Liam Tung reporting for ZDNet: Ubuntu maintainer Canonical and Microsoft have teamed up to release an optimized Ubuntu Desktop image that's available through Microsoft's Hyper-V gallery. The Ubuntu Desktop image should deliver a better experience when running it as a guest on a Windows 10 Pro host, according to Canonical. The optimized version is Ubuntu Desktop 18.04.1 LTS release, also known as Bionic Beaver. Microsoft's work with Canonical was prompted by its users who wanted a "first-class experience" on Linux virtual machines (VMs) as well as Windows VMs. To achieve this goal, Microsoft worked with the developers of XRDP, an open-source remote-desktop protocol (RDP) for Linux based on Microsoft's RDP for Windows. Thanks to that work, XRDP now supports Microsoft's Enhanced Session Mode, which allows Hyper-V to use the open-source implementation of RDP to connect to Linux VMs. This in turn gives Ubuntu VMs on Windows hosts a better mouse experience, an integrated clipboard, windows resizing, and shared folders for easier file transfers between host and guest. Microsoft's Hyper-V Quick Create VM setup wizard should also help improve the experience. "With the Hyper-V Quick Create feature added in the Windows 10 Fall Creators Update, we have partnered with Ubuntu and added a virtual machine image so in a few quick minutes, you'll be up and developing," said Clint Rutkas, a senior technical product manager on Microsoft's Windows Developer Team. "This is available now -- just type 'Hyper-V Quick Create' in your start menu."

An anonymous reader quotes a report from Bleeping Computer: A recent Windows 10 Insider Feedback Hub quest revealed that Microsoft is developing a new throwaway sandboxed desktop feature called "InPrivate Desktop." This feature will allow administrators to run untrusted executables in a secure sandbox without fear that it can make any changes to the operating system or system's files. This quest is no longer available in the Feedback Hub, but according to it's description, this feature is being targeted at Windows 10 Enterprise and requires at least 4 GB of RAM, 5 GB of free disk space, 2 CPU cores, and CPU virtualization enabled in the BIOS. It does not indicate if Hyper-V needs to be installed or not, but as the app requires admin privileges to install some features, it could be that Hyper-V will be enabled. "InPrivate Desktop (Preview) provides admins a way to launch a throwaway sandbox for secure, one-time execution of untrusted software," the Feedback Hub questions explains. "This is basically an in-box, speedy VM that is recycled when you close the app!"

Audiofan writes from a report via Audioholics, written by Gene DellaSala: Variety is said to be the spice of life. Why only eat cherry Starbursts when you can sample orange, watermelon, lemon, etc? The same applies to multi-channel surround sound upmixers. But the folks at Dolby apparently want you to eat only one flavor. Their flavor. Dolby recently issued a mandate to all of their Atmos licensee partners to restrict usage of third-party upmixers with any Dolby signals including 5.1/7.1 DD, DD+, TrueHD and Atmos. That means if you're running a DTS Soundbar, it won't process a Dolby signal, or no dice if you want to use the Auro-Matic Upmixer for a native Dolby signal. Is Dolby doing this to protect their IP or to monopolize consumer audio like they tried to do with their patented Atmos-enabled speaker? The copy of the mandate that was sent to all of Dolby's licensee partners has the following guidelines: Native Dolby Atmos content shall NOT be up-mixed, surround or height virtualized by any 3rd party competitor upmixer (ie. DTS or Auro-3D); Channel-Based DD/DD+, Dolby TrueHD 5.1 and 7.1 codecs shall not be height virtualized by any 3rd party upmixer (ie. DTS). (This implies height virtualization without height speakers. DTS has this capability but Auro-3D does not).

Audioholics notes the company will however "permit third party upmixing and/or surround virtualization of channel-based codecs that support Dolby Atmos rendering as long as the third party doesn't license their own upmixing technologies to third parties."

As for why Dolby is issuing this mandate to its licensees, it may come down to two reasons: control quality of content so that their upmixer is only used with their software; put an end to Auro-3D and strike a blow to DTS.

Shaun Nichols, reporting for The Register: A group of German researchers have devised a method to thwart the VM security in AMD's server chips. Dubbed SEVered (PDF), the attack would potentially allow an attacker, or malicious admin who had access to the hypervisor, the ability to bypass AMD's Secure Encrypted Virtualization (SEV) protections.

The problem, say Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that SEV, which is designed to isolate VMs from the prying eyes of the hypervisor, doesn't fully isolate and encrypt the VM data within the physical memory itself.

On Tuesday Red Hat announced the general availability of Red Hat Enterprise Linux version 7.5. An anonymous reader writes: Serving as a consistent foundation for hybrid cloud environments, Red Hat Enterprise Linux 7.5 provides enhanced security and compliance controls, tools to reduce storage costs, and improved usability, as well as further integration with Microsoft Windows infrastructure both on-premise and in Microsoft Azure.

New features include a large combination of Ansible Automation with OpenSCAP, and LUKS-encrypted removable storage devices can be now automatically unlocked using NBDE. The Gnome shell has been re-based to version 3.26, the Kernel version is 3.10.0-862, and the kernel-alt packages include kernel version 4.14 with support for 64-bit ARM, IBM POWER9 (little endian), and IBM z Systems, while KVM virtualization is now supported on IBM POWER8/POWER9 systems.
See the detailed release notes here.

"Free/libre and 100% community backed version of XenServer," promises a new Kickstarter page, adding that "Our first prototype (and proof of concept) is already functional." Currently, XenServer is a turnkey virtualization platform, distributed as a distribution (based on CentOS). It comes with a feature rich toolstack, called XAPI. The vast majority of XenServer code is Open Source.

But since XenServer 7.3, Citrix removed a lot of features from it. The goal of XCP-ng is to make a fully community backed version of XenServer, without any feature restrictions. We also aim to create a real ecosystem, not depending on one company only. Simple equation: the more we are, the healthier is the environment.
The campaign reached its fundraising goal within a few hours, reports long-time Slashdot reader NoOnesMessiah, and within three days they'd already raised four times the needed amount and began unlocking their stretch goals.

c4231 quotes Ars Technica: While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell's EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools -- EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection -- could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server's file system. These problems can only be fixed with upgrades. While the EMC vulnerabilities were announced late last year, VMware only became aware of its vulnerability last week.

Qualcomm is now challenging rival Intel in the rapidly changing data center market. From a report: The company is now selling its long-awaited Centriq 2400 Arm-based server processor that is aimed at the fast-growing cloud market and that Qualcomm officials say beats Intel in such crucial areas as power efficiency and cost. Officials from Arm and its manufacturing partners have for several years talked about pushing the Arm architecture into the data center as an alternative to Intel, and some manufacturers like Cavium and Applied Micro in recent years have rolled out systems-on-a-chip (SoCs) based on the 64-bit Armv8-A design. However, Qualcomm represents the most significant Arm chip maker in terms of scale and resources to challenge Intel, which holds more than 90 percent of the global server chip market. Qualcomm's Centriq chips offer up to 48 single-threaded cores running up to 2.6GHz and are manufactured on Samsung's 10-nanometer FinFET process. The processors sport a bidirectional segmented ring bus with as much as 250G bps of aggregate bandwidth to avoid performance bottlenecks, 512KB of shared L2 cache for every two cores and 60MB of unified L3 cache. There also are six channels of DDR4 memory and support for up to 768GB of total DRAM with 32 PCIe Gen 3 lanes and six PCIe controllers. They also support Arm's TrustZone security technology and hypervisors for virtualization.

An anonymous reader writes from a report via BleepingComputer: Yesterday, Microsoft released new standards that consumers should follow in order to have a highly secure Windows 10 device. These standards include the type of hardware that should be included with Windows 10 systems and the minimum firmware features. The hardware standards are broken up into 6 categories, which are minimum specs for processor generation, processor architecture, virtualization, trusted platform modules (TPM), platform boot verification, and RAM. Similarly, firmware features should support at least UEFI 2.4 or later, Secure Boot, Secure MOR 2 or later, and support the Windows UEFI Firmware Capsule Update specification.

You asked, he answered!

For Slashdot's 20th anniversary -- and the 23rd anniversary of the first release of Red Hat Linux -- here's a special treat.

Red Hat CEO Jim Whitehurst has responded to questions submitted by Slashdot readers. Read on for his answers...

Freshly Exhumed writes: PCI-SIG has released the specifications for version 4.0 of the PCIe (Peripheral Component Interconnect Express) bus, which, according to Chairman Al Yanes, promises data transfer rates of 16GTps, extended tags and credits for service devices, reduced system latency, lane margining, superior RAS capabilities, scalability for added lanes and bandwidth, improved I/O virtualization and platform integration. Tom's Hardware has posted a slide deck of the new version's specifications.

PC-MOS/386 "was a multi-user, computer multitasking operating system...announced at COMDEX in November 1986," remembers Wikipedia, saying it runs many MS-DOS titles (though it's optimized for the Intel 80386 processor).

Today Slashdot user Roeland Jansen writes: After some tracking, racing and other stuff...PC-MOS/386 v5.01 is open source under GPLv3. Back in May he'd posted to a virtualization site that "I still have the source tapes. I want(ed) to make it GPL and while I got an OK on it, I haven't had time nor managed to get it legalized. E.g. lift the NDA and be able to publish."

1987 magazine ads described it as "the gateway to the latest technology...and your networking future," and 30 years later its release on GitHub includes sources and executables. "In concert with Gary Robertson and Rod Roark it has been decided to place all under GPL v3."

MojoKid writes: Intel announced its new Xeon Scalable processor family based on the 14nm Skylake-SP microarchitecture a few weeks back, though today marks the official launch of the platform. Not only do these processors feature a new microarchitecture, but Intel has also revamped the naming convention and arrangement of the Xeon product stack, branding them with Platinum, Gold, Silver, and Bronze model families. Intel Xeon Scalable series processors feature core counts ranging from 4 to 28, with varied frequencies and cache configurations. Workstation processors and lower-core count server chips top out in the 3.2GHz -- 3.6GHz range, while the higher-core count products typically fall in the 2GHz -- 2.7GHz range. Six memory channels are supported and the chips have 48 lanes of integrated PCIe 3.0 connectivity. Power envelopes range all the way from 70W on up to 205W. The Xeon Scalable series also introduces new security, virtualization, and storage-related features, more memory bandwidth, support for AVX-512 extensions, a mesh interconnect, and enhanced hardware controlled power management, among a host of other architectural improvements. Testing of a 2P Xeon Platinum 8176 system, sporting 56 physical cores / 112 threads shows significantly increased performance and bandwidth, with only moderately higher power consumption versus a previous-gen 2P Xeon E5-2679 v4-based system.

Futurepower(R) writes: What is the best way to isolate a network from the internet and prevent intrusion of malware, while allowing carefully examined data transfer from internet-facing computers? An example of complete network isolation could be that each user would have two computers with a KVM switch and a monitor and keyboard, or two monitors and two keyboards. An internet-facing computer could run a very secure version of Linux. Any data to be transferred to that user's computer on the network would perhaps go through several Raspberry Pi computers running Linux; the computers could each use a different method of checking for malware. Windows computers on the isolated network could be updated using Autopatcher, so that there would never be a direct connection with the internet. Why not use virtualization? Virtualization does not provide enough separation; there is the possibility of vulnerabilities. Do you have any ideas about improving the example above?

New submitter Dorgendubal writes: I work for a company with more than a thousand developers and I'm participating in activities aimed at improving the work experience of developers. Our developers receive an ultrabook that is rather powerful but not really adapted for development (no admin rights, small storage capacity, restrictive security rules, etc.). They also have access to VDIs (more flexibility) but often complain of performance issues during certain hours of the day. Overall, developers want to have maximum autonomy, free choice of their tools (OS, IDE, etc.) and access to internal development environments (PaaS, GIT repositories, continuous delivery tools, etc.) . We recently had a presentation of VMWare on desktop and application virtualization (Workstation & Horizon), which is supposedly the future of the desktops. It sounds interesting on paper but I remain skeptical.

What is the best working environment for a developer, offering flexibility, performance and some level of free choice, without compromising security, compliance, licensing (etc.) requirements? I would like you to share your experiences on BYOD, desktop virtualization, etc. and the level of satisfaction of the developers.

Agam Shah, writing for PCWorld: Intel's Atom was mostly known as a low-end chip for mobile devices that underperformed. That may not be the case anymore. The latest Atom C3000 chips announced on Tuesday have up to 16 cores and are more sophisticated than ever. The chips are made for storage arrays, networking equipment, and internet of things devices. The new chips have features found mostly in server chips, including networking, virtualization, and error correction features. [...] A surprising feature in C3000 is RAS (reliability, availability, and serviceability) capabilities, which is mostly found on high-end Xeon chips. The feature corrects data errors on the fly and prevents networking and storage equipment from crashing.

Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:

• $100,000 for escaping a virtualization hypervisor
• $80,000 for a Microsoft Edge or Google Chrome exploit
• $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
• $50,000 for an Apple Safari exploit
• $30,000 for a Firefox exploit
• $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
• $200,000 for an Apache Web Server exploit

Long-time Slashdot reader paranoidd writes: GoboLinux announced Thursday the availability of a new major release. What's special about it is that it comes together with a container-free filesystem virtualization that's kind of unique thanks to the way that installed programs are arranged by the distro. Rather than having to create full-fledged containers simply to get around conflicting libraries, a lightweight solution simply plays with overlays to create dynamic filesystem views for each process that wants them. Even more interesting, the whole concept also enables 32-bit and 64-bit programs to coexist with no need for a lib64 directory (as implemented by mostly all bi-arch distributions out there).
"Instead of having parts of a program thrown at /usr/bin, other parts at /etc and yet more parts thrown at /usr/share/something/or/another, each program gets its own directory tree, keeping them all neatly separated and allowing you to see everything that's installed in the system and which files belong to which programs in a simple and obvious way."

Reader MojoKid writes: AMD is announcing a new series of Radeon-branded products today, targeted at machine intelligence and deep learning enterprise applications, called Radeon Instinct. As its name suggests, the new Radeon Instinct line of products are comprised of GPU-based solutions for deep learning, inference and training. The new GPUs are also complemented by a free, open-source library and framework for GPU accelerators, dubbed MIOpen. MIOpen is architected for high-performance machine intelligence applications and is optimized for the deep learning frameworks in AMD's ROCm software suite. The first products in the lineup consist of the Radeon Instinct MI6, the MI8, and the MI25. The 150W Radeon Instinct MI6 accelerator is powered by a Polaris-based GPU, packs 16GB of memory (224GB/s peak bandwidth), and will offer up to 5.7 TFLOPS of peak FP16 performance. Next up in the stack is the Fiji-based Radeon Instinct MI8. Like the Radeon R9 Nano, the Radeon Instinct MI8 features 4GB of High-Bandwidth Memory (HBM) with peak bandwidth of 512GB/s. The MI8 will offer up to 8.2 TFLOPS of peak FP16 compute performance, with a board power that typical falls below 175W. The Radeon Instinct MI25 accelerator will leverage AMD's next-generation Vega GPU architecture and has a board power of approximately 300W. All of the Radeon Instinct accelerators are passively cooled but when installed into a server chassis you can bet there will be plenty of air flow. Like the recently released Radeon Pro WX series of professional graphics cards for workstations, Radeon Instinct accelerators will be built by AMD. All of the Radeon Instinct cards will also support AMD MultiGPU (MxGPU) hardware virtualization technology.

An anonymous reader writes from a report via BleepingComputer: The security protocol that governs how virtual machines share data on a host system powered by AMD Zen processors has been found to be insecure, at least in theory, according to two German researchers. The technology, called Secure Encrypted Virtualization (SEV), is designed to encrypt parts of the memory shared by different virtual machines on cloud servers. AMD, who plans to ship SEV with its upcoming line of Zen processors, has published the technical documentation for the SEV technology this past April. The German researchers have analyzed the design of SEV, using this public documentation, and said they managed to identify three attack channels, which work, at least in theory.

[In a technical paper released over the past weekend, the researchers described their attacks:] "We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor." AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.