prisoninmate quotes a report from Softpedia: According to Matthew Garrett, a renowned CoreOS security developer, and Linux kernel contributor, Canonical's new snap package format is not secure at all when it is used under X.Org Server (X Window System), which, for now, it is still the default display server of the Ubuntu 16.04 LTS (Xenial Xerus) operating system. The fact of the matter is that X11's old design is well-known for being insecure, and Matthew Garrett took the time to demonstrate this by writing a simple snap package that can steal data from any other X11 software, in this case anything you type on the Mozilla Firefox web browser. As more developers will provide snaps for their apps, Canonical needs to do something about the security of snaps in Ubuntu when using X11 or switch to the Mir display server. In the meantime, the security of snaps remains unaffected for the Ubuntu Server operating system, which is usually used without a display server. Canonical has officially released Ubuntu 16.04 LTS, which is now available to download for those interested.
Reader prisoninmate writes: The latest, and hopefully, the greatest version of Ubuntu is now available to download. On the sidelines, Mozilla today announced the availability of future releases of its popular Firefox web browser in the snap package format for Ubuntu 16.04 LTS. Earlier today, Canonical unleashed the final release of the highly anticipated Ubuntu 16.04 LTS (Xenial Xerus) operating system, bringing users a great set of new features and improvements. Also today, it looks like Canonical has renewed its partnership with Mozilla to offer Firefox as the default web browser on Ubuntu 16.04 LTS and upcoming releases of the Linux kernel-based operating systems. As part of the new partnership, Mozilla is committed to distributing future versions of Firefox as a snap package. Having Firefox distributed in the snap format means that you'll have 0-day releases in Ubuntu 16.04. Yes, just like Windows and Mac OS X, users are enjoying their 0-day releases of Mozilla Firefox and don't have to wait for package maintainers of a particular GNU/Linux distribution to update the software in the main repositories. For Mozilla, having Firefox as a snap package means that they'll be able to continually optimize it for Ubuntu.
An anonymous reader writes: Canonical announced today that it will be releasing Ubuntu 16.04 LTS on Thursday, April 21. The sixth major release of Ubuntu Long-Term Support (LTS) features the new 'snap' package format and LXD pure-container hypervisor. "The addition of 'snaps' for faster and simpler updates, and the LXD container hypervisor for ultra-fast and ultra-dense cloud computing demonstrate a commitment to customer needs that sets Ubuntu apart as the platform for innovation and scale," said Dustin Kirkland who leads platform strategy at Canonical. Ubuntu 16.04 LTS introduces a new application format, the 'snap', which can be installed alongside traditional deb packages. The snap format is much easier to secure and much easier to produce, and offers operational benefits for organizations managing many Ubuntu devices, which will bring more robust updates and more secure applications across all form factors from phone to cloud.
An anonymous reader writes: Cloud computing startup Mesosphere has opted to open-source its data center management platform. This move is backed by Microsoft, Hewlett-Packard Enterprise, Cisco Systems and roughly 60 other tech partners. The three-year-old San Francisco company's datacenter operating system (DCOS) was built as an operating system for all services in a data center to function as one pool of resources. Capabilities include the quick, app store-like installation of more than 20 complex distributed systems, including HDFS, Apache Spark, Apache Kafka and Apache Cassandra, Mesosphere said in an announcement. Although some of the company's technologies were already available as open source, others were propriety until now. Mesosphere said it welcomes additional enterprises interested in partnering on this open source project.Wired has more details on this in its slightly enthusiastic report titled You want to build an empire like Google's? This is your OS.
An anonymous reader quotes a report from ZDNet: One reason Ubuntu is increasing its lead is that Jujo, Canonical's application modeling and deployment DevOps tool, has been gaining in popularity. In the latest OpenStack user survey, we see that OpenStack is finally gaining real momentum in private clouds. We also see that Ubuntu Linux is continuing to dominate OpenStack. As Canonical cloud marketing manager Bill Bauman said, "Ubuntu OpenStack continues to dominate the majority of deployments with 55 percent of production OpenStack clouds. The previous survey showed Ubuntu OpenStack at 33 percent of production clouds. Ubuntu has seen almost 67 percent growth in an area where Ubuntu was already the market leader. These numbers are a huge testament to the community support Ubuntu OpenStack receives every day." The Cloud Market's latest analysis of operating systems on the Amazon Elastic Compute Cloud (EC2) shows Ubuntu with just over 215,000 instances. Ubuntu is followed by Amazon's own Amazon Linux Amazon Machine Image (AMI), with 86,000 instances. Further back, you'll find Windows with 26,000 instances. In fourth and fifth place, respectively, you'll find Red Hat Enterprise Linux (RHEL) with 16,500 instances and then CentOS with 12,500 instances.
An anonymous reader writes: Microsoft has announced a CentOS-based VM image for Azure called 'Linux Data Science Virtual Machine'. The VM has pre-installed tools such as Anaconda Python Distribution, Computational Network Toolkit, and Microsoft R Open. It focuses on machine learning and analytics, making it a great choice for data scientists. "Thanks to Azure's worldwide cloud infrastructure, customers now have on-demand access to a Linux environment to perform a wide range of data science tasks. The VM saves customers the time and effort of having to discover, install, configure and manage these tools individually. Hosting the data science VM on Azure ensures high availability, elastic capacity and a consistent set of tools to foster collaboration across your team", says Gopi Kumar, Senior Program Manager, Microsoft Data Group.
An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 50 for Windows, Mac, and Linux, adding the usual slew of developer features. You can update to the latest version now using the browser's built-in silent updater, or download it directly from google.com/chrome. As announced in November 2015, Chrome now no longer supports Windows XP, Windows Vista, OS X 10.6 Snow Leopard, OS X 10.7 Lion, nor OS X 10.8 Mountain Lion. Chrome 50 allows sites to include notification data payloads with their push messages. This eliminates the final server check -- the initial version relied on service workers to proactively fetch the information for a notification from the server, leading to problems when there were multiple messages in flight or when the device was on a poor network connection. Push notification payloads must be encrypted. Sites can now detect when a notification is closed by the user, resulting in better analytics and allowing for cross-device notification dismissal. The look of notifications can now be customized with timestamps and icons. Chrome 50 also brings support for declarative preload.
An anonymous reader points us to a report on Neowin: Canonical, Ubuntu's parent company, has announced that Ubuntu 16.04 LTS (Long Term Support) will come with support for the snap packaging format and tools. As a result, end users will get more up-to-date apps, something that proved tricky in the past due âoethe complexity of packaging and providing updates,â which prevented updates to some apps being delivered. Snaps will make the Ubuntu platform more unified, developers will more easily be able to create software for PC, Server, Mobile, or IoT devices. The other major benefit of snaps is that that they're more secure than software installed through deb packages. Snaps are isolated from the rest of the system, meaning that malware packaged with a snap won't be able to affect your Ubuntu installation.
msm1267 quotes a report from Threatpost: Weeks of anxiety and concern over the Badlock vulnerability ended today with an anticlimactic thud. Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message block (SMB) protocol that provides file and print services for Windows clients. As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it's a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services. SerNet, a German consultancy behind the discovery of Badlock, fueled the hype at the outset with a number of since-deleted tweets that said any marketing boost as a result of its branding and private disclosure of the bug to Microsoft was a bonus for its business. For its part, Microsoft refused to join the hype machine and today in MS16-047 issued a security update it rated 'Important' for the Windows Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD). The bulletin patches one vulnerability (CVE-2016-0128), an elevation of privilege bug in both SAM and LSAD that could be exploited in a man-in-the-middle attack, forcing a downgrade of the authentication level of both channels, Microsoft said. An attacker could then impersonate an authenticated user.
An anonymous reader shares an article on Ars Technica: A botnet that enslaved about 4,000 Linux computers and caused them to blast the Internet with spam for more than a year has finally been shut down. Sophisticated Mumblehard spamming malware flew under the radar for five years. Known as Mumblehard, the botnet was the product of highly skilled developers. It used a custom "packer" to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam. Command servers that coordinated the compromised machines' operations could also send messages to Spamhaus requesting the delisting of any Mumblehard-based IP addresses that sneaked into the real-time composite blocking list, or CBL, maintained by the anti-spam service. "There was a script automatically monitoring the CBL for the IP addresses of all the spam-bots," researchers from security firm Eset wrote in a blog post published Thursday. "If one was found to be blacklisted, this script requested the delisting of the IP address. Such requests are protected with a CAPTCHA to avoid automation, but OCR (or an external service if OCR didn't work) was used to break the protection."
prisoninmate writes: To celebrate the launch of Ubuntu 16.04 LTS, due for release later this month, on April 21, Canonical put together an interesting infographic, showing the world how popular Ubuntu is. From the infographic, it looks like there are over 60 million Ubuntu images launched by Docker users, 14 million Vagrant images of Ubuntu 14.04 LTS from HashiCorp, 20 million launches of Ubuntu instances during 2015 in public and private clouds, as well as bare metal, and 2 million new Ubuntu Cloud instances launched in November 2015. Ubuntu is used on the International Space Station, on the servers of popular online services like Netflix, Snapchat, Pinterest, Reddit, Dropbox, PayPal, Wikipedia, and Instagram, in Google, Tesla, George Hotz, and Uber cars. It is also employed at Bloomberg, Weta Digital and Walmart, at the Brigham Young University to control the Mars Rover, and it is even behind the largest supercomputer in the world.
Reader itwbennett writes: Linus Torvalds told attendees at the Embedded Linux Conference that although Linux hasn't dominated the desktop like it 'has in many other areas,' he isn't particularly disappointed and also hasn't given up on that goal. "I actually am very happy with the Linux desktop, and I started the project for my own needs, and my needs are very much fulfilled," Torvalds said. "That's why, to me, it's not a failure. I would obviously love for Linux to take over that world too, but it turns out it's a really hard area to enter. I'm still working on it. It's been 25 years. I can do this for another 25. I'll wear them down."
An anonymous reader writes: Microsoft has released a new Windows 10 preview for PCs. The preview, dubbed build 14316, comes with a range of features including support for Bash, which Microsoft had announced at its developer conference Build last week. Users interested in it can enable the feature by turning on Developer Mode (detailed instructions here), searching for "Windows Features," choosing "Turn Windows features on or off," and enable Windows Subsystem for Linux (Beta). To get Bash installed, open Command Prompt and type in "bash" (without the quotes.) Other features included in the new build include low battery notification, find my phone (ring my phone), and the ability to share map directions across devices. Additionally, the company has also released a new universal Skype app.
Opera co-founder and former CEO Jon von Tetzchner on Wednesday launched the v1.0 of Vivaldi browser. Vivaldi v1.0, which is aimed at "power users", is available to download from the company's website for Windows, OS X, and Linux platforms. The Norway, Oslo company has been working on it since 2013. Vivaldi offers a range of features such as support for Chrome extension, Tab Stacks, Rewind and Fast Forward, and built-in support for custom keyboard shortcuts and mouse gestures. There are plenty of other handy tools including the ability to check how much data a Web page has consumed in real time.
prisoninmate writes: Budgie-Remix maintainer David Mohammed informs Softpedia about the progress made with the upcoming operating system, whose ultimate goal is to become an official Ubuntu Linux flavor, possibly under the name of Ubuntu Budgie. Even Canonical founder Mark Shuttleworth said in a Google+ comment last month that it will definitely support if there is a community around the packaging. Since their initial report, it looks like the developer managed to get in contact with the Ubuntu MATE project leader Martin Wimpress, who urged him to target Ubuntu 16.10 for an official status of his soon-to-be-named Ubuntu flavor built on top of the Budgie desktop environment created by the team of developers from Solus Project.
An anonymous reader writes: Wim Coekaerts, formerly Oracle's Senior VP of Linux and Virtualization Engineering, has left Oracle for Microsoft. Many of you may know of Coekaerts as "Mr. Linux" as he delivered the first Linux products, transitioned Oracle's programming staff from Windows to Linux desktops, and turned Oracle into a Linux distributor with the launch of its Red Hat Enterprise Linux (RHEL) clone, Oracle Linux. Mike Neil, Microsoft's Corporate Vice President of the Enterprise Cloud, told ZDNet, "Wim Coekaerts has joined Microsoft as Corp VP of Open Source in our Enterprise Cloud Group. As we continue to deepen our commitment to open source, Wim will focus on deepening our engagement, contributions and innovation to the open-source community."
An anonymous reader writes: Brave, a new privacy and speed focused web browser for Windows, Mac, Linux, iOS, and Android, backed by Mozilla co-founder Brendan Eich, will pay its users in bitcoin to watch ads. From a PCWorld article, 'Under this plan, advertisers pay for a certain number of impressions, and Brave aggregates those payments into one sum. Websites that participate in the scheme get 55 percent of the money, weighted by how many impressions are served on their sites. For both users and publishers, Brave deposits the money into individual bitcoin wallets, and both parties must verify their identity to claim the funds. This requires an email and phone number for users, and more stringent identification steps for publishers. Users who don't verify will automatically donate their share of the funds back to the sites they visit most.' It appears Brave's strategy hinges on, among other things, collecting your browsing data to display relevant ads. The aforementioned article also says that users will have an option to block all ads by paying a monthly subscription to Brave. Not sure how many people would want to buy that.
An anonymous reader shares a report on BetaNews: Red Hat -- fresh from celebrating a historic $2 billion in annual revenue -- releases a developer-focused gift to the world. The Red Hat Enterprise Linux Developer Suite is totally free, including an RHEL license and valuable developer tools, like the JBoss Middleware portfolio. This is through the Red Hat Developer Program. If you want to take advantage of this amazing offer, you can sign up through the company's website Red Hat seems a bit late to the party. Many argue that the company should've made its update-only subscription for individuals free from the beginning -- especially considering it isn't a major source of revenue for the company. Exciting time for developers, nonetheless.
New submitter somebearouthere writes: Skype for Linux was updated in 2014 to v4.3 and has since sat there without an update while its counterpart on other platforms has been receiving updates. Sometime in 2015, Microsoft quietly abandoned that version of the product, showing back to Linux users who had paid for subscriptions with the expectation that one day they too would be able to finally use group video chat, have a real 64-bit version available and get an improved UI. Skype developers have just thrown in the towel and it has left the user base frustrated. Last month many users reported that Microsoft had broken the app's ability to join calls. Two Linux enthusiasts penned the issue in a blog signed by "lots of angry Linux users." I have contacted Microsoft numerous times over the past few weeks but it remains tight-lipped on the matter. I have a feeling Microsoft isn't going to update Skype for Linux.
An anonymous reader quotes a report from THE INQUIRER: Now-defunct Unix vendor, which claimed that Linux infringed its intellectual property and sought as much as $5 billion in compensation from IBM, has filed notice of yet another appeal in the 13-year-old dispute. The appeal comes after a ruling at the end of February when SCO's arguments claiming intellectual property ownership over parts of Unix were rejected by a U.S. district court. That judgment noted that SCO had minimal resources to defend counter-claims filed by IBM due to SCO's bankruptcy. "It is ordered and adjudged that pursuant to the orders of the court entered on July 10, 2013, February 5, 2016, and February 8, 2016, judgement is entered in favor of the defendant and plaintiff's causes of action are dismissed with prejudice," stated the document. Now, though, SCO has filed yet again to appeal that judgement, although the precise grounds it is claiming haven't yet been disclosed.