Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• CVE - CVE-2023-28410 — Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
• INTEL-SA-00886
• Intel Security Center
• New NetFilter flaw gives attackers root privileges — A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.
• NVD - CVE-2023-32233
• Goodbye to Roblox on Linux — I’m sorry to be such a downer about this, but it’s the reality. We have to spend our time porting to and supporting the platforms that will grow our community.
• Proper support for the Linux platform - Feature Requests
• Ubuntu 23.04 Now Works on StarFive’s VisionFive 2 RISC-V SBC — ”This partnership will provide users with a seamless development experience, allowing them to leverage the best of open source software and RISC-V through Ubuntu and VisionFive 2.”
• Canonical enables Ubuntu on StarFive’s VisionFive 2 RISC-V single board computer
• Open Source Summit North America — Open Source Summit is a conference umbrella, composed of a collection of events covering the most important technologies, topics, and issues affecting open source today.
• AWS open-sources snapshot fuzzing and policy authorization tools
• Schedule - Linux Foundation Events
• The Linux Foundation on Twitter

Special Guest: Brent Gervais.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• curl 8.0.0 is Here — This a major version number bump but without any ground-breaking changes or fireworks. We decided it was about time to reset the minor number down to more a manageable level and doing it exactly on curl’s 25th birthday made it extra fun. There is no API nor ABI break in this version.
• Twenty-five Tears of curl — Taking curl this far and being able to work full time on my hobby project is a dream come real. curl is a huge part of my life.
• curl 8.0.0 with Daniel Stenberg [YouTube]
• curl 8.0.1: because I jinxed it
• Amazon Linux 2023 — When looking for a base to serve as a starting point for Amazon Linux 2023, Fedora was the best choice. We found that Fedora’s core tenets (Freedom, Friends, Features, First) resonate well with our vision for Amazon Linux.
• Paving the Road to Vulkan on Asahi Linux — Today we’re releasing a big update to our GPU drivers for Asahi Linux, so I wanted to talk to you about what we’ve been working on since then, and what’s next!
• Asahi Linux Continues Making Progress On Apple Silicon Graphics, Promising OpenGL Speed
• Canonical joins the confidential computing consortium — Confidential computing is here to give you back control over the security guarantees of your workloads. As the consortium explains, confidential computing aims to “protect data in use by performing computation in a hardware-based Trusted Execution Environment.
• Introduction to Confidential Computing [YouTube]
• Hub 4 pioneers ethical AI integration for a more productive and collaborative future — Today, we are excited to announce a major step forward with Hub 4 – the very first on-premises collaboration platform to integrate intelligent features across its applications.
• Develop for Nextcloud — Write new applications, extend Nextcloud or integrate other software.
• Nextcloud Ethical AI Rating
• Berlin Meet Up — Friday, March 24, 2023

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• Announcing Fedora Linux 37 — Fedora Editions are flagship offerings targeted at a particular “market”. With Fedora Linux 37, we’re adding two new Editions.
• Fedora 37 Now Available With GNOME 43 Desktop, Official Raspberry Pi 4 Support
• Meta OSS’ Sapling — A new source control system with Git-compatible client.
• Get ready for Google Summer of Code 2023! — We are thrilled to announce the 2023 Google Summer of Code (GSoC) program and share the timeline with you to get involved! 2023 will be our 19th consecutive year of hosting GSoC.
• Google Summer of Code
• Rust in the Kernel Update — This patch series is the first batch of changes to upstream the rest of the Rust support.
• Rust Developers Preparing To Upstream More Code Into The Linux Kernel
• WSL 1.0 Released — Microsoft announces it is removing the Preview label and making WSL in the Microsoft Store "generally available".
• Release Notes for WSL kernel

Sponsored By:

• Jupiter Network Membership: Support the entire network, and get access to every member's special feed for every show on the network. Promo Code: thesignal
• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.

Support Linux Action News

Links:

• K9 mail to become Thunderbird on Android — Ultimately, K-9 Mail will transform into Thunderbird on Android.
• K-9 Mail – Open Source Email App for Android
• K-9 Mail joins the Thunderbird family
• Frequently Asked Questions: Thunderbird Mobile and K-9 Mail
• Ubuntu Working To Provide Good Support For The VisionFive Low-Cost RISC-V Board — The Starfive VisionFive is a currently $179 USD RISC-V board that is intended to run full-blown RISC-V Linux distributions.
• Fedora 37 Looks To Boost Its Cloud Posture As An Official Edition — Approved by the Fedora Engineering and Steering Committee this week is returning Fedora Cloud base to be listed as an official Fedora edition.
• Plasma 5.25 - Released — Plasma 5.25 brings new features and concepts to the desktop environment.
• 5 Neat New Features in KDE Plasma 5.25, Released Today
• Ventoy 1.0.76 — Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files.
• Super UEFIinSecureBoot Disk: Boot any OS or .efi file without disabling UEFI Secure Boot
• Adobe Plans To Make Photoshop on the Web Free To Everyone — The company is now testing the free version in Canada, where users are able to access Photoshop on the web through a free Adobe account. Adobe describes the service as “freemium” and eventually plans to gate off some features that will be exclusive to paying subscribers. Enough tools will be freely available to perform what Adobe considers to be Photoshop’s core functions.
• Photopea | Online Photo Editor

Plus, how Microsoft just gave a boost to the Linux Desktop and more.

Sponsored By:

• Ting: Save $25 off your first device, or $25 in service credit if you bring one!
• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.

Support Linux Action News

Links:

• Valve has formally announced the Steam Deck — Valve has now formally revealed the Steam Deck, a portable handheld gaming console powered by a new version of their Linux-based SteamOS operating system.
• Valve Making Linux Anti-Cheat a Reality for Steam Deck Launch — Valve's newly-announced Steam Deck has a nice bonus for Linux gamers — it's helping to improve Linux anti-cheat by working with Easy Anti-Cheat and BattlEye to provide Proton support for their software.
• Steam Deck FAQ: 31 Big Questions Answered - YouTube
• First Hands-On With Valve’s Handheld Gaming PC - YouTube
• Steam Deck :: Tech Specs
• Valve has confirmed to me that we will have access to the Arch repository
• Gabe Newell expects Steam Deck to sell ‘millions of units’ — "Our view is, if we're doing this right, we're going to be selling these in millions of units, and it's clearly going to be establishing a product category that ourselves and other PC manufacturers are going to be able to participate in."
• Ubuntu Touch OTA-18 Officially Released — Ubuntu Touch OTA-18 is here as a maintenance update that plugs various annoyances and bugs to make the entire Ubuntu Touch mobile operating system more stable and reliable.
• Amazon’s Elasticsearch fork OpenSearch hits prime time — Amazon has launched the first production-ready version of its Elasticsearch fork OpenSearch. This comes six months after Amazon’s AWS first revealed plans to fork Elasticsearch
• Introducing OpenSearch
• OpenSearch reaches 1.0 milestone
• Windows 365 Cloud PC — Securely stream your Windows experience—including your personalized apps, content, and settings—from the Microsoft cloud to any device with your Windows 365 Cloud PC. Available August 2.
• Microsoft reveals $31 per user per month price tag — Microsoft isn't sharing pricing for its just-announced Windows 365/ Cloud PC service until early August. But the pricing of one of its lower-end SKUs seemingly has leaked already.
• Introducing a new era of hybrid personal computing — Windows 365 supports your business apps—Microsoft 365, Microsoft Dynamics 365, Microsoft Power Platform—line of business apps, and more. With Windows 365, we also stand by our promise of app compatibility with App Assure, a service that helps customers with 150 or more users fix any app issues they might run into at no additional cost.
• Microsoft is bringing Windows to a web browser, and it will work on iPad and the Mac — Microsoft unveiled a new service called Windows 365, and it makes it possible for users to run a full version of Windows in a web browser on any device.

Plus the imminent problem KDE solved this week, and more.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Initial Apple M1 SoC Support Aims For Linux 5.13 Kernel — This initial Apple M1 Linux port gets the UART, interrupts, SMP, and DeviceTree bits in place for offering basic functionality.
• “Challenge accepted”
• Ars: Apple M1 hardware support merged into Linux 5.13
• Official support for Linux on the M1 Macs could come as soon as June
• [GIT PULL] Apple M1 SoC platform bring-up for 5.13
• Asahi Linux on Twitter — Initial M1 support has been merged into the Linux SoC tree and will be coming to Linux 5.13!
• SiFive FU740 PCIe Support Queued Ahead Of Linux 5.13 — The HiFive Unmatched has a FU740 RISC-V SoC that features four U74-MC cores and one S7 embedded core, 16GB of RAM, USB 3.2 Gen 1, one PCI Express x16 slot (operating at x8 speeds), an NVMe slot, and Gigabit Ethernet.
• How to Secure phpMyAdmin
• Firefox Is Making WebRender The Default Rendering Engine On Linux This Month And There Is A Facelift Coming In May — The Firefox web browser is finally making the long-anticipated WebRender rendering engine the default on GNU/Linux when Firefox 88 is released later this month.
• uBlock Origin works best on Firefox — The Firefox version of uBO makes use of WebAssembly code for core filtering code paths. This is not the case with Chromium-based browsers because this would require an extra permission in the extension manifest which could cause friction when publishing the extension in the Chrome Web Store.
• Wayland Is Driving Fragmentation Around EDID Parsing - A Call To Fix That — Currently there is no de facto EDID parsing library for Linux but many different choices and most Wayland compositors rolling their own. Rather than exposing all of the parsed information from the kernel, there is now a call to have a more unified Linux EDID parsing library.
• vgpu_unlock — Unlock vGPU functionality for consumer-grade GPUs.
• Hacker figures how to unlock vGPU functionality intentionally hidden from certain NVIDIA cards for marketing purposes
• Announcing KDE’s Qt 5 Patch Collection — As Qt 5 support is drawing to a close, and we shift to Qt 6, we need to ensure that KDE products are as reliable as ever. To this end, KDE will be maintaining a set of patches with security and functional fixes so that we can enjoy good KDE Software still based on Qt5 until our software is reliably based on Qt 6.
• Mars Helicopter Flight Delayed to No Earlier than April 14 — During a high-speed spin test of the rotors on Friday, the command sequence controlling the test ended early due to a “watchdog” timer expiration.
• LUP 400 Beer Stein

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.

Support Linux Action News

Links:

• Element suspended on Google Play Store — At 2021-01-29 at 21:35 UTC Google suspended Element from the Play Store without warning or notification
• Element sees fivefold increase in signups after Whatsapp privacy debacle — After Whatsapp’s announcement, rival app Telegram reported a 500% increase in users and Signal saw an 18-fold increase in download numbers, putting it on track to cross 1m new users each day.
• Element team waiting hours — Update: we’re still waiting for a response from Google to our explanatory mail sent ~8 hours ago. Thanks all for your patience while we get this sorted...
• New Linux SUDO flaw lets local users gain root privileges — The issue is a heap-based buffer overflow exploitable by any local user (normal users and system users, listed in the sudoers file or not), with attackers not being required to know the user's password to successfully exploit the flaw. The vulnerability was introduced in the Sudo program almost 9 years ago, in July 2011.
• 10-year-old Sudo bug lets Linux users gain root-level access
• Buffer overflow in command line unescaping
• Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156) - Help Net Security — "This vulnerability is perhaps the most significant sudo vulnerability in recent memory (both in terms of scope and impact) and has been hiding in plain sight for nearly 10 years."
• New Linux Kernel Vulnerabilities Patched in All Supported Ubuntu Releases
• Mitre - CVE-2020-28374
• Red Hat Customer Portal: CVE-2020-28374
• Debian: CVE-2020-28374
• Ubuntu: CVE-2020-28374
• The killing of CentOS Linux: ‘The CentOS board doesn’t get to decide what Red Hat engineering teams do’ — Brian Exelbierd, responsible for Red Hat liaison with the CentOS project and a board member of that project, has told The Register that CentOS Linux is ending because Red Hat simply refused to invest in it.
• Rocky Linux gets a new sponsor—Gregory Kurtzer’s startup, Ctrl IQ — Rocky Linux is to be a beneficiary of Ctrl IQ's revenue, not its source—the company describes itself in its announcement as the suppliers of a "full technology stack integrating key capabilities of enterprise, hyper-scale, cloud and high-performance computing."
• Linux maintainer says long-term support for 5.10 will stay at two years unless biz world steps up and actually uses it — Linux kernel maintainer Greg Kroah-Hartman has responded to complaints that the current promise of two years for 5.10 is not enough, explaining that support is not automatic but requires commercial help.
• Rust Game Server One-Click App Linode — A free-for-all battle in a harsh open-world environment.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Datadog: Datadog - the unified monitoring and analytics platform for comprehensive visibility into cloud, hybrid, and multi-cloud environments.

Support Linux Action News

Links:

• New Year, new Red Hat Enterprise Linux programs: Easier ways to access RHEL — When we announced our intent to transition to CentOS Stream, we did so with a plan to create new programs to address use cases traditionally served by CentOS Linux.
• Staying on GTK3 and GNOME 3.38 this cycle - Desktop - Ubuntu Community Hub — The topic of what to do about the new GNOME started being discussed and after some consideration, we decided to stick to GTK3 and GNOME 3.38 this cycle.
• Welp, Ubuntu 21.04 Won’t Ship with GNOME 40 or GTK4 - OMG! Ubuntu!
• Stepping up for a truly open source Elasticsearch | AWS Open Source Blog — In order to ensure open source versions of Elasticsearch and Kibana remain available and well supported, including in our own offerings, we are announcing today that AWS will step up to create and maintain a ALv2-licensed fork of open source Elasticsearch and Kibana.
• AWS, as predicted, is forking Elasticsearch | ZDNet
• The Next Gen Database Servers Powering Let’s Encrypt - Let’s Encrypt - Free SSL/TLS Certificates — By going with AMD EPYC, we were able to get 64 physical CPU cores while keeping clock speeds high: 2.9GHz base with 3.4GHz boost. More importantly, EPYC provides 128 PCIe v4.0 lanes, which allows us to put 24 NVMe drives in a single machine.
• Ubuntu Can Run on Apple Silicon, Devs Say It’s ‘Completely Usable’ - OMG! Ubuntu! — Developers at ARM virtualisation company Corellium have managed to get Ubuntu 20.04 up and running on the new Apple Silicon Mac Mini.
• How We Ported Linux to the M1
• [RFC PATCH 0/7] Linux on Apple Silicon [LWN.net]
• Raspberry Pi Foundation launches $4 microcontroller with custom chip | TechCrunch — It has a dual-core Arm processor (running at 133MHz), 264KB of RAM, 26 GPIO pins including three analog inputs, a micro-USB port, and a temperature sensor.
• Raspberry Pi Foundation Release Their Own Silicon, the Raspberry Pi Pico - 9to5Linux
• Security Bulletin 1 - Home Assistant — It has come to our attention that certain custom integrations have security issues and could potentially leak sensitive information. Home Assistant is not responsible for custom integrations and you use custom integrations at your own risk.

Plus new Matrix goodies, why AWS is investing in Blender, and more.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Google kills Android Things, its IoT OS, in January — Google announced it had basically given up on the project as a general-purpose IoT operating system in 2019, but now there's an official shutdown date thanks to a new FAQ page detailing the demise of the OS.
• Android Things Shutdown FAQ
• Ron Amadeo on Twitter — Oof, Google promised three years of updates when Android Things launched in May 2018, the actual support it delivered? One year, three months.
• Google, Qualcomm partner to bring 4 OS Android updates to new chipsets — The new plan is three years of major OS updates and four years of security updates.
• Qualcomm promises three years of Android updates for its entire SoC lineup
• Google acquires CloudReady OS to make PCs Chromebooks — Neverware lets you turn old PCs and Macs into Chromebook-esque devices through its CloudReady OS. While primarily aimed at schools and enterprises, a free “Home” edition for everyone is available. Google has now acquired Neverware and CloudReady with plans to integrate it with Chrome OS.
• Native Steam (Borealis) on Chrome OS likely arriving mid-2021
• GTK 4.0 Officially Released After More Than 4 Years of Development — The GTK development officially released today the next generation of the GTK toolkit, GTK 4.0, after being in development for more than four years.
• GTK 4.0 Toolkit Officially Released
• GTK 4.0 – GTK Development Blog
• Matrix.to: Reloaded — A challenge we regularly face is all the factors which make Matrix flexible and powerful as an open, secure decentralised protocol also increase the difficulty of getting started.
• Matrix.to — Create shareable links to Matrix rooms, users or messages without being tied to any app
• Introducing Cerulean — Alongside all the normal business-as-usual Matrix stuff, we’ve found some time to do a mad science experiment over the last few weeks - to test the question: "Is it possible to build a serious Twitter-style decentralised microblogging app using Matrix?"
• Google AMP gets a shock to its system as advisor quits, lawsuit claims foul play — Google’s Accelerated Mobile Pages technology, known as AMP among web publishers, took a beating this week as an antitrust lawsuit filed by the Attorney General of Texas charged that the ad biz used AMP to hinder competition.
• I have resigned from the Google AMP Advisory Committee – Terence Eden’s Blog — I remain convinced that AMP is poorly implemented, hostile to the interests of both users and publishers, and a proprietary & unnecessary incursion into the open web.
• AWS joins the Blender Development Fund — AWS committed to a period of three years, specifically to support character animation tools development.

Plus our reaction to Microsoft's Android subsystem that's in the works.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Prolonged AWS outage takes down a big chunk of the internet — Amazon noted that the issues are only affecting one of its 23 geographic AWS regions. But the problem was significant enough to take out a large number of internet services.
• Geoff Belknap on Twitter — “I… can’t vacuum… because us-east-1 is down.”
• Canonical publishes LTS Docker Image Portfolio on Docker Hub — The LTS Docker Image Portfolio comes with up to ten years Extended Security Maintenance by Canonical.
• Vivaldi Integrates Email Client, Feed Reader, and Calendar in a Browser — The Vivaldi team announced that they are bringing an Email client, a Feed Reader, and a Calendar – all of these together in the latest Vivaldi technical preview release.
• Introducing Vivaldi Mail in Technical Preview
• How to use the built-in GPG feature for Thunderbird
• Systemd 247 Released With Experimental Out-of-Memory Daemon, New Credentials Capability — systemd 247 is very heavy on new features, and one big change for udev.
• [systemd-devel] systemd 247 released
• NTFS read-write driver GPL implementation by Paragon Software — The Paragon NTFS kernel driver patch is now on its 13th iteration
• Microsoft is working on an Android subsystem for Windows 10 — This new initiative is called 'Project Latte,' and similar to Windows Subsystem for Linux (WSL), will create a virtualized Android environment running directly within Windows 10.

Plus Mozilla and KaiOS team up to bring the modern web to feature phones, and the surprising way Microsoft is shipping a Linux kernel.

Support Linux Action News

Links:

• Firefox 74 arrives with stricter add-on rules, TLS 1.0 and TLS 1.1 disabled — Starting with Firefox 74, users will need to take explicit action to install the extensions they want, and will be able to remove previously sideloaded extensions when they want to.
• Introducing GNOME 3.36: “Gresik” — GNOME 3.36 is the latest version of GNOME 3, and is the result of 6 months’ hard work by the GNOME community. It contains major new features, such as new login and unlock experience, and a dedicated app for managing extensions.
• GNOME 3.36 Released with New Lock Screen, Better Performance — Six months of development later and the official GNOME 3.36 release is finally here, with source code available to download from the usual places.
• Announcing Bottlerocket — Bottlerocket comes with a single-step update mechanism and includes only the essential software to run containers. These properties enable customers to use container orchestrators to manage OS updates with minimal disruptions, enabling better uptime for containerized applications and lower operational cost.
• Docker: Helping You and Your Development Team Build and Ship Faster — How are we going to do this? By focusing on developer experience through Docker Desktop, partnering with the ecosystem, and making Docker Hub the nexus for all the integrations, configuration, and management of the application components which constitute your apps and microservices.
• VMware Announces Expanded Portfolio of Products and Services to Help Customers Modernize Applications and Infrastructure — Tanzu, first introduced at the VMworld event in August 2019, is a portfolio of products centered on K8s. Also announced was vSphere 7, newly rearchitected using Kubernetes, and optimized to run both modern container-based and traditional virtual machine-based workloads.
• KaiOS Technologies and Mozilla partner to enable a healthy mobile internet for everyone — This partnership bolsters the security and performance of KaiOS-enabled smart feature phones, as well as the platform’s developer tools, security, and available functions, including better Progressive Web App and WebAssembly support.
• Magisk may no longer be able to hide bootloader unlocking from apps — Users have noticed that their bootloader-unlocked devices are failing SafetyNet’s Basic Integrity check even though they used Magisk to patch the boot image. According to Magisk creator John Wu, this is because Google may have implemented hardware-level key attestation to verify that the boot image has not been tampered with.
• Kernels for WSL2 will come from Windows Update — WSL2 will soon be officially available as part of Windows 10, version 2004! As we get ready for general availability, we want to share one additional change: updating how the Linux kernel inside of WSL2 is installed and serviced on your machine.

Support Linux Action News

Plus why Ubuntu is taking the Windows Subsystem for Linux so seriously.

Support Linux Action News

Links:

• Canonical announces Ubuntu Pro for Amazon Web Services — New premium Ubuntu images with extended security, kernel live patching and more
• Introducing the Ubuntu AWS Rolling Kernel
• Canonical Announces "Ubuntu Pro" For AWS
• Canonical makes Ubuntu for Windows SubSystem for Linux a priority
• Amazon Announces Graviton2 SoC Along With New 64-Core Arm Instances — The new Graviton2 SoC is a custom design by Amazon’s own in-house silicon design teams and is a successor to the first-generation Graviton chip. The new chip quadruples the core count from 16 cores to 64.
• Graviton pulse - Memory Alpha
• AWS Goes All In On Arm-Based Graviton2 Processors
• Firefox 71 Released — Native MP3 decoding on Windows, Linux, and macOS
• Firefox 71 Linux Performance Isn't Looking All That Great
• Firefox Private Network Beta
• Firefox VPN Sign Up
• Mozilla launches the next phase of its Firefox Private Network VPN beta
• Avast Online Security and Avast Secure Browser are spying on you
• Mozilla updates DeepSpeech with an English language model that runs 'faster than real time'

Plus a big boost for ARM on Linux, and our thoughts on recent Red Hat news.

Support Linux Action News

Links:

• Ubuntu 19.10 Released — Ubuntu 19.10 “Eoan Ermine” boasts an upgraded Linux kernel along with faster boot times, updated themes, and experimental ZFS file system support. Whether or not you upgrade, Ermine shows what to expect from Ubuntu’s next LTS release, due April 2020.
• Ubuntu 20.04 LTS Codenamed The Focal Fossa, Arriving On 23 April
• Canonical Pulled In $99M While Still Operating At A Loss
• Ubuntu 19.10 Flavours Released
• Ubuntu 19.10's Kernel Ships With A DoS / Arbitrary Code Execution Bug In The IPv6 Code
• TechSNAP 414: Rooting for ZFS
• IBM Misses Estimates as Red Hat Fails to Offset Declines — Red Hat included in results for first time since 2018 purchase.
• Samsung ends Linux on DeX beta with Android 10 — Samsung will no longer provide support on future OS and device releases. The company also notes that users will not be able to perform a version rollback to Android 9 Pie once they have upgraded to Android 10.
• Bare Metal Arm-Based EC2 Instances — Just like for existing bare metal instances (M5, M5d, R5, R5d, z1d, and so forth), your operating system runs directly on the underlying hardware with direct access to the processor.
• Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub — Unit 42 researchers identified a new cryptojacking worm we’ve named Graboid that’s spread to more than 2,000 unsecured Docker hosts.
• Docker Containers Riddled with Graboid Crypto-Worm
• andOTP removed from Google Play Store — andOTP was recently removed from the Google Play Store for violating their payment terms. This is most likely due to the fact that we offer in-app donation links that DO NOT use Googles In-App billing, which is against their terms.
• andOTP - Android OTP Authenticator
• WireGuard removed from Google Play Store — They said it was because we're in violation of their "Payments Policy", presumably because we have a link inside the app that opens the user's web browser to wireguard.com/donations/.
• WireGuard commit reversed dev comments interesting
• WireGuard - Apps on Google Play
• WireGuard Restored In Android's Google Play Store

Plus who is spending $30m a month on AWS? Docker on ARM, and some LinuxFest Northwest thoughts.

Support Linux Action News

Links:

• Docker Hub hack exposed data of 190,000 users — Docker Hub usernames, hashed passwords, GitHub and Bitbucket access tokens exposed in the hack.
• Docker developers can now build Arm containers on their desktops — The main idea here is to make it easy for Docker developers to build their applications for the Arm platform right from their x86 desktops and then deploy them to the cloud (including the Arm-based AWS EC2 A1 instances), edge and IoT devices.
• Neoverse N1 – Arm
• Rancher looks to rope in Kubernetes users with new OS distro — It hasn’t been that long since Rancher announced k3s, a Kubernetes distribution for resource constrained environments. Just two months on, the project now gets its own operating system – k3OS.
• Rancher Labs combined Linux with Kubernetes in new OS platform
• Apple spends upwards of $30m a month on AWS — According to US media reports, Apple is spending upwards of $30m a month on procuring cloud services from Amazon Web Services
• Nextcloud 16 introduces machine learning based security and usability features — Suspicious Login Detection uses a locally trained neural network to detect attempts to login by malicious actors.
• France's 'Secure' Telegram Replacement Hacked in an Hour — The French government said that it still plans to require its use in lieu of WhatsApp and Telegram, for any informal communications between government employees, agencies and some handpicked non-governmental organizations.

Plus more good work by Mozilla, and the Chinese crackdown on Bitcoin mining.

Support Linux Action News

Links:

• The 6 most important announcements from Google Cloud Next 2019 — Anthos is the new name of the Google Cloud Services Platform, Google’s managed service for allowing enterprises to run applications in their private data center and in Google’s cloud.
• PowerShell growth fueled by Linux use — PowerShell Core usage has grown significantly in the last two years. In particular, the bulk of our growth has come from Linux usage
• Teaching machines to triage Firefox bugs
• Mozilla still on track to enable DNS-over-HTTPS by default in Firefox
• Protections Against Fingerprinting and Cryptocurrency Mining Available in Firefox Nightly and Beta
• Matrix suffers security breach — An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens.
• Archive of deleted GitHub Issues lodged by the hacker
• Chinese government proposes ban on bitcoin mining — A Chinese ban on cryptocurrency mining would be a huge deal for the global bitcoin community.

Plus we say goodbye to Koroa, find a reason to checkout GRUB nightlies, and how Android aims to kill passwords for good.

Support Linux Action News

Links:

• LineageOS 16.0 released — We feel that the 16.0 branch has reached feature parity with 15.1 and is ready for initial release. With 16.0 being the most recent and most actively-developed branch, on March 1st, 2019 it will begin receiving builds nightly and 15.1 will be moved to weekly builds.
• XDA Coverage of LineageOS 16.0
• KaiOS now with 85M feature phones shipped — With 85 million phones now shipped in more than 100 markets with handset brands like Nokia and India’s Jio, KaiOS now has an expanded partnership to put more Google
• KaiOS is doing well in US too
• RISC-V Support Added To The GRUB Bootloader — As working towards this year's GRUB 2.04 update, we've known they have been on the finishing stretch for merging RISC-V support and as of this morning that milestone has been crossed.
• RISC-V Support in the FreeRTOS Kernel
• Bringing energy efficiency to IoT architecture
• The Challenge Of RISC-V Compliance
• Thunderclap and Linux — The authors built a "fake" network card2 and performed various DMA attacks and were able to temper with memory regions that their network card should have no access to whatsoever.
• [announce] Struck by a Thunderbolt
• [official site] Thunderclap
• RIP Korora — "Our @kororaproject website has been redirected to @fedora as we do not have any new releases coming. Thank you for your support over the last 13 odd years."
• We saw this coming

Plus Homebrew comes to Linux, the recent Ethereum Classic attack, and more.

Support Linux Action News

Links:

• Chrome OS may soon let companies choose their own distro for Linux apps — Device administrators will be able to designate a URL for Chrome OS to download the Linux distro from a hash to ensure the download was successful.
• Github offers free private repos — Today we’re announcing two major updates to make GitHub more accessible to developers: unlimited free private repositories, and a simpler, unified Enterprise offering.
• Homebrew comes to Linux — The most significant changes since 1.8.0 are Linux support, (optional) automatic brew cleanup and providing bottles (binary packages) to more Homebrew users.
• Amazon launches Mongo-compatible DocumentDB — The launch of AWS DocumentDB – a fully managed document database service – comes just months after MongoDB announced a new licence
• Phoenix joins the LVFS — Just like AMI, Phoenix is a huge firmware vendor, providing the firmware for millions of machines.
• Ethereum Classic suffers 51-percent attack — Rollback attack let attackers spend 88,500 previously spent coins.
• Coinbase Suspends Ethereum Classic