Long time reader BrianFagioli writes: if you love Linux Mint and use it regularly, I have very good news -- version 18.1 'Serena' is finally here. There are two desktop environments from which to choose -- Cinnamon and Mate. Regardless of which version you choose, please know that it is based on Ubuntu 16.04, which offers long-term support (LTS). In other words, Linux Mint 18.1 will be supported until 2021. Linux Mint 18.1 comes with the updated Cinnamon 3.2 which looks to be wonderful. The Mint team touts a new screensaver/ login screen in the desktop environment, and yeah, it looks good.

An anonymous reader writes: It's the year of the Linux desktop getting pwned. Chris Evans (not the red white and blue one) has released a number of linux zero day exploits, the most recent of which employs specially crafted audio files to compromise linux desktop machines. Ars Technica reports: "'I like to prove that vulnerabilities are not just theoretical -- that they are actually exploitable to cause real problems,' Evans told Ars when explaining why he developed -- and released -- an exploit for fully patched systems. 'Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability. I'm helping to stamp that out.' Like Evans' previous Linux zero-day, the proof-of-concept attacks released Tuesday exploit a memory-corruption vulnerability closely tied to GStreamer, a media framework that by default ships with many mainstream Linux distributions. This time, the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles. The two audio files are encoded in the SPC music format used in the Super Nintendo Entertainment System console from the 1990s. Both take aim at a heap overflow bug contained in code that emulates the console's Sony SPC700 processor. By changing the .spc extension to .flac and .mp3, GSteamer and Game Music Emu automatically open them."

msm1267 quotes Kaspersky Lab's ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introd in August 2011.

A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely.
"Basically it's a bait-and-switch," the researcher told Threatpost. "The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react."

BrianFagioli shares his story on Beta News: Feeling fatigued by Windows 10 and its constant updates and privacy concerns? Can't afford one of those beautiful new MacBook Pro laptops? Don't forget, Linux-based desktop operating systems are just a free download away, folks!

If you do decide to jump on the open source bandwagon, a good place to start is Linux Mint. Both the Mate and Cinnamon desktop environments should prove familiar to Windows converts, and since it is based on Ubuntu, there is a ton of compatible packages. Today, the first beta of Linux Mint 18.1 'Serena' becomes available for download.
Here's the release notes for both Cinammon and MATE.

An anonymous reader quotes OStatic's update on Canonical's lawsuit against a cloud provider: Canonical posted Thursday that they've been in a dispute with "a European cloud provider" over the use of their own homespun version of Ubuntu on their cloud servers. Their implementation disables even the most basic of security features and Canonical is worried something bad could happen and it'd reflect badly back on them... They said they've spent months trying to get the unnamed provider to use the standard Ubuntu as delivered to other commercial operations to no avail. Canonical feels they have no choice but to "take legal steps to remove these images." They're sure Red Hat and Microsoft wouldn't be treated like this.
Mark Shuttleworth, the founder of Ubuntu, wrote in his blog post that Ubuntu is "the leading cloud OS, running most workloads in public clouds today," whereas these homegrown images "are likely to behave unpredictably on update in weirdly creative and mysterious ways... We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that...

"To count some of the ways we have seen home-grown images create operational and security nightmares for users: clouds have baked private keys into their public images, so that any user could SSH into any machine; clouds have made changes that then blocked security updates for over a week... When things like this happen, users are left feeling let down. As the company behind Ubuntu, it falls to Canonical to take action."

Canonical isn't pleased with cloud providers who are publishing broken, insecure images of Ubuntu despite being notified several times. In a blogpost, Mark Shuttleworth, the founder of Ubuntu, and the Executive Chairman and VP, Product Strategy at Canonical, made the situation public for all to see. An excerpt from the blog post: We are currently in dispute with a European cloud provider which has breached its contract and is publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly. The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways (the internet is full of fun examples). We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that. We have spent many months of back and forth in which we unsuccessfully tried to establish the same operational framework on this cloud that already exists on tens of clouds around the world. We have on multiple occasions been promised it will be rectified to no avail. We are now ready to take legal steps to remove these images. We will seek to avoid affecting existing running users, but we must act to prevent future users from being misled. We do not make this move lightly, but have come to the view that the value of Ubuntu to its users rests on these commitments to security, quality and updates.

"With a click of a button, you can change the desktop layout to match that of Windows versions and Gnome 3. The Ultimate edition...also features Ubuntu, Gnome 2 and macOS-like layouts." BrianFagioli shares an article about a Linux-based operating system "designed for Windows-switchers." While the company does charge for an "Ultimate" version, the "Core" edition of Zorin OS 12 is entirely free... "As Zorin OS 12 is based on Ubuntu 16.04 LTS, it will be supported with security updates until April 2021. This makes Zorin OS 12 the ideal choice for large deployments in businesses, governments, schools and organisations", says The Zorin OS Team"... Zorin OS features some really great features, such as Google Drive integration with the file browser.
Although unlike Windows 10, its default browser is Chromium.

On the sidelines of major announcements such as Microsoft joining the Linux Foundation, and Google joining the .NET Foundation, at its Connect(); 2016 developer conference, Microsoft also announced that it bringing Visual Studio for rival platform Mac. The company also announced a preview of the next version of SQL Server, and a preview of Azure App Service support for containers. From a Venture Beat report:"We want to help developers achieve more and capitalize on the industry's shift toward cloud-first and mobile-first experiences using the tools and platforms of their choice," Microsoft Cloud and enterprise executive vice president Scott Guthrie said in a statement. "By collaborating with the community to provide open, flexible, and intelligent tools and cloud services, we're helping every developer deliver unprecedented levels of innovation." The fact that Microsoft is bringing its IDE to macOS would have arguably been the biggest news of the day, had the company not leaked the information itself earlier this week. Still, a preview of Visual Studio for Mac is now available, letting developers write cloud, mobile, and macOS apps on Apple's desktop operating system using .NET and C#. It's a big deal, given that Microsoft once made a point of locking in developers by only offering its tools on Windows. This has changed over time, with a big highlight in April 2015 when Microsoft launched Visual Studio Code, its cross-platform code editor, for Windows, Mac, and Linux.More info on Microsoft releasing SQL Server Preview for Ubuntu and Red Hat Enterprise Linux.

Microsoft today said it is joining the Linux Foundation as a high-paying Platinum member. Linux Foundation executive director Jim Zemlin said, "This may come as a surprise to you, but they were not big fans," describing the two's previous relationship. From a report on TechCrunch: The new Microsoft under CEO Satya Nadella, however, is singing a very different tune. Today's Microsoft is one of the biggest open source contributors around. Over the course of just the last few years, it has essentially built Canonical's Ubuntu distribution into Windows 10, brought SQL Server to Linux, open-sourced core parts of its .NET platform and partnered with Red Hat, SUSE and others. As Zemlin noted, Microsoft has also contributed to a number of Linux Foundation-managed projects like Node.js, OpenDaylight, the Open Container Initiative, the R Consortium and the Open API Initiative.ArsTechnica has more details.

msm1267 quotes a report from Threatpost: A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate data. Cryptsetup, a utility used to setup disk encryption based on the dm-crypt kernel module, is usually deployed in Debian and Ubuntu. Researchers warned late last week that if anyone uses the tool to encrypt system partitions for the operating systems, they're likely vulnerable. Two researchers, Hector Marco of the University of the West of Scotland and Ismael Ripoll, of the Polytechnic University of Valencia, in Spain, disclosed the vulnerability on Friday at DeepSec, a security conference held at the Imperial Riding School Renaissance Vienna Hotel in Austria. According to a post published to the Full Disclosure mailing list, the vulnerability (CVE-2016-4484) affects packages 2.1 and earlier. Systems that use Dracut, an infrastructure commonly deployed on Fedora in lieu of initramfs -- a simple RAM file system directory, are also vulnerable, according to the researchers. The pair say additional Linux distributions outside of Debian and Ubuntu may be vulnerable, they just haven't tested them yet. The report adds: "The problem stems from the incorrect handling of a password check when a partition is ciphered with LUKS, or Linux Unified Key Setup, a disk encryption specification that's standard for Linux. Assuming an attacker has access to the computer's console, when presented with the LUKS password prompt, they could exploit the vulnerability simply by pressing 'Enter' over and over again until a shell appears. The researchers say the exploit could take as few as 70 seconds. After a user exceeds the maximum number of three password tries, the boot sequence continues normally. Another script in the utility doesn't realize this, and drops a BusyBox shell. After carrying out the exploit, the attacker could obtain a root initramfs, or rescue shell. Since the shell can be executed in the initrd, or initial ram disk, environment, it can lead to a handful of scary outcomes, including elevation of privilege, information disclosure, or denial of service."

As an open-source software pioneer, Munich spent years moving away from Windows, but now politicians are debating a report that suggests the city could eventually abandon Linux. A report on TechRepublic adds: If the authority ruling Germany's third largest city backs proposals to make Windows 10 and Microsoft Office available across the council, it would be a significant step away from open-source software for an organization once seen as its champion. Over a nine-year period starting in 2004, the council moved about 15,000 staff from using Windows and Office to LiMux -- a custom version of the Ubuntu desktop OS -- and other open source software. At the time, Munich was one of the largest organizations to reject Windows, and Microsoft took the city's leaving so seriously that then CEO Steve Ballmer flew to Munich to meet the mayor. Now a report commissioned by current mayor Dieter Reiter to help determine the future of IT at the council has outlined a project to make Windows 10 and Microsoft Office available to all departments, and give staff the choice about whether to use Windows or LiMux.

prisoninmate writes from a report via Softpedia: After two successful major releases, budgie-remix has finally been accepted as an official Ubuntu flavor, earlier today during a meeting where four Canonical technicians voted positive. As such, we're extremely happy to inform our readers that the new Ubuntu flavor is called Ubuntu Budgie. In April this year, when budgie-remix hit the road towards its first major release, versioned 16.04, we reported that David Mohammed was kind enough to inform Softpedia about the fact that he got in touch with Ubuntu MATE leader Martin Wimpress, who urged the developer to target Ubuntu 16.10 for an official status. budgie-remix 16.10 arrived as well this fall shortly after the release of Ubuntu 16.10 (Yakkety Yak), and the dream of becoming an official Ubuntu flavor is now a reality. Re-branding of the official website and the entire distribution is ongoing. "We now move full steam ahead and look forward to working with the Ubuntu Develop Membership Board to examine and work through the technical aspects [...] 17.04 will be our first official release under the new name," said David Mohammed in the announcement.

"Mythbuntu as a separate distribution will cease to exist. We will take the necessary steps to pull Mythbuntu specific packages from the repositories unless someone steps up to take these packages over," read Friday's announcement. prisoninmate writes: Mythbuntu was an operating system based on the widely-used Ubuntu Linux distro and built around the MythTV free and open source digital video recorder (DVR) project... The Mythbuntu team recommends users who want to use Mythbuntu to install the latest release of the Xubuntu Linux operating system and then add the Mythbuntu PPA (Personal Package Archive), which will continue to provide the latest MythTV releases and other related packages...

The first release of the OS was back when Ubuntu 7.10 (Gutsy Gibbon) was announced, and the last one was Mythbuntu 16.04.1 LTS (Xenial Xerus). From this point...there will be no new ISO images anymore. Also, the mythbuntu-desktop and Mythbuntu-Control-Centre packages are now discontinued and won't be available from the Ubuntu repositories anymore. However, users will still be able to install the MythTV software and configure it as they see fit.

Amazon Web Services, a division of Amazon that offers cloud computing and storage services, has released a container image of its Amazon Linux operating system -- which has, until now, only been accessible on AWS virtual machine instances -- that customers can now deploy on their own servers. From a report on VentureBeat: Of course, other Linux distributions are available for use in companies' on-premises data centers -- CentOS, CoreOS, Red Hat Enterprise Linux, Canonical's Ubuntu, and so on. Now companies that are used to Amazon Linux in the cloud can work with it on-premises, too. It's available from AWS' EC2 Container Registry. Amazon Linux is not currently available for instant deployment on other public clouds, whether Oracle's, Google's, Microsoft's, or IBM's. "It is built from the same source code and packages as the AMI and will give you a smooth path to container adoption," AWS chief evangelist Jeff Barr wrote in a blog post. "You can use it as-is or as the basis for your own images."

Linux distributions have emerged as one of the beneficiaries in the aftermath of the MacBook Pros launch. Many people aren't pleased with the offering and prices of Apple's three new laptops and some of them are resorting to Linux-powered laptops. From a report on BetaNews: Immediately after the Apple Keynote, famed Ubuntu laptop and desktop seller, System76, saw a huge jump in traffic from people looking to buy its machines. The traffic was so intense, that it needed to upgrade servers to keep up, it said. "We experienced much more traffic than we had prepared for, the website didn't go hard down but experienced slowness. We had to scale up to return to normal. It was a pretty big surge, I don't have the details in front of me at the moment but I've not really heard of anything like this before. People being so underwhelmed by a product that immediately following a new product release they actively seek out competitor's products," says Ryan Sipes, Community Manager, System76. I decided to compare specifications and pricing on my own, so I headed to both Apple.com and System76.com to compare. Apple's new 15-inch MacBook Pro starts at $2,400. This machine has a Quad-core Sklyake i7, maxes out at 16GB of RAM, has an NVMe 256GB SSD, and a Radeon Pro 450 with a paltry 2GB memory. Alternatively, I headed to System76 and configured its 15-inch Oryx Pro. I closely matched the MacBook Pro specs, with a Quad-core Sklyake i7 and NVMe 256GB SSD. Instead of 16GB of RAM as found on the Apple, I configured with 32GB (you can go up to 64GB if needed). By default, it comes with a 6GB Nvidia GTX 1060. The price? Less than $2,000! In other words, the System76 machine with much better specs is less expensive than Apple's.

OpenSource.com reports on a Minnesota school's 1:1 program -- one device per child -- where "Lots of the Windows laptops were in very poor condition and needed to be replaced." An anonymous reader writes: An Indiegogo campaign triggered extra money and donations of laptops, allowing the school's Linux club to equip much of the school with Linux laptops. "When you're using open source software you're free to use operating systems and application software without the hassle of license keys or license tracking inherent with proprietary software," says Stu Keroff, the school's technology coordinator. "This allows a school to experiment [and] gives them the freedom to make mistakes...

But there's also another benefit. "By empowering the students to be part of that process we were able to get more done, and to generate more excitement about the learning that the students were taking part in." There's now a waiting list for the school's Linux club, where they'd planned to cap membership at 35...until 62 students applied. Instead, they found themselves creating two Linux clubs, one for the sixth graders, and one for the 7th and 8th graders.
And to answer the obvious question -- they're using Ubuntu, with the Unity desktop.

For the third month in a row the share of worldwide desktop computer users running Linux has been above two percent -- up from one percent -- according to data from web analytics company Net Market Share. From a OMGUbuntu report: We reported back in July that Linux marketshare had passed two percent for the first time, and that figure remains the highest they've ever reported for Linux, at 2.33 percent. But the share for September 2016 was almost as good at 2.23 percent. It's the third consecutive month that Linux marketshare has been above 2 percent. Those of us who use Linux as our primary desktop computing platform can take a degree of pride in these figures. They do show a clear trend towards Linux, rather than away from it. But we should also remember that statistics, numbers and reporting methods vary between analytics companies and that all figures, however positive, remain open to interpretation and debate.

"Linux distributions and silly names go together like peanut butter and jelly," notes BetaNews. BrianFagioli writes: One of the most well-known Linux distributions to use funny names is Ubuntu. It famously uses the convention of an adjective and a lesser-known animal, each starting with the same letter... For example, Ubuntu 16.10 uses the letter "Y" -- "Yakkety Yak". The next version of the operating system will use the letter "Z" [and] Canonical has chosen "Zesty Zapus"... It is apparently a type of jumping mouse...

"As we come to the end of the alphabet, I want to thank everyone who makes this fun. Your passion and focus and intellect, and occasionally your sharp differences, all make it a privilege to be part of this body incorporate. Right now, Ubuntu is moving even faster to the centre of the cloud and edge operations. From AWS to the zaniest new devices, Ubuntu helps people get things done faster, cleaner, and more efficiently, thanks to you...", says Mark Shuttleworth, CEO, Canonical... "we are a tiny band in a market of giants, but our focus on delivering free software freely together with enterprise support, services and solutions appears to be opening doors, and minds, everywhere. So, in honour of the valiantly tiny leaping long-tailed over the obstacles of life, our next release which will be Ubuntu 17.04, is hereby code named the Zesty Zapus".
My favorite was Xenial Xerus.

Linux-focused blog OMGUbuntu's Joey-Elijah Sneddon shared a post today in which he is trying to explain why people should Linux. He stumbled upon the question when he typed "Why use" and Google suggested Linux as one of the most frequent questions. From the article: The question posed is not one that I sincerely ask myself very often. The answer has, over the years, become complicated. It's grown into a bloated ball of elastic bands, each reason stretched around and now reliant on another. But I wanted to answer. Helpfully, my brain began to spit out all the predictable nouns: "Why use Linux? Because of security! Because of control! Because of privacy, community, and a general sense of purpose! Because it's fast! Because it's virus free! Because I'm dang-well used to it now! Because, heck, I can shape it to look like pretty much anything I want it to using themes and widgets and CSS and extensions and blingy little desktop trinkets!"

First-time submitter Big O Notation shares "an honest review about the new Ubuntu Bash" that shipped with the Windows 10 Anniversary Update. While it's still officially beta, most of the commands work as expected, and it includes popular programs like the Pico text editor. Here's some of the review's highlights: Pros: You can also manage and manipulate other files inside your entire Hard Disk, even those outside of your Linux home directory.
Cons: Even if you chmod something properly, when you use ls -l the Bash would not show the correct permissions. [And] if you try to create a Folder in your Linux Home Directory by using the Windows GUI, it would be impossible to read and manage it. Don't try this at home.
Microsoft says they've included the Windows Subsystem for Linux primarily as "a tool for developers -- especially web developers and those who work on or with open source projects." One Scandinavian developer has even tried running X on Bash on Ubuntu on Windows, reporting success running simpler programs like xcalc and xclock, as well as Gnome Control Center and xeditor and SciTE. "Things start to fall apart if you try to get more ambitious, though."