Slashdot reader b-dayyy quotes the Linux Security blog: While all Linux 'distros' — or distributed versions of Linux software — are secure by design, certain distros go above and beyond when it comes to protecting users' privacy and security. We've put together a list of our favorite specialized secure Linux distros and spoken with some of their lead developers to find out first-hand what makes these distros so great. This "favorites" list cites six "excellent specialized secure Linux distros." Some highlights from the article: In a conversation with the LinuxSecurity editors, Qubes OS Community Manager Andrew David Wong elaborated, "Rather than attempting to fix all of the security bugs in software, Qubes assumes that all software is buggy and compartmentalizes it accordingly, so that when flaws are inevitably exploited, the damage is contained and the user's most valuable data is protected." A Kali Linux contributor provides some insight into the distro's history and the benefits it offers users: "Named after a Hindu goddess, Kali has been around for a long time — but it's still updated weekly, can be run in live mode or installed to a drive, and can also be used on ARM devices like Raspberry Pi." Obviously there's strong opinions among Slashdot readers. So share your own thoughts in the comments. What's the best Linux distro for enhanced privacy and security?

Read more of this story at Slashdot.

Slashdot reader Finuz writes: Offensive Security has released Kali Linux 2021.1, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. Kali NetHunter, the distro's mobile pentesting platform, now has an upgraded BusyBox engine and tools updated to the latest version (or, in some cases, completely rewritten). There are two new Kali ARM images: one that can be used with VMs on Apple Silicon Macs (Apple M1) and the other for the Raspberry Pi 400's wireless card.

Read more of this story at Slashdot.

SiFive today announced it is creating a platform for Linux-based personal computers based on RISC-V processors. VentureBeat reports: Assuming customers adopt the processors and use them in PCs, the move might be part of a plan to create Linux-based PCs that use royalty-free processors. This could be seen as a challenge to computers based on designs from Intel, Advanced Micro Devices, Apple, or Arm, but giants of the industry don't have to cower just yet. The San Mateo, California-based company unveiled HiFive Unmatched, a development design for a Linux-based PC that uses its RISC-V processors. At the moment, these development PCs are early alternatives, most likely targeted at hobbyists and engineers who may snap them up when they become available in the fourth quarter for $665. The SiFive HiFive Unmatched board will have a SiFive processor, dubbed the SiFive FU740 SoC, a 5-core processor with four SiFive U74 cores and one SiFive S7 core. The U-series cores are Linux-based 64-bit application processor cores based on RISC-V. These cores can be mixed and matched with other SiFive cores, such as the SiFive FU740. These components are all leveraging SiFive's existing intellectual property portfolio. The HiFive Unmatched board comes in the mini-ITX standard form factor to make it easy to build a RISC-V PC. SiFive also added some standard industry connectors -- ATX power supplies, PCI-Express expansion, Gigabit Ethernet, and USB ports are present on a single-board RISC-V development system. The HiFive Unmatched board includes 8GB of DDR4 memory, 32MB of QSPI flash memory, and a microSD card slot on the motherboard. For debugging and monitoring, developers can access the console output of the board through the built-in microUSB type-B connector. Developers can expand it using PCI-Express slots, including both a PCIe general-purpose slot (PCIe Gen 3 x8) for graphics, FPGAs, or other accelerators and M.2 slots for NVME storage (PCIe Gen 3 x4) and Wi-Fi/Bluetooth modules (PCIe Gen 3 x1). There are four USB 3.2 Gen 1 type-A ports on the rear, next to the Gigabit Ethernet port, making it easy to connect peripherals. The system will ship with a bootable SD card that includes Linux and popular system developer packages, with updates available for download from SiFive.com. It will be available for preorders soon. For some more context: Could RISC-V processors compete with Intel, ARM, and AMD?

Read more of this story at Slashdot.

The Linux 5.10 kernel's XFS file-system will have two new on-disk meta-data capabilities, reports Phoronix: 1. The size of inode btrees in the allocation group is now recorded. This is for increasing redundancy checks and also allowing faster mount times. 2. Support for timestamps now until the year 2486. This "big timestamps" feature is the refactoring of their timestamp and inode encoding functions to handle timestamps as a 64-bit nanosecond counter and bit shifting to increase the effective size. This now allows XFS to run well past the Year 2038 problem (where storing the time since 1970 in seconds will no longer fit in a signed 32-bit integer and thus wraparound) to now the Year 2486. Making a new XFS file-system with bigtime enabled allows a timestamp range from December 1901 to July 2486 rather than December 1901 to January 2038. For preserving backwards compatibility, the big timestamps feature is not currently enabled by default.

Read more of this story at Slashdot.

FSGSBASE support in Linux "has the possibility of helping Intel/AMD CPU performance especially in areas like context switching that had been hurt badly by Spectre/Meltdown and other CPU vulnerability mitigations largely on the Intel side," Phoronix wrote back in August. As it started its journey into the kernel, they provided a preview on August 10: The FSGSBASE support that was finally mainlined a few days ago for Linux 5.9 is off to providing a nice performance boost for both Intel and AMD systems... FSGSBASE support for the Linux kernel has been around a half-decade in the making and finally carried over the finish line by one of Microsoft's Linux kernel engineers... FSGSBASE particularly helps out context switching heavy workloads like I/O and allowing user-space software to write to the x86_64 GSBASE without kernel interaction. That in turn has been of interest to Java and others...On Linux 5.9 where FSGSBASE is finally mainlined, it's enabled by default on supported CPUs. FSGSBASE can be disabled at kernel boot time via the "nofsgsbase" kernel option. Today on the Linux kernel mailing list, Linus Torvalds announced the release of Linux 5.9: Ok, so I'll be honest - I had hoped for quite a bit fewer changes this last week, but at the same time there doesn't really seem to be anything particularly scary in here. It's just more commits and more lines changed than I would have wished for. And Phoronix reported: Linux 5.9 has a number of exciting improvements including initial support for upcoming Radeon RX 6000 "RDNA 2" graphics cards, initial Intel Rocket Lake graphics, NVMe zoned namespaces (ZNS) support, various storage improvements, IBM's initial work on POWER10 CPU bring-up, the FSGSBASE instruction is now used, 32-bit x86 Clang build support, and more. See our Linux 5.9 feature overview for the whole scoop on the many changes to see with this kernel.

Read more of this story at Slashdot.

"POSIX has been the standard file system interface for Unix-based systems (which includes Linux) since its launch more than 30 years ago," writes Enterprise Storage Forum, noting the POSIX-compliant Lustre file system "powers most supercomputers." Now Slashdot reader storagedude writes: POSIX has scalability and performance limitations that will become increasingly important in data-intensive applications like deep learning, but until now it has retained one key advantage over the infinitely scalable object storage: the ability to process data in memory. That advantage is now gone with the new mmap_obj() function, which paves the way for object storage to become the preferred approach to Big Data applications. POSIX features like statefulness, prescriptive metadata, and strong consistency "become a performance bottleneck as I/O requests multiply and data scale..." claims the article. "The mmap_obj() developers note that one piece of work still needs to be done: there needs to be a munmap_obj() function to release data from the user space, similar to the POSIX function."

Read more of this story at Slashdot.

Krystalo writes: Edge is finally coming to Linux. At Ignite 2020 today, Microsoft announced that Edge for Linux will be available in the Dev preview channel starting in October. Linux users will be able to download the preview from the Microsoft Edge Insider website or from their native Linux package manager. Microsoft will start with the Ubuntu and Debian distributions, with support for Fedora and openSUSE coming afterwards. "Linux stands out in that, while it has a relatively small desktop population in terms of what you might call typical consumer or end user, developers are often overrepresented in that population, and especially in areas like test automation, or CI/CD workloads for their web apps," Edge program manager Kyle Pflug told VentureBeat. "Edge on Linux is a natural part of our strategy to reduce fragmentation and test overhead for web developers. By providing the same rendering behavior and tools across platforms, developers can build and test sites and web apps in their preferred environment and be confident in the experience their customers will have."

Read more of this story at Slashdot.

Researchers at Kaspersky "have warned that sophisticated hackers and crooks are increasingly targeting Linux-based devices — using tools specifically designed to exploit vulnerabilities in the platform," reports TechRepublic: While Windows tends to be more frequently targeted in mass malware attacks, this is not always the case when it comes to advanced persistent threats (APTs), in which an intruder — often a nation-state or state-sponsored group — establishes a long-term presence on a network. According to Kaspersky, these attackers are increasingly diversifying their arsenals to contain Linux tools, giving them a broader reach over the systems they can target. Many organisations choose Linux for strategically important servers and systems, and with a "significant trend" towards using Linux as a desktop environment by big business as well as government bodies, attackers are in turn developing more malware for the platform... According to Kaspersky, over a dozen APT actors have been observed to use Linux malware or some Linux-based modules. Most recently, this has included the LightSpy and WellMess malware campaigns, both of which targeted both Windows and Linux devices. The LightSpy malware was also found to be capable of targeting iOS and Mac devices. While targeted attacks on Linux-based systems are still uncommon, a suite of webshells, backdoors, rootkits and custom-made exploits are readily available to those that seek to use them. Kaspersky also suggested that the small number of recorded attacks was not representative of the danger they posed, pointing out that the compromise of a single Linux server "often leads to significant consequences", as the malware travelled through the network to endpoints running Windows or macOS, "thus providing wider access for attackers which might go unnoticed".

Read more of this story at Slashdot.