Linux support. But at what point does that stop being worth the money? When would a company be better served by setting up their own internal support? When does it make sense for them to write their own patches, which could be submitted back to the community? The inherit risk is that the organization is accountable and accepts the risks if a major bug is encountered within any of the open source applications they are using. What's your perspective on this, and how many major corporations are taking this approach?