Remember when BlackBerry reported Advanced Persistent Threat groups have been infiltrating critical Linux servers for at least eight years? What's the lesson to be learned?

LinuxSecurity Founder Dave Wreski argues "Although it may be easy to blame the rise in attacks targeting Linux in recent years on security vulnerabilities in the operating system as a whole, this is simply not the truth. The majority of exploits on Linux systems can be attributed to misconfigured servers and poor administration."

Writing for Linux Security, Slashdot reader b-dayyy gathered some additional responses: Some experts argue that it is the popularity of Linux that makes it a target. Joe McManus, Director of Security at Canonical, explains: "Linux and, particularly Ubuntu, are incredibly secure systems but, that being said, it is their popularity that makes them a target." Ian Thornton-Trump, a threat intelligence expert and the CISO at Cyjax, adds: "From an economic and mission perspective, it makes sense for a threat actor to invest in open-source skills for flexibility and the ability to target the systems where the good stuff is happening."

Despite the increasing number of threats targeting Linux systems, there is still a sound argument for the inherent security of Linux, which can be attributed to the core fundamentals of Open Source. Due to the transparency of open-source code and the constant scrutiny that this code undergoes by a vibrant global community, vulnerabilities are identified and remedied quicker than flaws that exist in the opaque source code of proprietary software and operating systems. Threat actors recognize this, and are still directing the majority of their attacks at proprietary operating systems.

These attacks do; however, serve as a much-needed wakeup call for the security community that more needs to be done to protect Linux servers. BlackBerry's report reveals that security solutions and defensive coverage available within Linux environments is "immature at best". Endpoint protection, detection and response products are inadequately utilized by too many Linux users, and endpoint solutions available for Linux systems are often insufficient in combating advanced exploits. Eric Cornelius, Chief Product Officer at BlackBerry, evaluates: "Security products and services that support Linux, offerings that might detect and give us insight into a threat like this, are relatively lacking compared to other operating systems, and security research about APT use of Linux malware is also relatively sparse."

Linux malware is real and Advanced Persistent Threat (APT) groups have been infiltrating critical servers with these tools for at least eight years, according to a new report from BlackBerry. From a report: In "Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android," security researchers found that these groups have attacked companies around the world and across all industries with goals ranging from simple cybercrime to full-blown economic espionage. The RATs report describes how five APT groups are working with the Chinese government and the remote access trojans (RATs) the cybercriminals are using to get and maintain access to Linux servers.

According to the report, the groups appeared to be using WINNTI-style tooling to take aim at Linux servers and remain relatively undetected for almost a decade. These groups are targeting Red Hat Enterprise, CentOS, and Ubuntu Linux environments for espionage and intellectual property theft. The APT groups examined include the original WINNTI GROUP, PASSCV, BRONZE UNION, CASPER (LEAD), and a newly identified group BlackBerry researchers are tracking as WLNXSPLINTER. The BlackBerry researchers think all five groups are working together, given the distinct similarities in their preferred tools, tactics, and procedures.

An anonymous reader shares a report: Today, we learn some new details about the upcoming Linux Mint 20. While most of the newly revealed information is positive, there is one thing that is sure to upset many Linux Mint users. First things first, Linux Mint 20 will be based on the upcoming Ubuntu 20.04. This shouldn't come as a surprise, as Mint only uses Long Term Support versions of Ubuntu, and 20.04 will be an LTS. We also now know the name of Linux Mint 20. The Mint team always uses female names, and this time they chose "Ulyana." This is apparently a Russian name meaning "youthful." So far, all of the news is positive, so what exactly will upset some users? The Linux Mint developers are finally dropping 32-bit support and will only produce 64-bit ISOs.

The 2020 spring edition of the Pwn2Own hacking contest has come to a close today. This year's winner is Team Fluoroacetate -- made up of security researchers Amat Cama and Richard Zhu -- who won the contest after accumulating nine points across the two-day competition, which was just enough to extend their dominance and win their fourth tournament in a row. From a report: But this year's edition was a notable event for another reason. While the spring edition of the Pwn2Own hacking contest takes place at the CanSecWest cyber-security conference, held each spring in Vancouver, Canada, this year was different. Due to the ongoing coronavirus (COVID-19) outbreak and travel restrictions imposed in many countries around the globe, many security researchers couldn't attend or weren't willing to travel to Vancouver and potentially put their health at risk. Instead, this year's Pwn2Own edition has become the first-ever hacking contest that has been hosted in a virtual setting. Participants sent exploits to Pwn2Own organizers in advance, who ran the code during a live stream with all participants present. During the competition's two-day schedule, six teams managed to hack apps and operating systems like Windows, macOS, Ubuntu, Safari, Adobe Reader, and Oracle VirtualBox. All bugs exploited during the contest were immediately reported to their respective companies.

Microsoft has announced that its cross-platform automation tool and configuration framework PowerShell 7 is now generally available. From a report: Available for Windows, macOS and Linux, PowerShell 7 sees Microsoft moving from .NET Core 2.x to 3.1 which enables greater backwards compatibility with existing Windows PowerShell modules thanks to the resurrection of numerous .NET Framework APIs. The cross-platform nature of PowerShell 7 means that Ubuntu, openSUSE, Fedora, Debian and other Linux distro are embraced. Joey Aiello, product manager of PowerShell, says: "If you weren't able to use PowerShell Core 6.x in the past because of module compatibility issues, this might be the first time you get to take advantage of some of the awesome features we already delivered since we started the Core project!"

"Now budding Python developers can read up on the National Security Agency's own Python training materials," reports ZDNet: Software engineer Chris Swenson filed a Freedom of Information Act request with the NSA for access to its Python training materials and received a lightly redacted 400-page printout of the agency's COMP 3321 Python training course. Swenson has since scanned the documents, ran OCR on the text to make it searchable, and hosted it on Digital Oceans Spaces. The material has also been uploaded to the Internet Archive...

"If you don't know any programming languages yet, Python is a good place to start. If you already know a different language, it's easy to pick Python on the side. Python isn't entirely free of frustration and confusion, but hopefully you can avoid those parts until long after you get some good use out of Python," writes the NSA...

Swenson told ZDNet that it was "mostly just curiosity" that motivated him to ask the NSA about its Python training material. He also said the NSA had excluded some course material, but that he'll keep trying to get more from the agency... Python developer Kushal Das has pulled out some interesting details from the material. He found that the NSA has an internal Python package index, that its GitLab instance is gitlab.coi.nsa.ic.gov, and that it has a Jupyter gallery that runs over HTTPS. NSA also offers git installation instructions for CentOS, Red Hat Enterprise Linux, Ubuntu, and Windows, but not Debian.

An anonymous reader quotes a report from ZDNet: In May 2019, South Korea's Interior Ministry announced plans to look into switching to the Linux desktop from Windows. It must have liked what it saw. According to the Korean news site Newsis, the South Korean Ministry of Strategy and Planning has announced the government is exploring moving most of its approximately 3.3 million Windows computers to Linux. The reason for this is simple. It's to reduce software licensing costs and the government's reliance on Windows. As Choi Jang-hyuk, the head of the Ministry of Strategy and Finance, said, "We will resolve our dependency on a single company while reducing the budget by introducing an open-source operating system."

How much? South Korean officials said it would cost 780 billion won (about $655 million) to move government PCs from Windows 7 to Windows 10. [...] Windows will still have a role to play for now on South Korean government computers. As the Aju Business Daily, a South Korean business news site, explained: Government officials currently use two physical, air-gapped PCs. One is external for internet use, and the other is internal for intranet tasks. Only the external one will use a Linux-based distro. Eventually, by 2026, most civil servants will use a single Windows-powered laptop. On that system, Windows will continue to be used for internal work, while Linux will be used as a virtual desktop via a Linux-powered cloud server. This looks to eventually end up as a Desktop-as-a-Service (DaaS) model. The report notes that the Ministry of National Defense and National Police Agency are already using the Ubuntu Linux 18.04 LTS-based Harmonica OS 3.0.

"Meanwhile, the Korean Postal Service division is moving to TMaxOS," reports ZDNet. "The Debian Linux-based South Korean Gooroom Cloud OS is also being used by Defense and the Ministry of Public Administration and Security."

An anonymous reader quotes TechRadar: Intel's Clear Linux distribution looks like it could be the best operating system to run on cheap AMD hardware, with benchmarks showing it outperforms Windows 10 and Ubuntu on a $199 laptop with a budget AMD Ryzen 3200U processor. The Phoronix website ran a series of benchmarks on a super-cheap AMD laptop from Walmart, and found that Intel Clear Linux beat popular Linux distros Fedora and Ubuntu for 78% of the tests.

Not only is it remarkable that a relatively unknown Linux distro is so easily outperforming established operating systems, the fact that Intel is the company behind the distro is particularly ironic. As you can imagine, Clear Linux is optimized for Intel processors, but it seems like it works brilliantly on AMD hardware as well.

In 2017 Elementary OS built a pay-what-you-want app store -- funded with $10,000 raised on IndieGogo. Now they're trying to raise another $10,000 for a one-week, in-person sprint in Denver, Colorado, Forbes reports, to upgrade the store while bringing an even grander concept to reality: That concept comprises 4 main goals:

- Enable open source developers to monetize their apps on every other Linux distribution

- Empower developers to ship apps with cutting-edge technologies

- Improve privacy, security, and stability

- Streamline the payments process

On the technical side of things, the team plans to rebuild AppCenter's backend from the ground up to enable newer technologies developers are asking for, and they're rallying behind the Flatpak packaging format to get it done. They've already been collaborating with the FlatHub team, and plan to bring in developers from Endless and GNOME to ensure that "our solution can be reused and improved by other Flatpak stores and the greater open source desktop ecosystem."
For a donation of $10, "you'll have your name immortalized in the AppCenter code on GitHub," explains a promotional video. (There's already 70 backers who have claimed this perk.) In fact, "Less than 8 hours ago we launched #AppCenterForEveryone, and we're 50% funded," announced an update Friday on Twitter. The campaign's web page shared this note of appreciation.

"With your support, we'll be able to accelerate the timeline on adopting cutting edge technology and making an even more competitive Open Source operating system and a compelling foundation for all Flatpak stores."

Phoronix's Michael Larabel is doing some performance testing on Walmart's $199 Motile-branded M141 laptop (which has an AMD Ryzen 3 3200U processor, Vega 3 graphics, 4GB of RAM, and a 14-inch 1080p display).

But first he compared the performance of its pre-installed Windows 10 OS against the forthcoming Ubuntu 20.04 LTS Linux distribution.

Some highlights: - Java text rendering performance did come out much faster on Ubuntu 20.04 with this Ryzen 3 3200U laptop...

- The GraphicsMagick imaging program tended to run much better on Linux, which we've seen on other systems in the past as well.

- Intel's Embree path-tracer was running faster on Ubuntu...

- Various video benchmarks were generally favoring Ubuntu for better performance though I wouldn't recommend much in the way of video encoding from such a low-end device...

- The GIMP image editing software was running much faster on Ubuntu 20.04 in its development state than GIMP 2.10 on Windows 10...

- Python 3 performance is still much faster on Linux than Windows.

- If planning to do any web/LAMP development from the budget laptop and testing PHP scripts locally, Ubuntu's PHP7 performance continues running much stronger than Windows 10. - Git also continues running much faster on Linux.
Their conclusion? "Out of 63 tests ran on both operating systems, Ubuntu 20.04 was the fastest... coming in front 60% of the time." (This sounds like 38 wins for Ubuntu versus 25 wins for Windows 10.)

"If taking the geometric mean of all 63 tests, the Motile $199 laptop with Ryzen 3 3200U was 15% faster on Ubuntu Linux over Windows 10."

You can buy an official Kubuntu laptop. Called "Focus". It is an absolutely powerhouse with top specs. From a report: Here's the specs list:
CPU: Core i7-9750H 6c/12t 4.5GHz Turbo
GPU: 6GB GTX-2060
RAM: 32GB Dual Channel DDR4 2666 RAM
Storage: 1TB Samsung 970 EVO Plus NVMe
Display: 16.1" matte 1080p IPS
Keyboard: LED backlit, 3-4mm travel
User expandable SDD, NVMe, and RAM
Superior cooling
The starting price for the Kubuntu Focus Laptop is $2395.

Ars Technica recently ran a rebuttal by author, podcaster, coder, and "mercenary sysadmin" Jim Salter to some comments Linus Torvalds made last week about ZFS.

While it's reasonable for Torvalds to oppose integrating the CDDL-licensed ZFS into the kernel, Salter argues, he believes Torvalds' characterization of the filesystem was "inaccurate and damaging."
Torvalds dips into his own impressions of ZFS itself, both as a project and a filesystem. This is where things go badly off the rails, as Torvalds states, "Don't use ZFS. It's that simple. It was always more of a buzzword than anything else, I feel... [the] benchmarks I've seen do not make ZFS look all that great. And as far as I can tell, it has no real maintenance behind it any more..."

This jaw-dropping statement makes me wonder whether Torvalds has ever actually used or seriously investigated ZFS. Keep in mind, he's not merely making this statement about ZFS now, he's making it about ZFS for the last 15 years -- and is relegating everything from atomic snapshots to rapid replication to on-disk compression to per-block checksumming to automatic data repair and more to the status of "just buzzwords."

[The 2,300-word article goes on to describe ZFS features like per-block checksumming, automatic data repair, rapid replication and atomic snapshots -- as well as "performance wins" including its Adaptive Replacement caching algorithm and its inline compression (which allows datasets to be live-compressed with algorithms.]

The TL;DR here is that it's not really accurate to make blanket statements about ZFS performance, absent a very particular, well-understood workload to measure that performance on. But more importantly, quibbling about the fastest possible benchmark rather loses the main point of ZFS. This filesystem is meant to provide an eminently scalable filesystem that's extremely resistant to data loss; those are points Torvalds notably never so much as touches on....

Meanwhile, OpenZFS is actively consumed, developed, and in some cases commercially supported by organizations ranging from the Lawrence Livermore National Laboratory (where OpenZFS is the underpinning of some of the world's largest supercomputers) through Datto, Delphix, Joyent, ixSystems, Proxmox, Canonical, and more...

It's possible to not have a personal need for ZFS. But to write it off as "more of a buzzword than anything else" seems to expose massive ignorance on the subject... Torvalds' status within the Linux community grants his words an impact that can be entirely out of proportion to Torvalds' own knowledge of a given topic -- and this was clearly one of those topics.

"I've grown quite fond of the docker container runtime. It's easy to install and use, and many of the technologies I write about depend upon this software," writes TechRepublic/Linux.com contributor Jack Wallen.

"But Red Hat has other plans." The company decided -- seemingly out of the blue -- to drop support for the docker runtime engine. In place of docker came Podman. When trying to ascertain why Red Hat split with Docker, nothing came clear. Sure, I could easily draw the conclusion that Red Hat had grown tired of the security issues surrounding Docker and wanted to take matters in their own hands. There was also Red Hat's issue with "no big fat daemons." If that's the case, how do they justify their stance on systemd?

Here's where my tinfoil hat comes into play. Understand this is pure conjecture here and I have zero facts to back these claims up... Red Hat is now owned by IBM. IBM was desperate to gain serious traction within the cloud. To do that, IBM needed Red Hat, so they purchased the company. Next, IBM had to score a bit of vendor lock-in. Using a tool like docker wouldn't give them that lock-in. However, if Red Hat developed and depended on their own container runtime, vendor lock-in was attainable....

Red Hat has jettisoned a mature, known commodity for a less-mature, relatively unknown piece of software -- without offering justification for the migration.... Until Red Hat offers up a sound justification for migrating from the docker container engine to Podman, there's going to be a lot of people sporting tinfoil hats. It comes with the territory of an always-connected world. And if it does turn out to be an IBM grab for vendor lock-in, there'll be a lot of admins migrating away from RHEL/CentOS to the likes of Ubuntu Server, SUSE/openSUSE, Debian, and more.
Red Hat's product manager of containers later touted Podman's ability to deploy containers without root access privileges in an interview with eWeek. "We felt the sum total of its features, as well as the project's performance, security and stability, made it reasonable to move to 1.0. Since Podman is set to be the default container engine for the single-node use case in Red Hat Enterprise Linux 8, we wanted to make some pledges about its supportability."

And a Red Hat spokesperson also shared their position with The New Stack. "We saw our customer base wanting the container runtime lifecycle baked-in to the OS or in delivered tandem with OpenShift."

Pine64 will finally start shipping the pre-order units of PinePhone Braveheart Edition on January 17, 2020. Fossbytes reports: A year ago, PinePhone was made available only to developers and hackers. After getting better responses and suggestions, the Pine64 developers planned to bring Pinephone for everyone. In November last year, pre-orders for PinePhone Braveheart Edition commenced for everyone. But due to manufacturing issues coming in the way, the shipment date slipped for weeks, which was scheduled in December last year.

PinePhone Braveheart Edition is an affordable, open source Linux-based operating system smartphone preloaded with factory test image running on Linux OS (postmarketOS) on inbuilt storage. You can check on PinePhone Wiki to find the PinePhone compatible operating system such as Ubuntu Touch, postmarketOS, or Sailfish OS, which you can boot either from internal storage or an SD card.

An anonymous reader quotes Forbes: If you've been following the steady march of progress from Dell's Linux-first Project Sputnik team, you're no doubt aware that the "Developer Edition" variant of the XPS 13 is one of the finest Linux-ready ultrabooks you can buy. Just ahead of CES 2020, Dell is pushing out a few more improvements including a feature that's been hotly requested: fingerprint-reader support. It's one of several enhancements Dell is promising to Linux users for its 10th-generation XPS 13, including a new maximum of 32GB RAM and a redesigned "InfinityEdge" display that adds even more screen real estate, resulting in an adjusted 16:10 aspect ratio to match... Details on fingerprint-reader support are still a bit vague, but Dell says it will be released shortly after the system's February 2020 launch as an OTA (over-the-air) update, and then as part of the preloaded Ubuntu Developer Edition image it ships with the system.
Dell's lead on Project Sputnik developer systems, Barton George, also blogged about Dell's new 86-inch 4K interactive touch monitor, as well as their upcoming Latitude 9510 notebook and 2-in-1 laptops, promising "a new ultra-premium class of products" offering 5G mobile broadband capabilities, AI-based productivity capabilities, and 30-plus hours of battery life.

The blog post ends by noting that "While project Sputnik is the most visible Linux-based offerings from Dell, it is only a small fraction of the over 150 systems that make up Dell's Linux portfolio."

Zack Whittaker, writing for TechCrunch: Last week, Spotify sent a number of USB drives to reporters with a note: "Play me." It's not uncommon for reporters to receive USB drives in the post. Companies distribute USB drives all the time, including at tech conferences, often containing promotional materials or large files, such as videos that would otherwise be difficult to get into as many hands as possible. But anyone with basic security training under their hat will know to never plug in a USB drive without taking some precautions first.

Concerned but undeterred, we safely examined the contents of the drive using a disposable version of Ubuntu Linux (using a live CD) on a spare computer. We examined the drive and found it was benign. On the drive was a single audio file. "This is Alex Goldman, and you've just been hacked," the file played. The drive was just a promotion for a new Spotify podcast. Because of course it was. Jake Williams, a former NSA hacker and founder of Rendition Infosec, called the move "amazingly tone deaf" to encourage reporters into plugging in the drives to their computers.

An anonymous reader writes: Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams. They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard. The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected: Ubuntu 19.10 (systemd), Fedora (systemd), Debian 10.2 (systemd), Arch 2019.05 (systemd), Manjaro 18.1.1 (systemd), Devuan (sysV init), MX Linux 19 (Mepis+antiX), Void Linux (runit), Slackware 14.2 (rc.d), Deepin (rc.d), FreeBSD (rc.d), and OpenBSD (rc.d).

This security flaw "allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website," according to William J. Tolley, Beau Kujath, and Jedidiah R. Crandall, Breakpointing Bad researchers at University of New Mexico. "Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections," the researchers said.

An anonymous reader shares a report: elementary OS has long been viewed by many as the future of Linux on the PC thanks to its beautiful desktop environment and overall polished experience. Development of the Ubuntu-based operating system has been frustratingly slow, however. This shouldn't be surprising, really, as the team of developers is rather small, and its resources are likely much less than those of larger distributions such as the IBM-backed Fedora or Canonical's Ubuntu. And that is what makes elementary OS so remarkable -- its developers can make magic on a smaller budget. Today, the latest version of the operating system is released. Code-named "Hera," elementary OS 5.1 is now available for download. Support for Flatpak is now baked in -- this is significant, as the developers explain it is "the first non-deb packaging format we've supported out of the box." The Linux kernel now sits at a very modern 5.0. One of the most important aspects of elementary OS, the AppCenter, is now an insane 10 times faster than its predecessor.

An anonymous reader writes: Called "Zorin OS 15 Lite," it is not only lightweight, but thanks to the Xfce desktop environment and integrated Flatpak support, it should be quite familiar to those switching from Windows. In fact, the developers are intentionally targeting existing Windows 7 users, as Microsoft's operating system will be unsupported beginning January 2020. Zorin OS 15 Lite, in comparison, is based on Ubuntu 18.04 LTS and supported until 2023! It even comes with the very modern Linux kernel 5.0. "With Zorin OS 15 Lite, we've condensed the full Zorin OS experience into a streamlined operating system, designed to run fast on computers as old as 15 years. With version 15, we've gone the extra mile to make the XFCE 4.14-based desktop feel familiar and user-friendly to new users, especially those moving away from Windows 7 leading up to the end of its support in January 2020. By pairing the most advanced and efficient software with a user-friendly experience, we've made it possible for anyone to extend the lifespan of their computers for years to come," explains the Zorin OS developers.

An anonymous reader quotes the International Business Times: At the recent Tianfu cup held in Chengdu, China, Chinese China's top white-hat hackers have converged to test zero-days against top software available in the market today. During the first day of the event, Chinese security researchers were able to break into major browsers such as Safari, Microsoft Edge, and Google Chrome.

Since March 2018, the Chinese government has officially discouraged security researchers from joining hacking competitions outside the county. The recent Tianfu Cup is the venue for hackers to showcase their skills and even earn six-figure bounties for successful exploits. Former Pwn2Own winner Team 360 Vulcan took home $382,500 for successfully hacking the old version of Office 365, Microsoft Edge, Adobe PDF Reader, VMWare Workstation, and gemu+ Ubuntu during the two days event, reports ZDNet... Search engine giant Google has a representative in the event with some members of the Google Chrome security team present on site. Organizers plan to submit a report of all bugs uncovered during the event to all vendors when the competition concludes, says ZDNet.