Tech News - Servers

Yesterday, Google Cloud servers in the us-east1 region were cut off from the rest of the world as there was an issue reported with Cloud Networking and Load balancing within us-east1. These issues with Google Cloud Networking and Load Balancing have caused physical damage to multiple concurrent fiber bundles that serve network paths in us-east1. At 10:25 am PT yesterday, the status was updated that the “Customers may still observe traffic through Global Load-balancers being directed away from back-ends in us-east1 at this time.” It was later posted on the status dashboard that the mitigation work was underway for addressing the issue with Google Cloud Networking and Load Balancing in us-east1. However, the rate of errors was decreasing at the time but few users faced elevated latency. Around 4:05 pm PT, the status was updated, “The disruptions with Google Cloud Networking and Load Balancing have been root caused to physical damage to multiple concurrent fiber bundles serving network paths in us-east1, and we expect a full resolution within the next 24 hours. In the meantime, we are electively rerouting traffic to ensure that customers' services will continue to operate reliably until the affected fiber paths are repaired. Some customers may observe elevated latency during this period. We will provide another status update either as the situation warrants or by Wednesday, 2019-07-03 12:00 US/Pacific tomorrow.” This outage seems to be the second major one that hit Google's services in recent times. Last month, Google Calendar was down for nearly three hours around the world. Last month Google Cloud suffered a major outage that took down a number of Google services including YouTube, GSuite, Gmail, etc. According to a person who works on Google Cloud, the team is experiencing an issue with a subset of the fiber paths that supply the region and the team is working towards resolving the issue. They have mostly removed all the Google.com traffic out of the Region to prefer GCP customers. A Google employee commented on the HackerNews thread, “I work on Google Cloud (but I'm not in SRE, oncall, etc.). As the updates to [1] say, we're working to resolve a networking issue. The Region isn't (and wasn't) "down", but obviously network latency spiking up for external connectivity is bad. We are currently experiencing an issue with a subset of the fiber paths that supply the region. We're working on getting that restored. In the meantime, we've removed almost all Google.com traffic out of the Region to prefer GCP customers. That's why the latency increase is subsiding, as we're freeing up the fiber paths by shedding our traffic.” Google Cloud users are tensed about this outage and awaiting the services to get restored back to normal. https://twitter.com/IanFortier/status/1146079092229529600 https://twitter.com/beckynagel/status/1146133614100221952 https://twitter.com/SeaWolff/status/1146116320926359552 Ritiko, a cloud-based EHR company is also experiencing issues because of the Google Cloud outage, as they host their services there. https://twitter.com/ritikoL/status/1146121314387857408 As of now there is no further update from Google on if the outage is resolved, but they expect a full resolution within the next 24 hours. Check this space for new updates and information. Google Calendar was down for nearly three hours after a major outage Do Google Ads secretly track Stack Overflow users? Google open sources its robots.txt parser to make Robots Exclusion Protocol an official internet standard  

Yesterday a remote code execution bug was found in the APT high-level package manager used by Debian, Ubuntu, and other related Linux distributions. Max Justicz, the security researcher who discovered the bug, says that the bug "allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package.” Justicz’s blog post states that the vulnerable versions of APT don't properly sanitize certain parameters during HTTP redirects. An attacker can take advantage of this and perform a remote man-in-the-middle attack to inject malicious content, thus tricking the system to install certain altered packages. HTTP redirects while using apt-get command help Linux machines to automatically request packages from an appropriate mirror server when other servers are unavailable. If the first server fails, it returns the location of the next server from where the client should request the package. Justicz has also demonstrated this man-in-the-middle attack in a short video: https://justi.cz/assets/aptpoc.mp4 Justicz told The Hacker News that a malicious actor intercepting HTTP traffic between APT utility and a mirror server, or just a malicious mirror, could execute arbitrary code on the targeted system with the highest level of privileges, i.e. root. He further adds, "You can completely replace the requested package, as in my proof of concept. You could substitute a modified package as well if you wanted to”. The APT is also used by major Linux distributions like Debian and Ubuntu, who have also acknowledged and released security patches for this vulnerability. Hacker News also points how this flaw comes around the time when cybersecurity experts are fighting over Twitter, in favor of not using HTTPS and suggesting software developers to rely on signature-based package verification since the APT on Linux also does the same. They further add that the APT exploitation could have been mitigated if the software download manager was strictly using HTTPS to communicate securely. The developers of APT have released version 1.4.9 that fixes the issue. The bug has also been fixed in APT 1.2.29ubuntu0.1, 1.7.0ubuntu0.1, 1.0.1ubuntu2.19, and 1.6.6ubuntu0.1 packages, as well as in APT 1.4.9 for the Debian distribution. You can head over to Max Justicz official blog for more insights on this news. Kali Linux 2018 for testing and maintaining Windows security – Wolf Halton and Bo Weaver [Interview] Black Hat hackers used IPMI cards to launch JungleSec Ransomware, affects most of the Linux servers Homebrew 1.9.0 released with periodic brew cleanup, beta support for Linux, Windows and much more!

On the 4th of November, Linux 4.20 rc-1 was released with a host of notable changes right from AMD Vega 20 support getting squared away, AMD Picasso APU support, Intel 2.5G Ethernet support, the removal of Speck, and other new hardware support additions and software features. The release that was supposed to upgrade the kernel’s performance, did not succeed in doing so. On the contrary, the kernel is much slower as compared to previous Linux kernel stable releases. In a blog released by Phoronix, Michael Larabel,e lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org, discussed the results of some tests conducted on the kernel. He bisected the 4.20 kernel merge window to explore the reasons for the significant slowdowns in the kernel for many real-world workloads. The article attributes this degrade in performance to the Spectre Flaws in the processor. In order to mitigate against the Spectre flaw, an intentional kernel change was made.The change is termed as  "STIBP" for cross-hyperthread Spectre mitigation on Intel processors. Single Thread Indirect Branch Predictors (STIBP) prevents cross-hyperthread control of decisions that are made by indirect branch predictors. The STIBP addition in Linux 4.20 will affect systems that have up-to-date/available microcode with this support and where a user’s CPU has Hyper-Threading enabled/present. Performance issues in Linux 4.20 Michael has done a detailed analysis of the kernel performance and here are some of his findings. Many synthetic and real-world tests showed that the Intel Core i9 performance was not upto the mark. The Rodinia scientific OpenMP tests took 30% longer, Java-based DaCapo tests taking up to ~50% more time to complete, the code compilation tests also extended in length. There was lower PostgreSQL database server performance and longer Blender3D rendering times. All this was noticed in Core i9 7960X and Core i9 7980XE test systems while the AMD Threadripper 2990WX performance was unaffected by the Linux 4.20 upgrade. The latest Linux kernel Git benchmarks also saw a significant pullback in performance from the early days of the Linux 4.20 merge window up through the very latest kernel code as of today. Those affected systems included a low-end Core i3 7100 as well as a Xeon E5 v3 and Core i7 systems. The tests conducted found the  Smallpt renderer to slow down significantly PHP performance took a major dive, HMMer also faced a major setback compared to the current Linux 4.19 stable series. What is surprising is that there are mitigations against Spectre, Meltdown, Foreshadow, etc in Linux 4.19 as well. But 4.20 shows an additional performance drop on top of all the previously outlined performance hits this year. In the entire testing phase, the AMD systems didn’t appear to be impacted. This would mean if a user disables Spectre V2 mitigations to account for better performance- the system’s security could be compromised. You can head over to Phoronix for a complete analysis of the test outputs and more information on this news. Soon, RHEL (Red Hat Enterprise Linux) won’t support KDE Red Hat releases Red Hat Enterprise Linux 8 beta; deprecates Btrfs filesystem The Ceph Foundation has been launched by the Linux Foundation to support the open source storage project

Last week, Microsoft announced that Hyper-V server, one of the variants in the Windows 10 October 2018/1809 release is finally available, on the Microsoft Evaluation Center. This release comes after a delay of more than six months, since the re-release of Windows Server 1809/Server 2019 in early November. It has also been announced that Hyper-V Server 2019 will  be available to Visual Studio Subscription customers, by 19th June 2019. Microsoft Hyper-V Server is a free product, and includes all the great Hyper-V virtualization features like the Datacenter Edition. It is ideal to use when running on Linux Virtual Machines or VDI VMs. Microsoft had originally released the Windows Server 10 in October 2018. However it had to pull both the client and server versions of 1809 down, for investigating the reports of users of users missing files, after updating to the latest Windows 10 feature update. Microsoft then re-released Windows Server 1809/Server 2019 in early November 2018, but without the Hyper-V Server 2019. Read More: Microsoft fixes 62 security flaws on Patch Tuesday and re-releases Windows 10 version 1809 and Windows Server 2019 Early this year, Microsoft made Windows Server 2019 evaluation media available on the Evaluation Center, but the Hyper-V Server 2019 was still missing. Though no official statement was provided by the Microsoft officials, it is suspected that it may be due to errors with the working of Remote Desktop Services (RDS). Later in April, Microsoft officials stated that they found some issues with the media, and will release an update soon. Now that the Hyper-V Server 2019 is finally going to be available, it can put all users of Windows Server 2019 at ease. Users who had managed to download the original release of Hyper-V Server 2019 while it was available, are advised to delete it and install the new version, when it will be made available on 19th June 2019. Users are happy with this news, but are still wondering what took Microsoft so long to come up with the Hyper-V Server 2019. https://twitter.com/ProvoSteven/status/1139926333839028224 People are also skeptical about the product quality. A user on Reddit states that “I'm shocked, shocked I tell you! Honestly, after nearly 9 months of MS being unable to release this, and two months after they said the only thing holding it back were "problems with the media", I'm not sure I would trust this edition. They have yet to fully explain what it is that held it back all these months after every other Server 2019 edition was in production.” Microsoft’s Xbox team at E3 2019: Project Scarlett, AI-powered Flight Simulator, Keanu Reeves in Cyberpunk 2077, and more Microsoft quietly deleted 10 million faces from MS Celeb, the world’s largest facial recognition database 12 Visual Studio Code extensions that Node.js developers will love [Sponsored by Microsoft]

bpftrace is a DTrace like tool for troubleshooting kernel problems. It was created about a year ago by Alastair Robertson and the GitHub repository was made public recently. It has plenty of features to relate it to DTrace 2.0. bpftrace bpftrace is an open source high level tracing tool which allows analyzing systems. It is now more competent and built for modern extended Berkeley Packet Filter (eBPF). eBPF is a part of the Linux kernel and is popular in systems engineering. Robertson recently developed struct support, and applied it to tracepoints. Struct support was also applied to kprobes. bpftrace uses existing Linux kernel facilities like eBPF, kprobes, uprobes, tracepoints, and perf_events. It also uses bcc libraries. bpftrace uses a lex/yacc parser internally to convert programs into abstract syntax tree (AST). Then llvm intermediate representation actions are done and finally, then BPF is done. Source: GitHub bpftrace and DTrace bpftrace is a higher-level front end for custom ad-hoc tracing. It can play a similar role as DTrace. There are some things eBPF can do and DTrace can't, one of them being the ability to save and retrieve stack traces as variables. Brendan Gregg, one of the contributors of bpftrace states in his blog: “We've been adding bpftrace features as we need them, not just because DTrace had them. I can think of over a dozen things that DTrace can do that bpftrace currently cannot, including custom aggregation printing, shell arguments, translators, sizeof(), speculative tracing, and forced panics.” A one-liner tutorial and reference guide is available on GitHub for learning bpftrace. For more details and trying bpftrace head on to the GitHub repository and Brendan Gregg’s blog. NVTOP: An htop like monitoring tool for NVIDIA GPUs on Linux LLVM 7.0.0 released with improved optimization and new tools for monitoring Xamarin Test Cloud for API Monitoring [Tutorial]

The Bodhi Team have announced the fifth major release of their Linux distribution. Bodhi Linux 5.0.0 comes with an updated Ubuntu core 18.04 and an overall modern look for its Moksha Window Manager. Bodhi Linux was first released as a stable version seven years ago, as a lightweight Linux distribution based on Ubuntu and Moksha window manager. It uses a minimal base system allowing users to populate it with the software of their choice. Bodhi Linux 5.0.0 features disc images which have a fresh new look; a modified version of the popular 'Arc Dark' theme colorized in Bodhi Green. They have also included a fresh default wallpaper, login screen, and splash scenes as your system boots. Bodhi Linux Default Desktop - Busy Bodhi Linux Desktop - Clean The Bodhi team have not provided a change log because the move to an Ubuntu 18.04 base from 16.04 is the only major difference. Ubuntu 18.04 comes with changes such as Better metric collection in Ubuntu Report Support for installing on NVMe with RAID1 Fix for a typo that made update-manager report crash Miscellaneous unattended-upgrade fixes Ubuntu welcome tool now mentions dock and notifications Patches to make audio work on Lenovo machines with dual audio codecs Restore New Tab menu item in GNOME Terminal New “Thunderbolt” panel in Settings app If you installed a pre-release of Bodhi 5.0.0 you will simply need to run your system updates for the latest ISO images. However, the system updates will not adjust the look of your desktop automatically. If you have a previous Bodhi release installed you will need to do a clean install to upgrade to Bodhi 5.0.0. Bodhi 4.5.0 will have support until Ubuntu 16.04 runs out in April 2021. You can read more about the Bodhi 5.0.0 release on Bodhi Linux Blog. What to expect from upcoming Ubuntu 18.04 release. Is Linux hard to learn? Red Hat Enterprise Linux 7.5 (RHEL 7.5) now generally available.

Last week, Google project zero criticized Ubuntu and Debian developers for not merging kernel security fixes fast enough and leaving users exposed in the meantime. The kernel community clarified yesterday on how it is making attempts to reduce and control the bugs in the Linux ecosystem by testing and kernel hardening. They acknowledge that there is not a lot the kernel community can do to eliminate bugs as bugs are part and parcel of software development. But they are focusing on testing to find them. Now there is a security team in the kernel community made up of kernel developers who are well versed with kernel core concepts. Linux Kernel developer Kroah Hartman said: “A bug is a bug. We don’t know if a bug is a security bug or not. There is a famous bug that I fixed and then three years later Red Hat realized it was a security hole”. In addition to fixing bugs, the kernel community will contribute to hardening to the kernel. Kernel hardening enables additional kernel-level security mechanisms to improve the security of the system. Linux Kernel Developer Kees Cook and others have made huge efforts to take hardening features that have been traditionally outside of the kernel and merge them for the kernel. Cook provides a summary of all the new hardening features added with every kernel released. Hardening the kernel is not enough, new features need to be enabled to take advantage of them which is not happening. A stable kernel is released every week at the official Kernel website. Then, companies pick one to support for a longer period of time for enabling device manufacturers to take advantage of it. However, Hartman observed that barring Google Pixel, most Android phones don’t include the additional hardening features, making all those phones vulnerable. He added that companies should enable these features. Hartman stated: “I went out and bought all the top of the line phones based on kernel 4.4 to see which one actually updated. I found only one company that updated their kernel,” he said.  “I'm working through the whole supply chain trying to solve that problem because it's a tough problem. There are many different groups involved -- the SoC manufacturers, the carriers, and so on. The point is that they have to push the kernel that we create out to people.” However, the big vendors like Red Hat and SUSE keep the kernel updated which have these features. The kernel community is also working with Intel to mitigate Meltdown and Spectre attacks. Intel changed its approach in how they work with the kernel community after these vulnerabilities were discovered. The bright side to this is that the Intel vulnerabilities proved that things are getting better for the kernel community. More testing is being done, patches are being made and efforts are put to make the kernel as bug-free as possible. To know more, visit the Linux Blog. Introducing Wasmjit: A kernel mode WebAssembly runtime for Linux Linux programmers opposed to new Code of Conduct threaten to pull code from project Linus Torvalds is sorry for his ‘hurtful behavior’, is taking ‘a break (from the Linux community) to get help’

Last week the team at OpenWrt announced the second service release of the stable OpenWrt 18.06 series, OpenWrt 18.06.2. OpenWrt is a Linux operating system that targets embedded devices and provides a fully writable filesystem with optional package management. It is also considered to be a complete replacement for the vendor-supplied firmware of a wide range of wireless routers and non-network devices. What’s new in OpenWrt 18.06.2? OpenWrt 18.06.2 comes with bug fixes in the network and the build system and updates to the kernel and base packages. In OpenWrt 18.06.2, Linux kernel has been updated to versions 4.9.152/4.14.95 (from 4.9.120/4.14.63 in v18.06.1). GNU time dependency has been removed. This release comes with added support for bpf match. In this release, a blank line has been inserted after KernelPackage template to allow chaining calls. INSTALL_SUID macro has been added. This release comes with added support for enabling the rootfs/boot partition size option via tar. Building of artifacts has been introduced. Package URL has been updated. Un-initialized return value has been fixed. Major bug fixes The docbook2man error has been fixed. The issues with libressl build on x32 (amd64ilp32) host has been fixed. The build has been fixed without modifying Makefile.am. Fedora patch has been added for crashing git style patches. The syntax error has been fixed. Security fixes for the Linux kernel, GNU patch, Glibc, BZip2, Grub, OpenSSL, and MbedTLS. IPv6 and network service fixes. Few of the users are happy about this release and they think despite small teams and budgets, the team at OpenWrt has done a wonderful job by powering so many routers. One of the comment reads, “The new release still works fine on a TP-Link TL-WR1043N/ND v1 (32MB RAM, 8MB Flash). This is an old router I got from the local reuse center for $10 a few years ago. It can handle a 100 Mbps fiber connection fine and has 5 gigabit ports. Thanks Openwrt!” But the question is if cheap routers affect the internet speed. One of the users commented on HackerNews, “My internet is too fast (150 mbps) for a cheap router to effectively manage the connection, meaning that unless I pay 250€ for a router, I will just slow down my Internet needlessly.” Read more about this news on the OpenWrt’s official blog post. Mapzen, an open-source mapping platform, joins the Linux Foundation project Remote Code Execution Flaw in APT Linux Package Manager allows man-in-the-middle attack The Haiku operating system has released R1/beta1

Yesterday, Microsoft announced that the OpenSSH client and server are available as a supported feature-on-Demand in Windows Server 2019 and Windows 10 1809. OpenSSH is a collection of client/server utilities allowing secure login, remote file transfer, and public/private key pair management. It originated as a part of the OpenBSD project and has been used across the BSD, Linux, macOS, and Unix ecosystems, for years. In 2015, Microsoft said they would build OpenSSH into Windows, while also making contributions to its development. The Win32 port of OpenSSH was first included in the Windows 10 Fall Creators Update and Windows Server 1709 as a pre-release feature. With OpenSSH in the Windows Server 2019, organizations can work across a broad range of operating systems and also utilize a consistent set of tools for remote server administration. The community welcomes OpenSSH on Windows Server 2019 According to some on HackerNews, “Having used DSC and PowerShell remoting extensively, these create as many problems as they solve. Nothing works smoothly. Not a thing. The saving grace here will be SSH because then at least we can drive all our kit across both platforms from Ansible and be done with the entire MSFT management stack.” Another review says, “Mounting requires other ports to be opened, which no sysadmin will do on the internet. Ssh, on the other hand, can be started on a non-standard port.” “SSH is an awesome tool & capability as a relatively high-level network channel. The defacto “shell” approach leads to a lot of problems when used as a management device. It encourages ad-hoc, unstructured, and opaque changes. Managing your hosts via Secure Shell simply leads to bespoke, unrepeatable, outcomes and crushing debt.” To know more about this news in detail, visit the Windows official blog. Microsoft fixes 62 security flaws on Patch Tuesday and re-releases Windows 10 version 1809 and Windows Server 2019 Microsoft releases first test build of Windows Server 1803 How to use PowerShell Web Access to manage Windows Server

Earlier this month, Red Hat released RHEL 7.6. Now, Red Hata Enterprise Linux (RHEL) 8 beta version is available with more container friendliness than ever. This RHEL release is based on the Red Hat community Linux May 2018 Fedora 28 release. It uses the upstream Linux kernel 4.18 for its foundation. RHEL 8 beta introduces the concept of Application Streams. With this, userspace components can now update more quickly than core operating system packages and without having to wait for the next major version of the operating system. With Application Streams, you can also keep multiple versions of the same package around. RHEL 8 beta features RHEL 8 beta introduces a single and consistent user control panel through the RHEL Web Console. Systems admins of all experience levels can easily manage RHEL servers locally and remotely, including virtual machines. RHEL 8 beta uses IPVLAN to support efficient Linux networking in containers through connecting containers nested in virtual machines (VMs) to networking hosts. RHEL 8 beta also has a new TCP/IP stack with Bandwidth and Round-trip propagation time (BBR) congestion control. This increases performance and minimizes latency for services like streaming video or hosted storage. RHEL 8 is made secure with OpenSSL 1.1.1 and TLS 1.3 support and system-wide Cryptographic Policies. Red Hat’s lightweight, open standards-based container toolkit comes with Buildah (container building), Podman (running containers) and Skopeo (sharing/finding containers). RPM's YUM package manager has also been updated. Yum 4 delivers faster performance, fewer installed dependencies and more choices of package versions to meet specific workload requirements. File Systems in RHEL 8 beta RedHat has deprecated the Btrfs filesystem. This has really confused developers who are surprised why RedHat would opt out of it especially considering that it is also used for ChromeOS's Crostini Linux application container. From hacker news: “I'm still incredibly sad about that, especially as Btrfs has become a really solid filesystem over the last year or so in the upstream kernel.” “Indeed, Btrfs is uniquely capable and important. It has lightweight snapshots of directory trees, and fully supports NFS exports and kernel namespaces, so it can easily solve technical problems that currently can't be easily solved using ZFS or other filesystems.” Stratis is the new volume-managing file system in RHEL 8 beta. Stratis abstracts away the complexities inherent to data management via an API. Also, File System Snapshots provide for a faster way of conducting file-level tasks, like cloning virtual machines, while saving space by consuming new storage only when data changes. Existing customers and subscribers can test Red Hat Enterprise Linux 8 beta. You can also view the README file for instructions on how to download and install the software. RedHat shares what to expect from next week’s first-ever DNSSEC root key rollover. Soon, RHEL (Red Hat Enterprise Linux) won’t support KDE. Red Hat Enterprise Linux 7.5 (RHEL 7.5) now generally available.

Yesterday (on the 7th of November), Facebook open-sourced its high-performance kernel library FBGEMM: Facebook GEneral Matrix Multiplication. This library offers optimized on-CPU performance for reduced precision calculations used to accelerate deep learning models. The library has delivered 2x performance gains when deployed at Facebook (in comparison to their current production baseline). Users can deploy it using the Caffe2 front end, and it will soon be callable directly by PyTorch 1.0 Python front end. Features of FBGEMM 1. FBGEMM is optimized for server-side inference. It delivers accuracy and efficiency when performing quantized inference using contemporary deep learning frameworks. It is a low-precision, high-performance matrix-matrix multiplications and convolution library that enables large-scale production servers to run the most powerful deep learning models efficiently. The library exploits opportunities to overcome the unique challenges of matrix multiplication at lower precision with bandwidth-bound pre- and post-GEMM operations. At Facebook, FBGEMM has benefited many AI services, increased the speed of English-to-Spanish translations by 1.3x, reduced DRAM bandwidth usage in their recommendation system used in feeds by 40%, and speed up character detection by 2.4x in Rosetta, the machine learning system for understanding text in images and videos. FBGEMM supplies modular building blocks to construct an overall GEMM pipeline needed by plugging and playing different front-end and back-end components. It combines small compute with bandwidth-bound operations and exploits cache locality by fusing post-GEMM operations with macro kernel while providing support for accuracy-loss-reducing operations. Why does GEMM matter? Floating point operations (FLOPs)  are mostly consumed by Fully connected (FC) operators in the deep learning models that are  deployed in Facebook’s data centers. These FC operators are just plain GEMM, which means that their overall efficiency directly depends on GEMM efficiency. 19% of these deep learning frameworks at Facebook implement convolution as im2col followed by GEMM. However, straightforward im2col adds overhead from the copy and replication of input data. To combat this, some deep learning libraries implement direct (im2col-free) convolution for improved efficiency. Facebook provides a way to fuse im2col with the main GEMM kernel to minimize im2col overhead. Facebook  says that recent industry and research works have indicated that inference using mixed-precision works well- without adversely affecting accuracy. FBGEMM uses this as an alternative strategy to improve inference performance with quantized models. Also, newer generations of GPUs, CPUs, and specialized tensor processors natively support lower-precision compute primitives, and hence the deep learning community is moving toward low-precision models. FBGEMM provides a way to perform efficient quantized inference on the current and upcoming generation of CPUs. Head over to Facebook’s official blog to understand more about this library and how it is implemented. A new data breach on Facebook due to malicious browser extensions allowed almost 81,000 users’ private data up for sale, reports BBC News 90% Google Play apps contain third-party trackers, share user data with Alphabet, Facebook, Twitter, etc: Oxford University Study Facebook open sources a set of Linux kernel products including BPF, Btrfs, Cgroup2, and others to address production issues

Fedora 29 Beta was made available yesterday. It is the next big step towards a stable release of the Linux distribution. The stable version will be available late October. This beta brings features like modularity for all, support for GNOME 3.30 and some other changes. Modularity Modular repositories were introduced in Fedora 28 for the Fedora Server Edition. In Fedora 29 beta, modularity is available in all the editions, spins and labs. Modularity makes multiple versions of important packages available in parallel. It will work with the familiar Dandified YUM (DNF) package. With modularity, users can update their OS to the latest version while maintaining the required version of an application for proper functionality. GNOME 3.30 Fedora 29 Workstation Beta comes with the latest version of GNOME. GNOME 3.30 streamlines performance and adds a new application for Podcasts. It also automatically updates Flatpaks in Software Center. Other changes There are also many other updates included in the Fedora 29. Fedora Atomic Workstation is now rebranded as Fedora Silverblue. The GRUB menu will be hidden where only a single OS is installed as it does not provide any useful functionality in those cases. The latest version of Fedora also brings updates to many popular packages including MySQL, GNU C Library, Python, and Perl. Some architecture changes include dropping as an alternative architecture, initial support for field programming gate array (FPGAs), and packages are now built with SSE2 support. Many projects including Eclipse have dropped support for the big endian ppc64 architecture. So now Fedora will have to discontinue producing any ppc64 content. Fedora Scientific will now be shipped as vagrant boxes which were previously delivered as ISO files. Vagrant boxes will give potential users a friendlier option to try Fedora Scientific while keeping the current operating system. For a full list of changes, visit the Fedora website. GIMP gets $100K of the $400K donation made to GNOME GNOME 3.30 released with improved Desktop performance, Screen Sharing, and more Linus Torvalds is sorry for his ‘hurtful behavior’, is taking ‘a break (from the Linux community) to get help’

“Ubuntu is now the world’s reference platform for AI engineering and analytics.” -Mark Shuttleworth, CEO of Canonical. Yesterday (on 18th October), Canonical announced the release of Ubuntu 18.10 termed as ‘Cosmic Cuttlefish’. This new release is focussed on multi-cloud deployments, AI software development, a new community desktop theme, and richer snap desktop integration. According to Mark, the new release will help accelerate developer productivity and help enterprises operate at a better speed whilst being scalable across multiple clouds and diverse edge appliances. [box type="shadow" align="" class="" width=""]Fun Fact : Ubuntu codenames are in incremental alphabetical order. Following the Ubuntu 18.04 Bionic Beaver, we now have the Cosmic Cuttlefish. These codenames are comprised of an adjective and an animal, both starting with the same letter.[/box] 5 major features of Ubuntu 18.10 #1 New compression algorithms for faster installation and boot Ubuntu 18.10 uses compression algorithms like LZ4 and ztsd, which support around 10% faster boot as compared to those used in its previous version. The algorithms also facilitate the installation process which takes around 5 minutes in offline mode. #2 Optimised for multi-cloud computing This new version is designed especially keeping in mind cloud based deployments. The Ubuntu Server 18.10 images are available on all major public clouds. For private clouds, the release supports OpenStack Rocky for AI and NFV hardware acceleration. It comes with Ceph Mimic to reduce storage overhead. Including the Kubernetes version 1.12, this new version brings increased security and scalability by automating the provisioning of clusters with transport layer encryption. It is more responsive to dynamic workloads through faster scaling #3 Improved gaming performance The new kernel has been updated to the 4.18 based Linux kernel. In addition to this, the updates in Mesa and X.org significantly improve game performance. Graphics support expands to AMD VegaM in the latest Intel Kabylake-G CPUs, Raspberry Pi 3 Model B, B+ and Qualcomm Snapdragon 845. Ubuntu 18.10 introduces the GNOME 3.30 desktop which has recently been released thus contributing to an overall gaming performance boost. #4 Startup time boost and XDG Portals support for Snap applications Canonical is bringing some useful improvements to its Snap packages. Snap applications will  start in lesser time. With XDG portal support, Snap can be installed in a few clicks from the Snapcraft Store website. Major public cloud and server applications like Google Cloud SDK, AWS CLI, and Azure CLI are now available in the new version. The new release allows accessing files on the host system through native desktop controls. #5 New default theme and icons Ubuntu 18.10 uses the Yaru community theme replacing their long-serving Ambiance and Radiance themes. It gives the desktop a fresh new look and feel. Other miscellaneous changes include: DLNA support connects Ubuntu with DLNA supported Smart TVs, tablets and other devices Fingerprint scanner is now supported Ubuntu Software removes dependencies while uninstalling software The default toolchain has moved to gcc 8.2 with glibc 2.28 Ubuntu 18.10 is also updated to openssl 1.1.1 and gnutls 3.6.4 with TLS1.3 support All these upgrades are causing waves in the Linux community. That being said, users are requested to check the release notes for issues that were encountered in this new version. You can head over to the official release page to download the new version of this OS. Alternatively, learn more about these new features at itsfloss.com. KUnit: A new unit testing framework for Linux Kernel Google Project Zero discovers a cache invalidation bug in Linux memory management, Ubuntu and Debian remain vulnerable The kernel community attempting to make Linux more secure

The Linux Mint Project community announced the release of LMDE 3 Cinnamon, codenamed as ‘Cindy’. LMDE(Linux Mint Debian Edition) is a Linux Mint project where the main goal of Linux Mint team is to see how viable their distribution would be and how much work would be necessary if Ubuntu was ever to disappear. LMDE aims to be similar to Linux Mint, but without the use of Ubuntu. Instead, LMDE package base is provided by Debian. LMDE 3 Cindy includes some bug and security fixes. However, the Debian base package stands unchanged. Mint and desktop components are updated continuously. Once ready, the newly developed features get directly into LMDE. These changes are staged for inclusion in the next upcoming Linux Mint point release, which is not yet disclosed. System requirements for LMDE 3 ‘Cindy’ Cinnamon 1GB RAM (2GB recommended for a comfortable usage) 15GB of disk space (20GB recommended) 1024×768 resolution (on lower resolutions, press ALT to drag windows with the mouse if they don’t fit in the screen) Some known issues resolved Locked root account The root account is now locked by default. To use the recovery console (from the Grub menu) or log in as root, one has to first give a new password to root: sudo passwd root Secure Boot If the computer is using Secure Boot one needs to disable it. Debian Stretch and LMDE 3 does not support it. Virtualbox Guest Additions To add support for shared folders, drag and drop, proper acceleration and display resolution in Virtualbox, click on the "Devices" menu of Virtualbox and choose "Insert Guest Additions CD Image". Choose "download" when asked and follow the instructions. Read Installing the VirtualBox Guest Additions for more details. Sound and microphone issues If there’s any issue with the microphone or the sound output, install ‘pavucontrol’. This will add "PulseAudio Volume Control" to the menu. The ‘pavucontrol’ application has more configuration options than the default volume control. Issues with KDE apps If one’s experiencing issues with KDE apps (Okular, Gwenview, KStars..etc), they can run the following command: apt install kdelibs-bin kdelibs5-data kdelibs5-plugins Read more about this release in detail in LMDE 3 Documentation. Facebook and Arm join Yocto Project as platinum members for embedded Linux development Bodhi Linux 5.0.0 released with updated Ubuntu core 18.04 and a modern look Google becomes a new platinum member of the Linux Foundation  

Last week, the Ubuntu community announced the release of Mir 1.0.0, a fast, open and secure display server. The important highlights of this release are support for the Wayland xdg-shell (stable) extension and improved facilities for customizing display layouts. Mir is a system-level component that can be used to unlock next-generation user experiences. It runs on a range of Linux powered devices including traditional desktops, IoT and embedded products. Highlights in Mir 1.0.0 Wayland extension protocols At present, there are many Wayland “extension protocols” to provide specialized support for specific needs. Mir will continue to implement those protocols that are important for the projects that it supports. With the Mir 1.0.0 release, the list of supported extension protocols is: protocol name=“wayland” protocol name=“xdg_shell_unstable_v6” protocol name=“xdg_shell” These are sufficient for the vast majority of desktop and IoT applications. Display layout Mir has a new .display configuration file that tells it how to organize multiple outputs. This is described in Display Configuration for mir-kiosk and Egmde snap: update 0.2 As Mir is designed to handle a wide range of platforms, Mir can be used to create a Wayland based “Desktop Environment” or “Shell”. A couple of examples that use Mir are: Unity8 Egmde Developers using Mir will find it packaged and available on Ubuntu, Fedora and Arch; and soon on Debian. The latest Mir release is available for all supported Ubuntu series from the Mir team’s ‘Release PPA’. To know more about Mir 1.0.0 in detail, visit Ubuntu community blog. Ubuntu free Linux Mint Project, LMDE 3 ‘Cindy’ Cinnamon, released Bodhi Linux 5.0.0 released with updated Ubuntu core 18.04 and a modern look What to expect from upcoming Ubuntu 18.04 release