|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- Debian libinput Important Code Execution Vulnerability DLA-4626-1
Two vulnerabilities were found in libinput, an input device management and event handling library. CVE-2022-1215 libinput did not properly handled evdev devices, which may potentially be exploited by malicious local users in specific setup to execute arbitrary
- Homebrew 6.0.0 released
Version6.0.0 of the Homebrewpackage-management system has been released. Notable changes in thisrelease include the introduction of tap trust to improvesupply-chain security, improvements in sandboxing on Linux, a numberof performance tweaks, and many other changes.
See the changelogfor a full list. LWN covered Homebrew inNovember 2025.
- [$] Automatic mTHP creation in 7.2
The Linux kernel has long tried to use huge pages as a way to improveperformance, sometimes with more success than others. The size of hugepages has traditionally been imposed by the hardware, which typically onlyoffers a couple of relatively large options. In more recent times, though,the use of multi-size transparent huge pages (mTHPs), with more flexiblesizing implemented in software, has been growing. If all goes well, the7.2 development cycle will include the addition of a new feature,contributed by Nico Pache, to make the use of mTHPs even more transparent.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, podman, poppler, and postgresql-jdbc), Debian (chromium, jackson-core, libdbi-perl, and libinput), Fedora (httpd, rust, and xmlstarlet), Mageia (openssh, postfix, and roundcubemail), Oracle (frr, kernel, libyang, n, postgresql-jdbc, and unbound), Red Hat (.NET 10.0, .NET 8.0, .NET 9.0, redis, and redis:7), SUSE (agama-web-ui, cockpit, cosign, glibc, google-cloud-sap-agent, google-osconfig-agent, kanidm, kernel, kubernetes, kubernetes1.23, kubernetes1.24, kubernetes1.25, kubernetes1.27, kubernetes1.28, libpodofo-devel, libyang, NetworkManager-libreswan, openCryptoki, python311-pypdf, rclone, steampipe, wicked, and xen), and Ubuntu (exim4, libcrypt-saltedhash-perl, libhttp-daemon-perl, samba, and uriparser).
- [$] LWN.net Weekly Edition for June 11, 2026
Inside this week's LWN.net Weekly Edition:
Front: Suspicious AI activity in Fedora; fork() + exec(); splice() + vmsplice(); BPF loop verification; fanotify; trusted publishing. Briefs: CA age bill; Bundler cooldowns; insecure code completion; Asahi and macOS 27 beta; Buildroot 2026.05; Ubuntu MATE; rsync 3.4.4; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- Larson: Are insecure code completions a vulnerability?
Seth Larson, the Python Software Foundation's securitydeveloper-in-residence, has writtenabout the difficulty in classifying insecure code completion inthe PyCharm IDE usingits FullLine code completion plugin. Larson discovered that the plugin,which uses a local "deep learning module" to offer code completions,suggests code that would lead to severe vulnerabilities. He was unsurewhether it warranted a CVE or not, however:
I reported this behavior to JetBrains for "Full Line Code Completion" v253.29346.142and clearly their support staff weren't certain whether this defectwas a security vulnerability or not either. When I asked topublish a blog post about this behavior after they confirmedthis report wasn't a "direct security vulnerability" (whichI agree with) but then was asked not to publicize my report and referred toPyCharm's Coordinated Disclosure Policyso... which is it? Security vulnerability or not?
I ended up waiting the 90 days anyway and I didn't hear back withany substantive update from the development team. I double-checkedagain today using "Full Line Code Completion" v261.24374.152 and thebehavior is identical, suggesting the same insecure code for bothcontexts.
This isn't meant to be a specific dig at PyCharm or JetBrains, Ihave no-doubt that examples like this exist in every code generationmodel available.
- [$] AI agent runs amok in Fedora and elsewhere
Agentic AI systems can be used to do a variety of thingsautonomously on behalf of a human user: open or manage bugs, generatecode, submit pull-requests, and (apparently) even complain aboutrejection. In May, a Fedora developer discovered that an allegedlyrogue agent had been pestering the project in a number of ways:reassigning bugs, fabricating unhelpful replies to bugs, and evenpersuading maintainers to merge questionable code into the Anacondainstaller. It also submitted a number of pull requests (PRs),some accepted, to several upstream projects. The Fedora accountassociated with the agent has had its group privileges revoked and themesses have been mopped up, but the motive behind the agent's actions is stilla mystery.
- Buildroot 2026.05 released
Version2026.05 of the Buildroot toolhas been released. Buildroot simplifies and automates the process ofbuilding embedded Linux systems using cross-compilation. Notablechanges in this release include support for Arm Neoverse cores,addition of XFS rootfs generation, as well as many package updates andbug fixes. See the CHANGESfile for the full list.
- Security updates for Wednesday
Security updates have been issued by AlmaLinux (poppler), Debian (dnsmasq, mistral, okular, openssl, poppler, and strongswan), Fedora (exim, firefox, pcs, putty, and xorg-x11-server), Mageia (freeciv, golang-x-net, jq, libssh, libxmp, libxpm, minetest, ruby-net-ssh, tor, and wireshark), SUSE (389-ds, ack, agama-web-ui, amazon-ssm-agent, avahi, dpkg, elemental-register, elemental-system-agent, elemental-toolkit, ggml-devel-9500, go1.25, go1.26, kernel, kubernetes1.23, kubernetes1.24, kubernetes1.26, libsoup, mariadb, netty, netty-tcnative, NetworkManager, nginx, perl-CryptX, perl-XML-LibXML, podofo, polkit, python-Django, python-requests, samba, strongswan, vim, and xen), and Ubuntu (cyborg, gdk-pixbuf, golang-golang-x-net-dev, nginx, node-lodash, openssl, openssl, openssl1.0, qemu, tomcat9, tomcat10, and vim).
- Future of Ubuntu MATE
Thomas Ward has publishedan update about the future of the Ubuntu MATE project, which did not have a26.04 release with the other Ubuntu flavors inApril:
There is a new team working on Ubuntu MATE who have stepped up tohelp take over flavor management. They haven't formally introducedthemselves yet, but I can safely say that other developers HAVEstepped up for the future of the MATE flavor, despite its prior teamlead having stepped down.
[...] Ultimately, this means that they are working to cover themissed items and gaps, and may quite possibly have a 26.10 release inOctober of 2026, which I believe they most likely are targeting.
This also means that bugs in the MATE environment and in packagesthey normally would have shipped had they have a 26.04 release arestill going to get attention and fixes. So, effectively, nothing haschanged. The only difference is that there was no 26.04 installerimage released.
For those looking to install a MATE desktop on a "clean" install ofUbuntu 26.04, Ward suggests installing Ubuntu Server and theninstalling the ubuntu-mate-desktop package.
- [$] Eliminating long-lived credentials with trusted publishing
Trustedpublishing is an authentication mechanism that relies onshort-lived credentials to reduce the risk of supply-chain attacks. Atthe 2026 OpenSource Summit North America, Mike Fiedler walked the audiencethrough why trusted publishing exists, how it works, and made the casefor its adoption. It is not a silver bullet against all attacks, butit does offer protection against theft of long-lived credentials usedto publish to package registries.
- Git 2.55-rc0 Released With Rust Enabled By Default
Git 2.55-rc0 is out today as the first tagged test version of the forthcoming Git 2.55 distributed version control system. Most notable with Git 2.55 is that Rust support is being enabled by default...
- youyeetoo updates R1 SBC and lists K1 N100-based x86 computer
youyeetoo has updated its R1 single-board computer to version 3.0 and has also listed the K1, a palm-sized x86 edge computer based on Intel’s Alder Lake-N N100 processor. The two systems are aimed at compact AIoT, embedded, industrial, and edge computing applications, but use different processor platforms and expansion layouts. The youyeetoo R1 v3.0 remains […]
- Linux's KVM Preps For APX Support In VMs
Among the Kernel-based Virtual Machine (KVM) work being queued ahead of the upcoming Linux 7.2 merge window are preparations for supporting Advanced Performance Extensions within KVM virtual machines...
- China Lures Foreign Patients With Cutting-Edge, Cheap Medical Care
An anonymous reader quotes a report from Bloomberg: While traditional hotspots in the region such as Thailand, South Korea and Malaysia focus on services such as cosmetic surgery, IVF or physicals, China is trying to differentiate itself by providing some of the world's most advanced procedures. "There are two reasons why a patient travels for medical treatments: availability of advanced treatments and price," said Victor Cao, operations director of Joyful Medical, an agency in Shanghai that connects international patients to advanced cancer therapies in China. "Chinese people used to travel overseas for treatments that were not available at home, but now tables have turned." As expanding visa-free policies eased travel in the past year or so, videos are proliferating on social media of foreigners recounting their positive experiences of treatment in China, usually for consumer procedures like acupuncture and tooth scaling. But one treatment that's more quietly gaining traction is CAR-T, among the most promising breakthroughs in oncology but unavailable in most countries, or extremely costly. The process sees doctors collect T cells from the patient's blood then modify them in a lab to produce a special receptor, CAR, that can bind to a specific protein on cancer cells. These engineered cells are then multiplied into large numbers and infused back into the patient. The CAR-T cells seek out cancer cells carrying the target antigen and kill them. In the US, one single infusion can cost between $300,000 to $475,000, according to the American Cancer Society. In China, the equivalent costs about $150,000 to $180,000, and it could get even cheaper -- its drug regulator recently accepted a marketing application for a therapy aimed to be priced below 300,000 yuan ($44,000). China's medical tourism market remains in its infancy. Lecheng International Medical Tourism Pilot Zone in Hainan, which was designated as the country's only special medical zone in 2013, treated just a few thousand foreign medical tourists last year, compared to hundreds of thousands of domestic patients who visited. There, patients can access advanced drugs, devices, and therapies approved in other countries but not elsewhere in mainland China. But China is pushing to upgrade its economy and reshape its global image from just a manufacturing hub into a provider of high-value services, and demand for medical tourism is surging. Globally, the market is estimated at around $34 billion and expected to reach $126 billion by 2035, according to San Francisco-based Grand View Research. Meanwhile, China's sector is projected to grow from $1.3 billion in 2025 to $3.4 billion by 2035, according to New York-based firm Market Research Future. "The patients chose China for something they can't get at home," said Shi Haoying, the group's founder and chief executive officer. "I think the growing attention to medical tourism to China is the inevitable result of long-term accumulation and development in many areas, such as growing medical technologies, quality of service and cost-effectiveness." Jeroen Groenewegen-Lau, an analyst at the Mercator Institute for China Studies, added: "Many new treatments, including in very advanced areas, are made in China but too advanced for the state of its healthcare system and the ability of its patients to pay for these things. It's in China's interest to integrate into the international system."
 
Read more of this story at Slashdot.
- Study Links Smartphones With Declining Fertility Rates
Two recent studies argue that smartphones may have contributed to falling birthrates by reducing in-person social interaction, sexual frequency, and other conditions tied to unintended pregnancies. "One of the studies published in May is called 'The Collapse of Teen Fertility in the Digital Era' and the other, published just Monday, is titled 'Is the iPhone Birth Control? Causal Evidence from AT&T's 2007-2011 Carrier Monopoly,'" reports KTLA. "Both were chronicled in a New York Times piece by political writer Sabrina Tavernise on Monday." Slashdot reader sabbede submitted the story. From the report: The one from May, authored by two University of Cincinnati professors, posits that teen fertility "collapsed globally" starting around 2007 -- the same year the first iPhone was released. "Smart phones changed how teens spend time with each other ... this change in turn drove the collapse in teen fertility," the study's abstract reads. "Once enough teens are on the phone, being on the phone is where the peer network is; in-person time falls sharply, and with it the unstructured contact in which most unintended teen conceptions occur." The study claimed that countries "across the income and policy spectrum" were affected by the teen fertility drop, and that researchers used data from multiple countries, including the U.S., England and Wales, to rule out "country-specific contraceptive access and welfare reform stories." "This model predicts that the shift towards the phone-mediated equilibrium affects multiple aspects of teen behavior," the abstract continues, concluding that "the same instrument that produces a collapse in teen fertility produces a surge in teen suicides." The study published on Monday looks more closely at the United States, explaining that nationwide general fertility rates have fallen 22% since 2007. "[This is] a sustained decline not readily explained by economic conditions, contraceptive use, housing or childcare costs, or other commonly cited factors," the National Bureau of Economic Researchers study states. "We assess the potential role of a different shock: the diffusion of the smartphone." As mentioned before, the first iPhone was rolled out in 2007, and this study makes use of that timeframe as "a natural experiment" by using data from 2007 through 2011, when iPhones were only sold on AT&T. "From June 2007 through February 2011, the device was sold only on AT&T, allowing us to identify its effect from variation in AT&T's mobile broadband coverage," the study says. "Entropy-balanced Poisson and synthetic difference-in-differences event studies imply that access to the iPhone reduced births by 4.5-8.0% at ages 15-19 and 3.2-6.6% at ages 20-24, with statistically significant but smaller declines among older cohorts. Placebo analyses applied to Verizon and Sprint's pre-2011 coverage footprint are null. Taken together, these cohort effects imply that the diffusion of the iPhone deepened the decline in births among women under 30 while suppressing the rise in births among older women." "Overall, the diffusion of the iPhone explains 33-52% of the decline in the general fertility rate among women aged 15-44," researchers continued. "National-survey evidence on time use and sexual behavior is consistent with the iPhone reducing in-person interactions, increasing pornography use and reducing sexual frequency."
Read more of this story at Slashdot.
- Poland To Jail Online Streamers of Violent Crime For Up To 5 Years
Polish lawmakers have voted to criminalize "trash streaming," with up to five years in prison for online broadcasts of serious crimes such as rape or murder, animal cruelty, humiliating violence, gambling promotion, or even simulated depictions of those acts. Reuters reports: The move is part of a broader push by Poland to tighten regulation of online content. Recent measures include banning the use of mobile phones by children under 16 in schools and introducing stricter age verification rules to access pornography. Under the new provisions, broadcasting crimes punishable by more than five years in prison, including murder or rape, will itself be classed as a separate offence punishable by up to five years behind bars. The law also covers content showing cruelty to animals, violence aimed at humiliating others, and the promotion of gambling. The same penalties will apply to individuals who simulate or falsely portray the commission of such crimes while streaming, lawmakers said.
Read more of this story at Slashdot.
- Coinbase Launches Tool To Let AI Agents Manage Trading and Payments
Coinbase has launched Coinbase for Agents, a tool that lets AI agents like ChatGPT or Claude execute crypto trades and manage payments on a user's behalf. "For example, customers can prompt their agent to rebalance portfolios, identify trading opportunities, execute strategies and manage positions over time," reports CNBC. "It will eventually expand these capabilities to stocks and predictions." From the report: [U]sing Coinbase's machine-to-machine payments protocol, called x402, agents can pay directly for digital services like paywalled research, data APIs and on-demand compute without a human in the loop -- and execute trades based on those insights. The company sees this stage of agentic payments, which lets customers bypass the need to manage traditional logins or subscriptions, as a precursor to agentic shopping, where agents browse, find the best deals, select and make purchases on users' behalf. [...] The whole idea is to give agents access to money and, through that financial independence, improve their set of capabilities to pretty much anything on the internet," Lincoln Murr, Coinbase's AI product lead, told CNBC. "In the 2010s, every internet company dealt with the transition from desktop and web into a mobile environment. And now in the late 2020s, we're seeing the exact same thing happen where agents are going to be the new primary economic actors on the internet." The x402 protocol was created in May 2025 and has seen more than 100 million transactions since its debut, Murr said. There are about 157,000 agents acting as buyers using the protocol in the past 30 days, according to x402scan.com. "We saw immediate demand and interest in the ability for agents to pay for things autonomously and that was a huge waking up moment for us [on] the ability of agents to become these new primary financial actors across the internet," he said.
Read more of this story at Slashdot.
- Euro-Office 1.0 Arrives To Open-Source Infighting: 'Compatibility Is Not Sovereignty'
An anonymous reader quotes a report from ZDNet: If digital sovereignty is important to you, and it certainly is in the European Union (EU), then you'll be pleased to know that EuroOffice, a new open-source browser-based office suite alternative to Microsoft 365 and Google Workspace, has officially reached its first stable release. A coalition of EU-based companies, including Nextcloud, Ionos, and other Euro-Stack participants, is positioning Euro-Office as a cornerstone of European digital sovereignty. However, The Document Foundation (TDF), LibreOffice's steward, accuses the project of reinforcing Microsoft's document lock-in, which TDF argues isn't friendly to open standards. Setting aside the open-source politics for the moment, here's what Euro-Office brings you. The release went live on June 9. It is, however, not a stand-alone office suite. As the software's backers explain in a FAQ, "Euro-Office is more of an integration component. It merely handles document editing itself. Storage, as well as navigation, permissions, and sharing logic, have to be offered by a platform it is integrated in, like Proton Docs, Nextcloud Hub, or OpenProject." So, while you can install Euro-Office on your own Linux server, you'll need to integrate it yourself. If you're not a Linux expert, however, don't give up hope. Some companies have already released packaged, ready-to-install Euro-Office stacks, including Nextcloud Hub 26 Spring, Ionos' Nextcloud Workspace, and Office.eu. These initial deployments are web-based rather than standalone desktop suites. The goal, organizers say, is to give European organizations a way to host their office suite on EU infrastructure under EU law, while maintaining an experience familiar to Microsoft Office users. Specifically, Euro-Office is meant to be "a solution for editing documents, spreadsheets, and presentations, developed as a true sovereign community collaboration of over a dozen different organizations." TDF's main objection is that Euro-Office's decision to default to Microsoft's OOXML format undercuts its claims of European digital sovereignty, since OOXML remains closely tied to Microsoft Office behavior and control. "Compatibility is not sovereignty," TDF warned, saying a European-branded suite that saves files in OOXML by default "is de facto an ally of Microsoft in its content lock-in strategy."
Read more of this story at Slashdot.
- ACLU Sues After Facial Recognition Falsely Identifies Florida Man As a Child Abductor
fjo3 shares a report from Reason: Police arrested a man in Florida for attempted child abduction in a town he had never visited, and the only evidence linking him to the crime was an AI facial recognition hit. Represented by the American Civil Liberties Union (ACLU), he is now suing the officers and agencies who put him through it. [...] According to a police report, facial recognition software concluded with 93 percent confidence that the suspect was Robert Dillon. [...] The ACLU is now suing the city of Jacksonville Beach, as well as the individual police officers and officials involved in the case. According to the lawsuit (PDF), the responding officer viewed security camera footage of the suspect but didn't take a copy; instead, he took pictures of the screen with his cell phone. "In the photos, the suspect image is low resolution, and the suspect's face is partially shadowed and off-axis," the lawsuit claims. When an investigator queried the facial recognition system, it was with the officer's grainy secondhand cell phone photos. [...] But as the ACLU notes, facial recognition's accuracy "depends significantly on the quality of the probe image. Lower-quality images contain less interpretable facial data, degrading the system's ability to produce a reliable template." At the very least, it requires a much better source image. Besides, no such investigative tool should form the sole basis for an arrest warrant. "If you came to me with a facial recognition hit and that was your probable cause, I would probably kick you out of my office because that's not how it works," Jacksonville Sheriff T.K. Waters told local news. (Waters is among those being sued in the ACLU lawsuit, because it was an investigator from the Jacksonville Sheriff's Office who ran the grainy photo through facial recognition and advised O'Connell it was a "93% match" to Dillon.)
Read more of this story at Slashdot.
- OpenAI Mulls Slashing Prices As It Competes With Anthropic For Users
OpenAI is reportedly considering sharp price cuts for paid access to its AI models as competition with Anthropic intensifies and both companies race for users ahead of potential IPOs. "The company is weighing significant cuts to what it charges for tokens, the unit of measurement artificial-intelligence firms use to bill for their products," the Wall Street Journal said, adding that it was "in anticipation of similar cuts the company expects at Anthropic." CNBC reports: The ChatGPT producer, which did not immediately respond to CNBC's requests for comment, currently charges consumers in tiered subscriptions of $8, $20 and $100 and above each month for access to its flagship GPT-5.5 models. Anthropic conversely charges users $17 each month with an annual subscription to Claude Pro, and $100 and above monthly for a subscription to Claude Max. OpenAI confidentially filed for an IPO on Monday, just a week after Anthropic made its own filing.
Read more of this story at Slashdot.
- Opendoor Ends India Operations, Fueling a Bigger Conversation About AI and Outsourcing
Opendoor is shutting down its India operations less than two years after opening offices there. Slashdot reader alternative_right shares a post from Opendoor CEO Kaz Nejatian: "I shared this note earlier today with the entire team at Opendoor. Today we began to say goodbye to our colleagues in India as we wind down our India operations. Our customers are in America, and that's where our operational work belongs." TechCrunch reports: In announcing the decision on Wednesday, CEO Kaz Nejatian cited a push to bring operational work back to the U.S., where Opendoor's customers are, and a shift toward smaller AI-native teams. The company did not respond to requests for comment on how many employees were affected or how much of the decision was driven by AI efficiency. But the announcement quickly gained traction across Silicon Valley, where founders, investors, and outsourcing experts see it as an early example of how AI is reshaping the economics that made India a global hub for back-office operations. [...] Some investors viewed the decision as a sign of what AI could mean for India's vast outsourcing workforce. "As manual work gets replaced by AI, a lot of jobs will be lost in India," wrote Sheel Mohnot, co-founder of Better Tomorrow Ventures. Others viewed Opendoor as evidence of a larger shift in how companies are organized. Keshav Lohia, a venture capitalist at Emergent Ventures, described the decision as a "watershed moment" for AI-driven operations, arguing that advances in AI are beginning to challenge the cost-arbitrage model that made India a popular offshoring destination. Phil Fersht, chief executive of HFS Research, an advisory firm that tracks the global outsourcing and business services industry, told TechCrunch that the development should not be viewed simply as jobs moving from India to the U.S. The more important shift, he said, is that AI is reducing the amount of operational labor companies require in the first place, allowing firms to run leaner organizations regardless of location. "This is not an isolated restructuring," Fersht said. "It is part of a much broader pattern we are starting to see as companies redesign operations around AI, automation, and much leaner workflows." Fersht argued that the winners would be companies that combine AI, software and human expertise to deliver outcomes without continually adding headcount, a model he described as "Services-as-Software." While Opendoor may be one of the first high-profile examples, he said it is unlikely to be the last. Some investors are already extrapolating beyond individual companies. Varun Rekhi, a venture capitalist at Speedinvest, argued that if AI reduces demand for labor-intensive services, it could eventually pressure one of India's most important export industries, which is built around supplying talent and expertise to global corporations.
Read more of this story at Slashdot.
- Xbox CEO Says Current Margins 'Cannot Continue'
Xbox CEO Asha Sharma and Chief Content Officer Matt Booty told staff that Xbox's current economics "cannot continue," citing more than $20 billion in spending over five years, declining revenue outside Activision Blizzard King, console supply constraints tied to RAMaggedon, and an overextended studio portfolio. The memo stops short of announcing layoffs, but a Bloomberg report says substantial Xbox cuts are expected after Microsoft's fiscal year ends on June 30. Engadget reports: The takeaways are pretty grim. For starters, the simple math of Xbox's revenue isn't adding up to success. "Excluding Activision Blizzard King, over the past five years, we have spent over $20 billion on ongoing investments in our content, platform, and hardware subsidy, but our annual revenue has declined nearly half a billion during that time," the execs state. "Going forward, this cannot continue." They also acknowledge the impact of RAMaggedon: "We are currently unable to make as many consoles as players want to buy, and we need a new business model and partnerships for hardware as we remain committed to Helix." (Helix, in this case, is Project Helix, the codename for Xbox's new console.) Then there's the kicker, a renewed admission that Xbox still can't support the many studios it acquired in the late 2010s in an effort to grow its first-party game ambitions. "We have found ourselves over extended as we executed on changing strategies in a landscape of more readily available content," the pair said, noting elsewhere that with so many good games, not to mention the plethora of other forms of entertainment available, "Going forward, our competition is attention."
Read more of this story at Slashdot.
- OpenAI Says China Launched Influence Campaign To Shape US Attitudes On AI Datacenters
An anonymous reader quotes a report from Politico: China was likely behind an online influence operation to sway U.S. perceptions of artificial intelligence technology and reshape the debate in Washington around the infrastructure needed to support it, according to research from OpenAI published Wednesday. OpenAI said it caught the influence campaign because China-backed operatives were using ChatGPT to create content for the social media campaign. [...] OpenAI's researchers identified two clusters of ChatGPT users "likely originating from China" who used the AI chatbot to generate social media content "in support of apparent covert influence operations" promoting certain narratives about AI. This includes claims that data center build-outs are raising electricity costs for the average American family and that President Donald Trump has weaponized tariffs to keep the U.S. ahead in the global tech race. These accounts have since been banned, the report said. One cluster of users asked ChatGPT to generate images and comments pushing these narratives. These comments were then posted on social media by "batches of accounts" posing as Americans, [said Ben Nimmo, principal investigator of intelligence and investigations at OpenAI]. Another cluster identified by researchers used AI to generate social media content criticizing the Trump administration's tariffs as an attempt to "dominate technological competition." Prompts used for this campaign were submitted in Simplified Chinese and asked that AI-generated content not include Chinese President Xi Jinping and focus solely on Trump -- a possible tell that China was behind the operation, according to the report. Nimmo said that the influence campaign amplified existing public backlash in the U.S. against the creation of new AI data centers, which has resulted in dozens of proposed moratoriums at the local, state and national level. "Neither campaign appears to have gained much authentic engagement," Nimmo said. "They're important for what they reveal about the intentions of influence operators from China, and the narratives they're testing and seeking to amplify, but not for the impact."
Read more of this story at Slashdot.
- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Mesa 26.2 Preps For AMD GFX1156 For New, Post-Strix-Halo RDNA 3.5 Graphics
Being submitted on the kernel side with the upcoming Linux 7.2 kernel is initial support for the GFX 11.5.6 graphics IP block along with several other newer IP blocks such as SDMA 6.4, NBIO 7.11.5, IH 6.4, HDP 6.4, MMHUB 3.4.2, SMU 15.0.5, ATHUB 3.4.2, and VPE 2.2. Now in user-space for the Mesa RadeonSI Gallium3D and RADV Vulkan drivers is the GFX1156 (GFX 11.5.6) support being prepared too...
- Git 2.55-rc0 Released With Rust Enabled By Default
Git 2.55-rc0 is out today as the first tagged test version of the forthcoming Git 2.55 distributed version control system. Most notable with Git 2.55 is that Rust support is being enabled by default...
- Intel9s Open Image Denoise 2.5 Delivers Solid Performance Improvements For GPUs
Intel's Open Image Denoise is the open-source project providing a high performance denoising library for ray-tracing and used by the likes of Blender and other renderers/creative apps for powerful denoising capabilities. Released last week was Open Image Denoise 2.5 with some very nice performance improvements for Intel GPUs...
- GNOME Foundation Announces First Participants Of Fellowship Program
Back in March the GNOME Foundation announced a fellowship program. The GNOME fellowship program will help with the long-term sustainability of the GNOME desktop and looked to fund independent/community contributors over a twelve month period. Today the first recipients of the fellowship program have been announced...
- Web browsers on video game consoles
Video game consoles have a long history with web browsers. From the advent of the World Wide Web, consoles have been trying to get online. Browsers on video game consoles were initially very much an attempt to provide a cheap gateway to the web for a casual audience lacking technical expertise, though as time progressed they’ve become a greater and more integrated part of systems. This article takes a look at browsers on video game consoles in detail, though only covers official web browsers. Many consoles have browsers installable via custom firmware and homebrew, but they’re beyond the scope of this post, as are non-web systems such as Satellaview and online services that didn’t provide a browser, such as XBAND, Sega Meganet, and Sega Channel. ↫ Declan Chidlow The article starts off with the Philips CD-I, which has always been a fascinating product for technology fans in The Netherlands because that�s where Philips is from. Memory that far back is untrustworthy, but I can definitely remember being inundated with commercials, advertising, magazine articles, and newspaper reports about the CD-I, all throughout its rather troubled life. Yet, I don�t remember anything about it being capable of browsing a rudimentary web. Of course, we�re talking 1995 here, a time when I didn�t even have internet at home yet, although I did use the web at a friend�s place at that time. We didn�t get internet at home until I think 1997 or 1998, followed by the move to broadband cable internet just a year later, since our small rural town happened to be one of the first places to get broadband. Good times. Did anyone ever actually use browsers on consoles, though? I mean, using them always felt incredibly clunky, and by the time they were capable enough to really do anything we all had laptops and later smartphones anyway. I certainly don�t remember anyone using them for anything but a gimmick, but perhaps my sample size was far too small and not diverse enough.
- MacOS 27 drops Intel support, will be last release with Rosetta 2
With the announcement of an upcoming new macOS release also come the usual changes in which Macs will still be supported. MacOS 27 Golden Gate is an important release in this regard, as it will be the first release of Apple�s desktop operating system that will be entirely ARM-only, dropping support for all Intel Macs. It�s important to note that Apple will provide three more years of security updates for the final Intel release of macOS, so Intel users won�t be dropped like a brick immediately. Still, the Intel Mac Pro was still being sold all the way up until mid-2023, and I�d be royally pissed off if my expensive 2023 Intel Mac went out of support a mere six years after purchase. They weren�t cheap machines, and while you can argue everybody knew the writing was on the wall for the Intel Mac Pro in 2023, it still feels way too short of a supported lifespan for such an expensive, high-end piece of equipment. It didn�t sell many units, I�m sure, but still. In addition, MacOS 27 will be the last release to include the Rosetta 2 translation layer that allows Intel binaries to run on ARM macOS. I have no idea how many important applications are still Intel-only, but I have a feeling that number is going to be relatively small, and will become even smaller as the first macOS release without Rosetta 2 support nears release. On top op of that, I�m sure enterprising users will find a way to transplant Rosetta 2 onto unsupported macOS releases, and if all else fails, there�s always virtual machines.
- Once again, Apple blatantly lies about the EU�s DMA
Apple recently announced its next crack at integrating AI! into its operating systems, this time opting to simply whitelabel Google�s Gemini AI! tools instead of developing its own LLM technology. Called Siri AI!, Apple also stated it�s not coming to the EU, and the company stated that�s because the EU�s basic consumer protection legislation would give other AI! tools unprecedented access! to user data on users� devices. The company made a big stink about this in the press. As anyone with basic pattern recognition skills already knew, this was a blatant, baldfaced lie. What really happened is that Apple asked the EU for an 18-month long exemption from the EU�s consumer protection and privacy legislation during which it would not have to comply with any legal privacy and interoperability requirements � just so it could roll out Siri AI! before anyone else could offer a competing product for Apple users. Obviously, the EU wasn�t going to grant such an exemption. The decision not to roll out Siri AI in the EU is Apple�s and Apple�s only,! spokesperson Thomas Regnier told reporters in Brussels, saying there was nothing in the Digital Markets Act to stop the company from introducing new products in the EU. Apple was simply unable to develop interoperability solutions that meet essential EU privacy and security standards,! Regnier said. Instead of trying to find a suitable compliance solution, Apple simply made a request to the European Commission to be exempted from their interoperability obligations under the DMA � and this for at least 18 months. That�s not an option,! Regnier said. ↫ Inti Landauro and Foo Yun Chee at Reuters So what�s really going on here is that Apple wants to offer a set of whitelabeled Google Gemini tools on iOS and macOS in the EU, but because Apple is classified as a gatekeeper, it is legally obligated to offer interoperability options for competing AI! tools. These options in turn need to adhere to the EU�s strict privacy regulations, so that competing AI! tools can offer the same level of privacy that Apple�s own whitelabeled Google Gemini tools claim to offer. Apple didn�t want to offer these privacy-respecting interoperability options as required by law, so instead of following the law in the countries it wants to operate in, Apple asked to be placed above the law for at least 18 months, basically giving Siri AI! a massive head-start over possible competitors so that it could entrench itself in the userbase. The EU saw right through Apple�s nonsense, and now called them out on their bullshit. Perhaps Apple has gotten so used to openly bribing Trump that they forgot other parts of the world don�t work that way. Whenever Apple and its PR attack dogs say anything about the EU, you can be assured they are lying. They have proven time and time again to basically never speak a single word of truth when it comes to its dealings in the EU. It�s almost pathological at this point, and what makes it doubly interesting is that Apple will not launch Siri AI! in China either, for the very same regulatory reasons � yet all China got was a single footnote in a press release. I wonder why.
- Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow
For a while now the transition away from Manifest V2 (MV2) to MV3 has been on-going and it looks like it is entering its final phase of deprecation, at least, in the case of Google Chrome. A recent discussion thread in the w3c WebExtensions Community Group GitHub repo has highlighted how the latest and upcoming versions of the most popular browser are expected to be its final releases with support for MV2 extensions. ↫ Sayan Sen at Neowin You shouldn�t be using Chrome anyway.
- A raycasting first-person shooter written in COBOL
On a related note, what about a raycasting first-person shooter written in0 COBOL? Can you think of a better programming language than COBOL to implement an FPS from scratch? I know I can�t, so buckle up and enjoy what can only be described as an out-of-body experience for COBOL enthusiasts as I set out to make a Wolfenstein3D-like raycasting based FPS game (and potentially go a bit further than that, hopefully it�s not a DOOMed attempt). ↫ icitry on YouTube I don�t link to YouTube videos very often, but there�s always the exception that proves the rule. The COBOL code�s available on GitHub. What a mad man.
- Catlantean 3D: making graphics like it�s 1993
My goal was to build a complete, shippable first-person shooter using techniques that were common in the early 90s, while allowing myself the luxury of using a modern compiler and a platform abstraction layer. ↫ Marko Stanic It looks amazing already, and it isn�t even done. Stanic goes into great detail explaining how he created the various assets for the game, and it�s a joy to read through his creative process and problem-solving routines. The game�s called Catlantean 3D, and is expected to ship somewhere early 2027.
- Microsoft makes Windows printing easier with Windows Ready Print
Microsoft has detailed that Windows 11 is going to switch away from dedicated printer drivers to its Windows Ready Print system. This should make it a lot easier and less cumbersome to get printers running on Windows 11. At the core of Windows Ready Print is a transition away from legacy, third party drive-based workflows toward modern, standards-based printing with IPP (Internet Printing Protocol) using the Windows inbox IPP printer driver.` Starting in July 2026, new printer installations will default to Windows Ready Print where supported, enabling a simpler and more reliable setup experience. This change reduces the need for traditional driver management and lays the foundation for a more scalable and predictable print experience. ↫ elliesekine at the Windows Tech Community Printers still play a huge role in our lives � whether we like it or not � and their terrible user experience is basically a meme a this point. Making at least one aspect of printing easier, less cumbersome, and more streamlined is incredibly welcome, and I�m glad Microsoft is taking the Windows printing ecosystem along for the ride on this one. My own personal experience with printing on Linux and now on Windows 11 (as promised, I�ve been using nothing but Windows 11 since 26 May!) has been mostly effortless already. Our cheap networked printer/scanner/combo thing from HP just works! on both Linux and Windows 11, since Windows downloads HP�s drivers and application automatically when detecting the printer on the network. Still, not having to use HP�s driver would be a nice bonus. Coincidentally, I also managed to get the printer component of our HP combo thing working on0 HP-UX 11i v1. Despite being more than two decades newer, our HP printer works perfectly with a printer definition file included in HP-UX, giving me full printing from CDE and the rest of HP-UX. It�s entirely useless and cost me an evening of my life, but seeing the test page and other documents from HP-UX come out of our printer, over the network, put a big smile on my face.
- German court rules Google is liable for whatever Google�s AI! generates
It�s just a ruling from a lower court, but it sets the stage for how European courts are going to deal with the question of who is liable for whatever slop AI! generates. The Regional Court of Munich hit Google with a temporary injunction barring the company from spreading false claims about two Munich-based publishers through its AI-generated search overviews (case no. 26 O 869/26). The court classified Google as a direct infringer because the AI overview! is its own content, not just a list of search results. Google�s AI overviews had falsely tied two publishing companies to scams, subscription traps, and shady business practices for certain search queries. According to the court, the AI mixed up information about other, genuinely sketchy companies with the plaintiffs and drew connections that didn�t appear in any of the linked sources. The publishers sent Google a cease-and-desist letter, but Google didn�t respond appropriately. ↫ Matthias Bastian at The Decoder Google tried to argue it doesn�t carry any responsibility or liability for whatever slop its AI! generate, but the German court does not agree. According to the court, AI! overviews are not the same as regular search results, because they rewrite findings and just make shit up, thereby making claims that are nowhere to be found in any search results (or in reality in general). Furthermore, the court states that Google develops the AI!, it runs it, it offers it to users, and Google alone controls its output, and as such, Google is liable for whatever their AI! produces. Google also tried to argue that users know not to trust anything an AI! produces, which is hilarious considering how hard Google is pushing these tools, but the courts state that the ability of users to do further research does not absolve Google of liability. In addition, the court made it very clear that free speech protections absolutely do not apply, because the AI! expressions are coming from an algorithm, not a person, and are above all an expression of Google�s business activities!. In other words, if an AI! tool generates false accusations and misleading statements, the creator of said AI! is liable. With this ruling in hand, countless other people have a stronger case to make whenever Google or any other company tries to absolve itself from liability from slop just because a pachinko machine generated it. Excellent news, and the only fair outcome.
- Eagle Computer: the rise and fall of an early PC clone
When it comes to 80s computer brands, few flew as high as Eagle Computer flew in 1983. The aptly named company was selling 12,000 computers a month and had been doubling sales every quarter under the leadership of a talented CEO. Then Eagle lost its CEO, Dennis Barnhart, in a crashed Ferrari on the day of its IPO, June 8, 1983. In this blog post, we’ll explore the reasons Eagle Computer fell, because there was more to it than just the tragic story involving its CEO. ↫ Dave Farquhar Just one of the many early PC companies that died off, even if Eagle died off before many of the other big players. It must�ve been such a vibrant and fascinating time to be into PCs and computers in general at that time, with so many companies and players to choose from. Shame about the 308 GTS.
- Introducing brand new OSNews merch with the new logo!
A new logo means new merch! I�m launching brand new merch today, all featuring the brand new OSNews logo. We�ve got the classic T-shirt with the new OSNews logo, in sandy white and terrain grey. They�re made from sustainably-grown and processed cotton, come in a variety of sizes, and ship worldwide. The crowdpleaser is also making its triumphant return: the OSNews coffee mug, now also with the new logo and a green-on-white two-tone design. It holds coffee and tea, of course, but feel free to use it for whatever you want. Grow a plant in it! A newcomer is the OSNews Mousepad � a basic, no-nonsense, no-frills mousepad that does exactly what it�s supposed to do, in a classic square(ish) formfactor. It makes for a great companion to any (retro) setup, but feels particularly at home with BeOS and OS/2. One merch item remains from our previous collection: the ever-popular Gemini shirt and longsleeve, with a retro ASCII-art OSNews logo in bright green on deep black. It�s like staring at a real classic CRT. On your chest. Don�t sit too close. As always, every price is set so that for every item sold, roughly €8 goes to OSNews. I will add the proceeds to our fundraiser tracker, so this is yet another way to support us, together with Ko-Fi donations, SEPA direct bank transfers, and Patreon.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
- KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
|
