NTLUG | Main / All the News that Matters browse

Show Descriptions... (Show All /All+Images) (Single Column)

Debian OpenSSL Important DoS Remote Code Execution Advisory DSA-6335-1
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in denial of service, information leaks, or potentially remote code execution. Additional details can be found in the upstream advisory: https://openssl-library.org/news/secadv/20260609.txt

Debian poppler Important Denial of Service Issues DSA-6334-1
Several vulnerabilities were discovered in poppler, a PDF rendering library, which could result in denial of service, information disclosure, or potentially the execution of arbitrary code if a specially crafted file is processed. For the oldstable distribution (bookworm), these problems have been fixed

Debian Mistral Important Information Disclosure Vuln DSA-6333-1
Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that multiple API endpoints of Mistral, the OpenStack Workflow, improperly enforced access policies, which could result in information disclosure. For the oldstable distribution (bookworm), this problem has been fixed in version 15.0.0-1+deb12u1.

Debian Okular Important Code Execution Vulnerability DSA-6332-1
George Karagiannidis discovered multiple security vulnerabilities in the fax backend of the Okular document viewer, which could potentially result in the execution of arbitrary code if a malformed G3/G4 Fax file is opened. For the oldstable distribution (bookworm), this problem has been fixed

Critical Code Execution Vulnerability in Ubuntu Vim USN-8415-1 Alert
Several security issues were fixed in Vim.

Ubuntu 26.04 LTS OpenSSL Critical Denial of Service Vuln USN-8414-1
Several security issues were fixed in OpenSSL.

Mageia 9 ruby-net-ssh Important Prefix Truncation Attack Fix 2026-0182
Security update

Ubuntu 20.04 LTS OpenSSL High Heap Overflow and DoS Advisory USN-8414-2
USN-8414-1 fixed several vulnerabilities in OpenSSL.

Ubuntu 20.04 18.04 Go Networking Critical Access USN-8416-1
Go Networking could allow unintended access to network services.

Ubuntu 26.04 LTS Lodash Critical Prototype Pollution Vuln USN-8411-1
Several security issues were fixed in Lodash.

Future of Ubuntu MATE
Thomas Ward has publishedan update about the future of the Ubuntu MATE project, which did not have a26.04 release with the other Ubuntu flavors inApril:

There is a new team working on Ubuntu MATE who have stepped up tohelp take over flavor management. They haven't formally introducedthemselves yet, but I can safely say that other developers HAVEstepped up for the future of the MATE flavor, despite its prior teamlead having stepped down.

[...] Ultimately, this means that they are working to cover themissed items and gaps, and may quite possibly have a 26.10 release inOctober of 2026, which I believe they most likely are targeting.

This also means that bugs in the MATE environment and in packagesthey normally would have shipped had they have a 26.04 release arestill going to get attention and fixes. So, effectively, nothing haschanged. The only difference is that there was no 26.04 installerimage released.

For those looking to install a MATE desktop on a "clean" install ofUbuntu 26.04, Ward suggests installing Ubuntu Server and theninstalling the ubuntu-mate-desktop package.

[$] Eliminating long-lived credentials with trusted publishing
Trustedpublishing is an authentication mechanism that relies onshort-lived credentials to reduce the risk of supply-chain attacks. Atthe 2026 OpenSource Summit North America, Mike Fiedler walked the audiencethrough why trusted publishing exists, how it works, and made the casefor its adoption. It is not a silver bullet against all attacks, butit does offer protection against theft of long-lived credentials usedto publish to package registries.

Asahi Linux warns users not to upgrade to macOS 27 beta
The Asahi Linux project,which brings Linux support to Apple Arm-based Macs, has warnedits users not to upgrade to the macOS 27 "Golden Gate"beta.

Apple has changed how the boot picker and Startup Disk applicationsdetect valid OS boot volumes. When using either from macOS 27, yourAsahi partition will not be visible! We believe this to be a bug, andhave filed a report (FB22994760).

If you have already upgraded to the beta and noticed that yourAsahi partition has disappeared, do not stress. Your Asahi partitionis still there, and you have not lost any data.

The Asahi Linux installer has been patched to prevent use withmacOS 27 for now, but any users already bitten by the change willneed to use macOS 26 to restore access to Asahi Linux.

[$] BPF loop verification with scalar evolution
The BPF verifier has, in the course of wrestling with the difficult problem ofstatically analyzing loops, grown special support for many kinds of loops over itshistory, but its fundamental approach to simple for loops has notchanged.When it encounters a loop, it evaluates it, iteration by iteration, until reachingan exit condition — a process that can cause the verifier to mistakenly hit thelimit on the number of allowed instructions where a better implementationwould not.Eduard Zingermanspoke at the 2026Linux Storage, Filesystem, Memory-Management, and BPF Summitabout his in-progress work on improving the verifier's treatment of loops, especially nestedloops.

Security updates for Tuesday
Security updates have been issued by AlmaLinux (bind and libyang), Debian (keystone and openssl), Fedora (mingw-objfw, objfw, sentencepiece, and tailscale), Mageia (packagekit and suricata), Oracle (bind, bind9.16, go-toolset:ol8, ImageMagick, kernel, samba, and vim), SUSE (apache-commons-lang3, apache-commons-text, apache-commons- configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec, avahi, busybox, chromedriver, chromium, csync2, firewalld, frr, gleam, helm, kernel-devel, keybase-client, libmozjs-140-0, libopenvswitch-3_7-0, libsoup, memcached, mutt, openjpeg2, ovmf, perl-HTML-Parser, perl-Net-CIDR-Set, perl-Protocol-HTTP2, postgresql-jdbc, postgresql17, python-CairoSVG, python-Flask, python-pip, python-pyOpenSSL, python-python-multipart, python-Twisted, python-urllib3, python-urllib3_1, python-uv, python311, rsync, tomcat, and tree-sitter), and Ubuntu (alsa-lib, cups, inetutils, isc-kea, jpeg-xl, libnet-cidr-lite-perl, netatalk, netty, nginx, node-shell-quote, php-twig, pillow, poppler, rsync, strongswan, systemd, and transmission).

Linux App Summit 2026 (Heise)
Heise is carrying areport from the Linux App Summit, held in Berlin in May.
The slightly more than a dozen talks were symbolically framed between the opening keynote by systemd creator Lennart Poettering and the closing talk by Jorge Castro, initiator of the Universal Blue project, from which the modern Linux systems Bluefin and Bazzite emerged. Both Castro and Poettering call for a fundamental rethink of how Linux operating systems are delivered but pursue different approaches.

Three stable kernels for Tuesday
Greg Kroah-Hartman has announced the release of the 7.0.12, 6.18.35, and 6.12.93 stable kernels. Each containsimportant fixes throughout the tree. Users are advised to upgrade.

[$] An update on fanotify
In a filesystem-track session at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, Amir Goldstein updatedattendees on the fanotifyfilesystem-event monitoring subsystem. He wanted to describe changes that had come in the last year orso, as well as upcoming features and some remaining challenges in hisefforts to use fanotify for hierarchicalstorage management (HSM). Fanotify is the user-space API for monitoringfiles, directories, and filesystems for events of various sorts(e.g. opening or deleting a file).

rsync 3.4.4 released with regression fixes
Andrew Tridgell has announcedthe release of rsync 3.4.4 withfixes for the regressions introduced in the 3.4.3 release. He alsonotes there will be an rsync 3.5.0 soon, with many more securityupdates:

As part of the 3.5.0 release update I have created arsync-security@lists.samba.org mailing list for anyone who is willingto do testing of the 3.5.0 release. The idea is to try to reduce thechance of more regressions by expanding the set of testers of thisrelease. I have seeded it with people who were involved in past rsyncsecurity issues. If you want to join this list then the easiest waywould be for you to be vouched for by someone on thedistros@vs.openwall.org list or someone else I already trust.

My apologies for the regressions in the 3.4.3 release and I hope futuresecurity updates for rsync will have less issues. The greatly expanded testsuite in rsync 3.5 combined with the rsync-security mailing list shouldhelp.

Security updates for Monday
Security updates have been issued by AlmaLinux (bind, bind9.16, frr, kernel, kernel-rt, libexif, mysql, php, and unbound), Debian (apache2, chromium, glibc, gsasl, jackson-core, libxml2, nginx, request-tracker4, request-tracker5, tomcat10, tomcat11, and tomcat9), Fedora (chromium, firefox, haveged, keylime, libinput, libssh2, nasm, perl-CryptX, rust, thunderbird, and webkitgtk), Mageia (cockpit, golang-x-crypto, golang-x-sys-devel, kernel, kmod-virtualbox, kmod-xtables-addons, kernel-linus, perl-DBIx-Class-EncodedColumn, perl-Crypt-URandom-Token, xdg-dbus-proxy, and xmlrpc-c), Slackware (samba), and SUSE (7zip, amazon-ssm-agent, ansible-13, ansible-core, assimp-devel, bind, cacti, chromium, dpkg, epiphany, erlang27, evince, ffmpeg-4, freerdp, frr, git-bug, google-guest-agent, grafana, hauler, ignition, jq, kanidm, kernel, keybase-client, libjxl, libmariadbd-devel, libmozjs-115-0, libopenbabel8, libsoup2, mariadb, mcphost, networkmanager, openssh, perl-HTTP-Daemon, perl-HTTP-Tiny, perl-IO-Compress, perl-Sereal-Decoder, perl-xml-libxml, postgresql18, python-pyopenssl, python311-pip, tomcat, tomcat10, tomcat11, tor, trivy, unbound, uriparser, vifm, weblate, xorg-x11-server, and yq).

Peter Boy on Why Fedora Needs More Than Just Technical Contributors
Petr Boy came to Fedora documentation the way many contributors do, by seeing a gap and deciding to fill it. As a researcher, writing is his daily work. When he looked at how he could meaningfully contribute to Fedora, documentation was the obvious answer. He started with Fedora Core 1, stepped away, and returned in […]

RefreshOS 3.0 Is for Debian Stable Fans Who Want KDE Plasma 6
RefreshOS 3.0 combines Debian 13 (Trixie) with KDE Plasma 6, preconfigured drivers, codecs, apps, and a polished desktop experience.

macOS 27 Beta Breaks The Ability To Boot Asahi Linux
Asahi Linux is warning its users from trying out the new macOS 27 "Golden Gate" beta released this week by Apple. With macOS 27 beta, the Asahi Linux partition is no longer visible and thus unable to boot to your Apple Silicon Linux installation...

RISC-V edge box packs dual GbE, CAN, and 4G/5G support
Bit-Brick’s EPC1000 is an industrial edge computing system built around the SpacemiT K1 RISC-V processor. The platform is intended for applications including industrial IoT, smart transportation, agriculture monitoring, environmental sensing, and edge analytics. The system is powered by an octa-core X60 RISC-V processor operating at up to 1.8 GHz and compliant with the RISC-V 64GCVB […]

RISC-V CPU Performance Up 8x In Five Years: SiFive HiFive Unmatched To SpacemiT K3
Recently I published some initial SpacemiT K3 benchmarks for that first-to-market RISC-V RVA23 SoC with the K3 Pico-ITX mini computer. In there was a comparison against modern Intel Core Ultra and AMD Ryzen desktop CPUs along with the likes of the Raspberry Pi 5, Loongson 3B6000, and SiFive HiFive Premier. For those curious about the longer-term RISC-V performance, here is a look at how far the RISC-V hardware performance has come compared to the SiFive HiFive Unmatched RISC-V board from five years ago.

EasyOS version 7.3.9 released
This is a release-candidate for 7.4, marking a fundamental commitment to a "legacy" architecture, embracing Xlibre and gtk2-ng.

Collabora CODE 26.04: AI, Better Collab, and a Bid to Stay Ahead
With Euro-Office due on Tuesday, and LibreOffice Online back in development, Collabora has plenty on the line with this new release.

LibreOffice 26.2.4 Open-Source Office Suite Released with More Than 40 Bug Fixes
LibreOffice 26.2.4 is now available for download as the fourth point release to the LibreOffice 26.2 office suite series with 43 bug fixes.

FEDORA SERVER 44 BTRFS SETUP and RECOVERY ENGINE (Assisted by Google AI)
In general, instance setup was proposed by Google AI (1-5). My choice was to create four subvolumes followed by "Trick snapper method". (6) I've also suggested to run critical "mv /mnt/btrfs-top/root /mnt/btrfs-top/root_broken" inside the Live F44 (KDE Plasma) instance against crashed instance F44 Server been built on top vda with flat architecture been spread across four btrfs subvolumes "root","home","boot" and ".snapshots"

Why Mentorship at Flock Changes Everything!
Flock to Fedora is more than a conference – it’s where the Fedora community comes alive. As part of the CommitHistory campaign, we sat down with confirmed Flock 2026 speakers to hear their stories: what brought them to Fedora, what Flock means to them personally, and what they’re hoping for in Prague this June. This […]

Linux Insider"LinuxInsider"

Anthropics Mythos AI Finds Decades-Old Open-Source Bugs
Project Glasswing is using advanced AI models to expose hidden vulnerabilities across critical open-source software, putting new pressure on already overwhelmed maintainers. The post Anthropics Mythos AI Finds Decades-Old Open-Source Bugs appeared first on LinuxInsider.

Dirty Frag Linux Vulnerability Raises New Root Access Risks
A newly disclosed Linux privilege escalation flaw dubbed "Dirty Frag" is raising concerns among security researchers who warn it could give attackers reliable root access across a wide range of enterprise environments. The post Dirty Frag Linux Vulnerability Raises New Root Access Risks appeared first on LinuxInsider.

GitHub Flaw Reveals Dangers of Implicit Trust
A recently patched GitHub RCE flaw is raising broader questions about implicit trust in software supply chains. CodeHunter CEO Ken Ammon explains why trusted users and platforms no longer guarantee safe code. The post GitHub Flaw Reveals Dangers of Implicit Trust appeared first on LinuxInsider.

Edera Is Closing the GPU Security Gap for Autonomous AI
As AI agents move into production, traditional container security is failing at scale. Edera is addressing this gap with hypervisor-based isolation designed for GPU-heavy, multi-tenant environments. The post Edera Is Closing the GPU Security Gap for Autonomous AI appeared first on LinuxInsider.

Super Productivity App: The Closest Ive Come to a Workflow That Sticks
Super Productivity stands out with flexible workflows, offline-first design, and free syncing. It adapts to how you work instead of forcing structure, making it one of the most practical tools I've used. The post Super Productivity App: The Closest Ive Come to a Workflow That Sticks appeared first on LinuxInsider.

ClusterAPI Simplifies Provisioning but Leaves Ops Gaps
ClusterAPI simplified Kubernetes provisioning, but operations remain complex. Teams still must correlate fragmented signals across systems, driving demand for AI-driven visibility and faster issue resolution. The post ClusterAPI Simplifies Provisioning but Leaves Ops Gaps appeared first on LinuxInsider.

Percona, Chainguard Advance Secure-by-Default Open-Source Databases
Percona and Chainguard aim to cut CVE patching and reduce overhead with secure-by-default images for open-source databases. The post Percona, Chainguard Advance Secure-by-Default Open-Source Databases appeared first on LinuxInsider.

Rocky Linux Expands Into Enterprise AI Infrastructure
CIQ is expanding Rocky Linux with enterprise and AI-focused versions designed to simplify deployments and improve GPU performance. The post Rocky Linux Expands Into Enterprise AI Infrastructure appeared first on LinuxInsider.

The Patching Paradox Driving Most Breaches
More than half of breaches occur after fixes are available, revealing an execution gap as delayed patching turns known vulnerabilities into ongoing enterprise risk. The post The Patching Paradox Driving Most Breaches appeared first on LinuxInsider.

Lock Down Your Linux Laptop on Public Wi-Fi
Public Wi-Fi exposes Linux systems to monitoring, spoofed networks, and data interception. This guide shows how to secure your device with VPNs, firewalls, and browser protections. The post Lock Down Your Linux Laptop on Public Wi-Fi appeared first on LinuxInsider.

US Labels BYD, Baidu, Alibaba and Other Tech Giants As Aiding China's Military
The Pentagon has added Alibaba, BYD, Baidu, Unitree, and other Chinese companies to its list of firms it says support China's military, barring them from U.S. defense contracts. The companies and China's embassy deny the allegations. The Associated Press reports: Created in 2021 by a congressional mandate, the list (PDF) seeks to identify Chinese companies that the Pentagon considers to have links to the Chinese military -- not only those directly controlled by the Chinese military and security forces but also those contributing to the country's defense industrial base. When updating the list last year, the Pentagon said the Chinese military sought to acquire advanced technologies and expertise developed by Chinese companies, universities and research programs that "appear to be civilian entities." The Chinese Embassy on Monday accused the U.S. of "overstretching the concept of national security and making discriminatory lists to go after Chinese companies." It said Chinese companies observe the laws and regulations of the countries where they do business. "The U.S. should stop its wrong practice and create a fair, just and non-discriminatory environment for Chinese companies," the embassy said in a statement. [...] The Chinese Embassy on Monday accused the U.S. of "overstretching the concept of national security and making discriminatory lists to go after Chinese companies." It said Chinese companies observe the laws and regulations of the countries where they do business. "The U.S. should stop its wrong practice and create a fair, just and non-discriminatory environment for Chinese companies," the embassy said in a statement.

Read more of this story at Slashdot.

EU Orders Meta To Open WhatsApp To Rival AI Chatbots
The European Commission has ordered Meta to temporarily restore free WhatsApp Business API access for rival AI chatbots while it investigates whether Meta's ban on third-party assistants abuses its dominant position. Meta says it will appeal, calling the move "regulatory overreach" that would let major AI companies use a paid WhatsApp product for free. The BBC reports: The EU said it began its investigation, in December 2025, after Meta banned third-party general-purpose AI assistants from the WhatsApp for Business API. It said that appeared to be an abuse of Meta's dominant position in European markets. So, as an interim measure as its investigation continues, it has given Meta five working days to re-instate access for third-party general-purpose AI assistants to the WhatsApp for Business API under the same terms and conditions that were in place previously. "In rapidly evolving markets, competition can be lost long before a final decision is adopted," said Teresa Ribera, the Commission's executive vice-president for clean, just and competitive transition. "This is why these interim measures will remain in place for the duration of the investigation." She added the decision "preserved choice for citizens across Europe on the AI assistants they want to use with WhatsApp, without that decision being made for them." The Commission said if Meta failed to comply with its interim decision it could be fined up to 10% up of its total turnover. "The European Commission has decided that OpenAI and some of the largest companies in the world can use the paid-for WhatsApp Business product for free," it said in a statement. "This is regulatory overreach subsidized by the many European companies that pay. We will appeal."

Read more of this story at Slashdot.

Anthropic Releases Claude Fable, a 'Safe' Version of Mythos
Anthropic is releasing Claude Fable 5, a Mythos-class AI model for enterprise customers and paid subscribers. The company says broader access is possible thanks to new safeguards that block high-risk requests in areas like cybersecurity and biology. "For us, it's really around what we call 'race to the top,' being able to provide this technology in a valuable fashion, and at the same time providing the right safety guardrails so that it can do asymmetrically more benefits than harm," Dianne Penn, Anthropic's head of product management for research, told CNBC in an interview. CNBC reports: [W]ith the launch of Claude Fable 5, Anthropic is honoring its stated "eventual goal" to deploy Mythos-class models at scale. It's also capitalizing on growing momentum and investor interest in its technology ahead of a potentially massive IPO, which is expected to take place as soon as this year. Anthropic said Claude Fable 5 shows "exceptional performance" across software engineering and knowledge work tasks. On some benchmarks, it scored more than 10% higher than Claude Opus 4.8, another model the company announced late last month, according to a blog post. Claude Fable 5 represents a "significant jump" in capability, which is why Anthropic had to implement additional guardrails to prevent misuse, Penn said. If a user asks a high-risk question, like how to make ricin, a toxin, for instance, the model will block its response and fall back to Claude Opus 4.8 to deliver a safe answer. "What we wanted to do was to be very intentional about building new types of classifiers and new types of safety guardrails in place for this launch," Penn said. Anthropic also released an updated Mythos model called Claude Mythos 5. "It's the same underlying model as Claude Fable 5, but with the safeguards lifted in some areas," reports CNBC.

Read more of this story at Slashdot.

High-Severity Vulnerability In Linux Caused By a Single Errant Character
An anonymous reader quotes a report from Ars Technica: Researchers have analyzed a high-severity vulnerability in Linux that's able to escalate untrusted users to root by exploiting a bug you don't often see: a single errant character inside the kernel. The vulnerability, tracked as CVE-2026-23111, is located in nf_tables, a subsystem of the Linux kernel that provides packet filtering capabilities. It's used to manage firewall rules and replaces older subsystems such as iptables, ip6tables, arptables, and ebtables. The presence of a single mis-issued exclamation point in code implementing nf_tables introduced a use-after-free, a class of vulnerability that corrupts memory by placing malicious code at memory addresses that haven't been properly freed of their previous contents. CVE-2026-23111 can be exploited by an unprivileged user or process to elevate system rights to root. The exploit works by disrupting the deletion of verdicts -- a determination within the nf_tables framework that determines if a packet matches a rule calling for a certain action to be performed. This process can use what are known as catchall elements, which act as a wildcard in the event a lookup doesn't match any other element in the set. When a verdict map is deleted from memory, catchall elements are deactivated and a chain's reference counter is decremented. When errors occur the deletion can be reversed and the counter incremented. CVE-2026-53111 allows for that process to be altered. As a result, the exploit can decrement the variable an arbitrary number of times and then delete and free the chain when some objects still point to it. Although the kernel vulnerability was fixed in February, multiple proof-of-concept exploits have since emerged, including one from FuzzingLabs in April and another from Exodus Intelligence that works on Debian and Ubuntu.

Read more of this story at Slashdot.

EU Says Decision Not to Launch Siri AI in Europe Is Apple's Alone
The European Commission says Apple's decision not to launch Siri AI in the EU is Apple's alone, arguing that the company sought an exemption from Digital Markets Act interoperability rules instead of building a compliant privacy- and security-preserving solution. Apple, meanwhile, says regulators rejected its proposals and claims the DMA would require giving third-party AI systems overly broad access to users' devices. MacRumors reports: Commission spokesperson Thomas Regnier told reporters in Brussels: "The decision not to roll out Siri AI in the EU is Apple's and Apple's only. Apple was simply unable to develop interoperability solutions that meet essential EU privacy and security standards. Instead of trying to find a suitable compliance solution, Apple simply made a request to the European Commission to be exempted from their interoperability obligations. That's not an option." Craig Federighi, Apple's senior vice president of Software Engineering, said the company was "deeply disappointed" and cited what it described as regulators' refusal to accept any of Apple's proposals, including a system called Trusted System Agent that would have allowed third-party virtual assistants to safely access the same device capabilities as Siri AI. The Commission's account tells a different story. Rather than negotiating over Apple's proposed solutions, regulators say Apple simply requested a blanket exemption from its interoperability obligations under the Digital Markets Act, something the Commission says is not an available option. Apple's statement framed the DMA's requirements as demanding that any AI system be given "nearly unlimited access" to a user's device.

Read more of this story at Slashdot.

Meta Will Use Your Activity On Other Websites To Personalize Your Feeds
Meta says it will expand how it uses off-platform activity shared by other businesses to personalize Facebook and Instagram feeds as well as AI responses, not just ads. The change starts in July and can be disabled through the "Activity from other businesses" setting, though Meta says it is not collecting new data as part of the update. The Verge reports: For example, Meta says if you bought a tent online recently, you might see camping-related videos in your Reels feed. "We aren't collecting any new data as part of this update," the blog post says. "This is about using information that businesses already send to us to further improve your experience." Meta spokesperson Emil Vazquez tells The Verge that the company previously only used the activity across its apps, such as likes, views, and follows, to tailor the content you see. The company also started using conversations with its AI assistant to personalize ads last year.

Read more of this story at Slashdot.

Microsoft Hacked To Deliver Malware To Claude and Gemini Users
An anonymous reader quotes a report from 404 Media: Microsoft has shut down a wave of its own repositories on GitHub, including those related to Azure and AI coding agents, as it investigates a data breach, according to research from cybersecurity researchers and a statement given to 404 Media by Microsoft. Hackers planted malware that would harvest peoples' credentials when they opened it in AI coding tools like Claude Code or Gemini CLI, according to one set of researchers. The exact contours of the breach are unclear, but researchers say Microsoft has disabled more than 70 of its own repositories, and pointed to a particular package that was previously compromised. Last week, cybersecurity website OpenSourceMalware.com, which acts as a clearing house for indicators of supply chain attacks so defenders can secure their own networks, and which also publishes its own write-ups, wrote about the mass disabling of Microsoft GitHub repositories. "GitHub disabled 73 Microsoft repositories across four of its GitHub organizations -- the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps -- in a 105-second sweep on June 5," the website wrote on Friday. Is it very unusual for any company, let alone Microsoft, to disable so many of its own repositories in one go. They include 49 related to Azure, Microsoft's cloud computing arm, and some concerning AI agents. The shutdown repositories also include ones related to durabletask, a Microsoft development tool. Researchers from StepSecurity wrote on Friday that the GitHub closures came after a malicious commit was pushed to the durabletask repository. That attack planted configuration files that would harvest peoples' credentials when they opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code, StepSecurity wrote. Microsoft said in a statement: "Our priority is to protect customers and the broader ecosystem. We temporarily removed some repositories as we investigated potential malicious content. Some of these repos have been restored after review, while others may remain offline while work continues. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels."

Read more of this story at Slashdot.

NHS Prescribes Half a Million Copilot Licenses For Its Paperwork Headache
NHS England plans to roll out Microsoft Copilot to 505,000 clinicians and support staff after a 30,000-person pilot claimed the AI assistant saved users an average of 43 minutes a day on administrative work. The Register reports: The rollout won't happen overnight. NHS England said that each trust will receive a central allocation of licenses based on headcount, typically starting with around 2,000 Copilot seats, and that more than half a million staff are expected to have access by October 2026. The NHS has no shortage of administrative work to throw at the software. The rollout envisions Copilot helping with discharge paperwork, bed management, rota planning, meeting minutes, board papers, briefings, data analysis, and assorted HR, finance, and procurement tasks. NHS organizations will also receive access to Copilot Studio, Microsoft's toolkit for building custom AI agents. NHS England said trusts will be able to develop agents for tasks such as handling Freedom of Information requests, processing complaints, reducing helpdesk workloads, and assisting with financial analysis. A governance framework called Agent 365 will oversee the deployment of those systems.

Read more of this story at Slashdot.

UK PM Gives Tech Firms Ultimatum To Block Explicit Images on Children's Phones
UK Prime Minister Keir Starmer has given Apple, Google, and other tech firms until September to introduce device-level protections that prevent children from taking, sharing, or viewing explicit images. "If businesses do not comply within three months, legislation will be brought forward requiring the protection to be added to all phones and tablets sold in the UK," reports The Guardian. "Tech firms that fail to do so could face fines, and their senior managers could be made criminally liable." From the report: "Today, I am calling on tech companies operating in this country to introduce vice controls that prevent children from sending and receiving sexually explicit images. Because this is not an impossible challenge," he said. "If they choose not, then we will act and we will change the law." [...] Under the changes, sexual predators will be prevented from being able to exploit and abuse victims through their devices, and children stopped from being able to access pornography, the Home Office said. Adults will still be able to take, share or view nude content once they have verified their age. In the Commons, Melanie Ward, the Labour MP for Cowdenbeath and Kirkcaldy, said: "It's time to stop asking social media companies to make their products safe, and instead time to start requiring them to do so through regulation." Clive Efford, the Labour MP for Eltham and Chislehurst, said the "sociopaths" running social media platforms had no concern for the welfare of children. "The only message that they're going to listen to is if there's legislation put before this house that is going to act and send a clear message to them." The proposal is designed to sit alongside the Online Safety Act, which requires companies to have processes for removing material that is illegal or harmful to children.

Read more of this story at Slashdot.

Tests Suggest Russian Satellites Can Jam GPS On a Continental Scale
Researchers say mysterious, seconds-long GPS interference bursts detected across Europe appear to come from Russian EKS early-warning satellites, making this "a rare example of human-made GPS interference coming from space," reports Ars Technica. The signals may be tests of space-based jamming capability, short satellite communications, or something else, but experts say they raise troubling questions about whether GPS disruption could eventually be weaponized on a continental scale. From the report: The discovery came from an investigation detailed in a June 2 preprint paper by Todd Humphreys and his student Zach Clements at The University of Texas at Austin, along with Argyris Krizise at Stanford University in California. By sifting through public data from ground-based stations with global navigation satellite system (GNSS) receivers, they identified a pattern of high-powered interference lasting less than 10 seconds each time but simultaneously detectable by ground stations across Europe from Norway to Spain to Poland, and even reaching as far west as Greenland and Canada. By analyzing the ground station data from January 2019 to April 2026, the researchers found 75 days with at least one widespread GNSS interference event overlapping with the GPS L1 frequency band centered on 1575.42 megahertz. That represents the main band used for signal transmission by the US-made GPS satellite constellation and GNSS constellations from other countries. Such interference patterns happened mostly on Tuesdays, Wednesdays, and Thursdays during business hours in Europe, Humphreys told the YouTube channel Veritasium. Because such "continental-scale" interference was simultaneously affecting GPS receivers across Europe and beyond, Humphreys and his colleagues calculated that the source had to be at least 1,200 kilometers above the Earth. [...] In the Veritasium video, Humphreys speculated that the Russians may have been testing the satellites' GPS interference capabilities only briefly on a neighboring frequency adjacent to the typical GPS band. "And then in the eventual future when there is a hot conflict, they go ahead and tune their transmitter down to the GPS band, but it's much more damaging now that it lies right on that band," he said. Incidentally, the raw data also revealed a second interference burst from the Russian satellites in a lower-frequency band used by China's BeiDou navigation system. "I can no longer say this is accidental with confidence," Humphreys told Veritasium. He also described the Russian satellites' quiet demonstration as a "massive escalation in the electronic warfare background conflict that is going on right now." Richard Bowden, division head of assured and resilient PNT at the multinational technology company GMV in Spain, wrote in a LinkedIn comment: "These signals are, without a doubt, intentional and placed on or around GNSS signals, and have the potential to disrupt legitimate use of GNSS services. But from our side at least, we can't be sure they are intentionally malicious or intended as an EW [electronic warfare] weapon."

Read more of this story at Slashdot.

AI is making Patch Tuesday (kinda) fun again
Unless you're an admin or vulnerability manager – then you're totally screwed

Salesforce cuts staff amid acquisition spree and $50 billion share buyback
The layoffs come after CEO Marc Benioff boasted of record revenue and 'incredible cashflow' two weeks ago

If your sex life is dead, you can blame Steve Jobs
Economists find signs of a ‘large and causal relationship between iPhones and fertility' in AT&T exclusivity-era data

Anthropic spins a Fable of a tamer, safer Mythos
Company also changes data retention policy

Miasma worms its way onto GitHub as attack kit goes open source
As if there weren't enough package poisonings to worry about

MIT boffins take electrospray nozzles out of the cleanroom, into the 3D printer
Who said sub-millimeter, three-layer science juice had to be expensive to squirt?

Apple’s iOS 27 goes all agentic on compromised passwords, promises to change them with one tap
iBiz might not win the AI race, but analysts say it's focusing on features people may actually use

Neo4j plots Palantir alternative with GraphAware acquisition
Graph database biz says on-prem, air-gapped intel stack gives governments a no-kill-switch option

LibreOffice brands Euro-Office a 'de facto ally' of Microsoft's lock-in strategy
The Document Foundation accuses newly launched Euro-Office of undermining digital sovereignty by defaulting to Microsoft's OOXML document format

Devs know AI code is riddled with holes, but ship it anyway
Pressure to deploy wins out over security as four in five orgs confess to breaches from vulnerable apps

Implementing Secure Zero-Touch Provisioning in AI and Edge Infrastructure
By Juha Holkkola, FusionLayer Group How DHCP Changed Connectivity In the late 1990s, the DHCP (Dynamic Host Configuration Protocol) quietly catalyzed a revolution in digital connectivity. Before DHCP was introduced, connecting devices to a network involved manual entry of IP addresses, DNS servers, subnet masks, and gateways. Networks were fragile, prone to errors, and severely [0]

The post Implementing Secure Zero-Touch Provisioning in AI and Edge Infrastructure appeared first on Linux.com.

From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]

The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.

Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship
Sustaining a Core Part of the Linux Ecosystem The Linux Foundation has announced a second year of sponsorship for the ongoing maintenance of the Linux manual pages (man-pages) project, led by Alejandro (Alex) Colomar. This critical initiative is made possible through the continued support of Google, Hudson River Trading, and Meta, who have renewed their [0]

The post Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship appeared first on Linux.com.

Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights Part Two
In Part One of this series, we examined how the SONiC control plane and the VPP data plane form a cohesive, software-defined routing stack through the Switch Abstraction Interface.` We outlined how SONiC’s Redis-based orchestration and VPP’s user-space packet engine come together to create a high-performance, open router architecture. In this second part, we’ll turn [0]

The post Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights Part Two appeared first on Linux.com.

Disaggregated Routing with SONiC and VPP: Architecture and Integration Part One
The networking industry is undergoing a fundamental architectural transformation, driven by the relentless demands of cloud-scale data centers and the rise of software-defined infrastructure. At the heart of this evolution is the principle of disaggregation: the systematic unbundling of components that were once tightly integrated within proprietary, monolithic systems.` This movement began with the separation [0]

The post Disaggregated Routing with SONiC and VPP: Architecture and Integration Part One appeared first on Linux.com.

Kubernetes on Bare Metal for Maximum Performance
When teams consider deploying Kubernetes, one of the first questions that arises is: where should it run? The default answer is often the public cloud, thanks to its flexibility and ease of use. However, a growing number of organizations are revisiting the advantages of running Kubernetes directly on bare metal servers. For workloads that demand [0]

The post Kubernetes on Bare Metal for Maximum Performance appeared first on Linux.com.

How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM
This article was contributed by Vedrana Vidulin, Head of Responsible AI Unit at Intellias (LinkedIn). As AI becomes central to smart devices, embedded systems, and edge computing, the ability to run language models locally — without relying on the cloud — is essential. Whether its for reducing latency, improving data privacy, or enabling offline functionality, local AI [0]

The post How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM appeared first on Linux.com.

Automating Compliance Management with UTMStacks Open Source SIEM 8 XDR
Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth. Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions [0]

The post Automating Compliance Management with UTMStacks Open Source SIEM & XDR appeared first on Linux.com.

A Simple Way to Install Talos Linux on Any Machine, with Any Provider
Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence [0]

The post A Simple Way to Install Talos Linux on Any Machine, with Any Provider appeared first on Linux.com.

Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely

The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.

Linux Sees Patches For "Critical" Vulnerability Affecting Many Arm CPUs
Made public today is CVE-2025-10263 as a "critical" security vulnerability affecting many different Arm CPU cores. CVE-2025-10263 could allow for privilege escalation on affected systems due to a specific timing condition during a memory permission change. Fundamentally it comes down to completion of affected memory accesses might not be guaranteed by the completion of a TLBI...

Alpine Linux 3.24 Improves Installer Experience, Adds COSMIC Desktop Option
Alpine Linux, the Linux distribution popular especially for containers / micro-services and embedded devices, is out with its newest feature release...

macOS 27 Beta Breaks The Ability To Boot Asahi Linux
Asahi Linux is warning its users from trying out the new macOS 27 "Golden Gate" beta released this week by Apple. With macOS 27 beta, the Asahi Linux partition is no longer visible and thus unable to boot to your Apple Silicon Linux installation...

RISC-V CPU Performance Up 8x In Five Years: SiFive HiFive Unmatched To SpacemiT K3
Recently I published some initial SpacemiT K3 benchmarks for that first-to-market RISC-V RVA23 SoC with the K3 Pico-ITX mini computer. In there was a comparison against modern Intel Core Ultra and AMD Ryzen desktop CPUs along with the likes of the Raspberry Pi 5, Loongson 3B6000, and SiFive HiFive Premier. For those curious about the longer-term RISC-V performance, here is a look at how far the RISC-V hardware performance has come compared to the SiFive HiFive Unmatched RISC-V board from five years ago.

Asterinas 0.18 Released For Rust-Written, Memory Safe Linux Alternative OS
In addition to Redox OS continuing to evolve quite nicely for that from-scratch, Rust-based open-source OS, Asterinas OS is also continuing to move forward for that Rust-based operating system striving for Linux compatibility...

LLVM/Clang Lands Initial Compiler Targeting For Hygon x86 CPUs
Following the recent Hygon C86-4G CPU support added to the GCC 17 compiler, the open-source LLVM Clang compiler has similarly seen Hygon c86-4g-m4 / c86-4g-m6 / c86-4g-m7 CPU support merged...

Linux 7.2 Preparing Intel Key Protection Technology "KPT" For Next-Gen QAT
Going back to the launch of 1st Gen Xeon Scalable processors in 2017 was Intel Key Protection Technology (KPT) promoted and there have been Key Protection Technology references in QuickAssist (QAT) documentation since 2016. Surprisingly we are only now seeing Key Protection Technology references for the upstream Linux QAT driver as Intel engineers prepare for their next-gen "Gen6" QuickAssist hardware support...

Lightweight Pragtical Code Editor Adds SDL GPU Backend
Pragtical, the lightweight open-source code editor that prides itself on using just ~50MB of RAM and ~10MB of disk space while being a full-featured code editor, is tacking on more features. Most notable with the new Pragtical release is adding an SDL-based GPU back-end for this MIT-licensed editor...

Vortex 3.0 Released As Full-Stack, Open-Source RISC-V GPU Now With 3D Pipeline
The open-source developers at Georgia Tech working on Vortex as an OpenCL-compatible RISC-V GPGPU implementation are out with their next major release for this open-source GPU design...

Ubuntu MATE Is Continuing Despite No Ubuntu MATE 26.04 Release
Back in March, Martin Wimpress stepped down as the longtime Ubuntu MATE leader and was looking for contributors to keep this Ubuntu derivative going with its GNOME2-derived desktop. That change in leadership paired with no Ubuntu MATE 26.04 release having occurred led to some concerns among users, but the plan is still for Ubuntu MATE to continue moving forward...

Engadget"Engadget - Technology News & Expert Reviews"

Conan O'Brien is hosting educational videos for an AI cybersecurity company
At long last, a corporate training you might actually enjoy.

Kalshi will require employment info for some bets as an insider trading precaution
The rules may pose a minor hurdle for people who just have to cheat.

GM's EVs will soon support more kinds of public chargers
EVs from GM will soon be able to top up at more kinds of public chargers.

Anthropic's Fable AI brings the capabilities of its unreleased Mythos model to regular users
Claude subscribers can try the model until June 22 without spending usage credits.

Opera's latest Android update includes a soccer hub and a refreshed start page
Opera9s new Android update includes a soccer hub in time for the World Cup.

Marshall's Stockwell III portable speaker offers more than 40 hours of use per charge
Marshall9s Stockwell III portable speaker runs 40 hours on a charge and costs $250.

Kingdom Hearts IV gets a surprise Nintendo Direct trailer drop
Out of nowhere, we have a new trailer for Kingdom Hearts IV.

Siri AI first look: How Apple's rebuilt AI-powered assistant behaves across iPhone, iPad and Mac
Here9s your first look at Siri AI, and how it works across Apple9s devices.

The next Nintendo sports game for Switch 2 features thumb wrestling
Nintendo9s next sports game bundle will include... thumb wrestling?

Big Walk is an oddball blend of Peak and Escape Academy, and it's out August 4
Big Walk, from the creators of Untitled Goose Game, will be available August 4.

Introducing brand new OSNews merch with the new logo!
A new logo means new merch! Im launching brand new merch today, all featuring the brand new OSNews logo. Weve got the classic T-shirt with the new OSNews logo, in sandy white and terrain grey. Theyre made from sustainably-grown and processed cotton, come in a variety of sizes, and ship worldwide. The crowdpleaser is also making its triumphant return: the OSNews coffee mug, now also with the new logo and a green-on-white two-tone design. It holds coffee and tea, of course, but feel free to use it for whatever you want. Grow a plant in it! A newcomer is the OSNews Mousepad a basic, no-nonsense, no-frills mousepad that does exactly what its supposed to do, in a classic square(ish) formfactor. It makes for a great companion to any (retro) setup, but feels particularly at home with BeOS and OS/2. One merch item remains from our previous collection: the ever-popular Gemini shirt and longsleeve, with a retro ASCII-art OSNews logo in bright green on deep black. Its like staring at a real classic CRT. On your chest. Dont sit too close. As always, every price is set so that for every item sold, roughly €8 goes to OSNews. I will add the proceeds to our fundraiser tracker, so this is yet another way to support us, together with Ko-Fi donations, SEPA direct bank transfers, and Patreon.

GentleOS is a love letter to classic operating systems with a lovely retro GUI
In todays climate, I needed this: GentleOS, an operating system targeting both 386 (GentleOS/32) and even processors as old as the 80186 (GentleOS/16), with a lovely retro graphical user interface, usable on bare metal, and, of course, open source. Its goal is to provide a simple platform for tinkering with retro hardware and running graphical interactive apps on bare metal. At minimum, it only requires an i386 CPU, 4MB of RAM, and a VGA display capable of 640x480x16 mode. By design its entirely monolithic, mostly configured at compile time, and only supports standard PC devices: VGA/SVGA, keyboard, PS/2 mouse, serial mouse, PC speaker. The only future plans are bugfixes, optimizations, and adding more apps. GentleOS/32 has a pure 16-bit spin-off called GentleOS/16, which targets devices as old as 80186. ↫ GentleOS GitHub page While it can be run on real hardware, you can also run it in Qemu to make it easier to test and play around with. It looks great, and the stated goal of just focusing on maintenance and possibly additional applications is music to my heart. With everything thats going on in technology today, this is an ice-cold glass of tonic in a scorching, data center-infested desert.

Apple demos macOS 27, iOS 27; EU spared Apples Google-powered AI! slop features
Apples developer conference started today, and as is tradition, this means it also announced coming updates to its operating systems lineup. macOS is probably one of the two major ones OSNews readers are interested in, so lets start there: Much like Mac OS X Snow Leopard in 2009, Apple said it focused on improving macOSs performance and dozens of underlying technologies this year. macOS Golden Gate has some Liquid Glass design changes. For example, apps now have a unified toolbar at the top, and the sidebar now expands to the edge of the window. A new slider on macOS 27 lets you customize the opacity of Liquid Glass. ↫ Joe Rossignol at MacRumors Effectively, a ton of Liquid Glass! features touted only a year ago are being changed and fixed, which should make using Liquid Glass less of a frustrating affair. Of course, theres a whole slew of new AI! stuff built entirely on top of Googles Gemini, but luckily for us Europeans, we wont be getting those features because EU privacy and consumer protection regulations are too strict. Apple, one of the worlds most valuable companies, seemingly cannot create AI! features that comply with some basic consumer protection legislation. As for the other major platform, thats iOS of course. At WWDC 2026 in Cupertino, Apple announced iOS 27, the next mobile operating system for compatible iPhones. The update focuses on tweaking and improving last years iOS 26, particularly in areas like app launch time, Liquid Glass design, and more. It does not offer a lot of major new features or upgrades, as Apple focused on polishing the experience. However, there are some new upgrades, such as reworked parental controls, new Siri AI, better search, and performance improvements. ↫ Taras Buria at Neowin These new versions, as well as those of Apples other operating systems, will be available later this year.

Xfce ported to Redox OS
Redox progressed another month, and that means a ton of improvements and new features to talk about. The biggest news this past month is that Xfce has been ported to Redox, which offers a better X11 experience than MATE currently does. Theres still some bugs but apparently is works quite well. The porting process for the COSMIC desktop environment also progressed, with COSMICs new Monitor application making its way to Redox. As part of Google Summer of Code, the EEVDF scheduler has been implemented in Redox, delivering better, more stable scheduling and overall system performance improvements. Also as part of GSoC inode caching has been implemented for RedoxFS, which improves file system performance. Of course, theres a lot more here too, including the usual long list of kernel fixes, relibc improvements, and more.

TOTP-based two-factor authentication for Sculpt OS
Norman Feske, one of the main developers behind Genode and Sculpt OS, has published a blog post detailing how he developed a two-factor authentication application for Sculpt OS. With this little tool, which I have turned into an deploy option on Sculpt OS to swiftly bring it up whenever I need it, TOTP-based two-factor authentication has become part of my daily routine. Should you want to risk a look under the hood, let me point you to the vitotp Goa project. ↫ Norman Feske The Genode project moved from GitHub to Codebrg recently, and needed a native TOTP impelentation for that purpose.

Using Fedora Silverblue for compositor development
I’ve been using Fedora Silverblue on my desktop and laptop for the past, what, five years? Silverblue is Fedora’s main atomic variant, a spiritual counterpart to Fedora Workstation. I also make niri, a scrollable-tiling Wayland compositor. In other words, a core system component that you cannot properly test from inside a container or VM—you really want it directly on the host. So, why would I choose an… immutable distro? How does that even work? ↫ Ivan Molodetskikh Thats a great question, and as immutable or immutable-like Linux distributions become more popular and widespread and eventually the default download option for many distributions, Im sure articles like these are quite important. Im sure quite a few developers discarded the idea of using something like Silverblue because they assumed it wouldnt be fit for purpose, but if the developer of Niri makes it work, Im fairly sure anybody can.

x86CSS: a working CSS-only x86 CPU/emulator/computer
x86CSS is a working CSS-only x86 CPU/emulator/computer. Yes, the Cascading Style Sheets CSS. No JavaScript required. What youre seeing above is a C program that was compiled using GCC into native 8086 machine code being executed fully within CSS. ↫ Lyra Rebane Hand-written CSS, no JavaScript, and effectively no HTML. Wizardry.

This mini PC with the latest RISC-V SoC might actually be worth it
RISC-V has been in the promising! phase for a long time now, especially for general purpose computing, never really breaking through into the mainstream in any measurable way. While I think that breakthrough is still relatively far away, we now do have newer RISC-V SoCs on the market supporting the RVA23 baseline RISC-V profile. One of them is the SpacemiT Key Stone KЗ, which promises to deliver a massive performance increase over previous RISC-V offerings. Its exactly this chip thats finding its way into complete, turnkey mini PC solutions, like this one from a company called Firefly. The base model comes with 8GB of LDDPR5 RAM and 128GB of storage, at a price of about €300 or so (theres also a 32GB/128GB model at well over €600). This is the first time Im looking at a complete RISC-V solution where I feel like it might actually make for a good moment to jump in for us enthusiasts. No, the performance wont rival anything Intel or AMD has to offer, but it seems capable enough for a lot of day-to-day tasks, and Im curious to see just how far along the Linux world is when it comes to RISC-V support. Its not part of our current set of fundraiser incentives, but if youd like to see this RISC-V mini PC reviewed here on OSNews, you can always donate and add a note that you specifically want to see such a review (so I can gauge interest not just from our few commenters, but also from the more than 99% of our readers who only lurk). As always, you can donate through Ko-Fi, or, if youre European, via a SEPA direct bank transfer (Name: Thom Holwerda – IBAN: SE08 8000 0820 1684 4657 8414 – BIC: SWEDSESS).

When su replaced login for becoming another UNIX login
Ive mentioned it before, but Chris Siebenmann is basically the Raymond Chen of the UNIX world, and today hes filling that role perfectly once again. I recently read Simon Tathams Nitpicking the shell history scene in Tron: Legacy, where one thing that surprised Tatham was the film using login -n root to become root instead of su. This surprised me because I found that perfectly ordinary, and this turns up both a bit of Unix history and a difference between modern Unixes. Plain su can let you become another user, including root, but what it explicitly doesnt do by default is create a new login shell for that user. If you do su root, the new root shell normally inherits most of your environment, your current directory, and so on. Sometimes this is what you want and sometimes you really want a new login environment, and originally in Unix how you got the latter was to run login from your existing shell session (and this meant that login was setuid root, like su). ↫ Chris Siebenmann Unsurprisingly, this distinction has persisted to this day in various UNIX-like operating systems, but in different ways. Some maintain the explicit distinction, while others have more or less standardised on using su for both use cases. Its an interesting bit of UNIX archeology.

Roku launches open-source embedded Roku LT OS
Roku, the company that makes TV boxes and sells ad space based on your usage patterns, has released its remote control operating system as open source and by remote control I dont mean robot stuff or whatever, but actual remote controls, the thing you use to control your TV or whatever from the couch. Roku has announced the official availability of Roku LT OS a lightweight, highly deterministic open-source operating system that is already used in our industry-changing Roku remote controls. In addition to high-performance automotive platforms, Roku LT OS is designed to be accessible to the broader developer community. The operating system ships with native support for the ESP32 platform, a highly popular SoC among hobbyists and makers. Because ESP32 development boards are widely available online for just a few dollars, developers can get started with Roku LT OS with minimal hardware investment. ↫ Rokus developers blog As far as I can tell, this operating system is entirely new and not based on Linux or something else, but the available documentation is light on details so I cant make much more out of it. Regardless, its nice to have another open source embedded operating system.

EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.

Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.

Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.

However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.

Source: It's FOSS
European Union

Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight

Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight

Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.

In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.

On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.

Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.

The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.

Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.

You can download the latest kernel here.
Linus Torvalds kernel

AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.

This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.

Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.

Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.

Source: 9to5Linux
AerynOS

Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.

Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.

Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM

New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux

Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.

Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.

Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.

Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.

Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.

Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.

By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows

Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities

The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.

As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.

In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.

After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.

The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.

At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.

The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security

Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges

The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.

A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.

This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.

The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.

On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.

In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel

Linux Celebrates 32 Years with the Release of 6.6-rc2 Version

Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.

The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.

Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds

Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction

Want to interact with ChatGPT from your Linux desktop without using a web browser?

Bavarder, a new app, allows you to do just that.

Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.

With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.

During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.

At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.

As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!

Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI

LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite

Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.

Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.

LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.

You can download LibreOffice 7.5.3 directly from the LibreOffice website��or from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.

All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.

In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.

Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.

The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice

United Nations Open Source Portal Goes Live
A new open source portal seeks to coordinate and scale open source efforts across the United Nations system.

KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.

California May Exempt Linux from Its Age-Verification Law
After backlash from the Linux community, California may be backing off on its promise to force all operating systems to verify age, but one platform may still have to comply.

Another Logic Bug Found in Linux Kernel
Qualys has discovered a vulnerability in the Linux kernel that can be used to elevate standard user privileges.

Ubuntu Core 26 Offers Game-Changing Enterprise Features
Ubuntu Core 26 could be a game-changer for organizations looking for increased security and reliability.

AI Flooding the Linux Kernel Security Mailing List
AI is giving Linus Torvalds a headache, but not in the way you might think.

Top Priorities for Open Source Pros Seeking a New Job
Professional fulfillment tops the list, according to LPI report.

Container-Based Fedora Hummingbird Designed for Agent-First Builders
Fedora Hummingbird brings the same approach to the host OS as it does to containers to level up security.

Linux kernel Developers Considering a Kill Switch
With the rise of Linux vulnerabilities, the kernel developers are now considering adding a component that could help temporarily mitigate against them… in the form of a kill switch.

Fedora 44 Now Gaming Ready
The latest version of Fedora has been released with gaming support.