Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Show Descriptions... (Show All/All+Images) (Single Column)

LWN.net

  • Seven stable kernels for Saturday including two security fixes
    Greg Kroah-Hartman has announced the release of the 7.1.3, 6.18.38, 6.12.95, 6.6.144, 6.1.177, 5.15.211, and 5.10.260 stable kernels. Several kernelsin this batch include afix for a vulnerability introduced in the 6.0 kernel in IPv6 (CVE-2026-53362),which couldallow an attacker to escape a container and gain root access.

    There is also afix for a use-after-free bug in KVM (CVE-2026-53359)that was introduced in the 2.6.36 kernel. As usual, each stable kernel includesa number of fixes throughout the tree. Users are advised toupgrade.



  • Four vulnerabilities in Guix
    The GNU Guix project has announcedthree vulnerabilities in the guix substitute utility as wellas a fourth that affects the guix pull and guixtime-machine commands. The impact of the vulnerabilities ranges from remote privilegeescalation to local disclosure of sensitive files.

    The remote exploitation of guix substitute only requires that thevulnerable system attempt to download a binary substitute. Anyconfigured substitute server, including ones discovered usingguix-daemon's --discover option, can exploit this, and so can aman-in-the-middle (MITM), regardless of whether https is used in thesubstitute server urls.

    The local exploitation of guix substitute only requiresthe ability to connect to guix-daemon's socket, which by default anyuser can do.

    Separately, another security issue (CVE ID pending) was identifiedin guix pull and guix time-machine, which enables anyone who cancontrol the channels file used by these commands to cause a file to becreated or overwritten wherever the user running the command inquestion has permission to create them.

    The project is recommending that all users upgrade guixand guix-daemon immediately. See the announcement forinstructions, how to test for the vulnerabilities, the disclosuretimeline, and more.



  • [$] Limiting negative dentries
    A number of problems related to negative directory entries (dentries) werethe topic of a filesystem-track session atthe 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit. Negative dentries areused to indicate that a file of a given name does not exist in a directory;it is an optimization that short-circuits the lookup of the file name whenthe answer is already known.Miklos Szeredi led asession that discussedsome problems that come from having too many negative dentries for adirectory.


  • Security updates for Friday
    Security updates have been issued by AlmaLinux (389-ds-base, bind9.18, evince, fence-agents, freerdp, frr, frr10, gimp, gnutls, hplip, jmc, mariadb:11.8, mysql:8.4, php:7.4, postgresql-jdbc, postgresql:15, postgresql:16, valkey, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (fastnetmon), Fedora (7zip, apptainer, cpp-httplib, mysql8.4, and nmap), Oracle (freerdp, giflib, glib2, glibc, kernel, libreoffice, libvirt, mariadb:10.11, postgresql, python3.11, python3.12, rrdtool, and thunderbird), Red Hat (buildah, podman, and skopeo), SUSE (alloy, apache2, buildah, c3p0, containerd, crun, cups, dhcpcd, dnsmasq, docker-stable, dracut, editorconfig-core-c, ffmpeg-7, fontforge, google-guest-agent, google-osconfig-agent, graphicsmagick, gstreamer-plugins-bad, gstreamer-plugins-good, helm, jackson-annotations, jackson-core, jackson-databind, jline3, kernel, kubectl-cnpg, lcms2, libslirp, libssh2_org, libxreaderdocument3, openbabel, openssl-3, pacemaker, perl-CGI-Session, perl-list-someutils-xs, python-lxml, python-tornado, python-tornado6, python3-onionshare, python311-python-engineio, sg3_utils, thunderbird, transmission, and trivy), and Ubuntu (cifs-utils, kernel, libvncserver, linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia-tegra, linux-oracle-5.15, linux-raspi, linux-xilinx, nghttp2, nginx, perl, and vim).


  • CalyxOS is back
    In August 2025, the CalyxOS privacy-focusedAndroid distribution announcedthat it was pausing all releases while it reworked itsrelease process, security protocols, and changed its signing keysfollowing the departure of one of its founders. The project has now announcedthat it is "officially back from the hiatus" with the7.2.2.0 release.

    CalyxOS 7.2.2.0 is signed by us using a newHSM-based, open-source signing solution we designed to enhance thesecurity of the entire signing process, ensure redundancy, and removesingle points of failure. You can verify CalyxOS 7.2.2.0 and futurebuilds following theseinstructions. For anyone who is interested, the security auditreport of the HSM provisioning ceremony script can be found here.

    In addition, we also went through significant infrastructureimprovements. In particular, we have set up a cleaner server structureto streamline each release. In response to Google's less frequent AOSPsource code releases, our team developed scripts to reduce theoverhead in applying monthly patches and updates. Please keep in mind,additional manual steps are still needed to compensate for AOSPchanges, such as requesting and storing kernel sources with eachupdate. Currently, our lead engineer is continuing the maintenance ofthe base device trees for both LineageOS and CalyxOS to bridge the gapcreated by the absence of Google Pixel device trees.


  • Kernel archive /pub tree restoring
    A few astute observers have noticed that somecontent on kernel.org had disappeared and were understandablyconcerned. Konstantin Ryabitsev has provided an update viasocial.kernel.org:
    There was an unfortunate error while changing the kernel.orgprimary/secondary mirroring infrastructure, which resulted in the /pubtree suddenly becoming empty. No data was lost, just public mirrorcopies. Everything is now being restored, but deletes are fast andrestores are slow, so thank you for your patience!
    The incident isbeing tracked on the Linux Foundation's IT status page.



  • Spoofed email from LWN
    We were made aware today of an email sent to a reader that wasspoofed to appear to be from LWN. The message claimed, among otherthings, that we were providing personal information about the readerto another site user. As is explained in our privacy policy we do not,and would not, provide such information.

    If any other readers have received an odd message from LWN, it isan attempt at a hoax; if in doubt, please check the DKIM header of theemail. Any email that does come from LWN will have a proper DKIMsignature in its headers.

    If you receive such a message, please feel free to send it to us,with its headers intact. But to reiterate, we are not providing anyuser information upon request, nor banning any accounts. We hope thiswill not be a recurring problem.



  • Fedora Council proposes pausing Community Initiatives
    Aoife Moloney has, on behalf of the Fedora Council, posted anannouncement that the Fedora Council is "proposing we pause theCommunity Initiatives process as an official project process"because it has decided the current process is ineffective. It is alsoclosing discussion regarding the AI developer desktopinitiative covered by LWN in May.

    The Fedora Objectives/Initiatives framework was never intended as amandatory prerequisite to do the work in Fedora. It supposed to helpby focusing the community on a certain work when needed, not to decidewhat is allowed. The AI developer desktop initiative proposalhighlighted that the Community Initiatives process has failed to serveas a good framework in Fedora where new ideas can surface, receiverespectful feedback, and gain Council support for work that fits theproject's present and/or future. This is something that the Councilmust address.

    As a first step, we would like to halt the community initiativeprocess immediately. Existing initiatives in flight (Fedora Forge,Atomic, and Fedora Docs 2026) will continue with full Councilbacking. Their underlying work will be completed as planned in theircurrent timeboxed state, though the administrative framework aroundthem may evolve.As a second step, we would like to work out a new mechanism to allowCouncil to set strategic direction in an open, transparent way thatmore intentionally includes the community voice. We recognise that wehave to be better at being more open in our discussions and decisionmaking.

    The council is considering the "sandbox" proposal as analternative or supplement to a process that replaces the CommunityInitiatives.



  • [$] Two LLM-assisted memory-management patch sets
    The kernel community (like many other free-software projects) has recentlyseen a large influx of patches developed with the assistance of largelanguage models (LLMs). Those patches tend to come from developers whowere previously unknown to the community. At the moment, though, thememory-management developers are evaluating two large patch sets, developedwith LLM assistance, that were submitted by established and well-respecteddevelopers. The rather different reception accorded to that work may giveinsights into how LLM-generated contributions will be handled goingforward.


  • Security updates for Thursday
    Security updates have been issued by AlmaLinux (giflib, kernel, mariadb:10.11, mod_http2, php, rrdtool, ruby, ruby:3.3, and ruby:4.0), Debian (jq and node-lodash), Fedora (caddy, hut, ipp-usb, kernel, opkssh, rclone, thunderbird, and transmission), SUSE (389-ds, 7zip, alsa, amazon-ecs-init, avahi, cadvisor, cosign, cups, dnsdist, docker, dracut, firefox, firewalld, giflib, glib-networking, glycin-loaders, google-cloud-sap-agent, google-guest-agent, gsasl, hauler, helm, ImageMagick, kernel, keylime, krb5, libaom, libexif, libgcrypt, libnfs, libssh2_org, loupe, lrzip, mutt, ncurses, nodejs22, openCryptoki, openssh, openssl-3, pacemaker, perl-Config-IniFiles, perl-CSS-Minifier-XS, perl-DBI, perl-JavaScript-Minifier-XS, perl-libwww-perl, postfix, python-click, python-idna, python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve, python-pip, python-pytest-html, python-python-dotenv, python-python-multipart, python-starlette, python-tornado6, python-zeroconf, python311, python311-jupyter-server, rpcbind, sed, sg3_utils, tar, tiff, and util-linux), and Ubuntu (kernel, linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-fips, linux-gcp, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-realtime, linux, linux-aws, linux-aws-fips, linux-gcp, linux-gcp-fips, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-oracle, linux-realtime, linux-realtime-6.8, linux-oem-6.17, and linux-oem-7.0).



LXer Linux News



  • 4K @ 60 FPS USB Video Capture Finally Becomes Less Problematic On Linux
    One area of Linux hardware testing I haven't explored much in many years has been modern USB video capture for the lack of said hardware. The last time I did much video capturing on Linux was during the Hauppauge PCI card days. It turns out though that USB video capture of 4K 60 FPS content has been a pain point under Linux but is finally smoothing out with newer versions of the Linux kernel...



  • First Look at Ubuntu Budgie 24.04.4 LTS for Raspberry Pi
    Raspberry Pi fans rejoice, there’s a new Ubuntu Budgie port for Raspberry Pi computers featuring, of course, the modern and beautiful Budgie desktop environment and based on the Ubuntu Budgie 24.04 LTS (Noble Numbat) release.





  • OpenRazer 3.12.4 Fixes Compatibility With Linux 7.2
    OpenRazer 3.12.4 is now available as the newest update to these out-of-tree, unofficial Linux drivers for Razer devices. OpenRazer when paired with the likes of Polychromatic or other GUI options is what makes for a nice experience running Razer gaming peripherals under Linux...



Linux Insider"LinuxInsider"












Slashdot

  • Microsoft and Amazon Commit Billions to New AI Implementation Units for Businesses
    Microsoft is investing $2.5 billion in a new group "assisting clients with AI implementations," reports CNBC:[Microsoft] said Thursday that 6,000 employees will be embedded with clients, in a practice that's become known as forward deployed engineering [or FDE]... The announcement comes two days after cloud rival Amazon said it was putting $1 billion behind an FDE initiative to support fast-paced AI engagements. Leading AI labs Anthropic and OpenAI both established FDE groups in May, partnering with private equity firms, banks and consulting firms. Alongside its technology peers, Microsoft has sunk tens of billions of dollars into building data centers that run generative AI models. Microsoft has also released a variety of AI services, with mixed results. The Microsoft 365 Copilot AI assistant has yet to gain anything approaching ubiquity in the business world, and the GitHub Copilot coding agent has ceded market share to newer players. Microsoft's stock has slumped 21% this year, by far the worst performance among the mega-cap tech companies. One concern on Wall Street is that AI models that quickly compose code might threaten mature software companies... Microsoft has for years provided support and implementation services to customers. The company generated about $2.1 billion in revenue from enterprise and partner services in the March quarter, up 2.5% from a year earlier.


    Read more of this story at Slashdot.


  • Ask Slashdot: Which Apps Aren't Available on Linux?
    Have you ever needed a Linux application which only exists in the Windows world? Long-time Slashdot reader BrendaEM writes:Windows does have a lot of useful app (but smaller than "power apps"). Some of these are closed source, some are open, but they're not all available in Linux yet. My list would have to contain Gimp Tookit versions of: IrfanView image manager, which I think is unequaled in Linux (though it does work to some extent under Wine). I also miss the full version of 7-Zip, because of its better compression settings, which File-Roller does not provide, though the Linux port p7zip is available (though unnoticed by common distributions). Lastly, I think that Notepad++ would be a good addition to Linux. That last one drew some pushback from long-time Slashdot reader jesco. "If there's one area where Linux shines, then it's the availability of high-quality text editors. Last time I looked Kate was still pretty nice, and there's Emacs, Vim and Neovim" if you're partial to command lines.But are there any daily-drive apps you still find yourself needing? Share your own thoughts in the comments. Which apps aren't available on Linux?


    Read more of this story at Slashdot.


  • Windows 11 Identifier Code Used to Arrest 19-Year-Old Over Alleged Ransomware Spree
    America's Justice Department and FBI teamed joined Finland's National Bureau of Investigation to arrest a teenager they say is part of one of the world's biggest cybercrime syndicates, reports Tom's Hardware. The "Scattered Spider" syndicate has extorted over $100 million in ransom payments, according to Department of Justice figures:19-year-old Peter Stokes is a dual U.S.-Estonian citizen who was trying to board a flight to Japan from Helsinki, when law enforcement caught up with him. [T]he main criminal complaint against Stokes stems from a May 2025 attack on a luxury jewelry dealer based in the United States. The attackers apparently called the company's IT helpdesk using Google Voice, posing as employees. They were able to convince the help desk into resetting their credentials, which allowed them to infiltrate three accounts, two of which had admin privileges. From there, the group, allegedly including Stokes, stole important data and held the jeweler at ransom, demanding an $8 million payment in crypto. The company ultimately regained access to their infrastructure and avoided paying the ransom, but the operational disruption still caused a purported $2 million in losses. This served as the spark that led to Stokes' eventual arrest in Helsinki, as the prosecutors slowly followed the paper and digital trail laid by the attackers. Microsoft played a key role in the process by providing GDID [Global Device Identifier] data to the FBI to help them apprehend the alleged criminal... [I]t's a unique identifier assigned to every Windows install that tracks device-specific telemetry. It's the reason why sometimes changing a major component in your PC can revoke your Windows license... [T]he court documents from the case reveal that Stokes used Windows, from which investigators were able to link his physical hardware to specific internet activity and locations... Stokes' web activity, videogame history, IP addresses, tool usage (including Ngrok), Azure status, and more were logged with timestamps, and were provided to the investigators by Microsoft... Stokes was carrying two hard drives full of incriminating evidence with him when boarding his flight to Japan... His real identity has actually been known since 2024, but since he was a minor living across Estonia and the UAE at the time, he could only be monitored until the time was right. The official criminal complaint even includes a selfie photo that Stokes posted on Snapchat (hiding his face behind dozens of hundred dollar bills). It then notes that behind Stokes the wallpaper, carpet, and furniture match New York's Empire Hotel — and that Stokes had visited the hotel's web site in Germany before then flying to New York... "Following the arrest, Stokes was extradited to the U.S., where he appeared in front of a federal court in Chicago for the first time on June 30, 2026, and he remains in custody," adds Tom's Hardware. "The accused is now awaiting trial, having been charged with conspiracy, cyber intrusion, and fraud..."


    Read more of this story at Slashdot.


  • Short Story Accused of Being AI-written Goes on to Win Contest's First Prize
    "A story widely accused on social media of being written using AI has gone on to win the overall Commonwealth short story prize," reports the Guardian. In mid-May the story had been selected as a regional winner, but with critics on X and Bluesky "claiming it showed 'obvious markers' of AI use."In the wake of the controversy, the Commonwealth Foundation conducted a review of the regional winners, which it said involved looking at drafts, time-stamped documents and notes. "We are satisfied with the testimonies of our writers and their confirmation that AI was not used in their writing," said foundation director-general Razmi Farook... Judging chair Louise Doughty described Nazir's piece as "an original, poetic and deeply moving story...." In a film released by the Commonwealth Foundation on Tuesday, Nazir... adds that he wrote six or seven drafts of his prize-winning story, and also speaks about his use of speech-to-text software, explaining that he could only see three or four lines of text on his phone screen at any one time, so he would perfect each line before moving on, which is how his story ended up being "highly polished"... Initial social media reactions to the Commonwealth Foundation's announcement of Nazir's win were negative, with one X user writing: "immensely disappointing and disheartening. it feels like they wanted to stick to their guns after the entire GenAI uproar. I might think twice now before submitting my stories here". After Nazir was announced as the regional winner in May, some social media users reported running his story through AI-detection software. "Pangram flags at 100% but also, come on, if you know you know", said Wharton professor Ethan Mollick. However, the reliability of AI-detection software has been called into question. In a statement to the Guardian, Farook said that "rather than surrender our judgment to AI-detection software, we asked our winners to show their working drafts, outlines, the evidence of an artistic journey. That software, it must be said, is not infallible: it returns inconsistent verdicts and, in doing so, corrodes the very trust on which a prize depends." "When the machine's default voice is the metropolitan one, the writer who does not fit the expected mould is the first to fall under suspicion," she added. "The more startling her gift, the more her unfamiliar brilliance unsettles, the more readily she is accused of being a machine. A young writer in Kingston or Kolkata, in Kuala Lumpur or Kigali, must now prove not only her talent but her very humanity." Nazir's story beat 7,806 other stories, the video points out (adding that their prize "demonstrates that in a world increasingly driven by algorithms, the human voice still matters.") The Guardian notes that the winning story "includes multiple 'not x, but y' constructions and lists of three, which some consider to be signs of AI use," and that critics also drew attention to particular lines like "Sun on galvanise is a cruel instrument" and "Marsha lived two bends down." In a new interview with the Times of India Nazir says "Now I'm frightened about publishing new work because the attacks haven't stopped."Q: Which passages attracted the most criticism, and why do you think they were misunderstood? Nazir: People criticised a line where I wrote: 'She had the kind of walking that made benches become men.' That's magical realism. Think Salman Rushdie or Gabriel Garcia Marquez. It's a literary technique. In my story, the character 'Zoongie' believes she is so beautiful that even when no men are around, she imagines the benches becoming men who admire her. It exists only in her imagination. People interpreted it literally. There was another line about light reflecting from a sink. That came directly from my childhood. Our kitchen faced east, and my mother liked to keep everything spotless. We used to polish the sink, and when the morning sun hit it, it glittered brightly. People claimed that the image must have been AI-generated. But it's from my lived experience... I've lived with diabetes for 62 years, which has damaged the nerves in my fingers and feet, and I'm currently undergoing chemotherapy. That's why I began using speech-to-text on my Android phone... I hope this episode leads to a better understanding of the difference between assistive technology and AI-generated writing... Q: Many acclaimed writers like Ursula K Le Guin, Mary Shelley, and JRR Tolkien have also been falsely flagged by AI detectors. Where does this leave writers? Nazir: What these AI detectors are saying is that if a piece of writing is too polished, it must have been written by AI. I refuse to accept that. AI was trained on human writing. Large language models, to me, are tools, much like a word processor. They don't replace the human spirit behind creative writing. Ask an AI to write a prize-winning story on its own and see what it produces. You still need human imagination and judgment to create literature. Nazir added, "What I don't understand is why people continue to question the judges' decision."


    Read more of this story at Slashdot.


  • GoDaddy Warns India's Crackdown on Fake Site Registrars Could Upend Internet Privacy Everywhere
    "The internet is filled with fakes," writes Gizmodo. "A court in India is setting out to address the problem by requiring more transparency from domain registrars to make it easier to crack down on fraud. And while the intentions might be good, Reuters is reporting that major American domain registrar GoDaddy is sounding the warning bells that the court's decision could fundamentally reshape the internet well beyond India's borders." GoDaddy argues the move would even make the internet less safe, reports Reuters :[Online fraud] is a key challenge for Prime Minister Narendra Modi's government, which last year received 2.4 million complaints of alleged cyber fraud amounting to $2.4 billion. Starting in 2019, lawsuits were brought by dozens of Indian and global firms — Amazon against fake shopping sites trading on its name and McDonald's complaining against bogus sites offering franchises. [More than 20 companies filed a complaint, the article notes, including Microsoft.] In December, an Indian court blocked more than 1,100 such websites. The New Delhi judge however went further, ordering sweeping new measures that tech experts say have rewritten rules of internet governance: Domain sellers should not offer buyers free privacy protection by default, the buyer's details should be released to anyone with a "legitimate interest" within 72 hours, and website addresses that are variations of protected brand names must be prohibited. U.S.-based GoDaddy has challenged the directives before a larger bench of judges at the Delhi High Court, according to a Reuters review of non-public filings. It says the ruling will affect legitimate businesses that have names similar to big brands. Stopping privacy-by-default features, GoDaddy said, will result in public disclosure of name, address, telephone and email of legitimate website owners, exposing them to "foreseeable privacy and security risks" such as stalking and harassment. As domain names operate globally, not locally, the order could force GoDaddy to regulate website addresses across the world, it said. On the court's order imposing a 72-hour deadline on companies to provide registration details to anyone with "legitimate interest", GoDaddy argues it has no wherewithal to assess who has legitimate interest or not. The "commercially destabilising" directives may force domain name companies to "exit India", said one of GoDaddy's appeal documents that ran into 5,121 pages... GoDaddy rivals, Arizona-based Namecheap and Netherlands-based Hosting Concepts, have also challenged the New Delhi ruling, court records show, although Reuters could not ascertain details of their appeals... GoDaddy argues that diluting the privacy feature will run contrary to India's data protection law and the European Union GDPR law which mandates a "privacy by default" approach. Farzaneh Badii, a New York-based researcher on internet governance, criticised the New Delhi ruling, noting that Europe redacted such details because publishing them had been abused by harassment and targeted phishing. "The people exposed will be journalists, activists, small business owners, and private individuals. The brand impersonators will not," she said... While the sweeping December directives were issued by a court, they followed government's submissions, documents showed... The judges will hear the appeals on July 16. GoDaddy manages 80 million domains and serves over 20 million users, the article points out, withannual revenue over $5 billion.


    Read more of this story at Slashdot.


  • EV Batteries Defy Expectations, Last Hundreds of Thousands of Miles
    247,000 miles on an EV battery? So says the owner of a U.K.-based used-car sales company that specializes in Evs, who tells the Wall Street Journal EV batteries keep performing well even after several hundred thousand miles. "They are proving themselves to be exceptionally reliable."After five years on the road, the average EV will still be able to drive up to 95% of its original range, according to Recurrent, a data-science company that provides a battery-monitoring tool for EVs — better than many in the auto industry expected... Potential new car buyers' fear of having to pay for a battery replacement is the number one reason they choose to steer clear of EVs, according to a 2025 survey from industry research firm AutoPacific. When early EVs hit the market, buyers' concerns were well-founded. Roughly one in 12 EVs built from 2011 to 2016 have had to have battery replacements. But new data shows that more modern EVs are doing better so far. Among EVs built from 2022 on, 0.3% have had battery replacements, according to a 2025 study from Recurrent. As battery technology has advanced, EVs have avoided problems like the ones that plagued the original Nissan Leaf when it hit the market in 2010, for example. Those cars lacked the battery-cooling technology that is in newer EVs, and they made headlines for wearing down quickly. Buyer perception hasn't quite caught up, according to Scott Case, co-founder and chief executive of Recurrent... The newest battery-powered EVs have lifespans comparable to internal-combustion-engine vehicles, even when driven more miles, according to Viet Nguyen-Tien, a research officer at the London School of Economics who focuses on Evs. Improvements in car batteries' chemical contents, battery-management systems and thermal regulation have been the difference in making batteries last longer and cost less, Nguyen-Tien said. Battery prices have fallen more than 90% since 2010, according to a BloombergNEF report from late last year. Industry analysts say battery-replacement costs are also improving as more EVs are designed for repairability in the long-haul. An out-of-warranty battery replacement can cost anywhere from $5,000 to $16,000, depending on the manufacturer, according to Recurrent. But many EV manufacturers have shifted to allow smaller components of their battery packs to be repaired, which can allow owners to avoid the full costs of a battery replacement, Case said. EV batteries aren't without their challenges, though. A battery that is frequently fast-charged with high power loses its range, on average, at twice the rate of a battery charged at a lower power, according to telematics company Geotab. Frequently charging a battery to 100%, or letting it rest at 0% for extended periods, can also reduce range long-term. And EVs regularly deliver less range in extreme cold or heat. The article also includes two new projections on EV adoption:"The share of new EVs sold is expected to nearly double to 11% of new-car sales in the U.S. by 2030, according to industry consulting firm AlixPartners.""Globally, EVs already make up 15% of new-car sales and are expected to form nearly a quarter of the global market by 2030, according to AlixPartners."


    Read more of this story at Slashdot.


  • Hobbit-like Humans May Have Scavenged Komodo Dragons' Leftovers to Survive
    CNN reports:Prehistoric human relatives, nicknamed "hobbits" due to their short stature, may have been scavengers, rather than skilled hunters capable of taking down big game or building cooking fires, according to new research. The study adds to growing evidence that Homo floresiensis, which had a brain only slightly bigger than that of a chimpanzee, wasn't as advanced as scientists previously believed.... The researchers believe that much like how Komodo dragons hunt water buffaloes today, they were using their venomous bite to take down Stegodons — and after the scene was clear, Homo floresiensis swept in to cleave meat from what remained... The new study reinforces a long-held suspicion that Homo floresiensis is not a dwarfed form of Homo erectus but a descendant of a more primitive Homo habilis-like or Australopithecus-like form that arrived on the island more than1 million years ago, said Dr. Chris Stringer, a research leader specializing in human origins and paleoanthropology at London's Natural History Museum.


    Read more of this story at Slashdot.


  • New Google Ad Imagines America's 'Declaration of Independence' Written With AI Help
    An anonymous reader shared this report from TechCrunch:Two hundred and fifty years after the signing of the Declaration of Independence, a new commercial from Google asks: What if the Founding Fathers had access to Google Workspace? With the tagline "Group project, but make it 1776," the ad depicts a largely unseen Thomas Jefferson mid-draft when he gets a nagging text from Ben Franklin, leading to a very Google-centric collaboration process. Edits are suggested in Google Docs, a meeting gets scheduled in Google Calendar and conducted remotely via Google Meet (with every single attendee apparently turning their camera off?), then the whole thing is finalized with e-signatures; cue the fireworks. Of course, since this is an ad from a tech company in the year 2026, AI has a role to play. The fictionalized founders use Google's "help me visualize" AI tool to try out different animals on the national seal, Gemini takes notes on the meeting, and the founders also ask the chatbot for advice before declining King George III's document access request. TechCrunch call it "very tongue-in-cheek," noting that at one point Samuel Adams even asks, "Can we settle this over beers?" And they argue that "the AI evangelism is relatively discreet when compared to many other recent ads."


    Read more of this story at Slashdot.


  • Are Wars Blurring Lines Between Corporate and National Security?
    Subsea cables. Ukrainian power stations. Russian oil refineries. Even airports, water-desalination plants and Amazon data centers. They've all become targets in wartime, notes the Wall Street Journal, and around the world now arguments "are already brewing between companies and governments over new regulations and potential costs."In Germany, powerful associations representing private companies and municipal utilities have pushed back against new standards for physical protection, warning they could spell financial ruin. New Zealand's government has faced resistance from industry groups over a proposal to fine critical-infrastructure companies and their directors for cybersecurity breaches... A sign of how lines are blurring: The North Atlantic Treaty Organization's 32 countries last year agreed that as part of a pact to spend 5% of economic output on defense and security, 1.5% would go to military-adjacent needs including protecting critical infrastructure and networks. Spending targets range from cybersecurity and industrial capacity to railroads, bridges and ports needed for military logistics... "We need a wide concept of defense — defense is no longer just military," said Italian Adm. Giuseppe Cavo Dragone, NATO's top military adviser. Adding to the complexity, companies now need to protect the data networks that serve as gateways to critical infrastructure. Hackers increasingly target not just computer files to steal information but also systems managing vital functions like building access and factory control, remotely causing physical damage or enabling espionage. U.S. authorities in April warned that Iranian hackers were trying to disrupt American drinking-water systems by targeting computer equipment that connects hardware with software. A year earlier, suspected Russian hackers remotely manipulated valves on a Norwegian hydroelectric dam... Another challenge will be parsing jurisdictions and liability for assets that cross international waters or are damaged in combat — such as subsea data cables or energy pipelines. Turf battles between law enforcement and militaries are already complicating efforts... "The private owner can invest in redundancy, monitoring, and repair capacity, but only governments and militaries can really deter, patrol, attribute, or respond to hostile state activity," said Marc Glasser, who worked on cybersecurity and infrastructure security for three decades at the U.S. Department of Transportation and the Department of Homeland Security.... Companies say they need greater clarity from governments on what protections they will provide and subsidies to help them defend privately owned assets that provide a public good. Most governments don't provide incentives for companies to invest more than the minimum legal resilience requirements. The article notes that in May the chief executive of California's Port of Long Beach "launched a cyber-defense operations center to thwart tens of thousands of cyberattacks daily, which jeopardize computer systems and all equipment connected to them." The article also points out that the EU adopted new regulations requiring countries to reduce vulnerabilities, and new laws proposed in the U.K. now "seek to increase penalties for subsea sabotage, updating codes that date to when telegraph cables were first laid in the 19th century."


    Read more of this story at Slashdot.


  • New DNA Tech Identifies Soldier Killed in America's Revolution in 1780
    South Carolina's pine forests "have spent centuries hiding a secret as old as America itself," reports CBS News:In August 1780, British and American soldiers clashed there, leading to a terrible defeat for the Continental army [fighting for the 13 colonies rebelling against England]. Battlefield archaeologists Jim Legg and Steve Smith have been studying the site for decades, but recently, they made a shocking discovery: The sandy soil was home to several sets of remains buried in shallow graves. Metal buttons suggested the men had been Continental soldiers, but there was no other identification... About 2,000 Continental soldiers were killed, wounded or captured, and some men never returned home. Their families could only guess at their fates. But Legg and Smith's discovery, paired with an explosion in DNA technology, is changing what's possible. A set of remains, previously known only as 9B, has been identified as John Pumphrey, a young man from Maryland who enlisted in the Continental Army's 7th Maryland Regiment as young as 13... Pumphrey likely marched more than a thousand miles with the regiment. The unit fought in battles with then-Gen. George Washington in New Jersey and Pennsylvania... The Pumphrey family still exists today. The DNA that helped identify Pumphrey's remains came from three women: Pam Donahue, Karen Pumphrey Etchison, and Nancy Pumphrey White... In late June, members of the extended Pumphrey family came together to hear his story and say his name for the first time in centuries. His remains are interred in South Carolina, where he and the other soldiers were discovered, but the tombstone, once marked "Unknown," will soon have his name carved on it.


    Read more of this story at Slashdot.


www.theregister.com - Articles












Linux.com


  • From DHCP to SZTP – The Trust Revolution
    By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]

    The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.










Phoronix




  • OpenRazer 3.12.4 Fixes Compatibility With Linux 7.2
    OpenRazer 3.12.4 is now available as the newest update to these out-of-tree, unofficial Linux drivers for Razer devices. OpenRazer when paired with the likes of Polychromatic or other GUI options is what makes for a nice experience running Razer gaming peripherals under Linux...


  • FEX 2607 Optimizing For Yet-To-Be-Released ARM 256-bit SVE2 Hardware
    The FEX Emulator that allows running Linux x86/x86_64 software on ARM64 (AArch64) systems, including the likes of Wine / Valve's Steam Play (Proton) for Windows gaming on ARM, is out with its newest monthly feature release. The Valve-backed project for running x86_64 games and other software on ARM for the upcoming Steam Frame and other more typical ARM Linux systems has been baking more optimizations and improvements...



  • 4K @ 60 FPS USB Video Capture Finally Becomes Less Problematic On Linux
    One area of Linux hardware testing I haven't explored much in many years has been modern USB video capture for the lack of said hardware. The last time I did much video capturing on Linux was during the Hauppauge PCI card days. It turns out though that USB video capture of 4K 60 FPS content has been a pain point under Linux but is finally smoothing out with newer versions of the Linux kernel...


  • Phoronix Premium Summer Sale To Help Support Linux Hardware Testing
    For those that missed Phoronix turning 22 years old last month when running a special to help support the site, a few readers mentioned recently they missed out on seeing the deal in time. Paired with the US Independence Day holiday and summer sales elsewhere, now through 10 July is a Phoronix Premium summer sale if wishing to view the site ad-free while supporting the daily open-source/Linux news coverage and relentless Linux hardware testing...


  • GNOME Lands ext-background-effect-v1 Support For Background Blur Effect
    Added to the Wayland Protocols repository back in May of 2025 was the ext-background-effect-v1 protocol for background blur that had been under discussion since early 2024. The initial focus is on being able to apply a blur effect on a window's background or otherwise a specified screen region. GNOME 51 has now merged support for ext-background-effect-v1 with the latest Mutter code...


  • Linux 7.3 Adding More Graphics PCI IDs For Intel Nova Lake S
    In addition to this week's drm-intel-next pull request beginning to lay out the Intel kernel graphics driver changes for Linux 7.3, the first drm-xe-next pull request was sent out on Friday. Intel Nova Lake enablement remains the hot area for the Intel GPU driver code...



Engadget"Engadget - Technology News & Expert Reviews"











OSnews

  • Review: iodéOS offers a frictionless de-Googled Android experience
    Wherever in the world you go, the smartphone landscape is dominated by Android and iOS, and while this has always been problematic, recent events have made the dependency on two American tech giants for what is probably our most personal computing device even more problematic than it already was. We use our smartphones to keep our secrets, do our banking, interact with our governments, share our deepest thoughts with our friends and family, and a whole lot more. Having this invaluable tool the vast majority of us depend on tied entirely to Google and Apple is not just bad for the market, its also a downright threat to the national security of anyone not living in the US. Here in Europe, theres been an awakening lately, with governments, companies, and people alike finally realising that having our entire digital infrastructure controlled by foreign, adversarial interests is a terrible idea. Sadly, breaking free from our Android and iOS chains is not so easy. The most ideal solution would be a truly open source alternative smartphone operating system, but thats a hard sell for 99.9% of smartphone users who need the applications required to do their finances, talk to their friends, or interact with their governments. The cold and harsh truth is that with very few exceptions, these applications simply do not (yet) exist for smartphone operating systems that arent Android or iOS. The only viable alternative at this point in time is to take whatevers left of the Android Open Source Project, remove anything that ties it to Google and its services, fill in the gaps with alternative services and applications, and sell it as a Google-free or de-Googled Android platform. Theres several projects in this space, and with Europe drunkenly stumbling out of the technological hole it dug itself into, its no surprise that two of the more popular alternatives to Apple or Google-controlled smartphones come from Europe (and from the same country, no less). Today, were taking a look at one of these: iodéOS. Iodé is a company based in Toulouse, France, which focuses on offering a Google-free Android called iodéOS, either preinstalled on phones you can buy, or as a ROM you can install yourself on supported devices. As a company, iodé makes its money through selling devices with iodéOS preinstalled, through an optional premium subscription (that I didnt take a look at), and through donations, and all of their code is published as open source on their Gitlab instance hosted in France. Iodé loaned me a Fairphone 6 with iodéOS preinstalled, one of he many smartphones and tablets they sell through their online store (as well as their actual real store in Toulouse!) for review. This isnt going to be an Android review; you already know what Android is like, and theres no need for me to rehash any of that. Instead, I want to focus on the things that make using de-Googled Android different from using Google Android. Dont be afraid of microG There are various ways to go about making a de-Googled Android variant, and iodéOS chose the LineageOS route, with microG installed on top. For those unaware, microG is a project which aims to replace the various proprietary parts of Google Play Services, required by many Android applications, with open source reimplementations. While it doesnt offer 100% compatibility, it works exceptionally well, and youll be hard-pressed to find applications just dont work at all with microG. IodéOS updates its microG installation through a dedicated F-Droid repository thats obviously enabled by default, so you dont have to do anything yourself. Using microG instead of Google Play Services doesnt mean you have to rely solely on whatevers available in F-Droid, since there are a variety of alternative Play Store frontends available. IodéOS ships with the Aurora Store, which is an open-source frontend to the Play Store that can be used with or without a Google account. If you use it with your Google account, youll gain access to whatever applications you already own, including paid ones, but you wont be able to buy applications inside Aurora. You can, however, buy an application on the Play Store website, after which it will show up in Aurora as well, assuming youre logged in with the same account. Aurora also comes with something something called FakeStore, which is sadly an important part of the puzzle; its a stub application that has the same package name as the real Play Store. Some applications check whether the Play Store is available before working properly, so this is sadly needed to ensure maximum compatibility. The only issue I sometimes ran into with Aurora is that it would load up its listings, but then any application I tapped on said it was unavailable. When this happened, reloading the Aurora application always fixed the issue. Annoying, but not gamebreaking. A few things did not work for me when using microG on iodéOS, and theyre exactly the things youd expect not to work. If you have a WearOS device, youre out of luck; WearOS devices simply do not work when using microG, but there is a bounty to add support for it. If you want to use a smartwatch with iodéOS, there are various options available, such as Garmin devices, which is what I used during my testing and it worked flawlessly. Another feature from regular! Android that simply wont work is RCS. Theres only one RCS client available on Android, Google Messages, and as you can imagine, Google is in no rush to allow devices without Google Play Services to register for and use RCS messaging. Tying to register with Google Messages will fail, and there are no other RCS clients available (save for a few China and India-specific clients). Theres a microG bounty for this, too, but no luck so far. Of course, there are countless messaging platforms that work just fine on iodéOS  regular SMS, WhatsApp, Facebook Messenger, Signal, and so on  and especially if youre European, its unlikely RCS


  • Improved DEC Alpha emulator runs Windows 2000 for Alpha and OpenVMS and Tru64 with X11
    Colour me positively surprised, as I had no idea Alpha emulation had progressed this much. As you might know, Im involved a bit in the OpenVMS community and the Alpha emulation side via AXPBox. AXPBox (github) is a fork of the es40 alpha emulator by Camiel Vanderhoeven (who is now Chief Architect at VSI, the company that makes OpenVMS, for x86 nowdays). There have been many forks of es40 in the past and recently a new one has popped up with some great new features. Like speedups via a JIT compiler, S3 graphics port from MAME and ARC support, resulting in the ability to run Windows 2000 for the DEC Alpha. ↫ Remy van Elst Not only can you run the unreleased Alpha version of Windows 2000 on this forked emulator, its also capable of running OpenVMS and Tru64 UNIX. In fact, both OpenVMS and Tru64 can run their full X11 CDE desktops on the emulator as well, which is incredibly cool and a huge milestone. As the name of the original emulator implies, its emulating an AlphaServer Es40 from the turn of the century, which should be fast enough for enthusiast use. The last AlphaStation ever made, the ES47, is still very high on my list of computers I desperately want but will never have  they are incredibly rare, and whenever they do come up for sale, incredibly expensive. If you have one, consider yourself lucky, and please, write about it! Tell the world!


  • LineageOS and Androids upcoming developer verification: what it is, and how it affects you
    LineageOS, the de-Googled Android ROM that serves as the backbone for pretty much the entire custom Android ROM community, has published an article about what the Android developer verification changes mean for them. I really like the factual tone of their article, especially this part: Critics such as F-Droid, EFF, and “Keep Android Open” point out that this also happens to route every install path through Google-controlled infrastructure, hands Google a kill switch over any app or developer worldwide, and arrives shortly after Google’s antitrust lawsuits. Both things can be true at once: real fraud is a problem and the restriction of developers is a convenient side effect of solving it this way  and we’re not in a position to pretend we know Google’s internal reasoning. We’re just telling you what they’ve said and what it changes; you can weigh the “why” yourself. ↫ Nolen Johnson on the LineageOS website For LineageOS, these new verification measures dont really mean much, as they dont affect the projects work or software. The developer verification infrastructure is a separate application that is part of Google Mobile Services, and LineageOS does not ship GMS nor does it ever intend to. As such, they dont have to do anything, as this wont be an issue unless LineageOS users choose to install a GApps package that happens to include the developer verification infrastructure. If Google were to move the developer verification infrastructure into Play Services in the future, LineageOS makes it clear theyll disable it globally, as they have done with a number of other annoying Play Services-provided over-the-air update implementations . There really isnt much more they can do; the rest is up to users and projects that use LineageOS as their base.


  • Composite video on the NES: whys it so wobbly?
    The Nintendo Entertainment System. Is it the platonic ideal of an 8-bit video game system? Well, only because it’s so prominent and successful– it’s actually kind of an oddball in its expandability and design. But there’s something else about it. The picture is a bit… wobbly. Well, over composite video anyway. Let’s dig in and learn a little big more about the nitty-gritty of composite video. ↫ Nicole Branagan As usual, the information density in this article by Branagan is kind of remarkable, especially when you consider it never overwhelms you. Such a great read.


  • ReactOS implements very first NT6 system call
    A fairly big moment for the ReactOS project: it has just received its very first system call from NT6. The system call that has been added is NtGetCurrentProcessorNumberEx, which is used for returning the processor number of the logical processor that a caller is running on. It’s unclear how long it will take ReactOS to become compatible with Windows Vista software, but it took Microsoft around half a decade to develop Vista after the release of XP and marked a major upgrade, even if it didn’t land well with users at the time. ↫ Paul Hill at Neowin Its a milestone for sure, but not one thats going to make a huge difference for ReactOS at this moment in time. Still, its a sign of things to come, even if the very nature of the ReactOS project means that whatever things are coming tend to take a while to arrive.


  • Microsoft settles centuries of religious debate by providing clearest definition of hell to date: Windows with a website-based shell running only Copilot
    For how often people invoke it, the concept of hell! in Christianity is remarkably vague and nebulous, as both the Old and New Testament barely go into detail about the concept. As such, Im glad Microsoft has now given us a clear vision of hell and what, exactly, it looks like, ending centuries of denominational disagreements. Microsoft is currently selling the idea of Windows and Copilot as two separate things: an OS and an assistant riding along on top of it. However, a leaked video shows Project Aion, an internal prototype where Copilot doesnt just sit inside Windows, it becomes Windows, swallowing the Start menu, the taskbar, and three decades of desktop conventions in the process. The footage is reportedly two years old, so Aion is most likely dead by now. But its the clearest look yet at how far Microsoft was willing to take its agentic AI ambitions. ↫ Alfonso Maruccia at Techspot Everything about this is dreadful. Obviously replacing the entire shell with AI! nonsense is the main crime against usability here, but on top of that, this new shell is all just websites, all the way down, so everything is slow and stuttery. Since this runs on something called Win3!, which appears to be a very minimal, stripped-down version of Windows intended to only run the Edge browser engine, you cant run Win32 applications. If you do try to run a Win32 application, it will load the application in a remote virtual machine running in the cloud, which I;m sure does wonder for performance, responsiveness, and latency. We can all thank the lord this project is two years old and most likely cancelled by now, but we have no way of knowing if Microsoft is still intending for this to be the future direction of Windows. Since people dont want to use AI! of their own volition, it only makes sense in the technology industrys sick, twisted mind to force people into using AI! with efforts like this. Consent has never been Silicon Valleys strength, after all. At the time of writing, Microsoft is 225 billion dollars in the red on AI!, so I wouldnt be surprised if attempts to replace the regular Explorer shell with something AI!-based is still very much on the table in Redmond.


  • Vulkan-netbsd brings Vulkan to NetBSD
    NetBSD is the only BSD without a Vulkan stack (Mesa and Lavapipe), but thats about to change. The effort to bring Vulkan to NetBSD is now in beta, with prebuilt binaries coming soon. Mesa configures, compiles, links, installs, and registers the Lavapipe software Vulkan driver on NetBSD 10.1 amd64, against LLVM 19.1.7. The driver (libvulkan_lvp.so, ~17 MB) installs into /usr/pkg/lib, and its ICD manifest (advertising Vulkan API 1.4) installs into /usr/pkg/share/vulkan/icd.d/, so a Vulkan loader on the system can discover it. ldd resolves every dependency cleanly. The entire process — environment setup, dependency builds, the Mesa build, and installation — is automated end to end and reproducible on a fresh install. ↫ vulkan-netbsd GitHub page Its important to note that the next step in the process is to port the Vulkan loader, which is required to actually run Vulkan applications. This entire effort is still ongoing and seems to be handled mostly by Dean Howell alone, so expect breakage and incomplete documentation as development progresses. Still, this is a hugely important effort, and seeing it this far along is great news.


  • EveryMac celebrates 30th birthday
    EveryMac turned 30. On July 2, 1996, EveryMac.com launched. Thirty years is a long time  and a great deal has changed since then  but what has not changed is that EveryMac.com has been there to provide you with detailed info on every Mac from the original 128k to the current line. Thank you very much for your support through the years. ↫ EveryMac news item I thought OSNews was pretty unique with its founding in 1997, so its great to see another enthusiasts website as old as ours. Amazing company to be in, too  EveryMac is an indispensable, tirelessly maintained, and stupidly accurate resource that I use countless times each year. Heres to another 30 years.


  • Android is almost dead
    The clock is ticking for Android as a (somewhat) open platform. If you are running Android 8 or higher, a virus has been installed on your device and is silently awaiting remote activation. Over the past few months, devices around the world have been infected with this novel strain, with as many as 4 billion Android handsets and tablets estimated to have already been contaminated, meaning that around half of all humanity may be at risk from this threat. Disguising itself as the innocuously-titled “Android Developer Verifier” (ADV) process, this trojan horse runs surreptitiously in the background as a system service with full root privileges, quietly awaiting an activation signal. The service cannot be blocked, disabled, or removed. Unlike a commonplace bit of malware, this extraordinary strain won’t be detected and neutralized by Play Protect (the malware scanning and remediation service that is installed on all Android Certified devices). In fact, Play Protect is itself the vector through which this virus is transmitted and installed. That is because it is Google themselves who is propagating ADV. And once activated, this malevolent process has exactly one goal: to block you from running software by developers who haven’t been approved centrally by Google. ↫ The F-Droid news website If nobody steps up, if no regulator takes on Google in this matter, we could very well be looking at the end of F-Droid and similar open source application repositories on Android. I use F-Droid, and in fact, one of the most important and most-used application on my Pixel 10 Pro comes from F-Droid: Fennec. This Firefox fork is not available through any Google-sanctioned means, and I could just wake up one day and have the browser on what is supposed to be my phone stop working. Age verification, tying crucial services to iOS and Google Android, killing the ability to install your own software on your phone, purposefully making people hopelessly addicted to and dependent on AI!, and so much more  were facing a multi-pronged attack designed to beat us into submission and give up on the idea of Free computing. I have to admit Ive lost all hope well be able to win this battle, as the combined interests of technology megacorporations and our own governments are just too powerful to fight. I feel like were living in the computing end times.


  • WinPE as a stateless harness for Windows driver testing and fuzzing
    What if you need to do very low-level testing involving the very guts of Windows NT, but dont need most of the userland that sits on top? In fact, what if that userland only slows you down and complicates the work youre trying to do? The solution is Windows PE (Windows Preinstallation Environment). It is an official, stripped-down environment distributed with every Windows ISO image. It runs entirely in RAM, requires as little as 512 MB of memory, and lacks support for DirectX, the PowerShell subsystem, or the standard graphical shell (Explorer). Booting by default with NT AUTHORITY\\SYSTEM privileges makes it an ideal test harness for both of these tasks. The following analysis focuses on the low-level mechanisms of WinPE, as well as BCD and QEMU modifications that allow transforming this system into an ultra-fast, idempotent testing environment. ↫ Piotr Bednarski Now, the kind of work Bednarski does isnt the most common of tasks, but Ive often wondered just how far you can get by bolting on whatever WinPE will allow you to. There were various unofficial third-party tools that built Windows live CDs based on WinPE, but I think most of those have died out by now. If you look hard enough, you can also find some other utilities people made for WinPE, including even some rudimentary web browsers. Regarding web browsers, modern efforts seem to run into issues. WinPE is not really meant for any advanced functionality, but I really do wonder how capable you can make it without turning it into regular Windows.



Linux Journal News

  • EU OS: A Bold Step Toward Digital Sovereignty for Europe
    Image
    A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
    What Is EU OS?
    EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.

    Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
    The Vision Behind EU OS
    The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.

    Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.

    However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
    Conclusion
    EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.

    Source: It's FOSS
    European Union


  • Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight

    Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight

    Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.

    In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.

    On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.

    Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.

    The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.

    Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.

    You can download the latest kernel here.
    Linus Torvalds kernel


  • AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
    Image
    AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.

    This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.

    Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.

    Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.

    Source: 9to5Linux
    AerynOS


  • Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
    Image
    Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.

    Here’s a quick overview of what’s new in Xojo 2025r1:
    1. Linux ARM IDE Support
    Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
    2. Web Drag and Drop
    One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
    3. Direct App Store Publishing
    Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
    4. New Desktop and Mobile Features
    This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
    5. Performance and IDE Enhancements
    Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
    What Does This Mean for Developers?
    Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
    How to Get Started
    Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.

    Download Xojo 2025r1 today at xojo.com.
    Final Thoughts
    With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
    Xojo ARM


  • New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux

    Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.

    Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.

    Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest. 

    Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.

    Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.

    Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.

    By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
    Windows


  • Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities

    The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally. 

    As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.

    In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions. 

    After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.

    The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.

    At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.

    The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
    Security


  • Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges

    The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.

    A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.

    This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem. 

    The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.

    On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.

    In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
    kernel


  • Linux Celebrates 32 Years with the Release of 6.6-rc2 Version

    Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.

    The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.

    Here is what Linus Torvalds had to say in today's announcement:
    Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds


  • Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction

    Want to interact with ChatGPT from your Linux desktop without using a web browser?

    Bavarder, a new app, allows you to do just that.

    Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.

    With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.

    During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.

    At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.

    As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!

    Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
    ChatGPT AI


  • LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite

    Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.

    Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.

    LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.

    You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.

    All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.

    In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.

    Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.

    The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
    LibreOffice


Linux Magazine News (path: lmi_news)

  • Kubuntu Focus Goes Ultra
    The Kubuntu Focus team has upped the performance ante of its M2 and Zr laptops with the latest, greatest CPUs from Intel.









  • KDE Linux Drops AUR
    KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.



Page last modified on November 17, 2022, at 06:39 PM