An anonymous reader quotes Forbes: If you've been following the steady march of progress from Dell's Linux-first Project Sputnik team, you're no doubt aware that the "Developer Edition" variant of the XPS 13 is one of the finest Linux-ready ultrabooks you can buy. Just ahead of CES 2020, Dell is pushing out a few more improvements including a feature that's been hotly requested: fingerprint-reader support. It's one of several enhancements Dell is promising to Linux users for its 10th-generation XPS 13, including a new maximum of 32GB RAM and a redesigned "InfinityEdge" display that adds even more screen real estate, resulting in an adjusted 16:10 aspect ratio to match... Details on fingerprint-reader support are still a bit vague, but Dell says it will be released shortly after the system's February 2020 launch as an OTA (over-the-air) update, and then as part of the preloaded Ubuntu Developer Edition image it ships with the system.
Dell's lead on Project Sputnik developer systems, Barton George, also blogged about Dell's new 86-inch 4K interactive touch monitor, as well as their upcoming Latitude 9510 notebook and 2-in-1 laptops, promising "a new ultra-premium class of products" offering 5G mobile broadband capabilities, AI-based productivity capabilities, and 30-plus hours of battery life.

The blog post ends by noting that "While project Sputnik is the most visible Linux-based offerings from Dell, it is only a small fraction of the over 150 systems that make up Dell's Linux portfolio."

Zack Whittaker, writing for TechCrunch: Last week, Spotify sent a number of USB drives to reporters with a note: "Play me." It's not uncommon for reporters to receive USB drives in the post. Companies distribute USB drives all the time, including at tech conferences, often containing promotional materials or large files, such as videos that would otherwise be difficult to get into as many hands as possible. But anyone with basic security training under their hat will know to never plug in a USB drive without taking some precautions first.

Concerned but undeterred, we safely examined the contents of the drive using a disposable version of Ubuntu Linux (using a live CD) on a spare computer. We examined the drive and found it was benign. On the drive was a single audio file. "This is Alex Goldman, and you've just been hacked," the file played. The drive was just a promotion for a new Spotify podcast. Because of course it was. Jake Williams, a former NSA hacker and founder of Rendition Infosec, called the move "amazingly tone deaf" to encourage reporters into plugging in the drives to their computers.

An anonymous reader writes: Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

This security flaw "allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website," according to William J. Tolley, Beau Kujath, and Jedidiah R. Crandall, Breakpointing Bad researchers at University of New Mexico. "Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections," the researchers said.

An anonymous reader shares a report: elementary OS has long been viewed by many as the future of Linux on the PC thanks to its beautiful desktop environment and overall polished experience. Development of the Ubuntu-based operating system has been frustratingly slow, however. This shouldn't be surprising, really, as the team of developers is rather small, and its resources are likely much less than those of larger distributions such as the IBM-backed Fedora or Canonical's Ubuntu. And that is what makes elementary OS so remarkable -- its developers can make magic on a smaller budget. Today, the latest version of the operating system is released. Code-named "Hera," elementary OS 5.1 is now available for download. Support for Flatpak is now baked in -- this is significant, as the developers explain it is "the first non-deb packaging format we've supported out of the box." The Linux kernel now sits at a very modern 5.0. One of the most important aspects of elementary OS, the AppCenter, is now an insane 10 times faster than its predecessor.

An anonymous reader writes: Called "Zorin OS 15 Lite," it is not only lightweight, but thanks to the Xfce desktop environment and integrated Flatpak support, it should be quite familiar to those switching from Windows. In fact, the developers are intentionally targeting existing Windows 7 users, as Microsoft's operating system will be unsupported beginning January 2020. Zorin OS 15 Lite, in comparison, is based on Ubuntu 18.04 LTS and supported until 2023! It even comes with the very modern Linux kernel 5.0. "With Zorin OS 15 Lite, we've condensed the full Zorin OS experience into a streamlined operating system, designed to run fast on computers as old as 15 years. With version 15, we've gone the extra mile to make the XFCE 4.14-based desktop feel familiar and user-friendly to new users, especially those moving away from Windows 7 leading up to the end of its support in January 2020. By pairing the most advanced and efficient software with a user-friendly experience, we've made it possible for anyone to extend the lifespan of their computers for years to come," explains the Zorin OS developers.

An anonymous reader quotes the International Business Times: At the recent Tianfu cup held in Chengdu, China, Chinese China's top white-hat hackers have converged to test zero-days against top software available in the market today. During the first day of the event, Chinese security researchers were able to break into major browsers such as Safari, Microsoft Edge, and Google Chrome.

Since March 2018, the Chinese government has officially discouraged security researchers from joining hacking competitions outside the county. The recent Tianfu Cup is the venue for hackers to showcase their skills and even earn six-figure bounties for successful exploits. Former Pwn2Own winner Team 360 Vulcan took home $382,500 for successfully hacking the old version of Office 365, Microsoft Edge, Adobe PDF Reader, VMWare Workstation, and gemu+ Ubuntu during the two days event, reports ZDNet... Search engine giant Google has a representative in the event with some members of the Google Chrome security team present on site. Organizers plan to submit a report of all bugs uncovered during the event to all vendors when the competition concludes, says ZDNet.

"Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines," reports Bleeping Computer: The malware dubbed ACBackdoor is developed by a threat group with experience in developing malicious tools for the Linux platform based on the higher complexity of the Linux variant as Intezer security researcher Ignacio Sanmillan found. "ACBackdoor provides arbitrary execution of shell commands, arbitrary binary execution, persistence, and update capabilities," the Intezer researcher found.

Both variants share the same command and control (C2) server but the infection vectors they use to infect their victims are different: the Windows version is being pushed through malvertising with the help of the Fallout Exploit Kit while the Linux payload is dropped via a yet unknown delivery system... Besides infecting victims via an unknown vector, the Linux malicious binary is detected by only one of the anti-malware scanning engines on VirusTotal at the time this article was published, while the Windows one is detected by 37 out of 70 engines. The Linux binary is also more complex and has extra malicious capabilities, although it shares a similar control flow and logic with the Windows version...

ACBackdoor can receive the info, run, execute, and update commands from the C2 server, allowing its operators to run shell commands, to execute a binary, and to update the malware on the infected system.
The article warns that the Linux version will disguise itself as the Ubuntu UpdateNotifier utility, renaming its process as the Linux kernel thread [kworker/u8:7-ev].

Following the beta period, one of the best and most popular Linux-based desktop operating systems reaches a major milestone -- you can now download Ubuntu 19.10! Code-named "Eoan Ermine", the distro is better and faster then ever. From a report: By default, Ubuntu 19.10 comes with one of the greatest desktop environments -- GNOME 3.34. In addition, users will be delighted by an all-new optional Yaru light theme. There is even baked-in support for the Raspberry Pi 4. The kernel is based on Linux 5.3 and comes with support for AMD Navi GPUs. There are plenty of excellent pre-installed programs too, such as LibreOffice 6.3, Firefox 69, and Thunderbird 68. While many users will be quick to install Google Chrome, I would suggest giving Firefox a try -- it has improved immensely lately. "With GNOME 3.34, Ubuntu 19.10 is the fastest release yet with significant performance improvements delivering a more responsive and smooth experience, even on older hardware. App organization is easier with the ability to drag and drop icons into categorized folders, while users can select light or dark Yaru theme variants depending on their preference or for improved viewing accessibility. Native support for ZFS on the root partition is introduced as an experimental desktop installer option. Coupled with the new zsys package, benefits include automated snapshots of file system states, allowing users to boot to a previous update and easily roll forwards and backwards in case of failure," says Canonical.

It's been five years since the release of CentOS 7, but Indy1 (Slashdot reader #99,447) reminded us that CentOS 8 finally arrived this week -- along with a big new plan for rolling releases.

It Pro Today points out that CentOS already runs on about 16% of all servers, "a number that's only bested by Ubuntu with an estimated 28%," and says that this move "points to CentOS taking a more important role within Red Hat [and] indicates a sea change not only for CentOS, but for the Red Hat Enterprise Linux (RHEL) development pipeline." According to Karanbir Singh, CentOS project lead and Red Hat engineer, Stream will contain the code under development for the next minor RHEL release, which will allow the developer community to discuss, suggest, and contribute features and fixes into RHEL more quickly. "To do this, Red Hat Engineering is planning to move parts of RHEL development into the CentOS Project in order to collaborate with everyone on updates to RHEL," he said.

This would seem to mean that not only will CentOS remain under Red Hat's care and protection, but that CentOS will play a more important role within Red Hat going forward.

Canonical today released the official beta for the upcoming Ubuntu Linux 19.10. Code-named "Eoan Ermine," it features Linux kernel 5.3. From a report: There are several great desktop environments from which to choose too, such as KDE Plasma, Budgie, and the default GNOME. Ubuntu 19.10 is not a long term support (LTS) version, sadly, so support for the stable release will only be a mere 9 months. "The Ubuntu team is pleased to announce the beta pre-release of the Ubuntu 19.10 Desktop, Server, and Cloud products. Codenamed "Eoan Ermine," 19.10 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs," says Adam Conrad, Software Engineer, Canonical.

An anonymous reader shares a report: Apple Music doesn't work on traditional Linux distributions like Ubuntu or Fedora. It does, however, work on Windows, macOS, iOS, and Android. Chromebook users can take advantage of the Apple Music Android app from the Play Store. Traditional Linux users, however, are sadly left out of the party. This week, this changes, as Apple Music finally comes to the web -- in beta. This is something many other streaming music services, such as Spotify and Google, already offer. Better late than never, eh? This means traditional Linux users can finally enjoy Apple Music by simply visiting a website.

Canonical's Martin Wimpress addresses Snaps, Flatpak, and other competing standards, and community unease around Canonical's control of the Snap store. intensivevocoder writes: With these advances in hardware support, the last significant challenge users face when switching from Windows or Mac to a Linux distribution is app distribution and installation. While distribution-provided repositories are useful for most open source software, the release model of distributions such as Ubuntu or Fedora lock in users to a major version for programs for the duration of a particular release. Because of differences in how they interact with the underlying system, certain configuration tasks are different between Snaps or Flatpaks than for directly-installed applications. Likewise, initial commits for the Snap and Flatpak formats were days apart -- while the formats were developed essentially in parallel, the existence of two 'universal' package formats has led to disagreement about competing standards. TechRepublic interviewed Martin Wimpress, engineering manager for Snapcraft at Canonical, about Ubuntu's long term plans for Snaps, its adoption and support in other Linux distributions, Canonical's position as the operator of the Snap Store, and the benefits Snaps provide over Flatpak. An excerpt from the interview: TechRepublic: Practically speaking, there are two competing standards for cross-platform application packaging -- three, if you count AppImage. What's the practical benefit that Canonical's Snap format offers over Flatpak or AppImage?
Martin Wimpress: If you look at the initial commits of both of those projects, Snaps have a lineage back to Click packages, which were developed for [Ubuntu Phone] originally. The Snap project developed out of what had been learned from doing the phones, with a view to solving problems in IoT. So, although technically snapd and xdg-apps -- and consequently Flatpak -- look like they emerged around the same time, Snaps can trace their lineage back to the Click project from several years previous. If we're looking at Flatpak specifically, we can probably include AppImage in most of these comparisons as well. Some of the similarities are that Snaps are self-contained software packages, which is something that Flatpak and AppImage strive to be as well. I think that Flatpak achieves that better than AppImage. I think AppImage still makes some assumptions on what's installed on the host operating system. It doesn't bundle everything inside the AppImage. Similarly, Snaps, Flatpak, and AppImage work across all the major Linux distributions without modification. We haven't all arrived at this solution by accident. We've clearly, independently, all realized that this is a problem that we need to solve in order to encourage software vendors to publish their applications on Linux, because Linux is a very broad platform to target. If you can lower the hurdles... to getting your software in front of users on Linux, then that's a good thing. And we're all aiming to do the same thing there.

The Linux Mint project today released the Linux Mint 19.2 "Tina", which is now available for download as Cinnamon, MATE, and Xfce editions. From a report: If your computer is fairly modern, take my advice and opt for the excellent Cinnamon. MATE and Xfce are solid choices too, although they are more appropriate for computers with meager hardware. For new users, choosing amongst three interfaces can be confusing -- thankfully, the Mint developers stopped using KDE almost two years ago. Linux Mint 19.2 "Tina" is based on the wildly popular Ubuntu operating system, but on 18.04 rather than the new 19.04. Why use an older version of Ubuntu as a base? Because 18.04 is an LTS or "Long Term Support" variant. While version 19.04 will be supported for less than a year, 18.04 is being supported for a mind-boggling 10 years! The Linux kernel is version 4.15 and not part of the newer 5.x series.

mfilion writes: Want to use the GNOME or KDE Linux desktops on your virtual-reality headset? A new open-source project aims to let you play games and use your Linux desktop with your VR head-mounted display. Xrdesktop is an open-source project "designed to let you work with traditional desktop environments, such as GNOME and KDE, in VR," reports ZDNet. "It does this by making window managers aware of VR. It then uses VR runtimes to render desktop windows in 3D space. Once there, you'll be able to work on the desktop using VR controllers in place of a mouse and keyboard."

You can find installation instructions on xrdesktop Wiki. The Valve-backed program is available in packages for Arch Linux and Ubuntu Linux. You can also install it on other distributions, but you'll need to install xrdesktop from source.

New submitter Grindop53 shares a report: Widespread reports of a "critical security issue" that supposedly impacted users of VLC media player have been debunked as "completely bogus" by developers. Earlier this week, German computer emergency response team CERT-Bund -- part of the Federal Office for Information Security (BSI) -- pushed out an advisory warning network administrators and other users of a high-impact vulnerability in VLC. It seems that this advisory can be traced back to a ticket that was opened on VLC owner VideoLAN's public bug tracker more than four weeks ago. The alleged heap-based buffer overflow flaw was disclosed by a user named "topsec(zhangwy)," who stated that a malicious .mp4 file could be leveraged by an attacker to take control of VLC media player users' devices. The issue was flagged as high-risk on the CERT-Bund site, and the vulnerability was assigned a CVE entry (CVE-2019-13615).

However, according to VideoLAN president Jean-Baptiste Kempf, the exploit does not work on the latest VLC build. In fact, any potential issues relating to the vulnerability were patched more than a year ago. "There is no security issue in VLC," Kempf told The Daily Swig in a phone conversation this morning. "There is a security issue in a third-party library, and a fix was pushed [out] 18 months ago." When asked how or why this oversight generated so much attention, Kempf noted that the reporter of the supposed vulnerability did not approach VideoLAN through its security reporting email address. "The guy never contacted us," said Kempf, who remains a lead developer at the VLC project. "This is why you don't report security issues on a public bug tracker." Kempf and his team were unable to replicate the issue in the latest version of VLC, leading many to believe that the bug reporter was working on a computer running an outdated version of Ubuntu. "If you report a security issue, at least update your Linux distribution," Kempf said.

intensivevocoder quotes TechRepublic: Following Canonical's pivot away from its internally-developed Unity user interface and Mir display server, Ubuntu has enjoyed two relatively low-drama years, as the Linux Desktop market homogenized during its transition back to a customized GNOME desktop. In a review of the most recent release, TechRepublic's Jack Wallen declared that "Ubuntu 19.04 should seriously impress anyone looking for a fast and reliable Linux desktop platform."

Largely, it's been a slow-and-steady pace for Ubuntu since the pivot from Unity to GNOME, though the distribution made headlines for plans to end support for 32-bit support. This prompted Valve, operators of games marketplace Steam, to re-think its approach toward Ubuntu, which it previously characterized as "as the best-supported path for desktop users."

TechRepublic's James Sanders interviewed Will Cooke, director of engineering for Ubuntu Desktop at Canonical, about the distribution's long-term plans for legacy 32-bit support, shipping a desktop in a post-Unity-era Ubuntu, and why Linux should be the first choice for users migrating from Windows 7 prior to the end of support.
From the interview:
When we did the switch to GNOME Shell from Unity, we did a survey [asking] people straightforward questions like, "What sort of features do you want to see continue in Ubuntu Desktop?" The answer came through very, very clearly that people liked having the launcher on the left, and they wanted to keep that feature there. They liked having desktop icons and they wanted to keep that feature there.

We've made decisions based on data from our user base, from our community. They have provided that feedback and we've done what the majority of people want.

Sometimes that doesn't go with the ideals of GNOME design, but we're comfortable with delivering what we see as value on top of GNOME. That's delivering a product which gives people consistency between the old days of Unity 7, and the new days of GNOME Shell. That transition was as easy as possible, everybody had a chance to have a say in it, and the answers were pretty clear.

If you're looking to try out a Linux distro that is not based on Ubuntu, Mageia 7 might be worth your consideration. It arrives two years after the release of Mageia 6 -- so unsurprisingly, the changelog is fairly long. The Mageia developers share the significant packages that have been updated below. Significant package updates include: kernel 5.1.14, rpm 4.14.2, dnf 4.2.6, Mesa 19.1, Plasma 5.15.4, GNOME 3.32, Xfce 4.14pre, Firefox 67, Chromium 73, and LibreOffice 6.2.3. Donald Stewart, Mageia developer, adds: There are lots of new features, exciting updates, and new versions of your favorite programs, as well as support for very recent hardware. There are classical installer images for both 32-bit and 64-bit architectures, as well as live DVDs for 64-bit Plasma, GNOME, Xfce, and 32-bit Xfce.

Microsoft's transformation into a fully paid-up member of the Linux love-train continued this week as the Windows giant sought to join the exclusive club that is the official linux-distros mailing list. From a report: The purpose of the linux-distros list is used by Linux distributions to privately report, coordinate, and discuss security issues yet to reach the general public; oss-security is there for stuff that is already out in the open or cannot wait for things to bounce around for a few days first. Sasha Levin, who describes himself as a "Linux kernel hacker" at the beast of Redmond, made the application for his employer to join the list, which if approved would allow Microsoft to tap into private behind-the-scenes chatter about vulnerabilities, patches, and ongoing security issues with the open-source kernel and related code.

These discussions are crucial for getting an early heads up, and coordinating the handling and deployment of fixes before they are made public. To demonstrate that Microsoft qualifies for membership alongside the likes of Ubuntu, Debian, and SUSE, he cited Microsoft's Azure Sphere and the Windows Subsystem For Linux (WSL) 2 as examples of distro-like builds.

Canonical has issued a statement on Ubuntu's 32-bit future, saying it will continue to build and maintain a 32-bit archive going forward. From a report: Of course, there was some negativity surrounding the decision -- as is common with everything in the world today. In particular, developers of WINE were upset, since their Windows compatibility layer depends on 32-bit, apparently. In a statement, Canonical said: "Thanks to the huge amount of feedback this weekend from gamers, Ubuntu Studio, and the WINE community, we will change our plan and build selected 32-bit i386 packages for Ubuntu 19.10 and 20.04 LTS. We will put in place a community process to determine which 32-bit packages are needed to support legacy software, and can add to that list post-release if we miss something that is needed. Community discussions can sometimes take unexpected turns, and this is one of those. The question of support for 32-bit x86 has been raised and seriously discussed in Ubuntu developer and community forums since 2014. That's how we make decisions."

An anonymous reader shares a report: The news that Ubuntu will drop support for the 32-bit x86 architecture was discussed recently by the Wine developers, on the Wine-devel mailing list. The Wine developers are concerned with this news because many 64-bit Windows applications still use a 32-bit installer, or some 32-bit components. "In practice, the only cases where 64-bit only wine will be useful are when 64-bit applications are packaged some other way (such as a .zip, Steam Play, or packaging specifically for Wine) or for running Wine builtins like msidb." Ubuntu's solution for using Wine on 32-bit going forward, which is to publish applications as snaps, or use an Ubuntu 18.04 LTS based LXD container that has full access to multiarch 32-bit WINE and related libraries, was also discussed by the Wine developers, with Vincent Povirk of CodeWeavers saying that there's no point putting much effort into this temporary solution. The maintainer of the Wine OBS repository also mentioned that he has no interest in maintaining so many libraries.