An anonymous reader writes: Linus Torvalds has released Linux 5.0 in kicking off the kernel's 28th year of development. Linux 5.0 features include AMD FreeSync support, open-source NVIDIA Turing GPU support, Intel Icelake graphics, Intel VT-d scalable mode, NXP PowerPC processors are now mitigated for Spectre Variant Two, and countless other additions. eWeek adds: Among the new features that have landed in Linux 5.0 is support for the Adiantum encryption system, developed by Google for low power devices. Google's Android mobile operating system and ChromeOS desktop operating system both rely on the Linux kernel. "Storage encryption protects your data if your phone falls into someone else's hands," Paul Crowley and Eric Biggers, Android Security and Privacy Team at Google wrote in a blog post. "Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices without cryptographic acceleration, to ensure that all devices can be encrypted. Memory management in Linux also gets a boost in the 5.0 kernel with a series of improvements designed to help prevent memory fragmentation, which can reduce performance.

For some reason, Apple's website where you can manage your Apple ID (appleid.apple.com) is blocking users of Linux browsers from accessing it. From a report: Having access to the website is important to manage things such as payment information, two-factor authentication, and other account details. Even though the number of Linux users accessing the website must be relatively small compared to other operating systems, some iPhone users who use Linux on the desktop noticed the issue. This behavior was first explained by user Alexander Martin on Mastodon. He discovered that when the browser reports itself as being a Linux browser, Apple's website will block the access by throwing a "Bad Gateway" error.

The Linux Foundation today launched Enabling Linux in Safety Applications (ELISA), an open source project comprising tools intended to help companies build and certify Linux-based systems whose failure could result in loss of human life, significant property damage, or environmental damage. From a report: In partnership with British chip designer Arm, BMW, autonomous platforms company Kuka, Linutronix, and Toyota, ELISA will work with certification and standardization bodies in "multiple industries" to establish ways Linux can form the foundation of safety-critical systems across industries.

dryriver writes: A lot of people probably remember the 1990s palmtop computers made by Psion fondly. The clamshell-design palmtops were pocketable, black and white, but had a working stylus and a fantastic tactile foldout QWERTY keyboard that you could type pretty substantial documents on or even write code with. A different company -- Planet Computers -- has now produced a spiritual successor to the old Psion palmtops called the Gemini PDA that is much like an old Psion but with the latest Android smartphone hardware in it and a virtually identical tactile keyboard. It can also dual boot to Linux (Debian, Ubuntu, Sailfish) alongside Android. The technical specs are a MediaTek deca-core processor, 4GB RAM, 64GB storage (plus microSD slot), 4G, 802.11c Wi-Fi, GPS, Bluetooth, eSIM support, and 4,220mAh battery. The screen measures in at 5.99-inches with a 2,160 x 1,080 (403ppi) resolution. The only thing missing seems to be the stylus -- but perhaps that would have complicated manufacturing of this niche-device in its first production run.

One of Windows Subsystem for Linux's more annoying tricks is it's hard to get at your Linux files from Windows. From a report: Oh, you can do it, but you take a real chance of ruining the files. To quote Microsoft, "DO NOT, under ANY circumstances, access, create, and/or modify files in your distro's filesystem using Windows apps, tools, scripts, consoles, etc." In the forthcoming Windows 10 April 2019 Update, aka Windows 10 19H1, this Linux file problem will finally be fixed. According to Craig Loewen, a Microsoft programming manger working on Windows Subsystem for Linux (WSL), "The next Windows update is coming soon and we're bringing exciting new updates to WSL with it! These include accessing the Linux file system from Windows, and improvements to how you manage and configure your distros in the command line."

jrepin writes: Today, KDE launched Plasma 5.15, the first stable release of the popular desktop environment in 2019. For this release the Plasma team has focused on hunting down and removing all the paper cuts that slow you down. Plasma 5.15 brings a number of changes to the configuration interfaces, including more options for complex network configurations. Many icons have been added or redesigned to make them clearer. Integration with third-party technologies like GTK and Firefox has been improved substantially. Discover, Plasma's software and add-on installer, has received tons of improvements to help you stay up-to-date and find the tools you need to get your tasks done. For a more detailed list of features/changes, you can browse the full Plasma 5.15 changelog.

Mark Wycislik-Wilson, writing for BetaNews: Last year, developer Felix Rieseberg released Windows 95 as an Electron app to let 90s computer users relive their younger years. Now he's back with a second version of the Windows 95 app, and it's even better than ever -- gaming classics such as Doom and Wolfenstein3D are now included, for starters! Based on the Electron framework, Windows 95 2.0 is written in JavaScript, and is essentially a 500MB standalone virtual machine. The original release was lacking in a number of areas -- such as no sound or internet access. This second release is described as a "big update" and includes a web browser in the form of Netscape Navigator 2.0.

Writing at Linux Journal, Glyn Moody reports that dozens of government IT systems are switching to open source software.

"The fact that this approach is not already the norm is something of a failure on the part of the Free Software community..." One factor driving this uptake by innovative government departments is the potential to cut costs by avoiding constant upgrade fees. But it's important not to overstate the "free as in beer" element here. All major software projects have associated costs of implementation and support. Departments choosing free software simply because they believe it will save lots of money in obvious ways are likely to be disappointed, and that will be bad for open source's reputation and future projects.

Arguably as important as any cost savings is the use of open standards. This ensures that there is no lock-in to a proprietary solution, and it makes the long-term access and preservation of files much easier. For governments with a broader responsibility to society than simply saving money, that should be a key consideration, even if it hasn't been in the past.... Another is transparency. Recently it emerged that Microsoft has been gathering personal information from 300,000 government users of Microsoft Office ProPlus in the Netherlands, without permission and without documentation.
He includes an inspiring quote from the Free Software Foundation Europe about code produced by the government: "If it is public money, it should be public code as well. But when it comes to the larger issue about the general usage of proprietary vs. non-proprietary software -- what do Slashdot's readers think?

Should all government IT systems be using open source software?

Slashdot reader internet-redstar writes: The Tesla Hacker, Jasper Nuyens -- who uncovered Tesla's "unconfirmed lane change" last year -- now launched at FOSDEM an open-source project called "FreedomEV" to run on top of rooted Teslas. It adds new features to the vehicles, such as a "Hotspot Mode" for in-car Wi-Fi and a "Cloak Mode" to prevent all location tracking and more. It hopes to become available for other cars too. Full presentation video can be found here. The Github project and the website. He is looking for contributors and support from Tesla.

Despite being more than one year old, the Meltdown or Spectre vulnerabilities have remained a theoretical threat, and no malware strain or threat actor has ever used any in a real-world attack. Over the course of the last year, system and network administrators have called on the Linux project for options to disable these protections. A report adds: Many argued that the threat is theoretical and could easily be mitigated with proper perimeter defenses, in some scenarios. Even Linus Torvalds has called for a slowdown in the deployment of some performance-hitting Spectre mitigations. The Linux kernel team has reacted positively towards these requests and has been slowly adding controls to disable some of the more problematic mitigations.

[...] The latest effort to have mitigations turned off -- and stay down -- is the addition of the PR_SPEC_DISABLE_NOEXEC control bit to the Linux kernel. This bit will prevent child processes from starting in a state where the protections for Spectre v4 are still activated, despite being deactivated in the parent process.

"Time and again, security experts and vendors alike will recommend to organizations and end users to keep software and systems updated with the latest patches," reports eWeek. "But what happens when the application infrastructure that is supposed to deliver those patches itself is at risk?" That's what open-source and Linux users were faced with this past week with a pair of projects reporting vulnerabilities. On January 22, the Debian Linux distribution reported a vulnerability in its APT package manager that is used by end users and organizations to get application updates. That disclosure was followed a day later, on January 23, with the PHP PEAR (PHP Extension and Application Repository) shutting down its primary website, warning that it was the victim of a data breach. PHP PEAR is a package manager that is included with many Linux distributions as part of the open-source PHP programming language binaries....

In the Debian APT case, a security researcher found a flaw, reported it, and the open-source project community responded rapidly, fixing the issue. With PHP PEAR issue, researchers with the Paranoids FIRE (Forensics, Incident Response and Engineering) Team reported that they discovered a tainted file on the primary PEAR website... Both PHP PEAR and Debian have issued updates fixing their respective issues. While both projects are undoubtably redoubling their efforts now with different security technologies and techniques, the simple fact is that the two issues highlight a risk with users trusting updating tools and package management systems.

Michael Larabel writes via Phoronix: Wine 4.0 is now officially available as the new annual stable release to Wine for running Windows programs and games on Linux and other operating systems. Following seven weekly release candidates, Wine 4.0 was ready to ship today as judged by Wine founder Alexandre Julliard. Wine 4.0 is a big release bringing initial Vulkan graphics API support, Direct3D CSMT is enabled by default, early Direct3D 12 support via VKD3D, continued HiDPI work, various OpenGL improvements, multi-sample D3D texture support, 64-bit improvements, continued Android support, and much more. The release announcement and notes can be read via WineHQ.org. The source can be downloaded here.

An anonymous reader quotes ZDNet: MongoDB is an open-source document NoSQL database with a problem. While very popular, cloud companies, such as Amazon Web Services (AWS), IBM Cloud, Scalegrid, and ObjectRocket has profited from it by offering it as a service while MongoDB Inc. hasn't been able to monetize it to the same degree. MongoDB's answer? Relicense the program under its new Server Side Public License (SSPL).

Open-source powerhouse Red Hat's reaction? Drop MongoDB from Red Hat Enterprise Linux 8. Red Hat's Technical and Community Outreach Program Manager Tom Callaway explained, in a note stating MongoDB is being removed from Fedora Linux, that "It is the belief of Fedora that the SSPL is intentionally crafted to be aggressively discriminatory towards a specific class of users." Debian Linux had already dropped MongoDB from its distribution....

The business point behind MongoDB's license change is to force cloud companies to use one of MongoDB's commercial cloud offerings. This hasn't worked either. AWS just launched DocumentDB, a database, which "is designed to be compatible with your existing MongoDB applications and tools," wrote AWS evangelist Jeff Barr.

Kevin C. Tofel, writing for About Chromebooks: I've been following the bug report that tracks progress on adding GPU acceleration for the Linux container in Chrome OS and there's good news today. The first two Chrome OS boards should now, or very soon, be able to try GPU hardware acceleration with the new startup parameter found last month. The bug report says the -enable-gpu argument was added to the Eve and Nami boards.

There's only one Eve and that's the Pixelbook. Nami is used on a number of newer devices, including: Dell Inspiron 14, Lenovo Yoga Chromebook C630, Acer Chromebook 13, Acer Chromebook Spin 13, and HP X360 Chromebook 14.

Longtime Slashdot reader ole writes: GNOME Internet Radio Locator 1.6.0 is now freely available for GNOME systems. The 1.6.0 release is a stable release with Internet radio stations from Norway, Sweden, Denmark, England, Scotland, France and Belgium, as well as U.S.A., Canada, Mexico and Guatemala, mapped for GNOME Maps and city text search interface with auto-completion for 76 world cities that are featured in this release. You may download the 1.6.0 release of GNOME Internet Radio Locator here and download packages for Fedora 28 and 29 on x86_64 here

Major Linux distributions are vulnerable to three bugs in systemd, a Linux initialization system and service manager in widespread use, California-based security company Qualys said late yesterday. From a report: The bugs exist in 'journald' service, tasked with collecting and storing log data, and they can be exploited to obtain root privileges on the target machine or to leak information. No patches exist at the moment. Discovered by researchers at Qualys, the flaws are two memory corruption vulnerabilities (stack buffer overflow - CVE-2018-16864, and allocation of memory without limits - CVE-2018-16865) and one out-of-bounds error (CVE-2018-16866). They were able to obtain local root shell on both x86 and x64 machines by exploiting CVE-2018-16865 and CVE-2018-16866. The exploit worked faster on the x86 platform, achieving its purpose in ten minutes; on x64, though, the exploit took 70 minutes to complete. Qualys is planning on publishing the proof-of-concept exploit code in the near future, but they did provide details on how they were able to take advantage of the flaws.

ZDNet reports that by 2020, "many, if not most, new cars will be running with Linux." While some companies, like Tesla, run their own homebrew Linux distros, most rely on Automotive Grade Linux (AGL). AGL is a collaborative cross-industry effort developing an open platform for connected cars with over 140 members... Its membership includes Audi, Ford, Honda, Mazda, Nissan, Mercedes, Suzuki, and the world's biggest automobile company: Toyota. Why? "Automakers are becoming software companies, and just like in the tech industry, they are realizing that open source is the way forward," said Dan Cauchy, AGL's executive director, in a statement.

Car companies know that while horsepower sells, customers also want smart infotainment systems, automated safe drive features, and, eventually, self-driving cars. Linux and open-source company can give them all of that. The AGL's goal is to develop an open-source, common platform for infotainment systems: The Unified Code Base (UCB). This is a Linux distribution and open-source software platform for car infotainment, telematics, and instrument cluster applications... The AGL's hope is that this will serve as a de facto industry standard. It's well on its way.
Yesterday Hyundai announced that they were also joining both the AGL effort and the Linux Foundation.

Hyundai has become the latest car company to explore serious open source alternatives for developing its in-car services. From a report: Ahead of CES 2019, the South Korean automotive giant today announced that it has joined the Linux Foundation and the nonprofit's seven-year-old Automotive Grade Linux (AGL) effort as it looks to contribute to -- and reap benefit from -- software developed by over 140 companies. For Hyundai, open collaboration is crucial as it pursues a "connected car vision," Paul Choo, VP and head of Infotainment Technology Center at Hyundai, said in a statement. Car companies have traditionally taken three years or longer to develop in-vehicle services, such as infotainment systems. The bottleneck usually lies in the quality of code their in-house programmers create. According to a case study published by AGL, a connected car uses some 100 million lines of code, which is about 11 times more than the number that went into the F-35 fighter jet. Getting on AGL's bandwagon would also help Hyundai speed up development of its in-car technologies.

One of the most refreshing aspects of Linux in 2018 was the popularity of Snaps. Canonical revealed that the containerized packages have been a smashing success. Today, the Ubuntu-maker highlights what it feels are the top 10 Snaps of 2018. From a report: "With 2018 drawing to a close, and many of us spending with family during the holiday season, I thought we'd take a look back over some of our favourite Linux applications in the Snap Store. Some have been in the store for over a year, and a few landed only recently, but they're all great," says Alan Pope, Canonical. [...] Canonical shares the Top 10 Snaps: Spotify, Slack, VLC, Nextcloud, Android Studio, Discord, Plex Media Server, Xonotic, Notepad++, and Shotcut.

MojoKid writes: ARM-based server processors have threatened to take on Intel in the data center for some time but not much has materialized thus far in terms of significant deployments. However, a new breed of low cost ARM server implementations may be in the works with a many-core platform called Banana Pi. The latest Banana Pi device being teased is something very different in the form of a 24-core ARM server that speculation suggests might be sold as a Banana Pi server board or as a finished server product.

A video has surfaced that reportedly shows a 24-core ARM Cortex-A53 processor with 32GB of RAM, though the OS only sees 29.4GB of that RAM. The OS is Ubuntu 18.04.1 LTS with MATE desktop. Unless the processor used in this device is something unannounced, and that seems unlikely, the chip itself would likely be a SocioNext SC2A11. The same processor is used in the Linaro Developer Box. The demo shows the server fully loaded at 100% CPU utilization building a Linux kernel and reportedly the system also supports NVMe storage as well as TensorFlow workloads for machine learning. Not much else is known about the system at this time but it's an interesting development in the Linux server space to be sure.