All the News that Matters

• Ubuntu 26.04 LTS libcrypt-saltedhash Important Salt Weakness USN-8418-1
  Crypt-SaltedHash incorrectly generated random numbers.

• Debian libinput Important Local Privilege Escalation Vuln DSA-6339-1
  It was discovered that a udev helper provided by libinput, a input device management and event handling library, performed insufficient sanitising of device properties, which can result in local privilege escalation in some setups. For the oldstable distribution (bookworm), this problem has been fixed

• Debian libdbi-perl Critical Denial of Service Code Exec DSA-6338-1
  Two vulnerabilities were discovered in libdbi-perl, a Perl framework that provides a common interface to access various backend databases in a uniform manner, which may result in denial of service, or potentially the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed

• Mageia 9 RoundCube Webmail Critical Security Issues CVE-2026-48849
  Security update

• Fedora 43 xmlstarlet Important XML Entity Issue Fix FEDORA-2026-3c78c99467
  Fixes XML external entity vulnerability. For more information, refer to https://src.fedoraproject.org/rpms/xmlstarlet/pull-request/4.

• Fedora 43 Rust 1.96.0 Update with New Features and CVEs
  Update to Rust 1.96.0: New Range* types Assert matching patterns Changes to WebAssembly targets Stabilized APIs

• Fedora 44 httpd 2.4.68 Important Security Issues Advisory 2026-d4136fe979
  new version 2.4.68 fixes various security issues

• Fedora 44 XMLStarlet Critical XML Entity Issue Vuln 2026-dbf44e0b72
  Fixes XML external entity vulnerability. For more information, refer to https://src.fedoraproject.org/rpms/xmlstarlet/pull-request/4.

• Oracle Linux 8 libyang Important DoS Threat ELSA-2026-24545
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• Debian Chromium Critical Code Execution Information Disclosure DSA-6337-1
  Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 149.0.7827.102-1~deb12u1.

• Oracle Linux 8 Kernel Significant Vulnerability Remediation ELSA-2026-50306
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• Debian jackson-core Important DoS Attack Risk DSA-6336-1 CVE-2025-52999
  A flaw was discovered in jackson-core, a fast and powerful JSON library for Java, which may allow an attacker to cause a denial of service by using deeply nested JSON data. Please note that related and complementary jackson-* packages like jackson- databind or jackson-dataformat-smile had to be upgraded as well in

• Oracle Linux 8 kernel Important Mitigation CVE-2025-10263 ELSA-2026-50305
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• openSUSE Kubernetes 1.27 Faces Significant Denial of Service Vulnerability
  An update that solves two vulnerabilities and has one security fix can now be installed.

• openSUSE Kubernetes Important DDoS Fix CVE-2026-33814 2026-2340-1
  An update that solves two vulnerabilities and has one security fix can now be installed.

• openSUSE Kubernetes Important Denial of Service Update 2026-2342-1
  An update that solves two vulnerabilities can now be installed.

• openSUSE Kubernetes Significant Denial of Service Risk Issue 2026-2343-1
  An update that solves two vulnerabilities and has one security fix can now be installed.

• openSUSE Kubernetes Critical Denial of Service Fix Advisory 2026-2344-1
  An update that solves two vulnerabilities and has one security fix can now be installed.

• openSUSE Kubernetes Important Denial Of Service Issues SUSE-2026-2345-1
  An update that solves two vulnerabilities and has one security fix can now be installed.

• SUSE 2026-2347-1 google-osconfig-agent Critical Issue Bypass CVE-2026-33186
  An update that solves one vulnerability can now be installed.

• SUSE google-cloud-sap-agent Important DoS Issue Fixed 2026-2348-1
  An update that solves one vulnerability and has one security fix can now be installed.

• SUSE Wicked Critical Command Injection Repair Notice 2026-2349-1
  An update that solves one vulnerability can now be installed.

• SUSE Linux 12 SP5 Important Update for wicked CVE-2026-44932
  An update that solves one vulnerability and contains one feature can now be installed.

• openSUSE Important Wicked Remote Command Injection Advisory 2026-2353-1
  An update that solves one vulnerability and contains one feature can now be installed.

• openSUSE Kubernetes 1.27 Major Denial of Service Fix CVE-2026-2339-1
  An update that solves two vulnerabilities and has one security fix can now be installed.

• openSUSE 15.5 Kubernetes 1.23 Important DoS Vulnerability 2026-2340-1
  An update that solves two vulnerabilities and has one security fix can now be installed.

• openSUSE 15.6 Kubernetes Important DoS Infinite Loop Vuln 2026-2342-1
  An update that solves two vulnerabilities can now be installed.

• openSUSE 2026-2354-1 Wicked Important Remote Command Injection
  An update that solves one vulnerability and contains one feature can now be installed.

• openSUSE 2026-2345-1 kubernetes1.25 Important DoS HTTP/2 Infinite Loop
  An update that solves two vulnerabilities and has one security fix can now be installed.

• openSUSE Kubernetes Important Issues Denial of Service SUSE-SU-2026-2343-1
  An update that solves two vulnerabilities and has one security fix can now be installed.

• Oracle Linux 8 frr Important Fix for CVE-2026-37457 ELSA-2026-24340
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• openSUSE Leap 15.5 Wicked Important Indirect Shell Injection CVE-2026-44932
  An update that solves one vulnerability and contains one feature can now be installed.

• openSUSE 15.4 openCryptoki Moderate Info Disclosure DoS Vuln 2026-2355-1
  An update that solves one vulnerability can now be installed.

• openSUSE kubernetes1.28 Important DoS Vulnerabilities Fix 2026-2344-1
  An update that solves two vulnerabilities and has one security fix can now be installed.

• openSUSE Wicked Important Remote Command Injection Vuln 2026-2354-1
  An update that solves one vulnerability and contains one feature can now be installed.

• openSUSE 2026-2355-1 openCryptoki Moderate Data Leakage Denial of Service
  An update that solves one vulnerability can now be installed.

• Oracle Linux Important Kernel Update ELSA-2026-50304 CVE-2025-10263
  The following updated rpms for have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 8 ELSA-2026-24365 Unbound Important Security Advisory
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 9 ELSA-2026-50304 Major Kernel Security Update Available
  The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 10 Nodejs24 Important Security Update ELSA-2026-7675
  The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 7 Kernel Important Security Fix ELSA-2026-50306
  The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 8 Kernel Important Update ELSA-2026-50306 CVE-2025-10263
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 9 ELSA-2026-50305 Kernel Important Update CVE-2025-10263
  The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

• Ubuntu 24.04 8409-1 Uriparser Important Denial of Service
  uriparser could be made to crash if it received specially crafted input.

• Ubuntu 20.04 Samba Serious DoS RCE Vulnerability USN-8306-2 Advisory
  Several security issues were fixed in Samba.

• Mageia 9 OpenSSH Important Command Execution Risk Advisory 2026-0193
  Security update

• Mageia 9 Postfix Important Buffer Over-read Vuln 2026-0192 CVE-2026-43964
  Security update

• SUSE Linux Enterprise Micro Important Kernel Security Advisory 2026-2331-1
  An update that solves 13 vulnerabilities can now be installed.

• Ubuntu 8419-1 libhttp-daemon-perl Important Remote Code Exec USN-8419-1
  HTTP-Daemon could be made to run programs if it received specially crafted network traffic.

• openSUSE Kernel Important Security Fix June 2026-2332-1
  An update that solves eight vulnerabilities can now be installed.

• Linux's KVM Preps For APX Support In VMs
  Among the Kernel-based Virtual Machine (KVM) work being queued ahead of the upcoming Linux 7.2 merge window are preparations for supporting Advanced Performance Extensions within KVM virtual machines...

• Linux 7.2 To Enable ESWIN SoC Support By Default For RISC-V Kernel Builds
  An important one-liner is set to come for Linux 7.2 to enable ESWIN SoC support by default for RISC-V kernel builds. This change will allow default RISC-V kernel builds in turn to boot on the likes of SiFive's HiFive Premier P550 developer board...

• COSMIC 1.0.16 Desktop Adds OpenRC Support for Bluetooth Service Management
  Linux hardware vendor System76 released COSMIC 1.0.16 today as the latest stable update to this Rust-based desktop environment for Pop!_OS Linux and other GNU/Linux distributions.

• TrueNAS Becomes Red Hat OpenShift Certified for Kubernetes Storage
  TrueNAS is now OpenShift certified, bringing enterprise Kubernetes storage support through its new official CSI driver.

• Linux Foundation's Latest AI Effort Is Around AI Asset & Data Exchange
  The Linux Foundation continues working to get more involved in new AI initiatives. Today the Linux Foundation announced the OpenSharing Project with an effort to standardize AI asset and data exchange...

• Let’s Encrypt Certificate Rules Now Include U.S. Sanctions Warranties
  Let’s Encrypt now requires certificate subscribers to confirm they are not covered by comprehensive U.S. sanctions or restricted-party rules.

• NVIDIA Engineer Devises Patch To Significantly Reduce GCC Bootstrap Time
  NVIDIA engineer Kyrylo Tkachov posted a patch for testing yesterday to significantly reduce the amount of time it takes the GNU Compiler Collection (GCC) for conducting a native bootstrap. The time spent in the configure process for native GCC builds is reduced by around 43% while the overall bootstrap wall time is lowered by around 15%...

• AM62x PRU Academy goes live for BeaglePlay and PocketBeagle 2
  Texas Instruments and BeagleBoard.org have announced that the AM62x and AM26x PRU Academy is now available, adding new learning material for developers working with BeaglePlay and PocketBeagle 2.   The PRU, or Programmable Real-Time Unit, is a deterministic 32-bit RISC core found in several TI Sitara and Jacinto devices. It is designed for low-latency I/O […]

• Ubuntu MATE Missed 26.04 LTS, But a New Team Is Keeping It Alive
  Ubuntu MATE did not ship a 26.04 LTS ISO, but the desktop remains in Ubuntu’s repositories, and a new team is involved.

• Fwupd 2.1.5 Linux Firmware Updater Released with Support for Elan Touchscreens
  Fwupd developer Richard Hughes released fwupd 2.1.5 today as a new stable update in the fwupd 2.1 series of this open-source project for updating and managing the firmware of various hardware on your Linux distribution.

• Linux Firmware Repository Preps For AI Coding Agents
  The linux-firmware.git repository that serves as the de facto home of all the binary blobs used by the mainline Linux kernel open-source drivers has now introduced AGENTS.md documentation and other preparations for embracing AI coding agents...

• The EU Cyber Resilience Act, and Why You Can't Do Things From Behind a Desk!
  Flock to Fedora is more than a conference – it’s where the Fedora community comes alive. As part of the In the CommitHistory campaign, we sat down with confirmed Flock 2026 speakers to hear their stories: what brought them to Fedora, what Flock means to them personally, and what they’re hoping for in Prague this […]

• Alpine Linux 3.24 Improves Installer Experience, Adds COSMIC Desktop Option
  Alpine Linux, the Linux distribution popular especially for containers / micro-services and embedded devices, is out with its newest feature release...

• Debian 12 Bookworm Moves to LTS, Extending Security Support to 2028
  Debian 12 Bookworm moves into long-term support, giving servers and desktops two more years of security coverage until mid-2028.

• Vortex 3.0 Released As Full-Stack, Open-Source RISC-V GPU Now With 3D Pipeline
  The open-source developers at Georgia Tech working on Vortex as an OpenCL-compatible RISC-V GPGPU implementation are out with their next major release for this open-source GPU design...

• Lightweight Pragtical Code Editor Adds SDL GPU Backend
  Pragtical, the lightweight open-source code editor that prides itself on using just ~50MB of RAM and ~10MB of disk space while being a full-featured code editor, is tacking on more features. Most notable with the new Pragtical release is adding an SDL-based GPU back-end for this MIT-licensed editor...

• AOMedia Officially Releases AV2 Codec After First 1.0 Milestone
  AOMedia formally announces AV2, following its first 1.0 release, with better compression, multi-view video, and early ecosystem work.

• Asterinas 0.18 Released For Rust-Written, Memory Safe Linux Alternative OS
  In addition to Redox OS continuing to evolve quite nicely for that from-scratch, Rust-based open-source OS, Asterinas OS is also continuing to move forward for that Rust-based operating system striving for Linux compatibility...

• Alpine Linux 3.24 Released with GNOME 50, KDE Plasma 6.6, and COSMIC Desktops
  The Alpine Linux team announced today the release and general availability of Alpine Linux 3.24 as another major update to this independent and security-oriented Linux distro.

• Linux Sees Patches For "Critical" Vulnerability Affecting Many Arm CPUs
  Made public today is CVE-2025-10263 as a "critical" security vulnerability affecting many different Arm CPU cores. CVE-2025-10263 could allow for privilege escalation on affected systems due to a specific timing condition during a memory permission change. Fundamentally it comes down to completion of affected memory accesses might not be guaranteed by the completion of a TLBI...

• Humans Prefer To Walk Anticlockwise, Scientists Find
  fjo3 shares a report from The Guardian: Tests reveal that when people are ambling about, they have a natural tendency to turn to the left and walk in an anticlockwise direction. "If you simply ask someone to start walking, whether they are wandering around a museum, a supermarket, or even an empty room, it is surprisingly likely that they will drift counterclockwise," said Dr Inaki Echeverria Huarte at University of Navarra in Spain. As with many critical discoveries in science, the revelation owes a debt to serendipity. During the pandemic, the researchers ran experiments to see how many people could share a space while keeping a safe distance. On reviewing the video, they noticed that crowds overwhelmingly walked in an anticlockwise direction. The surprise set in motion an entire research project. The scientists conducted a series of experiments in which individual pedestrians or small crowds roamed around enclosed spaces. Time and again, the researchers observed the tendency to walk in an anticlockwise direction. Suspecting that cultural norms might play a role, the team joined forces with Dr Claudio Feliciani at the University of Tokyo. He found the same results in Japan. The finding held when the researchers accounted for people being right-handed, right-footed and right-eye dominant, and was seen in both male and female walkers. The only difference they spotted was a more pronounced bias in children. "Each of us carries a small personal bias to turn slightly to one side, and when many people share a space, those tiny biases add up into a net counterclockwise rotation," said Echeverria Huarte. Researchers think the tendency may be tied to biomechanics: people are not perfectly symmetrical, and the way the brain processes sensory information and coordinates muscles may gently tip walkers toward one side. Right-side dominance may also play a role, especially in running, where anticlockwise movement puts more internal force on the right side of the body and may feel more natural to right-leg-dominant athletes. "We have tested several ideas and the bias stubbornly keeps showing up, so the exact mechanism is still an open question," said Echeverria Huarte. The findings have been published in Nature Communications.
  
  
  Read more of this story at Slashdot.
  

• Solar Beats Coal In the US For the First Month Ever
  An anonymous reader quotes a report from Electrek: Solar generated more U.S. electricity than coal for the first month on record in May 2026, according to new analysis from global energy think tank Ember. Solar supplied 12.8% of U.S. electricity during the month, while coal dropped to 12.2%. That's a dramatic shift in the U.S. power mix. Just five years ago, coal generated 19.7% of U.S. electricity in May, while solar accounted for only 5.4%. U.S. solar generation hit a record 45.5 terawatt-hours (TWh) in May 2026, up 17% from May 2025 and higher than the previous record set last July. Ember says another record could be broken again this summer. Solar output usually peaks in June or July, but its share of the electricity mix is often highest in spring, when strong sunshine lines up with milder temperatures before summer cooling demand ramps up. May was also the first time solar became the third-largest individual source of electricity in the U.S., behind only natural gas and nuclear. (If solar is included with all other renewables, then they're the second-largest source of electricity as an overall category of electricity.) Meanwhile, coal keeps sliding (and will continue to slide). Coal generation hit an all-time monthly low of 39.3 TWh in April 2026. Output rose slightly in May to 43.4 TWh, but it was still 11% lower than May 2025 levels. Even with that small rebound, coal couldn't keep pace with solar's rapid growth.
  
  
  Read more of this story at Slashdot.
  

• Microsoft Defender 'RoguePlanet' Zero-Day Grants SYSTEM Privileges
  A researcher using the name Nightmare Eclipse has released a new Microsoft Defender zero-day exploit called "RoguePlanet," which reportedly works on fully patched Windows 10 and 11 systems and can spawn a command prompt with SYSTEM privileges through a Defender race condition. The release came just hours after Microsoft fixed two previously disclosed flaws during its latest monthly Patch Tuesday drop -- its largest Patch Tuesday release ever. BleepingComputer reports: The researcher shared a proof-of-concept exploit on Tuesday afternoon in a self-hosted Git repository after saying that GitHub and GitLab repositories hosting their exploits had previously been removed by Microsoft. "The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others," Nightmare Eclipse wrote in the repository. [...] Cybersecurity firm ThreatLocker told BleepingComputer that they successfully reproduced the flaw in their testing and confirmed the exploit worked against fully patched Windows 11 systems with KB5094126 installed, and shared a video demonstrating it. "Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described. Organizations using application allowlisting can prevent the exploit from executing, providing an effective layer of protection against this attack," Danny Jenkins, CEO of ThreatLocker, told BleepingComputer. According to Nightmare Eclipse, RoguePlanet was originally developed as a remote code execution vulnerability that exploited Microsoft Defender's handling of files hosted on remote SMB shares. "In initial development, it was confirmed that this vulnerability was a remote code execution," the researcher explained in a blog post. "It required an attacker to coerce a victim to open a .vhd(x) in a remote SMB server, succesful exploitation resulted in defender overwriting its own files and obviously the end outcome was an RCE." The researcher says another attack scenario could lead to remote code execution simply by coercing a victim into opening an SMB share if symlink evaluation settings were enabled. However, the researcher claims Microsoft silently hardened Defender in mid-May by patching "mpengine!SysIO*" API, which blocked junction attacks. "Rewriting RoguePlanet to make it functional again drained my soul and I couldn't complete the other scenarios and for now it remains unclear if RoguePlanet is limited to LPE or there is some sort of way to turn it into an RCE," the researcher wrote.
  
  
  Read more of this story at Slashdot.
  

• Visa Plugs Its Payment Network Into ChatGPT
  Visa is integrating its payment network with ChatGPT so AI agents can shop and complete purchases on users' behalf. "It means AI agents can not only recommend products but complete the purchase on the user's behalf, at potentially any merchant that accepts Visa," reports the Associated Press. "The payment network's previous attempts at this technological leap were confined to a single retailer or a small set of enrolled merchants." From the report: OpenAI will provide the technology to allow agents to interact, make decisions and initiate purchases through ChatGPT. Visa, the world's largest payment network outside of China, will provide the payment authorization and fraud monitoring needed to do this at scale. "As AI agents become active participants in the economy, Visa's focus is to ensure transactions are trusted, secure and seamless," said Jack Forestell, chief product and strategy officer at Visa. Speaking at a company event Wednesday in San Francisco Wednesday, Forestell gave an example of a customer telling ChatGPT they're looking for a pair of wireless headphones under $150. The chatbot would find a pair for sale under those parameters and buy it on behalf of the customer. Visa and OpenAI did not disclose the financial terms of the collaboration and did not give details on the fees merchants or customers would have to pay. [...] Visa says the feature will have guardrails like spending limits, required approval steps and approved merchants for shopping in order to protect consumers and minimize fraud.
  
  
  Read more of this story at Slashdot.
  

• Valve Discontinues Physical Steam Gift Cards Due To Scammers
  Valve is discontinuing physical Steam Gift Cards and says it will stop restocking them as retailers sell through remaining inventory. In a blog post, the company blamed persistent gift card scams as the reason, though Steam Digital Gift Cards will remain available and existing physical cards can still be redeemed. PC Guide reports: Valve says it has "responded to gift card scams over the years" -- but this doesn't stop scammers from adapting. The Steam creator has actively worked with retailers and law enforcement, among other precautions, to counteract scams, but says the issue can never be fully resolved. Steam Digital Gift Cards will continue to operate as normal.
  
  
  Read more of this story at Slashdot.
  

• Threats Against Politicians Tripled After Meta Changed Its Speech Rules
  An anonymous reader quotes a report from Wired: Last year, Meta radically overhauled the rules around what content it would allow on its platforms. The company claimed that its own efforts policing speech had gone too far and that it would relax the rules around what speech was allowed. "We have been over-enforcing our rules, limiting legitimate political debate and censoring too much trivial content and subjecting too many people to frustrating enforcement actions," Joel Kaplan, Meta's chief global affairs officer, wrote in a blog post at the time. Over a year later, new research from the Center for Countering Digital Hate (CCDH) shows the immediate impact of these changes. The researchers analyzed about 8 million Facebook comments and found that abusive and racist comments targeting both Republican and Democrat lawmakers tripled in the six months after the new rules were put in place. Some categories of abusive comments documented by the researchers saw even sharper rises, with violent threats and hate speech quadrupling during the same period. The report cites specific examples of gendered and racist abuse directed at lawmakers like US representatives Jasmine Crockette of Texas and Byron Daniels of Florida. These comments were not taken down by Meta. The CCDH researchers also found that threats against President Trump more than doubled in the six months after Meta overhauled its rules. Many of the comments, which included direct threats to his life, could have been classified as felony offenses, the researchers say. [...] Comments that violated Meta's policies around violent threats quadrupled, from 1,800 in the six months before the changes to 7,600 in the six months after. Hate speech comments also quadrupled, from 6,900 to 30,000. Comments that broke Meta's rules on bullying and harassment doubled, from 15,700 to 39,900.
  
  
  Read more of this story at Slashdot.
  

• BYD To Install Thousands of 5-Minute EV Chargers Across Europe
  BYD plans to install 3,000 ultra-fast "Flash Chargers" across Europe by the end of 2027, with the first stations already appearing in Germany and the UK. The Verge reports: At an estimated cost of 580,000 euros (about $670,000) per charger according to the Financial Times, that would mean a total spend of roughly $2 billion to install the network. The 1,500kW charging stations are significantly more powerful than Tesla's 500kW V4 Superchargers, though Tesla already has 20,000 chargers installed in Europe. BYD, which has been steadily overtaking Tesla in global sales, says its chargers shouldn't add undue strain to the energy grid, as they'll charge cars from batteries which can be topped up overnight. Any car with a standard CCS charge port can use the Flash Chargers, though only BYD cars equipped with the company's new Blade Battery can hit the top speeds. Right now there's only one of those in Europe, the 115,000 euros ($133,000) Denza Z9 GT -- it charges to 70 percent in five minutes on the new chargers.
  
  
  Read more of this story at Slashdot.
  

• macOS 27 Beta Boots Asahi Linux Off Apple Silicon
  The Asahi Linux team is warning Apple Silicon users not to upgrade to the macOS 27 beta because Apple's changes to the boot picker and Startup Disk app make Asahi partitions invisible, preventing Linux from booting. The Register reports: The team added: "If you insist on trying out macOS 27 as soon as possible, please ensure you install a secondary copy of macOS 26 first, or install macOS 27 itself on a secondary volume." They've also updated the installer to prevent installs from running on macOS 27 for now. For anyone who ignored all of the above, "we will not support users who have installed the macOS 27 beta without ensuring at least one stable version of macOS is installed." Considering macOS 27 is in beta, the issue may be accidental rather than an attempt by Apple to block Linux on its hardware. The Asahi team said it has filed bug report. The good news for anyone who pulled the trigger on installing the macOS 27 beta is that although the partition might not be visible, it hasn't gone anywhere. The Asahi team wrote: "If you have already upgraded to the beta and noticed that your Asahi partition has disappeared, do not stress. Your Asahi partition is still there, and you have not lost any data."
  
  
  Read more of this story at Slashdot.
  

• German Court Holds Google Liable For False AI Overview Answers
  A Munich regional court has ruled (PDF) that Google can be held directly liable for false claims in AI Overviews. The case involved AI Overviews falsely linking two publishers to scams and shady business practices, with the court rejecting Google's argument that users could simply check the sources themselves. The Decoder reports: Google's AI overviews work nothing like traditional search results, the court argues. The AI rewrites and judges results "in its own words and according to its own structure," the ruling says. In the case at hand, for example, it opened with confident claims like "Yes, [company] is known for dubious business practices," then built its own structure with a summary, red flags for the alleged scam, and tips for users. The court also found that the AI overview made claims "that are not even made in the search results." None of the linked sources drew any connection between the plaintiffs and the shady companies the AI mentioned. The court called these "the defendant's own statements." Google built the AI, Google offered it to users, so Google owns what it produces, "because it alone has influence over the AI's offering and the algorithms with which the AI operates." The court also examined existing rulings from Germany's Federal Court of Justice (BGH), which gave traditional search engines and autocomplete limited liability. The BGH had argued that search engine operators were only liable as indirect infringers because they merely made third-party content findable. A proactive duty to check results would threaten how search engines work. The Munich court found that this reasoning doesn't apply to AI overviews. A regular search engine just points to outside websites. But AI overviews generate "independent, new, and substantive statements" by evaluating and combining content from various third-party sites. And only Google can check those statements, the court said, "at least by comparing the underlying third-party websites with its own statements based on them." The court also noted that the AI overview is "by no means absolutely necessary" for using the internet. Traditional search results already help users sort through information, the AI overview is just an extra feature. At the hearing, Google argued that users could check the linked sources themselves to verify if the AI summary was correct. It also said that these users knew "that information generated with AI should not be blindly trusted." The court rejected this.
  
  
  Read more of this story at Slashdot.
  

• Seattle Enacts Year-Long Ban On New AI Datacenters
  Seattle has enacted a one-year moratorium on new datacenters, making it the largest U.S. city to do so as the backlash against AI infrastructure grows across the country. The city council voted unanimously in favor of the ban. The Guardian reports: Lawmakers have framed the pause as an opportunity to draft regulations specifically targeting the electricity-hungry datacenters being built nationwide to serve the AI sector, and to protect local residents from environmental risks and rising electricity bills. According to Seattle mayor Katie Wilson, the moratorium will also let city officials determine whether datacenters are a "good use of urban land," and potentially impose new stipulations on their approval, such as requiring developers to invest in local transit and housing initiatives in exchange for construction permits. "There are times when public pressure forces elected officials to do something they don't want to do, but in other cases, public pressure just supports and helps to spur on elected officials to do things that they already want to do," said Wilson. "I think this was one of those latter cases." [...] An amendment to the moratorium that passed unanimously last week allows existing datacenters in Seattle to apply for expansions requiring up to 20 megawatts of additional power during the year-long pause. Activists are concerned that the provision may lead to a spike in datacenters' demand for power while the moratorium is in place, and may undermine the premise of the pause. Lawmakers justified the amendment as a way to differentiate between the datacenters that already exist in Seattle and serve a civic purpose, like those powering health facilities and emergency-call systems, from large-scale centers designed to serve the AI sector.
  
  
  Read more of this story at Slashdot.
  

• Microsoft Smashes Record For Biggest Ever Patch Tuesday Update
  An anonymous reader quotes a report from ComputerWeekly: Microsoft has issued patches for about 200 flaws in its latest monthly Patch Tuesday drop, blasting past a previous record high of almost 170 common vulnerabilities and exposures (CVEs) set in October 2025. Among a great many others, the latest update from Redmond fixes a total of 32 critical CVEs and three zero-day flaws. Dustin Childs, head of threat awareness at TrendAI's Zero Day Initiative, said: "We are heading into a high-stakes summer for cyber security. June's record-shattering drop ... is a stark warning that AI is supercharging flaw discovery at an uncontrollable scale. The current number of CVEs shipped by Microsoft this year exceeds the total number of CVEs shipped in all of 2018. It is extraordinary that Microsoft can produce so many patches in a single month, and I expect many testers are wondering what quality issues may exist." And with the addition of hundreds of CVEs in Google Chrome and Microsoft Edge (Chromium) and other third-party flaws taking the total to almost 600, Chris Goettl, vice president of security product management at Ivanti, said talk of a 'Patch Apocalypse' was no longer unwarranted. "We are in the Patch Apocalypse. The Patch Apocalypse is now," said Goettl. "This is not intended to be a scare tactic. It is meant to outline the challenge that many organizations were anticipating, but the new generation of LLMs [Large Language Models] has accelerated significantly in the first half of 2026." "There are going to be more CVEs resolved by vendors at a faster and more continuous pace than we have ever seen previously. Unfortunately, this will also include more zero-day and n-day exploits than previously seen as well. The window from release from a vendor to exploitation had already shortened to five days as of 2023 threat intelligence data." Goettl said that many suppliers have acknowledged the need to use AI tools in their security research to identify and resolve flaws, with Oracle, Google Chrome and Mozilla all upping the cadence of their updates. Whether or not Microsoft follows suit remains to be seen.
  
  
  Read more of this story at Slashdot.
  

• Commonwealth Fusion Makes the Physics Case For Its 400 MW Reactor
  Commonwealth Fusion has published five peer-reviewed papers laying out the physics case for ARC, its planned 400 MW fusion power plant, which would follow the company's smaller SPARC tokamak now under construction. The papers suggest ARC could produce more energy than it consumes using high-temperature superconducting magnets, molten-salt heat extraction, and 15-minute fusion pulses. Ars Technica reports: ARC will be a tokamak that hosts fusion between hydrogen's two heavier isotopes, deuterium and tritium. This reaction results in a helium nucleus and releases a neutron and radiation. The helium transfers heat to the plasma, maintaining the conditions needed for fusion, but it is otherwise a waste product, referred to as "ash" in the fusion context. The neutron and radiation, however, are put to use. Part of that use is simply imparting energy into a blanket of molten salt that surrounds the fusion chamber. That energy, in the form of heat, will be used to drive a turbine that produces the electricity. The molten salt includes lithium ions; when one lithium isotope absorbs a neutron, it decays into more helium, plus tritium that can be used as fuel for the reactor. There are isotopes present that will also release additional neutrons, allowing this process to generate sufficient fuel. Overall, the present design of ARC is expected to produce about 1.13 GW of fusion power, with 500 MW of that extracted as electricity. Some of that (100 MW) will be needed to power the plant's operations, leaving 400 MW to be sent to the grid. The rest of the energy is either kept in the tokamak to maintain the fusion reactions or lost due to inefficiencies in the heat and energy transfer of the system. There's a lot of uncertainty about these numbers; the 1.13 GW is just the center of a range of potential values running from 900 MW to 1.3 GW, so the 400 MW output may need to be adjusted up or down accordingly. Some of that 400 MW comes during periods where fusion is not occurring. The nuclear reactions will occur within 15-minute-long periods that will be interspersed with one minute resets. The resets are meant to be kept short enough that nothing has much of a chance to cool down before it gets heated up again -- thermal inertia will let it continue generating power. That will be one of the key differentiators with SPARC, which doesn't have the heat extraction needed to maintain stable fusion for these long time periods, and so can't maintain the near constant temperatures needed for reliable power generation. It's inevitable that parts of the device will be exposed to radiation and perhaps fusion plasma. The inner walls of the reactor will be shielded by tungsten, which will limit erosion by the conditions. Meanwhile, the vacuum vessel is designed to be replaced every one to two years. The papers note that this flexibility will allow them to make some design changes even after ARC is built. To enable this, the whole tokamak is meant to split in half for maintenance.
  
  
  Read more of this story at Slashdot.
  

• NASA Announces Astronauts For Its Artemis III Mission
  NASA has named Randy Bresnik, Luca Parmitano, Frank Rubio, and Andre Douglas as the crew for Artemis III, which has been reworked from a moon-landing mission into a roughly two-week Earth-orbit test of lunar landers being built by SpaceX and Blue Origin. NBC News reports: Randy Bresnik, Luca Parmitano, Frank Rubio and Andre Douglas are expected to launch into Earth orbit next year, with the goal of testing two commercially developed lunar landers that are slated to carry astronauts to the surface of the moon during the Artemis IV mission in 2028. Bresnik will be the mission's commander, with Parmitano, an Italian astronaut with the European Space Agency, serving as the pilot. Douglas and Rubio will be mission specialists, and Bob Hines will train with the crew as a backup member. "This test flight will enable us to prove we can carry out highly choreographed operations with our partners across hardware interfaces, software propulsion systems and life support elements with crew in the high-stakes space environment," Jeremy Parsons, NASA's Artemis program manager, said during NASA's announcement on Tuesday. Bresnik has been to the International Space Station twice, most recently as commander of an expedition in 2017. A retired U.S. Marine colonel, he was selected as a NASA astronaut in 2004. Bresnik has helped oversee development and testing of spacecraft for the Artemis program as an assistant to the chief of the Astronaut Office, which manages astronaut training and operations. Parmitano has also done two stints on the ISS and served as commander of an expedition in 2019. He has completed a total of six spacewalks and also performed the first live DJ set in orbit. Before becoming an astronaut, Parmitano was a test pilot for the Italian air force. For Rubio, a physician with 28 years of service in the Army, Artemis III will be his second trip to space. From 2022 to 2023, he spent 371 days on the space station, breaking the record for longest-duration spaceflight by an American, according to NASA. Douglas is the only crew member making his spaceflight debut. An engineer who previously worked on space exploration and robotics at Johns Hopkins University Applied Physics Lab, he became a NASA astronaut in 2022. Douglas was the backup crew member for the Artemis II mission around the moon earlier this year. He told NBC News in an interview after Tuesday's announcement that the role had at times been a challenge. "It was hard to figure out how do you balance getting ready to go, not go, all that stuff," he said. "But to go now is just fantastic."
  
  
  Read more of this story at Slashdot.
  

• FCC Wants To Kill Burner Phones By Forcing Telecoms To Get All Customers' IDs
  An anonymous reader quotes a report from 404 Media: The Federal Communications Commission (FCC) wants to make it effectively impossible for people to buy what many call burner phones -- a phone not explicitly linked to your identity at the point of purchase -- which would impact privacy-conscious people, to domestic abuse survivors, to journalists, and many more. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identification number and their physical address, alarming privacy advocates and civil rights activists who compare the measures to those from authoritarian countries where it can be difficult to buy a mobile phone plan without giving up your identity. The proposed change would drastically shake up how people obtain phone plans in the U.S., and have all sorts of privacy and cybersecurity knock-on effects. The FCC is proposing the data collection partly as a way to combat scammers, with telecoms being required to collect other information on business and foreign customers like the intended use case of their bulk phone plan purchase and their IP address. But the changes would mean telecoms collect data on all new and renewing customers, and the FCC provides a long list of other things that the collected data could help authorities with. In a synopsis of the proposed changes, the FCC writes, "Specifically, we seek comment on requiring originating providers to, at a minimum, obtain and retain the name, physical address, government issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services." The goal of collecting this data, the FCC writes, is to deter some scammers from getting onto a telecom network in the first place, and so "enforcers will be better able to identify the scammers when they do." The FCC compares the changes to the sort of data collected by banks to prevent money laundering. One section stresses that the newly collected data would help "law enforcement to more easily identify callers that use the network to perpetuate crimes by ensuring that voice providers have accurate and complete customer information." It goes on to ask if the data would help identify people buying and selling illicit goods; the investigation of "fraud, espionage, or influence operations that undermine national security", and "address abuse in text messaging networks." "Criminals continue to leverage the anonymity provided by phone calls and texts to defraud Americans and exploit communications networks to further other crimes," one section reads. "For decades, civil libertarians have looked overseas at authoritarian countries where the government requires people to register to get a mobile phone to ensure they can be tracked. We never thought that would happen here," Jay Stanley, senior policy analyst at the American Civil Liberties Union's (ACLU) Speech, Privacy, and Technology Project told 404 Media in an email. "But make no mistake: with this rulemaking, the government is contemplating taking away people's ability to get a burner phone, which will hurt low-income people, domestic violence victims, and anyone else who cares about their privacy."
  
  
  Read more of this story at Slashdot.
  

• US Labels BYD, Baidu, Alibaba and Other Tech Giants As Aiding China's Military
  The Pentagon has added Alibaba, BYD, Baidu, Unitree, and other Chinese companies to its list of firms it says support China's military, barring them from U.S. defense contracts. The companies and China's embassy deny the allegations. The Associated Press reports: Created in 2021 by a congressional mandate, the list (PDF) seeks to identify Chinese companies that the Pentagon considers to have links to the Chinese military -- not only those directly controlled by the Chinese military and security forces but also those contributing to the country's defense industrial base. When updating the list last year, the Pentagon said the Chinese military sought to acquire advanced technologies and expertise developed by Chinese companies, universities and research programs that "appear to be civilian entities." The Chinese Embassy on Monday accused the U.S. of "overstretching the concept of national security and making discriminatory lists to go after Chinese companies." It said Chinese companies observe the laws and regulations of the countries where they do business. "The U.S. should stop its wrong practice and create a fair, just and non-discriminatory environment for Chinese companies," the embassy said in a statement. [...] The Chinese Embassy on Monday accused the U.S. of "overstretching the concept of national security and making discriminatory lists to go after Chinese companies." It said Chinese companies observe the laws and regulations of the countries where they do business. "The U.S. should stop its wrong practice and create a fair, just and non-discriminatory environment for Chinese companies," the embassy said in a statement.
  
  
  Read more of this story at Slashdot.
  

• Implementing Secure Zero-Touch Provisioning in AI and Edge Infrastructure
  By Juha Holkkola, FusionLayer Group How DHCP Changed Connectivity In the late 1990s, the DHCP (Dynamic Host Configuration Protocol) quietly catalyzed a revolution in digital connectivity. Before DHCP was introduced, connecting devices to a network involved manual entry of IP addresses, DNS servers, subnet masks, and gateways. Networks were fragile, prone to errors, and severely [0]
  
  The post Implementing Secure Zero-Touch Provisioning in AI and Edge Infrastructure appeared first on Linux.com.
  

• From DHCP to SZTP – The Trust Revolution
  By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
  
  The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
  

• Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship
  Sustaining a Core Part of the Linux Ecosystem The Linux Foundation has announced a second year of sponsorship for the ongoing maintenance of the Linux manual pages (man-pages) project, led by Alejandro (Alex) Colomar. This critical initiative is made possible through the continued support of Google, Hudson River Trading, and Meta, who have renewed their [0]
  
  The post Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two
  In Part One of this series, we examined how the SONiC control plane and the VPP data plane form a cohesive, software-defined routing stack through the Switch Abstraction Interface.` We outlined how SONiC’s Redis-based orchestration and VPP’s user-space packet engine come together to create a high-performance, open router architecture. In this second part, we’ll turn [0]
  
  The post Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One
  The networking industry is undergoing a fundamental architectural transformation, driven by the relentless demands of cloud-scale data centers and the rise of software-defined infrastructure. At the heart of this evolution is the principle of disaggregation: the systematic unbundling of components that were once tightly integrated within proprietary, monolithic systems.` This movement began with the separation [0]
  
  The post Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One appeared first on Linux.com.
  

• Kubernetes on Bare Metal for Maximum Performance
  When teams consider deploying Kubernetes, one of the first questions that arises is: where should it run? The default answer is often the public cloud, thanks to its flexibility and ease of use. However, a growing number of organizations are revisiting the advantages of running Kubernetes directly on bare metal servers. For workloads that demand [0]
  
  The post Kubernetes on Bare Metal for Maximum Performance appeared first on Linux.com.
  

• How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM
  This article was contributed by Vedrana Vidulin, Head of Responsible AI Unit at Intellias (LinkedIn). As AI becomes central to smart devices, embedded systems, and edge computing, the ability to run language models locally — without relying on the cloud — is essential. Whether its for reducing latency, improving data privacy, or enabling offline functionality, local AI [0]
  
  The post How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM appeared first on Linux.com.
  

• Automating Compliance Management with UTMStacks Open Source SIEM 8 XDR
  Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth. Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions [0]
  
  The post Automating Compliance Management with UTMStacks Open Source SIEM & XDR appeared first on Linux.com.
  

• A Simple Way to Install Talos Linux on Any Machine, with Any Provider
  Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence [0]
  
  The post A Simple Way to Install Talos Linux on Any Machine, with Any Provider appeared first on Linux.com.
  

• Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
  OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
  
  The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
  

Engadget"Engadget - Technology News & Expert Reviews"

• YouTube expands direct messaging to the US
  YouTube is testing DMs in its mobile app, and US is now part of the experiment.

• OpenAI says fake accounts from China tried to turn Americans against data centers
  OpenAI has published a report detailing how China-linked influence campaigns against data centers used ChatGPT.

• Windows 11 sucks slightly less now, thanks to a June update
  The update brings a low-latency profile, speeds up search, and patches hundreds of flaws.

• Xbox CEO says current margins 'cannot continue' in public letter to staff
  The more things change, the more they stay the same.

• Canada announces bill banning social media for anyone under 16
  The regulation also imposes new safety expectations on 9AI chatbot services.9

• Valve will stop producing physical Steam gift cards because of scammers
  The never-ending problem of scammers has made Valve decide to stop producing Steam gift cards.

• A Fable deep dive video shows off the RPG's compelling life sim system
  The delayed Fable reboot is coming to Xbox Series X/S, PS5 and PC on February 23.

• Alien: Isolation 2 keeps the classic horror game's uncompromising approach to raising tension
  We played the opening prologue of the horror sequel, and it9s still got ways to bring the scares.

• Amazon's 'Story So Far' feature is finally rolling out to Kindles
  Amazon9s 4Story So Far4 feature is hitting Kindle hardware and the iOS app, but sadly not the Android version just yet.

• Take a deep look at Halo: Campaign Evolved before it launches next month
  This remake of the first Halo game9s hits consoles on July 28.

• You can personalize your Instagram algorithm now — unless you want to see more posts from accounts you follow
  Instagram has expanded its algorithm personalization features to its main feed.

• Ubisoft reportedly shuts down more studios and lays off staff in Barcelona and San Francisco
  Ubisoft is reportedly trying to cut costs without leaving key franchises like Rainbow Six: Siege in the lurch with a new round of layoffs.

• After Belfast riots, UK reminds social platforms they're obligated to remove hateful content
  The UK9s communications regulator has reminded social media platforms they have a duty to minimize hateful content, not encourage it.

• Final Fantasy 16 headlines the PlayStation Plus Game Catalog additions for June
  Sony is starting to spread its PS Plus Game Catalog updates throughout the month.

• Engadget Podcast: WWDC 2026 thoughts from Apple Park
  We dive into our initial thoughts on Siri AI and Tim Cook9s legacy.

• German court holds Google liable for false AI Overview answers
  A recent study found that Google9s AI Overviews regularly provide incorrect information and contain facts not supported by cited sources.

• Honor Magic V6 review: A mechanical marvel
  There9s a lot of impressive engineering inside Honor9s Magic V6, but it9s let down by software that desperately needs polish.

• Gemini in Chrome expands further to Latin America and the Middle East
  Gemini in Chrome continues to roll out and has now landed in Latin America, the Middle East and Africa.

• Saw: Genesis looks the most fun when you're the murderous mastermind
  Get ready to wince. 

• Microsoft Office 2019 for Mac will become read-only next month
  Microsoft Office 2019 for Mac will effectively become useless next month.

• EU OS: A Bold Step Toward Digital Sovereignty for Europe
  Image
  A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
  What Is EU OS?
  EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
  
  Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
  The Vision Behind EU OS
  The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
  
  Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
  
  However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
  Conclusion
  EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
  
  Source: It's FOSS
  European Union

• Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
  
  In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
  
  On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
  
  Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
  
  The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
  
  Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
  
  You can download the latest kernel here.
  Linus Torvalds kernel

• AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
  Image
  AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
  
  This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
  
  Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
  
  Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
  
  Source: 9to5Linux
  AerynOS

• Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
  Image
  Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
  
  Here’s a quick overview of what’s new in Xojo 2025r1:
  1. Linux ARM IDE Support
  Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
  2. Web Drag and Drop
  One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
  3. Direct App Store Publishing
  Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
  4. New Desktop and Mobile Features
  This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
  5. Performance and IDE Enhancements
  Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
  What Does This Mean for Developers?
  Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
  How to Get Started
  Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
  
  Download Xojo 2025r1 today at xojo.com.
  Final Thoughts
  With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
  Xojo ARM

• New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
  
  Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
  
  Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
  
  Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest. 
  
  Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
  
  Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
  
  Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
  
  By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
  Windows

• Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
  
  The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally. 
  
  As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
  
  In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions. 
  
  After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
  
  The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
  
  At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
  
  The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
  Security

• Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
  
  The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
  
  A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
  
  This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem. 
  
  The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
  
  On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
  
  In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
  kernel

• Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
  
  Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
  
  The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
  
  Here is what Linus Torvalds had to say in today's announcement:
  Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds

• Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
  
  Want to interact with ChatGPT from your Linux desktop without using a web browser?
  
  Bavarder, a new app, allows you to do just that.
  
  Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
  
  With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
  
  During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
  
  At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
  
  As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
  
  Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
  ChatGPT AI

• LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
  
  Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
  
  Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
  
  LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
  
  You can download LibreOffice 7.5.3 directly from the LibreOffice website��or from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
  
  All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
  
  In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
  
  Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
  
  The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
  LibreOffice