|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- Debian Bookworm Chromium Critical Code Execution DSA-6316-1
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 148.0.7778.215-1~deb12u1.
- Ombredanne: An AI agent ported our codebase from Python to Rust
Over on the AboutCode blog, leadmaintainer Philippe Ombredanne writesabout an agentic LLM system porting the ScanCodeToolkit to Rust. In the process, the LLM (or the people behind it)infringed the ScanCode trademark, stripped copyright and license notices,"and started an outreach campaign, without ever engaging the AboutCodecommunity". Ironically, the toolkit is used to scan source code and binaries inorder to figure out licensing and copyright information; it also reports onpackagedependencies, vulnerabilities, and more.This is worth repeating: A comprehensive test suite, decent documentation, and curated datasets is what makes automated porting possible. It is also what makes a codebase easier to replicate without understanding it.
The agent's initial approach, using an existing Rust license-detection library, failed to match ScanCode's output quality. The agent then did what any translator would do when a loose paraphrase fails: it copied the original more closely. The final port reproduces ScanCode's core algorithms, code organization, and data-driven architecture in Rust, not because the agent understood them, but because it had enough training data and test feedback to converge on equivalent code.
- [$] Representing the true signatures of kernel functions
Optimizing compilers can, under some circumstances, infer when a parameter to afunction is not needed, and remove it. This is all well and good until thekernel's tracing or BPF subsystems need information on how to call the functionor where its arguments are stored.Alan Maguire and Yonghong Song spoke at the 2026LinuxStorage, Filesystem, Memory-Management, and BPF Summit about their work onrecording information regarding changed function signatures in the kernel's BTF debugginginformation, to better support tracing such functions.
- Seven stable kernels for the first day of June
Greg Kroah-Hartman has announced the release of the 7.0.11, 6.18.34, 6.12.92, 6.6.142, 6.1.175, 5.15.209, and 5.10.258 stable kernels. As usual, eachcontains important fixes throughout the tree, including a fix for the "CIFSwitch" vulnerability (CVE-2026-46243) which could allow a local-privilege-escalation exploit. Users are advised toupgrade.
- DistroWatch turns 25
The DistroWatch site is celebrating its25th anniversary. "All in all, it has been an incredible ride. Manyof you who read these pages regularly know that downloading and testingdistributions is a highly addictive pastime. I have been an aviddistro-hopper for the last 25 years and I don't see myself abandoning thisactivity for many more years to come." Congratulations to LadislavBodnar and all the others who have kept that resource going for so long.
- [$] Reconsidering x32 — again
The x32 ABI was meantto be the best of both worlds, providing the expanded registers andinstruction set of the x86-64 architecture while preserving the lowermemory use of 32-bit systems. The Linux kernel has supported x32 since the3.4 release in 2012. The initial excitement around x32 did not last,though, and kernel developers are considering removing that support — andnot for the first time. Even the most unloved features tend to have a fewusers, though, making removal hard.
- Multiple redhat-cloud-services npm packages compromised (StepSecurity Blog)
StepSecurity is reportingthat a number of npm packages in the @redhat-cloud-servicesscope include malware that runs automatically on every npminstall:
The payload is a multi-stage credential harvester that sweepsGitHub Actions secrets along with AWS, GCP, Azure, Kubernetes,HashiCorp Vault, npm, and CircleCI tokens, and it is purpose-built toevade detection, including an explicit attempt to bypass StepSecurityHarden-Runner.
StepSecurity analyzed @redhat-cloud-services/host-inventory-client@5.0.3 in full. Itsindex.js, executed at install time, is 4.2 MB, a file that shouldweigh a few kilobytes, with the real payload buried under threeseparate layers of obfuscation. The malware is also a self-propagatingworm: using stolen npm tokens and npm's bypass_2fa parameter, itrepublishes backdoored versions of other packages on its own, evenagainst accounts protected by two-factor authentication, so everyinfected machine can seed the next wave with no attackerinvolvement. All affected packages were published via GitHub ActionsOIDC from the RedHatInsights/javascript-clients repository, indicatingthe upstream CI/CD pipeline itself was compromised. Analysis of theremaining packages is ongoing.
A blogpost from SafeDep has additional analysis about the incident. We did not find an advisory from Red Hat on this yet.
- Fedora F44 election interviews published
The Fedora Project has publishedinterviews with candidates running for the open seats on the FedoraCouncil, Fedora EngineeringSteering Committee, FedoraMindshare Committee, and EPELSteering Committee. Voting is open through Friday,June 12 at 23:59 UTC.
- Security updates for Monday
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 9.0, firefox, flatpak, httpd, and thunderbird), Debian (chromium, corosync, cyborg, dovecot, exim4, git-lfs, imagemagick, kernel, keystone, linux-6.1, php-twig, python-aiohttp, sentry-python, swift, and symfony), Fedora (chromium, djvulibre, docker-compose, giflib, haveged, libsoup3, libssh2, mingw-objfw, netatalk, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, objfw, pdns, perl-Crypt-PasswdMD5, perl-libwww-perl, python-urllib3, suricata, and xrdp), Mageia (perl-Template-Toolkit and vim), Oracle (.NET 8.0, cockpit, firefox, flatpak, freerdp, kernel, and libexif), Red Hat (containernetworking-plugins, libsoup, libsoup3, multiple packages, php:8.2, php:8.3, podman, rhc, and skopeo), SUSE (amazon-ecs-init, amazon-ssm-agent, apptainer, azure-storage-azcopy, bind, chromium, csync2, cups, docker-stable, frr, gdk-pixbuf-loader-libheif, gnutls, hauler, helm, helm3, ignition, java-1_8_0-ibm, kernel, libBasicUsageEnvironment2, libredwg-devel, localsearch, memcached, openexr, perl-Net-CIDR-Lite, perl-YAML-Syck, postgresql14, python-mistune, python-pillow, python-pytest-html, python-urllib3, python311-Authlib, strongswan, trivy, vim, and xz), and Ubuntu (gdal, python-pip, qtwebengine-opensource-src, rsync, and texmaker).
- Kernel prepatch 7.1-rc6
The 7.1-rc6 kernel prepatch is out fortesting. Linus said: "Well, I wouldn't call this 'small', but it iscertainly smaller than rc5 was. And I don't think there's anythingparticularly scary here, so maybe we're still on track for a normal releasecycle. Let's see."
- [$] A trademark dispute over MeshCore
MeshCore is a relatively new project, started in January 2025, that aimsto build a scalable mesh network using low-power long-distance radios. Whilemany other projects of the same general nature have been tried before, MeshCoregrew quickly because of its more efficient message routing and enthusiasticcommunity. In early 2026, an early proponent of the project made a sudden shiftthat left the rest of the community stunned and embroiled in a trademark dispute.
- Olimex brings LTE Cat 1 bis connectivity to embedded Linux systems
Olimex’s USB-LTE4G-EU is a compact USB modem designed to provide 4G LTE connectivity for IoT, industrial, telemetry, and embedded Linux applications. The device is based on the Quectel EG800K-EU cellular module and supports LTE Cat 1 bis technology, which is increasingly being adopted in connected devices requiring moderate data throughput, low power consumption, and long-term […]
- Hive is a Raspberry Pi CM5 rackmount platform with hot-swappable nodes
blackdevice, a Spanish hardware engineering company and Raspberry Pi Design Partner, has shared details of Hive, a modular compute platform built around the Raspberry Pi CM5. The platform is designed to scale from small homelab installations to rack-mounted infrastructure deployments through interchangeable compute nodes called “beenodes”. According to the company, each beenode integrates a Raspberry […]
- 9to5Linux Weekly Roundup: May 31st, 2026
The 294th installment of the 9to5Linux Weekly Roundup is here for the week ending May 31st, 2026, keeping you updated on the most important developments in the Linux world.
- Sixfab AI HAT+ and Edge AI Expansion Board add DEEPX acceleration to Raspberry Pi 5
Sixfab has unveiled two Raspberry Pi 5 expansion products based on DEEPX NPUs: the AI HAT+ and the Edge AI Expansion Board. Both platforms are designed to accelerate computer vision workloads locally on Raspberry Pi 5 systems, but they target different deployment scenarios. The AI HAT+ is intended for prototyping and development, while the Edge […]
- Florida Sues OpenAI and CEO Sam Altman, Accusing Them of Putting Profit Over Safety
Florida's attorney general has sued (PDF) OpenAI and CEO Sam Altman, alleging the company prioritized growth and market value over user safety and failed to adequately warn about risks tied to ChatGPT. The lawsuit, the first by a U.S. state over OpenAI safety concerns, is separate from a criminal investigation the state opened into OpenAI in April. Variety reports: In the 83-page complaint filed in Florida circuit court, the state claimed OpenAI's rise was backed by "a web of deceit and the exploitation of users (including Floridians), leveraging their data and safety to boost OpenAI's market value at unacceptable costs." The state wants to hold Altman "personally liable for the harm he has caused Floridians through his reckless and willful conduct as founder and CEO of OpenAI, including his utter disregard for the risk to human life caused by his firms' conduct." [...] Throughout the complaint, filed in the state's circuit court of the 10th judicial circuit, the State of Florida claimed OpenAI's "careless introduction" of ChatGPT had led to an increase in murders and suicides. The suit alleged Florida's minors have "become addicted to a tool that feigns human compassion to collect their data with no parental oversight." It cited instances in the past year of the alleged use of ChatGPT to plan a mass shooting at Florida State University in April 2025 and the murders of two graduate students at the University of South Florida in April. "This litany of harms is driven by Defendants' insatiable quest to win the AI arms race and amass large fortunes, despite knowing the danger of ChatGPT," the state wrote in the complaint. Florida accused OpenAI of four counts of deceptive and unfair trade practices, two counts of negligence, two counts of violating product liability laws, one count of fraudulent misrepresentation and another count of causing a public nuisance. It is seeking civil penalties and court orders demanding OpenAI restrict the data it collects from minors and that it stop "continuing to misrepresent or fail to warn of the risks of ChatGPT." "People are getting hurt, parents are getting deceived and they need to pay for it by opening up their checkbooks and changing the program to ensure there are parental controls," Uthmeimer said at a press conference Monday.
 
Read more of this story at Slashdot.
- Anthropic Files to Go Public
Anthropic says it has confidentially filed an IPO prospectus with the SEC, "setting up a potentially historic share sale for investors ready to jump into artificial intelligence," reports CNBC. The move puts Anthropic ahead of OpenAI's expected filing and follows explosive reported growth, a massive new valuation, major infrastructure deals, and ongoing tensions with the Pentagon over its models. From the report: "This gives us the option to go public after the SEC completes its review," Anthropic said in a statement on Monday. "The proposed initial public offering will depend on market conditions and other factors." Submitting a confidential prospectus doesn't lock Anthropic into a certain timeframe for going public. Its official prospectus just has to land in the hands of investors at least 15 days before the company begins a roadshow. [...] The company has experienced explosive growth this year, announcing in May that its revenue run rate has ballooned to $47 billion, up from $10 billion in annual revenue last year. Last week, it closed a funding round at a $965 billion valuation, topping OpenAI, which was valued at $852 billion in late March.
Read more of this story at Slashdot.
- Anthropic Invites EU To Access Mythos
An anonymous reader quotes a report from Politico: Anthropic has extended an invitation to the European Commission granting the EU's cyber agency access to its powerful AI hacking tool Mythos, according to a Commission official familiar with the process. The AI firm made the formal invitation after a meeting with the Commission in San Francisco last Thursday, the official said, adding the EU now has to put in place a mechanism to access the model with proper security safeguards. European Commission spokesperson Thomas Regnier said in a statement the Commission has had "several productive meetings with Anthropic" and "welcome[d] the latest developments on potential future access." [...] "This latest development is of utmost importance to get a clear picture on the potential risks," Regnier said, adding: "Let's not forget that Mythos is not one off, a new wave of powerful models are coming to the market." An ENISA official said the agency does not have active access now but is working to implement it. The Commission is working on a formal action plan to respond to powerful AI hacking tools. It has indicated it wants to release it before the summer break, according to an industry official. Anthropic's Mythos was unveiled in early April and triggered fears that it could enable large-scale attacks with its ability to find and exploit vulnerabilities. "European authorities for weeks were shut off from accessing the cutting-edge cybersecurity AI tech, leading to urgent calls by European politicians and government officials to gain access," notes Politico. "Cyber officials also called for Europe to build its own version."
Read more of this story at Slashdot.
- United Airlines Flight To Spain Pulls U-Turn Over Bluetooth Device Name
Tony Isaac shares a report from NPR: A United Airlines flight traveling from Newark, New Jersey, to Palma de Mallorca, Spain, was forced to make a U-turn and return to Newark after more than four hours in the air due to a security concern. According to passenger reports and air traffic control audio, the disruption was caused by a personal Bluetooth speaker -- reportedly belonging to a teenager -- that had been named "BOMB." Upon returning to Newark, passengers were evacuated so that security details could inspect the entire aircraft and cargo area. The flight was ultimately cleared, reboarded, and arrived at its destination in Spain approximately nine and a half hours behind schedule. Multiple posts on social media from self-identified passengers indicate that the problem was a Bluetooth device on board the plane. One post referenced in-flight announcements with "lots of comments like 'this little joke is ruining it for everyone.'" Audio from air traffic control sheds a little more light on the situation: "There's a security detail out there, someone had a Bluetooth speaker and they named it a certain four-letter word," another voice responded. "So they have to inspect the whole aircraft including the cargo area [and] passengers have to evacuate."
Read more of this story at Slashdot.
- Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm
Aikido Security says more than 30 official @redhat-cloud-services npm packages were compromised with a credential-stealing worm called "Miasma," a variant resembling the open-sourced Mini Shai-Hulud supply-chain malware. "The packages were published via GitHub Actions OIDC, indicating the CI/CD pipeline was compromised rather than an npm token," the report says. "If you have installed any affected package versions since June 1, 2026, treat all CI secrets, cloud credentials, SSH keys, and npm tokens as compromised and rotate them immediately." From the report: Each compromised package declares a preinstall script in its package.json that executes node index.js automatically on every npm install, before any application code runs and before the developer has any indication something is wrong. The index.js file is 4.2 MB payload hidden behind multiple layers of obfuscation. As with previous Mini Shai-Hulud attacks, the payload performs a broad credential sweep across cloud providers, CI/CD environments, and developer tooling. On the CI side it targets GitHub Actions secrets including GITHUB_TOKEN and ACTIONS_RUNTIME_TOKEN. For cloud credentials it collects AWS access keys and session tokens, GCP application default credentials and service account key files, and Azure service principal credentials and managed identity tokens. It also sweeps for HashiCorp Vault tokens, Kubernetes service account tokens and kubeconfig files, npm and PyPI publish tokens, SSH private keys, Docker registry credentials, GPG keys, and any .env files it can find across the filesystem.
Read more of this story at Slashdot.
- Dell Rivals Apple's MacBook Neo With $699 Touchscreen XPS 13 Laptop
Dell has introduced a redesigned $699 XPS 13 aimed squarely at Apple's budget MacBook Neo, offering a premium aluminum design, touch display, backlit keyboard, Wi-Fi 7, 512GB of base storage, and various other configuration options. Dell's machine costs more than Apple's entry model but tries to justify the difference with lighter weight, better display specs, and upgrade paths Apple doesn't offer. "The XPS 13 begins at $699 -- students can purchase it for $599 -- while the MacBook Neo costs $599 and drops to $499 for education buyers," notes Bloomberg. From the report: Dell's product allows for more configuration, with up to 32GB of memory compared with the Neo's nonupgradeable 8GB of unified memory. Its display can also produce a wider spectrum of colors and supports refresh rates up to 120 hertz, while Apple reserves its best screens for the pricier MacBook Pro line. The inclusion of a backlit keyboard should allow for easier typing in dark conditions. Dell has also tossed in other nice-to-have upgrades over the Neo like more robust Wi-Fi 7 wireless networking. As for battery life, Dell is touting "up to 17 hours of streaming" versus a comparable 16 hours on the Neo. Still, the XPS comes with compromises of its own: Unlike the Neo, there's no built-in headphone jack, which means owners will need to rely on its quad-speaker audio system, use Bluetooth earbuds or plug a headphone adapter into one of the two USB-C ports. You can learn more via Dell.com.
Read more of this story at Slashdot.
- Botnet of More Than 17 Million Devices Dismantled
An anonymous reader quotes a report from Ars Technica: Authorities in the Netherlands said they dismantled a botnet that comprised more than 17 million devices and were managed by 200 servers in a joint operation by the police and the National Cyber Security Center. The action, announced Thursday, came about after a security researcher reported the sprawling network to authorities. The host infrastructure was located in the Netherlands. "The police then seized several botnet servers from a hosting provider for investigation," the NCSC said. "The botnet was taken offline by the provider because it was used for criminal purposes." According to a report Thursday by the NL Times, the botnet was linked to ASOCKS, a Russia-based company that provides residential proxy services. These services cater to people and organizations who want to obscure their locations or identities by proxying their Internet traffic through third-party devices. Proxy services are often used for illicit or unethical purposes such as performing DDoS attacks, running botnet command-and-control servers, operating phishing operations, and scraping website content. [...] It's unclear how the 17 million devices controlled by the botnet taken down by the Dutch police came to be that way.
Read more of this story at Slashdot.
- NVIDIA Unveils New ARM-Based AI/Graphics Superchip Coming to Windows PCs and Laptops
"The company best known for powering the AI boom is coming for the PC," reports Axios. Nvidia's CEO unveiled a new ARM-based "N1X processor made alongside Microsoft," reports CNBC, that "will be incorporated into a new RTX Spark superchip, debuting in the fall on a fresh line of Windows PCs from Microsoft, Dell, HP, ASUS, Lenovo and MSI." More details from Engadget:It was only a matter of time before NVIDIA released a powerful system-on-a-chip (SOC) to take on AMD's Ryzen AI Max and Qualcomm's latest Snapdragon X2 chips. At Computex today, NVIDIA unveiled the RTX Spark, a "superchip" meant to give both laptops and small desktops fast AI and graphics performance... The company says it offers 1 petaflop of AI computing power, and that it has 6,144 Blackwell RTX cores and 20 Mediatek Arm CPU cores. NVIDIA claims it's similar to the RTX 5070 laptop GPU but with much lower power draw. RTX Spark also has an NPU that's fast enough to be part of Microsoft's Copilot+ initiative, which requires a 40 TOPS NPU, but NVIDIA says it's mainly touting the tensor cores as part of the chip's Blackwell GPU for AI performance. RTX Spark's GPU can directly draw on the chip's large pool of unified memory, which can span from 16GB to 128GB, and the chip itself can use anywhere from single-digit wattage up to 80W... NVIDIA CEO Jensen Huang positions RTX Spark as a complete reinvention of the PC, eventually turning them more into devices meant for AI agents than manual human input... NVIDIA has been working together with Microsoft for "several years" while designing the RTX Spark, according to NVIDIA representatives... In a blog post provided to media, Microsoft head of Windows and devices, Pavan Davuluri, noted that the company optimized Windows 11's workload profile scheduling for the RTX Spark. "Whether you're checking your email or running an agent locally to debug code, the Windows scheduler on RTX Spark will ensure you get the best performance and efficiency out of your CPU," he wrote.
Read more of this story at Slashdot.
- New Lawsuit Against Amazon: 'Subscribe and Save' Program Can Actually Cost You More
Amazon's "Subscribe & Save" program — for recurring purchasees — has triggered a new lawsuit, reports Oregon Live. "The lawsuit contends that after luring in customers with 'artificially low prices,' the world's biggest online retailer jacked up the prices in the months after their first shipments arrived." In some cases, the lawsuit claims that customers were paying more for the exact same items through the Subscribe & Save program than they would be if they bought the items from other sellers on the site. That was true even when the up to 15% discount that the subscription program offers was calculated into the final purchase price, according to the suit. The Seattle law firm that filed the May 15 lawsuit says that Amazon's business practices amount to "deceptive," "misleading" and "bait and switch tactics." The firm is seeking class-action status in U.S. District Court for western Washington, a move that could potentially draw tens of millions of Amazon customers from across the U.S. into the litigation... [The suit says the plaintiffs' first order of espresso coffee grounds was $16.60.] When their order auto-renewed a few months later, the price had gone up to $17.04. A few months later, it rose to $21.25. Then in October 2024, the price increased to $28.69 — about $12 more than the Hermans had paid at the beginning of their subscription, according to the lawsuit. [The discount can be as little as 5% or up to 15%, Amazon told Oregon Live in a statement, noting customers do receive an email showing "applicable savings" before the orders ship. But...] The suit says Amazon gave the Hermans little notice to cancel the order or to shop around because it notified them of the latest price increase in an email at 8:54 p.m. — the same night it processed their order and charged them. The suit says if the Hermans had been given the time to shop around for a better price, they would have found that another Amazon seller was charging $25.90 — or $2.79 less — for the identical item. Amazon's "Subscribe & Save Terms & Conditions" page tells customers that it "may change the price for a Subscribe & Save subscription at any time for any reason...." The analytical group Consumer Intelligence Research Partners says about 25% of U.S. Amazon customers are enrolled in the Subscribe & Save program. Oregon Live got Amazon's response, which suggested their program saves customers time and money "through convenient, flexible, and recurring deliveries". (So when customers saw "Subscribe and Save", they were perhaps supposed to intuit the word save referred in part to... time-saving?) The plaintiffs' lawyer argues instead that "When you sign up for something that is called 'Subscribe & Save,' you'd expect that you're saving by subscribing. But that's not actually what's happening in many cases."
Read more of this story at Slashdot.
- New Desalination System Turns Seawater Into Drinking Water and Useful Salts - Including Lithium
"Scientists have developed a solar desalination system that turns seawater into drinking water without creating environmentally damaging brine," reports ScienceDaily. "Special laser-textured metal panels use sunlight to evaporate water while automatically moving salt deposits away from the working surface, preventing clogging. The process was successfully tested with water from three oceans and can recover nearly all salts as solids. Those leftover materials could even become a source of valuable lithium for batteries." (The research team was led by University of Rochest professor Chunlei Guo and published their results in the journal Light: Science & Applications.) The University of Rochester has made an announcement:The technology uses solar panels made of black metal etched with femtosecond lasers to make the surface super light-absorbing and superwicking — or extremely attractive to water. The panels have a laser-treated active region that pulls a thin layer of water across the surface, absorbs nearly all solar radiation, distills the water, and deposits the leftover salts and minerals into the panel's untreated sides or "passive" region so that the salt does not clog the active region and disrupt continuous desalination... Guo's team precisely etched the black metal's grooves so the various salts and minerals in ocean water would simply slough off... [I]t extracts nearly 100 percent of the salts in solid form. This could not only produce an abundant supply of table salt, but it could also be used to extract more precious minerals, including lithium, which is used in the lithium-ion batteries that power electric vehicles and other electronics. In a related paper in the Journal of Materials Chemistry A, Guo and his colleagues show how they can use the same superwicking solar panels to separate lithium from the rest of other salts in desalination. Embedding nanoparticles made of hydrogen titanate in the tiny grooves of the black metal surface isolates the lithium from other salts and minerals...Using water samples from Great Salt Lake, the researchers extracted about 50 percent of the lithium from the salts left behind by the desalination process. Guo says now that the superwicking desalination technology has been demonstrated in proofs of concept on small-scale devices, he sees the technology inherently scalable, capable of improving global access to drinking water and building more sustainable supply chains for precious minerals. "The National Science Foundation, the Bill & Melinda Gates Foundation, and Worldwide Universities Network supported this research."
Read more of this story at Slashdot.
- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Intel Xeon Diamond Rapids EDAC Driver Changes Readied For Linux 7.2
Ahead of Intel Diamond Rapids server processors launching in 2027, the Linux kernel continues getting into shape for these next-gen Xeon processors. The latest enablement work taking place for Diamond Rapids is readying the Error Detection And Correction (EDAC) driver support for propagating memory errors/correction information under Linux...
- Intel Xeon 6+ & Intel Ethernet E835 Launch
Last year at Tech Tour Arizona, Intel announced Clearwater Forest as the Xeon 6+ series. Details were rather light then while for Computex, Intel is announcing that Xeon 6+ is now "launching" beginning tomorrow, 1 June. In addition to Xeon 6+, the new Intel Ethernet E835 is also launching while there are updates on Crescent Island and Diamond Rapids.
- Microsoft is intentionally bricking all Office for Mac 2019/2021 installations
You�re a smart cookie, so you opted to buy a copy of Microsoft Office for macOS back in 2019 or 2021, eschewing the Office 365 subscription, so you could keep on using Office 2019/2021 forever if you wanted to. Just like in the old days. I�ve got some bad news. Microsoft Office 2019 and 2021 for Mac view-only conversion (2026) is a scheduled remote degradation of perpetually-licensed Microsoft Office software for macOS and iOS, set for July 13, 2026 when a license-validation certificate used by the Office apps expires. After Office 2019 for Mac reached end of support in October 2023, Microsoft assured customers their installed apps would continue to function.! The July 13, 2026 conversion instead drops the apps into a Microsoft-defined reduced functionality mode,! in which files can be opened and viewed but not edited or saved. By May 30, 2026, the original 2023 end-of-support page had been re-dated and rewritten on Microsoft�s site; the continue to function! clause was removed. ↫ Consumer Rights Wiki Microsoft�s advice to the users they�re stealing from is to keep using the applications as mere viewers, switch to the free Office 365 web applications, pay for a 365 subscription, or buy a brand new regular copy of Office 2024. None of these make any sense, and clearly, all of this should be illegal, but it�s not because the software industry is a clown show. Proprietary software is unethical.
- NVIDIA unveils RTX Spark chip for laptops and desktop PCs
It was an open secret that NVIDIA was working on an ARM-based system-on-a-chip for laptops and desktops, and today at Computex 2026 the company unveiled what it�s been working on. It�s surely a beast, and unsurprisingly, it�s lathered in AI! buzzwords. At full strength, this chip offers up to 20 Arm CPU cores, a Blackwell GPU with 6,144 CUDA cores, 128GB of LPDDR5X RAM, and up to 300 GB/s of memory bandwidth. That powerful CPU and GPU, connected over NVLink C2C, and the large memory pool give AI agents and 120-billion-parameter models plenty of power and space for long-running tasks with context lengths stretching to a million tokens, according to Nvidia. RTX Spark will power high-end laptops from partners including Dell, HP, Lenovo, Asus, and MSI � and notably, a new Surface Ultra laptop from Microsoft. Nvidia says it’s worked with those partners to create “the most extraordinary laptops ever built,” with tandem OLED G-Sync displays, “all-day” battery life, premium aluminum chassis with large glass touchpads. ↫ Jeffrey Kampman at Tom�s Hardware I couldn�t care less about the AI! nonsense, but the chip itself seems like an absolute monster for laptops and mini PCs. With that much power and a solid NVIDIA GPU, these are also great for gaming and creative tasks, making them feel like the first true competition in the PC space to Apple�s M series of chips. They�re planned for late 2026, and tellingly, there�s no pricing information just yet.
- You don�t love systemd timers enough
My favorite metonymic technology term is cron job!: even though cron may not literally be the daemon that executes actions on a schedule, we apply the term to anything that walks like a cron and quacks like a cron. As Patrick McKenzie likes to point out, cron jobs are one of the most eminently useful computing primitives. They offer utility that�s almost immediately obvious for plenty of use cases that almost everybody has: do this every day; do that once a month. And yet. You probably shouldn�t use literal cron (or its more modern cousins) for scheduled tasks! In 2026 there are more modern options available, and my favorite is the humble systemd timer. I love systemd timers. If you don�t love them yet, maybe I can show you the reasons why you should love them, too. ↫ Tyler Langlois These are just timers. They are not consuming your computer or taking over the open source world. They do not phone home to Red Hat. These are just timers.
- MorphOS 3.20 released
Almost exactly 18 months after 3.19, the MorphOS team has released MorphOS 3.20. This is a major release, as it adds support for the upcoming Mirari PowerPC motherboards, which we talked about when that project was first announced. I�m quite excited about the Mirari, and can�t wait to have one, and MorphOS is the one operating system I really want to run it on. I have an almost mint condition PowerBook G4 17C specifically for MorphOS, but the hardware is simply too outdated to keep up with modern demands, which is sad, because MorphOS can clearly keep up if it had modern hardware. So, MorphOS 3.20 adds support for the Mirari platform and its various components, like its thermal management solution, networking, and so on. MorphOS 3.20 also expands the number of support Radeon graphics cards, improved support for various HDMI and DisplayPort ports, better support for multiple monitors, and overall better graphics performance in general. There�s also SFS2 support throughout the operating system so MorphOS now supports file sizes of up to 4GB and partition sizes of up to 2TB. The Ambient UI has also seen extensive work to improve performance and stability, as well as add a bunch of new features. Several new applications and utilities are included in MorphOS 3.20, such as DriveImager, MirrorBackup, SMARTDoctor, OFHTTP, OFHash, OFDNS, Replace, and Automator for scripting and controlling MUI applications. Iris has been updated to version 1.53 and now includes the new Contacts companion application for CalDAV-based address books. FlowStudio received extensive improvements for project management, printing, Markdown support, and development workflows. Networking and connectivity have also been improved with updates to OpenSSH 10.3p1, TLS 1.3 support in RDesktop, expanded SMB2 filesystem improvements, and improved USB, audio and multimedia subsystem stability. Numerous system libraries and frameworks including MUI, ixemul, Cairo, Harfbuzz, Freetype, OpenSSL4, and ObjFWRT have been updated or significantly modernized. ↫ MorphOS 3.20 release announcement Of course, there�s also the long list of smaller changes, bugfixes, and performance improvements. MorphOS has wide support for Apple PowerPC hardware, which is probably your best bet for using the operating system for now, at least until the Mirari becomes available for purchase.
- Accessibility input tool removes X11 support, doesn�t want to support Wayland; users caught in the middle
A sad, painful, and infuriating read for this calm Sunday. In recent years, a lot of attention has gone into improving the output side of the accessibility story on Wayland � screen readers and the like � but apparently, the input side has languished. People with reduced mobility need affordances and tools to use computers, but those aren�t ready for Wayland. A popular set of tools here is Talon Voice, which allows people with reduced mobility to create powerful hands-free input methods. The examples the article gives are incredibly cool, and it�s easy to see how Talon would become a cornerstone for people with reduced mobility who needs hands-free (or hands-fewer?) computer input methods. So what�s going wrong here? Talon requires deep integration with the window manager and compositor to carry out even the most basic of its duties, and Wayland offers… Absolutely no way to perform any of those actions. Frustrated by the endless lack of progress towards a real set of solutions for the entire ecosystem, and inundated by an endless series of requests for Wayland support which he cannot provide, Aegis, the main (and only) developer of Talon, has made a declaration: Enough. Talon Voice will imminently remove ALL Linux support from the public release, as X11 continues to sunset and users are switched to an environment in which their system can no longer function, with no option to go back. ↫ Insane Rambles About Technology So not only will Talon not gain Wayland support any time soon, its developers are even removing X11 support from it. What this means is that even if you decide to stick to X11 because Wayland doesn�t fulfill your needs, you�re eventually going to run into a brick wall. This is merely annoying if you need to use a different application for remote desktop or whatever, but it�s absolutely devastating when it involves the very input method you use to use your computer in the first place. There is some important nuance here though that the article doesn�t mention. The article takes the word of Talon�s developers as gospel, but in my conversations with KDE developers, a different story emerges. What they tell me is that Wayland implements all the APIs needed for Talon to work, but that Talon�s developers are simply not interested in using them. Apparently, KDE developers and others have tried to contact Talon�s developers, but their offers to help are being ignored. They�re being told Talon is simply not interested in supporting Wayland, end of story!. So, the story here seems to be a lot more complex than just Wayland bad!, and I�m getting a bit of a vibe that the Talon developers are, despite claims to the contrary in the article, indeed removing X11 support out of spite. Talon is entirely within their right to not want to work on Wayland support, but then just be honest with your users and say so, instead of pinning everything on Wayland bad!, being dishonest about Wayland�s capabilities, and ignoring offers of help and support from some of the most knowledgeable and capable developers in the field. Of course, that�s absolutely of no relevance to people like the author of this article who depend on these tools to use their computers. They�re caught in the middle of a transition and experiencing the worst byproducts, and that�s a huge failure on everybody�s end � Wayland, Talon, and desktop environments alike. I hope the parties involved can sort this out quickly, because everyone deserves equal access to computers, doubly so in the open source world.
- Remember when people said open video codecs would never win?
The Alliance for Open Media has published the first version of the AV2 specification. AV2 is the next-generation video coding specification from the Alliance for Open Media (AOMedia). Building on the foundation of AV1, AV2 is engineered to provide superior compression efficiency, enabling high-quality video delivery at significantly lower bitrates. It is optimized for the evolving demands of streaming, broadcasting, and real-time video conferencing. This specification serves as the definitive technical reference for AV2 implementations. It outlines the bitstream syntax, semantics, and decoding processes required to ensure full conformance. AV2 provides enhanced support for AR/VR applications, split-screen delivery of multiple programs, improved handling of screen content, and an ability to operate over a wider visual quality range. ↫ AV2 website Do you remember when the video codec wars � open vs. closed � were raging all across the web, for years? Even back then I argued that open would win, as it usually does, and over 15 years later the most widely-used video codecs on the planet being open is just a normal fact of life nobody writes or talks about anymore. VP8, VP9, AV1, and now this upcoming AV2 are all open and royalty-free, the by far largest video platform, YouTube, serves them by default, and the video codec problem is a solved problem, relegated to the spinning disk drive of history. I was told I was an idealist and that this would never happen, and yet, here we are.
- DECmate II: the little PDP-8 that could
When Cameron Kaiser speaks, we listen. In 1982, as we mentioned at length with our history of the DEC Professional, Digital Equipment Corporation attempted to keep their PDP-11 minicomputer market-relevant by turning the venerable architecture into a largely incompatible desktop microcomputer. But that wasn�t the only PDP-series mini it happened to, and it wasn�t even the first: the PDP-8 actually got the shrink-ray treatment several years before, and not content to merely make it into a smaller general purpose computer, DEC turned it into a word processor. ↫ Cameron Kaiser at Old Vintage Computing A word processor that�s still sort of a PDP-8 inside, and that could run CP/M or even DOS using a Z80 or 8086 expansion card.
- Settlers of Catan, TUI edition
A beautiful TUI might not be particularly accessible, and there�s effectively zero consistency between how different TUI applications look, feel, and behave, but damn if an amazing TUI isn�t a work of art. Case in point: El Poblador. This is a TUI version of Settles of Catan, written in Go. That�s it. That�s the post.
- Flathub bans slopcoded applications, but not if they�re from a mature, well-maintained! project
Flathub, by the most popular (effectively only) repository for Flatpak applications, has changed its policies to include a strict ban on AI! use for both application submissions as well as the application code itself. This policy applies to both the application being submitted to Flathub and the Flathub submission itself, including the manifest, metadata, patches, build scripts, and pull request. For the purpose of this policy, applications include BaseApps, extensions, and any other artifacts that can be produced by flatpak-builder. Submission pull requests must not be generated, opened, or automated using AI tools or agents. Please also do not request review from any AI tools in the submission PR. Automated Copilot reviews on GitHub can be disabled by the submitter by going here and changing Repository access to exclude the repo or disabling the global Automatic Copilot code review! found here. Applications containing AI-generated or AI-assisted code, documentation, or other content are not allowed. ↫ Flathub policy diff This is a fairly strict policy, but they do leave some wiggle room by also including the following line: Exceptions may be granted for mature, well-maintained projects. ↫ Flathub policy diff I don�t think they had any choice adding this exception, but it does feel a little bit like rules for thee but not for me!. I can easily see the relatively small in-crowd of developers around Flathub and Flatpak, and their friends, handing each other exceptions, while enforcing the much stricter rules when it comes to outsiders. Say a well-known GNOME application from a long-time GNOME contributor adds AI!-generated code, will it really be banned from Flathub? I have my doubts. Regardless, it�s mostly good news. It�s important to note that this policy change won�t be applied retroactively, so slopcoded applications already on Flathub won�t be removed.
- Genode OS Framework 26.05 released
The work on the May release has been dominated by topics on account of the just published Sculpt OS version 26.04. Besides featuring profound driver improvements across Wifi, ACPI, I2C HID, SOF audio, and graphics, it turns the most innovative aspects of Sculpt OS into building blocks for the easy reuse in other incarnations of Genode-based systems. In the same vein, the Goa SDK has been updated to match the latest Sculpt OS version while accumulating plenty of detail improvements. Further highlights of the release are the new touch-awareness of the window manager making Sculpt OS usable on tablets, the addition of Linux user-space networking based on libslirp, the update of Qt to version 6.8.3, and a largely revised LTE modem stack. ↫ Genode OS Framework 26.05 release notes In addition, the migration from GitHub to Codeberg has been completed as well, which is a big step forward for the project.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
|
