An anonymous reader writes "Ars has reviewed an AMD-powered mini gaming rig made by Gigabyte. The box itself is small and solid, and it runs a pretty beefy video card for its size. The manufacturer even claims Linux support, though the device ships with Windows 8.1. Unfortunately, reality lags a bit behind their plans — Ubuntu boots OK, but driver support is a mess. SteamOS won't run at all. The box is also limited by a mediocre CPU, which is itself limited by heat and power constraints. The review says the machine was 'intriguing and frustrating in equal measure' because 'its ambition is rarely matched by its execution.' It concludes: 'With some time and some different components, a little desktop that can deliver a great gaming experience will surely follow.'"

An anonymous reader writes with this announcement: "Ubuntu Linux version 14.04 LTS (code named "Trusty Tahr") has been released and available for download. This updated version includes the Linux kernel v3.13.0-24.46, Python 3.4, Xen 4.4, Libreoffice 4.2.3, MySQL 5.6/MariaDB 5.5, Apache 2.4, PHP 5.5, improvements to AppArmor allow more fine-grained control over application, and more. The latest release of Ubuntu Server is heavily focused on supporting cloud and scale-out computing platforms such as OpenStack, Docker, and more. As part of the wider Ubuntu 14.04 release efforts the Ubuntu Touch team is proud to make the latest and greatest touch experience available to our enthusiast users and developers. You can install Ubuntu on Nexus 4 Phone (mako), Nexus 7 (2013) Tablet (flo), and Nexus 10 Tablet (manta) by following these instructions. On a hardware front, ARM multiplatform support has been added, enabling you to build a single ARM kernel image that can boot across multiple hardware platforms. Additionally, the ARM64 and Power architectures are now fully supported. See detailed release notes for more information. A quick upgrade to a newer version of Ubuntu is possible over the network."

bennyboy64 (1437419) writes "Ever since the Heartbleed flaw in OpenSSL was made public there have been various questions about who knew what and when. The Sydney Morning Herald has done some analysis of public mailing lists and talked to those involved with disclosing the bug to get the bottom of it. The newspaper finds that Google discovered Heartbleed on or before March 21 and notified OpenSSL on April 1. Other key dates include Finnish security testing firm Codenomicon discovering the flaw independently of Google at 23:30 PDT, April 3. SuSE, Debian, FreeBSD and AltLinux all got a heads up from Red Hat about the flaw in the early hours of April 7 — a few hours before it was made public. Ubuntu, Gentoo and Chromium attempted to get a heads up by responding to an email with few details about it but didn't, as the guy at Red Hat sending the disclosure messages out in India went to bed. By the time he woke up, Codenomicon had reported the bug to OpenSSL."

You've probably heard Jono Bacon speak at a Linux or Open Source conference. Or maybe you've heard one of his podcasts or read something he's written in his job as Ubuntu's community manager or even, perhaps, read The Art of Community, which is Jono's well-regarded book about building online communities. Jono also wrote and performed the heavy metal version of Richard M. Stallman's infamous composition, The Free Software Song. An excerpt from the Jono version kicks off our interview, and the complete piece (about two minutes long) closes the video. Please note that this video is a casual talk with Jono Bacon, the person, rather than a talk with the "official" Ubuntu Jono Bacon. So please, pull up a chair, lean back, and join us. (Alternate Video Link)

Bismillah (993337) writes "A potentially very serious bug in OpenSSL 1.0.1 and 1.0.2 beta has been discovered that can leak just about any information, from keys to content. Better yet, it appears to have been introduced in 2011, and known since March 2012." Quoting the security advisory: "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server." The attack may be repeated and it appears trivial to acquire the host's private key. If you were running a vulnerable release, it is even suggested that you go as far as revoking all of your keys. Distributions using OpenSSL 0.9.8 are not vulnerable (Debian Squeeze vintage). Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2 and all following releases are vulnerable. OpenSSL released 1.0.1g today addressing the vulnerability. Debian's fix is in incoming and should hit mirrors soon, Fedora is having some trouble applying their patches, but a workaround patch to the package .spec (disabling heartbeats) is available for immediate application.

According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple's iOS (and which Apple has since fixed). Says the article:"The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical 'goto fail' flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug." And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.

An anonymous reader writes "I am a new Linux user; I'm on 2nd day now. Currently I am trying out Ubuntu, but that could change. I am looking for a user friendly firewall that I can set up that lets me do these things:1) set up a default deny rule 2) carve out exceptions for these programs: browser, email client, chat client, yum and/or apt. 3) carve out exceptions to the exceptions in requirement 2 — i.e. I want to be able to then block off IPs and IP ranges known to be used by malware, marketers, etc., and all protocols which aren't needed for requirement 2. It also needs to have good enough documentation that a beginner like me can figure it out. Previously, I had done all of the above in AVG Firewall on Windows, and it was very easy to do. So far, I have tried these things:1) IPTABLES — it looked really easy to screw it up and then not notice that it's screwed up and/or not be able to fix it even if I did notice, so I tried other things at that point... 2) searched the internet and found various free firewalls such as Firestarter, GUFW, etc., which I weren't able to make meet my requirements. Can someone either point me to a firewall that meets my needs or else give me some hints on how to make firestarter or GUFW do what I need?"

New submitter FikseGTS (3604833) writes "A Tesla Model S owner located a 4 pin connector on the left side of the Tesla Model S dashboard that turns out to be a disguised ethernet networking port. After crafting his owns patch cable to connect with the Tesla's port, a networking connection was established between the Tesla Model S and a laptop computer. The Model S is running a 100 Mbps, full duplex ethernet network and 3 devices were found with assigned IP addresses in the 192.168.90.0 subnet. Some ports and services that were open on the devices were 22 (SSH), 23 (telnet),53 (open domain), 80 (HTTP), 111 (rpcbind), 2049 (NFS), 6000 (X11). Port 80 was serving up a web page with the image or media of the current song being played. The operating system is modified version of Ubuntu using an ext3 filesystem. Using X11 it also appears that someone was able to somewhat run Firefox on both of the Model S screens. Is a jailbroken Tesla Model S on the way?" Some more details on this front would be appreciated, for anyone who has a Tesla they'd like to explore.

alphadogg writes: "An argument between developers of some of the most basic parts of Linux turned heated this week, resulting in a prominent Red Hat employee and code contributor being banned from working on the Linux kernel. Kay Sievers, a well-known open-source software engineer, is a key developer of systemd, a system management framework for Linux-based operating systems. Systemd is currently used by several prominent Linux distributions, including two of the most prominent enterprise distros, Red Hat and SUSE. It was recently announced that Ubuntu would adopt systemd in future versions as well. Sievers was banned by kernel maintainer Linus Torvalds on Wednesday for failing to address an issue that caused systemd to interact with the Linux kernel in negative ways."

jones_supa (887896) writes "Wanting to focus their efforts on their most important strategic initiatives and ensuring that the company is not spread too thin, Canonical is shutting down Ubuntu One file services. With other services now regularly offering from 25 GB to 50 GB of free storage, the personal cloud storage space wasn't a sustainable place for Canonical. As of today, it will no longer be possible to purchase storage or music from the Ubuntu One store. The Ubuntu One software will not be included in the upcoming Ubuntu 14.04 LTS release, and the Ubuntu One apps in older versions of Ubuntu and in the Ubuntu, Google, and Apple stores will be updated appropriately.

The current services will be unavailable from 1 June 2014; user content will remain available for download until 31 July, at which time it will be deleted. For a spark of solace, the company promises to open source the backend code."

puddingebola (2036796) writes "Bruce Byfield looks back at the soured relationships between Canonical and the free software community. Partly analysis, partly a review of past conflicts, the writer touches on Mir and Wayland, and what he sees as Canonical's attempts to take over projects. From the article, 'However, despite these other concerns, probably the most important single reason for the reservations about Ubuntu is its frequent attempts to assume the leadership of free software — a position that no one has ever filled, and that no one particularly wants to see filled. In its first few years, Ubuntu's influence was mostly by example. However, by 2008, Shuttleworth was promoting the idea that major projects should coordinate their release schedules. That idea was received without enthusiasm. However, it is worth noting that some of those who opposed it, like Aaron Seigo, have re-emerged as critics of Mir — another indication that personal differences are as important as the issues under discussion.'"

colinneagle (2544914) writes "Canonical is producing a version of the Ubuntu Linux distribution specifically for smartphones, but Richard Tynan, writing for PrivacyInternational.org, recently pointed out that the baseband in Ubuntu-powered phones will remain proprietary. ... Some have criticized Canonical for missing an opportunity to push for a fully Open Source smartphone, but in order to fix this problem (and open up the code for this super-critical bit of software), we need companies that have a large amount of clout, in the smartphone market, to make it a priority. Canonical (with Ubuntu) just doesn't have that clout yet. They're just now dipping their toes into the smartphone waters. But you know who does have that clout? Google.

Google has made a point of touting Open Source (at least sometimes), and they are the undisputed king of the smartphone operating system world. And yet I hear no big moves by Google to encourage phone manufacturers to utilize Open Source baseband firmware, such as OsmocomBB. So has Canonical missed an opportunity? No. Not yet. If (some may say 'when') Ubuntu gains a critical amount of market share in the phone world, that will be their chance to pressure manufacturers to produce a truly Open Source phone. Until then, Canonical needs to continue to work within the world we have today."

jones_supa writes "More great news for Linux gamers: following the footsteps of Steam, GOG.com is preparing delivery of Linux games. They expect to start doing so this autumn. The officially supported distributions will be Ubuntu and Mint. Right now, they are performing testing on various configurations, training up their teams on Linux-speak, and generally preparing for the rollout of at least 100 titles — DRM-free, as usual. This will update some of the catalog's existing games with a Linux port and bring new ones to the collection. Further information on specific games is yet not known, but GOG invites fans and customers to their community wishlist for discussion."

jones_supa writes "In a new blog post, the Ubuntu main man Mark Shuttleworth calls for an end to proprietary firmwares such as ACPI. His reasoning is that running any firmware code on your phone, tablet, PC, TV, wifi router, washing machine, server, or the server running the cloud your SAAS app is running on, is a threat vector against you, and NSA's best friend. 'Arguing for ACPI on your next-generation device is arguing for a trojan horse of monumental proportions to be installed in your living room and in your data center. I've been to Troy, there is not much left.' As better solutions, Shuttleworth suggests delivering your innovative code directly to the upstream kernel, or using declarative firmware that describes hardware linkages and dependencies but doesn't include executable code."

jones_supa writes "Delays keep piling up for the Mir display server on the Ubuntu desktop. After already being postponed multiple times, Mir might not be enabled by default on the Ubuntu Linux desktop until the 16.04 LTS release — in two years time! This was the estimate by Mark Shuttleworth in a virtual Ubuntu Developer Summit. Using Mir, Mark says, will lead to supporting more hardware, obtaining better performance, and 'do some great things' with the technology. He expects some users will start using Mir on the desktop over the next year. Mir is already packaged as an experimental option, along with an experimental Unity 8 desktop session."

Last week you had the chance to ask ESR about books, guns, and open source software. Below you'll find his answers to those questions.

sfcrazy writes "The Ubuntu Gnome team wants to join the elite club of Ubuntu flavors which enjoy the LTS (Long Term Support) status. Ubuntu 14.04 will be an LTS release making it a good time for the Ubuntu Gnome flavor to be promoted since it will be two more years before the next LTS release."

First time accepted submitter BlazeMiskulin writes "With XP approaching end-of-life, I find myself in a situation that I'm guessing is common: What to do with Mom's machine (or 'grandma's machine' for the younger of you). Since a change has to be made, this seems like a good time to move to a Linux distro. My mother (82) uses her computer for e-mail and web-browsing only. I know that any distro will be able to handle her needs. I've been using Linux (Ubuntu, CentOS, and Redhat--usually with KDE interface) for about 10 years now, but I know that my preferences are quite different from hers.

I have my own ideas, but I'm curious what others think: What combination of distro and UI would you recommend for an old, basic-level user who is accustomed to the XP interface and adverse to change?" My Grandmother seems happy running KDE on Debian.

An anonymous reader writes "Months after Intel ported the Chromium open-source web browser to Wayland, Chromium is now running on Ubuntu's Mir. The Mir display server port ended up being based on Wayland's Chromium code for interfacing with Google's Ozone abstraction framework. The Ubuntu developer responsible for this work makes claims that they will be trying to better collaborate with Wayland developers over this code." Grab the code hot off the press.

jones_supa writes "Yesterday Portal 2, a Source-based game that has been missing a Linux version, got a public beta release. The Steam game product page doesn't yet say the game supports Linux. To access the beta for Linux, right-click the game in Steam, select Properties and go to the Betas tab. Valve hasn't published the Linux system requirements for Portal 2 yet, but WebUpd8 tested it using Intel HD 3000 graphics under Ubuntu and it worked pretty well."