The latest version of Chrome OS, version 78, adds separate browser and device settings, click-to-call, and picture-in-picture support for YouTube. It also introduces virtual desktop support for the operating system with a feature called Virtual Desks. 9to5Google reports: Chrome is getting another cross-device sharing feature after "Send this page" widely rolled in September. With "click-to-call," you can right-click on phone number links -- like tel:800-800-8000 -- to have them sent to your Android device. It's quicker than manually entering those digits or transferring via email. Chrome OS 78 will separate browser and device settings. The former is accessible directly at chrome://settings and what opens when clicking "Settings" at the bottom of the Overflow menu in the top-right corner of any browser window. It opens as a tab and provides web-related preferences. Meanwhile, chrome://os-settings opens as its own window, and can be accessed from the quick settings sheet. It provides device options like Wi-Fi, Bluetooth, and Assistant in a white Material Theme UI with an icon in the launcher/app shelf.

YouTube for Android now supports picture-in-picture with Chrome OS 78. After starting a video in the mobile client, switching to another window, covering, or minimizing the app will automatically open a PiP in the bottom-right corner. Available controls include switching to audio, play/pause, and skipping to the next track. In the top-left, you can expand the window and a settings gear on the other side allows you to open system settings. Tapping in the center expands and returns you to the YouTube Android app. Chrome OS 78 simplifies the printing experience by automatically listing compatible printers without any prior setup required. There are also a number of Linux on Chrome OS enhancements in this version:

- Backups of Linux apps and files can now be saved to local storage, external drive, or Google Drive. That copy can be then restored when setting up a new computer.
- Crostini GPU support will be enabled by default for a "crisp, lower-latency experience."
- You'll be warned when using a Linux app that does not support virtual keyboard in tablet mode.

An anonymous reader quotes ZDNet: Linus Torvalds, Linux's creator, doesn't make speeches anymore. But, what he does do, and he did again at Open Source Summit Europe in Lyon France is have public conversations with his friend Dirk Hohndel, VMware's Chief Open Source Officer. In this keynote discussion, Torvalds revealed that he doesn't think he's a programmer anymore.

So what does the person everyone thinks of as a programmer's programmer do instead? Torvalds explained:

"I don't know coding at all anymore. Most of the code I write is in my e-mails. So somebody sends me a patch ... I [reply with] pseudo code. I'm so used to editing patches now I sometimes edit patches and send out the patch without having ever tested it. I literally wrote it in the mail and say, 'I think this is how it should be done,' but this is what I do, I am not a programmer."

So, Hohndel asked, "What is your job?" Torvalds replied, "I read and write a lot of email. My job really is, in the end, is to say 'no.' Somebody has to say 'no' to [this patch or that pull request]. And because developers know that if they do something that I'll say 'no' to, they do a better job of writing the code."

On Hackaday's hosting site Hackaday.io, an electrical engineer with a background in semiconductor physics argues that Linux's small market share is due to a lack of marketing: Not only does [Linux] have dominance when raw computing ability is needed, either in a supercomputer or a webserver, but it must have some ability to effectively work as a personal computer as well, otherwise Android wouldn't be so popular on smartphones and tablets. From there it follows that the only reason that Microsoft and Apple dominate the desktop world is because they have a marketing group behind their products, which provides customers with a comfortable customer service layer between themselves and the engineers and programmers at those companies, and also drowns out the message that Linux even exists in the personal computing realm...

Part of the problem too is that Linux and most of its associated software is free and open source. What is often a strength when it comes to the quality of software and its flexibility and customizablity becomes a weakness when there's no revenue coming in to actually fund a marketing group that would be able to address this core communications issue between potential future users and the creators of the software. Canonical, Red Hat, SUSE and others all had varying successes, but this illistrates another problem: the splintered nature of open-source software causes a fragmenting not just in the software itself but the resources. Imagine if there were hundreds of different versions of macOS that all Apple users had to learn about and then decide which one was the best for their needs...

I have been using Linux exclusively since I ditched XP for 5.10 Breezy Badger and would love to live in a world where I'm not forced into the corporate hellscape of a Windows environment every day for no other reason than most people already know how to use Windows. With a cohesive marketing strategy, I think this could become a reality, but it won't happen through passionate essays on "free as in freedom" or the proper way to pronounce "GNU" or the benefits of using Gentoo instead of Arch. It'll only come if someone can unify all the splintered groups around a cohesive, simple message and market it to the public.

Fedora 31 has just rolled out the door. From a report: Is it an exciting release? No, not really. Sure, enthusiasts will find themselves thrilled withe inclusion of the GNOME 3.34 desktop environment (with Qt Wayland by default), Linux 5.3 kernel, and Mesa 9.2, but otherwise, it is fairly boring. You know what? That's not a bad thing. In 2019, Fedora is simply a mature and stable operating system that only needs to follow an evolutionary path at this time -- not revolutionary. It stands alone as the world's best desktop Linux distribution. "Fedora 31 Workstation provides new tools and features for general users as well as developers with the inclusion of GNOME 3.34. GNOME 3.34 brings significant performance enhancements which will be especially noticeable on lower-powered hardware. Fedora 31 Workstation also expands the default uses of Wayland, including allowing Firefox to run natively on Wayland under GNOME instead of the XWayland backend as with prior releases," says The Fedora Project.

During his Open Source Summit Europe keynote speech, Greg Kroah-Hartman, the stable Linux kernel maintainer, said Intel CPU's security problems "are going to be with us for a very long time" and are "not going away." He added: "They're all CPU bugs, in some ways they're all the same problem," but each has to be solved in its own way. "MDS, RDDL, Fallout, Zombieland: They're all variants of the same basic problem." ZDNet reports: And they're all potentially deadly for your security: "RIDL and Zombieload, for example, can steal data across applications, virtual machines, even secure enclaves. The last is really funny, because [Intel Software Guard Extensions (SGX)] is what supposed to be secure inside Intel ships" [but, it turns out it's] really porous. You can see right through this thing." To fix each problem as it pops up, you must patch both your Linux kernel and your CPU's BIOS and microcode. This is not a Linux problem; any operating system faces the same problem.

OpenBSD, a BSD Unix devoted to security first and foremost, Kroah-Hartman freely admits was the first to come up with what's currently the best answer for this class of security holes: Turn Intel's simultaneous multithreading (SMT) off and deal with the performance hit. Linux has adopted this method. But it's not enough. You must secure the operating system as each new way to exploit hyper-threading appears. For Linux, that means flushing the CPU buffers every time there's a context switch (e.g. when the CPU stops running one VM and starts another). You can probably guess what the trouble is. Each buffer flush takes a lot of time, and the more VMs, containers, whatever, you're running, the more time you lose. "The bad part of this is that you now must choose: Performance or security. And that is not a good option," Kroah-Hartman said. He added: "If you are not using a supported Linux distribution kernel or a stable/long term kernel, you have an insecure system."

Microsoft officials said the company's Azure Sphere microcontroller (MCU) and associated cloud security service will be generally available in February 2020. From a report: Microsoft also introduced new branding today for the ThreadX RTOS technology it acquired when it bought Express Logic in April 2019. Going forward, this product will be known as Azure RTOS. ThreadX is one of the most-deployed real-time operating systems in the world. Today, Microsoft said that Renesesas, a major microcontroller manufacturer, announced that Azure RTOS will be be broadly available across its products, including the Synergy and RA MCU families. Microsoft has been working for at least a couple of years to secure low-cost Internet-connected devices. Microsoft Research's "Project Sopris" was all about creating a highly secure microcontroller. That project morphed into Azure Sphere, which Microsoft announced in April 2018. The first Azure Sphere chip was the MediaTek MT3620, which included an onboard security subsystem MIcrosoft christened "Pluton." The Azure Sphere OS included a Microsoft-developed custom Linux kernel, plus secured application containers.

mpol writes: Phoronix published an interview with former Purism CTO Zlatan Todoric who left Purism in September 2018. The story hints quite strongly at chaotic situations over at Purism. He started at the company in 2015, when it was a small outfit, and steered it into the bigger company that it is now. To him the smartphone development for the Librem 5 was a mistake and way too early. He has high hopes for the Pinephone, who according to him are doing things right. The first "Aspen" batch of the Purism Librem 5 are supposed to be shipping, though seemingly only people related to Purism are showing off their devices.

If you plan on streaming content from the new Disney+ streaming service on Linux devices, you'll likely be greeted with Error Code 83. Fedora Linux package maintainer Hans De Goede from the Netherlands first made the unpleasant discovery. gHacks reports: De Goede noticed that Disney+ would not work in any of the web browsers that he tried on systems running Fedora Linux. He tried Firefox and Chrome, and both times Disney+ threw the error "error code 83." Disney+ Support was not able to assist de Goede. It replied with a generic message stating that the error was known and that it happened often when customers tried to play Disney+ in web browsers or using certain devices. Support recommended to use the official applications on phones or tablets to watch the shows or movies. Other streaming services, e.g. Netflix, work fine on Linux.

A user on the Dutch site Tweakers dug deeper and uncovered the response code that the site returned when a device or browser was used that could not be used to play streams. According to the information, error code 83 means that the platform verification status is incompatible with the security level. Disney uses the DRM solution Widevine to protect its streams from unauthorized activity. Widevine supports three different security levels, called 1, 2 and 3, which have certain requirements. The supported level determines the maximum stream quality and may even prevent access to a stream if the requirements are not met. It appears that Disney set Widevine to a more restrictive level than its competitors. The decision affects Disney+ on Linux devices and on other devices that don't support the selected Widevine security standard.

Project Trident is moving from FreeBSD to Void Linux, reports Its FOSS: According to a later post, the move was motivated by long-standing issues with FreeBSD. These issues include "hardware compatibility, communications standards, or package availability continue to limit Project Trident users". According to a conversation on Telegram, FreeBSD has just updated its build of the Telegram client and it was nine releases behind everyone else.

The lead dev of Project Trident, Ken Moore, is also the main developer of the Lumina Desktop. The Lumina Desktop has been on hold for a while because the Project Trident team had to do so much work just to keep their packages updated. (Once they complete the transition to Void Linux, Ken will start working on Lumina again.)

After much searching and testing, the Project Trident team decided to use Void Linux as their new base.
More from the Project Trident site: It's important to reiterate that Project Trident is a distribution of an existing operating system. Project Trident has never been a stand-alone operating system. The goal of Project Trident is enhancing the usability of an operating system as a graphical workstation through all sorts of means: custom installers, automatic setup routines, graphical utilities, and more...

The more we've tested Void Linux, the more impressed we have been. We look forward to working with an operating system that helps Project Trident continue to provide a stable, high-quality graphical desktop experience.

An anonymous reader quotes Engadget: If you've been using Linux on DeX (aka Linux on Galaxy) to turn your Samsung phone into a PC, you'll need to make a change of plans. Samsung is warning users that it's shutting down the Linux on DeX beta program, and that its Android 10 update won't support using the open source OS as a desktop environment. The company didn't explain why it was shutting things down, but it did note that the Android 10 beta is already going without the Linux option...

Samsung is still committed to DeX, and recently enabled its desktop-style space on Macs and Windows PCs. However, it's clear that the dreams of fully replacing a PC with your Galaxy phone will have to wait, at least for now.

Forbes senior contributor Jason Evangelho dedicated a whole article to a coming update for one Chinese-domestic Linux distribution: If you haven't been paying attention to a little Linux desktop distribution called Deepin, it's time to put it on your radar. Nevermind that Huawei chose Deepin to ship on their MateBook laptop lineup. Nevermind that Deepin Cloud Sync [for system settings] is a killer, forward-thinking feature that every Linux distro needs to adopt. Nevermind that its slide-out control center resembles something sexy and sensible straight out of the future. But looking toward 2020, Deepin is poised to be absolutely stunning.

This is without question the most beautiful desktop environment I've ever laid eyes on... For me, the UX is more intuitive and more enjoyable than macOS and Windows 10. And fortunately, a quick setting can also transform Deepin to resemble the traditional Windows or macOS desktop paradigms you're already comfortable with. Hell, even the installer is a breath of fresh air.

But let's take a peek at what's coming next. This week, the Deepin Linux Youtube channel quietly released a preview of its Deepin v20 Launcher (just one component of the forthcoming OS), and it's bound to turn some heads. Take a look [YouTube video]. It's merely a tease ahead of this November's expected Deepin v20 beta release, but the Deepin developers have apparently devoted most of 2019 working on the upcoming version. From the category-driven app browser and animations, to the basic desktop layout we see in the teaser video, things appear quite polished already.
The article points out that Deepin is also a stand-alone desktop environment for any current Linux distribution -- and that it's one of the 248 operating systems available for online testing at DistroTest.net.

Long-time Slashdot reader Kekke shared this article from Ars Technica: A potentially serious vulnerability in Linux may make it possible for nearby devices to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher said.

The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. At a minimum, exploits would cause an operating-system crash and could possibly allow a hacker to gain complete control of the computer. The flaw dates back to version 3.10.1 of the Linux kernel released in 2013...

The vulnerability is tracked as CVE-2019-17666. Linux developers proposed a fix on Wednesday that will likely be incorporated into the OS kernel in the coming days or weeks. Only after that will the fix make its way into various Linux distributions.

Nico Waisman, who is a principal security engineer at Github [and discovered the bug] said he has not yet devised a proof-of-concept attack that exploits the vulnerability in a way that can execute malicious code on a vulnerable machine. "I'm still working on exploitation, and it will definitely... take some time (of course, it might not be possible)," he wrote in a direct message. "On paper, [this] is an overflow that should be exploitable. Worst-case scenario, [this] is a denial of service; best scenario, you get a shell."
The article notes that the flaw "can't be triggered if Wi-Fi is turned off or if the device uses a Wi-Fi chip from a different manufacturer."

Following the beta period, one of the best and most popular Linux-based desktop operating systems reaches a major milestone -- you can now download Ubuntu 19.10! Code-named "Eoan Ermine", the distro is better and faster then ever. From a report: By default, Ubuntu 19.10 comes with one of the greatest desktop environments -- GNOME 3.34. In addition, users will be delighted by an all-new optional Yaru light theme. There is even baked-in support for the Raspberry Pi 4. The kernel is based on Linux 5.3 and comes with support for AMD Navi GPUs. There are plenty of excellent pre-installed programs too, such as LibreOffice 6.3, Firefox 69, and Thunderbird 68. While many users will be quick to install Google Chrome, I would suggest giving Firefox a try -- it has improved immensely lately. "With GNOME 3.34, Ubuntu 19.10 is the fastest release yet with significant performance improvements delivering a more responsive and smooth experience, even on older hardware. App organization is easier with the ability to drag and drop icons into categorized folders, while users can select light or dark Yaru theme variants depending on their preference or for improved viewing accessibility. Native support for ZFS on the root partition is introduced as an experimental desktop installer option. Coupled with the new zsys package, benefits include automated snapshots of file system states, allowing users to boot to a previous update and easily roll forwards and backwards in case of failure," says Canonical.

intensivevocoder writes: Fedora -- as a Linux distribution -- will celebrate the 15th anniversary of its first release in November, though its technical lineage is much older, as Fedora Core 1 was created following the discontinuation of Red Hat Linux 9 in favor of Red Hat Enterprise Linux (RHEL). Five years after the start of Fedora.next, the distribution is on the right track -- stability has improved, and work on minimizing hard dependencies in packages and containers, including more audio/video codecs by default, flicker-free boot, and lowering power consumption for notebooks, among other changes, have greatly improved the Fedora experience, while improvements in upstream projects such as GNOME and KDE have likewise improved the desktop experience. In a wide-ranging interview with TechRepublic, Fedora project leader Matthew Miller discussed lessons learned from the past, popular adoption and competing standards for software containers, potential changes coming to Fedora, as well as hot-button topics, including systemd.

exomondo shares a report from The Hacker News: A vulnerability has been discovered in Sudo -- one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access. Sudo, stands for "superuser do," is a system command that allows a user to run applications or commands with the privileges of a different user without switching environments -- most often, for running commands as the root user.

The vulnerability, tracked as CVE-2019-14287 and discovered by Joe Vennix of Apple Information Security, is more concerning because the sudo utility has been designed to let users use their own login password to execute commands as a different user without requiring their password. What's more interesting is that this flaw can be exploited by an attacker to run commands as root just by specifying the user ID "-1" or "4294967295." That's because the function which converts user id into its username incorrectly treats -1, or its unsigned equivalent 4294967295, as 0, which is always the user ID of root user. The vulnerability affects all Sudo versions prior to the latest released version 1.8.28, which has been released today.

"Red Hat Inc.'s finance chief Eric Shander has been dismissed from the company, forfeiting a $4 million retention award that was agreed to ahead of Red Hat's acquisition by IBM," reports the Wall Street Journal: The Raleigh, N.C.-based software company confirmed late Thursday that Mr. Shander was no longer working at Red Hat. "Eric was dismissed without pay in connection with Red Hat's workplace standards," a company spokeswoman said in a statement. The company, which said that its accounting and control functions remain healthy, on Friday declined to provide specifics about what led to Mr. Shander's dismissal. Mr. Shander didn't immediately respond to a request for comment.

Mr. Shander was named Red Hat's permanent chief financial officer in April 2017 after a stint as acting CFO, according to the spokeswoman. He had served in various finance roles at IBM and Lenovo Group Ltd. before joining Red Hat in 2015...

His departure puts Red Hat in a difficult spot, said Ivan Feinseth, director of research at Tigress Financial Partners LLC, an investment banking firm. "The fallout for companies in these situations is not only the dismissal of an executive but also the litigation risk," Mr. Feinseth said. "Companies could be held responsible for not creating and maintaining a proper workplace environment."

IBM said it supports Red Hat's decision to dismiss Mr. Shander. "Our values are fully aligned in this area," a spokesman said.

System76, the Denver-based Linux PC manufacturer and developer of Pop OS, has some stellar news for those who prefer their laptops a little more open. Later this month the company will begin shipping two of their laptop models with its Coreboot-powered open source firmware. From a report: Beginning today, System76 will start taking pre-orders for both the Galago Pro and Darter Pro laptops. The systems will ship out later in October, and include the company's Coreboot-based open source firmware which was previously teased at the 2019 Open Source Firmware Conference. (Coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.) What's so great about ripping out the proprietary firmware included in machines like this and replacing it with an open alternative? To begin with, it's leaner. System76 claims that users can boot from power off to the desktop 29% faster with its Coreboot-based firmware.

[...] Both of these laptops can be kitted out with 10th-Generation Intel CPUs (specifically the i5-10210U and the i7-10510U), and both have glare-resistant matte 1080p IPS displays. Beginning at $949, the Galago Pro features an all-aluminum chassis, a wealth of connectivity options including HDMI, DisplayPort to USB-C and Thunderbolt, and can be configured with up to 32GB of RAM and up to 6TB of storage space. The Darter Pro, meanwhile, can be built out with 32GB of RAM and up to 2TB of storage, and features up to 10 hours of battery life.

Brian Fagioli, writing for BetaNews: Beginning with the upcoming version 31 of the operating system, i686 32-bit processor support is being dropped by the Fedora Project. "The i686 architecture essentially entered community support with the Fedora 27 release. Unfortunately, there are not enough members of the community willing to do the work to maintain the architecture. Don't worry, though -- Fedora is not dropping all 32-bit packages. Many i686 packages are still being built to ensure things like multilib, wine, and Steam will continue to work," says Justin Forbes of Fedora Project. Forbes further explains, "While the repositories are no longer being composed and mirrored out, there is a koji i686 repository which works with mock for building 32-bit packages, and in a pinch to install 32-bit versions which are not part of the x86_64 multilib repository. Of course, maintainers expect this will see limited use. Users who simply need to run a 32-bit application should be able to do so with multilib on a 64-bit system."

An anonymous reader quotes a report from ZDNet: At the 2019 Linux Plumbers Conference, I talked to Linus Torvalds and several other of the Linux kernel's top programmers. They universally agreed Microsoft wants to control Linux, but they're not worried about it. That's because Linux, by its very nature and its GPL2 open-source licensing, can't be controlled by any single third-party. Torvalds said: "The whole anti-Microsoft thing was sometimes funny as a joke, but not really. Today, they're actually much friendlier. I talk to Microsoft engineers at various conferences, and I feel like, yes, they have changed, and the engineers are happy. And they're like really happy working on Linux. So I completely dismissed all the anti-Microsoft stuff."

But that doesn't mean the Microsoft leopard can't change its spots. Sure, he hears, "This is the old Microsoft, and they're just biding their time." But, Torvalds said, "I don't think that's true. I mean, there will be tension. But that's true with any company that comes into Linux; they have their own objectives. And they want to do things their way because they have a reason for it." So, with Linux, "Microsoft tends to be mainly about Azure and doing all the stuff to make Linux work well for them," he explained. Torvalds emphasized this is normal: "I mean, that's just being part of the community." James Bottomley, an IBM Research Distinguished Engineer and top Linux kernel developer, sees Microsoft as going through the same process as all other corporate Linux supporters: "This is a thread that runs through Linux. You can't work on the kernel to your own proprietary advantage. A lot of companies, as they came in with the proprietary business model, assumed they could. They have to be persuaded that, if you want something in Linux, that will assist your business -- absolutely fine. But it has to go through an open development process. And if someone else finds it useful, you end up cooperating or collaborating with them to produce this feature." That means, to get things done, even Microsoft is "eventually forced to collaborate with others."

Bottomley concluded: "So it doesn't matter if Microsoft has a competing agenda to Red Hat or IBM or anybody else. Developers are still expected to work together in the Linux kernel with a transparent agenda."

Microsoft appears to be porting its Edge browser to Linux, reports ZDNet: "We on the MS Edge Dev team are fleshing out requirements to bring Edge to Linux, and we need your help with some assumptions," wrote Sean Larkin, a member of Microsoft's Edge team....

Chrome, of course, is already available for Linux, so Microsoft should be able to deliver Chromium-based Edge to Linux distributions with minimal fuss.... [I]n June Microsoft Edge developers said there are "no technical blockers to keep us from creating Linux binaries" and that it is "definitely something we'd like to do down the road". Despite Chrome's availability on Linux, the Edge team noted there is still work to be done on the installer, updaters, user sync, and bug fixes, before it could be something to commit to properly.
Slashdot reader think_nix shared a link to the related survey that the Edge team has announced on Twitter. "If you're a dev who depends on Linux for dev, testing, personal browsing, please take a second to fill out this survey."