All the News that Matters

• Slackware 15.0 Kernel Important Network Security Fix 2026-144-01
  New kernel packages are available for Slackware 15.0 and -current to fix a security issue.

• openSUSE Tumbleweed mcphost Moderate Security Update 2026-10845-1
  An update that solves 5 vulnerabilities can now be installed.

• openSUSE Tumbleweed apptainer Moderate 6 Security Fixes 2026-10842-1
  An update that solves 6 vulnerabilities can now be installed.

• openSUSE Tumbleweed Moderate perl-YAML-Syck Update CVE-2026-5089
  An update that solves one vulnerability can now be installed.

• openSUSE Tumbleweed hauler Moderate Fix for 4 Vulns 2026-10843-1
  An update that solves 4 vulnerabilities can now be installed.

• openSUSE Tumbleweed rqlite Security Advisory - CVE-2026-33814 Alert
  An update that solves one vulnerability can now be installed.

• openSUSE Tumbleweed provides key update for JFrog CLI on CVE-2025-11579
  An update that solves one vulnerability can now be installed.

• Debian 11 Node.js Major Denial of Service Warning DLA-4598-1 CVE-2025-59465
  Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or information disclosure. For Debian 11 bullseye, these problems have been fixed in version 12.22.12~dfsg-1~deb11u8. We recommend that you upgrade your nodejs packages.

• Fedora 42 evince Significant Command Injection Resolution CVE-2026-46529
  Fix command injection CVE-2026-46529

• Fedora 43 python-requests Significant Patch CVE-2026-25645
  2.33.1 (2026-03-30) Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed Content-Type header parsing for malformed values.

• Fedora 43 python-pulp-glue Important Bugfix CVE-2026-25645
  2.33.1 (2026-03-30) Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed Content-Type header parsing for malformed values.

• Fedora 43 httpd Critical Arbitrary Code Execution Buffer Overflow Alerts
  new version 2.4.67

• Debian Trixie Linux Major Denial of Service Privilege Escalation DSA-6295-1
  Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.90-1. Additionally this update includes a fix for a

• Fedora 42 Kernel Important Security Fix Update 2026-b9f338a467
  The 6.19.14-108 stable kernel update contains a couple if important security fixes.

• Fedora 42 dotnet8.0 Important Runtime SDK Security Update CVE-2026-32175
  Update to .NET SDK 8.0.127 and Runtime 8.0.27 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/8.0/8.0.27/8.0.127.md

• Fedora 42 dotnet SDK Critical Patch CVE-2026-32175 CVE-2026-32177
  Update to .NET SDK 9.0.117 and Runtime 9.0.16 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/9.0/9.0.16/9.0.117.md

• Fedora 42 dotnet10.0 Important Fixes for CVE-2026-32175 2026-ef4291bd79
  Update to .NET SDK 10.0.108 and Runtime 10.0.8 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/10.0/10.0.8/10.0.108.md

• Fedora 42 docker-buildkit Vulnerable to CVE-2026-39984 Certificate Issues
  Update to release v0.30.0 Resolves CVE-2026-39984: rhbz#2458929 Upstream new features and fixes

• Fedora 42 docker-buildx Critical Improper Certificate Valid 2026-95f37c21d5
  Update to release v0.34.0 Resolves: rhbz#2467576 Resolves CVE-2026-39984: rhbz#2458930 Upstream new features and fixes

• Fedora 42 Python 3.15 Vulnerability 2026 Risk of Arbitrary Code Execution
  A new prerelease of Python 3.15 with fixes to several CVEs.

• Fedora 42 NSS Update 3.123.1 Security Fix for Firefox 151.0
  Update NSS to 3.123.1 Update to Firefox 151.0

• Fedora 42 Firefox NSS Update 3.123.1 Enhancement 2026-7f6ee801e2
  Update NSS to 3.123.1 Update to Firefox 151.0

• openSUSE Leap 16.0 Critical Chromium Security Issue Advisory 2026-20775-1
  An update that solves 95 vulnerabilities and has one bug fix can now be installed.

• Fedora 43 dotnet8.0 Update Resolves CVEs Including 2026-3e509b1444
  Update to .NET SDK 8.0.127 and Runtime 8.0.27 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/8.0/8.0.27/8.0.127.md

• Fedora 43 perl-Apache-Session-Browseable Critical Session Security Flaw
  This update has improvements to generate more secure session IDs (CVE-2026-8503).

• Fedora 43 brings vital dotnet10.0 updates to fix runtime vulnerabilities
  Update to .NET SDK 10.0.108 and Runtime 10.0.8 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/10.0/10.0.8/10.0.108.md

• Fedora 43 Dotnet 9.0 Critical Update on CVE-2026-32175 Security Flaw
  Update to .NET SDK 9.0.117 and Runtime 9.0.16 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/9.0/9.0.16/9.0.117.md

• Fedora 43 docker-buildkit Moderate CVE-2026-39984 Improper Validation Issue
  Update to release v0.30.0 Resolves CVE-2026-39984: rhbz#2458929 Upstream new features and fixes

• Fedora 43 docker-buildx Important Improper Certificate Valid CVE-2026-39984
  Update to release v0.34.0 Resolves: rhbz#2467576 Resolves CVE-2026-39984: rhbz#2458930 Upstream new features and fixes

• Fedora 43 Python 3.15 Security Advisory 2026-e2ada1fa1e
  New prerelease of Python 3.15, containing fixes to a few CVEs.

• Fedora 43 Pie 1.4.4 Dependencies Update Security Advisory 2026-b7427db462
  Version 1.4.4 Dependencies Update Composer to 2.9.8 Version 1.4.3 add output check for dnf permission denied thanks to @asgrim and @hackel

• Fedora 43 Composer Important Fix GitHub Token Validation 2026-3e8172bbdb
  Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2)

• openSUSE Tumbleweed python311-impacket Moderate CVE-2025-33073
  An update that solves one vulnerability can now be installed.

• openSUSE Cockpit Important Remote Code Exec Fix CVE-2026-4802
  An update that fixes one vulnerability is now available.

• Fedora 44 Chromium Critical Use After Free Heap Issues 2026-c758d44a9a
  Update to 148.0.7778.178 CVE-2026-9111: Use after free in WebRTC CVE-2026-9110: Inappropriate implementation in UI CVE-2026-9112: Use after free in GPU CVE-2026-9113: Out of bounds read in GPU

• Fedora 44 dotnet8.0 Important SDK Update CVE-2026-32175 2026-223f4839fc
  Update to .NET SDK 8.0.127 and Runtime 8.0.27 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/8.0/8.0.27/8.0.127.md

• Fedora 44 perl-Apache-Session-Browseable Severe Session ID Vulnerability
  This update has improvements to generate more secure session IDs (CVE-2026-8503).

• Fedora 44 dotnet10.0 Important SDK Runtime Update 2026-0d598afbf9
  Update to .NET SDK 10.0.108 and Runtime 10.0.8 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/10.0/10.0.8/10.0.108.md

• Fedora 44 dotnet9.0 Significant Code Execution Resolution 2026-9c63a012b9
  Update to .NET SDK 9.0.117 and Runtime 9.0.16 Fixes: CVE-2026-32175,CVE-2026-32177,CVE-2026-35433,CVE-2026-42899 Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/9.0/9.0.16/9.0.117.md

• Fedora 44 docker-buildkit High Improper Certificate Validation CVE-2026-39984
  Update to release v0.30.0 Resolves CVE-2026-39984: rhbz#2458929 Upstream new features and fixes

• Fedora 44 docker-buildx 0.34.0 CVE-2026-39984 Fix Improper Validation
  Update to release v0.34.0 Resolves: rhbz#2467576 Resolves CVE-2026-39984: rhbz#2458930 Upstream new features and fixes

• Fedora Python 3.15 Severe Command Injection Arbitrary Exec Vulnerability
  New prerelease of Python 3.15 with several CVE fixes

• Fedora 44 pie 1.4.4 Dependencies Update Advisory 2026-3d8d946f69
  Version 1.4.4 Dependencies Update Composer to 2.9.8 Version 1.4.3 add output check for dnf permission denied thanks to @asgrim and @hackel

• Fedora 44 Composer 2.9.8 Security GitHub Token Fix Advisory 2026-bd05cb6c4d
  Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2)

• Debian libgcrypt Denial of Service Security Advisory DSA-6294-1
  It was discovered that an incorrect implementation of ECDH encryption (with NIST, Brainpool, X448, or X25519 curves) within Libgcrypt could result in denial of service. For the oldstable distribution (bookworm), this problem has been fixed in version 1.10.1-3+deb12u1.

• Debian Bullseye atril Key Command Injection Patch DLA-4597-1 CVE-2026-46529
  It was discovered that atril, a simple multi-page document viewer, is prone to a command injection vulnerability if a specially crafted PDF file is opened. For Debian 11 bullseye, this problem has been fixed in version 1.24.0-1+deb11u2.

• Debian krb5 Important NegoEx Denial of Service Vuln DSA-6293-1
  Cem Onat Karagun discovered two vulnerabilities in the NegoEx parsing in krb5, the MIT implementation of Kerberos. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service. For the oldstable distribution (bookworm), this problem has been fixed in version 1.20.1-2+deb12u5.

• Ubuntu 20.04 18.04 Critical Linux Kernel Escalation Issues USN-8280-2
  Several security issues were fixed in the Linux kernel.

• Ubuntu 18.04 LTS Linux Kernel Privilege Escalation Vulnerability USN-8281-2
  Several security issues were fixed in the Linux kernel.

• Ubuntu 20.04 LTS Linux-GCP OverlayFS Privilege Escalation USN-8297-1
  Several security issues were fixed in the Linux kernel.

• Sway 1.12 Wayland Compositor Released with HDR10 and Window Capture
  Sway 1.12 lands with HDR10 support via the Vulkan renderer, individual window capture, wlroots 0.20, and new Wayland protocols.

• Jetway BFNZASL2 supports pfSense and OpenWrt in a fanless form factor
  The Jetway BFNZASL2 is a fanless embedded networking system built around Intel processors including the Intel Atom x7835RE (Amston Lake), Intel Processor N97, and Intel Atom x7425E. The platform features four 2.5GbE interfaces with optional Wi-Fi 6 and 5G connectivity for networking and edge applications. The primary configuration uses the Intel Atom x7835RE processor with […]

• Build Debian GNU/Linux snapshots grub submenu on forky with timeshift on btrfs root
  In particular case several Google's AI Assistant proposals appeared to be questionable and were resolved in development phase. This post is immediate follow up for Setup Timeshift on Debian forky with btrfs root https://lxer.com/module/newswire/view/365056/index.html

• KernelScript 0.1 Debuts as a New Language for eBPF Development
  KernelScript 0.1 introduces an experimental type-safe DSL for writing eBPF, userspace, and kernelspace code from one codebase.

• Ubuntu-Based Rhino Linux 2026.1 Introduces Lomiri Edition, Powered by Linux 7.0
  The Rhino Linux team released Rhino Linux 2026.1 today as the latest stable ISO snapshot of this Ubuntu-based distribution, offering a rolling-release model on top of the Xfce desktop environment.

• Mercury is an Optimized Variant of Firefox (Installation + Tips)
  Discover the Mercury browser, a Firefox variant with specialized customization and modification by the developer to provide an exceptional experience.

• MX Linux 25.2 Released with Linux 7.0 AHS Kernel
  MX Linux 25.2 is now available with Linux 7.0 on the AHS edition, Debian 13.5 base updates, and refreshed ISO images.

• Intel Introducing USB4STREAM Protocol For Linux - Opening Up Some Nifty Uses For USB4
  An exciting Intel innovation expected to be added for the upcoming Linux 7.2 kernel is introducing the new USB4STREAM protocol for USB4/Thunderbolt as a "super simple" way to "basically just transfer raw packets from one host to another". This can be useful for quickly backing up a system from one host to another, sharing of web cameras or other peripherals across systems, or other environments where not having networking or wanting to avoid the traditional Linux networking stack...

• ESP32-S31 development boards bring Wi-Fi 6, audio, camera, and HMI features
  Earlier announced in March with the unveiling of the ESP32-S31 SoC, Espressif has now launched the ESP32-S31-Korvo-1 multimedia development board, while documentation additionally references the ESP32-S31-Function-CoreBoard-1 connectivity-oriented board. Both platforms are built around the ESP32-S31-WROOM-3 module and target multimedia, audio, display, and connected IoT applications. The ESP32-S31 is Espressif’s latest dual-core RISC-V SoC featuring Wi-Fi […]

• 9to5Linux Weekly Roundup: May 24th, 2026
  The 293rd installment of the 9to5Linux Weekly Roundup is here for the week ending May 24th, 2026, keeping you updated on the most important developments in the Linux world.

• FSF Shows Strength With 46 LibreLocal Meetups in 2026
  With Richard Stallman back on the road and FSF backing 46 community-focused LibreLocal meetups worldwide, the free software movement looks anything but finished.

• Valkey 9.1 In-Memory Data Store Released with Database-Level ACLs
  Valkey 9.1 in-memory data store adds database-level ACLs, JSON logging, Lua modularization, TLS updates, and performance improvements.

• Linux 7.1-rc5 Released With Fixes Ramping Up From AI Coding Agents
  In the road to releasing Linux 7.1 in June, out today is Linux 7.1-rc5 that continues coming on heavy with fixes...

• MX Linux 25.2 “Infinity” Released with Linux Kernel 7.0, Based on Debian 13.5
  The MX Linux team announced today the general availability for download of MX Linux 25.2 as the second update in the MX Linux 25 “Infinity” series of this Debian-based distribution featuring Xfce, KDE Plasma, and Fluxbox flavors.

• Linuxiac Weekly Wrap-Up: Week 21, 2026 (May 18 – 24)
  Catch up on the latest Linux news: Rhino Linux 2026.1, Proxmox V? 9.2, Nitrux 6.1, Firefox 151, GNOME Commander 2.0, Microsoft Azure Linux 4, Linux Mint’s new screenshot tool, and more.

• Argon Industria PoE+ HATs add 25W Ethernet power and optional NVMe to Raspberry Pi 5
  Argon40 has introduced two Industria PoE+ HATs for the Raspberry Pi 5, providing power and data through a single Ethernet cable using the IEEE 802.3af/at PoE+ standard. Both boards deliver up to 25W output, supplying 5V/5A for full operation. The standard Argon Industria PoE+ HAT focuses on single-cable power and network connectivity, while the Argon […]

• FreeBSD Foundation Executive Director Tries Daily Driving FreeBSD On Laptop
  With FreeBSD having worked on improving its laptop support over the past two years with some big changes and ongoing efforts for making a nice KDE desktop experience on FreeBSD, FreeBSD Foundation's Executive Director has been trying to daily drive FreeBSD on laptops...

• Shelly 2.3.1 GUI Package Manager for Arch Linux Improves Notifications
  Shelly developer Zoey Bauer released Shelly 2.3.1 today as a new stable update to this open-source graphical package manager for Arch Linux-based distributions that adds new features and improvements.

• GitHub Copilot & Claude Code Helped With Graphics, WiFi Linux Driver Issues This Week
  For those curious about the growing use of AI and coding agents within the Linux kernel, this week there was another large batch of new patches fixed that were generated or co-authored by agents like Claude Code and GitHub Copilot...

• Open-Source z386 Brings Intel 80386 Microcode Back to Life
  z386 is an open-source 80386-class FPGA CPU core that uses recovered Intel 386 microcode to run DOS and protected-mode software.

• SpaceX Launches 29 Starlink Satellites on Memorial Day
  "The expansion of SpaceX's Starlink network of internet relay satellites continued Monday with a Memorial Day launch from Cape Canaveral Space Force Station," reports Spaceflight Now.The mission added another 29 Starlink satellites to more than 10,000 already in low Earth orbit:This was SpaceX's 60th orbital flight of the year, consisting of 59 Falcon 9 rockets and one Falcon Heavy rocket... Nearly 8.5 minutes after liftoff, [Falcon 9 first stage] B1078 landed on the drone ship, 'A Shortfall of Gravitas,' positioned in the Atlantic Ocean off the coast of South Carolina. This was the 151st landing for this vessel and the 614th booster landing to date for SpaceX. Meanwhile, the second stage shut down eight minutes and 39 seconds into flight and entered a coast phase, before short second burn at T+52 minutes. The stack of Starlink satellites deployed 61 minutes and 26 seconds after launch. On X.com SpaceX shared footage of the booster rocket landing, and a longer video showing Starship's 12th test flight Friday.
  
  
  Read more of this story at Slashdot.
  

• Will Big Tech Layoffs Bring a Culture Shift to Anxiety and Job Insecurity?
  Tech industry layoffs may be worse at large tech companies than the rest of the IT industry. The New York Times argues those layoffs have now shifted the culture at Big Tech companies, after interviewing more than two dozen of their workers. "Cooperation and collegiality are on the wane; chumminess between employees and managers has cooled as mutual suspicion pervades their relationships; and a throbbing economic anxiety infects almost every conversation. "Perhaps no site on the internet reflects this transformation more vividly than Blind, where users can post in private channels restricted to employees of a single company, or public channels visible to anyone..."Since 2022, large tech companies have collectively laid off more than 150,000 workers, unraveling what many tech workers once perceived as a guarantee of affluence and employability. The threat of being replaced by artificial intelligence has loomed over those who remain. This year alone, Amazon has indicated that it is laying off more than 15,000 workers, Block 4,000, Meta 8,000 and Oracle an estimated 30,000... By most measures, the sentiments that Blind tracks have taken a turn for the worse. During the nearly four years before tech companies began major layoffs in the fall of 2022, Meta and Microsoft employees posted about career success — topics like how to maximize their salary or win promotions — more than four times as often as they posted about job insecurity, according to Blind. Since then, the ratios have lurched in the opposite direction: Meta and Microsoft employees have posted about job insecurity roughly 1.5 times as often as they post about success... The shift has had practical effects. A Meta employee said in an interview that some workers on her team now used less vacation time and that, in a break with custom, people frequently checked on their projects while on vacation. They increasingly worry about getting a poor performance review or losing their job if they aren't constantly available. The employee, who declined to be identified for fear of retribution, said she and many of her colleagues frequently checked Blind because it could be comforting to see how many other Meta workers shared their anxieties. Employees at several companies said in interviews that their morale was further undermined by the feeling that the layoffs were abrupt and arbitrary, and executed with little empathy. Several tech workers said it was the scarcity of information about possible layoffs that raised their cortisol levels and made it difficult to focus on their jobs. They often fill the vacuum by turning to Blind, which, in addition to posts by workers, features a "tech layoff tracker" that lists both layoff rumors and those it has confirmed. "I was on Blind five days a week," said Faith Wilkins El, a software engineer who was laid off from Oracle in late March, after more than four years at the company. Wilkins El, who is part of the Oracle Workers Collective, a group seeking better severance agreements with the company, said navigating Blind was sometimes stressful because it was hard to know what was true or false. (Blind says it has a security team to weed out bad actors, like those who may try to register under fake email addresses.) Still, she found it more helpful than not because the layoffs came as less of a shock after she spent time on the site. "I was trying to get prepared mentally," she said. Blind is capitalizing on the increased interest with new products. It plans to unveil a service called Blind AI, which will allow employers to simulate their workers' reactions to certain changes, like a stricter in-office mandate. And it is close to releasing a feature to alert users that layoffs are imminent.
  
  
  Read more of this story at Slashdot.
  

• It's Like the Olympics - But Steroids Are Allowed
  "Think Olympics on steroids. Literally," quips the BBC, describing Sunday's controversial Enhanced Games event in Las Vegas featuring dozens of athletes "using performance-enhancing drugs to try and break world records in track, weightlifting and swimming. Some $25m (£18.6m) in prize money is up for grabs — with cash prizes for winners... The drugs they use must be legal, and approved by the Federal Drug Administration. But substances like testosterone and human growth hormone — banned by the World Anti-Doping Agency — are not only celebrated here, they're encouraged and for sale... Health experts warn that anabolic steroids and growth hormones can cause strokes and cardiovascular damage, among other risks. Event organisers claim Enhanced will push the limits of human performance while critics, especially in the Olympic movement, dismiss it as an affront to the spirit and founding principles of competitive sport... Earlier this month, the Enhanced Group — the company behind the competition — began trading on the New York Stock Exchange. And the competition is seemingly being treated as an opportunity for Enhanced to sell performance-enhancing medicine and supplements online. "The project was founded by entrepreneurs Aron D'Souza and Maximilian Martin in 2023," the artidcle points out, "and has attracted backing from prominent investors including billionaire Peter Thiel and Donald Trump Jr." And NPR adds that "Most of the participating athletes trained for the competition in Abu Dhabi, as part of Enhanced's own study."Enhanced did not break down what specific athletes used which drugs, but they announced on Wednesday in the lead-up to the event that 91% of the athletes competing used testosterone or testosterone esters, 79% used human growth hormone, and 62% used stimulants, such as adderall... The games have been largely panned by outside medical experts and sports governing bodies. Multiple recent studies assess the harm surrounding the Enhanced Games. Travis Tygart, the CEO of the U.S. Anti-Doping Agency, called the games a "dangerous clown show that puts profit over principle" in a statement. The International Olympic Committee said the games are a "betrayal of everything that we stand for." The World Anti-Doping Agency (WADA) last year urged U.S. authorities to stop the games. The International Federation of Sports Medicine said in 2024 that they see the medical oversight as "insufficient" to support theathletes.
  
  
  Read more of this story at Slashdot.
  

• California Executive Order Directs Businesses and State Agencies to Prepare for AI-Driven Workforce Disruption
  Thursday California's governor issued an executive order "directing state agencies to prepare workers and businesses for AI-driven workforce disruption," reports San Francisco's KQED. In a statement the governor said "This moment demands that we reimagine the entire system — how we work, how we govern, how we prepare people for the future."The order mandates agencies to explore a range of policy options, including severance standards, expanded unemployment insurance, job retraining programs aimed specifically at white-collar workers, worker ownership models and a concept the governor called "universal basic capital," giving all residents a stake in assets such as corporate stocks, bonds or wealth funds... Tom Kemp, executive director of the California Privacy Protection Agency, applauded the fact that the order named data privacy as a consumer protection concern and highlighted the CPPA's automated decision-making technology regulations, which he called "the nation's most comprehensive." Others are more skeptical. "Catastrophic job loss from AI is not inevitable, it's a political choice," Lorena Gonzalez, president of the California Federation of Labor Unions, AFL-CIO, wrote in a statement. However, Gonzalez noted one area of genuine agreement: the order's emphasis on collective bargaining as a tool for protecting workers from AI displacement... According to Stanford HAI's 2026 AI Index, software developers ages 22 to 25 are among those most likely to see their skills made redundant earliest. This year, U.S. employment fell nearly 20% from 2024, even as headcount for older developers continued to grow. Following the job cuts announced at Meta, a union of Alphabet workers in the U.S. and Canada released a statement that suggests Silicon Valley's own labor force may seek to organize... "It's undeniable that our whole industry is being transformed by the corporate push to adopt new AI tools," [Alphabet Workers Union-CWA Local 9009 said in a statement]. "It's hard not to feel anxiety and fear when we can see more and more tech companies cutting huge portions of their workforce both in anticipation of replacing them with AI, and to fund their multi-billion-dollar bets on AI as the future of the industry..." In February, AFL-CIO President Liz Shuler and Gonzalez delivered what amounted to an ultimatum to Newsom: regulate AI or lose labor's support for any future presidential run. Shuler called a potential AI-driven economic collapse a coming "crisis." In August 2025, Newsom announced a partnership with Google, Microsoft, IBM and Adobe to expand AI education in California schools and community colleges, a workforce preparation push that now looks like a precursor to Thursday's more sweeping order. The article notes that after signing the bill the governor shared this comment on X.com. "California will pursue new policies that make sure working Californians — not just Big Tech — benefit from the wealth and breakthroughs coming out of this space." Newsom telegraphed Thursday's order earlier this week, when he appeared at the Center for American Progress IDEAS Conference in Washington. "Businesses are going to make a fortune, and that's why you cannot continue to have a payroll tax system that taxes jobs and then subsidizes automation."
  
  
  Read more of this story at Slashdot.
  

• AI 'Crashes the Party' at This Year's Cannes Film Festival - Including Multi-Year Meta Partnership
  AI "crashed the party" at this year's Cannes Film Festival, writes The Hollywood Reporter. The festival exposed "the fault lines reshaping cinema," their article argues, including how "AI is here — and the industry has stopped pretending otherwise."A humanoid robot spotted marching up and down the Croisette seemed to sum up the worst AI fears of the film industry — the machines have arrived and they are taking your place. But inside the Palais and the market tents, the conversation over artificial intelligence had moved beyond fear into something more like uneasy acceptance. Fighting AI "is a battle we will lose," said Demi Moore, a Cannes jury member this year, at the festival's opening press conference, suggesting the film industry needs to "find ways in which we can work with it." That's not the official Cannes line. The festival has banned films using generative artificial intelligence from its competition lineup. But at the Cannes film market, and in discussions at industry events over the past two weeks, the tone has shifted. AI-friendly tech giant Meta signed on as an official partner to the festival in a multiyear deal. Its AI tools were used to help produce an [out of competition] festival entry: Steven Soderbergh's documentary John Lennon: The Last Interview. [Meta's press release announcing the partnership touts "our creator partnerships," their Meta AI assistant, and "our latest AI and wearable technologies" including Ray-Ban Meta AI features for smartglasses like "AI-powered translations that break down language barriers in real-time".] At the Marché du Film [film market], there was an "AI for Talent Summit" that took the AI revolution as given, focusing instead on ethical AI use, data sovereignty and on the ways the technology can be used to enhance, rather than replace, creativity. For the indie film industry, it felt like a turning point.
  
  
  Read more of this story at Slashdot.
  

• FreeBSD Foundation Executive Director Tries Daily Driving FreeBSD On Laptop
  Phoronix reports on a presentation about trying FreeBSD on modern Framework laptop from last week's Open Source Summit hosted by the Linux Foundation:With FreeBSD having worked on improving its laptop support over the past two years with some big changes and ongoing efforts for making a nice KDE desktop experience on FreeBSD, FreeBSD Foundation's Executive Director has been trying to daily drive FreeBSD on laptops... With the Framework Laptop, the touchscreen "just worked" as did other basic functionality from the KDE desktop on FreeBSD, including peripherals like a wireless mouse. Among the challenges were Zoom failing for video calls but eventually working, the web camera took steps to enable, and Microsoft Teams only partially worked. With the help of online resources, ultimately she was able to succeed in her journey of running FreeBSD daily on a laptop.
  
  
  Read more of this story at Slashdot.
  

• Canonical Is Shutting Down Ubuntu Pastebin
  "Canonical says Ubuntu Pastebin will be decommissioned at the end of May 2026," writes Slashdot reader BrianFagioli, "as part of an infrastructure modernization effort."The announcement only appeared this week, giving the Linux community barely any warning before a service that has been tied to Ubuntu support culture for years suddenly disappears. Ubuntu Pastebin has long been used for sharing logs, crash reports, config files, and terminal output across IRC, Ask Ubuntu, forums, bug reports, Reddit, and countless troubleshooting guides scattered around the internet. The bigger concern is link rot. Once the shutdown happens, years of old support discussions could lose critical debugging information overnight. Community members have already pointed out that some Ubuntu packages and scripts still reference paste.ubuntu.com directly. While it is understandable that aging services eventually get retired, the extremely short transition period is rubbing many Linux users the wrong way, especially in a community where old documentation and archived troubleshooting threads still regularly help people solve problems a decade later.
  
  
  Read more of this story at Slashdot.
  

• Mozilla Brings Web Serial Workflows to Firefox, Collaborates With Adafruit
  The Web Serial API lets websites write to (and read from) serial devices using JavaScript, including USB and Bluetooth devices with virtual serial ports. And this week's Firefox 151 release introduced support for the Web Serial API on desktop. "Most folks won't use this API," acknowledges Mozilla's blog, "but for our community of builders and tinkerers, it unlocks the ability to use Firefox to communicate directly with compatible hardware devices like microcontrollers, development boards, and other serial-connected devices..."With Firefox's browser engine, Gecko, now supporting Web Serial, users can now connect, code, configure, and control compatible hardware directly from the browser in many workflows, often without additional software or complicated setup... As part of this week's launch, Adafruit, one of the internet's most beloved open-source hardware communities, is collaborating with us to test and validate what browser-based hardware development can look like in Firefox with Web Serial support... With Web Serial support in Firefox 151, Adafruit's browser-based hardware workflows now work directly in Firefox as well, with no additional software or complicated setup required for many projects. We invite you to give it a try... We want the web to be open, flexible, and shaped by the diversity of people building on it. If you're wiring up your first board, experimenting with hardware projects, or dusting off an old electronics kit, give Adafruit and Web Serial in Firefox a try. Build something amazing. Make something useful. Tell us what works. Tell us what breaks. Most of all, make it your own. Mozilla's "Hacks" blog demonstrates with an Adafruit ESP32-S2 based board "where messages sent from web code can be directly displayed on the device over Web Serial." And Mozilla engineer Alex Franchuk even built a handheld device that changes a web page's CSS properties.
  
  
  Read more of this story at Slashdot.
  

• Disney's 'Star Wars: The Mandalorian and Grogu' Opens to 'Mixed' Box Office Results
  It's "the first time in seven years that a new Star Wars film has launched on the big screen," writes CNBC. And Variety notes it's expected to earn $102 million through Monday:[B]ox office analysts are mixed on the results. On one hand, it's significant for any film to debut above $100 million in post-pandemic times. On the other, "Star Wars" is one of Hollywood's preeminent film properties, so there's an expectation of a certain level of box office. And this start is the worst for "Star Wars" since Disney bought the franchise in 2012. CNBC cites reports 41% of tickets were sold for more expensive large-format screenings like IMAX and DolbyCinema. So how's the movie? Rotten Tomatoes shows an 89% positive rating from moviegoers on its "popcornmeter" and a 62% average score from professional movie critics. And Ars Technica writes that "The plot is predictable, the fight scenes are meh, but you can't beat the charm of that little green Grogu." So while there's "a paint-by-numbers plot," they add that "the little green puppet pretty much carries the entire film."The new film is ... fine. It's an average Star Wars outing, and it will give families a solid Memorial Day Weekend entertainment option. It's just not the spectacular home run that might have helped launch the flagging franchise into an exciting new era, and diehard Star Wars fans hoping for more are probably going to be disappointed. Of course, not everyone agrees. "How many nails can we realistically drive into Star Wars's coffin before it's time to give up hope of resuscitation?" writes Clarisse Loughrey for The Independent, calling it "the dullest and most inconsequential 'Star Wars' ever made." (She argues that the movie "stitches together what is clearly three episodes of the previously planned fourth season of The Mandalorian and calls it a day. There's not a whiff of effort here.") And a reviewer at RogerEbert.com gave it one-and-a-half stars, complaining that "There's no reason for anything in this movie except the wish to make even more money...."I'm on record as despising the word "content," which was pushed by early tech moguls to devalue art as interchangeable goo in a virtual pipeline, but this washed-out, video-game-looking movie, with its murky night scenes and lack of visual depth, deserves the word. You've seen everything in it before, from the equipment, spacecraft, armor, and tactical maneuvers to the species and various types of terrain (earthlike, but cartoony)... Even Grogu taxes our patience. Some of his cute bits could've ended with him facing the camera and doing jazz hands.
  
  
  Read more of this story at Slashdot.
  

• Apple Preparing New 'Gen AI' Website Ahead of WWDC — and New AI Features?
  Apple just registered a new subdomain record: genai.apple.com. The domain was spotted by a MacRumors contributing researcher, and though it doesn't yet lead to a live web page, they believe it's tied to Apple's annual developers conference WWDC which starts June 8, "where the company has promised to announce 'AI advancements' across its software platforms." The blog 9to5Mac speculates that "All signs point to WWDC 2026 being Apple's major AI renaissance, where the company will live up to the promises it made back at WWDC 2024, as well as a few additional new announcements."[I]it goes without saying that this is probably related to Apple's upcoming generative AI announcements at WWDC... Siri should finally be able to understand more personal context, have on screen awareness, and be able to take action in apps for you. This'll finally be made possible thanks to Apple's new partnership with Google, where Apple will be using Gemini-diffused models hosted on Private Cloud Compute to power Siri... Apple will also reportedly be introducing a new Siri app. This'll allow you to access your previous Siri conversations, as well as have text-based conversations with Siri. Other Apple Intelligence upgrades coming at WWDC 2026 include the ability to generate wallet passes from physical tickets, new editing features in the Photos app, and additional functionality for Visual Intelligence...
  
  
  Read more of this story at Slashdot.
  

• Wind and Solar Generated More Power Than Gas Globally in April
  Last month saw a world first, reports Electrek. Wind and solar generated more power globally than gas:According to new analysis from independent energy think tank Ember, wind and solar produced 22% of the world's electricity in April 2026, compared to 20% from gas. Together, the two renewable sources generated a record 531 terawatt-hours (TWh) of electricity during the month, 54 TWh more than gas plants generated globally, at 477 TWh... Five years ago, in April 2021, gas generation was almost identical to today's level at 476 TWh. But back then, wind and solar combined generated just 245 TWh — less than half of what they produced this April... Wind and solar generation increased across nearly every major market reporting April data... April tends to be the strongest month for this kind of milestone because spring weather in the Northern Hemisphere usually brings a combination of strong wind generation, rising solar output, and lower electricity demand between heating and cooling seasons. Still, the broader trend is clear. Ember's recent Global Electricity Review found that wind and solar met all global electricity demand growth in 2025. "Governments around the world are also ramping up renewable energy targets to reduce dependence on volatile fossil fuel imports..."
  
  
  Read more of this story at Slashdot.
  

• Scammers Are Abusing an Internal Microsoft Account to Send Spam Links
  "For months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used for sending legitimate account alerts," TechCrunch reports:[The scammers] have been able to set up new Microsoft accounts as if they are new customers and use that access to send out emails purportedly from the tech giant, potentially tricking people into thinking these emails are genuine... Last week, I received several, similarly structured emails containing subject lines and web links to scammy sites from Microsoft across different email accounts. These crudely made emails were sent from msonlineservicesteam@microsoftonline.com, an email account that Microsoft uses to send important notifications to users, such as two-factor authentication codes and other critical alerts about their online account. Some of these emails' subject lines resembled official emails that would alert users to fraudulent transactions, while other emails claimed to have a private message waiting for the recipient at a web address mentioned in the email body. In a social post on Tuesday, anti-spam nonprofit The Spamhaus Project said it had also seen Microsoft's account notification email address being abused to send spam and that the activity dated back "several months." A PR representative told TechCrunch that Microsoft was "actively investigating" and "taking action against these phishing reports to help keep customers protected," with measures that include "removing accounts that violate our Terms of Use" and "further strengthening our detection and blocking mechanisms." TechCrunch suggests the issue may not be limited to Microsoft. "Other users commenting on social media say that other companies' email addresses are also being used to send out spam."
  
  
  Read more of this story at Slashdot.
  

• Lenovo, Dell, and HP Financially Support Linux Vendor Firmware Service
  The It's FOSS blog has news about the Linux Vendor Firmware Service, which gives hardware vendors a secure portal to upload firmware updates "which can then be downloaded and installed by users through clients such as GNOME Software or fwupdmgr." (Originally developed in 2015 by GNOME maintainer Richard Hughes...)The issue, however, obviously, had been funding with the largest contributors being the usual suspects, Framework and Open Source Framework Foundation, at $10K a year. Recently, however, Lenovo and Dell joined suite as Premier sponsors, which is the highest tier at $100K a year each, making the project more sustainable and manageable. These companies contributing makes a lot of sense, considering they are two of the bigger computer companies which offer Linux by default in some cases, especially with Lenovo's ThinkPads being the Linux users' favorite for decades. And now... HP has followed suit as a Premier sponsor, also providing $100K a year, right alongside Dell and Lenovo... The question still remains, however, where are the other vendors? What are they waiting for... This major move by these three companies should not only be seen as a sign of relief and wider acceptance of the usage of Linux, but as a beacon for other vendors to follow, who ought to make their hardware more accessible to the open-source community.
  
  
  Read more of this story at Slashdot.
  

• More Videogames Developers Consider Unionization - Some Spurred By Changes to Remote Work Policies
  Developers for several top videogames have joined unions under the Communication Workers of America — including Call of Duty, Fallout, Overwatch, Diablo and World of Warcraft. Last month workers on the online game Magic: The Gathering Arena team announced their own CWA union. The gaming news site Aftermath shares some interesting details:Owner Hasbro and Wizards of the Coast could have voluntarily agreed to the union, but instead the issue is going to an official vote with the National Labor Relations Board in June... [O]ne Arena developer shared on Bluesky that one of the reasons they were inspired to organize was because Wizards changed its remote work policy, requiring them to move across the country or to a more expensive state to remain employed. (Changes to remote work have been one of the big drivers of unionization and union action among video game developers.) If the union is successful, the company wouldn't be able to unilaterally change working conditions like remote work; it would have to negotiate with the union over the decision. There's no guarantee unionized employees would get what they want, but they'd have more of a say, and the opportunity to directly influence their work situation, than they would without a union.
  
  
  Read more of this story at Slashdot.
  

• 'Underminr' CDN Vulnerability Hides Malicious Traffic Behind Trusted Domains
  Slashdot reader wiredmikey writes: Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly 88 million domains and can bypass DNS filtering and protective DNS controls, potentially enabling stealthy command-and-control communications and other evasive attacks. Dubbed "Underminr," the exploit "presents the SNI and HTTP Host of a domain," writes SecurityWeek, "while forcing a request to the IP address of another tenant on the same shared edge."The mismatch, ADAMnetworks reports, has been exploited in attacks targeting large-scale hosting providers, including those that have implemented mitigations against domain fronting... Threat actors' increased reliance on AI is expected to lead to a surge in attacks. "Once Underminr becomes parametric information for AI-generated malware, we could expect to see it in every attack that needs to evade protective DNS as part of the attack chain," ADAMnetworks CEO David Redekop says.
  
  
  Read more of this story at Slashdot.
  

• Implementing Secure Zero-Touch Provisioning in AI and Edge Infrastructure
  By Juha Holkkola, FusionLayer Group How DHCP Changed Connectivity In the late 1990s, the DHCP (Dynamic Host Configuration Protocol) quietly catalyzed a revolution in digital connectivity. Before DHCP was introduced, connecting devices to a network involved manual entry of IP addresses, DNS servers, subnet masks, and gateways. Networks were fragile, prone to errors, and severely [0]
  
  The post Implementing Secure Zero-Touch Provisioning in AI and Edge Infrastructure appeared first on Linux.com.
  

• From DHCP to SZTP – The Trust Revolution
  By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
  
  The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
  

• Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship
  Sustaining a Core Part of the Linux Ecosystem The Linux Foundation has announced a second year of sponsorship for the ongoing maintenance of the Linux manual pages (man-pages) project, led by Alejandro (Alex) Colomar. This critical initiative is made possible through the continued support of Google, Hudson River Trading, and Meta, who have renewed their [0]
  
  The post Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two
  In Part One of this series, we examined how the SONiC control plane and the VPP data plane form a cohesive, software-defined routing stack through the Switch Abstraction Interface.` We outlined how SONiC’s Redis-based orchestration and VPP’s user-space packet engine come together to create a high-performance, open router architecture. In this second part, we’ll turn [0]
  
  The post Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One
  The networking industry is undergoing a fundamental architectural transformation, driven by the relentless demands of cloud-scale data centers and the rise of software-defined infrastructure. At the heart of this evolution is the principle of disaggregation: the systematic unbundling of components that were once tightly integrated within proprietary, monolithic systems.` This movement began with the separation [0]
  
  The post Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One appeared first on Linux.com.
  

• Kubernetes on Bare Metal for Maximum Performance
  When teams consider deploying Kubernetes, one of the first questions that arises is: where should it run? The default answer is often the public cloud, thanks to its flexibility and ease of use. However, a growing number of organizations are revisiting the advantages of running Kubernetes directly on bare metal servers. For workloads that demand [0]
  
  The post Kubernetes on Bare Metal for Maximum Performance appeared first on Linux.com.
  

• How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM
  This article was contributed by Vedrana Vidulin, Head of Responsible AI Unit at Intellias (LinkedIn). As AI becomes central to smart devices, embedded systems, and edge computing, the ability to run language models locally — without relying on the cloud — is essential. Whether its for reducing latency, improving data privacy, or enabling offline functionality, local AI [0]
  
  The post How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM appeared first on Linux.com.
  

• Automating Compliance Management with UTMStacks Open Source SIEM 8 XDR
  Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth. Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions [0]
  
  The post Automating Compliance Management with UTMStacks Open Source SIEM & XDR appeared first on Linux.com.
  

• A Simple Way to Install Talos Linux on Any Machine, with Any Provider
  Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence [0]
  
  The post A Simple Way to Install Talos Linux on Any Machine, with Any Provider appeared first on Linux.com.
  

• Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
  OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
  
  The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
  

Engadget"Engadget - Technology News & Expert Reviews"

• Sennheiser's Momentum 5 headphones are all about the audio and ANC upgrades
  Sennheiser9s latest Momentum headphones offer key audio and ANC improvements, including Dolby Atmos with head tracking.

• Ferrari Luce unveiled: Here's the first car from Jony Ive's design house
  Our first look at a complete version of Ferrari9s upcoming luxury EV that was designed by LoveFrom.

• Chicks hatched from artificial eggshells, a new mission to study Earth's magnetosphere and more science stories
  This week's science news.

• Myst and Riven remakes, the return of Bubsy and other new indie games worth checking out
  Among the indie games we9ve seen worth checking out is a puzzle platformer inspired by mental health challenges and turning failures into progress.

• Oppo Find X9 Ultra vs. Vivo X300 Ultra: Battle of the telephoto smartphones
  We put the Oppo Find X9 Ultra up against the Vivo X300 Ultra to see which telephoto smartphone reigns supreme.

• Epic Games reveals a first look at Unreal Engine 6 with a Rocket League makeover
  We still don't have a release date for the new game engine.

• We're going to be watching the Legend of Zelda movie sooner than expected
  The Legend of Zelda is now landing in theaters on April 30.

• Dell's new 14S and 16S are the replacement for its old Plus models
  The new models are now available, with prices starting at $1,270.

• Alienware's first affordable gaming laptop is arriving at the perfect time
  The entry-level Alienware 15 starts at $1,299 with an AMD CPU or $1,349 for an Intel config.

• Motorola Razr Fold review: A worthy rival to Google and Samsung
  It even has native stylus support, which Samsung dropped on the Galaxy Z Fold 7.

• Windows Update will soon revert problematic drivers automatically
  The company is also trying to prevent driver problems before they happen with a new initiative.

• Tech companies lobbied away stricter rules on gas-powered data centers
  A corporate climate watchdog has dropped a rule proposal around clean energy certificates.

• Huawei claims it will make cutting-edge semiconductors by 2031
  The company said its next-gen chips will be "feasible and affordable."

• US reportedly allows 10 Chinese companies to buy NVIDIA's coveted H200 AI chips
  But Reuters says NVIDIA has yet to make any deliveries.

• Apple backs Google after EU orders Android be opened up to AI rivals
  The company agrees with Google that it would put European users9 privacy and safety at risk.

• Microsoft is retiring Copilot Mode on Edge, because everything is Copilot Mode now
  Copilot features are now available on Edge for mobile.

• KitchenAid launches its first smart thermometer
  There are single and dual probe models available.

• Netflix's ad tier now has a whopping 250 million monthly users
  Advertising has become big business for the streamer.

• Apple may open up the App Store to agentic AI
  But doing so could threaten its bottom line.

• Star Citizen has raised $1 billion, remains in early access after nine years
  Single-player spin-off Squadron 42 is 4in the closing stages4 but doesn9t have a release date either.

• EU OS: A Bold Step Toward Digital Sovereignty for Europe
  Image
  A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
  What Is EU OS?
  EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
  
  Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
  The Vision Behind EU OS
  The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
  
  Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
  
  However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
  Conclusion
  EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
  
  Source: It's FOSS
  European Union

• Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
  
  In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
  
  On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
  
  Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
  
  The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
  
  Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
  
  You can download the latest kernel here.
  Linus Torvalds kernel

• AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
  Image
  AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
  
  This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
  
  Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
  
  Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
  
  Source: 9to5Linux
  AerynOS

• Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
  Image
  Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
  
  Here’s a quick overview of what’s new in Xojo 2025r1:
  1. Linux ARM IDE Support
  Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
  2. Web Drag and Drop
  One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
  3. Direct App Store Publishing
  Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
  4. New Desktop and Mobile Features
  This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
  5. Performance and IDE Enhancements
  Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
  What Does This Mean for Developers?
  Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
  How to Get Started
  Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
  
  Download Xojo 2025r1 today at xojo.com.
  Final Thoughts
  With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
  Xojo ARM

• New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
  
  Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
  
  Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
  
  Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest. 
  
  Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
  
  Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
  
  Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
  
  By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
  Windows

• Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
  
  The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally. 
  
  As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
  
  In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions. 
  
  After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
  
  The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
  
  At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
  
  The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
  Security

• Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
  
  The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
  
  A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
  
  This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem. 
  
  The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
  
  On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
  
  In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
  kernel

• Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
  
  Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
  
  The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
  
  Here is what Linus Torvalds had to say in today's announcement:
  Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds

• Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
  
  Want to interact with ChatGPT from your Linux desktop without using a web browser?
  
  Bavarder, a new app, allows you to do just that.
  
  Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
  
  With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
  
  During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
  
  At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
  
  As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
  
  Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
  ChatGPT AI

• LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
  
  Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
  
  Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
  
  LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
  
  You can download LibreOffice 7.5.3 directly from the LibreOffice website��or from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
  
  All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
  
  In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
  
  Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
  
  The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
  LibreOffice