Operating Systems

Canonical Shares Desktop Plans For Ubuntu 18.10 (ubuntu.com) 78

Canonical's Will Cooke on Friday talked about the features the company is working on for Ubuntu 18.10 "Cosmic Cuttlefish" cycle. He writes: We're also adding some new features which we didn't get done in time for the main 18.04 release. Specifically: Unlock with your fingerprint, Thunderbolt settings via GNOME Control Center, and XDG Portals support for snap.

GNOME Software improvements
We're having a week long sprint in June to map out exactly how we want the software store to work, how we want to present information and to improve the overall UX of GNOME Software. We've invited GNOME developers along to work with Ubuntu's design team and developers to discuss ideas and plan the work. I'll report back from the sprint in June.

Snap start-up time
Snapcraft have added the ability for us to move some application set up from first run to build time. This will significantly improve desktop application first time start up performance, but there is still more we can do.

Chromium as a snap
Chromium is becoming very hard to build on older releases of Ubuntu as it uses a number of features of modern C++ compilers. Snaps can help us solve a lot of those problems and so we propose to ship Chromium only as a snap from 18.10 onwards, and also to retire Chromium as a deb in Trusty. If you're still running Trusty you can get the latest Chromium as a snap right now.
In addition, Ubuntu team is also working on introducing improvements to power consumption, adding support for DLNA, so that users could share media directly from their desktop to DLNA clients (without having to install and configure extra packages), and improved phone integration by shipping GS Connect as part of the desktop, the GNOME port of KDE Connect. Additional changelog here.
Ubuntu

Canonical Addresses Ubuntu Linux Snap Store's 'Security Failure' (betanews.com) 79

Last week, an app on the Ubuntu Snap Store caused a stir when it was found to be riddled with a script that is programmed to mine cryptocurrency, a phenomenon whose traces has been found in several popular application stores in the recent months. Canonical promptly pulled the app from the store, but offered little explanation at the time. On Tuesday, Ubuntu-maker addressed the matter in detail. From a report: The big question is whether or not this is really malware. Canonical also pondered this and says the following. "The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself. That perspective was indeed taken by the publisher in question here, who informed us that the goal was to monetize software published under licenses that allow it, unaware of the social or technical consequences," the company wrote in a blog post.

"The publisher offered to stop doing that once contacted. Of course, it is misleading if there is no indication of the secondary purpose of the application. That's in fact why the application was taken down in the store. There are no rules against mining cryptocurrencies, but misleading users is a problem," it added.

Unfortunately, Canonical concedes that it simply doesn't have the resources to review all code submitted to the Snap Store. Instead, it puts the onus on the user to do their due diligence by investigating the developer before deciding to trust them.

Security

Malware Found In the Ubuntu Snap Store (linuxuprising.com) 90

An anonymous reader quotes a report from Linux Uprising: Oh, snap! Just because some packages are available to install directly from the Ubuntu Software Center doesn't make them safe. This is proved by a recent discovery of malware in some snap packages from the Ubuntu Snaps Store.

At least two of the snap packages, 2048buntu and hextris, uploaded to the Ubuntu Snaps Store by user Nicolas Tomb, contained malware. All packages by Nicolas have since been removed from the Ubuntu Snaps Store, "pending further investigations." The report comes from a bug which mentions that the 2048buntu snap package (and other packages by Nicolas Tomb) contains a hidden cryptocurrency miner inside.

Microsoft

Microsoft Works To Port Ubuntu To Windows ARM (neowin.net) 105

Billly Gates shares a report: It was this time last year that Microsoft announced that it was bringing Ubuntu to the Windows Store (now the Microsoft Store), along with other Linux distributions. If you check out the app in the Store now though, you'll find that it only works on x64 devices, meaning that you can't run it on any of the new Windows 10 on ARM PCs. That's all about to change though. In a session at Microsoft's Build 2018 developer conference today called Windows 10 on ARM for Developers, the company showed off Ubuntu running on an ARM PC, with the app coming from the Microsoft Store. It will finally support ARM64 PCs, although x86 devices are still out of luck.
Security

Multiple OS Vendors Release Security Patches After Misinterpreting Intel Docs (bleepingcomputer.com) 81

Almost all major OS vendors released security patches yesterday after a researcher discovered that some OS makers have misinterpreted an Intel CPU debug feature and left their systems open to attacks. From a report: The vulnerability is in how the OS vendors implemented a hardware debug mechanism for Intel x86-64 architectures -- and more specifically the MOV SS and POP SS instructions. "In certain circumstances after the use of certain Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3," the CERT/CC team explained in an advisory published yesterday. Explained in layman's terms, "this may allow an attacker to utilize operating system APIs to gain access to sensitive memory information or control low-level operating system functions." Operating systems that mishandle this debug exception and had their systems open to attacks include Apple, Microsoft, FreeBSD, Red Hat, Ubuntu, SUSE Linux, and other Linux distros based on the Linux Kernel -- which is also affected.
Ubuntu

Ubuntu Considering an HTML5-Based OS Installer (phoronix.com) 179

An anonymous reader writes: Ubuntu's Self-Appointed Benevolent Dictator for Life, Mark Shuttleworth, is considering backing a new Ubuntu installer that would be using HTML5 via the Electron Framework. This theoretical installer would re-use the company's existing HTML5 code for managing MAAS installations, integrate with Electron, and also better support their Snap packaging format, according to his proposal. What could possibly go wrong with an HTML5/Electron operating system installer? Mark also announced that Ubuntu 18.10 is codenamed the Cosmic Cuttlefish.
Windows

Ask Slashdot: Any Idiosyncrasies of the New Windows 10 April 2018 Update? 149

shanen wants to know if anyone else has noticed any idiosyncrasies of the new Windows 10 April 2018 update, which was released on April 30th (global rollout on May 8): Only two machines so far [are running the new version of Windows 10], but I already noticed a few peculiarities. Do you have any to share? Here are mine so far:

1. Microsoft prefers tightly linking the machine to a Microsoft account, for example via Outlook.com. If you have a machine that is not linked that way, the antivirus software will now attempt to force a link to a Microsoft account. And what is that new PIN supposed to be about?
2. Accessing a gateway on the wrong private network can produce a hard freeze, forcing a hard reset from the power down state. Possibly a serious security vulnerability to the point where I'm not sure I should share the details in public.

Anything you've noticed about the new Windows 10? (Now I have to get back to dealing with the new OS X update and the latest Ubuntu...)
Some of the new features include the ability to resume past activities in timeline, a file sharing feature with nearby devices, a rebuilt Game Bar with a new Fluent design UI, and a diagnostic data viewing tool in the Security and Privacy section. If you want to get the update before the global rollout, you can do so via Check for Updates under Windows Update.
Operating Systems

Ubuntu 18.04 Focuses On Security and AI Improvements (sdtimes.com) 89

Canonical has announced the release of its open-source Linux operating system, Ubuntu 18.04, which features security, multi-cloud, containers, and AI improvements. From a report: "Multi-cloud operations are the new normal," said Mark Shuttleworth, CEO of Canonical and founder of Ubuntu, in a statement. "Boot-time and performance-optimized images of Ubuntu 18.04 LTS on every major public cloud make it the fastest and most efficient OS for cloud computing, especially for storage and compute intensive tasks like machine learning." On-premises and on-cloud AI development within Ubuntu will be improved by the integration of Kubeflow and a range of CI/CD tools into Canonical Kubernetes. Kubeflow is a machine learning library built on Kubernetes.
Windows

Microsoft Windows 10 Gains Linux/WSL Console Copy and Paste Functionality (betanews.com) 168

BrianFagioli writes: For better or worse, the Windows Subsystem for Linux (WSL) initiative seems to be moving full steam ahead. There are some very respectable distributions available in the Microsoft Store, such as Debian, Ubuntu, and Kali to name a few. Not to mention, Microsoft is trying to encourage even more maintainers to submit their distros with a new tool.

Apparently, some Windows 10 users have been clamoring for the ability to copy and paste both from and to WSL consoles -- a reasonable request. Well, as of Insider Build 17643, this is finally possible.

'As of Windows 10 Insider build #17643, you can copy/paste text from/to Linux/WSL Consoles!!! We know that this is a feature MANY of you have been waiting for -- our sincerest thanks for your patience and continued support while we untangled the Console's internals, allowing us to implement this feature. To ensure that we don't break any existing behaviors, you'll need to enable the 'Use Ctrl+Shift+C/V as Copy/Paste' option in the Console 'Options' properties page,' says Rich Turner, Microsoft.

Security

Linux: Beep Command Can Be Used to Probe for the Presence of Sensitive Files (bleepingcomputer.com) 109

Catalin Cimpanu, writing for BleepingComputer: A vulnerability in the "beep" package that comes pre-installed with Debian and Ubuntu distros allows an attacker to probe for the presence of files on a computer, even those owned by root users, which are supposed to be secret and inaccessible. The vulnerability, tracked as CVE-2018-0492, has been fixed in recent versions of Debian and Ubuntu (Debian-based OS). At its core, the bug is a race condition in the beep utility that allows the OS to emit a "beep" sound whenever it is deemed necessary. Security researchers have discovered a race condition in the beep package that allows an attacker to elevate his code to root-level access.
Microsoft

Microsoft Open Source Tool Lets You 'Bring Your Own Linux' To Windows (microsoft.com) 135

Long-time Slashdot reader Billly Gates writes: Debian is now available in the Windows app store. It joins Ubuntu, Suse Leap, SuSe enterprise, and Kali Linux for those who cannot or do not want to bother with a virtual machine or a full install of the OS. However, it included stable 9.3. 9.4 is available from the repository if you run apt-get update and apt-get upgrade.
"Fedora is not yet available, although Microsoft has stated openly that it is working to make it so," reports Computer Weekly. And there's more: Microsoft has also provided an open source tool called Microsoft WSL/DistroLauncher for users who want to build their own Linux package where a particular distribution is either a) not available yet or b) is available, but the user wants to apply a greater degree of customisation to it than comes as standard.
GNOME

Ubuntu Linux 18.04 LTS 'Bionic Beaver' Beta 2 Now Available (betanews.com) 97

An anonymous reader writes: Ubuntu Linux 18.04 "Bionic Beaver" is almost here -- it is due on April 26. In the interim, today, the second -- and final -- beta becomes available. Bionic Beaver is very significant, as it is an LTS version, meaning "Long Term Support." This is important to those that prefer stability to bleeding edge and don't want to deal with the hassle of upgrades. In other words, you can install 18.04 and be confident that it will be supported for 5 years. In comparison, non-LTS Ubuntu versions get a mere 9 months.

There is plenty to be excited about with Ubuntu Linux 18.04 LTS 'Bionic Beaver' Beta 2, including the GNOME 3.28 desktop environment -- Beta 1 did not include GNOME at all. Of course, all the other DE flavors are available too, such as KDE and Xfce. The kernel is at 4.15, which while not the most current version, is still quite modern. Also included is LibreOffice 6.0 -- an essential tool that rivals Microsoft Office. Wayland is available as a technical preview, although X remains the default display server -- for now.

AMD

Linux Mint Ditches AMD For Intel With New Mintbox Mini 2 (betanews.com) 46

An anonymous reader writes: Makers of Mint Box, a diminutive desktop which runs Linux Mint -- an Ubuntu-based OS, on Friday announced the Mintbox Mini 2. While the new model has several new aspects, the most significant is that the Linux Mint Team has switched from AMD to Intel (the original Mini used an A4-Micro 6400T). For $299, the Mintbox Mini 2 comes with a quad-core Intel Celeron J3455 processor, 4GB of RAM, and a 60GB SSD. For $50 more you can opt for the "Pro" model which doubles the RAM to 8GB and increases the SSD capacity to 120GB. Graphics are fairly anemic, as it uses integrated Intel HD 500, but come on -- you shouldn't expect to game with this thing. For video connectivity, you get both HDMI and Mini DisplayPort. Both can push 4K, and while the mini DP port can do 60Hz, the HDMI is limited to 30.
Ubuntu

Ubuntu Community Considers a Crowd-Sourced Promo Video (ubuntu.com) 40

Slashdot reader Beacon11 writes that "Alan Pope, a community advocate for Ubuntu, has requested comments and ideas regarding the creation of a crowd-sourced promo video that, in 30 seconds, conveys that Ubuntu is for everyone." Alan Pope writes: So for example you might see a woman on a train typing an article, a guy in an office creating a presentation, a kid on the sofa playing a game with a controller on their TV, someone watching a film, someone developing code, kids playing with robots, a farmer planning animal feeding. You get the idea...

So I'd really like to do this as a shared community project, with video clips submitted by Ubuntu users from around the world, perhaps even taking in a landmark or two here and there. I'd expect the video to represent the diversity of users, and variety of activities people are able to do with Ubuntu.

Though they're currently just discussing its feasibility, Alan writes that "I think if we work together we could make something amazing."
Ubuntu

Ubuntu Linux 18.04 'Bionic Beaver' Beta 1 Now Available For Download (betanews.com) 101

From a report: This week, Ubuntu Linux 18.04 'Bionic Beaver' Beta 1 became available for download. Ubuntu 18.04 is significant, as it will be an LTS (Long Term Support) version. As was the case when Unity was the primary DE, GNOME is not available in this beta stage. Instead, there are other flavors from which to choose, such as Kubuntu with KDE Plasma and Xubuntu, which uses Xfce.

"Pre-releases of the Bionic Beaver are not encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage. They are, however, recommended for Ubuntu flavor developers and those who want to help in testing, reporting, and fixing bugs as we work towards getting this release ready. Beta 1 includes some software updates that are ready for broader testing. However, it is quite an early set of images, so you should expect some bugs," says Dustin Krysak, Ubuntu Budgie team member.

Windows

Ask Slashdot: Should We Worry Microsoft Will 'Embrace, Extend, and Extinguish' Linux? (betanews.com) 431

BrianFagioli writes: While there is no proof that anything nefarious is afoot, it does feel like maybe the Windows-maker is hijacking the Linux movement a bit by serving distros in its store. I hope there is no "embrace, extend, and extinguish" shenanigans going on.

Just yesterday, we reported that Kali Linux was in the Microsoft Store for Windows 10. That was big news, but it was not particularly significant in the grand scheme, as Kali is not very well known. Today, there is some undeniably huge news -- Debian is joining SUSE, Ubuntu, and Kali in the Microsoft Store. Should the Linux community be worried?

My concern lately is that Microsoft could eventually try to make the concept of running a Linux distro natively a thing of the past. Whether or not that is the company's intention is unknown. The Windows maker gives no reason to suspect evil plans, other than past negative comments about Linux and open source. For instance, former Microsoft CEO Steve Ballmer once called Linux "cancer" -- seriously.

Ubuntu

Ubuntu Wants To Collect Data About Your System -- Starting With 18.04 LTS (fossbytes.com) 207

In an announcement on Ubuntu mailing list, Will Cooke, on behalf of the Ubuntu Desktop team, announced Canonical's plans to collect some data related to the users' system configuration and the packages installed on their machines. From a report: Before you read anything further, it's important to note that users will have the option to opt-out of this data collection. The company plans to add a checkbox to the installer, which would be checked by default. The option could be like: "Send diagnostics information to help improve Ubuntu." As per your convenience, you can opt-out during the installation. An option to do the same will also be made available in the Privacy panel of GNOME Settings. With this data collection, the team wishes to improve the daily experiences of the Ubuntu users. It's worth noting that the collected data will be sent over encrypted connections and no IP addresses will be tracked. To be precise, the collected data will include: flavour and version of Ubuntu, network connectivity or not, CPU family, RAM, disk(s) size, screen(s) resolution, GPU vendor and model, OEM manufacturer, location (based on the location selection made during install), no IP information, time taken for Installation, auto-login enabled or not, disk layout selected, third party software selected or not, download updates during install or not, livePatch enabled or not.
Ubuntu

Ubuntu 18.04 LTS Could Come with Snap Apps Preinstalled (omgubuntu.co.uk) 139

Ubuntu 18.04 LTS 'Bionic Beaver' could ship with Snap apps installed by default. From a report: A proposal from Ubuntu developer Steve Langasek suggests that Snapcraft now stand as a 'first-class' alternative to traditional packages, making them ripe for inclusion. "As more software becomes available as snaps, we want to take advantage of this body of packages as part of the default Ubuntu experience," he writes. As part of his proposal -- which is just a suggestion for the moment, so don't get excited/angry -- Langasek wants to iron out policy and rules around seeded snap app. This is to ensure they are updated and maintained accordingly, inline with Ubuntu practice. While Snaps by default would be something of a first for the regular version Ubuntu, it wouldn't be a first in general. That honour goes to Ubuntu MATE 17.10, the first distro to ship with a preinstalled Snap app.
Open Source

LKRG: A Loadable Linux Kernel Module for Runtime Integrity Checking (bleepingcomputer.com) 36

An anonymous reader quotes BleepingComputer: Members of the open source community are working on a new security-focused project for the Linux kernel. Named Linux Kernel Runtime Guard (LKRG), this is a loadable kernel module that will perform runtime integrity checking of the Linux kernel. Its purpose is to detect exploitation attempts for known security vulnerabilities against the Linux kernel and attempt to block attacks. LKRG will also detect privilege escalation for running processes, and kill the running process before the exploit code runs.

Since the project is in such early development, current versions of LKRG will only report kernel integrity violations via kernel messages, but a full exploit mitigation system will be deployed as the system matures... While LKRG will remain an open source project, LKRG maintainers also have plans for an LKRG Pro version that will include distro-specific LKRG builds and support for the detection of specific exploits, such as container escapes. The team plans to use the funds from LKRG Pro to fund the rest of the project.

The first public version of LKRG -- LKRG v0.0 -- is now live and available for download on this page. A wiki is also available here, and a Patreon page for supporting the project has also been set up. LKRG kernel modules are currently available for main Linux distros such as RHEL7, OpenVZ 7, Virtuozzo 7, and Ubuntu 16.04 to latest mainlines.

Ubuntu

Ubuntu 18.04 LTS Will Default To The X.Org Stack, Not Wayland (phoronix.com) 194

An anonymous reader writes: Five years after their original goal to ship Ubuntu with Wayland, Ubuntu 17.10 transitioned to using the Wayland display system by default as part of their transition to GNOME Shell as the default desktop. But with the upcoming Ubuntu 18.04 LTS release, Canonical has decided to transition back to the X.Org Server. Their reasoning for moving to an X.Org Server by default is better support for screen sharing, remote desktop, and better recovery from crashes. But for those interested the Wayland session will still be available as a log-in option.

Slashdot Top Deals