Linux

rust-in-linux-lead-retires-rather-than-deal-with-more-“nontechnical-nonsense”

Rust in Linux lead retires rather than deal with more “nontechnical nonsense”

asahi lina, asahi linux, Biz & IT, C language, kernel development, Linus Torvalds, Linux, Linux kernel, rust, rust language, Tech, Wedson Almeida Filho / /

Oxidation consternation —

How long can the C languages maintain their primacy in the kernel?

Rusty links of a chain, against an also-rusted metal background.

Enlarge / Rust never sleeps. But Rust, the programming language, can be held at bay if enough kernel programmers aren’t interested in seeing it implemented.

Getty Images

The Linux kernel is not a place to work if you’re not ready for some, shall we say, spirited argument. Still, one key developer in the project to expand Rust’s place inside the largely C-based kernel feels the “nontechnical nonsense” is too much, so he’s retiring.

Wedson Almeida Filho, a leader in the Rust for Linux project, wrote to the Linux kernel mailing list last week to remove himself as the project’s maintainer. “After almost 4 years, I find myself lacking the energy and enthusiasm I once had to respond to some of the nontechnical nonsense, so it’s best to leave it up to those who still have it in them,” Filho wrote. While thanking his teammates, he noted that he believed the future of kernels “is with memory-safe languages,” such as Rust. “I am no visionary but if Linux doesn’t internalize this, I’m afraid some other kernel will do to it what it did to Unix,” Filho wrote.

Filho also left a “sample for context,” a link to a moment during a Linux conference talk in which an off-camera voice, identified by Filho in a Register interview as kernel maintainer Ted Ts’o, emphatically interjects: “Here’s the thing: you’re not going to force all of us to learn Rust.” In the context of Filho’s request that Linux’s file system implement Rust bindings, Ts’o says that while he knows he must fix all the C code for any change he makes, he cannot or will not fix the Rust bindings that may be affected.

“They just want to keep their C code”

Asahi Lina, developer on the Asahi Linux project, posted on Mastodon late last week: “I regretfully completely understand Wedson’s frustrations.” Noting that “a subset of C kernel developers just seem determined to make the lives of Rust maintainers as difficult as possible,” Lina detailed the memory safety issues they ran into writing Direct Rendering Manager (DRM) scheduler abstractions. Lina tried to push small fixes that would make the C code “more robust and the lifetime requirements sensible,” but was blocked by the maintainer. Bugs in that DRM scheduler’s C code are the only causes of kernel panics in Lina’s Apple GPU driver, she wrote—”Because I wrote it in Rust.”

“But I get the feeling that some Linux kernel maintainers just don’t care about future code quality, or about stability or security any more,” Lina wrote. “They just want to keep their C code and wish us Rust folks would go away. And that’s really sad… and isn’t helping make Linux better.”

Drew DeVault, founder of SourceHut, blogged about Rust’s attempts to find a place inside the Kernel. In theory the kernel should welcome enthusiastic input from motivated newcomers. “In practice, the Linux community is the wild wild west, and sweeping changes are infamously difficult to achieve consensus on, and this is by far the broadest sweeping change ever proposed for the project,” DeVault writes. “Every subsystem is a private fiefdom, subject to the whims of each one of Linux’s 1,700+ maintainers, almost all of whom have a dog in this race. It’s herding cats: introducing Rust effectively is one part coding work and ninety-nine parts political work – and it’s a lot of coding work.”

Rather than test their patience with the kernel’s politics, DeVault suggests Rust developers build a Linux-compatible kernel from scratch. “Freeing yourselves of the [Linux Kernel Mailing List] political battles would probably be a big win for the ambitions of bringing Rust into kernel space,” DeVault writes.

Torvalds understands why Rust uptake is slow

You might be wondering what lead maintainer Linus Torvalds thinks about all this. He took a “wait and see” approach in 2021, hoping Rust would first make itself known in relatively isolated device drivers. At an appearance late last month, Torvalds… essentially agreed with the Rust-minded developer complaints, albeit from a much greater remove.

“I was expecting [Rust] updates to be faster, but part of the problem is that old-time kernel developers are used to C and don’t know Rust,” Torvalds said. “They’re not exactly excited about having to learn a new language that is, in some respects, very different. So there’s been some pushback on Rust.” Torvalds added, however, that “another reason has been the Rust infrastructure itself has not been super stable.”

The Linux kernel is a high-stakes project in which hundreds or thousands of developers have a stake; conflict is perhaps inevitable. Time will tell how long C will remain the primary way of coding for, and thinking about, such a large yet always-moving, codebase.

Ars has reached out to both Filho and Ts’o for comment and will update this post with response.

Rust in Linux lead retires rather than deal with more “nontechnical nonsense” Read More »

you-can-kick-the-alpha-tires-on-system76’s-cosmic,-a-new-linux-desktop

You can kick the alpha tires on System76’s Cosmic, a new Linux desktop

Cosmic Desktop, GNOME, Linux, pop!_os, rust, system76, Tech / /

We’re all part of a cosmic alpha, if you really think about it, man —

A whole new desktop aims to appeal with tiling, themes, and a safer Rust core.

The app store, terminal window (showing an ASCII Pop!_OS logo), theming options, and other windows on a Cosmic desktop

Enlarge / A little auto-tiling on the Cosmic desktop.

System76

System76 has released an alpha version of its Cosmic desktop environment for Linux and Unix-like systems. The Linux hardware firm isn’t targeting only its customers with its GNOME replacement; it also hopes to get distro maintainers and app makers on board with its Rust-built, UX-focused desktop.

While the Cosmic desktop will be built into the Linux vendor’s Pop!_OS (which is also in the alpha ISO), it’s also available to other systems, as you might expect. System76 provides drop-in instructions for Fedora and Arch Linux installs, among others.

System76 says it is “excited to see COSMIC integration elevate Linux as a whole,” along with what results “from making UX-building more accessible.” By building Cosmic natively in the Rust language, System76 also intends to provide a more stable and memory-safe environment for apps.

Cosmic shows deep attention to tiling, keyboard shortcuts, and panel and dock customization, as has been present on its Pop!_OS. I’m a bit of a boring side-by-side, single-workspace type; Gardiner Bryant on YouTube went deeper into the Cosmic alpha’s tiling, panels, and GTK app acceptance. I found that getting Cosmic into a reasonable shape I could work from, and picking up its keyboard window shortcuts, was easier than with either KDE or GNOME.

One thing System76 made clear in its push for Cosmic is its readiness for more deeply integrated themes. System76 offered a few examples in its press materials, and I must admit a fondness for its over-the-top examples.

  • System76 probably can’t officially offer this theme, what with Internet Explorer logo and other recognizable icons, but it does illustrate the theme potentials.

    System76

  • Answering the eternal software question “Can it run Doom?” even in desktop environments.

    System76

  • This? This is the subtle side of this very Polish-RPG-influenced theme.

    System76

  • If you’re going to hack the net and fight the corpos, you gotta wake your eyes up, choom.

    System76

Promising, but definitely not production

I’ve been using the Cosmic-topped desktop alpha since last week on an also alpha-ish Pop!_OS 24.04 long-term support distribution with Wayland windowing. It’s running on my desktop-ified Framework laptop, since System76 noted that virtual machines would require some hardware acceleration trickery to function properly. It’s definitely an alpha, with lots of things you’d expect to see in the settings and around the system missing or non-interactive.

What I can say about Cosmic, even at this early alpha stage, is that it’s relatively snappy and cohesive compared to other systems I’ve used. The settings app only has six main categories, and one of them is “Desktop,” with robust settings for changing your dock, windows, workspaces, and appearance. I keep a webcam on top of my monitor, with a clamp big enough to hide the time/date combo sometimes perched there by GNOME desktops. Cosmic’s panel controls made it easy to move this to the right and similarly position and style my dock however I like.

Most of what is on display here is not for end users, though, as much as it is for adventurous users, or maybe community distro packagers, looking for a desktop environment carrying far less technical debt than GNOME and KDE. At the same time, that means there will be some tension and scraping between certain apps and this new environment. Slack’s main window on my system is constantly disappearing, and clicking its persistent notification in the tray won’t bring it back. And I’m the type who always remaps his Caps Lock key to Escape, but there’s no place to do that yet, and the Gnome-Tweaks app won’t work, either. Some of this is probably the distribution itself, some of it is Cosmic, and some of it is between the two. (Yes, I’m certain there’s a way to get that keyboard fix with a command or config file, but this is just a test run.)

The Cosmic team says it will next work on settings pages, the Files app, variable refresh rate, and software rendering, among other bugs and refinements. After that comes the hard part of gaining acceptance and installs across the wider open source community.

Listing image by System76

You can kick the alpha tires on System76’s Cosmic, a new Linux desktop Read More »

the-next-nvidia-driver-makes-even-more-gpus-“open,”-in-a-specific,-quirky-way

The next Nvidia driver makes even more GPUs “open,” in a specific, quirky way

Biz & IT, CUDA, Linux, Linux kernel, NVIDIA, nvidia drivers, Open Source, Tech / /

You know open when you see it —

You can’t see inside the firmware, but more open code can translate it for you.

GeForce RTX 4060 cards on display in a case

Getty Images

You have to read the headline on Nvidia’s latest GPU announcement slowly, parsing each clause as it arrives.

“Nvidia transitions fully” sounds like real commitment, a burn-the-boats call. “Towards open-source GPU,” yes, evoking the company’s “first step” announcement a little over two years ago, so this must be progress, right? But, back up a word here, then finish: “GPU kernel modules.”

So, Nvidia has “achieved equivalent or better application performance with our open-source GPU kernel modules,” and added some new capabilities to them. And now most of Nvidia’s modern GPUs will default to using open source GPU kernel modules, starting with driver release R560, with dual GPL and MIT licensing. But Nvidia has moved most of its proprietary functions into a proprietary, closed-source firmware blob. The parts of Nvidia’s GPUs that interact with the broader Linux system are open, but the user-space drivers and firmware are none of your or the OSS community’s business.

Is it better than what existed before? Certainly. AMD and Intel have maintained open source GPU drivers, in both the kernel and user space, for years, though also with proprietary firmware. This brings Nvidia a bit closer to the Linux community and allows for community debugging and contribution. There’s no indication that Nvidia aims to go further with its open source moves, however, and its modules remain outside the main kernel, packaged up for users to install themselves.

Not all GPUs will be able to use the open source drivers: a number of chips from the Maxwell, Pascal, and Volta lines; GPUs from the Turing, Ampere, Ada Lovelace, and Hopper architectures are recommended to switch to the open bits; and Grace Hopper and Blackwell units must do so.

As noted by Hector Martin, a developer on the Asahi Linux distribution, at the time of the first announcement, this shift makes it easier to sandbox closed-source code while using Nvidia hardware. But the net amount of closed-off code is about the same as before.

Nvidia’s blog post has details on how to integrate its open kernel modules onto various systems, including CUDA setups.

The next Nvidia driver makes even more GPUs “open,” in a specific, quirky way Read More »

larry-finger-made-linux-wireless-work-and-brought-others-along-to-learn

Larry Finger made Linux wireless work and brought others along to learn

larry finger, Linux, Linux kernel, linux kernel mailing list, Tech, wi-fi, wireless / /

Linux kernel —

Remembering Finger, 84, who learned as he went and left his mark on many.

Laptop showing a Wi-Fi signal icon amidst an outdoor scene with a coffee cup nearby.

Aurich Lawson | Getty Images

Linux and its code are made by people, and people are not with us forever. Over the weekend, a brief message on the Linux kernel mailing list reminded people of just how much one person can mean to a seemingly gargantuan project like Linux, and how quickly they can disappear:

Denise Finger, wife of the deceased, wrote to the Linux Wireless list on Friday evening:

This is to notify you that Larry Finger, one of your developers, passed away on June 21st.

LWN.net reckons that Finger, 84, contributed to 94 Linux kernel releases, or 1,464 commits total, at least since kernel 2.6.16 in 2006 (and when the kernel started using git to track changes). Given the sometimes precarious nature of contributing to the kernel, this is on its own an impressive achievement—especially for someone with no formal computer training, and who considered himself a scientist.

The deepest of trenches: Linux Wi-Fi in the 2000s

That kind of effort is worth celebrating, regardless. But it’s the space that Finger devoted himself to that makes him a notably patient, productive contributor.

Getting Wi-Fi to work on a device running Linux back when Finger started contributing was awful. The chances of your hardware being recognized, activated, and working properly right after install was akin to getting a straight flush in poker. If nobody had gotten around to your wireless chipset yet, you used NDISwrapper, a Windows-interfacing kludge tool that simultaneously made your Linux install less open and yet still painful to install and maintain.

Finger started fixing this with work on Broadcom’s BCM43XX drivers. Broadcom provided no code for its gear, so Finger helped reverse-engineer the necessary specs by manually dumping and reading hardware registers. Along with Broadcom drivers, Finger also provided Realtek drivers. Many commenters across blogs and message boards are noting that their systems are still using pieces of Finger’s code today.

Fixing mainframes, science gear, and RV resorts

Larry Finger, and fish, from his Quora profile.

Larry Finger, and fish, from his Quora profile.

Quora

Finger doesn’t have a large footprint on the web, outside of his hundreds of kernel commits. He has a page for DRAWxtl, for producing crystal-structure drawings, on his personal domain, but not a general personal page. He sometimes answered Quora questions. He had a GitHub profile, showing more than 100 contributions to projects in 2024.

Perhaps the biggest insight into Finger found in one place is a three-part series for Linux Journal, “Linux in a Windows Workstation Environment,” written in 2005, when he was roughly 65. He summarizes his background: Fortran programmer in 1963, PDP-11 interfaces to scientific instruments in the 1970s, VAX-11/780 work in the early 1980s, and then Unix/Linux systems, until retiring from the Carnegie Institution for Science in Washington, DC, in 1999. The mineral Fingerite is named for Finger, whose work in crystallography took him on a fellowship to northern Bavaria, as noted in one Quora answer about the Autobahn.

“At that time, I became a full-time RV resident, dedicated to the avoidance of cold weather,” Finger writes. He and his wife Denise arrived that year at a 55-plus RV community in Mesa, Arizona. He joined the computer club, which had a growing number of Windows PCs sharing a DSL connection through one of the systems running WinGate. A new RV resort owner wanted to expand to 22 workstations, but WinGate licenses for that many would have been expensive for the club. Finger, who was “highly distrustful of using Windows 98 in a mission-critical role,” set to work.

Finger goes on across the series to describe the various ways he upgraded the routing and server capacity of the network, which grew to 38 user stations, Samba shares, a membership database, VPN tunnels, several free RJ-45 ports, and “free Wi-Fi access… throughout the park.”

Passing it along

Larry Finger, from his obituary page.

Enlarge / Larry Finger, from his obituary page.

Hixson-Klein Funeral Home

Lots of people have commented on the broad work Finger did to make Linux usable for more people. A few mention that Finger also mentored people, the kind of work that has exponential effects. “MB” wrote on LWN.net that Finger “mentored other people to get the Broadcom Open Source code into kernel. And I think it was a huge success. And that was only a small part of Larry’s success story.”

In a 2023 Quora response to someone asking if someone without “any formal training in computer science” can “contribute something substantial” to Linux, Finger writes, “I think that I have.” Finger links to the stats for the 6.4 kernel, showing 172,346 lines of his code in it, roughly 0.5% of the total.

I have never taken any courses in Computer Science; however, I have considerable experience in coding, much of which happened when computers were a lot less powerful than today, and it was critical to write code that ran efficiently.

Finger suggests in his response small patches, deep reading of the guidelines, and always using git’s send-email to send patches: “Nothing will get shot down more quickly than a patch submitted from a mailer such as Thunderbird.” Finding typos and errors in comments and text strings can help, especially after translation. Finger advises being patient, expecting criticism about following rules and formats, and to keep plugging away at it.

In another Quora response about kernel driver development, Finger says, “This activity can be highly rewarding, and also equally frustrating!” You should learn C, Finger suggested, and maybe start with analyzing USB drivers, and take your time learning about DMA.

“Do not lose hope,” Finger wrote. “It took me about 2 years before I could do anything more than tell the experts where my system was generating a fault.”

Larry Finger made Linux wireless work and brought others along to learn Read More »

40-years-later,-x-window-system-is-far-more-relevant-than-anyone-could-guess

40 years later, X Window System is far more relevant than anyone could guess

astrophysics, dumb terminal, Linux, Sun microsystems, Tech, UNIX, VAX, Wayland, X, x window system, x11, zaphod / /

Widely but improperly known as X-windows —

One astrophysics professor’s memories of writing X11 code in the 1980s.

low angle view of Office Buildings in Hong Kong from below, with the sky visible through an X-like cross

Getty Images

Often times, when I am researching something about computers or coding that has been around a very long while, I will come across a document on a university website that tells me more about that thing than any Wikipedia page or archive ever could.

It’s usually a PDF, though sometimes a plaintext file, on a .edu subdirectory that starts with a username preceded by a tilde (~) character. This is typically a document that a professor, faced with the same questions semester after semester, has put together to save the most time possible and get back to their work. I recently found such a document inside Princeton University’s astrophysics department: “An Introduction to the X Window System,” written by Robert Lupton.

X Window System, which turned 40 years old earlier this week, was something you had to know how to use to work with space-facing instruments back in the early 1980s, when VT100s, VAX-11/750s, and Sun Microsystems boxes would share space at college computer labs. As the member of the AstroPhysical Sciences Department at Princeton who knew the most about computers back then, it fell to Lupton to fix things and take questions.

“I first wrote X10r4 server code, which eventually became X11,” Lupton said in a phone interview. “Anything that needed graphics code, where you’d want a button or some kind of display for something, that was X… People would probably bug me when I was trying to get work done down in the basement, so I probably wrote this for that reason.”

Getty Images

Where X came from (after W)

Robert W. Scheifler and Jim Gettys at MIT spent “the last couple weeks writing a window system for the VS100” back in 1984. As part of Project Athena‘s goals to create campus-wide computing with distributed resources and multiple hardware platforms, X fit the bill, being independent of platforms and vendors and able to call on remote resources. Scheifler “stole a fair amount of code from W,” made its interface asynchronous and thereby much faster, and “called it X” (back when that was still a cool thing to do).

That kind of cross-platform compatibility made X work for Princeton, and thereby Lupton. He notes in his guide that X provides “tools not rules,” which allows for “a very large number of confusing guises.” After explaining the three-part nature of X—the server, the clients, and the window manager—he goes on to provide some tips:

  • Modifier keys are key to X; “this sensitivity extends to things like mouse buttons that you might not normally think of as case-sensitive.”
  • “To start X, type xinit; do not type X unless you have defined an alias. X by itself starts the server but no clients, resulting in an empty screen.”
  • “All programmes running under X are equal, but one, the window manager, is more equal.”
  • Using the “--zaphod” flag prevents a mouse from going into a screen you can’t see; “Someone should be able to explain the etymology to you” (link mine).
  • “If you say kill 5 -9 12345 you will be sorry as the console will appear hopelessly confused. Return to your other terminal, say kbd mode -a, and make a note not to use -9 without due reason.”

I asked Lupton, whom I caught on the last day before he headed to Chile to help with a very big telescope, how he felt about X, 40 years later. Why had it survived?

“It worked, at least relative to the other options we had,” Lupton said. He noted that Princeton’s systems were not “heavily networked in those days,” such that the network traffic issues some had with X weren’t an issue then. “People weren’t expecting a lot of GUIs, either; they were expecting command lines, maybe a few buttons… it was the most portable version of a window system, running on both a VAX and the Suns at the time… it wasn’t bad.”

40 years later, X Window System is far more relevant than anyone could guess Read More »

federal-agency-warns-critical-linux-vulnerability-being-actively-exploited

Federal agency warns critical Linux vulnerability being actively exploited

Biz & IT, cve-2024-1086, kernel, Linux, Security, vulnerability / /

NETFILTER FLAW —

Cybersecurity and Infrastructure Security Agency urges affected users to update ASAP.

Federal agency warns critical Linux vulnerability being actively exploited

Getty Images

The US Cybersecurity and Infrastructure Security Agency has added a critical security bug in Linux to its list of vulnerabilities known to be actively exploited in the wild.

The vulnerability, tracked as CVE-2024-1086 and carrying a severity rating of 7.8 out of a possible 10, allows people who have already gained a foothold inside an affected system to escalate their system privileges. It’s the result of a use-after-free error, a class of vulnerability that occurs in software written in the C and C++ languages when a process continues to access a memory location after it has been freed or deallocated. Use-after-free vulnerabilities can result in remote code or privilege escalation.

The vulnerability, which affects Linux kernel versions 5.14 through 6.6, resides in the NF_tables, a kernel component enabling the Netfilter, which in turn facilitates a variety of network operations, including packet filtering, network address [and port] translation (NA[P]T), packet logging, userspace packet queueing, and other packet mangling. It was patched in January, but as the CISA advisory indicates, some production systems have yet to install it. At the time this Ars post went live, there were no known details about the active exploitation.

A deep-dive write-up of the vulnerability reveals that these exploits provide “a very powerful double-free primitive when the correct code paths are hit.” Double-free vulnerabilities are a subclass of use-after-free errors that occur when the free() function for freeing memory is called more than once for the same location. The write-up lists multiple ways to exploit the vulnerability, along with code for doing so.

The double-free error is the result of a failure to achieve input sanitization in netfilter verdicts when nf_tables and unprivileged user namespaces are enabled. Some of the most effective exploitation techniques allow for arbitrary code execution in the kernel and can be fashioned to drop a universal root shell.

The author offered the following graphic providing a conceptual illustration:

pwning tech

CISA has given federal agencies under its authority until June 20 to issue a patch. The agency is urging all organizations that have yet to apply an update to do so as soon as possible.

Federal agency warns critical Linux vulnerability being actively exploited Read More »

linux-maintainers-were-infected-for-2-years-by-ssh-dwelling-backdoor-with-huge-reach

Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach

Biz & IT, ebury, Linux, openssh, secure shell, Security, SSH, Uncategorized / /

ONGOING LINUX THREAT —

Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.

A cartoon door leads to a wall of computer code.

Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers said Tuesday.

The unknown attackers behind the compromise infected at least four servers inside kernel.org, the Internet domain underpinning the sprawling Linux development and distribution network, the researchers from security firm ESET said. After obtaining the cryptographic hashes for 551 user accounts on the network, the attackers were able to convert half into plaintext passwords, likely through password-cracking techniques and the use of an advanced credential-stealing feature built into the malware. From there, the attackers used the servers to send spam and carry out other nefarious activities. The four servers were likely infected and disinfected at different times, with the last two being remediated at some point in 2011.

Stealing kernel.org’s keys to the kingdom

An infection of kernel.org came to light in 2011, when kernel maintainers revealed that 448 accounts had been compromised after attackers had somehow managed to gain unfettered, or “root,” system access to servers connected to the domain. Maintainers reneged on a promise to provide an autopsy of the hack, a decision that has limited the public’s understanding of the incident.

Besides revealing the number of compromised user accounts, representatives of the Linux Kernel Organization provided no details other than saying that the infection:

  • Occurred no later than August 12, 2011, and wasn’t detected for another 17 days
  • Installed an off-the-shelf rootkit known as Phalanx on multiple servers and personal devices belonging to a senior Linux developer
  • Modified the files that both servers and end user devices inside the network used to connect through OpenSSH, an implementation of the SSH protocol for securing remote connections.

In 2014, ESET researchers said the 2011 attack likely infected kernel.org servers with a second piece of malware they called Ebury. The malware, the firm said, came in the form of a malicious code library that, when installed, created a backdoor in OpenSSH that provided the attackers with a remote root shell on infected hosts with no valid password required. In a little less than 22 months, starting in August 2011, Ebury spread to 25,000 servers. Besides the four belonging to the Linux Kernel Organization, the infection also touched one or more servers inside hosting facilities and an unnamed domain registrar and web hosting provider.

A 47-page report summarizing Ebury’s 15-year history said that the infection hitting the kernel.org network began in 2009, two years earlier than the domain was previously thought to have been compromised. The report said that since 2009, the OpenSSH-dwelling malware has infected more than 400,000 servers, all running Linux except for about 400 FreeBSD servers, a dozen OpenBSD and SunOS servers, and at least one Mac.

Researcher Marc-Etienne M. Léveillé wrote:

In our 2014 paper, we mentioned that there was evidence that kernel.org, hosting the source code of the Linux kernel, had been a victim of Ebury. Data now at our disposal reveals additional details about the incident. Ebury had been installed on at least four servers belonging to the Linux Foundation between 2009 and 2011. It seems these servers acted as mail servers, name servers, mirrors, and source code repositories at the time of the compromise. We cannot tell for sure when Ebury was removed from each of the servers, but since it was discovered in 2011 it is likely that two of the servers were compromised for as long as two years, one for one year and the other for six months.

The perpetrator also had copies of the /etc/shadow files, which overall contained 551 unique username and hashed password pairs. The cleartext passwords for 275 of those users (50%) are in possession of the attackers. We believe that the cleartext passwords were obtained by using the installed Ebury credential stealer, and by brute force.

The researcher said in an email that the Ebury and Phalanx infections appear to be separate compromises by two unrelated threat groups. Representatives of the Linux Kernel Organization didn’t respond to emails asking if they were aware of the ESET report or if its claims were accurate. There is no indication that either infection resulted in tampering with the Linux kernel source code.

Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach Read More »

ubuntu-24.04-lts,-noble-numbat,-overhauls-its-installation-and-app-experience

Ubuntu 24.04 LTS, Noble Numbat, overhauls its installation and app experience

Linux, Tech, Ubuntu, ubuntu 24.04, xz utils / /

Ubuntu 24.04 —

Plus Raspberry Pi 5 support, better laptop power, and lots of other changes.

Ubuntu desktop running on a laptop on a 3D-rendered desktop, with white polygonal coffee mug and picture frame nearby.

Enlarge / Ubuntu has come a long way over nearly 20 years, to the point where you can now render 3D Ubuntu coffee mugs and family pictures in a video announcing the 2024 spring release.

Canonical

History might consider the most important aspect of Ubuntu 24.04 to be something that it doesn’t have: vulnerabilities to the XZ backdoor that nearly took over the global Linux scene.

Betas, and the final release of Ubuntu 24.04, a long-term support (LTS) release of the venerable Linux distribution, were delayed, as backing firm Canonical worked in early April 2024 to rebuild every binary included in the release. xz Utils, an almost ubiquitous data-compression package on Unix-like systems, had been compromised through a long-term and elaborate supply-chain attack, discovered only because a Microsoft engineer noted some oddities with SSH performance on a Debian system. Ubuntu, along with just about every other regularly updating software platform, had a lot of work to do this month.

Canonical’s Ubuntu 24.04 release video, noting 20 years of Ubuntu releases. I always liked the brown.

What is actually new in Ubuntu 24.04, or “Noble Numbat?” Quite a bit, especially if you’re the type who sticks to LTS releases. The big new changes are a very slick new installer, using the same Subiquity back-end as the Server releases, and redesigned with a whole new front-end in Flutter. ZFS encryption is back as a default install option, along with hardware-backed (i.e., TPM) full-disk encryption, plus more guidance for people looking to dual-boot with Windows setups and BitLocker. Netplan 1.0 is the default network configuration tool now. And the default installation is “Minimal,” as introduced in 23.10.

endangered species, and I think we should save it.” data-height=”1414″ data-width=”2121″ href=”https://cdn.arstechnica.net/wp-content/uploads/2024/04/GettyImages-1472552858.jpg”>The numbat is an <a href=endangered species, and I think we should save it.” height=”200″ src=”https://cdn.arstechnica.net/wp-content/uploads/2024/04/GettyImages-1472552858-300×200.jpg” width=”300″>

Enlarge / The numbat is an endangered species, and I think we should save it.

Getty Images

Raspberry Pi gets some attention, too, with an edition of 24.04 (64-bit only) available for the popular single-board computer, including the now-supported Raspberry Pi 5 model. That edition includes power supply utility Pemmican and enables 3D acceleration in the Firefox Snap. Ubuntu also tweaked the GNOME (version 46) desktop included in this release, such that it should see better performance on Raspberry Pi graphics drivers.

What else? Lots of little things:

  • Support for autoinstall, i.e., YAML-based installation workflows
  • A separate, less background-memory-eating firmware updating tool
  • Additional support for Group Policy Objects (GPOs) in Active Directory environments
  • Security improvements to Personal Package Archives (PPA) software setups
  • Restrictions to unprivileged user namespace through apparmor, which may impact some third-party apps downloaded from the web
  • A new Ubuntu App Center, replacing the Snap Store that defaults to Snaps but still offers traditional .deb installs (and numerous angles of critique for Snap partisans)
  • Firefox is a native Wayland application, and Thunderbird is a Snap package only
  • More fingerprint reader support
  • Improved Power Profiles Manager, especially for portable AMD devices
  • Support for Apple’s preferred HEIF/HEIC files, with thumbnail previews
  • Snapshot replaces Cheese, and GNOME games has been removed
  • Virtual memory mapping changes that make many modern games run better through Proton, per OMG Ubuntu
  • Linux kernel 6.8, which, among other things, improves Intel Meteor Lake CPU performance and supports Nintendo Switch Online controllers.

The suggested system requirements for Ubuntu 24.04 are a 2 GHz dual-core processor, 4GB memory, and 25GB free storage space. There is a dedicated WSL edition of 24.04 out for Windows systems.

Listing image by Getty Images

Ubuntu 24.04 LTS, Noble Numbat, overhauls its installation and app experience Read More »

linus-torvalds-reiterates-his-tabs-versus-spaces-stance-with-a-kernel-trap

Linus Torvalds reiterates his tabs-versus-spaces stance with a kernel trap

Biz & IT, coding style, Linus Torvalds, Linux, Linux kernel, linux kernel mailing list, tab vs space, tabs versus spaces, Tech / /

Tabs Versus Space 2024: The Sabotage —

One does not simply suggest changing a kernel line to help out a parsing tool.

Updated

Tab soda displayed on a grocery shelf

Enlarge / Cans of Tab diet soda on display in 2011. Tab was discontinued in 2020. There has never been a soda named “Spaces” that had a cult following.

Getty Images

Anybody can contribute to the Linux kernel, but any person’s commit suggestion can become the subject of the kernel’s master and namesake, Linus Torvalds. Torvalds is famously not overly committed to niceness, though he has been working on it since 2018. You can see glimpses of this newer, less curse-laden approach in how Torvalds recently addressed a commit with which he vehemently disagreed. It involves tabs.

The commit last week changed exactly one thing on one line, replacing a tab character with a space: “It helps Kconfig parsers to read file without error.” Torvalds responded with a commit of his own, as spotted by The Register, which would “add some hidden tabs on purpose.” Trying to smooth over a tabs-versus-spaces matter seemed to awaken Torvalds to the need to have tab-detecting failures be “more obvious.” Torvalds would have added more, he wrote, but didn’t “want to make things uglier than necessary. But it *mightbe necessary if it turns out we see more of this kind of silly tooling.”

If you’ve read this far and don’t understand what’s happening, please allow me, a failed CS minor, to offer a quick explanation: Tabs Versus Spaces will never be truly resolved, codified, or set right by standards, and the energy spent on the issue over time could, if harnessed, likely power one or more small nations. Still, the Linux kernel has its own coding style, and it directly cites “K&R,” or Kernighan & Ritchie, the authors of the coding bible The C Programming Language, which is a tabs book. If you are submitting kernel code, it had better use tabs (eight-character tabs, ideally, though that is tied in part to teletype and line-printer history).

By attempting to smooth over one tiny part of the kernel so that a parsing tool could see a space character as a delineating whitespace, Prasad Pandit inadvertently spurred a robust rebuttal:

It wasn’t clear what tool it was, but let’s make sure it gets fixed. Because if you can’t parse tabs as whitespace, you should not be parsing the kernel Kconfig files.

In fact, let’s make such breakage more obvious than some esoteric ftrace record size option. If you can’t parse tabs, you can’t have page sizes.

Yes, tab-vs-space confusion is sadly a traditional Unix thing, and ‘make’ is famous for being broken in this regard. But no, that does not mean that it’s ok.

Torvalds’ hidden tabs appear in the fourth release candidate for Linux kernel 6.9, which Torvlads wrote had “nothing particularly unusual going on” the week of its release.

Disclosure: The author is a tab person insofar as he has any idea what he’s doing.

This post was updated at 6: 33 pm Eastern to fix some line-break issues in the Torvalds blockquote. The irony was duly noted. A better link regarding the Tabs Vs. Spaces debate was also swapped in.

Linus Torvalds reiterates his tabs-versus-spaces stance with a kernel trap Read More »

german-state-gov.-ditching-windows-for-linux,-30k-workers-migrating

German state gov. ditching Windows for Linux, 30K workers migrating

Biz & IT, germany, LibreOffice, Linux, microsoft, Software, Windows / /

Open source FTW —

Schleswig-Holstein looks to succeed where Munich failed.

many penguins

Schleswig-Holstein, one of Germany’s 16 states, on Wednesday confirmed plans to move tens of thousands of systems from Microsoft Windows to Linux. The announcement follows previously established plans to migrate the state government off Microsoft Office in favor of open source LibreOffice.

As spotted by The Document Foundation, the government has apparently finished its pilot run of LibreOffice and is now announcing plans to expand to more open source offerings.

In 2021, the state government announced plans to move 25,000 computers to LibreOffice by 2026. At the time, Schleswig-Holstein said it had already been testing LibreOffice for two years.

As announced on Minister-President Daniel Gunther’s webpage this week, the state government confirmed that it’s moving all systems to the Linux operating system (OS), too. Per a website-provided translation:

With the cabinet decision, the state government has made the concrete beginning of the switch away from proprietary software and towards free, open-source systems and digitally sovereign IT workplaces for the state administration’s approximately 30,000 employees.

The state government is offering a training program that it said it will update as necessary.

Regarding LibreOffice, the government maintains the possibility that some jobs may use software so specialized that they won’t be able to move to open source software.

In 2021, Jan Philipp Albrecht, then-minister for Energy, Agriculture, the Environment, Nature, and Digitalization of Schleswig-Holstein, discussed interest in moving the state government off of Windows.

“Due to the high hardware requirements of Windows 11, we would have a problem with older computers. With Linux we don’t have that,” Albrecht told Heise magazine, per a Google translation.

This week’s announcement also said that the Schleswig-Holstein government will ditch Microsoft Sharepoint and Exchange/Outlook in favor of open source offerings Nextcloud and Open-Xchange, and Mozilla Thunderbird in conjunction with the Univention active directory connector.

Schleswig-Holstein is also developing an open source directory service to replace Microsoft’s Active Directory and an open source telephony offering.

Digital sovereignty dreams

Explaining the decision, the Schleswig-Holstein government’s announcement named enhanced IT security, cost efficiencies, and collaboration between different systems as its perceived benefits of switching to open source software.

Further, the government is pushing the idea of digital sovereignty, with Schleswig-Holstein Digitalization Minister Dirk Schrödter quoted in the announcement as comparing the concept’s value to that of energy sovereignty. The announcement also quoted Schrödter as saying that digital sovereignty isn’t achievable “with the current standard IT workplace products.”

Schrödter pointed to the state government’s growing reliance on cloud services and said that with related proprietary software, users have no influence on data flow and whether that data makes its way to other countries.

Schrödter also claimed that the move would help with the state’s budget by diverting money from licensing fees to “real programming services from our domestic digital economy” that could also create local jobs.

In 2021, Albrecht said the state was reaching its limits with proprietary software contracts because “license fees have continued to rise in recent years,” per Google’s translation.

“Secondly, regarding our goals for the digitalization of administration, open source simply offers us more flexibility,” he added.

At the time, Albrecht claimed that 90 percent of video conferences in the state government ran on the open source program Jitsi, which was advantageous during the COVID-19 pandemic because the state was able to quickly increase video conferencing capacity.

Additionally, he said that because the school portal was based on (unnamed) open source software, “we can design the interface flexibly and combine services the way we want.”

There are numerous other examples globally of government entities switching to Linux in favor of open source technology. Federal governments with particular interest in avoiding US-based technologies, including North Korea and China, are some examples. The South Korean government has also shared plans to move to Linux by 2026, and the city of Barcelona shared migration plans in 2018.

But some government bodies that have made the move regretted it and ended up crawling back to Windows. Vienna released the Debian-based distribution WIENUX in 2005 but gave up on migration by 2009.

In 2003, Munich announced it would be moving some 14,000 PCs off Windows and to Linux. In 2013, the LiMux project finished, but high associated costs and user dissatisfaction resulted in Munich announcing in 2017 that it would spend the next three years reverting back to Windows.

Albrecht in 2021 addressed this failure when speaking to Heise, saying, per Google’s translation:

The main problem there was that the employees weren’t sufficiently involved. We do that better. We are planning long transition phases with parallel use. And we are introducing open source step by step where the departments are ready for it. This also creates the reason for further rollout because people see that it works.

German state gov. ditching Windows for Linux, 30K workers migrating Read More »

backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections

Backdoor found in widely used Linux utility breaks encrypted SSH connections

backdoors, Biz & IT, Linux, Security, supply chain attack, xz utils / /

SUPPLY CHAIN ATTACK —

Malicious code planted in xz Utils has been circulating for more than a month.

Internet Backdoor in a string of binary code in a shape of an eye.

Enlarge / Internet Backdoor in a string of binary code in a shape of an eye.

Getty Images

Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian.

The compression utility, known as xz Utils, introduced the malicious code in versions ​​5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versions—specifically, in Fedora 40 and Fedora Rawhide and Debian testing, unstable and experimental distributions. A stable release of Arch Linux is also affected. That distribution, however, isn’t used in production systems.

Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it’s not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm Analygence, said in an online interview. “BUT that’s only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”

Several people, including two Ars readers, reported that the multiple apps included in the HomeBrew package manager for macOS rely on the backdoored 5.6.1 version of xz Utils. HomeBrew has now rolled back the utility to version 5.4.6. Maintainers have more details available here.

Breaking SSH authentication

The first signs of the backdoor were introduced in a February 23 update that added obfuscated code, officials from Red Hat said in an email. An update the following day included a malicious install script that injected itself into functions used by sshd, the binary file that makes SSH work. The malicious code has resided only in the archived releases—known as tarballs—which are released upstream. So-called GIT code available in repositories aren’t affected, although they do contain second-stage artifacts allowing the injection during the build time. In the event the obfuscated code introduced on February 23 is present, the artifacts in the GIT version allow the backdoor to operate.

The malicious changes were submitted by JiaT75, one of the two main xz Utils developers with years of contributions to the project.

“Given the activity over several weeks, the committer is either directly involved or there was some quite severe compromise of their system,” an official with distributor OpenWall wrote in an advisory. “Unfortunately the latter looks like the less likely explanation, given they communicated on various lists about the ‘fixes’” provided in recent updates. Those updates and fixes can be found here, here, here, and here.

On Thursday, someone using the developer’s name took to a developer site for Ubuntu to ask that the backdoored version 5.6.1 be incorporated into production versions because it fixed bugs that caused a tool known as Valgrind to malfunction.

“This could break build scripts and test pipelines that expect specific output from Valgrind in order to pass,” the person warned, from an account that was created the same day.

One of maintainers for Fedora said Friday that the same developer approached them in recent weeks to ask that Fedora 40, a beta release, incorporate one of the backdoored utility versions.

“We even worked with him to fix the valgrind issue (which it turns out now was caused by the backdoor he had added),” the Ubuntu maintainer said.

He has been part of the xz project for two years, adding all sorts of binary test files, and with this level of sophistication, we would be suspicious of even older versions of xz until proven otherwise.

Maintainers for xz Utils didn’t immediately respond to emails asking questions.

The malicious versions, researchers said, intentionally interfere with authentication performed by SSH, a commonly used protocol for connecting remotely to systems. SSH provides robust encryption to ensure that only authorized parties connect to a remote system. The backdoor is designed to allow a malicious actor to break the authentication and, from there, gain unauthorized access to the entire system. The backdoor works by injecting code during a key phase of the login process.

“I have not yet analyzed precisely what is being checked for in the injected code, to allow unauthorized access,” Freund wrote. “Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution.”

In some cases, the backdoor has been unable to work as intended. The build environment on Fedora 40, for example, contains incompatibilities that prevent the injection from correctly occurring. Fedora 40 has now reverted to the 5.4.x versions of xz Utils.

Xz Utils is available for most if not all Linux distributions, but not all of them include it by default. Anyone using Linux should check with their distributor immediately to determine if their system is affected. Freund provided a script for detecting if an SSH system is vulnerable.

Backdoor found in widely used Linux utility breaks encrypted SSH connections Read More »

playtron’s-wildly-ambitious-gaming-os-aims-to-unite-stores,-lure-“core-casuals”

Playtron’s wildly ambitious gaming OS aims to unite stores, lure “core casuals”

AOSP, asus rog ally, Cyanogen, cyanogen inc., CyanogenMod, gaming, Handheld Gaming, handheld gaming pc, Linux, Portable gaming, steam deck / /

Core Casual Corps —

Headed by former Cyanogen CEO, it’s a Linux OS that might not be fully open.

Mock-up of a potential Playtron device

Enlarge / This isn’t what the first PlaytronOS-powered device will look like. That could be your Steam Deck, a 5G device from your cell carrier, or maybe your car.

Playtron

The Steam Deck’s OS is purpose-built for handheld gaming, but it’s confined to one device, unless you’re willing to head out to the bleeding edge. Beyond SteamOS, there is Windows, which can let down ambitious Deck-likes, there is the Nintendo Switch, and there are Android-based devices that are a lot like Android phones. This setup has got at least one company saying, in infomercial tones, that there has got to be a better way.

That company is Playtron, a new software startup that aims to fix that setup with a Linux-based gaming OS that’s tied to no particular game store or platform. Playtron has $10 million, coders from open source projects like ChimeraOS and Heroic Games Launcher, and the former CEO of Cyanogen. With that, it aims to have “Playtron-native devices shipping worldwide in 2025,” and to capture the 1 billion “core casual” gamers they see as under-served.

Demo of Playtron running on a Lenovo Legion Go, uploaded by Playtron CEO Kirk McMaster.

What devices will Playtron use to serve them? Some of them might be Steam Decks, as you will “soon be able to install Playtron on your favorite handheld PC,” according to Playtron’s ambitious, somewhat scattershot single-page website. Some might be “Playtron-powered 5G devices coming soon to markets around the world.” Really, though, Playtron aims to provide a gaming platform to any device with a CPU and a screen, be it desktop or mobile, ARM or x86, TV or car.

  • I have looked at this Venn diagram for long stretches and have still not figured out if the target is someone who is deeply into gaming or turned off by having to choose a platform or both or neither.

    Playtron

  • Additional mock-ups of hypothetical Playtron devices from Playtron’s website or possibly just Playtron logos on existing devices.

    Playtron

Sean Hollister at The Verge spoke with Playtron CEO Kirk McMaster. He has also viewed internal planning documents and tried out an alpha of the OS. McMaster told Hollister that handheld-maker Ayaneo plans to ship a Playtron device in 2024, while “numerous OEMs and mobile operators” are looking at 2025. Playtron aims to compete with Windows on price ($10 instead of what McMaster cites as $80 per head), and against Steam with a non-Steam platform that, McMaster claims, will still prevent cheating with a Fedora-Silverblue-based immutable file system. There are also some mentions of AI tools for helping casual gamers or determining launch configurations for games. Also, there are crypto-focused investors and a mention of offering crypto-based game purchases, though Playtron may also not have a store at all.

Another notable thing Playtron has is McMaster, the former head of Cyanogen Inc. That project launched in 2013 with $7 million in venture funding and an ambition to turn the free and open source-minded Android ROM community, CyanogenMod, into a for-profit OS and apps vendor. Google reportedly tried to buy Cyanogen Inc. at some point in 2014 but was turned away, as the company saw itself as growing. By the end of 2016, Cyanogen Inc. was shut down, and the Android ROM community reorganized around LineageOS. Ars’ 2016 “Deathwatch” cited McMaster’s “delusions of grandeur,” noting his claimed desire to “put a bullet in Google’s head” while maintaining an OS that was almost entirely dependent on Google’s open source Android code.

McMaster told The Verge’s Hollister that, from his time at Cyanogen Inc., he “learned that you shouldn’t try to commercialize an open-source project with a significant history because it can lead to culture wars.” There are strong hints that Playtron will not be entirely open source, though it will encourage the Linux coders it has hired to continue contributing to projects like ChimeraOS.

Playtron’s wildly ambitious gaming OS aims to unite stores, lure “core casuals” Read More »