"Ubuntu developers have fixed a series of vulnerabilities that made it easy for standard users to gain coveted root privileges," reports Ars Technica: "This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu," Kevin Backhouse, a researcher at GitHub, wrote in a post published on Tuesday. "With a few simple commands in the terminal, and a few mouse clicks, a standard user can create an administrator account for themselves."

The first series of commands triggered a denial-of-service bug in a daemon called accountsservice, which as its name suggests is used to manage user accounts on the computer... With the help of a few extra commands, Backhouse was able to set a timer that gave him just enough time to log out of the account before accountsservice crashed. When done correctly, Ubuntu would restart and open a window that allowed the user to create a new account that — you guessed it — had root privileges...

The second bug involved in the hack resided in the GNOME display manager, which among other things manages user sessions and the login screen. The display manager, which is often abbreviated as gdm3, also triggers the initial setup of the OS when it detects no users currently exist. "How does gdm3 check how many users there are on the system?" Backhouse asked rhetorically. "You probably already guessed it: by asking accounts-daemon! So what happens if accounts-daemon is unresponsive....?"

The vulnerabilities could be triggered only when someone had physical access to, and a valid account on, a vulnerable machine. It worked only on desktop versions of Ubuntu.
"This bug is now tracked as CVE-2020-16125 and rated with a high severity score of 7.2 out of 10. It affects Ubuntu 20.10, Ubuntu 20.04, and Ubuntu 18.04..." reports Bleeping Computer.

They add that the GitHub security research who discovered the bugs "reported them to Ubuntu and GNOME maintainers on October 17, and fixes are available in the latest code."

Mint's programmers, led by lead developer, Clement "Clem" Lefebvre, have built their own take on Google's open-source Chromium web browser. ZDNet reports: Some of you may be saying, "Wait, haven't they offered Chromium for years? Well, yes, and no. For years, Mint used Ubuntu's Chromium build. But then Canonical, Ubuntu's parent company, moved from releasing Chromium as an APT-compatible DEB package to a Snap. The Ubuntu Snap software packing system, along with its rivals Flatpak and AppImage, is a new, container-oriented way of installing Linux applications. The older way of installing Linux apps, such as DEB and RPM package management systems for the Debian and Red Hat Linux families, incorporate the source code and hard-coded paths for each program.

While tried and true, these traditional packages are troublesome for developers. They require programmers to hand-craft Linux programs to work with each specific distro and its various releases. They must ensure that each program has access to specific libraries' versions. That's a lot of work and painful programming, which led to the process being given the name: Dependency hell. Snap avoids this problem by incorporating the application and its libraries into a single package. It's then installed and mounted on a SquashFS virtual file system. When you run a Snap, you're running it inside a secured container of its own. For Chromium, in particular, Canonical felt using Snaps was the best way to handle this program. [...]

Lefebvre wrote, "The Chromium browser is now available in the official repositories for both Linux Mint and LMDE. If you've been waiting for this I'd like to thank you for your patience." Part of the reason was, well, Canonical was right. Building Chromium from source code is one really slow process. He explained, "To guarantee reactivity and timely updates we had to automate the process of detecting, packaging and compiling new versions of Chromium. This is an application which can require more than 6 hours per build on a fast computer. We allocated a new build server with high specifications (Ryzen 9 3900, 128GB RAM, NMVe) and reduced the time it took to build Chromium to a little more than an hour." That's a lot of power! Still, for those who love it, up-to-date builds of Chromium are now available for Mint users.

An anonymous reader quotes a report from BleepingComputer: The data analysts firm NetMarketShare revealed that Windows 10 has seen another uptake in users and it went up to 64.04% from 61.26% last month. Linux (multiple distros) went from 1.14% to 1.65% and Ubuntu now holds a market share of 0.51%. The market share of Windows 7 has also dropped, but many users are still actively using outdated Windows 7, which could be due to its huge number of enterprise users. According to NetMarketShare, Windows 7 saw a drop from 22.77% to 20.41% last month. The report shows that 20.41% of desktops still use Windows 7. Even worse, some are still using Windows XP, according to the report. As of October 2020, the market share of Windows XP is 0.87%.

"No one asked Microsoft to port its Edge browser to Linux," writes Steven J. Vaughan-Nichols at ZDNet, adding "Indeed, very few people asked for Edge on Windows.

"But, here it is. So, how good — or not — is it..?" The new release comes ready to run on Ubuntu, Debian, Fedora, and openSUSE Linux distributions... Since I've been benchmarking web browsers since Mosaic rolled off the bit assembly line, I benchmarked the first Edge browser and Chrome 86 and Firefox 81 on my main Linux production PC.... First up: JetStream 2.0, which is made up of 64 smaller tests. This JavaScript and WebAssembly benchmark suite focuses on advanced web applications. It rewards browsers that start up quickly, execute code quickly, and run smoothly. Higher scores are better on this benchmark.

JetStream's top-scorer — drumroll please — was Edge with 136.971. But, right behind it within the margin of error, was Chrome with a score of 132.413. This isn't too surprising. They are, after all, built on the same platform. Back in the back was Firefox with 102.131. Next up: Kraken 1.1. This benchmark, which is based on the long-obsolete SunSpider, measures JavaScript performance. To this basic JavaScript testing, it added typical use-case scenarios. Mozilla, Firefox's parent organization, created Kraken. With this benchmark, the lower the score, the better the result. To no great surprise, Firefox took first place here with 810.1 milliseconds (ms). Following it was Chrome with 904.5ms and then Edge with 958.8ms.

The latest version of WebXPRT is today's best browser benchmark. It's produced by the benchmark professionals at Principled Technology. This company's executives were the founders of the Ziff Davis Benchmark Operation, the gold-standard of PC benchmarking. WebXPRT uses scenarios created to mirror everyday tasks. These include Photo Enhancement, Organize Album, Stock Option Pricing, Local Notes, Sales Graphs, and DNA Sequencing. Here, the higher the score, the better the browser. On this benchmark, Firefox shines. It was an easy winner with a score of 272. Chrome edges out Edge 233 to 230.
The article concludes that "Oddly, Edge, which turned in a poor performance when I recently benchmarked it on Windows, did well on Linux. Who'd have guessed...? Edge is a good, fast browser on Linux. If you're a Windows user coming over to Linux or you're doing development work aimed at Edge, then by all means try Edge on Linux. It works and it works well."

Yet Vaughan-Nichols admits he's still not going to switch to Edge. "Chrome is more than fast enough for my purposes and I don't want my information tied into the Microsoft ecosystem. For better or worse, mine's already locked into the Googleverse and I can live with that."

An anonymous reader shares a report: As stated earlier, new Ubuntu versions come April and October, and wouldn't you know it, we are at the end of the latter. With Halloween a bit more than a week away, Canonical today releases Ubuntu 20.10. Ubuntu's version numbering scheme is based on year (YY), a period, and the month (MM). For instance, the previous stable version was released this past April and it is numbered as 20.04. In addition, Canonical (the operating system's owner) assigns names -- sequentially and alphabetically. The alphanumeric code name is always based on two words starting with the same sequential letter -- an adjective followed by an animal name. The aforementioned 20.04 is named "Focal Fossa." This time, the operating system will be called Ubuntu 20.10 "Groovy Gorilla." This new version of the desktop operating system is loaded with fixes, new features, and a renewed focus on the now-iconic Raspberry Pi. Yes, folks, with a compatible Pi (models with 4GB or 8GB of RAM), you can now have the full Ubuntu desktop experience. More about the new features here.

Last month, Microsoft officials said they'd release a preview of the new Chromium-based Edge browser for Linux some time in October. On October 20, Microsoft made good on the promise, making available the Edge Dev Channel build for Linux. ZDNet reports: The new release supports Ubuntu, Debian, Fedora and openSUSE Linux distributions. Microsoft is planning to release weekly builds, like it does with the Dev Channel builds for other platforms. To get started, users can download and install a .deb or .rpm package directly from the Edge Insider site, which will configure a system to get future automatic updates. Or users can install Edge from Microsoft's Linux Software Repository. More detailed instructions are available on Microsoft's Chredge-on-Linux blog post.

Last month Eric Raymond suggested Microsoft might be moving to a Linux kernel that emulates Windows. ZDNet contributing editor Steven J. Vaughan-Nichols argued such a move "makes perfect sense", and open source advocate Jack Wallen even suggested Microsoft abandon Windows altogether for a new distro named Microsoft Linux.

It eventually drew the attention of Canonical's engineering manager for Ubuntu on WSL, who published a blog post with his own personal thoughts. Its title? "No, Microsoft is not rebasing Windows to Linux." The NT kernel in Windows offers a degree of backward compatibility, long-term support, and driver availability that Linux is just now approaching. It would cost millions of dollars to replicate these in Linux. Microsoft has plenty of paying customers to continue supporting Windows as-is, some for decades. Windows is not a drain on Microsoft that would justify the expense of rebasing to Linux for savings, as Raymond has argued... It is unclear if the Windows user space could even be rebased from NT to the Linux kernel and maintain the compatibility that Windows is known for, specifically what enterprise clients with mission-critical applications are paying to get....

Microsoft has doubled down on Windows in recent years. Microsoft has invested in usability, new features, and performance improvements for Windows 10 that have paid off. These improvements, collaborations with OEMs, and the Surface helped revitalize a PC market that at one point looked in danger of falling to iPads and Chromebooks... Internal reorganizations in 2018 and 2020 show that the future of the Surface and Windows are now inextricably linked. Windows powers the Xbox and we are in a resurgence of mostly Windows-based PC gaming. Microsoft also has ideas for Windows 10X, the next operating system concept following Windows 10 (that I think we will get in gradual pieces), with future hardware like the Surface Neo in mind...

The much more interesting question is not whether Microsoft is planning to rebase Windows to Linux, but how far Windows will go on open source. We are already seeing components like Windows Terminal, PowerToys, and other Windows components either begin life as or go open source. The more logical and realistic goal here is a continued opening of Windows components and the Windows development process, even beyond the Insiders program, in a way that benefits other operating systems...

Raymond is correct in one key part of his blog. I do think the era of the desktop OS wars is ending. We are entering a new era where your high-end workstation will run multiple operating systems simultaneously, like runtimes, and not necessarily all locally. The choice will not really be Windows or Linux, it will be whether you boot Hyper-V or KVM first, and Windows and Ubuntu stacks will be tuned to run well on the other. Microsoft contributes patches to the Linux kernel to run Linux well on Hyper-V and tweaks Windows to play nicely on KVM. The best parts of Ubuntu will come to Windows and the best open source parts of Windows will come to Ubuntu, thanks to an increasing trend towards open source across Microsoft.

The key take-away though is that open source has won. And Raymond can be proud of helping to articulate the case for the open source development model when he did.
The post also explores "the reasons why I think this fantasy this keeps cropping up on Slashdot and Hacker News," calling the idea "a long-held fantasy for open source and Linux advocates."

But instead he concludes "Neither Windows nor Ubuntu are going anywhere. They are just going to keep getting better through open source."

Last week open-source advocate Eric S. Raymond argued Microsoft was quietly switching over to a Linux kernel that emulates Windows. "He's on to something," says ZDNet's contributing editor Steven J. Vaughan-Nichols: I've long thought that Microsoft was considering migrating the Windows interface to running on the Linux kernel. Why...? [Y]ou can run standard Linux programs now on WSL2 without any trouble.

That's because Linux is well on its way to becoming a first-class citizen on the Windows desktop. Multiple Linux distros, starting with Ubuntu, Red Hat Fedora, and SUSE Linux Enterprise Desktop (SLED), now run smoothly on WSL2. That's because Microsoft has replaced its WSL1 translation layer, which converted Linux kernel calls into Windows calls, with WSL2. With WSL2 Microsoft's own Linux kernel is running on a thin version of the Hyper-V hypervisor. That's not all. With the recent Windows 10 Insider Preview build 20211, you can now access Linux file systems, such as ext4, from Windows File Manager and PowerShell. On top of that, Microsoft developers are making it easy to run Linux graphical applications on Windows...

[Raymond] also observed, correctly, that Microsoft no longer depends on Windows for its cash flow but on its Azure cloud offering. Which, by the way, is running more Linux instances than it is Windows Server instances. So, that being the case, why should Microsoft keep pouring money into the notoriously trouble-prone Windows kernel — over 50 serious bugs fixed in the last Patch Tuesday roundup — when it can use the free-as-in-beer Linux kernel? Good question. He thinks Microsoft can do the math and switch to Linux.

I think he's right. Besides his points, there are others. Microsoft already wants you to replace your existing PC-based software, like Office 2019, with software-as-a-service (SaaS) programs like Office 365. Microsoft also encourages you to move your voice, video, chat, and texting to Microsoft's Azure Communication Services even if you don't use Teams. With SaaS programs, Microsoft doesn't care what operating system you're running. They're still going to get paid whether you run Office 365 on Windows, a Chromebook, or, yes, Linux.

I see two possible paths ahead for Windows. First, there's Linux-based Windows. It simply makes financial sense. Or, the existing Windows desktop being replaced by the Windows Virtual Desktop or other Desktop-as-a-Service (DaaS) offerings.... Google chose to save money and increase security by using Linux as the basis for Chrome OS. This worked out really well for Google. It can for Microsoft with — let's take a blast from the past — and call it Lindows as well.

An anonymous reader writes: Linux fans, Ubuntu 20.10 "Groovy Gorilla" Beta is now available for download. This doesn't just include the "vanilla" GNOME version either, but other variants like Kubuntu and Xubuntu as well. "20.10, codenamed 'Groovy Gorilla,' continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs," explains Åukasz Zemczak, Canonical.

"More top-tier computer OEMs are now offering a broad assortment of Linux desktops," reports ZDNet.

"In the latest move, Lenovo, currently the top PC vendor in the world according to Gartner, will roll Ubuntu Linux 20.04 LTS out across 30 of Lenovo's ThinkPads and ThinkStations..." While Lenovo started certifying most of its laptop and PC line on the top Linux distributions since June 2020, this is a much bigger step. Now, instead of simply acknowledging its equipment will be guaranteed to run Linux, Lenovo's selling Ubuntu Linux-powered hardware to ordinary Joe and Jane users.

Previously, you could only buy most of these machines if you were a business and had specified you wanted Ubuntu on a customized bid. Now, nearly 30 Ubuntu-loaded devices will now be available for purchase via Lenovo.com. These include 13 ThinkStation and ThinkPad P Series Workstations and an additional 14 ThinkPad T, X, X1, and L series laptops, all with the 20.04 LTS version of Ubuntu...

No one's predicting a "Year of the Linux desktop." Companies such as Dell and Lenovo aren't predicting such a game-changing event, but they're selling largely to enterprise companies, which have seen the virtues of using high-end Linux desktops for powerful, forward-looking technologies such as AI, ML, containers, and cloud-native computing.
"Our announcement of device certification in June was a step in the right direction to enable customers to more easily install Linux on their own," explains Lenovo's vice president of PCSD software and cloud — but now they're going even further.

"Our goal is to remove the complexity and provide the Linux community with the premium experience that our customers know us for. This is why we have taken this next step to offer Linux-ready devices right out of the box."

Krystalo writes: Edge is finally coming to Linux. At Ignite 2020 today, Microsoft announced that Edge for Linux will be available in the Dev preview channel starting in October. Linux users will be able to download the preview from the Microsoft Edge Insider website or from their native Linux package manager. Microsoft will start with the Ubuntu and Debian distributions, with support for Fedora and openSUSE coming afterwards. "Linux stands out in that, while it has a relatively small desktop population in terms of what you might call typical consumer or end user, developers are often overrepresented in that population, and especially in areas like test automation, or CI/CD workloads for their web apps," Edge program manager Kyle Pflug told VentureBeat. "Edge on Linux is a natural part of our strategy to reduce fragmentation and test overhead for web developers. By providing the same rendering behavior and tools across platforms, developers can build and test sites and web apps in their preferred environment and be confident in the experience their customers will have."

A review at the Android Police site calls Pine64's new Linux-based PinePhone "the most interesting smartphone I've tried in years," with 17 different operating systems available (including Fedora, Ubuntu Touch, SailfishOS, openSUSE, and Arch Linux ARM): There's a replaceable battery, which is compatible with batteries designed for older Samsung Galaxy J7 phones. It's good to know that even if PinePhone vanished overnight, you could still purchase new batteries for around $10-15...

There's a microSD card slot above the SIM tray, which supports cards up to 2TB in size. While it can be used as extra storage, just like the SD slots in Android phones and tablets, it can also function as a bootable drive. If you write an operating system image to the SD card and put it in the PinePhone, the phone will boot from the SD card. This means you can move between operating systems on the PinePhone by simply swapping microSD cards, which is amazing for trying out new Linux distributions without wiping data. How great would it be if Android phones could do that?

Finally, the inside of the PinePhone has six hardware killswitches that can be manipulated with a screwdriver. You can use them to turn off the modem, Wi-Fi/Bluetooth, microphone, rear camera, front camera, and headphone jack. No need to put a sticker over the selfie camera if you're worried about malicious software — just flip the switch and never worry about it again.... For a $150 phone produced in limited batches by a company with no previous experience in the smartphone industry, I'm impressed it's built as well as it is...

I look forward to seeing what the community around the PinePhone can accomplish.
A Pine64 blog post this weekend touts "a boat-load of cool and innovative things" being attempted by the PinePhone community, including users working on things like a fingerprint scanner or a thermal camera, plus a community that's 3D-printing their own custom PinePhone cases. And Pine64 has now identified three candidates for a future keyboard option (each of which can be configured as either a slide-out or clamshell keyboard): I feel like we have finally gotten into a good production rhythm; it was only last month we announced the postmarketOS Community Edition of the PinePhone, and this month I am here to tell you that the factory will deliver the phones to us at the end of this month... I don't know about you, but I think that this is a rather good production pace. At the time of writing, and based on current sale rates, the postmarketOS production-run will sell out in a matter of days...

While I have no further announcements at this time, what I will say is that we have no intention of slowing down the pace now until February 2021 (when Chinese New Year begins)...

An anonymous reader writes: Google is partnering with the Ubuntu Desktop team at Canonical to bring Linux support to its open source UI framework Flutter. Today's Linux alpha announcement also means Flutter developers can now deploy their apps to the Snap Store. Flutter group product manager Tim Sneath argues this is a big milestone because UI frameworks rarely become versatile and powerful enough for an operating system to depend on. He pointed to Windows being written in C++ rather than .NET, even for applets like the Calculator. Sneath also believes this shows Canonical is willing to invest in a first-class way to build apps for Linux, making Flutter on Linux an official part of Ubuntu. Additionally, enterprises can feel confident about picking Flutter -- it's more evidence of its longevity and technical excellence, Sneath said.

TechRepublic calls it "a tectonic shift in the landscape... a massive company showing serious support for both Ubuntu Linux and Red Hat Enterprise Linux."

Forbes reports: Beginning this month, Lenovo will certify its ThinkStation PCs and ThinkPad P Series laptops for both Ubuntu LTS and Red Hat Enterprise Linux. Every single model, every single configuration across the entire workstation portfolio. [ZDNet adds that the two Linux distros will also be preloaded.]

And it doesn't end there. "Going beyond the box, this also includes full web support, dedicated Linux forums, configuration guidance and more," says Rob Herman, General Manager, Executive Director Workstation & Client AI Group at Lenovo. We're not talking about just hardware certification, either. Lenovo will offer both Red Hat Enterprise Linux and Ubuntu LTS distributions pre-installed...

"What's more, Lenovo will also upstream device drivers directly to the Linux kernel, to help maintain stability and compatibility throughout the life of the workstation," says Herman. Lenovo and Fedora are already working together to enable fingerprint sensor support on select ThinkPads, and send that support upstream to benefit all Linux distributions (including firmware being available through LVFS). When I spoke to Mark Pearson, the Senior Linux Software Engineer even mentioned porting certain Windows-only PC management tools to Linux to aid in the overall effort.
TechRepublic notes the news "comes on the heels of a number of new Linux desktop support news. This year we've seen the rise of Purism, Tuxedo Computers, Pine64, Juno Computers, Vikings, Dell's continued support with the XPS Dev edition laptop and the Precision line, and now Lenovo."

They also argue for continued support for the smaller vendors of Linux hardware. "Companies like System76 are a big reason why desktop Linux continued climbing up that steep mountain called 'Acceptance.'" But their article concludes that "No matter which path you take, you now (as a Linux user) have more options."

An anonymous reader quotes a report from ZDNet: Mint's programmers, led by lead developer, Clement "Clem" Lefebvre, has dropped support for Ubuntu's Snap software packing system. [...] So, what's not to like? Well, a lot, thinks Clem. As he wrote in July 2019, the idea is fine: "When snap was announced it was supposed to be a solution, not a problem. It was supposed to make it possible to run newer apps on top of older libraries and to let third-party editors publish their software easily towards multiple distributions, just like Flatpak and AppImage." But, he said, "What we didn't want it to be was for Canonical to control the distribution of software between distributions and third-party editors, to prevent direct distribution from editors, to make it so software worked better in Ubuntu than anywhere else and to make its store a requirement."

Clem was worried then that Canonical was moving in that direction because: "Ubuntu is planning to replace the Chromium [Google's open-source browser and foundation for Chrome] repository package with an empty package, which installs the Chromium snap. In other words, as you install APT [Debian's program for installing and managing DEB files] updates, Snap becomes a requirement for you to continue to use Chromium and installs itself behind your back. This breaks one of the major worries many people had when Snap was announced and a promise from its developers that it would never replace APT. A self-installing Snap Store which overwrites part of our APT package base is a complete NO-NO. It's something we have to stop and it could mean the end of Chromium updates and access to the snap store in Linux Mint."

Fast forward to now, and that's still the case with Chromium, and Clem has had enough: "In the Ubuntu 20.04 package base, the Chromium package is indeed empty and acting, without your consent, as a backdoor by connecting your computer to the Ubuntu Store. Applications in this store cannot be patched, or pinned. You can't audit them, hold them, modify them, or even point snap to a different store. You've as much empowerment with this as if you were using proprietary software, i.e. none. This is in effect similar to a commercial proprietary solution, but with two major differences: It runs as root, and it installs itself without asking you."

This week long-time open source advocate Matt Asay warned employers that the best way to keep their developers happy was to let them contribute to open source projects: SlashData recently surveyed over 16,000 developers to see what makes them tick... what they care about. The data is collected in SlashData's State of the Developer Nation, though let me give you the tl;dr: 59% of developers contribute to open source software today. Why do they contribute? The top two reasons are: To improve coding skills and because they believe in open source.

Want to keep those developers happy and employed with you? Let them contribute...

[Y]our employees want to contribute both code and knowledge — they want to be part of something. Talking to Bert Hubert, founder of PowerDNS, a supplier of open source DNS software, services, and support, he stressed that an open source project must be "a fun place where people feel that they are learning things, that they're contributing things, that they're being valued." Perhaps not surprisingly, these are the same elements developers expect from their employers. By making open source a valued part of workplace expectations, employers tick both boxes.

Is it an absolute requirement that you encourage your developers to contribute to open source projects? No. But many of your best developers will chafe at keeping their talents locked up behind the firewall, and other developers simply won't apply if you have a reputation for being an open source scrooge.
The article was written by Matt Asay, a former COO of Canonical now working at AWS. (Right before becoming Canonical's COO, Matt answered questions from Slashdot readers).

The survey he cites also found that out of 17,000 developers they talked to, just 3% said they were paid to contribute to open source.

The other 97% contributed for free.

Canonical has released the newest version of its Ubuntu Linux distribution, Ubuntu 20.04. This long-term-support (LTS) version is more than just the latest version of one of the most popular Linux distributions; it's a major update for desktop, server, and cloud users. From a news story: Called "Focal Fossa," it is an LTS version, meaning "Long Term Support." Just how long is that support? An impressive five years! Ubuntu 20.04 will feature many new visual cues and tweaks too thanks to a refreshed theme. "Ubuntu has become the platform of choice for Linux workstations. Canonical certifies multiple Dell, HP, and Lenovo workstations, and supports enterprise developer desktops. Machine learning and AI tools from a range of vendors are available immediately for Ubuntu 20.04 LTS, along with 6,000 applications in the Snapcraft Linux App Store including Slack, Skype, Plex, Spotify, the entire JetBrains portfolio and Visual Studio Code. WireGuard is a new, simplified VPN with modern cryptography defaults. WireGuard is included in Ubuntu 20.04 LTS and will be backported to Ubuntu 18.04 LTS to support widespread enterprise adoption," says Canonical.

Remember when BlackBerry reported Advanced Persistent Threat groups have been infiltrating critical Linux servers for at least eight years? What's the lesson to be learned?

LinuxSecurity Founder Dave Wreski argues "Although it may be easy to blame the rise in attacks targeting Linux in recent years on security vulnerabilities in the operating system as a whole, this is simply not the truth. The majority of exploits on Linux systems can be attributed to misconfigured servers and poor administration."

Writing for Linux Security, Slashdot reader b-dayyy gathered some additional responses: Some experts argue that it is the popularity of Linux that makes it a target. Joe McManus, Director of Security at Canonical, explains: "Linux and, particularly Ubuntu, are incredibly secure systems but, that being said, it is their popularity that makes them a target." Ian Thornton-Trump, a threat intelligence expert and the CISO at Cyjax, adds: "From an economic and mission perspective, it makes sense for a threat actor to invest in open-source skills for flexibility and the ability to target the systems where the good stuff is happening."

Despite the increasing number of threats targeting Linux systems, there is still a sound argument for the inherent security of Linux, which can be attributed to the core fundamentals of Open Source. Due to the transparency of open-source code and the constant scrutiny that this code undergoes by a vibrant global community, vulnerabilities are identified and remedied quicker than flaws that exist in the opaque source code of proprietary software and operating systems. Threat actors recognize this, and are still directing the majority of their attacks at proprietary operating systems.

These attacks do; however, serve as a much-needed wakeup call for the security community that more needs to be done to protect Linux servers. BlackBerry's report reveals that security solutions and defensive coverage available within Linux environments is "immature at best". Endpoint protection, detection and response products are inadequately utilized by too many Linux users, and endpoint solutions available for Linux systems are often insufficient in combating advanced exploits. Eric Cornelius, Chief Product Officer at BlackBerry, evaluates: "Security products and services that support Linux, offerings that might detect and give us insight into a threat like this, are relatively lacking compared to other operating systems, and security research about APT use of Linux malware is also relatively sparse."

Linux malware is real and Advanced Persistent Threat (APT) groups have been infiltrating critical servers with these tools for at least eight years, according to a new report from BlackBerry. From a report: In "Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android," security researchers found that these groups have attacked companies around the world and across all industries with goals ranging from simple cybercrime to full-blown economic espionage. The RATs report describes how five APT groups are working with the Chinese government and the remote access trojans (RATs) the cybercriminals are using to get and maintain access to Linux servers.

According to the report, the groups appeared to be using WINNTI-style tooling to take aim at Linux servers and remain relatively undetected for almost a decade. These groups are targeting Red Hat Enterprise, CentOS, and Ubuntu Linux environments for espionage and intellectual property theft. The APT groups examined include the original WINNTI GROUP, PASSCV, BRONZE UNION, CASPER (LEAD), and a newly identified group BlackBerry researchers are tracking as WLNXSPLINTER. The BlackBerry researchers think all five groups are working together, given the distinct similarities in their preferred tools, tactics, and procedures.

An anonymous reader shares a report: Today, we learn some new details about the upcoming Linux Mint 20. While most of the newly revealed information is positive, there is one thing that is sure to upset many Linux Mint users. First things first, Linux Mint 20 will be based on the upcoming Ubuntu 20.04. This shouldn't come as a surprise, as Mint only uses Long Term Support versions of Ubuntu, and 20.04 will be an LTS. We also now know the name of Linux Mint 20. The Mint team always uses female names, and this time they chose "Ulyana." This is apparently a Russian name meaning "youthful." So far, all of the news is positive, so what exactly will upset some users? The Linux Mint developers are finally dropping 32-bit support and will only produce 64-bit ISOs.