Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Open Source

Devuan's Systemd-Free Linux Hits Beta 2 (theregister.co.uk) 76

Long-time Slashdot reader Billly Gates writes, "For all the systemd haters who want a modern distro feel free to rejoice. The Debian fork called Devuan is almost done, completing a daunting task of stripping systemd dependencies from Debian." From The Register: Devuan came about after some users felt [Debian] had become too desktop-friendly. The change the greybeards objected to most was the decision to replace sysvinit init with systemd, a move felt to betray core Unix principles of user choice and keeping bloat to a bare minimum. Supporters of init freedom also dispute assertions that systemd is in all ways superior to sysvinit init, arguing that Debian ignored viable alternatives like sinit, openrc, runit, s6 and shepherd. All are therefore included in Devuan.
Devuan.org now features an "init freedom" logo with the tagline, "watching your first step. Their home page now links to the download site for Devuan Jessie 1.0 Beta2, promising an OS that "avoids entanglement".
Security

Cryptsetup Vulnerability Grants Root Shell Access On Some Linux Systems (threatpost.com) 89

msm1267 quotes a report from Threatpost: A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate data. Cryptsetup, a utility used to setup disk encryption based on the dm-crypt kernel module, is usually deployed in Debian and Ubuntu. Researchers warned late last week that if anyone uses the tool to encrypt system partitions for the operating systems, they're likely vulnerable. Two researchers, Hector Marco of the University of the West of Scotland and Ismael Ripoll, of the Polytechnic University of Valencia, in Spain, disclosed the vulnerability on Friday at DeepSec, a security conference held at the Imperial Riding School Renaissance Vienna Hotel in Austria. According to a post published to the Full Disclosure mailing list, the vulnerability (CVE-2016-4484) affects packages 2.1 and earlier. Systems that use Dracut, an infrastructure commonly deployed on Fedora in lieu of initramfs -- a simple RAM file system directory, are also vulnerable, according to the researchers. The pair say additional Linux distributions outside of Debian and Ubuntu may be vulnerable, they just haven't tested them yet. The report adds: "The problem stems from the incorrect handling of a password check when a partition is ciphered with LUKS, or Linux Unified Key Setup, a disk encryption specification that's standard for Linux. Assuming an attacker has access to the computer's console, when presented with the LUKS password prompt, they could exploit the vulnerability simply by pressing 'Enter' over and over again until a shell appears. The researchers say the exploit could take as few as 70 seconds. After a user exceeds the maximum number of three password tries, the boot sequence continues normally. Another script in the utility doesn't realize this, and drops a BusyBox shell. After carrying out the exploit, the attacker could obtain a root initramfs, or rescue shell. Since the shell can be executed in the initrd, or initial ram disk, environment, it can lead to a handful of scary outcomes, including elevation of privilege, information disclosure, or denial of service."
GNU is Not Unix

Debian GNU/Linux 9 'Stretch' Installer Gets GNU Screen, Linux Kernel 4.7 Support (softpedia.com) 58

"Debian developer Cyril Brulebois was pleased to announce this past weekend the release and immediate availability of the eighth Alpha development snapshot of the Debian GNU/Linux 9 'Stretch' installer," reports Softpedia. An anonymous reader quotes their article: It's been four long months since Alpha 7 of Debian GNU/Linux 9 "Stretch" hit the testing channels back in July, but the wait was worth it as the Alpha 8 release adds a huge number of changes, starting with initial support for the GNU Screen terminal multiplexer and lots of debootstrap fixes, which now defaults to merged-/usr.

"debootstrap now defaults to merged-/usr, that is with /bin, /sbin, /lib* being symlinks to their counterpart in /usr (more details on: https://lists.debian.org/debian-devel/2016/09/msg00269.html)," wrote Cyril Brulebois in the mailing list announcement, where it states that default debootstrap mirror was switched to deb.debian.org.

Hardware Hacking

How I Freed My Android Tablet: A Journey in Reverse Engineering (www.thanassis.space) 79

Slashdot reader ttsiod is an embedded software engineer at the European Space Agency, and shares this story about his quest to "dominate" his new tablet: Just like it's predecessor, I wanted to run a Debian chroot inside it -- that would allow me to apt-get install and run things like Privoxy, SSH SOCKS/VPN tunnels, Flask mini-servers, etc; and in general allow me to stay in control. But there was no open-source way to do this... and I could never trust "one-click roots" that communicate with servers in China... It took me weeks to reverse engineer my tablet -- and finally succeed in becoming root. The journey was quite interesting, and included both hardware and software tinkering. I learned a lot while doing it -- and wanted to share the experience with my fellow Slashdotters...
He writes that "I trust Debian. Far more than I trust the Android ecosystem," and describes everything from how he probed the boot process and created his own boot image to hunting for a way "to tell SELinux to get off my lawn".
Bug

Multiple Linux Distributions Affected By Crippling Bug In Systemd (agwa.name) 508

An anonymous reader writes: System administrator Andrew Ayer has discovered a potentially critical bug in systemd which can bring a vulnerable Linux server to its knees with one command. "After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system." According to the bug report, Debian, Ubuntu, and CentOS are among the distros susceptible to various levels of resource exhaustion. The bug, which has existed for more than two years, does not require root access to exploit.
Operating Systems

Raspberry Pi Foundation Unveils New LXDE-Based Desktop For Raspbian Called PIXEL (softpedia.com) 47

Raspberry Pi Foundation's Simon Long has unveiled a new desktop environment for the Debian-based Raspbian GNU/Linux operating system for Raspberry Pi devices. From a Softpedia report (submitted by an anonymous reader):Until today, Raspbian shipped with the well-known and lightweight LXDE desktop environment, which looks pretty much the same as on any other Linux-based distribution out there that is built around LXDE (Lightweight X11 Desktop Environment). But Simon Long, a UX engineer working for Raspberry Pi Foundation, was hired to make it better, transform it into something that's more appealing to users. So after two years of work, he managed to create a whole new desktop environment for Raspbian, the flagship operating system for Raspberry Pi single-board computers developed and distributed by Raspberry Pi Foundation. Called PIXEL, the new Raspbian desktop offers a more eye-candy design with the panel on top (not on the bottom like on a default LXDE setup), new icons, new Applications Menu, and new theme. "It's actually surprisingly easy to hack about with the LXDE desktop once you get your head around what all the bits do, and since then I've been slowly chipping away at the bits that I felt would most benefit from tweaking," reveals Simon Long. "Stuff has slowly been becoming more and more like my original concept for the desktop; with the latest changes, I think the desktop has reached the point where it's a complete product in its own right and should have its own name."
Debian

LinuxScreenshots.org Closes. All Screenshot Tours Released For Downloading (linuxscreenshots.org) 46

A new announcement on their web site reads: LinuxScreenshots.org is closed. An archive of all screenshot tours from this site has been made freely available to the community, which consists of 2300 releases from 580 distributions. You may download this archive for fun, or to start your own Linux screenshots website. Please help seed torrents. I contacted the site's owner, who confirmed the news, saying their goal is to let the community take control of the screenshots. The archives are available on Dropbox and BitTorrent.
Debian

Penetration-Testing Distro Kali Linux 2016.2 Released (kali.org) 54

prisoninmate writes: What's Kali Linux 2016.2? Well, it's an updated Live ISO image of the popular GNU/Linux distribution designed for ethical hackers and security professionals who want to harden the security of their networks, which contains the latest software versions and enhancements for those who want to deploy the OS on new systems. It's been quite some time since the last update to the official Kali Linux Live ISOs and new software releases are announced each day, which means that the packages included in the previous Kali Linux images are very old, and bugs and improvements are always implemented in the most recent versions of the respective security tools. Best of all, the new Kali Linux 2016.2 release comes in KDE, MATE, Xfce, LXDE, and Enlightenment E17 flavors.
Their blog also points out that Kali recently appeared in an episode of Mr. Robot.
Debian

Systemd Rolls Out Its Own Mount Tool (phoronix.com) 541

An anonymous Slashdot reader writes: I'm surprised this hasn't surfaced on Slashdot already, but yesterday Phoronix reported that systemd will soon be handling file system mounts, along with all the other stuff that systemd has encompassed. The report generated the usual systemd arguments over on Reddit.com/r/linux with Lennart Poettering, systemd developer and architect, chiming in with a few clarifications.
Lennart argued it will greatly improve the handling of removable media like USB sticks.
Cloud

Researchers Warn Linux Vendors About Cloud-Memory Hacking Trick (thestack.com) 73

An anonymous Slashdot reader writes: Hacking researchers have uncovered a new attack technique which can alter the memory of virtual machines in the cloud. The team, based at Vrije Universiteit, Amsterdam, introduced the attack, dubbed Flip Feng Shui (FFS)...and explained that hackers could use the technique to crack the keys of secured VMs or install malicious code without it being noticed...

Using FFS, the attacker rents a VM on the same host as their chosen victim. They then write a memory page which they know exists on the vulnerable memory location and let it de-duplicate. The identical pages, with the same information, will merge in order to save capacity and be stored in the same part of memory of the physical computer. This allows the hacker to change information in the general memory of the computer.

The researchers demonstrated two attacks on Debian and Ubuntu systems -- flipping a bit to change a victim's RSA public key, and installing a software package infected with malware by altering a URL used by apt-get. "Debian, Ubuntu and other companies involved in the research were notified before the paper was published, and have all responded to the issue."
Debian

Onion Debian Services Are Now Available (debian.org) 40

"I just set up a lot of Onion Services for many of Debian's static websites," announced Debian sys-admin Peter "weasel" Palfrader on Friday. "You can find the entire list of services on onion.debian.org. More might come in the future." Longtime Slashdot reader alfino writes: Yay for privacy. We don't care about where you come from, and now you don't even have to tell anyone that you're using Debian. The archive at ftp.debian.org is already in the list. Support for more redundant Debian archive access is expected to come When It's Ready.
Ubuntu

Ubuntu's Unity desktop environment can run in Windows (wordpress.com) 170

An anonymous Slashdot reader writes: "This is one of the coolest tickets I've seen on GitHub," writes Ubuntu developer Adolfo Jayme Barrientos, adding "this kind of surreal compatibility between platforms is now enabled...the fact that you can execute and use Linux window managers there, without virtual machines, is simply mind-blowing."

"The Windows 10 Anniversary Update coming in August includes an unusual feature aimed at developers: an Ubuntu sub-system that lets you run Linux software using a command-line interface," explains Liliputing.com "Preview versions have been available since April, and while Microsoft and Canonical worked together to bring support for the Bash terminal to Windows 10, it didn't take long for some users to figure out that they could get some desktop Linux apps to run in Windows. Now it looks like you can even load Ubuntu's Unity desktop environment, making windows 10 look like Ubuntu.

Debian

Debian Founder's 2015 Death Ruled A Suicide (theregister.co.uk) 160

gosand writes: According to a story on The Register, the death of Ian Murdock in late 2015 has been ruled a suicide. This news brings some closure to the sad ending of his life. An interesting note from the article that I never knew before: "he was the Ian in Debian; his girlfriend at the time, Debra Lynn, was the Deb." Debian has truly been a cornerstone in the Linux world, and the founder will be missed. The medical report was obtained on Wednesday by CNN journalists.
Open Source

Linux Mint 18 'Sarah' Released, Supports Generic GTK X-Apps (linuxmint.com) 98

Slashdot reader Type44Q writes: The Linux Mint team announced the immediate availability of their latest release, Mint 18 "Sarah," in Cinnamon and MATE flavors. These follow on the heels of their respective beta versions, which have been out for nearly a month.
"Linux Mint 18 is a long-term support release which will be supported until 2021," the team announces on MATE's "new features" page, adding they've improved their update manager, included support for the Debian syntax of "apt", and are working on the "X-Apps" project to "produce generic applications for traditional GTK desktop environments...to replace applications which no longer integrate properly outside of a particular environment."
Debian

Fedora QA Lead Pans Canonical 'Propaganda' On Snap Apps (happyassassin.net) 170

Long-time Slashdot reader JImbob0i0 shares a scathing article by Red Hat's Fedora QA "community monkey"/senior QA engineer on Canonical's announcement about their application delivery mechanism "snap"... ...and how it's going to unite all distributions and kill apt and rpm! This is, to put it diplomatically, a heaping pile of steaming bullshit... The press release and the stories together give you the strong impression that this thing called Snappy is going to be the cross-distribution future of application delivery, and it's all ready for use today and lots of major distributions are buying into it... The stories have headlines like "Adios apt and yum? Ubuntu's snap apps are coming to distros everywhere" and "Snap Packages Become Universal Binary Format for All GNU/Linux Distributions"...

Now, does Snappy actually have the cross-distribution buy-in that the press release claims (but never outright states) that it has? No... The sum total of communication between Canonical and Fedora before the release of this press release was that they mailed us asking about the process of packaging snappy for Fedora, and we told them about the main packaging process and COPR. They certainly did not in any way inform Fedora that they were going to send out a press release strongly implying that Fedora, along with every other distro in the world, was now a happy traveler on the Snappy bandwagon... They just decided to send out a wildly misleading press release and actively encourage the specialist press to report that Snappy was all set to take over the world and everyone was super happy with that.

Debian

Adios Apt and Yum? Ubuntu's Snap Apps Are Coming To Distros Everywhere (arstechnica.com) 274

An anonymous reader shares an Ars Technica report: Ubuntu's "snappy" new way of packaging applications is no longer exclusive to Ubuntu. Canonical today is announcing that snapd, the tool that allows snap packages to be installed on Ubuntu, has been ported to other Linux distributions including Debian, Arch, Fedora, and Gentoo among others. To install snap packages on non-Ubuntu distributions, Linux desktop and server users will have to first install the newly cross-platform snapd. This daemon verifies the integrity of snap packages, confines them into their own restricted space, and acts as a launcher. Instructions for creating snaps and installing snapd on a variety of distributions are available at this website. Snaps can exist on the same system as either deb or RPM packages. Snaps aren't the only new package manager for Linux distributions that aims to simplify installation of applications. There's also AppImage and OrbitalApps.
Android

Maru OS Exits Private Beta, Lets You Use an Android Phone As a Linux Desktop (liliputing.com) 60

Maru OS has exited beta, and is now available to anyone who wants to give it a try. For those unaware, Maru OS offers a platform that runs Android as well as Debian Linux on a smartphone. When you connect a Maru OS-powered smartphone to an external display, you get "full-fledged Linux desktop environment." Maru OS was unveiled in February, and currently supports only one smartphone: Nexus 5. The developers behind it have also started to work on making the project open source. They hope that doing this will help them support other devices as well. Brad Linger, writes for Liliputing: Work has also begun on making Maru OS an open source project, which could allow additional developers to contribute to the project or port it to run on other phones, although the current version of the Maru OS does require phones that support HDMI via MHL or SlimPort, which means not all phones will be able to run the software unless wireless display support is added in the future.
Debian

Security Updates Released for Debian 8 and 7 (debian.org) 76

An anonymous reader writes: The Debian Project just released Debian 8.5, which adds 65 security updates to the stable release. They're also releasing the final update to Debian 7 (codenamed 'wheezy'), which includes "all other security updates released during the lifetime of 'wheezy' that have not previously been part of a point release."

They're emphasizing that each of the new updates "does not constitute a new version...but only updates some of the packages included. There is no need to throw away old...CDs or DVDs but only to update via an up-to-date Debian mirror after an installation to cause any out of date packages to be updated."

Debian

Systemd Starts Killing Your Background Processes By Default (blog.fefe.de) 924

New submitter nautsch writes: systemd changed a default value in logind.conf to "yes", which will kill all your processes, when you log out... There is already a bug-report over at debian: Debian bug tracker.
The new change means "user sessions will be properly cleaned up after," according to the changelog, "but additional steps are necessary to allow intentionally long-running processes to survive logout. To effectively allow users to run long-term tasks even if they are logged out, lingering must be enabled for them."
Debian

ZFS For Linux Finally Lands In Debian GNU/Linux Repos (softpedia.com) 150

prisoninmate quotes a report from Softpedia: It took the Debian developers many years to finally be able to ship a working version of ZFS for Linux on Debian GNU/Linux. For those not in the known, ZFS on Linux is the official OpenZFS implementation for Linux, which promises to offer native ZFS filesystem support for any Linux kernel-based operating system, currently supporting Arch Linux, Ubuntu, Fedora, Gentoo, Red Hat Enterprise Linux, CentOS, openSUSE, and now Debian. And it looks like their ZFS for Linux implementation borrows a lot of patches from Ubuntu, at least according to the changelog for zfs-linux 0.6.5.6-2, the version that is now available in the unstable channel for Debian users to install and test.

Slashdot Top Deals