An anonymous reader writes: Tavis Ormandy of Google's Project Zero team has discovered a vulnerability in Symantec Antivirus Engine. The said engine is vulnerable to a buffer overflow when parsing malformed portable-executable (PE) header files, reports ZDNet. "Such malformed PE files can be received through incoming email, downloading of a document or application, or by visiting a malicious web site," Symantec said. "No user interaction is required to trigger the parsing of the malformed file." For Linux, OS X, and other Unix-like systems, the exploit results in a remote heap overflow as root in the Symantec or Norton process, Ormandy said in the Project Zero issue tracker. "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability -- this is about as bad as it can possibly get," he said.The vulnerability, if exploited, results in kernel memory corruption without user action and instant blue-screening on Windows.

An anonymous coward writes: Just like clockwork, the Linux 4.6 kernel was officially released today. Details on the kernel changes for Linux 4.6 can be found via Phoronix and KernelNewbies.org. NVIDIA GeForce GTX 900 Maxwell support and Dell XPS 13 Skylake support are among the many hardware changes for 4.6. For Linux 4.7 there are already several new features to look forward to from new DRM display drivers to a new CPU scaling governor expected.
prisoninmate also writes: Linus Torvalds announced the final release of the anticipated Linux 4.6 kernel, which, after seven Release Candidate builds introduces features like "the OrangeFS distributed file system, support for the USB 3.1 SuperSpeed Plus (SSP) protocol, offering transfer speeds of up to 10Gbps, improvements to the reliability of the Out Of Memory task killer, as well as support for Intel Memory protection keys," [according to Softpedia].

"Moreover, Linux kernel 4.6 ships with Kernel Connection Multiplexor, a new component designed for accelerating application layer protocols, 802.1AE MAC-level encryption (MACsec) support, online inode checker for the OCFS2 file system, support for the BATMAN V protocol, and support for the pNFS SCSI layout."

prisoninmate quotes a report from Softpedia: It took the Debian developers many years to finally be able to ship a working version of ZFS for Linux on Debian GNU/Linux. For those not in the known, ZFS on Linux is the official OpenZFS implementation for Linux, which promises to offer native ZFS filesystem support for any Linux kernel-based operating system, currently supporting Arch Linux, Ubuntu, Fedora, Gentoo, Red Hat Enterprise Linux, CentOS, openSUSE, and now Debian. And it looks like their ZFS for Linux implementation borrows a lot of patches from Ubuntu, at least according to the changelog for zfs-linux 0.6.5.6-2, the version that is now available in the unstable channel for Debian users to install and test.

An anonymous reader writes: The Raspberry Pi 3 was launched with built-in chip for Bluetooth and Wi-Fi support, however, software support for Bluetooth was lacking until now. The drivers were there, but today's update to the Raspbian Linux distribution adds much-needed GUI tools to help you establish Bluetooth connections. Another cool addition is a new backup tool. There are other improvements as well including the mouse settings, and the ability to empty the wastebasket through right-clicking as seen below (yes, seriously). There is even a new shutdown dialog, something even casual users should notice.Official blog post here.

sfcrazy writes: Greg Kroah-Hartmant, the Linux superstar, delivered a keynote at CoreOS Fest where he gave some impressive details on how massive is the Linux project. Kroah-Hartman said the latest release (4.5) made two months ago contains over 21 million lines of code. More impressive than the amount of code, and what truly makes Linux the world's largest software project is the fact that last year around 4,000 developers and at least 440 different companies that contributed to the kernel. Kroah-Hartman said, "It's the largest software development project ever, in the history of computing -- by the number of people using it, developing it, and now using it, and the number of companies involved. It's a huge number of people."

A month ahead of its final release, Fedora Project on Tuesday released Fedora 24 beta for users and enthusiasts to try. An anonymous reader writes: The workstation version -- the one most home users will target -- offers GNOME 3.20 preview as a desktop environment. The GNOME environment has improved leaps and bounds over the years, becoming one of the best UIs of any operating system. Wayland is available as preview, but not default. The display server protocol is still poised to replace X, but it will not yet be ready for Fedora 24. The team explains that it should be ready for 'future versions'. Whether that means version 25 is something that remains to be seen."We're pleased to announce that Fedora 24, the latest version of the Fedora operating system, is now available in beta. The Fedora Project is a global community that works together to lead the advancement of free and open source software. As part of the community's mission the project delivers three editions, each one a free, Linux-based operating system tailored to meet specific use cases: Fedora 24 Cloud Beta, Fedora 24 Server Beta, and Fedora 24 Workstation Beta," said Matthew Miller, Fedora Project Leader.

An anonymous reader shares DistroWatch's report that the Debian distribution will soon be dropping support for older, 32-bit processors.
The Debian project supports a wide range of hardware architectures, including 32-bit x86 CPUs. Changes are happening in Debian's development branches which will make older versions of the 32-bit architecture obsolete. Ben Hutchings provides the details:

"Last year it was decided to increase the minimum CPU features for the i386 architecture to 686-class in the Stretch release cycle. This means dropping support for 586-class and hybrid 586/686 processors. (Support for 486-class processors was dropped, somewhat accidentally, in Squeeze.) This was implemented in the Linux kernel packages starting with Linux 4.3, which was uploaded to Unstable in December last year. In case you missed that change, GCC for i386 has recently been changed to target 686-class processors and is generating code that will crash on other processors. Any such systems still running Testing or Unstable will need to be switched to run Stable (Jessie)." Hutching's announcement includes a list of processors which will no longer be supported after Debian "Jessie".

An anonymous reader quotes this report from Distrowatch: Linux Mint 18 will no longer provide separate, codec-free installation media for OEM and magazine distribution. Instead, the distribution will ship without multimedia support while making it easy for users to acquire media codecs during the initial installation of the operating system. "OEM installation disks and NoCodec images will no longer be released. Instead, similar to other distributions, images will ship without codecs and will support both traditional and OEM installations. This will reduce our release cycle to 4 separate events and the production and testing of 12 ISO images. Multimedia codecs can be installed easily: From the welcome screen, by clicking on "Multimedia Codecs", or from the main menu, by clicking on "Menu"->"Sound and Video"->"Install Multimedia Codecs", or during the installation process, by clicking a checkbox option." Additional information on the upcoming release of Linux Mint 18 can be found in the project's monthly newsletter.
Softpedia points out that they're using Ubuntu 16.04 LTS as the package base, meaning "more hardware devices and components are now supported."

prisoninmate writes: Today is the last day of the Ubuntu Online Summit 2016, and the Ubuntu developers discussed the future of the Ubuntu Desktop for Ubuntu 16.10 (Yakkety Yak) and beyond. It looks like Snaps (Snappy) and Unity 8 with Mir are slowly conquering the Ubuntu Desktop, at least according to Canonical's Will Cooke, Ubuntu Desktop Manager. Work has already begun on pushing these new and modern technologies to the Ubuntu Desktop, as Ubuntu 16.04 LTS has just received support for installing Snaps from the Ubuntu Snappy Store. Canonical's Will Cooke has mentioned the fact that the Unity 7 desktop enters its twilight years, which means that it gets fewer features and it's being reduced to only critical and OEM work. This is because Unity 8 desktop is getting all the attention now, and it will become the default desktop session somewhere after Ubuntu 16.10 (Yakkety Yak).

An anonymous reader writes: Google Search competitor DuckDuckGo announced it will be giving away a total of $225,000 to support nine open source projects, each project will receive $25,000. DuckDuckGo said it performed 3 billion searches in 2015. It differs from many other search engines as it offers private, anonymous internet search. It doesn't gather information about you to sell ads to marketeers, like Google. Instead, it shows generic ads as it's part of the Microsoft/Bing/Yahoo ad network. It also has revenue-sharing agreements with certain companies in the Linux Open Source worlds, and makes money from select affiliate links. The $225,000 DuckDuckGo is giving away is chump change compared to the $100 million Google gives away in grants ever year. However, for the select projects, it should still be very beneficial. Last year, DuckDuckGo gave away a total of $125,000 to open source projects, so it's nice to see them donate an extra $100,000 to a good cause.

Mark Shuttleworth, founder of Canonical and Ubuntu Foundation, gave an interview to eWeek this week ahead of Ubuntu Online Summit (UOS). In the wide-ranging interview, Shuttleworth teased some features that we could expect in Ubuntu 16.10, and also talked about security and privacy. From the report: One thing that Ubuntu Linux users will also continue to rely on is the strong principled stance that Shuttleworth has on encryption. With the rapid growth of the Linux Foundation's Let's Encrypt free Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate platform this year, Shuttleworth noted that it's a good idea to consider how that might work in an integrated way with Ubuntu. Overall, he said, the move to encryption as a universal expectation is really important. "We don't do encryption to hide things; we do encryption so we can choose what to share," Shuttleworth said. "That's a profound choice we should all be able to make." Shuttleworth emphasized that on the encryption debate, Canonical and Ubuntu are crystal clear. "We will never backdoor Ubuntu; we will never weaken encryption," he said.

Joey-Elijah Sneddon, reporting for OMGUbuntu: You can expect to see a larger Ubuntu desktop installation image by the time the Yakkety Yak yips out. Developers are currently debating the exact size limits that official flavours will adhere to, with some favouring a 2GB hard limit while others are looking to go full-DVD size at 4.7GB+. Canonical's Steven Langasek explains the plans for Ubuntu 16.10 Yakkety Yak: "I've finally gone ahead and bumped the limit on Ubuntu desktop images to 2GB for a minimally-sized USB stick; this gives us a new limit that I think we will care about, while also leaving us headroom so we're not constantly fighting it back down to the line." The Ubuntu ISO is supposed to be around the 1GB mark but has creeped past this in recent releases. The current Ubuntu 16.04 LTS desktop .iso is 1.4GB.

An anonymous reader writes: "Pretty much any device with a USB port will be able to use advanced neural networks," reports PC Magazine, announcing the new Fathom Neural Compute Stick from chip-maker (and Google supplier) Movidius. "Once it's plugged into a Linux-powered device, it will enable that device to perform neural network functions like language comprehension, image recognition, and pattern detection," and without even using an external power supply.

Device manufacturers could now move AI-level processing from the cloud down to end users, PC Magazine reports, with one New York computer science professor saying the technology means that now "every robot, big and small, can now have state-of-the-art vision capabilities."
The article argues that this standalone, ultra-low power neural network could start the creation of a whole new category of next-generation consumer technologies.

An anonymous reader writes: Humble Bundle announced a special "pay what you want" sale for four ebooks from No Starch Press, with proceeds going to the Electronic Frontier Foundation (or to the charity of your choice). This "hacker edition" sale includes two relatively new titles from 2015 -- "Automate the Boring Stuff with Python" and Violet Blue's "Smart Girl's Guide to Privacy," as well as "Hacking the Xbox: An Introduction to Reverse Engineering" by Andrew "bunnie" Huang, and "The Linux Command Line".

Hackers who are willing to pay "more than the average" -- currently $14.87 -- can also unlock a set of five more books, which includes "The Maker's Guide to the Zombie Apocalypse: Defend Your Base with Simple Circuits, Arduino, and Raspberry Pi". (This level also includes "Bitcoin for the Befuddled" and "Designing BSD Rootkits: An Introduction to Kernel Hacking".) And at the $15 level -- just 13 cents more -- four additional books are unlocked. "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" is available at this level, as well as "Hacking: The Art of Exploitation" and "Black Hat Python."
Nice to see they've already sold 28,506 bundles, which are DRM-free and available in PDF, EPUB, and MOBI format. (I still remember Slashdot's 2012 interview with Make magazine's Andrew "bunnie" Huang, who Samzenpus described as "one of the most famous hardware and software hackers in the world.")

jaromil writes: Devuan beta is released today, following up the Debian fork declaration and progress made during the past two years. Devuan now provides an alternative upgrade path to Debian, and switching is easy from both Wheezy and Jessie. From The Register: "Devuan came into being after a rebellion by a self-described 'Veteran Unix Admin collective' argued that Debian had betrayed its roots and was becoming too desktop-oriented. The item to which they objected most vigorously was the inclusion of the systemd bootloader. The rebels therefore decided to fork Debian and 'preserve Init freedom.' The group renamed itself and its distribution 'Devuan' and got work, promising a fork that looked, felt, and quacked like Debian in all regards other than imposing systemd as the default Init option."

prisoninmate quotes a report from Softpedia: According to Matthew Garrett, a renowned CoreOS security developer, and Linux kernel contributor, Canonical's new snap package format is not secure at all when it is used under X.Org Server (X Window System), which, for now, it is still the default display server of the Ubuntu 16.04 LTS (Xenial Xerus) operating system. The fact of the matter is that X11's old design is well-known for being insecure, and Matthew Garrett took the time to demonstrate this by writing a simple snap package that can steal data from any other X11 software, in this case anything you type on the Mozilla Firefox web browser. As more developers will provide snaps for their apps, Canonical needs to do something about the security of snaps in Ubuntu when using X11 or switch to the Mir display server. In the meantime, the security of snaps remains unaffected for the Ubuntu Server operating system, which is usually used without a display server. Canonical has officially released Ubuntu 16.04 LTS, which is now available to download for those interested.

Reader prisoninmate writes: The latest, and hopefully, the greatest version of Ubuntu is now available to download. On the sidelines, Mozilla today announced the availability of future releases of its popular Firefox web browser in the snap package format for Ubuntu 16.04 LTS. Earlier today, Canonical unleashed the final release of the highly anticipated Ubuntu 16.04 LTS (Xenial Xerus) operating system, bringing users a great set of new features and improvements. Also today, it looks like Canonical has renewed its partnership with Mozilla to offer Firefox as the default web browser on Ubuntu 16.04 LTS and upcoming releases of the Linux kernel-based operating systems. As part of the new partnership, Mozilla is committed to distributing future versions of Firefox as a snap package. Having Firefox distributed in the snap format means that you'll have 0-day releases in Ubuntu 16.04. Yes, just like Windows and Mac OS X, users are enjoying their 0-day releases of Mozilla Firefox and don't have to wait for package maintainers of a particular GNU/Linux distribution to update the software in the main repositories. For Mozilla, having Firefox as a snap package means that they'll be able to continually optimize it for Ubuntu.

An anonymous reader writes: Canonical announced today that it will be releasing Ubuntu 16.04 LTS on Thursday, April 21. The sixth major release of Ubuntu Long-Term Support (LTS) features the new 'snap' package format and LXD pure-container hypervisor. "The addition of 'snaps' for faster and simpler updates, and the LXD container hypervisor for ultra-fast and ultra-dense cloud computing demonstrate a commitment to customer needs that sets Ubuntu apart as the platform for innovation and scale," said Dustin Kirkland who leads platform strategy at Canonical. Ubuntu 16.04 LTS introduces a new application format, the 'snap', which can be installed alongside traditional deb packages. The snap format is much easier to secure and much easier to produce, and offers operational benefits for organizations managing many Ubuntu devices, which will bring more robust updates and more secure applications across all form factors from phone to cloud.

An anonymous reader writes: Cloud computing startup Mesosphere has opted to open-source its data center management platform. This move is backed by Microsoft, Hewlett-Packard Enterprise, Cisco Systems and roughly 60 other tech partners. The three-year-old San Francisco company's datacenter operating system (DCOS) was built as an operating system for all services in a data center to function as one pool of resources. Capabilities include the quick, app store-like installation of more than 20 complex distributed systems, including HDFS, Apache Spark, Apache Kafka and Apache Cassandra, Mesosphere said in an announcement. Although some of the company's technologies were already available as open source, others were propriety until now. Mesosphere said it welcomes additional enterprises interested in partnering on this open source project.Wired has more details on this in its slightly enthusiastic report titled You want to build an empire like Google's? This is your OS.

An anonymous reader quotes a report from ZDNet: One reason Ubuntu is increasing its lead is that Jujo, Canonical's application modeling and deployment DevOps tool, has been gaining in popularity. In the latest OpenStack user survey, we see that OpenStack is finally gaining real momentum in private clouds. We also see that Ubuntu Linux is continuing to dominate OpenStack. As Canonical cloud marketing manager Bill Bauman said, "Ubuntu OpenStack continues to dominate the majority of deployments with 55 percent of production OpenStack clouds. The previous survey showed Ubuntu OpenStack at 33 percent of production clouds. Ubuntu has seen almost 67 percent growth in an area where Ubuntu was already the market leader. These numbers are a huge testament to the community support Ubuntu OpenStack receives every day." The Cloud Market's latest analysis of operating systems on the Amazon Elastic Compute Cloud (EC2) shows Ubuntu with just over 215,000 instances. Ubuntu is followed by Amazon's own Amazon Linux Amazon Machine Image (AMI), with 86,000 instances. Further back, you'll find Windows with 26,000 instances. In fourth and fifth place, respectively, you'll find Red Hat Enterprise Linux (RHEL) with 16,500 instances and then CentOS with 12,500 instances.