An anonymous reader writes: Tavis Ormandy of Google's Project Zero team has discovered a vulnerability in Symantec Antivirus Engine. The said engine is vulnerable to a buffer overflow when parsing malformed portable-executable (PE) header files, reports ZDNet. "Such malformed PE files can be received through incoming email, downloading of a document or application, or by visiting a malicious web site," Symantec said. "No user interaction is required to trigger the parsing of the malformed file." For Linux, OS X, and other Unix-like systems, the exploit results in a remote heap overflow as root in the Symantec or Norton process, Ormandy said in the Project Zero issue tracker. "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability -- this is about as bad as it can possibly get," he said.The vulnerability, if exploited, results in kernel memory corruption without user action and instant blue-screening on Windows.

theodp writes: The problem with Oracle v. Google," explains Motherboard's Sarah Jeong, "is that everyone actually affected by the case knows what an API is, but the whole affair is being decided by people who don't, from the normals in the jury box to the normals at the Supreme Court." Which has Google's witnesses "really, really worried that the jury does not understand nerd shit." Jeong writes, "Eric Schmidt sought to describe APIs and languages using power plugs as an analogy. Jonathan Schwartz tried his hand at explaining with 'breakfast menus,' only to have Judge William Alsup respond witheringly, 'I don't know what the witness just said. The thing about the breakfast menu makes no sense.'

"Schwartz's second attempt at the breakfast menu analogy went much better, as he explained that although two different restaurants could have hamburgers on the menu, the actual hamburgers themselves were different -- the terms on the menu were an API, and the hamburgers were implementations." And Schwarz's explanation that the acronym GNU stands for 'GNU is Not Unix' drew the following exchange: "The G part stands for GNU?" Alsup asked in disbelief. "Yes," said Schwartz on the stand. "That doesn't make any sense," said the 71-year-old Clinton appointee.

jaromil writes: Devuan beta is released today, following up the Debian fork declaration and progress made during the past two years. Devuan now provides an alternative upgrade path to Debian, and switching is easy from both Wheezy and Jessie. From The Register: "Devuan came into being after a rebellion by a self-described 'Veteran Unix Admin collective' argued that Debian had betrayed its roots and was becoming too desktop-oriented. The item to which they objected most vigorously was the inclusion of the systemd bootloader. The rebels therefore decided to fork Debian and 'preserve Init freedom.' The group renamed itself and its distribution 'Devuan' and got work, promising a fork that looked, felt, and quacked like Debian in all regards other than imposing systemd as the default Init option."

prisoninmate quotes a report from Softpedia: UbuntuBSD maintainer and lead developer Jon Boden is now looking for a way for his operating system to contribute to the Ubuntu community and, eventually, become an official Ubuntu flavor. Just two weeks ago, [Softpedia] introduced the ubuntuBSD project, whose main design goal is to bring users an operating system powered by the FreeBSD kernel while offering them the familiarity of the Ubuntu Linux OS. Right now, ubuntuBSD is in heavy development, with a fourth Beta build out the door, and it looks like the developer already seeks official status and wants to contribute all of his work to the main Ubuntu channels. [Canonical has yet to respond.]

An anonymous reader quotes a report from THE INQUIRER: Now-defunct Unix vendor, which claimed that Linux infringed its intellectual property and sought as much as $5 billion in compensation from IBM, has filed notice of yet another appeal in the 13-year-old dispute. The appeal comes after a ruling at the end of February when SCO's arguments claiming intellectual property ownership over parts of Unix were rejected by a U.S. district court. That judgment noted that SCO had minimal resources to defend counter-claims filed by IBM due to SCO's bankruptcy. "It is ordered and adjudged that pursuant to the orders of the court entered on July 10, 2013, February 5, 2016, and February 8, 2016, judgement is entered in favor of the defendant and plaintiff's causes of action are dismissed with prejudice," stated the document. Now, though, SCO has filed yet again to appeal that judgement, although the precise grounds it is claiming haven't yet been disclosed.

Steven J. Vaughan-Nichols reports for ZDNet: According to sources at Canonical, Ubuntu Linux's parent company, and Microsoft, you'll soon be able to run Ubuntu on Windows 10. This will be more than just running the Bash shell on Windows 10. After all, thanks to programs such as Cygwin or MSYS utilities, hardcore Unix users have long been able to run the popular Bash command line interface (CLI) on Windows. With this new addition, Ubuntu users will be able to run Ubuntu simultaneously with Windows. This will not be in a virtual machine, but as an integrated part of Windows 10. [...] Microsoft and Canonical will not, however, sources say, be integrating Linux per se into Windows. Instead, Ubuntu will primarily run on a foundation of native Windows libraries. Update: 03/30 16:16 GMT by M : At its developer conference Build 2016, Microsoft on Wednesday confirmed that it is bringing native support for Bash on Windows 10. Scott Hanselman writes: This isn't Bash or Ubuntu running in a VM. This is a real native Bash Linux binary running on Windows itself. It's fast and lightweight and it's the real binaries. This is a genuine Ubuntu image on top of Windows with all the Linux tools I use like awk, sed, grep, vi, etc. It's fast and it's lightweight. The binaries are downloaded by you - using apt-get - just as on Linux, because it is Linux. You can apt-get and download other tools like Ruby, Redis, emacs, and on and on. This is brilliant for developers that use a diverse set of tools like me.

Freshly Exhumed writes: Redox OS, a project on GitHub aimed at creating an alternative OS able to run almost all Linux executables with only minimal modifications, is to feature a pure Rust ecosystem, which they hope will improve correctness and security over other OSes. In their own words, 'Redox isn't afraid of dropping the bad parts of POSIX, while preserving modest Linux API compatibility.' They also level harsh criticisms at other OSes, saying "...we will not replicate the mistakes made by others. This is probably the most important tenet of Redox. In the past, bad design choices were made by Linux, Unix, BSD, HURD, and so on. We all make mistakes, that's no secret, but there is no reason to repeat others' mistakes." Not stopping there, Redox documentation contains blunt critiques of Plan 9, the GPL, and other mainstays.

prisoninmate writes: What's ubuntuBSD? Well, it's not that hard to figure out yourself, but just in case you're not sure, we can tell you that ubuntuBSD promises to bring the power of the FreeBSD kernel to Ubuntu Linux. The best part of using the FreeBSD kernel is that you'll end up using the famous Z File System, or ZFS. Xfce is also included along with the popular Firefox, LibreOffice, and Ubuntu Software Center apps. ubuntuBSD is inspired by the Debian GNU/kFreeBSD project, it is hosted on SourceForge, and has been created by Jon Boden.

An anonymous reader writes: After over a decade of ownership of the product, Google announced just a few weeks ago that it will be closing the shutters for good on Picasa, a cross-platform photo viewer and organizer with basic editing capabilities. In the official announcement, Google has set March 15 as the end of support for the desktop client, with changes to the accompanying web-album hosting service set to roll out later in the spring. On Opensource.com, Jason Baker rounded up 9 open source and Linux-compatible alternatives to the popular photo sharing service.

An anonymous reader writes: After almost a year of development, bug fixing and cleanup, BorgBackup 1.0.0 has been released. BorgBackup is a fork of the Attic-Backup project — a deduplicating, compressing, encrypting and authenticating backup program for Linux, FreeBSD, Mac OS X and other unixoid operating systems (Windows may also work using CygWin, but that is rather experimental/unsupported). It works on 32bit as well as on 64bit platforms, x86/x64 and ARM CPUs (maybe as well on others, but these are the tested ones). For Linux, FreeBSD and Mac OS X, there are single-file binaries which can be just copied onto a system and contain everything needed (Python, libraries, BorgBackup itself). Of course, it can be also installed from source. BorgBackup is FOSS (BSD License) and implemented in Python 3 (91%), speed critical parts are in C or Cython (9%).

An anonymous reader writes: On Friday, IBM and SCO filed an agreement with the US district court in Utah to accept a ruling of dismissal of the last remaining claims by SCO against IBM. Says the linked article, in line with our most recent other mentions of the long-due death spiral: This agreement wasn't unexpected, and in fact, came down right on deadline. On February 10, I reported that Judge David Nuffer with the U.S. District Court in Utah had ruled to dismiss a couple of interference claims SCO had filed against IBM, and had ordered both parties to reach an agreement on whether to accept the dismissal by February 26, which was Friday. In all likelihood this is the last we'll ever hear from SCO as its current owner, the California based software company Xinuos which now owns and markets many of SCO's old products, will probably remove what's left of SCO from life support.

An anonymous reader writes: Israeli PC maker CompuLab has begun shipping the Airtop PC that allows assembling high-end PC components into a completely fanless design. Phoronix's initial testing of the Airtop PC showed that it has a Core i7 5775C Broadwell processor, 16GB of RAM, 256GB SSD, and GeForce GTX 950 all while being fan-less thanks to the innovative design. The early results are quite positive for this uniquely designed PC but it comes at a cost premium of a fully-loaded system costing more than $2,200 USD.

LichtSpektren writes: Ubuntu developer Dustin Kirkland has posted on his blog that Canonical plans to officially support the ZFS file system for the next Ubuntu LTS release, 16.04 "Xenial Xerus." The file system, which originates in Solaris UNIX, is renowned for its feature set (Kirkland touts "snapshots, copy-on-write cloning, continuous integrity checking against data corruption, automatic repair, efficient data compression") and its stability. "You'll find zfs.ko automatically built and installed on your Ubuntu systems. No more DKMS-built modules!" N.B. ext4 will still be the default file system due to the unresolved licensing conflict between Linux's GPLv2 and ZFS's CDDL.

An anonymous reader writes: GNU developer Samuel Thibault presented at this weekend's FOSDEM conference about the current state of GNU Hurd. He shared that over the past year they've started working on experimental sound support as their big new feature. They also have x86 64-bit support to the point that the kernel can boot, but not much beyond that stage yet. USB and other functionality remains a work-in-progress. Those curious about this GNU kernel project can find more details via the presentation media.

An anonymous reader writes: A bunch of Facebook users received mysterious messages yesterday congratulating them on 46 years of being friends with somebody on Facebook. An astute observer may note that Facebook hasn't been around for 46 years. An even more astute observer might note that 46 years ago yesterday would be 12/31/1969 — easily recognizable as value '0' in the Unix Epoch with a time zone adjustment. A Microsoft engineer posits that the messages were sent because of how Facebook implemented its congratulatory messages. Many people were Facebook friends when the feature was rolled out, and instead of finding or estimating the date they became friends, Facebook simply set that database value to '0'. When the script fired to send those messages, it grabbed that value expecting a time, and interpreted the 0 accordingly. "The developer who wrote the "friends with since" memories algorithm should have added a case WHERE friendsWithSinceDate != '0' or something along those lines."

An anonymous reader writes: Two years after the PlayStation 4 was released, and two weeks after it was jailbroken, a group of hackers has now successfully installed Linux on it. "...it appears that the fail0verflow team utilized a WebKit bug similar to the one recently documented by GitHub user CTurt and then took things up a notch. CTurt's workaround focuses on the PlayStation 4's Webkit browser, which is tricked into freeing processes from the core of the console's operating system by an improvised webpage. The PS4 is powered by Sony's Orbis OS, which is based on a Unix-like software called FreeBSD. With a route into the console's system, fail0verflow then identified weaknesses in the PlayStation 4's GPU. It specifically called out engineers from semiconductor company Marvell, accusing them of 'smoking some real good stuff' when they designed the PlayStation 4's southbridge chip."

An anonymous reader writes: A new year, with old systems. It is time to break bad old habits and develop good new ones. This list talks about new years resolutions for Linux and Unix sysadmins. List includes turning on 2FA on all services, making peace with systemd, installing free SSL/TLS certificates, avoiding laptops with horrible screens or wireless whitelist in BIOS, building Linux gaming rig and more. What resolutions are on your list regarding sysadmin or IT work in 2016?

An anonymous reader writes: DragonFlyBSD 4.4 is now available for download (x86_64 ISO) and is a feature release that presents many improvements and new features. DragonFlyBSD now uses the Gold Linker by default rather than GNU Ld, updates the Intel and Radeon graphics support against the Linux 3.18 kernel, improves its experimental HAMMER2 file-system updates the locale system and provides collation for named locales, changes out its regex library, and has new hardware drivers. More details on the 4.4 release page.

OakDragon writes: Microsoft has tamped down the earth on XP's grave, steered Internet Explorer toward the nursing home, and is trying to convince everyone Windows 10 is a bright up-and-comer. But in the Paris airport of Orly, a system called DECOR — which helps air traffic controllers relay weather information to pilots — is running on Windows 3.1. That program suffered a glitch recently that grounded planes for some time. The airport actually runs on a variety of old systems, including Windows XP and UNIX. Maintenance is a problem. There are only three people in Paris that work on DECOR issues, and one of them is retiring soon. Hardware is also an issue. "Sometimes we have to go rummaging on eBay to replace certain parts," said Fiacre. "In any case, these machines were not designed to keep working for more than 20 years."

LichtSpektren writes: Andrew Tanenbaum, author of MINIX, writes: 'MINIX has been around now for about 30 years so it is (finally) time for the MINIXers to have a conference to get together, just as Linuxers and BSDers have been doing for a long time. The idea is to exchange ideas and experiences among MINIX 3 developers and users as well as discussing possible paths forward now that the ERC funding is over. Future developments will now be done like in any other volunteer-based open-source project. Increasing community involvement is a key issue here. Attend or give a presentation.' The con will be held on 1 February 2016 at the Vrije Universiteit in Amsterdam, the Netherlands.