Security

Linux Kernel Exploit Busily Rooting 64-Bit Machines 488

An anonymous reader writes "Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this. CVE-2010-3081, this week's second high-profile local root exploit in the Linux kernel, is compromising machines left and right. Almost all 64-bit machines are affected, and 'Ac1db1tch3z' (classy) published code to let any local user get a root shell. Ac1db1tch3z's exploit is more malicious than usual because it leaves a backdoor behind for itself to exploit later even if the hole is patched. Luckily, there's a tool you can run to see if you've already been exploited, courtesy of security company Ksplice, which beat most of the Linux vendors with a 'rebootless' version of the patch."
Data Storage

Distinguishing Encrypted Data From Random Data? 467

gust5av writes "I'm working on a little script to provide very simple and easy to use steganography. I'm using bash together with cryptsetup (without LUKS), and the plausible deniability lies in writing to different parts of a container file. On decryption you specify the offset of the hidden data. Together with a dynamically expanding filesystem, this makes it possible to have an arbitrary number of hidden volumes in a file. It is implausible to reveal the encrypted data without the password, but is it possible to prove there is encrypted data where you claim there's not? If I give someone one file containing random data and another containing data encrypted with AES, will he be able to tell which is which?"
Security

Hole In Linux Kernel Provides Root Rights 274

oztiks writes with this excerpt from The H: "A vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges. For instance, attackers can break into a system and exploit a hole in the web server to get complete root (also known as superuser) rights or permissions for a victim's system. According to a report, the problem occurs because the 32-bit call emulation layer does not check whether the call is truly in the Syscall table. Ben Hawkes, who discovered the problem, says the vulnerability can be exploited to execute arbitrary code with kernel rights. ... Hawkes says the vulnerability was discovered and remedied back in 2007, but at some point in 2008 kernel developers apparently removed the patch, reintroducing the vulnerability. The older exploit apparently only needed slight modifications to work with the new hole."
Mandriva

Developers Fork Mandriva Linux, Creating Mageia 206

Anssi55 writes "As most of the Mandriva employees working on the Linux distribution were laid off due to the liquidation of Edge-IT (a subsidiary of Mandriva SA) and trust in the company has diminished, the development community (including the core developers) has decided to fork the project. The new Linux distribution, named Mageia, will be managed by a not-for-profit organization that will be set up in the coming days. There are already many people that have decided to follow the fork, but the people behind it are still welcoming any help offered in the various tasks related to establishing the new distribution."
Businesses

VMware Looks To Acquire Novell's SUSE Unit 161

minutetraders writes "According to the Wall Street Journal, VMware is attempting to acquire Novell's SUSE Linux operating system business. This move would give VMware a full stack of enterprise software and allow it to establish itself as a full-blown infrastructure and software vendor in direct competition with Red Hat." The WSJ report is behind a paywall, but it's accessible in full through a Google search.
Microsoft

Microsoft's Chief Exec For Latin America Says 'Open' Means 'Incompetent' 340

An anonymous reader writes "The President of Microsoft Latin America, in criticizing the Brazilian government for its support of open source software, claimed that declaring something open is how you 'mask incompetence.' That seems especially funny coming from Microsoft, who has used 'closed' to mask incompetence for years. I thought 'open' meant that people could find and fix (or ignore) incompetence, whereas closed meant you were stuck with the incompetence."
Graphics

Adobe Releases New 64-Bit Flash Plugin For Linux 240

TheDarkener writes "Adobe seems to have made an about face regarding their support for native 64-bit Linux support for Flash today, and released a new preview Flash plugin named 'Square.' This includes a native 64-bit version for Linux, which I have verified works on my Debian Lenny LTSP server by simply copying libflashplayer.so to /usr/lib/iceweasel/plugins — with sound (which I was never able to figure out with running the 32-bit version with nspluginwrapper and pulseaudio)."
Microsoft

Windows 7 vs. Ubuntu 10.04 702

Barence writes "PC Pro has performed a comprehensive test of Windows 7 vs Ubuntu 10.04. They've tested and scored the two operating systems on a number of criteria, including usability, bundled apps, performance, compatibility and business. The final result is much closer than you might expect. 'Ubuntu is clearly an operating system on the rise,' PC Pro concludes. 'If we repeat this feature in a year's time, will it have closed the gap? We wouldn't bet against it.'"
Ubuntu

Shuttleworth Answers Ubuntu Linux's Critics 382

climenole writes "Technomancer wrote: 'Mark Shuttleworth, Ubuntu Linux's founder, maintains that he and Ubuntu are doing right by the Linux community and the even larger open-source community. In recent weeks, Ubuntu has been criticized for not giving Linux enough support. Specifically, the complains have been that Canonical, the company behind Ubuntu, doesn't do enough for producing Linux source code.'"
Linux

Torvalds Becomes an American Citizen 654

netbuzz writes "Having brought his open-source work and family to the United States from Finland some time ago, Linus Torvalds has marked an important personal milestone by attaining US citizenship. A casual remark on the Linux kernel mailing list about registering to vote led to the community being in on the news. Torvalds has acknowledged being a bit of a procrastinator on this move, writing in a 2008 blog post: 'Yeah, yeah, we should probably have done the citizenship thing a long time ago, since we've been here long enough (and two of the kids are US citizens by virtue of being born here), but anybody who has had dealings with the INS will likely want to avoid any more of them, and maybe things have gotten better with a new name and changes, but nothing has really made me feel like I really need that paperwork headache again.' In that post he also expresses dislike for the American style of politics in which he will now be able to participate directly."
Handhelds

India's $35 7-Inch Android Tablet To Hit In January 205

indogiree writes "Engadget reports that India has just awarded the manufacturing contract to HCL Technologies. The first shipment will supposedly only contain the 7-inch model and is set to arrive on January 10. It's unclear if the $35 price has stuck or whether India's been successful in plans to drive the price down to $10 eventually with the help of large orders and government subsidies. HCL Technologies plans to initially produce 100,000 units. Among the key features of this India-based tablet include 2GB of RAM, web-conferencing, PDF reader, unzip, WiFi, camera and USB connectivity."
Businesses

Why Google Isn't Pushing Android For Tablets 224

Brad Linder of Liliputing posted an interesting analysis today about Google's reluctance to endorse Android for tablets. Linder argues that while there may be legitimate concern that Android just isn't polished enough for devices without phone access (because some apps need it), it would be smart for Google to segregate the apps themselves, so users can simply know which apps will work on Wi-Fi-only tablets. But from Google's perspective, he observes, "pushing a version of Android that isn't exclusively for phones could be all it takes for Chrome OS to be dead on arrival."
Open Source

Broadcom Releases Source Code For Drivers 350

I'm Not There (1956) writes "Broadcom, the world's largest manufacturer of Wi-Fi transceivers, open sources its Linux device drivers. This is a big win for Linux users, as there are a lot of users that face Wi-Fi problems when they use Linux on their laptops. With these device drivers now open source, distributions can ship them out-of-the-box, and that means no Linux Wi-Fi problems for new devices and upcoming distributions at all."
Programming

Programming Things I Wish I Knew Earlier 590

theodp writes "Raw intellect ain't always all it's cracked up to be, advises Ted Dziuba in his introduction to Programming Things I Wish I Knew Earlier, so don't be too stubborn to learn the things that can save you from the headaches of over-engineering. Here's some sample how-to-avoid-over-complicating-things advice: 'If Linux can do it, you shouldn't. Don't use Hadoop MapReduce until you have a solid reason why xargs won't solve your problem. Don't implement your own lockservice when Linux's advisory file locking works just fine. Don't do image processing work with PIL unless you have proven that command-line ImageMagick won't do the job. Modern Linux distributions are capable of a lot, and most hard problems are already solved for you. You just need to know where to look.' Any cautionary tips you'd like to share from your own experience?"
Ubuntu

Ubuntu 10.10 Beta Released 291

RandyDownes sends word that Canonical has released the beta version of Ubuntu 10.10 (Maverick Meerkat). The release announcement boasts faster boot times, GNOME 2.31, and a speedier version of Evolution. In addition, "The Ubuntu Software Center has an updated look and feel, including the new 'Featured' and 'What's New' views for showcasing applications, and an improved package description view. You can now easily access your package installation history too." The release notes and download page are both available.
Open Source

Open Source PS3 Jailbreak Released 226

tlhIngan writes "Despite all the lawsuits and injunctions by Sony to keep the PS3 Jailbreak out of modder's hands, it appears that a third party has made a clone. The best part is, it only requires a cheap (approximately $40) development board by Atmel, and the requisite software is open-source. Get the Atmel code from GitHub and apply a small patch which will enable backup play (the code by itself only lets you run unsigned code, the patch allows for BD backups). The code is GPLv3. It would be highly ironic if someone ported this to Linux USB Gadgets, then you could use a Linux device to jailbreak your PS3, to which Sony removed Linux functionality. An Android phone would be suitable."
Cellphones

Android Fork Brings Froyo To 12 Smartphones 193

jj110888 writes "CyanogenMod has just been updated to version 6.0, bringing Android Open Source Project 2.2 (Froyo) to several devices. This fork includes enchantments to many of the built-in apps, Ad-hoc network connectivity, OpenVPN support, Bluetooth HID, Incognito browsing, extensive control over audio and UI elements, and more found in the extensive CHANGELOG. The CyanogenMod team uses an instance of Google's gerrit tool for code review and patch submission, helping make this former backport of Android 1.6 to T-Mobile's G1 into thriving development for the G1/MyTouch/MyTouch 1.2, Droid, Nexus One, HTC Aria, HTC Desire, HTC Evo 4G (minus 4G and HDMI output), Droid Incredible, and MyTouch Slide. HTC Hero (including Droid Eris) are coming soon for 6.0, with Samsung Galaxy S devices expected to be supported in 6.1."
Red Hat Software

No More Need To Reboot Fedora w/ Ksplice 262

An anonymous reader writes "Ksplice, the technology that allows Linux kernel updates without a reboot, is now free for users of the Fedora distribution. Using Ksplice is like 'replacing your car's engine while speeding down the highway,' and it can potentially save your Linux systems from a lot of downtime. Since Fedora users often live on the bleeding edge of Linux development, Ksplice makes it even easier to do so, and without reboots!"

Slashdot Top Deals