Linux Weekly Roundup: Ubuntu Under Siege, New Exploits, Government Open Source Initiatives, and More

This week in the Linux world brought a mix of concerning security events and promising open-source developments. Ubuntu faced a prolonged DDoS attack on its core services, followed by a Twitter account compromise used for crypto scams. A new Linux privilege escalation exploit named 'Copy Fail' was disclosed, but desktop users need not panic. On the positive side, the Dutch government is building its own code hosting platform using Forgejo, and Germany's Sovereign Tech Agency is funding open-source maintainers to participate in standards bodies. Microsoft also made news: VS Code mistakenly credited Copilot for human-written commits, and the company open-sourced the original MS-DOS source code. Meanwhile, the community saw Linux running on a PS5, a new terminal file manager, and updates on Linux Mint and Ubuntu flavors. Dive into the details below.

What happened to Ubuntu's services and Twitter account last week?

Ubuntu's parent company, Canonical, suffered a Distributed Denial of Service (DDoS) attack that lasted nearly a week. The attack flooded servers with traffic, taking key services offline or making them unreliable. Affected platforms included ubuntu.com, the Snap Store, Launchpad, and several other Canonical-owned sites. Users who experienced issues running snap install commands or pulling from a PPA during that period can now see the cause. As if that weren't enough, the official Ubuntu Twitter account was compromised shortly after and used to promote a cryptocurrency scam. The account has since been secured, but the incident highlights the ongoing challenges of maintaining security for a widely used open-source ecosystem. Canonical has not disclosed the full extent of the damage, but no data breaches have been reported.

Linux Weekly Roundup: Ubuntu Under Siege, New Exploits, Government Open Source Initiatives, and More — Source: itsfoss.com

What is the 'Copy Fail' Linux exploit and should desktop users be worried?

'Copy Fail' is a local privilege escalation vulnerability affecting Linux systems. Similar to previous exploits like Dirty Pipe, it allows an attacker with existing local access to elevate their privileges to root. The flaw resides in the kernel's handling of copy-on-write operations. However, for typical desktop Linux users, there is little immediate cause for alarm. Exploiting 'Copy Fail' requires an attacker to already have a foothold on the system—for example, through a compromised user account or a malicious application. The best defense is to keep your system updated, as kernel patches have been released by major distributions. Run your package manager regularly to apply updates. If you're a server administrator or run multi-user environments, pay closer attention. For most individuals, simply staying current with updates is sufficient to close this attack vector.

How is the Dutch government promoting open source with Forgejo?

The Dutch government is taking open source seriously by building its own code hosting platform based on Forgejo, a community-driven Git hosting software forked from Gitea. The initiative is part of a broader push to reduce dependency on proprietary services and increase transparency. The soft launch already includes four ministries, several municipalities, and the Electoral Council's vote-counting software. This move not only strengthens the government's digital sovereignty but also encourages reuse of code across public institutions. By hosting their own infrastructure, they gain control over security, data privacy, and licensing. It's a positive example of how governments can champion open-source tools while building trust in public sector software. The project is still evolving, but early adoption by key agencies signals a lasting commitment.

How is Germany's Sovereign Tech Agency helping open-source maintainers?

Germany's Sovereign Tech Agency (STA) launched a paid pilot program aimed at helping independent open-source maintainers participate in internet standards development. Organizations like the IETF, W3C, and ISO create the standards that underpin the web, but attending their working groups requires time and money that volunteer maintainers often lack. The STA pilot provides funding so that maintainers of critical open-source projects can attend meetings, contribute to specification drafts, and advocate for developer-friendly standards. This is a significant step toward making the standards process more inclusive, ensuring that the people who actually build on these standards have a voice. The program also covers travel and accommodation costs, removing barriers to participation. It's a model that could be replicated by other governments seeking to strengthen the open-source ecosystem.

What was the controversy with VS Code and Copilot crediting?

Microsoft's VS Code editor was found to be crediting the GitHub Copilot AI as the author of commits that were written entirely by humans—even on machines where Copilot had been explicitly disabled. This happened because a single pull request changed a default setting without any release note or user-facing notification. The setting, once enabled, would attribute authorship to Copilot without clear consent. Many developers were rightfully upset, as it undermines the transparency of contribution tracking. Microsoft later acknowledged the issue and rolled back the change. The incident underscores the importance of clear communication when altering default behaviors in developer tools, especially those that touch on authorship and attribution. It also raises broader questions about AI integration in development workflows and the need for explicit opt-in mechanisms.

Why did Microsoft open source DOS code and what does it mean?

To celebrate the 45th birthday of MS-DOS, Microsoft open-sourced the original 86-DOS source code under the permissive MIT license. This code was the foundation of the operating system that Microsoft purchased for just under $100,000 and later turned into a multibillion-dollar business. Open sourcing it won't change modern computing, but it's a valuable historical artifact. Historians, enthusiasts, and educators can now study the code that launched a era. The move also aligns with Microsoft's broader embrace of open source under CEO Satya Nadella. While the code is mostly of archival interest, it serves as a reminder of how a relatively modest investment can have outsized impact. The source is available on GitHub, where it has already garnered interest from retrocomputing communities.

What other notable updates happened in the Linux community this week?

Several other stories caught attention: First, Linux can now run on a PlayStation 5, with a documented process that any enthusiast can follow. This opens up new possibilities for homebrew and server projects on powerful console hardware. Second, an awesome terminal-based file manager was highlighted, offering a fast, keyboard-driven alternative to GUI explorers. Third, Linux Mint released new HWE ISO images that include updated hardware support out of the box. Additionally, Ubuntu's official flavor list shrank with version 26.04, as maintainer Roland argues it's a necessary correction to focus resources. Finally, Linux Mint stretched its release cycle to December 2026, giving existing users a stable target. These updates show the vibrant, ever-evolving nature of the open-source ecosystem, balancing security, usability, and community governance.