|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- Python: The Documentary
Attendees at EuroPython had the chance to preview part ofPython: The Documentary during akeynote panel. The full film, created by CultRepo, is now available on YouTube:
This is the story of the world's most beloved programming language:Python. What began as a side project in Amsterdam during the 1990sbecame the software powering artificial intelligence, data science andsome of the world's biggest companies. But Python's future wasn'tcertain; at one point it almost disappeared.
This 90-minute documentary features Guido van Rossum, TravisOliphant, Barry Warsaw, and many more, and they tell the story ofPython's rise, its community-driven evolution, the conflicts thatalmost tore it apart, and the language's impact on... well...everything.
The videoof the keynote is also available.
- Seven stable kernels for Thursday
Greg Kroah-Hartman has announced the release of the 6.16.4, 6.12.44, 6.6.103, 6.1.149, 5.15.190, 5.10.241, and 5.4.297 stable Linux kernels. Each onecontains important fixes.
- [$] Changing GNOME technical governance?
The GNOME project, which recently celebrated its28th birthday, has never had a formal technical governance; progresshas been driven by individuals and groups that advocated for—and workedtoward—a particular goal in an ad hoc fashion. Longtime GNOME contributorEmmanuele Bassi would like to see that change by adding cross-project teamsand a steering committee for the project; to that end, he gave a talk (YouTubevideo) at GUADEC 2025in late July on his idea to establish some technical governance for theproject. He also put together a blogpost with his notes from the talk. The audience reaction wasfavorable, so he has followed up on the GNOME discussion forum with an RFC ongovernance to try to move the effort along.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (aide, firefox, kernel, and mod_http2), Debian (chromium and unbound), Fedora (mod_auth_openidc), Oracle (fence-agents and kernel), SUSE (ignition, jetty-minimal, kernel, libmozjs-128-0, matrix-synapse, postgresql13, postgresql15, postgresql16, and postgresql17), and Ubuntu (kernel).
- [$] LWN.net Weekly Edition for August 28, 2025
Inside this week's LWN.net Weekly Edition:
Front: Groklaw takeover; CRL cache sharing; browsers and XSLT; Microdot; restartable sequences; shadow-stack control Briefs: Android restrictions; Arch services; GhostBSD 25.02; FFmpeg 8.0; PyCon videos; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- Rosenzweig: Dissecting the Apple M1 GPU, the end
Alyssa Rosenzweig has written a blog postabout her work to help ship a "great driver" for the Apple M1GPU that supports OpenGL, Vulkan, and enables gaming with Proton.
We've succeeded beyond my dreams. The challenges I chased, I havetackled. The drivers are fully upstream in Mesa. Performance isn't toobad. With the Vulkan on Apple myth busted, conformant Vulkan is nowcoming to macOS via LunarG'sKosmicKrisp project building on my work.
Satisfied, I am now stepping away from the Apple ecosystem. Myfriends in the Asahi Linux orbit will carry the torch from here.
Rosenzweig indicates her next project will be working on Intel'scovered her talk on AppleM1/M2 GPU drivers in October 2024.
- [$] The tangled web of XSLT browser support
The ExtensibleStylesheet Language Transformations (XSLT) language is used by webbrowsers to style XML content to make it easily readable; XSLT is part of theHTML livingstandard that is maintained by the Web Hypertext Application TechnologyWorking Group (WHATWG). Only a small fraction of web sites servecontent that requires web browsers to support XSLT, in part becausemajor browser implementations have neglected the technology over the past 25years. Now, it seems, they would like to rid themselves of itentirely. A planto disable XSLT in Blink (Chrome's rendering engine) and a pull request bya Google Chrome developer to remove mentions of the specification fromthe HTML standard have been met with opposition, but arguments infavor of XSLT have proven ineffective.
- GhostBSD 25.02 released
The GhostBSD project has released version 25.02 of theFreeBSD-based desktop operating system. This release brings GhostBSDup to date with FreeBSD 14.3,includes enhancements for the Software Station package managementapplication, and introduces an "OS X-like" desktop environmentbased on GNUstep called Gershwin:
This early preview includes:
GNUstep-based desktop environment with familiar OS X-styleinterfaceSeamless integration with GhostBSD tools through wrappers forinstaller, Software Station, Backup Station, and Update StationSupport for running non-GNUstep applications alongside GNUstepappsSeveral included GNUstep applications to get you started
LWN covered GhostBSDin June 2024.
- [$] The need to reliably preserve our community history
The Internet is a wonderful thing; it allows anybody to look upinformation of interest. Included in all of that is the history of thefree-software development community; how we got to where we are says a lotabout why things are the way they are and what might come next. So thetakeover of Groklaw rings a loud alarm; we have been reminded that historystored on the Internet is an ephemeral thing and cannot be expected toremain available forever.
- Security updates for Wednesday
Security updates have been issued by Debian (node-cipher-base), Fedora (keylime-agent-rust and libtiff), Oracle (aide, kernel, mod_http2, pam, pki-deps:10.6, python-cryptography, python3, python3.12, and thunderbird), SUSE (cheat, ffmpeg, firebird, govulncheck-vulndb, postgresql17, tomcat, tomcat10, tomcat11, ucode-intel-20250812, and v2ray-core), and Ubuntu (binutils, gst-plugins-base1.0, gst-plugins-good1.0, and linux-raspi-realtime).
- [$] Shadow-stack control in clone3()
Shadow stacks are a control-flow-integrity feature designed to defendagainst exploits that manipulate a thread's call stack. The kernel firstgained support for hardware-implemented shadowstacks, for the x86 architecture, in the 6.6 release; 64-bit Armsupport followed in 6.13. This feature does not give user space muchcontrol over the allocation of shadow stacks for new threads, though; a patchseries from Mark Brown may, after many attempts, finally be aboutto change that situation.
- Security updates for Tuesday
Security updates have been issued by Debian (ffmpeg, firebird3.0, and luajit), Fedora (chromium, python3-docs, and python3.13), Oracle (aide, firefox, glibc, libxml2, and tomcat), Red Hat (aide, git, kernel, kernel-rt, libarchive, pam, python-cryptography, python3, python3.12, and webkit2gtk3), SUSE (cmake3, ffmpeg-4, kernel, kubernetes1.18, libqt4, minikube, net-tools, pam, postgresql16, proftpd, python-urllib3, python311, python312, python36, tomcat10, tomcat11, and webkit2gtk3), and Ubuntu (nginx).
- New restrictions on Android app sideloading
Google has announceda new set of restrictions on the ability of users to install apps on theirown devices:
Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down. Think of it like an ID check at the airport, which confirms a traveler's identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from.
- PyCon US 2025 recap and recordings
The PyCon team has announcedthat all PyCon US 2025 recordings are now available on itsYouTube channel.
We had an amazing and diverse group of community members join us forPyCon US 2025, attending from 58 different countries! By the numbers,we welcomed a total attendance of 2,225 Pythonistas to the DavidL. Lawrence Convention Center. We couldn't be more grateful for allwho supported the Python ecosystem and helped make PyCon US 2025 ahuge success.
See the LWNconference index for coverage of some of the talks fromPyCon US 2025.
- [$] Linux's missing CRL infrastructure
In July 2024,Let's Encrypt, the nonprofit TLS certificate authority (CA),announcedthat it would be ending support for theonline certificate status protocol(OCSP), which is used to determine when a server's signing certificate has beenrevoked. This prevents a compromised key from being used to impersonate a webserver.The organization cited privacy concerns, and recommended that peoplerely oncertificate revocation lists (CRLs)instead. On August 6, Let's Encryptfollowed through and disabled its OCSP service. This poses aproblem for Linux systems that must now rely on CRLs because, unlike on otheroperating systems, there is no standardized way for Linux programs to share aCRL cache.
- Linux 6.17 Showing Off Some Nice Gains For 5th Gen AMD EPYC "Turin" Performance
Earlier this week I provided benchmarks looking at the Linux 5.15 LTS through Linux 6.17 Git kernel performance using the latest stable and development kernels compared to the Long Term Support (LTS) kernels over the past four years. For having hardware support back to Linux 5.15 I was using an AMD EPYC Milan-X server. In those benchmarks there were some nice gains and even from Linux 6.16 to 6.17 Git was around a 3% geo mean improvement. So I was curious to run some benchmarks on the latest-generation AMD EPYC 9005 "Turin" processors to see if there was similar uplift there...
- DongshanPi Previews RK3576-Based SBC Targeted at Computer Vision
DongshanPi has shared early details about an upcoming SBC designed for AI and computer vision education. Based on the Rockchip RK3576, the DshanPi-A1 supports OpenCV and multimedia workloads through a software stack built around ArmbianOS (community-supported) and Rockchip’s media and inference libraries. DshanPi-A1 features the Rockchip RK3576, an octa-core processor with four Cortex-A72 and four […]
- Linux Patches To Unconditionally Enable Architecture-Optimized BLAKE2s Support
While Linus Torvalds doesn't too often like new kernel options being enabled by default, one area where it has proven beneficial and otherwise an oversight by those configuring their own kernel builds is the architecture-optimized crypto algorithm implementations. Some will enable support for different kernel crypto algorithms only to forget or be unaware that there are CPU architecture specific implementations that can also typically be enabled for much better performance over the common code. Google engineer Eric Biggers has been cleaning this up and BLAKE2s is the latest receiving treatment...
- Google and Zed push protocol to pry AI agents out of VS Code's clutches
Because not every bot wants to live inside Microsoft's walled gardenGoogle and code editor company Zed Industries have introduced the Agent Client Protocol (ACP) as a standard way for AI agents to integrate with an IDE, with the idea that this will prevent developers getting locked into VS Code.…
- Olimex Showcases ESP32-C5-EVB Development Board
Olimex has announced the ESP32-C5-EVB, an open-source hardware evaluation board based on the ESP32-C5-WROOM-N8R4 module from Espressif. The board integrates dual-band Wi-Fi 6, Bluetooth 5 LE, Zigbee/Thread, relays, opto-isolated inputs, and LiPo UPS support, and is designed as a flexible platform for IoT development and prototyping. The ESP32-C5 is the first RISC-V microcontroller supporting dual-band […]
- Bun JS toolkit adds MySQL driver, secrets API, YAML, and more
Feature bloat, or added value for this JavaScript toolkit?The Bun team has released version 1.2.21 of its JavaScript bundler and runtime, written in Zig, adding features including built-in drivers for MySQL and SQLite, a YAML parser, and a secrets manager for tools and local development.…
- Mesa 25.1.9 Released To End Out The Mesa 25.1 Series
With Mesa 25.2.1 recently having been released, the prior quarter's Mesa 25.1 series is now drawing to a close. Excellent Mesa release manager Eric Engestrom released Mesa 25.1.9 as one last point release for Mesa 25.1 before ending this branch...
- Nanoparticles Turn Houseplants Into Night Lights
Longtime Slashdot reader cristiroma shares a report from New Atlas: Wouldn't it be great if the plants in your home could do more than just sit there looking pretty? Researchers at South China Agricultural University in the city of Guangzhou have found a way to upgrade them into soft glowing night lights in a range of hues, with the use of nanoparticles. The team developed a light-emitting phosphor compound that enabled succulents with fleshy leaves to charge in sunlight or indoor LED light in just a couple of minutes, and then emit a soft uniform glow that lasts up to two hours. The afterglow phosphor compound -- which is similar to those found in glow-in-the-dark toys -- is inexpensive, biocompatible, and negates the need for more complex methods of infusing bioluminescence in plants, like genetic modification. It simply gets injected into the leaves. [...] Beyond modifying a commercial compound for this project, the team also had to figure out the right size for the phosphor particles so they'd work as intended inside plants. Shuting Liu, first author on the study that appeared in Matter this week, noted, "Smaller, nano-sized particles move easily within the plant but are dimmer. Larger particles glowed brighter but couldn't travel far inside the plant." Through extensive testing, the researchers arrived at an optimal size of around 7 micrometers, about the width of a red blood cell. They also determined through experimentation that the particles worked best in succulents, rather than plants with thinner leaves like bok choy. Once they'd landed on the right particle size, loading concentration, and plant type, the team found that the phosphor material diffused into succulent leaves almost instantly, and uniformly lit up entire leaves -- enough to illuminate nearby objects. The scientists were also able to create modified phosphors that glowed in colors like green, red, and blue. That could make for novel indoor or garden decor, as well as pathway lighting. These luminous plants also don't cost much -- according to Liu, "Each plant takes about 10 minutes to prepare and costs a little over 10 yuan (about $1.4), not including labor." Over the course of 10 days, the injected plants didn't show any signs of damage, yellowing, structural integrity, or even reduced levels of chlorophyll.
 
Read more of this story at Slashdot.
- Florida Deploys Robot Rabbits To Control Invasive Burmese Python Population
An anonymous reader quotes a report from CBS News: They look, move and even smell like the kind of furry Everglades marsh rabbit a Burmese python would love to eat. But these bunnies are robots meant to lure the giant invasive snakes out of their hiding spots. It's the latest effort by the South Florida Water Management District to eliminate as many pythons as possible from the Everglades, where they are decimating native species with their voracious appetites. In Everglades National Park, officials say the snakes have eliminated 95% of small mammals as well as thousands of birds. "Removing them is fairly simple. It's detection. We're having a really hard time finding them," said Mike Kirkland, lead invasive animal biologist for the water district. "They're so well camouflaged in the field." The water district and University of Florida researchers deployed 120 robot rabbits this summer as an experiment. Previously, there was an effort to use live rabbits as snake lures but that became too expensive and time-consuming, Kirkland said. The robots are simple toy rabbits, but retrofitted to emit heat, a smell and to make natural movements to appear like any other regular rabbit. "They look like a real rabbit," Kirkland said. They are solar powered and can be switched on and off remotely. They are placed in small pens monitored by a video camera that sends out a signal when a python is nearby. "Then I can deploy one of our many contractors to go out and remove the python," Kirkland said. The total cost per robot rabbit is about $4,000, financed by the water district, he added.
Read more of this story at Slashdot.
- Amtrak's New 160mph Acela Trains Take Just As Long As the Old Ones
Amtrak's new 160 mph tilting Acela trains have debuted on the Northeast Corridor, offering smoother rides, upgraded interiors, faster Wi-Fi, and 27% more seating capacity. However, "they don't complete the journey any faster than the old trains," reports The Independent. From the report: Acela runs from Washington, DC's Union Station to Boston via Philadelphia, New York Penn Station, New Haven, and Providence. It's a total distance of 457 miles, with the fastest next-gen Acela journey being six hours and 43 minutes, five minutes slower than the quickest end-to-end time offered by the old Acela trains, introduced in 2000. However, this may be because, as is common practice with new trains the world over, Amtrak is scheduling longer dwell times at stations so staff and passengers can adjust to them. The next-gen sets have a top service speed that's 10mph faster -- though this can only be achieved on certain sections of the mostly 110mph route -- and an enhanced "anticipative" tilting system that allows for higher speeds through curves.
Read more of this story at Slashdot.
- Microsoft Reveals Two In-House AI Models
Today, Microsoft unveiled two in-house AI models: MAI-Voice-1, a high-speed speech-generation system now live in Copilot, and MAI-1-Preview, its first end-to-end foundation model trained on 15,000 H100 GPUs. Neowin reports: MAI-Voice-1 is a speech generation model and is already available in Copilot Daily and Podcasts. To preview the full capabilities of this voice model, Microsoft has created a new Copilot Labs experience that anyone can try today. With the Copilot Audio Expressions experience, users can just paste text content and select the voice, style, and mode to generate high-fidelity, expressive audio. They can also download the generated audio if required. Microsoft also highlighted that this MAI-Voice-1 model is very fast and efficient. In fact, it can generate a full minute of audio in under a second on a single GPU. Second, Microsoft has begun public testing of MAI-1-preview on LMArena, a popular platform for community model evaluation. This represents MAI's first foundation model trained end-to-end and offers a glimpse of future offerings inside Copilot. They are actively spinning the flywheel to deliver improved models and will have much more to share in the coming months. MAI-1-preview is an MoE (mixture-of-experts) model, pre-trained and post-trained on nearly 15,000 NVIDIA H100 GPUs. Notably, MAI-1-preview is Microsoft's first foundation model trained end-to-end in-house. Microsoft claims that this model is better at following instructions and can offer helpful responses to everyday user questions. Microsoft will be rolling out this new model to certain text use cases within Copilot over the coming weeks.
Read more of this story at Slashdot.
- Microsoft Expands Xbox Cloud Gaming to Cheaper Game Pass Tiers
Microsoft is testing new Xbox Game Pass features with Insiders, letting Core and Standard subscribers stream cloud-enabled titles they own or access via subscription across more devices, including supported TVs and browsers. These tiers will also gain access to select PC game versions for the first time. From a Xbox blog post: We're always exploring more ways to make your Xbox experience centered around you -- your content, benefits, and playstyle. That's why we're making it easier to enjoy the games you love, wherever you are, and on any device. Starting today, Xbox Insiders are invited to try out new updates in Xbox Game Pass that make it easier to stream and play across more devices. Xbox Insiders subscribed to Xbox Game Pass Core or Standard now have even more freedom to play wherever they are with Xbox Cloud Gaming (Beta). As part of this Insider experience, Xbox Game Pass Core and Standard subscribers will be able to stream cloud playable games included with their subscription or select cloud playable games they own, making it easier to jump in from any supported device. [...] We're expanding the ways players can experience PC gaming through Xbox Game Pass. As part of testing, Xbox Insiders subscribed to Game Pass Core or Standard will for the first time gain access to PC versions of select titles, giving you even more flexibility and the choice to play on a PC or Windows handheld."
Read more of this story at Slashdot.
- Stellantis Shelves Level 3 Driver-Assistance Program
Stellantis has put its fully developed Level 3 driver-assistance system on hold due to high costs, technical hurdles, and weak consumer demand. Reuters reports: As recently as February, Stellantis said its in-house system, which is part of the AutoDrive program, was ready for deployment and a key pillar of its strategy. The company said the system, which enables drivers to have their hands off the wheel and eyes off the road under certain conditions, would allow them to temporarily watch movies, catch up on emails, or read books. That Level 3 software was never launched, the company confirmed to Reuters. But it stopped short of saying that the program was canceled. "What was unveiled in February 2025 was L3 technology for which there is currently limited market demand, so this has not been launched, but the technology is available and ready to be deployed," a Stellantis spokesperson said. The three sources, however, said that the program was put on ice and is not expected to be deployed. When asked how much time and money was lost on the initiative, Stellantis declined to say, responding that the work done on AutoDrive will help support its future versions. [...] Stellantis said it is leaning on aiMotive, a tech startup it acquired in 2022, to deliver the next generation of the AutoDrive program. Stellantis declined to say when that program would be ready for market or if it would include Level 3 capability.
Read more of this story at Slashdot.
- FFmpeg 8 Can Now Subtitle Your Videos on the Fly
FFmpeg 8.0 brings GPU-accelerated video encoding via Vulkan -- and can now subtitle your videos automatically using integrated speech recognition. From a report: At the start of the week, the FFmpeg project released its eighth major version. It's codenamed "Huffman" after the Huffman code algorithm, which was invented in 1952, making it one of the oldest lossless compression algorithms. [...] The changelog lists 30 significant changes, of which the top new feature is integrating Whisper. This means whisper.cpp, which is Georgi Gerganov's entirely local and offline version of OpenAI's Whisper automatic speech recognition model. The bottom line is that FFmpeg can now automatically subtitle videos for you.
Read more of this story at Slashdot.
- Microsoft's Copilot AI is Now Inside Samsung TVs and Monitors
An anonymous reader shares a report: Microsoft's Copilot AI assistant is officially coming to TVs, starting with Samsung's 2025 lineup of TVs and smart monitors. With the integration, you can call upon Copilot and ask for movie suggestions, spoiler-free episode recaps, and other general questions. On TV, Copilot takes on a "friendly, animated presence" that resembles the opalescent Copilot Appearance Microsoft showed off last month, though in a color that makes it look more like a personified chickpea. The beige blob will float and bounce around your screen, while its mouth moves in line with its responses.
Read more of this story at Slashdot.
- Microsoft Refuses To Divulge Data Flows To Police Scotland
Police Scotland and the Scottish Police Authority (SPA) are pressing ahead with a Microsoft Office 365 rollout despite Microsoft refusing to disclose where sensitive law enforcement data will be processed. Freedom of Information documents reveal that Microsoft cannot guarantee data sovereignty, may process data in "hostile" jurisdictions, retains encryption key control, and blocks vetting of overseas staff -- all leaving the force unable to comply with strict Part 3 data protection rules. Slashdot reader Mirnotoriety shares an excerpt from a Computer Weekly article: "MS is unable to specify what data originating from SPA will be processed outside the UK for support functions," said the SPA in a detailed data protection impact assessment (DPIA) created for its use of O365. "To try and mitigate this risk, SPA asked to see ... [the transfer risk assessments] for the countries used by MS where there is no [data] adequacy. MS declined to provide the assessments." The SPA DPIA also confirms that, on top of refusing to provide key information, Microsoft itself has told the police watchdog it is unable to guarantee the sovereignty of policing data held and processed within its O365 infrastructure. "Microsoft states in their own risk factors that O365 is not designed for processing the data that will be ingested by SPA," said the DPIA, adding that while the system can be configured in ways that would allow the processing of "high-value" policing data, "that bar is high." It further added that while Microsoft previously agreed to make a number of changes to the data processing addendum (DPAdd) being used for Police Scotland's Azure-based Digital Evidence Sharing Capability (DESC) -- the nature of which is still unclear -- Microsoft has advised that "O365 operates in a completely different manner and there is currently no way to guarantee data sovereignty." It further noted that while a similar "ancillary document, like that provided ... via the DESC project" could afford "some level of assurance" for international transfers generally, it would still fall short of Part 3 requirements to set out exactly which types of data are processed and how.
Read more of this story at Slashdot.
- Imgur's Community Is In Full Revolt Against Its Owner
Imgur users have flooded the image-hosting site's front page with pictures of John Oliver giving the middle finger to parent company MediaLab AI. The revolt follows staff layoffs that eliminated human moderators and the breakdown of core site functions including video playback for non-logged-in users and failed image uploads. A former employee confirmed MediaLab AI laid off Imgur's moderation team without notice and reassigned remaining staff to other projects. The company acquired Imgur in 2021 after founder Alan Schaaf departed. MediaLab AI faces lawsuits from Schaaf and other former site owners over allegedly withheld acquisition payments.
Read more of this story at Slashdot.
- Japanese Town Proposes Two-Hour Daily Limit on Smartphones
A central Japanese town wants to limit smartphone use for all its 69,000 residents to two hours a day, in a move that has sparked intense debate on device addiction. From a report: The proposal, believed to be the first of its kind in Japan, is currently being debated by lawmakers after being submitted by Toyoake municipal government in Aichi earlier this week. Toyoake's mayor said the proposal -- which only applies outside of work and study -- would not be strictly enforced, but rather was meant to "encourage" residents to better manage their screen time. There will be no penalties for breaking the rule, which will be passed in October if approved by lawmakers. "The two hour limit... is merely a guideline... to encourage citizens," Toyoake Mayor Masafumi Koki said in a statement. "This does not mean the city will limit its residents' rights or impose duties," he said.
Read more of this story at Slashdot.
- US To Publish Economic Data On Blockchain, Commerce Chief Says
U.S. Commerce Secretary Howard Lutnick announced that the Department of Commerce will begin publishing GDP statistics on the blockchain, touting it as part of President Trump's push to make America a "crypto government." CoinTelegraph reports: Lutnick made the announcement during a White House cabinet meeting on Tuesday, describing the effort as a move to expand blockchain-based data distribution across government agencies. Speaking to US President Donald Trump and other government officials, he said: "The Department of Commerce is going to start issuing its statistics on the blockchain, because you are the crypto president, and we are going to put our GDP on the blockchain so people can use it for data and distribution." Lutnick said the initiative will begin with GDP figures and could expand across federal departments after the Commerce Department finishes "ironing out all of the details" for the implementation.
Read more of this story at Slashdot.
- TransUnion Says Hackers Stole 4.4 Million Customers' Personal Information
An anonymous reader quotes a report from TechCrunch: Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers' personal information. In a filing with Maine's attorney general's office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers' personal data for its U.S. consumer support operations. TransUnion claimed "no credit information was accessed," but provided no immediate evidence for its claim. The data breach notice did not specify what specific types of personal data were stolen. In a separate data breach disclosure filed later on Thursday with Texas' attorney general's office, TransUnion confirmed that the stolen personal information includes customers' names, dates of birth, and Social Security numbers. [...] It's not clear who is behind the breach at TransUnion, or if the hackers made any demands to the company.
Read more of this story at Slashdot.
- Anthropic Will Start Training Its AI Models on Chat Transcripts
Anthropic will start training its AI models on user data, including new chat transcripts and coding sessions, unless users choose to opt out. The Verge: It's also extending its data retention policy to five years -- again, for users that don't choose to opt out. All users will have to make a decision by September 28th. For users that click "Accept" now, Anthropic will immediately begin training its models on their data and keeping said data for up to five years, according to a blog post published by Anthropic on Thursday. The setting applies to "new or resumed chats and coding sessions." Even if you do agree to Anthropic training its AI models on your data, it won't do so with previous chats or coding sessions that you haven't resumed. But if you do continue an old chat or coding session, all bets are off.
Read more of this story at Slashdot.
- Humans Inhale as Much as 68,000 Microplastic Particles Daily, Study Finds
Every breath people take in their homes or car probably contains significant amounts of microplastics small enough to burrow deep into lungs, new peer-reviewed research finds, bringing into focus a little understood route of exposure and health threat. The Guardian: The study, published in the journal Plos One, estimates humans can inhale as much as 68,000 tiny plastic particles daily. Previous studies have identified larger pieces of airborne microplastics, but those are not as much of a health threat because they do not hang in the air as long, or move as deep into the pulmonary system. The smaller bits measure between 1 and 10 micrometers, or about one-seventh the thickness of a human hair, and present more of a health threat because they can more easily be distributed throughout the body. The findings "suggest that the health impacts of microplastic inhalation may be more substantial than we realize," the authors wrote.
Read more of this story at Slashdot.
- China’s KylinOS Linux takes a great leap forward to v11 and kernel 6.6
Supports several Chinese chips and GPUs – and of course it has AI inside
China’s KylinSoft has delivered a major update to its flagship Linux, which Beijing hailed as a great leap forward for the nation’s ambition to develop operating systems that match and exceed the capabilities of western products.…
- FBI cyber cop: Salt Typhoon pwned 'nearly every American'
Plus millions of other people across 80+ countries
China's Salt Typhoon cyberspies hoovered up information belonging to millions of people in the United States over the course of the years-long intrusion into telecommunications networks, according to a top FBI cyber official.…
- Older developers are down with the vibe coding vibe
They use AI more but also check it more
For those who thought AI vibe coding was just for the youngsters, newly published research shows that developers with over 10 years of experience are more than twice as likely to do it.…
- DOGE delayed deals, says Nutanix
But private cloud contender sees upside in its modernization mission
Donald Trump's DOGE cost-cutting unit has made it harder to do business with the US federal government, according to private cloud contender Nutanix.…
- vSphere upgrades are not near the top of VMware's to-do list
Nor is its Arm port
When VMware delivered its Cloud Foundation 9 suite in June, it marked the end of a two-year push to integrate its compute, storage, and networking products. What’s next for the Broadcom business unit? At the VMware Explore conference this week, The Register sniffed out a few other items on its to-do list.…
- Whisper it: FFmpeg 8 can now subtitle your videos on the fly
Media multitool taps Vulkan for GPU encoding, adds VVC support, and dusts off some ancient formats
FFmpeg 8.0 brings GPU-accelerated video encoding via Vulkan – and can now subtitle your videos automatically using integrated speech recognition.…
- Google and Zed push protocol to pry AI agents out of VS Code's clutches
Because not every bot wants to live inside Microsoft's walled garden
Google and code editor company Zed Industries have introduced the Agent Client Protocol (ACP) as a standard way for AI agents to integrate with an IDE, with the idea that this will prevent developers getting locked into VS Code.…
- Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK
Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is already being actively exploited in the wild.…
- Good morning, Brit Xbox fans – ready to prove your age?
Microsoft blames incoming UK Online Safety Act, says you have until 2026
Microsoft has begun emailing users of its Xbox gaming platform with likely unwelcome news: users will need to verify their age if they want to keep access to the company's various social services, and it's blaming the UK Online Safety Act.…
- UK unions want 'worker first' plan for AI as people fear for their jobs
Labor group says new technologies could increase inequality if we're not careful
AI-Pocalypse Over half of the British public are worried about the impact of AI on their jobs, according to employment unions, which want the UK government to adopt a "worker first" strategy rather than simply allowing corporations to ditch employees for algorithms.…
- Wastewater monitoring project could catch next pandemic early, says health agency
UK starts early warning system combing through stuff that folks flush away
The UK Health Security Agency is looking to set up an early warning system ahead of future pandemics, launching a £1.3 million (around $1.75 million) program to identify "cutting-edge technologies" which could turn people's pee and poop into valuable data on the spread of viruses.…
- ChatGPT hates LA Chargers fans
Harvard researchers find model guardrails tailor query responses to user's inferred politics and other affiliations
OpenAI's ChatGPT appears to be more likely to refuse to respond to questions posed by fans of the Los Angeles Chargers football team than to followers of other teams.…
- Sting nails two front firms in Nork IT worker scam
There's also a rogue Russian on the list
The US Treasury Department has announced sanctions against two Asian companies and two individuals for allegedly helping North Korean IT workers fake their way into US jobs.…
- Word to autosave new docs to the cloud before you can even hit Ctrl+S
Feature rolls out to Microsoft 365 Insiders, stashing unnamed files in OneDrive by default
Ever get that sinking feeling when Word crashes before you've made your first save? An application update is set to save the day by automatically enabling autosave to the cloud for new documents, before you've even given them a filename.…
- Bun JS toolkit adds MySQL driver, secrets API, YAML, and more
Feature bloat, or added value for this JavaScript toolkit?
The Bun team has released version 1.2.21 of its JavaScript bundler and runtime, written in Zig, adding features including built-in drivers for MySQL and SQLite, a YAML parser, and a secrets manager for tools and local development.…
- Nx NPM packages poisoned in AI-assisted supply chain attack
Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon
Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM registry on Tuesday evening.…
- The intruder is in the house: Storm-0501 attacked Azure, stole data, demanded payment via Teams
Don't let it happen to you
Storm-0501, a financially motivated cybercrime crew, recently broke into a large enterprise's on-premises and cloud environments, ultimately exfiltrating and destroying data within the org's Azure environment. The criminals then contacted the victim via a Microsoft Teams account that they'd also compromised in the attack, demanding a ransom payment for the stolen files.…
- Classic Psion fan releases proof-of-concept language server for OPL
Vintage computing boffinry to please palmtop enthusiasts
Vintage computing enthusiast Colin Hoad has released a gift to anyone who fondly remembers Psion's classic EPOC-based palmtops and their Open Programming Language (OPL): a language server which brings modern quality-of-life features to the OPL programmer, regardless of their development environment.…
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Xen 4.19 is released
Xen Project 4.19 has been officially out since July 31st, 2024, and it brings significant updates. With enhancements in performance, security, and versatility across various architectures like Arm, PPC, RISC-V, and x86, this release is an important milestone for the Xen community. Read more at XCP-ng Blog
The post Xen 4.19 is released appeared first on Linux.com.
- Advancing Xen on RISC-V: key updates
At Vates, we are heavily invested in the advancement of Xen and the RISC-V architecture. RISC-V, a rapidly emerging open-source hardware architecture, is gaining traction due to its flexibility, scalability and openness, which align perfectly with our ethos of fostering open development ecosystems. Although the upstream version of Xen for RISC-V is not yet fully [0]
The post Advancing Xen on RISC-V: key updates appeared first on Linux.com.
- AI Produces Data-driven OpenFOAM Speedup (HPC Wire)
Researchers from TU Darmstadt, TU Dresden, Hewlett Packard Enterprise (HPE), and Intel have developed advanced applications that combine HPC simulations with AI techniques using the open-source computational fluid dynamics solver OpenFOAM and the HPE-led SmartSim AI/ML library. These applications show promise for improving the accuracy and capabilities of traditional scientific and engineering modelling with data-driven [0]
The post AI Produces Data-driven OpenFOAM Speedup (HPC Wire) appeared first on Linux.com.
- Linux 6.17 Showing Off Some Nice Gains For 5th Gen AMD EPYC "Turin" Performance
Earlier this week I provided benchmarks looking at the Linux 5.15 LTS through Linux 6.17 Git kernel performance using the latest stable and development kernels compared to the Long Term Support (LTS) kernels over the past four years. For having hardware support back to Linux 5.15 I was using an AMD EPYC Milan-X server. In those benchmarks there were some nice gains and even from Linux 6.16 to 6.17 Git was around a 3% geo mean improvement. So I was curious to run some benchmarks on the latest-generation AMD EPYC 9005 "Turin" processors to see if there was similar uplift there...
- AMD ISP4 Driver Updated As It Nears The Mainline Linux Kernel
Posted today to the Linux kernel mailing list was the patch series for introducing the AMD ISP4 driver to the mainline kernel. This supports the image signal processor IP that to date is found with HP's Strix Halo powered ZBook Ultra G1a laptop. With time, future AMD Ryzen laptops will also likely be leveraging this ISP technology for offloading more webcamera work from the CPU, but for now the HP ZBook Ultra G1a is the main beneficiary of this open-source driver...
- Linux Patches To Unconditionally Enable Architecture-Optimized BLAKE2s Support
While Linus Torvalds doesn't too often like new kernel options being enabled by default, one area where it has proven beneficial and otherwise an oversight by those configuring their own kernel builds is the architecture-optimized crypto algorithm implementations. Some will enable support for different kernel crypto algorithms only to forget or be unaware that there are CPU architecture specific implementations that can also typically be enabled for much better performance over the common code. Google engineer Eric Biggers has been cleaning this up and BLAKE2s is the latest receiving treatment...
- Agama 17 OS Installer Preps For SUSE Linux Enterprise 16.0
Ahead of the upcoming SUSE Linux Enterprise 16.0 release, SUSE engineers are busy finishing up work on their new "Agama" operating system installer. Agama 17 is now available as what will be the installer powering SUSE Linux Enterprise 16 installations or a version very similar to this latest milestone...
- x86 Ecosystem Advisory Group Aligning On FRED, AVX10 & APX
Last year Intel and AMD formed an x86 Ecosystem Advisory Group "EAG" in collaboration with key partners. The x86 Ecosystem Advisory Group is to collaborate and innovate further around the x86_64 ISA. With AMD and Intel in agreement, FRED (Flexible Return Event Delivery), AVX10, and Advanced Performance Extensions (APX) are some of the early areas where they are finding common ground and interest...
- Mesa 25.1.9 Released To End Out The Mesa 25.1 Series
With Mesa 25.2.1 recently having been released, the prior quarter's Mesa 25.1 series is now drawing to a close. Excellent Mesa release manager Eric Engestrom released Mesa 25.1.9 as one last point release for Mesa 25.1 before ending this branch...
- Framework Desktop Power Mode Tuning For Better Performance Or Power Efficiency
Continuing on with our Framework Desktop benchmarking powered by AMD Ryzen AI Max "Strix Halo", today we are looking at the performance and power impact of power mode tuning for this review sample powered by the AMD Ryzen AI Max+ 395 SoC. A wide variety of benchmarks were done across the power saver / balanced / performance power modes for looking at the impact on performance as well as thermals and power consumption.
- RADV Vulkan Driver Lands Untyped Pointers Support
Introduced earlier this month with the Vulkan API 1.4.325 spec update was the introduction of the untyped pointers extension with VK_KHR_shader_untyped_pointers and SPIR-V's underlying SPV_KHR_untyped_pointers for providing an alternative option to strongly-typed pointers. As of yesterday the Mesa Radeon Vulkan driver "RADV" is now supporting this untyped pointers extension...
- The Former Lead For Apple Graphics Drivers On Linux Is Now Working At Intel
There's a follow-up to yesterday's surprising story of Alyssa Rosenzweig stepping away from Asahi Linux and that ARM graphics driver work where she led reverse engineering and development of the Asahi Gallium3D and HoneyKrisp Vulkan drivers within Mesa. She's now working at Intel on their Linux graphics drivers...
- Latest NOVA Patches From NVIDIA Get The GSP Booting To RISC-V Active State
The NOVA open-source kernel graphics driver continues getting slowly built-up for the NVIDIA RTX 20 "Turing" and newer GPUs that sport the GPU System Processor (GSP) for easing the hardware initialization and management of modern NVIDIA GPUs within the mainline kernel. This Rust-written kernel driver now has patches pending for booting up the NVIDIA GSP to its RISC-V active state...
- Rusticl vs. Intel Compute Runtime Performance For OpenCL On Battlemage
Earlier this month I ran some benchmarks of Mesa9s Rusticl OpenCL driver against AMD ROCm on Strix Halo. Those benchmarks caught many by surprise with how well that Rust-based open-source OpenCL driver was working on AMD GPUs for being a generic OpenCL implementation built atop Mesa9s Gallium3D. For those curious about the potential of Rusticl on the Intel graphics side, here are some Battlemage benchmarks for Rusticl up against Intel9s official Compute Runtime driver stack.
- Framework Laptop 16 Upgrade Announced With Ryzen AI 300 Series, GeForce RTX 5070
While the Framework 13 was upgraded earlier this year with a motherboard upgrade for the AMD Ryzen AI 300 series "Strix Point", the larger Framework 16 has been stuck in the Zen 4 era. But today Framework announced a new upgrade path for this 16-inch modular laptop for the Ryzen AI 300 series as well as NVIDIA GeForce RTX 5070 discrete graphics...
- Open-Source R300 Driver Adds New OpenGL Extensions For Two Decade Old Radeon GPUs
While the ATI Radeon 9000 / X300 / X500 / X600 series "R300" GPU support has long been unmaintained on the Microsoft Windows driver side, thanks to the open-source community the Linux driver support keeps going for the old ATI R300 GPUs with that driver also supporting the X700 / X800 "R400" and X1000 "R500" series graphics cards too. Two more OpenGL extensions are now wired up for the old R300 Gallium3D driver within Mesa...
- AMD & IBM Team Up For Quantum-Centric Supercomputing
AMD and IBM announced a joint collaboration today around quantum-centric supercomputing. IBM's quantum computing expertise is to be paired with AMD's AI and HPC technology like their Instinct accelerators to help accelerate quantum-centric supercomputing...
- Greenboot Rust Rewrite Approved For Fedora 43
Red Hat engineers have been rewriting Greenboot in the Rust programming language to replace the Bash-written version of this generic health check framework for systemd, bootc, and RPM-OSTree based Linux environments. That Rust rewrite of Greenboot is now cleared for appearing in the Fedora Linux 43 release...
- GhostBSD Ships "Gershwin" Desktop Environment For A macOS Like Experience
GhostBSD 25.02-R14.3p2 was announced this evening as the newest incremental update to this FreeBSD 14 based operating system focused on providing a nice out-of-the-box desktop experience. Notable with this new GhostBSD release is now shipping a Gershwin community preview for this desktop environment focused on providing a Mac OS X like user experience, complete with GNUstep usage...
- Genode OS Framework 25.08 released
Genode 25.08 is ripe with deeply technical topics that have been cooking since the beginning of the year or even longer. In particular our new kernel scheduler as the flagship feature of this release has been in the works since February 2024. Section`Kernel scheduling for fairness and low latency`tells its background story and explains the approach taken. Another culmination of a long-term endeavor is the introduction of an alternative to XML syntax, specifically designed for the usage patterns of Genode and Sculpt OS. Section`Consideration of a lean alternative to XML`kicks off the practical evaluation of an idea that gradually evolved over more than two years. Also the holistic storage optimizations presented in Section`Block-storage stack renovations`are the result of careful long-term analysis, planning, and execution. ↫ Genode 25.08 release notes While these are the three tentpole features for this release, there�s a whole lot more here, as well. Genode�s Linux-based PC device drivers have all been updated to Linux 6.12, there are a ton of fixes related to USB, optional EFI boot support in VirtualBox 6, and tons more.
- The EU needs a corporate open source contribution tax! to fund open source maintainers
Open source, the thing that drives the world, the thing Harvard says has an economic value of 8.8 trillion dollars (also a big number). Most of it is one person. And I can promise you not one of those single person projects have the proper amount of resources they need. If you want to talk about possible risks to your supply chain, a single maintainer that’s grossly underpaid and overworked. That’s the risk. The country they are from is irrelevant. ↫ Josh Bressers If the massive corporations that exploit the open source world for massive personal profit don�t want to contribute back, perhaps it�s time we start making them. I envision an European Economic Area-wide open source contribution tax!, levied against any technology corporation operating within the European Economic Area, whether they actually make use of open source code or not, not entirely unlike how insurance works � you pay into it even if you don�t make any claims. Such tax could be based on revenue, number of users, or any combination thereof or other factors. The revenue from this open source contribution tax is put into an EEA-wide fund and redistributed to EEA-based open source maintainers in the form of a monetary subsidy. Such types of taxes and money redistribution frameworks already exist in virtually every country for a whole wide variety of purposes and in a wide variety of forms, both in non-commercial and commercial settings. While it may seem complicated at first, it really isn�t. The most difficult aspect is definitely figuring out who, exactly, would be eligible to receive the subsidy and how much, but that, too, is a question both governments and commercial entities answer every single day. No, it will never be perfect, and some people will receive a subsidy who shouldn�t, and some who should receive it will not, but if that�s a valid reason not to implement a tax like this, no tax or insurance should be implemented. The benefits are legion. Of course, there is the primary benefit of alleviating the thousands of open source maintainers who form the backbone of pretty much out entire digital infrastructure, which in and of itself should be reason enough. On top of that, it would also strengthen the open source world � on which, I wish to reiterate, our entire digital infrastructure is built � against the kind of infiltration we saw with XZ Utils. And to put another top on top of that, it would cement Europe, or the EEA more specifically, as the hub for open source development, innovation, and leadership, and would surely attract countless open source maintainers to relocate to Europe. In other words, it would serve the grander European ambition to become less dependent on the criminal behaviour US tech giants and the erratic behaviour of the US government. We can either wait indefinitely for those who exploit the free labour of open source maintainers to contribute, or we make them.
- In-application browsers: the worst erosion of user choice you haven�t heard of
A long, long time ago, Android treated browser tabs in a very unique way. Individual tabs were were seen as �applications�, and would appear interspersed with the recent applications list as if they were, indeed, applications. This used to be one of my favourite Android features, as it made websites feel very well integrated into the overall user experience, and gave them a sense of place within your workflows. Eventually, though, Google decided to remove this unique approach, as we can�t have nice things and everything must be bland, boring, and the same, and now finding a website you have open requires going to your browser and finding the correct tab. More approachable to most people, I�d wager, but a reduction in usability, for me. I still mourn this loss. Similarly, we�ve seen a huge increase in the use of in-application browsers, a feature designed to trap users inside applications, instead of letting them freely explore the web the moment they click on a link inside an application. Application developers don�t want you leaving their application, so almost all of them, by default, will now open a webview inside the application when you click on an outbound link. For advertising companies, like Google and Facebook, this has the additional benefit of circumventing any and all privacy protections you may have set up in your browser, since those won�t apply to the webview the application opens. This sucks. I hate in-application browsers with a passion. Decades of internet use have taught me that clicking on a link means I�m opening a website in my browser. That�s what I want, that�s what I expect, and that�s how it should be. In-application webviews entirely break this normal chain of events; not because it improves the user experience, but because it benefits the bottom line of others. It�s also a massive security risk. Worst of all, this switch grants these apps the ability to spy and manipulate third-party websites. Popular apps like Instagram, Facebook Messenger and Facebook have all been caught injecting JavaScript via their in-app browsers into third party websites. TikTok was running commands that were essentially a keylogger. While we have no proof that this data was used or exfiltrated from the device, the mere presence of JavaScript code collecting this data combined with no plausible explanation is extremely concerning. ↫ Open Web Advocacy Open Web Advocacy has submitted a detailed and expansive report to the European Commission detailing the various issues with these in-application browsers, and suggests a number of remedies to strengthen security, improve privacy, and preserve browser choice. I hope this gets picked up, because in-application browsers are just another way in which we�re losing control over our devices.
- Word to save new files on Microsoft�s servers by default
You already need custom scripts and third-party applications that make custom Windows ISOs to make installing Windows somewhat bearable � unless you enjoy spending hours manually disabling all the anti-user settings in Windows � and now there�s another setting to add to the massive, growing list of stuff you have to fix after setting up a new Windows installation. Microsoft has announced that Word will start saving every new file to OneDrive (or another provider if you�ve installed one) by default. We are modernizing the way files are created and stored in Word for Windows! Now you don’t have to worry about saving your documents: Anything new you create will be saved automatically to OneDrive or your preferred cloud destination. ↫ Raul Munoz on the Microsoft 365 Insider Blog There�s the usual spiel of how this is safer and supposedly more convenient, but I suspect the real reason Microsoft is doing this is listed right there at the end of the list of supposed benefits: this enables the use of Copilot�s AI! features right from the beginning. In other words, by automatically saving your new Word documents to OneDrive by default, you�re giving Microsoft access to whatever you write for AI! training purposes. The setting can be changed, but defaults matter and few people change them. It�s also possible to set another provider than OneDrive as your online storage, but again � defaults matter. In fact, I wouldn�t be surprised if few people will even realise their Word documents will be stored not on their local PC, but on Microsoft�s servers.
- Dick Pick�s unique database operating system
We usually at least recognize old computer hardware and software names. But Asianmoetry taught us a new one: Pick OS. This 1960s-era system was sort of a database and sort of an operating system for big iron used by the Army. The request was for an English-like query language, and TRW assigned two guys, Don Nelson and Dick Pick, to the job. The planned query language would allow for things like “list the title, author, and abstract of every transportation system reference with the principal city ‘Los Angeles’.” This was GIM or generalized information management, and, in a forward-looking choice, it ran in a virtual machine. ↫ Al Williams at Hackaday The linked article is a short summary of a YouTube video by the YouTube channel Asianometry, which goes into a lot more detail about Pick OS, where it came from, what it can do, who the people involved were, and where Pick OS eventually ended up. I had never heard of this system before, and it�s easy to see why � not only was it used almost exclusively in vertically integrated complete solutions, it was also whitelabeled, so it existed under countless different names. Regardless, it seems the people who actually had to use it were incredibly enthusiastic about it, and to this day you can read new comments from people fondly remembering how easy to use it was. It has always been proprietary, and still is to this day, apparently owned by a company called Rocket Software, who don�t seem to actually be doing anything with it.
- Guix gets a new Rust packaging model
While Nix and NixOS get all the attention when it comes to declarative package management, there are other, competing implementations of the same general idea. Guix, developed as part of the GNU Project, was originally based on Nix, but grew into its own thing. The project recently announced a major change to how it packages Rust and its countless dependencies and optional �crates�. We have changed to a simplified Rust packaging model that is easier to automate and allows for modification, replacement and deletion of dependencies at the same time. The new model will significantly reduce our Rust packaging time and will help us to improve both package availability and quality. ↫ Hilton Chain at the Guix blog I hear people talk about Nix and NixOS all the time � I tried it myself, too, but I felt I was using an IBM z17 mainframe to watch a YouTube video � and in fact, Nix has kind of become a meme in and of itself, but you never hear people talk about Guix. With this being OSNews, I�m assuming there�s going to be people here using it, and I�m incredibly curious about your experiences. What are the features and benefits that make you use it? If you�re curious � the best way to try Guix is probably to install the GNU Guix System, the Linux distribution built around Guix and Shepard, GNU�s alternative init system. It�s available for i686, x86_64, ARMv7, and AArch64, and can be virtualised too, of course.
- The size of Adobe Reader installers through the years
The following chart shows how the Adobe Reader installer has grown in size over the years. When possible, 64-bit versions of installers were used. ↫ Alexander Gromnitsky Disk space is cheap, sure, but this is insanity.
- My OpenBSD home network setup!
I recently moved to an area with more internet provider options, all of which were not satellite-based. This change allowed me leave my current provider (Starlink) and also freed my network from being locked behind CGNAT. The jump from ~150Mbps to 1Gbps has been fantastic, but the real benefit in this switch has been the ability to overhaul my home network setup. ↫ Bradley Taunt OpenBSD is generally the way to go for custom router setups, it seems, and if it wasn�t for my own full Ubiquiti setup, I�d definitely consider this too.
- Google to require developer certification to install Android applications, even outside of the Play Store
Google�s grip on Android keeps tightening. In what will certainly be another step that we will look back upon as just another nail in the coffin, Google is going to require every Android developer to register with Google, even if they don�t publish anything in the Play Store. In other words, even if you develop Android applications ad only make them available through F-Droid or GitHub, you�ll still have to register with Google and hand over a bunch of personal information and a small fee of $25. Google is effectively recreating Apple�s Gatekeeper for macOS, but on Android. It won�t come as a surprise to you that Google is doing this in the name of security and protecting users. The company claims that its own analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play!, and the main reason is that malware developers can hide behind anonymity. As such, Google�s solution is to simply deanonymise every single Android developer. Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down. Think of it like an ID check at the airport, which confirms a traveler�s identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from. This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators. ↫ Suzanne Frey at the Android Developer Blog This new policy will only apply to certified Android devices!, which means Android devices that ship with Google Play Services and all related Google stuff preinstalled. How this policy will affect devices running de-Googled Android ROMs like GrapheneOS where the user has opted to install the Play Store and Google Play Services is unclear. Google does claim the personal information you hand over as part of your registration will remain entirely private and not be shown to anyone, but that�s not going to reassure anyone. To its small credit, Google intends to create an Android Developer Console explicitly for developers who only operate outside of the Play Store, and a special workflow for students and hobbyists that waives the $25 fee. First tests will start in October of this year, with an official rollout in a number of countries later in 2026, which will then expand to cover the whole world. The first countries seeing the official rollout will be countries hit especially hard by scams (according to Google�s research, at least): Brazil, Indonesia, Singapore, and Thailand. Google has been trying to claw back control over Android for years now, and it seems the pace is accelerating lately. None of these steps should surprise you, but they should highlight just how crucially important it is that we somehow managed to come to a viable third way, something not controlled by either Apple or Google.
- I revived pkgsrc on AIX!
Earlier this year, I was trying to get actual daily work done on HP-UX 11.11 (11i v1) running on HP�s last and greatest PA-RISC workstation, the HP c8000. After weeks of frustration caused first by outdated software no longer working properly with the modern web, and then by modern software no longer compiling on HP-UX 11.11, I decided to play the ace up my sleeve: NetBSD�s pkgsrc has support for HP-UX. Sadly, HP-UX is obviously not a main platform or even a point of interest for pkgsrc developers � as it should be, nobody uses this combination � so various incompatibilities and more modern requirements had snuck into pkgsrc, and I couldn�t get it to bootstrap. I made some minor progress here and there with the help of people far smarter than I, but in the end I just lacked the skills to progress any further. This story will make it to OSNews in a more complete form, I promise. Anyway, in May of this year, it seems Brian Robert Callahan was working on a very similar problem: getting pkgsrc to work properly on IBM�s AIX. The state of packages on AIX genuinely surprises me. IBM hosts a`repository`of open source software for AIX. But it seems pretty sparse compared to what you`could`get with pkgsrc. Another`website`offering AIX packages seems quite old. I think pkgsrc would be a great way to bring modern packages to AIX. I am not the first to think this. There are AIX 7.2 pkgsrc packages available at`this repository, however all the packages are compiled as 32-bit RISC System/6000 objects. I would greatly prefer to have everything be 64-bit XCOFF objects, as we could do more with 64-bit programs. There also aren�t too many packages in that repository, so I think starting fresh is in our best interest. As we shall see, this was not as straightforward as I would have hoped. ↫ Brian Robert Callahan Reading through his journey getting pkgsrc to work properly on AIX, I can�t help but feel a bit better about myself not being to get it to work on HP-UX 11.11. Callahan was working with AIX 7.2 TL4, which was released in November 2019 and still actively supported by IBM on a maintained architecture, while I was working with HP-UX 11.11 (or 11i v1), which last got some updates in and around 2005, running on an architecture that�s well dead and buried. Looking at what Callahan still had to figure out and do, it�s not surprising someone with my lack of skill in this area couldn�t get it working. I�m still hoping someone far smarter than I stumbles upon a HP c8000 and dives into getting pkgsrc to work on HP-UX, because I feel pkgsrc could turn an otherwise incredibly powerful HP c8000 from a strictly retro machine into something borderline usable in the modern world. HP-UX is much harder to virtualise � if it�s even possible at all � so real hardware is probably going to be required. The NetBSD people on Mastodon suggested I could possibly give remote access to my machine so someone could dive into this, which is something I�ll keep under consideration.
- Windows 11 to get ability to resume applications from Android which nobody will implement
The history of Android applications on Windows is convoluted, with various failed and cancelled attempts by Microsoft to allow Windows users to run Android applications behind us. Now that these attempts are well dead and buried, Microsoft is going at it from a different perspective: what if you could continue where you left off on your Android phone, right on your Windows machine, but without having to run an Android applications on Windows? We are beginning to gradually roll out the ability to seamlessly resume using your favorite apps from your Android phone on your Windows 11 PC to Windows Insiders in the Dev and Beta Channels. To start with, you will be able to resume or continue listening to your favorite Spotify tracks and episodes right from where you left off on the Spotify app on your Android phone. First, start listening to one of your favorite songs or episodes in the Spotify app on your Android phone. On your PC (running the latest Insider Preview builds in the Dev or Beta Channels) a ‘Resume alert’`will appear on`your taskbar. When you click on that alert, Spotify’s desktop app will open and the same track will now continue playing on your PC. ↫ Amanda Langowski and Brandon LeBlanc So basically, the Spotify application on Windows will know where you left off on the Spotify application on Android, and resume playback. This is table-stakes for most services, and it doesn�t seem like it would warrant such a big announcement from Microsoft, and while I don�t use Spotify, I assume it was already built into the service anyway. It seems all Microsoft is doing is providing a nice little notification to expose that functionality a little bit more clearly, but it also explains that you need to manually link your device and the Spotify Android application to the Windows PC and Spotify Windows application, which seems like a lot of manual steps. Does this mean every application developer needs to opt into this and add this feature, thereby making it dead on arrival? Well, yes, you�ll need to add support on both sides of the equation, which I can guarantee you very few developers will do. Not only does this feature require you to already have a Windows version of your application � which, statistically, you don�t � it also requires you to do the work yourself, and manually apply to Microsoft to even gain access to the required APIs and SDKs. The odds of this feature making it beyond a few very big names Microsoft can give money to is slim.
- My other email client is a daemon
I have a slight problem wherein every time I start up a game of NetHack, I completely lose touch with my surroundings for hours on end. Thankfully`The DevTeam Thinks Of Everything`and there’s a solution that allows communication with the outside world without breaking immersion: the mail daemon! If compiled with`-DMAIL`and`OPTIONS=mail`is set in your runtime configuration (the default on Linux), NetHack will periodically check a user specified mbox file (MAIL) for new mail, and upon receiving an email a mail daemon will spawn in and deliver a scroll of mail to the player. Upon reading this scroll a mail program (MAILREADER) will be executed, which hopefully allows you to read your mail. ↫ George Huebner I love everything about this.
- Nitro: a tiny but flexible init system and process supervisor
The most unlikely subsystem of contention is definitely the init system used by Linux, with most popular distributions opting for systemd, while a vocal minority prefers to use something else. Neither of these two groups are wrong or right, as we live in a free world and different people have different needs and desires. Personally, I don�t think there�s a more utterly pointless and meaningless debate than this, and people who make the init system they use their entire personality more often than not come across as really, really sad. It�s a tool; use the one you like and move on with life. A brand new init system was recently released by Leah Neukirchen, who among a ton of other things, contributes to Void Linux. It�s called nitro, and it�s a tiny process supervisor that also can be used as pid 1 on Linux!, and it also can be used on FreeBSD supervised by FreeBSD�s init. There�s some overlap with runit here, so Neukirchen published a blog post detailing the differences between the two, which should help in getting a better understanding of what makes nitro stand apart. While both use a directory of services managed by small scripts, nitro seems to opt for a more contained, monolithic approach, as it keeps everything in a single process. On top of that, Nitro contains some new features runit doesn�t have. The focus seems to be on integrating a few capabilities that on runit require hacks, but on nitro are just built-in, like support for one-shot �services�, i.e. running scripts on up/down without a process to supervise (e.g. persist audio volume, keep RNG state)!, running service directories multiple times, and more. Nitro also maintains its runtime state in RAM and provides an IPC service to query it, meaning it can be run on read-only filesystems without special configuration. There�s a lot more information in Neukirchen�s blog post, including a look at some of the current limitations of Nitro. I highly suggest reading it, and perhaps we will see nitro as another valid alternative to the popular systemd.
- The AI! bubble is showing cracks, and Microsoft ruins Excel
It�s not AI winter just yet, though there is a distinct chill in the air. Meta is shaking up and downsizing its artificial intelligence division. A new report out of MIT finds that 95 percent of companies� generative AI programs have failed to earn any profit whatsoever. Tech stocks tanked Tuesday, regarding broader fears that this bubble may have swelled about as large as it can go. Surely, there will be no wider repercussions for normal people if and when Nvidia, currently propping up the market like a load-bearing matchstick, finally runs out of fake companies to sell chips to. But getting in under the wire, before we�re all bartering gas in the desert and people who can read become the priestly caste, is Microsoft, with the single most Who asked for this?! application of AI I�ve seen yet: They�re jamming it into Excel. ↫ Barry Petchesky at Defector I�m going to skip over the mounting and palpable uneasiness that the cracks in the AI! bubble are starting to form, and go right to that thing about Excel. Quite possible one of the most successful applications of all time, and the backbone of countless small, medium, and even large business, it started out as a Mac program to supplant Microsoft�s MultiPlan, which was being clobbered in the market by Lotus 1-2-3. It wasn�t until version 2.0 that it came to Intel, as an application that contained a Windows runtime. It was a port of Excel 2.0 for the Mac. Anyway, it took a few years, but Excel took over the market, and I don�t think any other spreadsheet program has ever even remotely threatened its market dominance ever since. Well, not until Google Sheets arrived on the scene � it�s hard to find any useful numbers, but it seems Google Sheets is insanely popular in all kinds of sectors, at least according to Statista. They claim Google�s online office suite has a 49% market share, with Microsoft Office sitting at 29%. I have no idea how that translates into the usage shares of Google Sheets versus Microsoft Excel, but it�s a sign of the times, regardless. One of the things you�d expect a spreadsheet to do is calculate numbers and tabulate data, and to do so accurately. The core competency of a computer is to compute, do stuff with numbers, and we�d flip out collective shit if our computers failed to do such basic arithmetic. So, what if I told you that Microsoft, in its infinite wisdom, has decided to add AI! to Excel, and as such, has to add a disclaimer that this means Excel may not do basic arithmetic correctly? Look, we can all disagree on the use of AI!, where it makes sense, where it doesn�t, if it even does anything useful, and so on, but I would assume � for the world�s sake � that we can at least agree that using AI! in an application used to do very important calculations for a lot of business is a really, really dumb idea? Is the person doing the bookkeeping in Excel at Windmill Restaurant, in Spearville, Kansas, properly aware of the limitations of AI!, or are they not following technology that closely, and as such only hear the marketing and hype? A spreadsheet should give accurate outcomes based on the input given by humans. The moment you let a confabulator loose on your spreadsheet, it ceases being a tool that can be used for anything even remotely serious. The fact that Microsoft is adding this nonsense to Excel and letting it loose on the unsuspecting public at large is absolutely wild to me, and I can assure you it�s going to have serious consequences for a lot of people. Microsoft, of course, will be able to point at the disclaimer buried in some random support document and absolve itself of any and all responsibility. I�d like to point out that Lotus 1-2-3 probably still runs on Windows 11, for no reason at all.
- Why is my device a touchpad and a mouse and a keyboard?
If you have spent any time around HID devices under Linux (for example if you are an avid mouse, touchpad or keyboard user) then you may have noticed that your single physical device actually shows up as multiple device nodes (for free! and nothing happens for free these days!). If you haven�t noticed this, run libinput record and you may be part of the lucky roughly 50% who get free extra event nodes. ↫ Peter Hutterer I�ve honestly always wondered about this, since some of my laptops shows both a trackpad and a mouse configuration panel even when there�s no mouse plugged in. Thanks to this article, I now know why this happens.
- What if the files you haven�t opened in a year just0 Disappeared?
There�s a ton of cloud operating systems! out there, which basically are really fancy websites that try to look and feel like an operating system. There�s obviously a ton of skill and artistry involved in making these, but I always ignore them because they�re not really operating systems. And let�s be honest here � how many people are interested in booting their PC, loading their operating system, logging in, starting their browser, and logging into a website to see a JavaScript desktop that�s slower and more cumbersome than what they are already using to power their browser anyway? Still, that doesn�t mean they can�t have any interesting ideas or other aspects worth talking about. Take OS Yamato for instance; yes, it�s one of those cloud operating systems, this time aimed at your mobile device, but it has something interesting that stood out to me. The system is partly ephemeral, and objects that haven�t been altered or opened in a year will simply be deleted from the system. Each data object (note, photo, contact…) includes a lastOpenedAt timestamp. After 330 days, it shows a icon — a sign of digital wilting. After 365 days, it’s automatically deleted. ↫ OS Yamato GitHub page The project definitely sounds more like an art installation than something anybody is supposed to seriously use in their day-to-day lives, and seems to ask the question: just how important are all those digital scraps you collect over the years, really? If you haven�t bothered to open something in a year, is it really worth saving? For instance, from the moment I started my translation career in 2011 up until I quit in 2024, I saved every single translation I ever made, neatly organized in folders, properly backed up to multiple locations. I still have this archive, still make sure it�s safe, but I never actually use it for anything, never open a single one of the files, I honestly don�t even really care that much about it. So why am I still wasting so much energy in keeping it around? That seems to be the question OS Yamato poses, and there�s something to be said for being less anal about which digital scraps we keep around, and why. It hasn�t convinced me � yet � to delete my translation archive or perform any other pruning, but it did plant a seed.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
- VirtualBox 7.2 Has Arrived
With early support for Linux kernel 6.17 and other new additions, VirtualBox 7.2 is a must-update for users.
- Linux Hits an Important Milestone
If you pay attention to the news in the Linux-sphere, you've probably heard that the open source operating system recently crashed through a ceiling no one thought possible.
- Plasma Bigscreen Returns
A developer discovered that the Plasma Bigscreen feature had been sitting untouched, so he decided to do something about it.
- Fedora Continues 32-Bit Support
In a move that should come as a relief to some portions of the Linux community, Fedora will continue supporting 32-bit architecture.
- ONLYOFFICE v9 Embraces AI
Like nearly all office suites on the market (except LibreOffice), ONLYOFFICE has decided to go the AI route.
|
