Canonical founder Mark Shuttleworth on Friday talked about the move to switch Ubuntu's desktop user interface from Unity to GNOME, and putting a stop to development of Ubuntu software for phones and tablet: I would like to thank all of you for your spirit and intellect and energy in the Unity8 adventure. [...] Many elements of the code in the Ubuntu Phone project continue -- snaps grew out of our desire to ship apps reliably and efficiently and securely, the unity8 code itself will continue to be useful for UBports and other projects. And the ideas that we have pushed for are now spreading too. Finally, I should celebrate that Ubuntu consists of so many overlapping visions of personal computing, that we have the ability to move quickly to support the Ubuntu GNOME community with all the resources of Canonical to focus on stability, upgrades, integration and experience. That's only possible because of the diversity of shells in the Ubuntu family, and I am proud of all of our work across that full range.

Earlier this week, Canonical announced that Ubuntu will be ditching Unity as the default user interface on desktops to go back to GNOME next year. The company also said that it will be ending development of Ubuntu software for phones and tablets, in what is a push to focus on cloud. In a blog post, Christian Schaller, a developer on Fedora and GNOME (and Senior Software Engineering Manager at Red Hat), offered some assurance to the community that this is the right move in the grand scheme of things. He writes on an official blog post: We look forward to keep working with great Canonical and Ubuntu people like Allison Lortie and Robert Ancell on projects of shared interest around GNOME, Wayland and hopefully Flatpak. It is worth mentioning that even as we [have] been competing with Unity and Ubuntu, we have also been collaborating with them, most recently on [the] integration of features they wanted from GNOME Software such as user reviews. Of course now sharing a bigger set of technologies collaboration will be even easier. I am personally happy to see this convergence of efforts happening because I have -- for a long time -- felt that the general level of investment in the Linux desktop has not been great enough to justify the plethora of Linux desktops out there. Now having reached a position where Canonical, Endless, Red Hat and Suse again share one desktop technology stack and along with consulting companies such as Centricular, CodeThink, Collabora and Igalia helping push parts of the stack forward, we are at least all pulling in the same direction. This change should also make life easier for ISV who now have a more clear target if they want to try to integrate their UI with the Linux desktop as 'the linux desktop' becomes a more meaningful term with this change.

Reader BrianFagioli writes: Today, the company admits that it is throwing in the towel on Unity, as well as its vision for convergence with devices like phones and tablets. Starting with Ubuntu 18.04, the wonderful GNOME will once again become the default desktop environment! "We are wrapping up an excellent quarter and an excellent year for the company, with performance in many teams and products that we can be proud of. As we head into the new fiscal year, it's appropriate to reassess each of our initiatives. I'm writing to let you know that we will end our investment in Unity8, the phone and convergence shell. We will shift our default Ubuntu desktop back to GNOME for Ubuntu 18.04 LTS," says Mark Shuttleworth, Founder of Ubuntu and Canonical.

BrianFagioli writes: The final beta of Ubuntu 17.04 'Zesty Zapus' became available for download Thursday. While it is never a good idea to run pre-release software on production machines, Canonical is claiming that it should be largely bug free at this point. In other words, if you understand the risks, it should be a fairly safe. Home users aside, this is a good opportunity for administrators to conduct testing prior to the official release next month.

"The Ubuntu team is pleased to announce the final beta release of the Ubuntu 17.04 Desktop, Server, and Cloud products. Codenamed 'Zesty Zapus', 17.04 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution," says Adam Conrad, Canonical. "The team has been hard at work through this cycle, introducing new features and fixing bugs."

"Developers can distribute their applications packaged as snaps to Orange Pi owners," explains a new blog post from Canonical, bragging that "hackers and tinkerers can install complex IoT and server projects in seconds." An anonymous reader quotes Ubuntu's Insights blog: Orange Pi maker Shenzhen Xunlong Software Co. Ltd is launching an app store in partnership with Canonical to foster an active community of developers and users. Through this app store, developers gain a simple mechanism to share their applications, projects and scripts between themselves and with the wider Orange Pi community...

With snaps developers can distribute their application in a secure, confined package bundled with all its dependencies, so users can install applications that could take half an hour to install in just a few seconds. The Orange Pi App Store uses the whitelabel app store offering from Canonical, which lets them distribute applications to the Orange Pi community under its own brand. The store is a place for developers to share their Orange Pi specific applications. It also benefits from the wealth of applications available in the Ubuntu snap store, also available through the store.
Are there any Slashdot readers who are actually using snaps? Or -- for that matter -- are there any Slashdot readers developing with the Orange Pi?

The 10th annual Pwn2Own hacking competition ended Friday in Vancouver. Some of the highlights:

• Ars Technica reports one team "compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in... by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware."
• Digital Trends reports "Samuel Grob and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro, [and] impressed onlookers even more by adding a custom message to the Touch Bar which read: "pwned by niklasb and saelo."
• Ubuntu 16.10 Linux was also successfully attacked by exploiting a flaw in the Linux 4.8 kernel, "triggered by a researcher who only had basic user access but was able to elevate privileges with the vulnerability to become the root administrative account user..." reports eWeek. "Chaitin Security Research Lab didn't stop after successfully exploiting Ubuntu. It was also able to successfully demonstrate a chain of six bugs in Apple Safari, gaining root access on macOS."
• Another attacker "leveraged two separate use-after-free bugs in Microsoft Edge and then escalated to SYSTEM using a buffer overflow in the Windows kernel."

None of the attendees registered to attempt an attack on the Apache Web Server on Ubuntu 16.10 Linux, according to eWeek, but the contest's blog reports that "We saw a record 51 bugs come through the program. We paid contestants $833,000 USD in addition to the dozen laptops we handed out to winners. And, we awarded a total of 196 Master of Pwn points."

An anonymous reader shares a report: If you're a Linux user who upgraded to Firefox 52 only to find that the browser no longer plays sound, you're not alone. Firefox 52 saw release last week and it makes PulseAudio a hard dependency -- meaning ALSA only desktops are no longer supported. Ubuntu uses PulseAudio by default (as most modern Linux distributions do) so the switch won't affect most -- but some Linux users and distros do prefer, for various reasons, to use ALSA, which is part of the Linux kernel. Lubuntu 16.04 LTS is one of the distros that use ALSA by default. Lubuntu users who upgraded to Firefox 52 through the regular update channel were, without warning, left with a web browser that plays no sound. Lubuntu 16.10 users are not affected as the distro switched to PulseAudio.

Gavin Clarke, writing for The Register: Canonical is extending the deadline for security updates for paying users of its five-year-old Ubuntu 12.04 LTS -- a first. Ubuntu 12.04 LTS will become the first Long Term Support release of Canonical's Linux to get Extended Security Maintenance (ESM). There are six LTS editions. All others have been end-of-lifed -- and given no security reprieve. LTS editions of Ubuntu Linux are released every two years. Desktop support runs for three years and the server edition receives security patches and updates for a period of five years. Security updates for 12.04 were scheduled to run out on April 28, 2017 but that now won't happen for those on Canonical's Ubuntu Advantage programme. They'll now receive important security fixes for the kernel and "most essential" userspace packages on their servers running 12.04. In what's shaping up to be Canonical's Windows XP moment over at Microsoft, the Linux spinner rolled out the lifeline because customers are clinging to 12.04.

Dell became the first major OEM to offer a laptop with Linux pre-installed in it in 2007. Ten years later, the company says it is more committed than ever to offering Linux-powered machines to users. From a report on ZDNet: The best known of these is the Dell XPS 13 developer edition, but it's not the only Linux laptop Dell offers. In a blog post, Barton George, senior principal engineer at Dell's Office of the CTO, announced "the next generation of our Ubuntu-based Precision mobile workstation line." All of these systems boast Ubuntu 16.04 long-term support (LTS), 7th generation Intel Core or Intel Xeon processors, and Thunderbolt 3, AKA 40 Gigabit per second (Gbps) USB-C, ports. As the Xeon processor option shows, these are top-of-the-line laptops for professionals. It took longer than expected for Dell to get this new set of five Ubuntu-powered Precision mobile workstations out the door. The Precision 5520 and 3520 are now available. The 3520, the entry-level workstation, starts with an Intel Core 2.5GHz i5-7300HQ Quad Core processor with Intel HD Graphics 630. From there, you can upgrade it all the way to an Intel Core Xeon 3 GHz E3-1505M v6 processor with Nvidia Quadro M62 graphics.

Slashdot reader dryriver writes: We live in a computing world where the OS you use -- Windows, OS X, Linux, Android, iOS, others -- often determines what software can and cannot be run on a given electronic device. (Let us pretend for a moment that emulators and other options don't exist). What if -- magically -- such a thing as as Universally Compatible Software Application were possible. Software, in other words, that is magically capable of running on any electronic device equipped with enough CPU, GPU and memory capacity to run the software in a usable way.

Example: 3D CAD software that runs on Windows 14, Playstation 7, an Android Smartphone, Nintendo's latest handheld gaming device and an Ubuntu PC in exactly the same way with no compatibility problems whatsoever occurring. What would and would not change in such a computing world?
He also asks an even more important question: will this ever be possible or feasible from a technical standpoint? So leave your best answers in the comments. Will it ever be possible to run all software on all platforms -- and what would happen if we could?

"Linus Torvalds announced today the general availability of the Linux 4.10 kernel series, which add a great number of improvements, new security features, and support for the newest hardware components," writes Softpedia. prisoninmate quotes their report: Linux kernel 4.10 has been in development for the past seven weeks, during which it received a total of seven Release Candidate snapshots that implemented all the changes that you'll soon be able to enjoy on your favorite Linux-based operating system... Prominent new features include virtual GPU (Graphics Processing Unit) support, new "perf c2c" tool that can be used for analysis of cacheline contention on NUMA systems, support for the L2/L3 caches of Intel processors (Intel Cache Allocation Technology), eBPF hooks for cgroups, hybrid block polling, and better writeback management. A new "perf sched timehist" feature has been added in Linux kernel 4.10 to provide detailed history of task scheduling, and there's experimental writeback cache and FAILFAST support for MD RAID5... Ubuntu 17.04 (Zesty Zapus) could be the first stable OS to ship with Linux 4.10.
It required 13,000 commits, plus over 1,200 merges, Linus wrote in the announcement, adding "On the whole, 4.10 didn't end up as small as it initially looked."

Brian Fagioli, writing for BetaNews: System76 is refreshing three of its laptops with some high-end parts. The Oryx Pro, Serval WS, and Bonobo WS are now all equipped with 7th generation Intel Kaby Lake processors. In addition, all three can be had with 4K displays and NVIDIA GTX 10 series graphics too. While the Oryx Pro already had the option of 4K and GTX 10, it is the 7th gen Intel chips that are new to it. In fact, all of the company's laptops now come with Kaby Lake standard. The computer seller throws some shade at Apple by saying, "The HiDPI displays that ship on the laptops have 3.1 million more pixels than Apple's 'Retina' displays, enabling sharper text, 4K video, and higher res gaming. Beyond that, the displays give video and photo professionals the ability to work more easily with higher resolution multimedia."

ZDNet summarizes some of the surprises in this year's poll on LinuxQuestions, "one of the largest Linux groups with 550,000 member". An anonymous reader quotes their report: The winner for the most popular desktop distribution? Slackware...! Yes, one of the oldest of Linux distributions won with just over 16% of the vote. If that sounds a little odd, it is. On DistroWatch, a site that covers Linux distributions like paint, the top Linux desktop distros are Mint, Debian, Ubuntu, openSUSE, and Manjaro. Slackware comes in 28th place... With more than double the votes for any category, it appears there was vote-stuffing by Slackware fans... The mobile operating system race was a runaway for Android, with over 68% of the vote. Second place went to CyanogenMod, an Android clone, which recently went out of business...

Linux users love to debate about desktop environments. KDE Plasma Desktop took first by a hair's breadth over the popular lightweight Xfce desktop. Other well-regarded desktop environments, such as Cinnamon and MATE, got surprisingly few votes. The once popular GNOME still hasn't recovered from the blowback from its disliked design change from GNOME 2 to GNOME 3.

Firefox may struggle as a web browser in the larger world, but on Linux it's still popular. Firefox took first place with 51.7 percent of the vote. Chrome came in a distant second place, with the rest of the vote being divided between a multitude of obscure browsers.
LibreOffice won a whopping 89.6% of the vote for "best office suite" -- and Vim beat Emacs.

"The prestigious FOSS project replacing the entire city's administration IT with FOSS based systems, is about to be cancelled and decommissioned," writes long-time Slashdot reader Qbertino. TechRepublic reports: Politicians at open-source champion Munich will next week vote on whether to abandon Linux and return to Windows by 2021. The city authority, which made headlines for ditching Windows, will discuss proposals to replace the Linux-based OS used across the council with a Windows 10-based client. If the city leaders back the proposition it would be a notable U-turn by the council, which spent years migrating about 15,000 staff from Windows to LiMux, a custom version of the Ubuntu desktop OS, and only completed the move in 2013...

The use of the open-source Thunderbird email client and LibreOffice suite across the council would also be phased out, in favor of using "market standard products" that offer the "highest possible compatibility" with external and internal software... The full council will vote on whether to back the plan next Wednesday. If all SPD and CSU councillors back the proposal put forward by their party officials, then this new proposal will pass, because the two parties hold the majority.
The leader of the Munich Green Party says the city will lose "many millions of euros" if the change is implemented. The article also reports that Microsoft moved its German headquarters to Munich last year.

Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:

• $100,000 for escaping a virtualization hypervisor
• $80,000 for a Microsoft Edge or Google Chrome exploit
• $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
• $50,000 for an Apple Safari exploit
• $30,000 for a Firefox exploit
• $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
• $200,000 for an Apache Web Server exploit

An anonymous reader writes: "Running Linux binaries natively on Windows... that sounds awesome indeed," writes Hannes Kuhnemund, the senior product manager for SUSE Linux Enterprise. He's written a blog post describing how to run openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2 on Windows 10, according to Fossbytes, which reports that currently users have two options -- openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2. Currently it's Ubuntu that's enabled by default in the Windows Subsystem for Linux, although there's already a project on GitHub that also lets you install Arch Linux. "It's quite unfortunate that Microsoft enabled the wrong Linux (that's my personal opinion) by default within the Windows Subsystem for Linux (WSL)," writes Kuhnemund, "and it is time to change it to the real stuff.

An anonymous reader quotes InfoWorld: A massive set of changes to the Windows Subsystem for Linux (WSL) was rolled into Windows Insider build 15002... If this is any hint, Microsoft's goal is nothing short of making it a credible alternative to other Linux distributions... Some of the fixes also implement functionality that wasn't available before to Linux apps in WSL, such as support for kernel memory overcommit and previously omitted network stack options. Other changes enhance integration between WSL and the rest of Windows...

[O]ne major issue in build 15002 is that Ctrl-C in a Bash session no longer works. Microsoft provided an uncommon level of detail for how this bug crept in, saying it had to do with synchronization between the Windows and Bash development teams. The next Insider build should have a fix. But for people doing serious work with Linux command-line apps, not having Ctrl-C is a little like driving a car when only the front brakes work.

Friday Linux.com published their list of "what might well be the best Linux distributions to be found from the ever-expanding crop of possibilities... according to task." Here's their winners (as chosen by Jack Wallen), along with a short excerpt of his analysis.

• Best distro for sysadmins : Parrot Linux. "Based on Debian and offers nearly every penetration testing tool you could possibly want. You will also find tools for cryptography, cloud, anonymity, digital forensics, programming, and even productivity."
• Best lightweight distribution: LXLE. "Manages to combine a perfect blend of small footprint with large productivity."
• Best desktop distribution: Elementary OS "I'm certain Elementary OS Loki will do the impossible and usurp Linux Mint from the coveted 'best desktop distribution' for 2017."
• Best Linux for IoT: Snappy Ubuntu Core "Can already be found in the likes of various hacker boards (such as the Raspberry Pi) as well as Erle-Copter drones, Dell Edge Gateways, Nextcloud Box, and LimeSDR."
• Best non-enterprise server distribution: CentOS. "Since 2004, CentOS has enjoyed a massive community-driven support system."
• Best enterprise server distribution: SUSE. "Don't be surprised if, by the end of 2017, SUSE further chips away at the current Red Hat market share."

Wallen also chose Gentoo for "Best distribution for those with something to prove," saying "This is for those who know Linux better than most and want a distribution built specifically to their needs... a source-based Linux distribution that starts out as a live instance and requires you to then build everything you need from source." And surprisingly, he didn't mention his own favorite Linux distro, Bodhi Linux, which he describes elsewhere as "a melding of Ubuntu and Enlightenment".

An anonymous reader writes: According to CVE Details, a website that aggregates historical data on security bugs that have received a CVE identifier, during 2016, security researchers have discovered and reported 523 security bugs in Google's Android OS, winner by far of this "award." The rest of the top 10 is made up by Debian (319 bugs), Ubuntu (278 bugs), Adobe Flash Player (266 bugs), openSUSE Leap (259 bugs), openSUSE (228 bugs), Adobe Acrobat DC (227 bugs), Adobe Acrobat Reader DC (227 bugs), Adobe Acrobat (224 bugs), and the Linux Kernel (216 bugs).

When it comes to software vendors, the company for which the largest number of new CVE numbers have been assigned was Oracle, with a whopping 798 CVEs, who edged out Google (698 bugs), Adobe (548 bugs), Microsoft (492 bugs), Novell (394), IBM (382 bugs), Cisco (353 bugs), Apple (324 bugs), Debian Project (320 bugs), and Canonical (280 bugs).

Core evangelist Thibaut Rouffineau writes about the results of Ubuntu's survey of 2000 consumers about their Internet of Things devices: This survey revealed that, worryingly, only 31% of consumers that own connected devices perform updates as soon as they become available. A further 40% of consumers have never consciously performed updates on their devices... Of those polled, nearly two thirds felt that it was not their responsibility to keep firmware updated. 22% believed it was the job of software developers, while 18% consider it to be the responsibility of device manufacturers.

Canonical has taken the view for some time now that better automatic mechanisms to fix vulnerabilities remotely are needed as an essential step on the way to a secure IoT. We need to remove the burden of performing software updates from the user and we need to actively ban the dreaded 'default password', as Canonical has done with Ubuntu Core 16... It's clear to us that too many of the solutions to IoT security proposed today involve either mitigating security issues after-the-fact, or living in a world where IoT security problems are the accepted norm. This should not and cannot be the case.
They'll be publishing their complete findings in a new paper in January.