×
Programming

How Do You Like Ubuntu's New Logo? (ubuntu.com) 132

Slashdot reader mmanciop reminded us that Ubuntu released a new version of its "circle of friends" logo this week (which its designer says gives it "a more contemporary look and feel.")

From the Ubuntu blog: We proudly present to you the transformation of the Circle of Friends logo for Ubuntu. The new logo isn't a revolution; rather, it's an evolution of the Circle of Friends. As you can see at the top of the post, the classic white-on-orange colour scheme hasn't changed. But the new version sports sleek lines which bind the Circle of Friends even more closely together.

While it is important to have a respectful continuity with the previous Circle of Friends, the updated version is leaner, more focused, more sophisticated. It also makes a little more sense that the heads are now inside the circle, facing each other and connecting more directly. The rectangular orange tag is a break from the conventional square or circle, as it allows for the boldness of the orange to express itself and provides a recognisable colourful mark across media. Finally, the logo moves from a tiny superscript to a large, dynamic and leading presence.

Some might wonder why we had to touch the Ubuntu logo at all. As one can imagine, it is a daunting honour to work on something so many of us have such a strong connection to. But in the end, a logo should match what it represents. Similar to how Ubuntu continues to evolve and adapt to new uses in technology, its logo should follow suit to encapsulate and reflect such ongoing change.

For comparison, here's the original logo.

Share your reactions in the comments. (For example, how do you think it compares to other logos?) Do you like it more or less than, say, the logo for Raku?
Security

Nasty Linux Netfilter Firewall Security Hole Found (zdnet.com) 53

Sophos threat researcher Nick Gregory discovered a hole in Linux's netfilter firewall program that's "exploitable to achieve kernel code execution (via ROP [return-oriented programming]), giving full local privilege escalation, container escape, whatever you want." ZDNet reports: Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal. [...] This problem exists because netfilter doesn't handle its hardware offload feature correctly. A local, unprivileged attacker can use this to cause a denial-of-service (DoS), execute arbitrary code, and cause general mayhem. Adding insult to injury, this works even if the hardware being attacked doesn't have offload functionality! That's because, as Gregory wrote to a security list, "Despite being in code dealing with hardware offload, this is reachable when targeting network devices that don't have offload functionality (e.g. lo) as the bug is triggered before the rule creation fails."

This vulnerability is present in the Linux kernel versions 5.4 through 5.6.10. It's listed as Common Vulnerabilities and Exposures (CVE-2022-25636), and with a Common Vulnerability Scoring System (CVSS) score of 7.8), this is a real badie. How bad? In its advisory, Red Hat said, "This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat." So, yes, this is bad. Worse still, it affects recent major distribution releases such as Red Hat Enterprise Linux (RHEL) 8.x; Debian Bullseye; Ubuntu Linux, and SUSE Linux Enterprise 15.3. While the Linux kernel netfilter patch has been made, the patch isn't available yet in all distribution releases.

Operating Systems

Raspberry Pi Bootloader Enables OS Installs With No Separate PC Required (arstechnica.com) 63

An anonymous reader quotes a report from Ars Technica: Setting up a Raspberry Pi board has always required a second computer, which is used to flash your operating system of choice to an SD card so your Pi can boot. But the Pi Foundation is working on a new version of its bootloader that could connect an OS-less Pi board directly to the Internet, allowing it to download and install the official Raspberry Pi OS to a blank SD card without requiring another computer. To test the networked booting feature, you'll need to use the Pi Imager on a separate computer to copy an updater for the bootloader over to an SD card -- Pi firmware updates are normally installed along with new OS updates rather than separately, but since this is still in testing, it requires extra steps.

Once it's installed, there are a number of conditions that have to be met for network booting to work. It only works on Pi 4 boards (and Pi 4-derived devices, like the Pi 400 computer) that have both a keyboard and an Ethernet cable connected. If you already have an SD card or USB drive with a bootable OS connected, the Pi will boot from those as it normally does so it doesn't slow down the regular boot process. And you'll be limited to the OS image selection in the official Pi imager, though this covers a wide range of popular distributions, including Ubuntu, LibreELEC, a couple of retro-gaming emulation OSes, and Homebridge. For other OSes, downloading the image on a separate PC and installing it to an SD card manually is still the best way to go.
To learn more about installing the bootloader or download the Pi OS over a network, you can view the Raspberry Pi Foundation's documentation here.
Security

Major Linux PolicyKit Security Vulnerability Uncovered: Pwnkit (zdnet.com) 179

An anonymous reader quotes a report from ZDNet: [S]ecurity company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034. Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution. This vulnerability is easy to exploit. And, with it, any ordinary user can gain full root privileges on a vulnerable computer by exploiting this vulnerability in its default configuration. As Qualsys wrote in its brief description of the problem: "This vulnerability is an attacker's dream come true." Why is it so bad? Let us count the ways:

- Pkexec is installed by default on all major Linux distributions.
- Qualsys has exploited Ubuntu, Debian, Fedora, and CentOS in their tests, and they're sure other distributions are also exploitable.
- Pkexec has been vulnerable since its creation in May 2009 (commit c8c3d83, "Add a pkexec(1) command").
- An unprivileged local user can exploit this vulnerability to get full root privileges.
- Although this vulnerability is technically a memory corruption, it is exploitable instantly and reliably in an architecture-independent way.
- And, last but not least, it's exploitable even if the polkit daemon itself is not running.

Red Hat rates the PwnKit as having a Common Vulnerability Scoring System (CVSS) score of 7.8. This is high. [...] This vulnerability, which has been hiding in plain sight for 12+ years, is a problem with how pkexec reads environmental variables. The short version, according to Qualsys, is: "If our PATH is "PATH=name=.", and if the directory "name=." exists and contains an executable file named "value", then a pointer to the string "name=./value" is written out-of-bounds to envp[0]." While Qualsys won't be releasing a demonstration exploit, the company is sure it won't take long for exploits to be available. Frankly, it's not that hard to create a PwnKit attack.
It's recommended that you obtain and apply a patch ASAP to protect yourself from this vulnerability.

"If no patches are available for your operating system, you can remove the SUID-bit from pkexec as a temporary mitigation," adds ZDNet. "For example, this root-powered shell command will stop attacks: # chmod 0755 /usr/bin/pkexec."
Education

Linux Foundation Launches Open Source Software Development, Linux, and Git Certification (zdnet.com) 13

The Linux Foundation has released three new training courses on the edX platform: Open Source Software Development: Linux for Developers (LFD107x), Linux Tools for Software Development (LFD108x), and Git for Distributed Software Development (LFD109x). The three courses can be taken individually or combined to earn a Professional Certificate in Open Source Software Development, Linux, and Git. ZDNet reports: The first class, Open Source Software Development: Linux for Developers (LFD107x) explores the key concepts of developing open-source software and how to work productively in Linux. You don't need to know Linux before starting this class, as it's an introduction to Linux designed for developers. In it, you'll learn how to install Linux and programs, how to use desktop environments, text editors, important commands and utilities, command shells and scripts, filesystems, and compilers. For this class, the Foundation recommends you use a computer installed with a current Linux distribution. I'd go further and recommend you use one with one of the professional Linux distributions. In particular, you should focus on one of the three main enterprise Linux families: Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), and Ubuntu. There are hundreds of other distros, but these are the ones that matter to companies looking for Linux developers.

The next course, Linux Tools for Software Development (LFD108x) examines the tools necessary to do everyday work in Linux development environments and beyond. It is designed for developers with experience working on any operating system who want to understand the basics of open-source development. Upon completion, participants will be familiar with essential shell tools, so they can work comfortably and productively in Linux environments. In addition, I recommend you come to this class with a working knowledge of the C programming language.

Finally, Git for Distributed Software Development (LFD109x) provides a thorough introduction to Git. Git is Linux Torvalds' other great accomplishment. This source control system was first used by the Linux kernel community to enable developers from around the world to operate efficiently. In addition, thanks to such sites as GitHub and GitLab, Git has become the lingua franca of all software development. Everyone uses Git today. With this class, you'll learn to use Git to create new repositories or clone existing ones, commit new changes, review revision histories, examine differences with older versions, work with different branches, merge repositories, and work with a distributed development team. Whether or not you end up programming in Linux, knowing how to use Git is essential for the modern programmer.
As ZDNet's Steven Vaughan-Nichols notes, you can take the three courses through edX in audit mode for no cost. However, you'll need to earn the professional certificate so employers will know you're capable of open-source programming.

"To do this, you must enroll in the program, complete all three courses, and pay a verified certificate fee of $149 per course."
KDE

KDE-Powering Qt's New Framework Lets Developers Bring Ads Into Their Apps (phoronix.com) 96

"Qt, the framework that powers the KDE desktop, is announcing support for ads in client-side applications," reports Neowin: This means that application developers will now be able to serve ads in traditional desktop applications.... Windows users have been dealing with this in Metro UI apps since Windows 8 and it's something that's never gone over well on the desktop.

While it's doubtful you'll see ads in KDE's core applications, it would be possible for distributions that wish to further monetize their work to fork these applications, placing ads in them.... According to the documentation, the advertising plugin supports a variety of platforms. They are as follows:

- Windows 10
- Ubuntu 20.04
- Raspbian Buster
- macOS
- Android 7.0
— iOS

"Our offering aims to disrupt the IoT industry," explains Qt's press release, "enabling new business models and business cases that before were not possible."

Reactions have been mixed. Comments on Phoronix ranged from calling it "a great way for boost development on KDE" to "Not sure if I like this."

Thanks to Slashdot reader segaboy81 for sharing the story
Mozilla

Linux Mint Sells Out for Mozilla Money (betanews.com) 97

Brian Fagioli, reporting for BetaNews: The developers of the Ubuntu-based operating system have agreed to accept an undisclosed amount of money from Mozilla in exchange for making significant changes to Linux Mint. This includes removal of modifications to Firefox and a big change for search. The devs share the upcoming changes to Firefox in Linux Mint 19 and higher.
The default start page no longer points to https://www.linuxmint.com/start/
The default search engines no longer include Linux Mint search partners (Yahoo, DuckDuckGo...) but Mozilla search partners (Google, Amazon, Bing, DuckDuckGo, Ebay...)
The default configuration switches from Mint defaults to Mozilla defaults.
Firefox no longer includes code changes or patches from Linux Mint, Debian or Ubuntu.

Microsoft

Microsoft's Edge Browser for Linux is Now Available for All Users (zdnet.com) 97

A year after releasing the first preview build of its Chromium-based Edge browser for Linux, Microsoft is announcing its general availability. From a report: The new release supports a variety of Linux distributions, including Ubuntu, Debian, Fedora and openSUSE. Microsoft announced Linux on Edge's availability milestone during the first day of its Ignite IT Pro conference. As of the release of Edge for Linux to the "stable" (mainstream user) channel, Edge is now available on Windows, Mac, iOS, Android and Linux. As it did when introducing the new Edge on macOS, Microsoft has been positioning Edge on Linux as more of an offering for IT pros and developers who want to test web sites than as a browser for "normal" users on those platforms. However, any user on any supported platform can use the new Edge.
Windows

Linux Distros Beat Windows 11 in Phoronix Performance Testing (phoronix.com) 58

Phoronix ran some fun performance tests this week. "Now that Windows 11 has been out as stable and the initial round of updates coming out, I've been running fresh Windows 11 vs. Linux benchmarks for seeing how Microsoft's latest operating system release compares to the fresh batch of Linux distributions." First up is the fresh look at the Windows 11 vs. Linux performance on an Intel Core i9 11900K Rocket Lake system... The Windows 11 performance was being compared to all of the latest prominent Linux distributions, including:

- Ubuntu 20.04.3 LTS
- Ubuntu 21.10
- Arch Linux (latest rolling)
- Fedora Workstation 35
- Clear Linux 35150

[...] Each operating system was cleanly installed and then run at its OS default settings for seeing how the out-of-the-box OS performance compares for these five Linux distributions to Microsoft Windows 11 Pro...

The geometric mean for all 44 tests showed Linux clearly in front of Windows 11 for this current-generation Intel platform. Ubuntu / Arch / Fedora were about 11% faster overall than Windows 11 Pro on this system. Meanwhile, Clear Linux was about 18% faster than Windows 11 and enjoyed about 5% better performance overall than the other Linux distributions.

Out of 44 tests, here's a breakdown of how many first-place wins were scored by each OS:
  • Clear Linux: 33 (75%)
  • Fedora Workstation 35: 4 (9.1%)
  • Windows 11 Pro: 3 (6.8%)
  • Ubuntu 20.04.3 LTS: 2 (4.5%)
  • Arch Linux: 1 (2.3%)
  • Ubuntu 21.10: 1 (2.3%)

Operating Systems

Intel Core i9 11900K: Five Linux Distros Show Sizable Lead Over Windows 11 (phoronix.com) 82

Phoronix: Now that Windows 11 has been out as stable and the initial round of updates coming out, I've been running fresh Windows 11 vs. Linux benchmarks for seeing how Microsoft's latest operating system release compares to the fresh batch of Linux distributions. First up is the fresh look at the Windows 11 vs. Linux performance on an Intel Core i9 11900K Rocket Lake system. Microsoft Windows 11 Pro with all stable updates as of 18 October was used for this round of benchmarking on Intel Rocket Lake. The Windows 11 performance was being compared to all of the latest prominent Linux distributions, including: Ubuntu 20.04.3 LTS, Ubuntu 21.10, Arch Linux (latest rolling), Fedora Workstation 35, Clear Linux 35150. All the testing was done on the same Intel Core i9 11900K test system at stock speeds (any frequency differences reported in the system table come down to how the information is exposed by the OS, i.e. base or turbo reporting) with 2 x 16GB DDR4-3200 memory, 2TB Corsair Force MP600 NVMe solid-state drive, and an AMD Radeon VII graphics card.

Each operating system was cleanly installed and then run at its OS default settings for seeing how the out-of-the-box OS performance compares for these five Linux distributions to Microsoft Windows 11 Pro. But for the TLDR version... Out of 44 tests run across all six operating systems, Windows 11 had just three wins on this Core i9 11900K system. Meanwhile Intel's own Clear Linux platform easily dominated with coming in first place 75% of the time followed by Fedora Workstation 35 in second place with first place finishes 9% of the time. The geometric mean for all 44 tests showed Linux clearly in front of Windows 11 for this current-generation Intel platform. Ubuntu / Arch / Fedora were about 11% faster overall than Windows 11 Pro on this system. Meanwhile, Clear Linux was about 18% faster than Windows 11 and enjoyed about 5% better performance overall than the other Linux distributions.

Cellphones

Pine64 Announces Updated PinePhone Pro Linux Powered Cellphone (tomshardware.com) 30

Pine64 today announced its latest Linux-powered device, the PinePhone Pro, an update to the original PinePhone which sees a more powerful device running mainline Linux (Manjaro in this case) on a mobile device that works as a cellphone and a desktop computer. Tom's Hardware reports: This combination of hardware and software makes the still slightly futuristic idea of confluence between mobile and desktop devices seem a step closer. Carry it around with you, and it's a phone. Plug it into a monitor, and it's a desktop PC. The KDE Plasma Mobile front-end adapts to the circumstances. Inside, it's much like any other phone, with a Rockchip RK3399S six-core SoC operating at 1.5GHz, 4GB of dual-channel LPDDR4 RAM, and 128GB of internal eMMC flash storage. It features a 13MP main camera sensor and a 5MP front-facing camera. There's a Micro-SD slot for expanded storage, and a six-inch 1440 x 720 IPS touchscreen. The PinePhone Pro is not a typical cell phone, rather the concept of convergence, the ability to use your phone as a computer is intriguing. Plug your PinePhone Pro into an external display and use it as a low-power desktop computer is something that has been attempted by a number of companies, including Canonical's attempt with Ubuntu Edge.

PinePhone Pro offers something that is missing from the majority of phones, privacy. A series of hardware DIP-switches, hidden under a rear cover, cut off access to the cameras, microphone, Wi-Fi 5 and Bluetooth 4.1 chips, headphone jack, and LTE modem (including GPS) should you ever need to. The layout and Pogo Pins of the new phone are identical to the original PinePhone, so all existing accessories should work. Retailing at $399, the PinePhone Pro's makers are realistic about the challenges of putting desktop Linux on a mobile device, especially in an ecosystem dominated by iOS and Android.

Ubuntu

Canonical Releases Ubuntu Linux 21.10 Impish Indri 24

Following a brief beta-testing period, Ubuntu 21.10 has finally become available to download in the "final" stable form. BetaNews: Code-named "Impish Indri," this version of Ubuntu is not a Long Term Support (LTS) version, so it is only supported for nine months. Ubuntu 21.10 features Linux kernel 5.13 and a Snap variant of the Mozilla Firefox browser. "Ubuntu 21.10 brings the all-new PHP 8 and GCC 11 including full support for static analysis, greatly improving everyday developer security awareness in low-level programming. With Gnome 40 desktop users gain dynamic workspaces and touchpad gestures. The new Firefox snap, published by Mozilla, improves security and guarantees access to both the latest and the extended support release versions of the browser. The exact same versions of the browser are available on multiple different versions of Ubuntu, simplifying enterprise developer platform management," says Canonical.
Microsoft

The Best Part of Windows 11 Is Its Linux, Argues Ars Technica (arstechnica.com) 148

The best part of Windows 11 is Linux, argues Ars Technica: For years now, Windows 10's Windows Subsystem for Linux has been making life easier for developers, sysadmins, and hobbyists who have one foot in the Windows world and one foot in the Linux world. But WSL, handy as it is, has been hobbled by several things it could not do. Installing WSL has never been as easy as it should be — and getting graphical apps to work has historically been possible but also a pain in the butt that required some fairly obscure third-party software. Windows 11 finally fixes both of those problems. The Windows Subsystem for Linux isn't perfect on Windows 11, but it's a huge improvement over what came before.

Microsoft has traditionally made installing WSL more of a hassle than it should be, but the company finally got the process right in Windows 10 build 2004. Just open an elevated Command prompt (start --> type cmd --> click Run as Administrator), type wsl --install at the prompt, and you're good to go. Windows 11, thankfully, carries this process forward unchanged. A simple wsl --install with no further arguments gets you Hyper-V and the other underpinnings of WSL, along with the current version of Ubuntu. If you aren't an Ubuntu fan, you can see what other easily installable distributions are available with the command wsl --list --online. If you decide you'd prefer a different distro, you can install it instead with — for example — wsl --install -d openSUSE-42. If you're not sure which distribution you prefer, don't fret. You can install as many as you like, simply by repeating wsl --list --online to enumerate your options and wsl --install -d distroname to install whichever you like. Installing a second distribution doesn't uninstall the first; it creates a separate environment, independent of any others. You can run as many of these installed environments as you like simultaneously, without fear of one messing up another.

In addition to easy installation, WSL on Windows 11 brings support for both graphics and audio in WSL apps. This isn't exactly a first — Microsoft debuted WSLg in April, with Windows 10 Insider Build 21364. But Windows 11 is the first production Windows build with WSLg support. If this is your first time hearing of WSLg, the short version is simple: you can install GUI apps — for example, Firefox — from your Ubuntu (or other distro) command line, and they'll work as expected, including sound. When I installed WSLg on Windows 11 on the Framework laptop, running firefox from the Ubuntu terminal popped up the iconic browser automatically. Heading to YouTube in it worked perfectly, too, with neither frame drops in the video nor glitches in the audio....

[T]here is one obvious "killer app" for WSLg that has us excited — and that's virt-manager, the RedHat-originated virtualization management tool. virt-manager is a simple tool that streamlines the creation, management, and operation of virtual machines using the Linux Kernel Virtual Machine... virt-manager never got a Windows port and seems unlikely to. But it runs under WSLg like a champ.

They reported a few problems, like when running GNOME's Software Center app (and the GNOME shell desktop environment).

But "If you're already a Windows Subsystem for Linux (WSL) user, Windows 11 offers an enormously improved experience compared to what you're accustomed to from Windows 10. It installs more easily, makes more functionality available, and offers better desktop integration than older workarounds such as running MobaXTerm's X11 server."
Ubuntu

Ubuntu 14.04 and 16.04 Each Get a Decade of Support from Canonical (betanews.com) 32

Canonical has announced that it is extending the life of Ubuntu 14.04 and 16.04 to a decade. BetaNews: In other words, Ubuntu 14.04 and 16.04 are getting longer Extended Security Maintenance (ESM) periods as Canonical pushes back their End of Life (EoL) dates. The former will now get security updates until 2024, while the latter will receive them until 2026. "This lifecycle extension enables organizations to balance their infrastructure upgrade costs, by giving them additional time to implement their upgrade plan. The prolonged Extended Security Maintenance (ESM) phase of Ubuntu 14.04 LTS and 16.04 LTS enables a secure and low-maintenance infrastructure with security updates and kernel livepatches provided by Canonical. The announcement represents a significant opportunity for the organizations currently implementing their transition to new applications and technologies," says Canonical.
Chrome

Is 2021 The Year of the Linux Desktop? (pcmag.com) 192

"2021 Is the Year of Linux on the Desktop," writes PC Magazine. "No, really..." Walk into any school now, and you'll see millions of Linux machines. They're called Chromebooks. For a free project launched 30 years ago today by one man in his spare time, it's an amazing feat.... Linux found its real niche — not as a political statement about "free software," but as a practical way to enable capable, low-cost machines for millions...

Chrome OS and Android are both based on the Linux kernel. They don't have the extra GNU software that distributions like Ubuntu have, but they're descended from Linus Torvalds' original work. Chromebooks are the fastest growing segment of the traditional PC market, according to Canalys. IDC points out that Canalys' estimates of 12 million Chromebooks shipped in Q1 2021 are only a fraction of the 63 million notebooks sold that quarter, but once again, they're where the growth is. Much of that is driven by schools, where Chromebooks dominate now. Schoolkids don't generally need a million apps' worth of generic computing power. They need inexpensive, rugged ways to log into Google Classroom. Linux came to the rescue, enabling cheap, light, easy-to-manage PCs that don't have the Swiss Army Knife cruft of Windows or the premium price of Macs...

One great thing about open-source hacker projects is that they can be taken in unexpected directions. Linux isn't controlled, so it can adapt, Darwinian-style. It was a little scurrying mammal in the time of the dinosaurs, and then the mobile-computing asteroid hit. Linux could evolve. Windows couldn't. When you're building something that fits in your hand and has to sip battery, you can't just keep throwing processors and storage at it. Microsoft had a tough time adapting its monstrous megakernel OS to the new, tiny world. But *nix platforms thrive there: Android (based on Linux) and iOS.

"Android and Chrome water down the Linux philosophy," the article argues, "but they are Linux..."

Does this make any long-time geeks feel vindicated? In the original submission wiredog (Slashdot reader #43,288) looks back to 1995, remembering that "my first Linux was RedHat 2.0 in the beige box, running the 0.95(?) kernel and the F Virtual Window Manager...

"It came with 2 books, a CD, and a boot floppy disk."
Open Source

Linux Trace Toolkit Next Generation 2.13 Facilitates Quick Reaction To Kernel/User-space Instrumentation Hits (lttng.org) 6

LTTng has been called "the killer app for system-level debugging and performance tuning." And now long-time Slashdot reader compudj writes: It's the official release of LTTng 2.13 — Nordicité! LTTng is a kernel and user-space tracer for Linux. The most notable features of this release are:

- Event-rule matches condition triggers and new actions, allowing internal actions or external monitoring applications to quickly react when kernel or user-space instrumentation is hit

- Notification payload capture, allowing external monitoring applications to read elements of the instrumentation payload when instrumentation is hit.

- Instrumentation API: vtracef and vtracelog (LTTng-UST)

- User space time namespace context (LTTng-UST and LTTng-modules).

Microsoft

Say Hi To Microsoft's Own Linux: CBL-Mariner (zdnet.com) 110

An anonymous reader quotes a report from ZDNet, written by Steven J. Vaughan-Nichols: Microsoft now has its very own, honest-to-goodness general-purpose Linux distribution: Common Base Linux, (CBL)-Mariner. And, just like any Linux distro, you can download it and run it yourself. Microsoft didn't make a big fuss about releasing CBL-Mariner. It quietly released the code on GitHub and anyone can use it. Indeed, Juan Manuel Rey, a Microsoft Senior Program Manager for Azure VMware, recently published a guide on how to build an ISO CBL-Mariner image. Before this, if you were a Linux expert, with a spot of work you could run it, but now, thanks to Rey, anyone with a bit of Linux skill can do it.

CBL-Mariner is not a Linux desktop. Like Azure Sphere, Microsoft's first specialized Linux distro, which is used for securing edge computing services, it's a server-side Linux. This Microsoft-branded Linux is an internal Linux distribution. It's meant for Microsoft's cloud infrastructure and edge products and services. Its main job is to provide a consistent Linux platform for these devices and services. Just like Fedora is to Red Hat, it keeps Microsoft on Linux's cutting edge. CBL-Mariner is built around the idea that you only need a small common core set of packages to address the needs of cloud and edge services. If you need more, CBL-Mariner also makes it easy to layer on additional packages on top of its common core. Once that's done, its simple build system easily enables you to create RPM packages from SPEC and source files. Or, you can also use it to create ISOs or Virtual hard disk (VHD) images.

As you'd expect the basic CBL-Mariner is a very lightweight Linux. You can use it as a container or a container host. With its limited size also comes a minimal attack surface. This also makes it easy to deploy security patches to it via RPM. Its designers make a particular point of delivering the latest security patches and fixes to its users. For more about its security features see CBL-Mariner's GitHub security features list. Like any other Linux distro, CBL-Mariner is built on the shoulders of giants. Microsoft credits VMware's Photon OS Project, a secure Linux, The Fedora Project, Linux from Scratch -- a guide to building Linux from source, the OpenMamba distro, and, yes, even GNU and the Free Software Foundation (FSF). To try it for yourself, you'll build it on Ubuntu 18.04. Frankly, I'd be surprised if you couldn't build it on any Ubuntu Linux distro from 18.04 on up. I did it on my Ubuntu 20.04.2 desktop. You'll also need the latest version of the Go language and Docker.

Open Source

Ubuntu-maker Canonical Will Support Open Source Blender on Windows, Mac, and Linux (betanews.com) 24

An anonymous reader shares a report: Blender is one of the most important open source projects, as the 3D graphics application suite is used by countless people at home, for business, and in education. The software can be used on many platforms, such as Windows, Mac, and of course, Linux. Today, Ubuntu-maker Canonical announces it will offer paid enterprise support for Blender LTS. Surprisingly, this support will not only be for Ubuntu users. Heck, it isn't even limited to Linux installations. Actually, Canonical will offer this support to Blender LTS users on Windows, Mac, and Linux.
Microsoft

Microsoft Linux Repos Suffered 22-Hour Outage (arstechnica.com) 41

"Everything from Visual Studio Code to Microsoft Edge and Teams package links were affected," reports Windows Central. They note Azure's status page (which now shows the issue lasting for more than 22 hours), though however long it lasted, "it's a virtual eternity for those whose entire ecosystem is crippled by such an outage."

According to Ars Technica, starting on Wednesday, "packages.microsoft.com — the repository from which Microsoft serves software installers for Linux distributions including CentOS, Debian, Fedora, OpenSUSE, and more — went down hard..." The outage impacted users trying to install .NET Core, Microsoft Teams, Microsoft SQL Server for Linux (yes, that's a thing) and more — as well as Azure's own devops pipelines.

We first became aware of the problem Wednesday evening when we saw 404 errors in the output of apt update on an Ubuntu workstation with Microsoft Teams installed. The outage is somewhat better-documented at this .NET Core issue report on Github, with many users from all around the world sharing their experiences and theories...

The entire repository cluster that serves all Linux packages for Microsoft was completely down — issuing a range of HTTP 404 (content not found) and 500 (Internal Server Error) messages for any URL — for roughly 18 hours. Microsoft engineer Rahul Bhandari confirmed the outage roughly five hours after it was initially reported, with a cryptic comment about the infrastructure team "running into some space issues."

Eighteen hours after the issue was detailed, Bhandari said that the mirrors were once again available — although with temporarily degraded performance, likely due to cold caches.

Bug

Patch Released for 7-Year-Old Privilege Escalation Bug In Linux Service Polkit (github.blog) 39

Long-time Slashdot reader wildstoo writes: In a blog post on Thursday, GitHub security researcher Kevin Backhouse announced that Polkit, a Linux system service included in several modern Linux distros that provides an organized way for non-privileged processes to communicate with privileged ones, has been harbouring a major security bug for seven years.

The bug, assigned (CVE-2021-3560) allows a non-privileged user to gain administrative shell access with a handful of standard command line tools. The bug was fixed on June 3, 2021 in a coordinated disclosure.

"It's used by systemd," GitHub's blog post points out, "so any Linux distribution that uses systemd also uses polkit..."

"It's very simple and quick to exploit, so it's important that you update your Linux installations as soon as possible. Any system that has polkit version 0.113 (or later) installed is vulnerable. That includes popular distributions such as RHEL 8 and Ubuntu 20.04."

Slashdot Top Deals