jones_supa writes: Dave Jones from Red Hat has written a wrap-up of the strange bug that has made some machines running Linux to freeze. (Previous discussion.) Right down to his final week at Red Hat before Dave gave all his hardware back, Linus Torvalds managed to reproduce similar symptoms, by scribbling directly to the HPET timer. He came up with a hack that at least made the kernel survive for him. When Dave tried the same patch, the machine ran for three days before he interrupted it, which was a promising result. The question remains, what was scribbling over the HPET in his case? The only two plausible scenarios Dave could think of were that Trinity generated 0xFED000F0 as a random address and passed that to a syscall which wrote to it, or a hardware bug. That's where the story ends for now. Linus' hacky workaround didn't get committed, but him and John Stultz continue to back and forth on hardening the clock management code in the face of screwed up hardware, so maybe soon we'll see something real get committed on that area.

Bruce Perens writes Chris Testa KB2BMH taught a class on gate-array programming the SmartFusion chip, a Linux system and programmable gate-array on a single chip, using MyHDL, the Python Hardware Design Language to implement a software-defined radio transceiver. Watch all 4 sessions: 1, 2, 3, 4. And get the slides and code. Chris's Whitebox hardware design implementing an FCC-legal 50-1000 MHz software-defined transceiver in Open Hardware and Open Source, will be available in a few months. Here's an Overview of Whitebox and HT of the Future. Slashdot readers funded this video and videos of the entire TAPR conference. Thanks!"

jones_supa writes: As you may have heard, the NSA has had some success in cracking Secure Shell (SSH) connections. To respond to these risks, a guide written by Stribika tries to help you make your shell as robust as possible. The two main concepts are to make the crypto harder and make stealing keys impossible. So prepare a cup of coffee and read the tutorial carefully to see what could be improved in your configuration. Stribika gives also some extra security tips: don't install what you don't need (as any code line can introduce a bug), use the kind of open source code that has actually been reviewed, keep your software up to date, and use exploit mitigation technologies.

jones_supa writes: After nearly two years since the previous release, the Fluxbox team has released version 1.3.6 to start off the new year. Like most Linux geeks already know, Fluxbox is the long-standing X window manager derived from Blackbox. The new version (announcement) puts emphasis on quality assurance and takes care of fixing a bunch of critical bugs: clocktool problems, rendering long text, race condition on shutdown, lost keypresses after workspace switch, corruption of fbrun-history, and resize and move problems. The two new features are an ArrangeWindowsStack action and treating Windows with a WM_CLASS as DockApp as DockApps. Translations for Bulgarian, Hebrew and Japanese also got updates. The Fluxbox project sends many thanks to all the contributors.

Steve Parrish writes: I needed a new laptop and found a great deal on an Asus Transformer TP500L. It's one of the laptops where you can flip the screen back and use it as a tablet. I'd like to replace Windows 8.1, and I'm having a difficult time finding a Linux distro that will work on it. I'm familiar with Mint, SolydX, and older Ubuntu versions. I tried the latest Ubuntu with Unity and didn't like it, but the OS installed with only a few minor issues. Has anyone tried any other distros on a hybrid laptop with a touchscreen? I've used Linux for several years, but I'm no guru -- I'm not comfortable with the command line or other advanced workings. Any suggestions would be appreciated.

An anonymous reader writes: Along with the open-source AMD Linux driver having a great 2014, the AMD Catalyst proprietary driver for Linux has also improved a lot. Beyond the open-source Radeon Gallium3D driver closing in on Catalyst, the latest Phoronix end-of-year tests show the AMD Catalyst Linux driver is beating Catalyst on Windows for some OpenGL benchmarks. The proprietary driver tests were done with the new Catalyst "OMEGA" driver. Is AMD beginning to lead real Linux driver innovations or is OpenGL on Windows just struggling?

jones_supa writes: Siddhesh Poyarekar from Red Hat has taken a professional look into mathematical functions found in Glibc (the GNU C library). He has been able to provide an 8-times performance improvement to slowest path of pow() function. Other transcendentals got similar improvements since the fixes were mostly in the generic multiple precision code. These improvements already went into glibc-2.18 upstream. Siddhesh believes that a lot of the low hanging fruit has now been picked, but that this is definitely not the end of the road for improvements in the multiple precision performance. There are other more complicated improvements, like the limitation of worst case precision for exp() and log() functions, based on the results of the paper Worst Cases for Correct Rounding of the Elementary Functions in Double Precision (PDF). One needs to prove that those results apply to the Glibc multiple precision bits.

jfruh writes Heartbleed, Shellshock, Poodle — all high-profile vulnerabilities in widely used libraries that rocked the software industry in 2014. Sadly, experts are now beginning to believe that these aren't the only bugs lurking out there in widely used open source code, just the ones that grabbed the most attention. It's beginning to look like one of the foundation concepts of open source — that with enough eyes, all bugs are shallow — is a myth. Of course, probably no one believes that all bugs are instantly shallow, no matter how open is the source, or that open source software is immune from bugs -- particularly ESR, coiner of the phrase.

DeviceGuru writes As seen in this year-end summary of 40 hacker-friendly SBCs, 2014 brought us plenty of new Linux and Android friendly single-board computers to tinker with — ranging from $35 bargains, to octa-core powerhouses. Many of the new arrivals feature 1-2GHz multicore SoCs, 1-2GB RAM, generous built-in flash, gigabit Ethernet, WiFi, on-board FPGAs, and other extras. However, most of the growth has been in the sub-$50 segment, where the Raspberry Pi and BeagleBone reign supreme, but are now being challenged by a growing number of feature-enhanced clones, such as the Banana Pi and Orange Pi. Best of all, there's every reason to expect 2015 to accelerate these trends.

An anonymous reader writes Linux 3.18 was recently released, thus making Linux 3.19 the version under development as the year comes to a close. Linux 3.19 as the first big kernel update of 2015 is bringing in the new year with many new features: among them are AMDKFD HSA kernel driver, Intel "Skylake" graphics support, Radeon and NVIDIA driver improvements, RAID5/6 improvements for Btrfs, LZ4 compression for SquashFS, better multi-touch support, new input drivers, x86 laptop improvements, etc.

An anonymous reader writes Developer Jonathan Rudenberg has discovered and pointed out a glaring security hole in Docker's system. He says, "Recently while downloading an 'official' container image with Docker I saw this line: ubuntu:14.04: The image you are pulling has been verified

I assumed this referenced Docker's heavily promoted image signing system and didn't investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security.

Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities." Docker's lead security engineer has responded here.

DeviceGuru writes: Erle Robotics has launched what is claimed to be the first drone to run both a Pixhawk APM autopilot and ROS directly on Linux. Over the last year Erle Robotics and 3DRobotics have collaborated on developing an open source, all-Linux BeagleBone Black-based autopilot for drones using the popular 3DR APM architecture, but without using Nuttx RTOS for the real-time bits. In addition to being used on a new 'Erle-copter' quadcopter drone, the new all-Linux 'Erle-brain' APM will ship in both a two-winged UAV and a four-wheeled robotic vehicle, due next spring.

zdzichu writes: The group of anonymous Italians behind the recent Debian fork have published their first progress report. It covers a wide range of topics: the 4.5k€ of donations received so far, moving distro infrastructure from GitHub to GitLab, progress on LoginKit (which replaces systemd's logind), fraud accusations, logo discussions, and few more important points.

An anonymous reader writes: After ten years of development focused on improving and simplifying Linux networking, NetworkManager 1.0 was released. NetworkManager 1.0 brings many features including an increasingly modernized client library, improved command-line support, a lightweight internal DHCP client, better Bluetooth support, VPN enhancements, WWAN IPv6 support, and other features.

Their website says, 'Come for the code, stay for the people! We have awesome attendees and electrifying parties. Check out the robotics club, the automated home brewing system running on Linux, or the game room for extra conference fun.' This is an all-volunteer conference, and for a change the volunteers who run it are getting things together far in advance instead of having sessions that don't get scheduled until a few days before the conference, which has happened more than once with LFNW.

So if you have an idea for a session, this is the time to start thinking about it. Sponsors are also welcome -- and since LFNW sponsorships regularly sell out, it's not to soon to start thinking about becoming a sponsor -- and if you are part of a non-profit group or FOSS project, LFNW offers free exhibit space because this is a conference that exists for the community, not to make money for a corporate owner. But don't delay. As you can imagine, those free exhibit spots tend to fill up early. (Alternate Video Link)

itwbennett writes In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September. Update: 12/19 04:47 GMT by S : Reader deathcamaro points out that Red Hat and others say this is not a flaw at all, but expected behavior.

DeviceGuru writes: Hardkernel has again set its sights on the Raspberry Pi with a new $35 Odroid-C1 hacker board that matches the RPI's board size and offers a mostly similar 40-pin expansion connector. Unlike the previous $30 Odroid-W that used the same Broadcom BCM2835 SoC as the Pi and was soon cancelled due to lack of BCM2835 SoC availability, the Odroid-C1 is based on a quad-core 1.5GHz Cortex-A5 based Amlogic S805 SoC, which integrates the Mali-400 GPU found on Allwinner's popular SoCs. Touted advantages over the similarly priced Raspberry Pi Model B+ include a substantially more powerful processor, double the RAM, an extra USB2.0 port that adds Device/OTG, and GbE rather than 10/100 Ethernet.

judgecorp writes: Canonical just announced Ubuntu Core, which uses containers instead of packages. It's the biggest Ubuntu shakeup for 20 years, says Canonical's Mark Shuttleworth, and is based on a tiny core, which will run Docker and other container technology better, quicker and with greater security than other Linux distros. Delivered as alpha code today, it's going to become a supported product, designed to compete with both CoreOS and Red Hat Atomic, the two leading container-friendly Linux approaches. Shuttleworth says it came about because Canonical found it had solved the "cloud" problems (delivering and updating apps and keeping security) by accident — in its work on a mobile version of Ubuntu.

linuxscreenshot writes: The Fedora Project has announced the release of Fedora 21. "As part of the Fedora.next initiative, Fedora 21 comes in three flavors: Cloud, Server, and Workstation. Cloud is now a top-level deliverable for Fedora 21, and includes images for use in private cloud environments like OpenStack, as well as AMIs for use on Amazon, and a new "Atomic" image streamlined for running Docker containers. The Fedora Server flavor is a common base platform that is meant to run featured application stacks, which are produced, tested, and distributed by the Server Working Group. The Fedora Workstation is a new take on desktop development from the Fedora community. Our goal is to pick the best components, and integrate and polish them. This work results in a more polished and targeted system than you've previously seen from the Fedora desktop." Here are screenshots for Fedora 21: GNOME, KDE, Xfce, LXDE, and MATE.

An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.