Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

'Most Serious' Linux Privilege-Escalation Bug Ever Is Under Active Exploit ( 28

Reader operator_error shares an ArsTechnica report: A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time." The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."

Operating Systems

Researchers Bypass ASLR Protection On Intel Haswell CPUs ( 69

An anonymous reader writes: "A team of scientists from two U.S. universities has devised a method of bypassing ASLR (Address Space Layout Randomization) protection by taking advantage of the BTB (Branch Target Buffer), a component included in many modern CPU architectures, including Intel Haswell CPUs, the processor they used for tests in their research," reports Softpedia. The researchers discovered that by blasting the BTB with random data, they could run a successful collision attack that reveals the memory locations where apps execute code in the computer's memory -- the very thing that ASLR protection was meant to hide. While during their tests they used a Linux PC with a Intel Haswell CPU, researchers said the attack can be ported to other CPU architectures and operating systems where ASLR is deployed, such as Android, iOS, macOS, and Windows. From start to finish, the collision attack only takes 60 milliseconds, meaning it can be embedded with malware or any other digital forensics tool and run without needing hours of intense CPU processing. You can read the research paper, titled "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR," here.
Operating Systems

OMGUbuntu: 'Why Use Linux?' Answered in 3 Short Words ( 255

Linux-focused blog OMGUbuntu's Joey-Elijah Sneddon shared a post today in which he is trying to explain why people should Linux. He stumbled upon the question when he typed "Why use" and Google suggested Linux as one of the most frequent questions. From the article: The question posed is not one that I sincerely ask myself very often. The answer has, over the years, become complicated. It's grown into a bloated ball of elastic bands, each reason stretched around and now reliant on another. But I wanted to answer. Helpfully, my brain began to spit out all the predictable nouns: "Why use Linux? Because of security! Because of control! Because of privacy, community, and a general sense of purpose! Because it's fast! Because it's virus free! Because I'm dang-well used to it now! Because, heck, I can shape it to look like pretty much anything I want it to using themes and widgets and CSS and extensions and blingy little desktop trinkets!"

There's Bugs In The Windows 10 Implementation of Bash ( 163

First-time submitter Big O Notation shares "an honest review about the new Ubuntu Bash" that shipped with the Windows 10 Anniversary Update. While it's still officially beta, most of the commands work as expected, and it includes popular programs like the Pico text editor. Here's some of the review's highlights: Pros: You can also manage and manipulate other files inside your entire Hard Disk, even those outside of your Linux home directory.
Cons: Even if you chmod something properly, when you use ls -l the Bash would not show the correct permissions. [And] if you try to create a Folder in your Linux Home Directory by using the Windows GUI, it would be impossible to read and manage it. Don't try this at home.

Microsoft says they've included the Windows Subsystem for Linux primarily as "a tool for developers -- especially web developers and those who work on or with open source projects." One Scandinavian developer has even tried running X on Bash on Ubuntu on Windows, reporting success running simpler programs like xcalc and xclock, as well as Gnome Control Center and xeditor and SciTE. "Things start to fall apart if you try to get more ambitious, though."

Proud Cyborg Athletes Compete In The World's First Cybathlon ( 19

IEEE Spectrum reports: Last Saturday, in a sold-out stadium in Zurich, Switzerland, the world's first cyborg Olympics showed the world a new science-fiction version of sports. At the Cybathlon, people with disabilities used robotic technology to turn themselves into cyborg athletes. They competed for gold and glory in six different events... [B]y skillfully controlling advanced technologies, amputees navigated race courses using powered prosthetic legs and arms. Paraplegics raced in robotic exoskeletons, bikes, and motorized wheelchairs, and even used their brain waves to race in the virtual world...
the_newsbeagle writes: While the competitors struggled with mundane tasks like climbing stairs, those exertions underlined the point: "Like the XPrize Foundation, the Cybathlon's organizers wanted to harness the motivating power of competition to spur technology development...they hoped to encourage inventors to make devices that can eventually provide winning moves beyond the arena."

Android Trojan Asks Victims To Submit a Selfie Holding Their ID Card ( 25

An anonymous reader writes from a report via Softpedia: Untrained and gullible Android users are now the target of an Android banking trojan that asks them to send a selfie holding their ID card. The trojan, considered the most sophisticated Android trojan known today, is named Acecard, and this most recent version has been detected only in Hong Kong and Singapore for now. The purpose of requiring a selfie of the victim holding his/her ID card is for the crook to prove himself when making fraudulent bank transactions, calling tech support posing as the victim, or for taking over social media accounts for Facebook or Twitter, which often require ID scans in the case of account takeover disputes. The report adds: "A previous version of the Acecard trojan hid inside a Black Jack game delivered via the official Google Play Store. In the most recent version of this threat, security experts from McAfee have found a new version of the Acecard trojan hidden inside all sorts of apps that pose as Adobe Flash Player, pornographic apps, or video codecs. All of these apps are distributed outside of the Play Store and constantly pester users with permission requirement screens until they get what they want, which is administrator rights. Once this step is achieved, the trojan lays in hiding until the user opens a specific app. McAfee experts found that when the user opens the Google Play app, the trojan springs a new social engineering trap."
GNU is Not Unix

KDE Turns 20, Happy Birthday! ( 127

prisoninmate writes from Softpedia: Can you believe it's been 20 years since the KDE (Kool Desktop Environment) was announced on the 14th of October, 1996, by project founder Matthias Ettrich? Well, it has, and today we'd like to say a happy 20th birthday to KDE! "On October 14, KDE celebrates its 20th birthday. The project that started as a desktop environment for Unix systems, today is a community that incubates ideas and projects which go far beyond desktop technologies. Your support is very important for our community to remain active and strong," reads the timeline page prepared by the KDE project for this event. Feel free to share your KDE experiences in a comment below! You can read the announcement "that started the revolution of the modern Linux desktop," as well as view the timeline "prepared by the KDE team for this unique occasion."
PlayStation (Games)

You Can Now Claim Your Cash In the PS3 'Other PS3' Settlement ( 85

If you've purchased a "fat" PlayStation 3 before April of 2010, you can now claim up to $55 as part of the settlement over the removal of the console's "Other OS" feature. PS3 owners with proof of purchase or evidence of a PSN sign-in from the system can receive $9 from the company. However, if you've used the "Other OS" feature to install Linux on your PS3, you can receive $55. The online claim form can be found here. Ars Technica reports: The opening of claims after a long legal saga that began in March of 2010, when Sony announced it would be removing the "Other OS" feature from the PS3. Sony claimed it was a security concern, but many class-action lawsuits filed in 2010 alleged the company was more worried about software piracy. While one lawsuit over the matter was dismissed by a judge in 2011, another worked its way through the courts until June, when Sony finally decided to settle. Though the company doesn't admit any wrongdoing, it puts itself on the hook for payments to up to 10 million PS3 owners. Note to those affected: "Claims are due by December 7, and payments should be sent out early next year pending final approval of the settlement."
Operating Systems

Ubuntu 16.10 Released, Ready to Download ( 78

After six months of development, Ubuntu 16.10, the latest stable release of the world's most popular desktop Linux distro, is now available to download. The ISO image file of Ubuntu 16.10 is a little larger (up from 1.4GB to 1.5GB). OMGUbuntu talks about the new features (condensed): Ubuntu 16.10 is not a big update over Ubuntu 16.04 LTS, released back in April. If you were hoping it'd be a compelling or must-have upgrade you'll be sadly disappointed. There are a number of small improvements to the Unity desktop and the Compiz window manager that powers it. Improvements that help everything work that little bit faster, and that little bit smoother. Ubuntu 16.10 also performs better in virtual machines thanks to the new Unity Low Graphics Mode. An all-new version of the Nautilus file manager also features, and is packed with some significant UI and UX differences. Plus, as always, there's a newer Linux kernel to enjoy.

Fedora 25 Beta Released With GNOME 3.22 and Linux Kernel 4.8.1 37

Reader prisoninmate writes: Fedora Project released of the Beta milestone of the upcoming Fedora 25 Linux operating system, due for release in mid-November. Powered by Linux kernel 4.8.1, the Fedora 25 Beta is shipping with the recently released GNOME 3.22 desktop environment, which is enabled by default on top of a Wayland 1.12 session for the Workstation Edition). Of course, you'll also find the latest software versions, including the LibreOffice 5.2.2 office suite, Flatpak 0.6.12, Mozilla Firefox 49.0 web browser, and LibVirt 2.2.0. Additionally, users will find the Mesa 12.0.3 3D Graphics Library for better and faster graphics support, OpenSSH 7.3p1 and OpenSSL 1.0.2j for improved security, Python 3.5.2, Samba 4.5.0, systemd 231, TigerVNC 1.7.0, and the latest Git snapshot of the upcoming X.Org Server 1.19.0 display server. Fedora 25 Beta Workstation is available for download now.

Cyanogen Gets a New CEO, Shifts Away From Selling a Full Mobile Operating System ( 49

An anonymous reader quotes a report from TechCrunch: Cyanogen, a startup behind its own, alternative version of the Android operating system, now has a new CEO. In the wake of reports that the company exaggerated its success in terms of active users, layoffs, and difficulties scaling, Cyanogen's co-founder and CEO Kirt McMaster will be transitioning into an "Executive Chairman" role, while Lior Tal, previously COO, will now assume the CEO position. In addition, Steve Kondik, Cyanogen's co-founder and CTO, will be taking on a new role as Chief Science Officer, the company announced. He will report Stephen Lawler, the company's SVP of Engineering. Today's blog post from new CEO Tal also somewhat acknowledged the company's struggles, and announced plans to shift in its business model with the launch of a new Cyanogen Modular OS program. "in recent years, Android and the mobile ecosystem changed," wrote Tal. "Android has become extremely fragmented causing serious security vulnerabilities and few or no incentives to device manufacturers to deliver software upgrades and/or security patches," he said. "Increased demand for lower-priced smartphones, coupled with the specifications arms race, has left manufacturers focused on scale and efficiency while compromising investment in software and services. Innovation cannot happen in a vacuum, which is what we have today," Tal added. The company will be moving away from its former model which involved it shipping the full-stack of the operating system, the company says. Its new program will instead allows manufacturers to introduce their own, customizable smartphones that use different parts of the Cyanogen OS via dynamic modules and MODs, while still using the ROM of their choice. That means they could still run stock Android on their devices, then pick and choose the pieces of Cyanogen's technology they want to also add. The full Cyanogen OS is still available and being sold, but is no longer the main focus. In July, Cyanogen Inc. laid off 20 percent of its workforce and sent a letter from McMaster to employees admitting that, despite shipping millions of devices with its OS, was "not scaling fast enough nor in an efficient manner."
Open Source

FreeBSD 11.0 Released ( 121

Long-time Slashdot reader basscomm writes, "After a couple of delays, FreeBSD 11 has been released. Check out the release notes here." The FreeBSD Foundation writes: The latest release continues to pioneer the field of copyfree-licensed, open source operating systems by including new architecture support, performance improvements, toolchain enhancements and support for contemporary wireless chipsets. The new features and improvements bring about an even more robust operating system that both companies and end users alike benefit greatly from using.
FreeBSD 11 supports both the ARMv8 and RISC-V architectures, and also supports the 802.11n wireless networking standard. In addition, OpenSSH has been updated to 7.2p2, and OpenSSH DSA key generation has been disabled by default, so "It is important to update OpenSSH keys prior to upgrading."
Open Source

After 22 Years, 386BSD Gets An Update ( 83

386BSD was last released back in 1994 with a series of articles in Dr. Dobb's Journal -- but then developers for this BSD-based operating system started migrating to both FreeBSD and NetBSD. An anonymous Slashdot reader writes: The last known public release was version 0.1. Until Wednesday, when Lynne Jolitz, one of the co-authors of 386BSD, released the source code to version 1.0 as well as 2.0 on Github.

386BSD takes us back to the days when you could count every file in your Unix distribution and more importantly, read and understand all of your OS source code. 386BSD is also the missing link between BSD and Linux. One can find fragments of Linus Torvalds's math emulation code in the source code of 386BSD. To quote Linus: "If 386BSD had been available when I started on Linux, Linux would probably never had happened."

Though it was designed for Intel 80386 microprocessors, there's already instructions for launching it on the hosted hardware virtualization service Qemu.

Linux Foundation Shares LinuxCon Highlights ( 50

An anonymous Slashdot reader writes: The Linux Foundation held its "LinuxCon Europe" this week, "where developers, sys admins, architects and all types and levels of technical talent gather together under one roof for education, collaboration and problem-solving to further the Linux platform." They've now updated their web site with photos and slide presentations.

The 44 presentations included a talk about Linux kernel security subsystem by kernel developer James Morris and an interesting talk by GitHub's Carol Smith arguing that mandatory math requirements can create a "steep barrier to entry" for people trying to launch programming careers. Karsten Gerloff also described how Siemens is making "strategic" use of free software.


Microsoft Is Redesigning the Paint App For Windows 10 ( 118

Microsoft is redesigning the Paint app with Windows 10 in mind. As mentioned in the leaked video posted by Twitter user WalkingCat, the "ability to create in 3D" is one of the biggest new features in the works. The Verge reports: A launch video notes that the new "Paint Preview" app includes all the familiar features of the regular version of Paint, but Microsoft is adding in 3D object support. Paint Preview users will be able to create 3D objects, and annotate them freely. Microsoft has a range of markers and art tools to help artists create objects, and brushes that can be used directly on 3D objects. All of the tools appear to be pen- and touch-friendly, with an interface that mixes 3D models, 2D images, stickers, and community tools for 3D content. Microsoft appears to be testing early "alpha" versions of the Paint app, and the videos indicate it could be ready to be released publicly soon. The timing of the Paint videos come just hours after Microsoft revealed it's planning to hold a special event in New York City later this month. Microsoft is widely expected to unveil a new Surface device at the event, with rumors suggesting it will be an all-in-one desktop PC.
Operating Systems

Unity 8 Desktop Session Arrives in Ubuntu 16.10 ( 56

The latest updates to Ubuntu 16.10 Yakkety Yak add a Unity8 desktop session to the Ubuntu login screen. OMGUbuntu adds: Added to the Ubuntu meta package, the new Unity 8 desktop session will be available to try on all new installs and upgrades of Ubuntu 16.10, but only as an alternate login session to Unity 7. Unity 8 is not -- repeat: not -- going to be the default session in this release. Shipping it as a preview session is a great idea. It means to try Unity 8 on Ubuntu 16.10 you won't need to install a set of packages, or faff around with special set-up, or add a PPA. When at the Unity Greeter (aka the login screen) just click the session selector button, followed by 'Unity 8,' and then proceed to login as normal.

Linus Torvalds Says 'Buggy Crap' Made It Into Linux 4.8 ( 294

Two days after Linus Torvalds announced the release of Linux 4.8, he began apologizing for a bug fix gone bad. The Register reports: "I'm really sorry I applied that last series from Andrew just before doing the 4.8 release, because they cause problems, and now it is in 4.8 (and that buggy crap is marked for stable too)." The "crap" in question is an attempt to fix a bug that's been present in Linux since version 3.15. Torvalds rates the fix for that bug "clearly worse than the bug it tried to fix, since that original bug has never killed my machine!" Torvalds isn't happy with kernel contributor Andrew Morton, who he says is debugging with a known bad use of BUG_ON(). "I've ranted against people using BUG_ON() for debugging in the past. Why the f*ck does this still happen?" Torvalds writes, pointing to a 2002 post to the kernel mailing list outlining how to do BUG_ON() right. He later adds "so excuse me for being upset that people still do this shit almost 15 years later."

KDE Plasma 5.8 LTS Desktop Officially Released ( 72

prisoninmate writes from a report via Softpedia: KDE will celebrate 20 years of activity on October 14, 2016, and they've just released the first LTS (Long Term Support) version of the KDE Plasma desktop environment. Prominent new features of KDE Plasma 5.8 LTS include support for desktop widgets, a new system-wide search functionality that promises to let users easily search their KDE desktops for everything they want, including apps, music, videos, files, folders, etc., a new tool to get hot new stuff for your KDE Plasma desktop, such as wallpapers, widgets, desktop effects, or window styles, and infinite customization possibilities. Moreover, KDE Plasma 5.8 LTS comes with a unified look for the default Breeze theme so that, no matter what type of application you're using (Qt4, GTK2, GTK3, or Qt5), it will look the same, mobile phone notifications, along with the ability to use your smartphone as a PC remote, transfer files or mute music during calls, all with the new KDE Connect plasmoid. There's also Right-to-Left (RTL) language support, simplified global shortcuts, improvements to many applets, and much better Wayland support. KDE Plasma 5.8 LTS will receive nine point releases until 2018. "Today KDE releases its first Long Term Support edition of its flagship desktop software, Plasma," reads the announcement. "This marks the point where the developers and designers are happy to recommend Plasma for the widest possible audience be they enterprise or non-techy home users. If you tried a KDE desktop previously and have moved away, now is the time to re-assess, Plasma is simple by default, powerful when needed."
Operating Systems

Apple To Make macOS Sierra Available As Automatic Download Beginning Today ( 132

Remember how Microsoft was pushing Windows 10 updates to your computers? That surely made a lot of people furious. Today, Apple told The Loop that it will also begin automatic download of its latest desktop operating system update, macOS Sierra on Macs that are compatible with the new software -- provided, automatic downloads are switched on and the Mac has enough storage space. From the report: t's important to note that this is not an automatic installer -- this process will only download the update in the background, and then alert you that it is available to install. You can choose to install it when its convenient. You can also choose to ignore the update. [...] Of course, you can manually delete the download if you don't wish to upgrade, and you can choose to manually download the update from the App Store at any time.
Operating Systems

Ubuntu 16.04 Available in Latest Insider Update To Windows 10 ( 127

The latest Windows 10 Insider preview -- build 14936 -- features Ubuntu 16.04 LTS. When a user enables the 'Bash on Ubuntu on Windows' feature for the first time, OMGUbuntu reports, Windows 10 now installs an Ubuntu 16.04 (Xenial Xerus) image instead of Ubuntu 14.04 (Trusty Tahr). From the report: The updated version of Ubuntu in the WSL only affects new instances, i.e., those created by running lxrun.exe /install or on the very first run of the bash.exe setup. It is possible to upgrade WSL instances from Ubuntu 14.04 to Ubuntu 16.04 manually by running the do-release-upgrade command. Other changes in the WSL in Build 14936 include support for chroot system call, epoll support for /dev/null and the ability for bash -c to redirect to a file.

Slashdot Top Deals