Canonical today announced the release of Ubuntu 19.04 "Disco Dingo." With Linux 5.0 and GNOME 3.32, Disco Dingo features performance improvements and visual tweaks. Whether or not you upgrade, Disco Dingo lays the groundwork for future long term support releases of Ubuntu. From a report: Keep in mind, version 19.04 is not LTS (Long Term Support), meaning it is only supported until January 2020. "Ubuntu 19.04 introduces GNOME 3.32 with higher frame rates, smoother startup animations, quicker icon load times and reduced CPU+GPU load. Fractional scaling for HiDPI screens is now available in X-org and Wayland. Installing Ubuntu on VMWare will automatically install open-vm-tools for bi-directional clipboard, easy sharing of files and graceful power state management," says Canonical. The Ubuntu-maker further says, "In Ubuntu 19.04, multiple instances of the same snap can be installed for CI/CD, testing or phased rollouts. For example, two versions of a database or two versions of the golang compiler can be installed at the same time. Snap epochs control when and how data migration happens between major version upgrades."

Brian Fagioli, reporting for BetaNews: Today should be happy times for the Linux Mint community, as we finally learn some new details about the upcoming version 19.2! It will be based on Ubuntu 18.04 and once again feature three desktop environments -- Xfce, Mate, and Cinnamon. We even found out the code name for Linux Mint 19.2 -- "Tina." And yet, it is hard to celebrate. Why? Because the developers seem to be depressed and defeated. They even appear to be a bit disenchanted with Free Software development overall. Clement Lefebvre, leader of the Linux Mint project, shared a very lengthy blog post today, and it really made me sad.

He wrote, "For a team to work, developers need to feel like heroes. They want the same things as users, they are users, they were 'only' users to start with. At some stage they decide to get involved and they start investing time, efforts and emotions into improving our project. What they're looking for the most is support and happiness. They need feedback and information to understand bugs or feature requests and when they're done implementing something, they need to feel like heroes, they literally do, that's part of the reason they're here really." Upon publication of the article, Jason Hicks, Muffin maintainer and member of the Linux Mint team, corroborated the claims made by others.

"From now on our communities will merge to became one single point of contact for OS/2 users and people investigating the truth about our planet earth," OS2World announced today.

OS2World's news master martiniturbide, also a Slashdot reader, writes: The OS/2 community expects that this action will benefit the platform by getting the funds to finally create an open source clone of OS/2. OS2World asks every OS/2 user to start believing that the earth is flat to get the "big bucks" that will finally turn the operating system into a Windows 10, Ubuntu, MacOS X and Android competitor in the final OS Wars of all ages.

An anonymous reader shares a report: Today, Canonical's Ubuntu reaches a major milestone. You see, Ubuntu 19.04, which is named "Disco Dingo," has achieved Beta status. And yes, you can download it immediately. Fans of GNOME will be glad to know that version 3.32 is included in the standard Ubuntu Desktop release. Also cool? This is the first version of Ubuntu to use Linux kernel 5.

dryriver writes: A lot of people probably remember the 1990s palmtop computers made by Psion fondly. The clamshell-design palmtops were pocketable, black and white, but had a working stylus and a fantastic tactile foldout QWERTY keyboard that you could type pretty substantial documents on or even write code with. A different company -- Planet Computers -- has now produced a spiritual successor to the old Psion palmtops called the Gemini PDA that is much like an old Psion but with the latest Android smartphone hardware in it and a virtually identical tactile keyboard. It can also dual boot to Linux (Debian, Ubuntu, Sailfish) alongside Android. The technical specs are a MediaTek deca-core processor, 4GB RAM, 64GB storage (plus microSD slot), 4G, 802.11c Wi-Fi, GPS, Bluetooth, eSIM support, and 4,220mAh battery. The screen measures in at 5.99-inches with a 2,160 x 1,080 (403ppi) resolution. The only thing missing seems to be the stylus -- but perhaps that would have complicated manufacturing of this niche-device in its first production run.

A group of programmers and device hackers are working to bring proper support for Ubuntu to Arm-powered Windows laptops, starting with first-generation Snapdragon 835 systems, like the HP Envy x2 and Asus NovaGo. From a report: The aarch64-laptops project provides prebuilt images for the aforementioned notebook PCs, as well as the Lenovo Miix 630. Although Ubuntu and other Linux distributions support aarch64 (ARMv8) by default, various obstacles including the design and configuration of Qualcomm Snapdragon processors make these default images not practically usable. The aarch64-laptops project developers are aiming to address these difficulties, though work is still ongoing. Presently, the TouchPad does not work properly on the Asus, with all three lacking proper support for on-board storage and Wi-Fi, which rely on UFS support. According to their documentation, this is being worked on upstream.

An anonymous reader writes: Today, System76 unveiled its latest laptop -- the 15.6-inch (full-HD) "Darter Pro." It is thin, but not overly so -- it still has USB-A ports (thankfully). The computer is quite modern, however, as it also has a USB-C/Thunderbolt 3 port. It supports Pop!_OS 18.04 LTS (64-bit), Pop!_OS 18.10 (64-bit), or Ubuntu 18.04 LTS (64-bit) operating system. It comes in two variants, with the following processor options: 8th Gen Intel Core i5-8265U: 1.6 up to 3.90 GHz -- 6MB Cache -- 4 Cores -- 8 Threads, or 8th Gen Intel Core i7-8565U: 1.8 up to 4.60 GHz -- 8MB Cache -- 4 Cores -- 8 Threads, with either coupled with Intel UHD Graphics 620 GPU, and up to 32GB Dual Channel DDR4 @ 2400 MHz, and M.2 SATA or PCIe NVMe SSD for storage. As for ports, there is USB 3.1 Type-C with Thunderbolt 3, 2 USB 3.0 Type-A, 1 x USB 2.0, SD Card Reader. The company says it will announce the pricing at a later stage,

"Time and again, security experts and vendors alike will recommend to organizations and end users to keep software and systems updated with the latest patches," reports eWeek. "But what happens when the application infrastructure that is supposed to deliver those patches itself is at risk?" That's what open-source and Linux users were faced with this past week with a pair of projects reporting vulnerabilities. On January 22, the Debian Linux distribution reported a vulnerability in its APT package manager that is used by end users and organizations to get application updates. That disclosure was followed a day later, on January 23, with the PHP PEAR (PHP Extension and Application Repository) shutting down its primary website, warning that it was the victim of a data breach. PHP PEAR is a package manager that is included with many Linux distributions as part of the open-source PHP programming language binaries....

In the Debian APT case, a security researcher found a flaw, reported it, and the open-source project community responded rapidly, fixing the issue. With PHP PEAR issue, researchers with the Paranoids FIRE (Forensics, Incident Response and Engineering) Team reported that they discovered a tainted file on the primary PEAR website... Both PHP PEAR and Debian have issued updates fixing their respective issues. While both projects are undoubtably redoubling their efforts now with different security technologies and techniques, the simple fact is that the two issues highlight a risk with users trusting updating tools and package management systems.

Canonical today announced the release of Ubuntu Core 18 "for secure, reliable IoT devices." The Canonical blog notes that "Immutable, digitally signed snaps ensure that devices built with Ubuntu Core are resistant to corruption or tampering. Any component can be verified at any time." In addition, "The attack surface of Ubuntu Core has been minimized, with very few packages installed in the base OS, reducing the size and frequency of security updates and providing more storage for applications and data." Ubuntu Core also "enables a new class of app-centric things, which can inherit apps from the broader Ubuntu and Snapcraft ecosystems or build unique and exclusive applications that are specific to a brand or model." You can download it from here.

One of the most refreshing aspects of Linux in 2018 was the popularity of Snaps. Canonical revealed that the containerized packages have been a smashing success. Today, the Ubuntu-maker highlights what it feels are the top 10 Snaps of 2018. From a report: "With 2018 drawing to a close, and many of us spending with family during the holiday season, I thought we'd take a look back over some of our favourite Linux applications in the Snap Store. Some have been in the store for over a year, and a few landed only recently, but they're all great," says Alan Pope, Canonical. [...] Canonical shares the Top 10 Snaps: Spotify, Slack, VLC, Nextcloud, Android Studio, Discord, Plex Media Server, Xonotic, Notepad++, and Shotcut.

MojoKid writes: ARM-based server processors have threatened to take on Intel in the data center for some time but not much has materialized thus far in terms of significant deployments. However, a new breed of low cost ARM server implementations may be in the works with a many-core platform called Banana Pi. The latest Banana Pi device being teased is something very different in the form of a 24-core ARM server that speculation suggests might be sold as a Banana Pi server board or as a finished server product.

A video has surfaced that reportedly shows a 24-core ARM Cortex-A53 processor with 32GB of RAM, though the OS only sees 29.4GB of that RAM. The OS is Ubuntu 18.04.1 LTS with MATE desktop. Unless the processor used in this device is something unannounced, and that seems unlikely, the chip itself would likely be a SocioNext SC2A11. The same processor is used in the Linaro Developer Box. The demo shows the server fully loaded at 100% CPU utilization building a Linux kernel and reportedly the system also supports NVMe storage as well as TensorFlow workloads for machine learning. Not much else is known about the system at this time but it's an interesting development in the Linux server space to be sure.

Lubuntu, a popular Ubuntu flavor which announced earlier this year that it would stop supporting old hardware, is now dropping support for 32-bit x86 releases. BetaNews adds: "Lubuntu has been and continues to be the go-to Ubuntu flavor for people who want the most from their computers, especially older hardware that cannot handle today's workloads. However, the project and computing as a whole has drastically changed in many ways since its origin ten years ago. Computers have become faster, more secure, and most notably, have moved off of the traditional 32-bit i686 (generalized as i386 in Debian and Ubuntu) architecture," says Simon Quigley, Lubuntu.

Quigley further says , "As an increasing number of Linux distributions have focused their attention on the 64-bit x86 architecture (amd64) and not on i386, we have found that it is harder to support than it once was. With i386-only machines becoming an artifact of the past, it has become increasingly clear to the Lubuntu Team that we need to evaluate its removal from the architectures we support. After careful consideration, we regret to inform our users that Lubuntu 19.04 and future versions will not see a release for the i386 architecture. Please do note that we will continue to support Lubuntu 18.04 LTS i386 users as a first-class citizen until its End of Life date in April of 2021."

140Mandak262Jamuna writes: CleanTechnica is reporting that someone hacked the infotainment system of a Tesla Model 3 and got root access and installed Linux distribution Ubuntu. Redditor trsohmers is able to show an Ubuntu command shell running alongside the Tesla OS. Since Tesla supports a browser that allows you to visit any site, could this be leveraged into remote hacks? It could also mean that if Tesla sells a long-range version of the Model 3, but limits it via software, people might try to remove the block. One could potentially get a 15-day trial of full self-driving for free and extend that 15-day window forever. At least he had some guts messing with $50,000 hardware that phones home all the time. Will Tesla brick his car to attempt to disprove the security issue?

After years of waiting for someone to design an ARM server processor that could work at scale on the cloud, Amazon Web Services just went ahead and designed its own. From a report: Vice president of infrastructure Peter DeSantis introduced the AWS Graviton Processor Monday night, adding a third chip option for cloud customers alongside instances that use processors from Intel and AMD. The company did not provide a lot of details about the processor itself, but DeSantis said that it was designed for scale-out workloads that benefit from a lot of servers chipping away at a problem. The new instances will be known as EC2 A1, and they can run applications written for Amazon Linux, Red Hat Enterprise Linux, and Ubuntu. They are generally available in four regions: US East (Northern Virginia), US East (Ohio), US West (Oregon), and Europe (Ireland). Intel dominates the market for server processors, both in the cloud and in the on-premises server market. AMD has tried to challenge that lead over the years with little success, although its new Epyc processors have been well-received by server buyers and cloud companies like AWS. John Gruber of DaringFireball, where we first spotted this story, adds: Makes you wonder what the hell is going on at Intel and AMD -- first they missed out on mobile, now they're missing out on the cloud's move to power-efficient ARM chips.

An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information."

Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."

The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.

It's been named Outline because in places where internet use may be restricted — it gives you a line out.

PHP 7.3 RC6 was released earlier this week. Phoronix ran some benchmarks and compared the performance of v7.3 RC6 with releases going back to the v5.5 series. From the story: I ran some fresh benchmarks over the past day on PHP 5.5.38, PHP 5.6.38, PHP 7.0.32, PHP 7.1.24, PHP 7.2.12, and the PHP 7.3.0-RC6 test release. All of the PHP5/PHP7 builds were configured and built in the same manner. All tests happened from the same Dell PowerEdge R7425 dual EPYC server running Ubuntu 18.10 Linux.

Besides continuing to evolve the performance of PHP7, the PHP 7.3 release is also delivering on FFI (the Foreign Function Interface) to access functions / variables / data structures from the C language, a platform-independent manner for obtaining information on network interfaces, an is_countable() call, WebP support within GD's image create from string, updated SQLite support, improved PHP garbage collection performance, and many other enhancements. PHP 7.3 is just shy of 10% faster than PHP 7.2 in the popular PHPBench. PHP 7.3 is 31% faster than PHP 7.0 or nearly 3x the speed of PHP5.

At the OpenStack Summit in Berlin last week, Ubuntu Linux founder Mark Shuttleworth said in a keynote that Ubuntu 18.04 Long Term Support (LTS) support lifespan would be extended from five years to 10 years. "I'm delighted to announce that Ubuntu 18.04 will be supported for a full 10 years," said Shuttleworth, "In part because of the very long time horizons in some of industries like financial services and telecommunications but also from IoT where manufacturing lines for example are being deployed that will be in production for at least a decade." ZDNet reports: Ubuntu 18.04 released in April 2018. While the Ubuntu desktop gets most of the ink, most of Canonical's dollars comes from server and cloud customers. It's for these corporate users Canonical first extended Ubuntu 12.04 security support, then Ubuntu 14.04's support, and now, preemptively, Ubuntu 18.04. In an interview after the keynote, Shuttleworth said Ubuntu 16.04, which is scheduled to reach its end of life in April 2021, will also be given a longer support life span.

When it comes to OpenStack, Shuttleworth promised again to support versions of OpenStack dating back to 2014's IceHouse. Shuttleworth said, "What matters isn't day two, what matters is day 1,500." He also doubled-down on Canonical's promise to easily enable OpenStack customers to migrate from one version of OpenStack to another. Generally speaking, upgrading from one version of OpenStack is like a root canal: Long and painful but necessary. With Canonical OpenStack, you can step up all the way from the oldest supported version to the newest one with no more than a second of downtime.

"A Russian security researcher has published details about a zero-day vulnerability affecting VirtualBox, an Oracle software application for running virtual machines," reports ZDNet. According to a text file uploaded on GitHub, Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs that can allow malicious code to escape the VirtualBox virtual machine (the guest OS) and execute on the underlying (host) operating system. Once out of the VirtualBox VM, the malicious code runs in the OS' limited userspace (kernel ring 3), but Zelenyuk said that attackers can use many of the already known privilege escalation bugs to gain kernel-level access (ring 0). "The exploit is 100% reliable," Zelenyuk said. "It means it either works always or never because of mismatched binaries or other, more subtle reasons I didn't account."

The Russian researcher says the zero-day affects all current VirtualBox releases, works regardless of the host or guest operating system the user is running, and is reliable against the default configuration of newly created VMs. Besides a detailed write-up of the entire exploit chain, Zelenyuk has also published video proof, showing the zero-day in action against an Ubuntu VM running inside VirtualBox on an Ubuntu host OS.
Long-time Slashdot reader Artem Tashkinov warns that the exploit utilizes "bugs in the data link layer of the default E1000 network interface adapter which makes this vulnerability critical for everyone who uses virtualization to run untrusted code." According to ZDNet, the same security researcher "found and reported a similar issue in mid-2017, which Oracle took over 15 months to fix."

"This lengthy and drawn-out patching process appears to have angered Zelenyuk, who instead of reporting this bug to Oracle, has decided to publish details online without notifying the vendor."

puddingebola shares a report: WLinux is a $20 open-source, Debian-based distribution, designed to run on Windows 10's Windows Subsystem for Linux (WSL). The WSL allows Windows 10 to run various GNU/Linux distros inside Windows as Microsoft Store apps, providing access to Ubuntu, openSUSE, Debian, Fedora, Kali Linux, and others. The WSL has disadvantages over a running a dedicated GNU/Linux system. For example, there's no official support for desktop environments or graphical applications, and I/O performance bottlenecks, but it is being improved over time. The developers of WLinux describe it as a "fast Linux terminal environment for developers", saying it is the first distribution to be "pre-configured and optimized to run specifically on Windows Subsystem for Linux". Announcing WLinux's availability, Microsoft program manager Tara Raj, called out the wlinux-setup tool, "which allows users to easily set up common developer toolchains, and removes unsupported features like systemd."

The Register reports that a new security bug in systemd "can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box" by a malicious host on the same network segment as the victim. According to one Red Hat security engineer, "An attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution." According to the bug description, systemd-networkd "contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisements are received."

OneHundredAndTen shared this article from the Register: In addition to Ubuntu and Red Hat Enterprise Linux, systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the vulnerable component by default.

Systemd creator Leonard Poettering has already published a security fix for the vulnerable component -- this should be weaving its way into distros as we type. If you run a systemd-based Linux system, and rely on systemd-networkd, update your operating system as soon as you can to pick up the fix when available and as necessary.