|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- [$] Development statistics for the 7.1 kernel
Linus Torvalds releasedthe 7.1 kernel as expected on June 14. This development cyclebrought in a lot of new features — and a lot of new developers as well.The time has come for our traditional look at where the changes in 7.1 camefrom, with a digression into how our community may be changing in general.
- Stenberg: curl summer of bliss
Daniel Stenberg has announcedthat curl will not be accepting vulnerability reports from July 1through August 3, unless the submitter has a paid supportcontract. He is calling it the "curl summer of bliss".
As previously mentioned, we have been under a huge pressurefor the last four months or so. Now we need some rest. We do notexpect this deluge to be over.
[...] If you and your Open Source projects also want to participatein the summer of bliss 2026: just do it and let us know! I would ofcourse encourage you to do so. To take care of yourself as a toppriority.
The project's issue and pull-request trackers on GitHub will remainopen. The planned release date for curl 8.22.0 has been pushed backtwo weeks to September 2, 2026.
- Security updates for Monday
Security updates have been issued by AlmaLinux (.NET 9.0), Debian (apache2, chromium, jpeg-xl, librabbitmq, and openssl), Fedora (apptainer, bind9-next, chezmoi, chromium, collectd, composer, dnsdist, gh, python-django5, python-python-multipart, varnish, varnish-modules, vmod-querystring, vmod-uuid, weasyprint, and xorg-x11-server-Xwayland), Mageia (cups, expat, libpng, libssh, memcached, nghttp2, openimageio, packages, proftpd, and radare2), Oracle (.NET 10.0, .NET 8.0, .NET 9.0, and firefox), Red Hat (postfix and valkey), and SUSE (afl, alloy, ansible-core, apache-pdfbox, chromedriver, chromium, cpp-httplib-devel, dpkg, elemental-operator, elemental-toolkit, enc, erlang, ffmpeg-7, firewalld, git-bug, golang-github-prometheus-prometheus, grafana, GraphicsMagick, graphite2, kernel, kernel-devel, lcms2, ldns, libsoup, libyang, libzypp, logback, mariadb, NetworkManager, openssh, openvswitch, perl-GD, perl-XML-LibXML, polkit, postgresql-jdbc, postgresql18, python, python-django, python-M2Crypto-doc, python-Pygments, python-pygments, python-requests, python313-Django6, qemu, rpcbind, samba, strongswan, tmux, uriparser, and xdg-dbus-proxy).
- Hundreds of AUR packages compromised
Hundreds of orphaned packages hosted by the Arch User Repository (AUR) havebeen compromised by an attacker who has added a malicious npmpackage (atomic-lockfile) that can exfiltrate sensitivedata. The project is currently workingon cleaning up the mess. There is a list of affected packagesand post (possibly NSFW domain) by"sodiboo" with additional information. Arch Linux users (or users ofArch-based distributions) that use AUR packages may wish to see if theyhave installed any of the compromised updates.
- Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, bind, expat, httpd:2.4, kernel, kernel-rt, mod_http2, openssl, poppler, redis, redis:7, samba, and unbound), Debian (ironic, kernel-wedge, libinput, linux-base, and neutron), Fedora (kernel, openssl, vaultwarden, and vaultwarden-web), Mageia (erlang-hex_core, erlang-rebar3, gnupg2, and sqlite3), Red Hat (buildah, podman, and skopeo), SUSE (flannel, gdk-pixbuf-loader-libheif, gnutls, google-cloud-sap-agent, grafana, graphite2, hplip, libIex-3_4-33, libzypp, nginx, openssh, perl-DBI, perl-Git-Repository, perl-Protocol-HTTP2, python-Pygments, python-simpleeval, python311-Django4, rclone, roundcubemail, strongswan, tomcat10, tomcat11, unbound, and webkit2gtk3), and Ubuntu (apache2, dotnet8, dotnet9, dotnet10, gst-plugins-base1.0, ironic, linux-azure-5.15, linux-azure-fips, lwip, mistral, and ubuntu-kylin-software-center).
- Homebrew 6.0.0 released
Version6.0.0 of the Homebrewpackage-management system has been released. Notable changes in thisrelease include the introduction of tap trust to improvesupply-chain security, improvements in sandboxing on Linux, a numberof performance tweaks, and many other changes.
See the changelogfor a full list. LWN covered Homebrew inNovember 2025.
- [$] Automatic mTHP creation in 7.2
The Linux kernel has long tried to use huge pages as a way to improveperformance, sometimes with more success than others. The size of hugepages has traditionally been imposed by the hardware, which typically onlyoffers a couple of relatively large options. In more recent times, though,the use of multi-size transparent huge pages (mTHPs), with more flexiblesizing implemented in software, has been growing. If all goes well, the7.2 development cycle will include the addition of a new feature,contributed by Nico Pache, to make the use of mTHPs even more transparent.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, podman, poppler, and postgresql-jdbc), Debian (chromium, jackson-core, libdbi-perl, and libinput), Fedora (httpd, rust, and xmlstarlet), Mageia (openssh, postfix, and roundcubemail), Oracle (frr, kernel, libyang, n, postgresql-jdbc, and unbound), Red Hat (.NET 10.0, .NET 8.0, .NET 9.0, redis, and redis:7), SUSE (agama-web-ui, cockpit, cosign, glibc, google-cloud-sap-agent, google-osconfig-agent, kanidm, kernel, kubernetes, kubernetes1.23, kubernetes1.24, kubernetes1.25, kubernetes1.27, kubernetes1.28, libpodofo-devel, libyang, NetworkManager-libreswan, openCryptoki, python311-pypdf, rclone, steampipe, wicked, and xen), and Ubuntu (exim4, libcrypt-saltedhash-perl, libhttp-daemon-perl, samba, and uriparser).
- Orange Pi 6 debuts with CIX P1 SoC, dual 2.5GbE, and 45 TOPS AI compute
Orange Pi has revealed new details for the Orange Pi 6, a compact single-board computer built around the CIX CD8180 processor, also known as the CIX P1. Compared with the previously previewed Orange Pi 6 Plus, the standard model uses a smaller 90 × 90 mm form factor with dual 2.5GbE networking, up to 24GB […]
- FreeBSD Receives Funding To Launch AI-Assisted Vulnerability Discovery
The FreeBSD Project announced today the launch of an AI-Assisted Vulnerability Discovery Project with grant funding provided by the Linux Foundation backed Alpha-Omega project. Alpha-Mega has sponsors including Microsoft, AWS, Google, Anthrophic, OpenAI, and others who will now be helping with FreeBSD uncovering new vulnerabilities by leveraging AI...
- A Chinese Rocket Breaks Apart Dangerously Close To the Starlink Constellation
A Chinese Zhuque-2E rocket's upper stage broke apart shortly after last week's June 9 launch, likely creating 100 to 150 pieces of debris in a busy region of low-Earth orbit crossed by the ISS and lower-altitude Starlink satellites. Most fragments should reenter within months because of atmospheric drag, but experts say the incident adds to a worsening trend as China leaves more large rocket bodies in orbit while expanding its launch rate. Ars Technica reports: The US Space Force confirmed the breakup event in a post on space-track.org, a website used by the military to distribute orbit data to the public. "The tracked pieces are being incorporated into routine conjunction assessment to support spaceflight safety," the Space Force wrote in an advisory. "There are currently no threats to human spaceflight. Analysis is ongoing." So far, the Space Force has not added any of the debris fragments to the official catalog of human-made space objects. [...] The bad news is that the Zhuque-2E's breakup is the latest chapter in China's growing contribution to the space junk problem. After decades of leaving spent rocket bodies in orbit, launch operators in most countries now reserve enough fuel to steer their upper stages back to Earth for controlled reentries. Rocket bodies attributed to Russia and the former Soviet Union account for the bulk of the launch-related debris in long-lived orbits, followed by China and the United States. But the Russian and American numbers are declining or holding steady, while the mass of Chinese rocket bodies in these long-lived orbits has grown by more than 150 percent in the past five years, according to a new analysis by Space Domain Awareness expert Jim Shell. The increase comes as China ramps up launches of its own megaconstellations designed to compete with SpaceX's Starlink. Rocket bodies are the most concerning sources of space debris because they are typically fairly large in size and mass, often with residual propellant and high-pressure gases that can trigger an explosion. There is no way to maneuver or dispose of them if left abandoned in orbit after releasing their payloads. McKnight characterized the recent breakup of the Zhuque-2E rocket as a "slight space safety issue," but the trend is not good. China's Long March 6A rocket has an especially bad track record, including two explosions that littered a higher-altitude low-Earth orbit with more than 1,000 debris fragments, where they will remain for decades or centuries. "Three of the top four breakup events in LEO are of Chinese origin, with two of these events being from Chinese (rocket body) explosions in the last four years," McKnight said.
 
Read more of this story at Slashdot.
- Cybersecurity Vets Protest 'Dangerous' US Government Ban On Anthropic's Most Powerful Models
An anonymous reader quotes a report from TechCrunch: A group made up of dozens of cybersecurity experts, including several well-known veterans of the industry, published an open letter to the U.S. government asking it to lift the export control order on Anthropic's Fable and Mythos models. According to the open letter, "this action has taken the best models away from [cybersecurity] defenders" who now can't use the models to find vulnerabilities and make their software and products more secure. "To pull the best capabilities away from defenders without a good reason when our adversaries are rapidly advancing is dangerous," read the letter. On Friday, the U.S. government ordered Anthropic to limit the export of Fable and Mythos, citing national security concerns, without explaining the specific reasons behind the order, according to Anthropic. In response, the company suspended access to the models to all users worldwide. As of this writing, the letter is signed by 76 cybersecurity experts, including Alex Stamos, former Facebook chief of security; Casey Ellis, the founder bug bounty platform Bugcrowd; Jon Callas, famed cryptographer and former Apple security design and architecture manager; Paul Vixie, computer scientist ; Dino Dai Zovi, the former head of applied security engineering at Block; Katie Moussouris, the founder of Luta Security; and Rachel Tobac, the CEO of the security awareness training firm SocialProof Security. [...] Anthropic said that the White House export control order may have been based on a report that there was a method to bypass -- or jailbreak -- Fable to unlock its powerful Mythos-level capabilities. According to Katie Moussouris, one of the signatories of the open letter, the method was demonstrated by Amazon researchers in a paper that is not public but that she has reviewed. But Moussouris said in a blog post that the paper did not actually demonstrate a real jailbreak. Instead, she wrote, the researchers simply asked Fable to fix open source code with public and known vulnerabilities along with "deliberately planted vulnerabilities," after the model initially refused to "review the code for security issues." "The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense," Moussouris wrote. "Defenders need to be able to ask AI to fix the bugs in a file, explain why the fix matters, and write tests that confirm the patch works. That is not a guardrail bypass. It is the most valuable thing an AI model can do for defensive security: executing the find, fix, and test loop defenders run every day." Moussouris' critique was echoed in the open letter, which also said that the group of experts believe the model capabilities in the Amazon paper "can be replicated" on OpenAI's GPT-5.5, on Anthropic's own publicly available Claude Opus 4.8 and Sonnet, "and even Chinese models like Kimi 2.7." Moussouris told TechCrunch that "the bugs used to demonstrate the techniques in the paper can be found using the other models. The method in the paper is a guardrail bypass technique. Other models that lack the Fable guardrails often won't refuse the straightforward request to look for security bugs, so they don't need a bypass." The letter also asked for transparently and fairly enforced regulations created by "a democratic rule-making process" that are based on scientific research done by industry and academic experts, and "used only to the minimal extent necessary to ensure the safety of the American public."
Read more of this story at Slashdot.
- The US Government Is Letting a Key Data Center Regulation Expire
The Federal Data Center Enhancement Act (FDCEA) is set to expire in September without an apparent replacement, potentially ending requirements for federal agencies to report on data-center efficiency, resilience, energy and water use, and contractor sustainability. Wired reports: Despite the public backlash, the Office of Management and Budget (OMB), the government agency that sets guidance for how agencies implement policies in line with the president's agenda, is not providing any plans for how federal agencies should manage the sunset or continue to implement reporting beyond the timeline of the law. This, current and former workers at OMB and the General Services Administration (GSA) say, signals that the Trump administration is set to take an even more hands-off approach to data center oversight and regulation. A replacement for the requirements laid out in FDCEA would, in other administrations, have been in the works for months ahead of its expiration. An employee with the GSA, the agency that oversees the government's IT services and helps to implement the FDCEA, says that the lack of any sort of plan is highly uncommon. The employee spoke to WIRED on the condition of anonymity for fear of retaliation. "Never in the history of data center policies has a policy expired without another one having been painstakingly worked on for three years behind the scenes," says the GSA employee. "The technology has changed so much it's not about getting everything right, it's about doing the best they can and updating to a new policy. They claim they're going to make sure private companies pay their fare share, but they haven't explained how they'll do that." [...] There has been a burst of data-center-related legislation introduced in Congress this year, from bills that mandate environmental reviews of data centers to bills designed to protect local moratoriums. However, it appears that none of these bills are designed to address the requirements in FDCEA, nor do they specifically address federally run or leased data centers. [...] A search of reginfo.gov, the OMB website that contains reports on the president's Unified Agenda, also turns up nothing for the FDCEA. "By letting this expire, OMB is going to enter into this new age of prioritizing rapid AI development over any sort of centralized control or rigorous standards," says the anonymous GSA employee who spoke to Wired. "In the absence of a new policy from OMB, [GSA] has no directive or measurable standards with which to point agencies towards managing data centers efficiently."
Read more of this story at Slashdot.
- FBI Issues Urgent Kali365 Security Warning For Teams, Outlook, OneDrive Users
alternative_right shares a report from The Hill: The FBI released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency warned that the hacking platform Kali365 seeks out OAuth device codes, allowing scammers to sneak past multi-factor authentication codes, and without the need for a password, to access Microsoft accounts. Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI. "Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an "emerging Phishing-as-a-Service platform." Hackers with limited skills can access advanced phishing tools through the platform, according to NordPass.
Read more of this story at Slashdot.
- Google Chrome's Next Update Will Mark the End of Popular Ad Blockers
Google is removing Chrome's last remaining workarounds for Manifest V2 extensions, effectively ending support for legacy ad blockers such as the original uBlock Origin. 9to5Google reports: CyberNews points out a Chromium commit that removes support for the "kExtensionManifestV2Disabled" flag, which is referred to as "dead code" seeing as Chrome no longer supports Manifest V2 extensions. This removal acts as the final stop for many Manifest V2-based ad blocker extensions that were still in use today -- the flag was effectively a loophole to continue using these extensions. A Googler on the commit explains: "MV2 extensions are no longer allowed in any supported version of Chrome, and we are removing support for them and the associated functionality. We won't be able to provide / maintain this functionality indefinitely due to the complexity and tech debt, as well as the security risks it entails (we've actually found a number of bugs that are specific to MV2 lately). Of course, other browsers can continue supporting these if they so desire." This will also impact other Chromium-based browsers, though the comment notes that "other browsers can continue supporting these if they so desire." Neowin points out that Microsoft Edge and Opera are likely to follow suit. Chrome 150, set to be released later this month, will remove this flag, while other leftover bits of Manifest V2 will be removed in the v151 release.
Read more of this story at Slashdot.
- Users Cry Foul After AMD Stripped Memory Crypto From Its Consumer CPUs
An anonymous reader quotes a report from Ars Technica: A decade ago, AMD added a protection to its high-end CPUs to protect them against cold boot attacks and other types of physical exploits that siphon sensitive data out of the connected memory chips. Short for Transparent Secure Memory Encryption, TSME encrypts the entire contents stored in memory, making the data useless to physical attackers. Over time, AMD added TSME to lower-end processors, including the consumer version of its Ryzen chips, a CPU that costs less than the Pro version. Over the years, users of these lower-end chips have gotten used to the added security. Recently and without warning or notice, this lower-end line of AMD chips suddenly dropped the protection, and did so in a way that was impossible to detect on Windows machines and required a fair amount of technical work when using Linux. AMD has yet to say why TSME worked on these CPUs, or even to confirm the change. AMD declined to answer questions sent by email other than to say TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies." The statement is the first known time the chipmaker has explicitly made this restriction public. [...] There's no indication that AMD ever advertised or marketed TSME as being available in consumer CPUs. AMD has long said that a related memory protection, Secure Memory Encryption (SME), is available only in the Pro and Epyc CPU tiers. SME is OS-managed. It uses a single key and allows the OS to selectively encrypt individual memory pages. TSME is firmware-managed. It encrypts all RAM with no OS involvement. When active, it provides protection against physical attacks, including cold boot exploits, DRAM interface snooping, and memory module removal. It activates silently when enabled in the BIOS, making it the more practically useful of the two protections. Ben Kilpatrick, a self-described "privacy-conscious Linux hobbyist," discovered that TSME had stopped working on his consumer Ryzen processor despite remaining enabled in the BIOS. He spent months investigating, persuaded MSI engineers to test multiple CPUs, motherboards, and firmware versions, and filed a public AMD bug report that traced the change to newer AGESA firmware apparently disabling TSME on consumer chips while retaining it on Pro and EPYC models. "AMD engineers' comments, such as those mentioned above, and the years of TSME working just fine in the lower-cost tier processors, have understandably conditioned Kilpatrick and other users to reasonably regard it as an expected part of the chip package," reports Ars Technica. "AMD quietly removing it and providing no acknowledgment or explanation strikes these users as something of a betrayal." Joe Fitzgerald, an expert in silicon-level security, said in an interview: "They could have not realized they did it leading to their cagey responses, or they could have done it intentionally and tried to get away with it, leading to the same cagey responses. But I really feel like an explanation should be in order, even if it was 'TSME was never supposed to be supported. We did ship some firmwares that erroneously enabled it, but you shouldn't use them since we can't guarantee it'll work properly.'"
Read more of this story at Slashdot.
- Trump's 'Made In the USA' Phone Is Just a Reskinned HTC U24 Pro
Longtime Slashdot reader necro81 writes: The heavily promoted, $499 T1 "Trump Phone" was originally said to be "Made in the USA" and ship in September 2025. Later, that was downgraded to "Assembled in the USA." Given the Trump Organization's lack of engineering or supply chain expertise, many assumed the "T1" would just be a private-label phone made by someone else. After a number of delays, the first phones are finally shipping. iFixit has performed a teardown and concluded that the T1 is a just gold-painted 2024 HTC U24 Pro -- a device from a Taiwanese company, probably using mainland China design and supply chains. In collaboration with NBC News, the iFixit team examined both phones using CT scans, side-by-side teardowns, and even reassembled a working T1 using a U24 Pro main board. As for "assembled in the USA," that may be true, in the same sense that your phone's repairman can "assemble" a phone from a handful of subassemblies sourced from someone else. Or it may have been assembled in Guangdong, China like the other U24 Pros. iFixit sums it up: "What you have is not an 'American-Proud Design,' but a phone designed in China, made in China, with the vast majority of parts sourced from China. I'm failing to find any stirring of American pride within me. I've certainly felt it before, so I can confirm that it is absent at this time." Quinn Nelson of Snazzy Labs on YouTube also published a comprehensive video of his experience ordering, unboxing, and tearing down the phone. "From pre-order emails landing in Gmail spam thanks to botched DMARC records, to paying for the $47.45 Trump Mobile 47 Plan over the phone, the entire buying experience was a disaster worthy of its own review," writes Nelson.
Read more of this story at Slashdot.
- Britain Unveils Sweeping Ban On Social Media For Under-16s
Longtime Slashdot reader schwit1 shares a report from NBC News: British Prime Minister Keir Starmer has announced a sweeping ban on social media use for those under 16, joining other countries around the world seeking to protect children online. "It's a big step for our country," Starmer said in a recorded video message released Monday. "Social media is making our children unhappy and unsafe, and as a parent, as much as a Prime Minister, I just can't let that go on anymore," he added. The ban will include social platforms like Snapchat, TikTok, YouTube, Instagram, Facebook and X, while there is no intention for messaging services like WhatsApp and Signal to be included, the government said in a release. [...] Starmer's government called Monday's announcement a "landmark" move, saying the new measures would be brought to Parliament before Christmas, with protections expected to come into force next spring. Beyond the blanket social media ban, the restrictions will also include blocks on functions such as livestreaming and stranger communication with children for under-16s, it added. "It's not an easy thing to do. I'll be honest about that," Starmer said. "We haven't rushed into it. We've looked carefully at the evidence, and we'll have to adapt our approach as technology changes, learn from other countries which are taking similar steps." He went on to say that it will face resistance from some of the most powerful companies in the world. "But we will take them on, and we will win, because the need for action could not be any clearer."
Read more of this story at Slashdot.
- Fox Is Buying Roku For $22 Billion
Fox is buying Roku for $22 billion, combining Fox's sports, news, entertainment, Tubi, and Fox One offerings with a streaming platform that reaches about 100 million people. The companies say the merger would create the "third-largest player in US television by share of viewing," while Fox insists Roku will remain open to competing apps after the deal closes. CNN reports: Fox has dabbled in streaming over the past few years -- finally launching its Fox One competitor last August -- but has lacked a serious streaming business with the ability to compete in a space dominated by YouTube, Netflix, Amazon, Disney+, HBO Max, Paramount+ and Peacock. With CNN parent company Warner Bros. Discovery receiving initial US regulatory approval to combine with Paramount, Fox's purchase of Roku became more urgent. [...] The deal is expected to close in the first half of 2027 with the companies forecasting $400 million in savings. "This is a defining moment for Fox, and a natural extension of the deliberate and focused strategy we have been executing for nearly a decade," said Fox CEO Lachlan Murdoch. "Today, we take the next step: bringing together the most valuable live content portfolio in video consumption with the preeminent streaming platform through which America watches it." Murdoch said Roku will continue to offer competing apps. "It's essential that Roku remain open and partner-friendly business. We don't see that changing at all."
Read more of this story at Slashdot.
- Google CEO Largely Avoids Discussing AI In Stanford Commencement Speech
BrianFagioli writes: Google CEO Sundar Pichai delivered Stanford University's 2026 commencement address, but despite leading one of the companies at the center of the AI boom, he spent very little time discussing artificial intelligence. Instead, the speech focused on optimism, working on hard things, and following your interests. The omission is notable given how many graduates are entering a job market being reshaped by AI. While Pichai briefly referenced a "rewiring of technology," he largely avoided discussing AI's impact on careers, automation, or the future of work. Was the Google CEO intentionally steering clear of a controversial topic, or was he simply trying to deliver a timeless commencement speech rather than a technology-focused one? Hyping AI during a commencement speech has been a surefire way to get boos -- unless you're Apple cofounder Steve Wozniak, who reminded college graduates that they already posses "AI" of their own: "actual intelligence." You can read Pichai's commencement speech here. "If you're not from here, California is advertised as being really lush and green. But when I looked out the window, it was more... brown," said Pichai during his speech. "I guess I said this out loud, I'm not sure why. My host, Mrs. Jane Earl, gently corrected me. 'We prefer to call it golden,' she said.And that's exactly what I mean by choosing optimism. It's about reframing for the positive: Where I saw brown, she saw golden. This slight change of perspective had a huge ripple effect on how I thought about the world around me."
Read more of this story at Slashdot.
- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Linux 7.2 Drops Driver For The 40+ Year Old Hercules Monochrome ISA Graphics Card
After Linux 7.1 dropped support for old i486 CPUs and also began removing some old ISA and PCMCIA device drivers, there is some additional old hardware relics being cleared out of the in-development Linux 7.2 driver... The frame-buffer device driver for the old Hercules Monochrome ISA graphics card is now removed from the Linux kernel after decades at play...
- FreeBSD Receives Funding To Launch AI-Assisted Vulnerability Discovery
The FreeBSD Project announced today the launch of an AI-Assisted Vulnerability Discovery Project with grant funding provided by the Linux Foundation backed Alpha-Omega project. Alpha-Mega has sponsors including Microsoft, AWS, Google, Anthrophic, OpenAI, and others who will now be helping with FreeBSD uncovering new vulnerabilities by leveraging AI...
- Zinnia: a modular 64-bit UNIX-like kernel written in Rust
It�s been a while since we�ve had a new operating system project written in Rust, so let�s look at Zinnia. The kernel is written in (almost) 100% Rust and attempts to avoid unsafe code where possible. It implements a big range of POSIX APIs in system calls, but also exposes common extensions found in Linux and BSDs, like epoll and timerfd. This allows it to run a somewhat modern desktop using Wayland and X11 sessions. Most drivers are implemented as modules. These are Rust ELF dylibs which get loaded and linked during boot from an initrd, similar to Linux systems. Zinnia can boot from any UEFI based system thanks to the Limine bootloader. ↫ Zinnia OS website At least Weston and Xfce can run on Zinnia, even on real hardware, which is quite an achievement. The project was started in 2024 as a learning endeavour, but quickly grew out of control, as these projects are wont to do. The code�s open source.
- Haiku enables AVX512 support
We�re a little deep into June already, but it�s only now that Haiku published its monthly progress report for May. There�s a bunch of fixes for drag-and-drop behaviour in Tracker, AVX512 support can now be enabled thanks to changes to the kernel’s FPU handling, some low-level changes were made for the Rust and Zig compilers, and further improvements were made to the boot process on the Raspberry Pi 5 (although a lot more work is needed on that front). There�s still no sixth beta since a few more blockers remain, but don�t let that stop you from installing Haiku � it�s stable enough as it is, sixth beta or no.
- Tribblix Milestone 40 for x86 released
Tribblix, the Illumos distribution focused on giving you a classic UNIX-style experience, has been updated with the release of Milestone 40. This version has some major component updates. Perl in now 5.42 instead of 5.34, and the default Python is now 3.13. The GCC suite is now version 14.2.0, go is version 1.26, Xfce has been updated to version 4.18, node is v22, with v24 added and v20 removed. ↫ Tribblix M40 release notes There�s a more detailed changelog, as well as the downloads page to get started. If you�re already running Tribblix, you can update in-place, of course.
- Your EPUB is fine. Kobo disagrees. Blame Adobe.!
An infuriating story about something most of us don�t really stop to think about: e-books and the rendering engines companies and software use to display them. It’s the year 2026. Thanks to the horrendous RMSDK which Kobo decided to use as their backbone for all book rendering (probably for DRM reasons), a single line of perfectly valid CSS turns a perfectly valid EPUB file into a “corrupted file” on Kobo and just drops the whole book. No clear error message, no fallback. Just a massive fail. ↫ André Klein The level of obnoxiousness goes even deeper: Kobo devices ship with a better, actually maintained renderer for e-books as well, but in order to have a book use it, the book file in question needs to have a specific file extension. Remember that e-book files are just packaged websites; there�s no reason to do any of this nonsense with two rendering engines, one of which is shit and frozen in time. I have never had to do anything related to creating an e-book � I just put books on my own Kobo and read them � and even I am getting annoyed just reading this.
- Windows 1.0 and the WinAPI, 40 years later
How far can you get, application development-wise, by using only the original APIs from Windows 1.0, and only whatever came included by default with Windows 1.0? I finally decided to write an application for the very first version of Windows and see how different the modern WinAPI really is from its earliest versions. Windows 1.0 came out back in the mid-1980s � the era of 16-bit processors, MS-DOS, and cooperative multitasking. At first glance, you might think it has almost nothing in common with modern Windows, but when you look specifically at the application API, that’s where things get interesting. I wanted to see how far it would be possible to go using only the capabilities of the first version of Windows. I didn’t want to just make a minimal example with a window and a menu, but a small, complete application with graphics, keyboard input, timers, and constant redrawing. For this experiment, I chose Xonix � a simple yet surprisingly addictive game. ↫ Stanislav Safronov It turns out that surprisingly, despite the 40 years and massive changes since Windows 1.0, there�s still a lot that feels recognisable. It�s also remarkable that the code Safronov ended up with ran on every version of Windows from 1.0 to 10, but sine it�s a 16 bit application it no longer works on Windows 11. It also had a hiccup on Windows 95, but he suspects that�s an issue in the 16 bit subsystem in Windows 95, and not in his code. The code�s available on GitHub.
- Running DOS on the Behringer DDX3216 with a DIY BIOS from scratch
In 1994 I got my first computer: an Intel i486 DX2-66 with 4 MB RAM and a 512MB harddisk. The software was IBMs OS/2 and Microsofts Windows 3.11. In the next four years I was upgrading this machine every few months with more RAM (up to 16MB), a CD-ROM-drive and a soundblaster card. So I learned upgrading this machine, installing new software and finally learned how to program new software using BASIC. But I never got in touch with the boot-process or the details of MS-DOS. In 2026, 32 years later, I learned from some screenshots of the DDX3216, that Behringer used a real 386 processor within this machine. Immediately, some of my neurons fired in my head and I pondered if I could boot software and even a full operating system on this device. My goal was to learn how an x86-system is booting, how DOS takes over and what is necessary to get into the shell. ↫ Christian Nöding So this introduction is a bit cryptic if you�re not aware of what a DDX3216 is � I sure had no idea. The Behringer DDX3216 is a digital mixing console for use in music studios, and I think it�s about 25 years old or so. Apparently it�s built around a 386, and as Nöding details in this article, that means it can be made to run DOS. It also happens to have a small black and white LCD, so there�s a place to route output to, as well. Furthermore, once you open it up, you�ll find things like a BIOS chip, PCMCIA slot, a floppy controller, serial/parallel port controller, and more. Sure sounds like a PC to me. After talking to companies and individuals who might have a BIOS compatible with the AMD 386 SoC used in the device bore no fruit, Nöding decided to develop his own BIOS, which involves getting all the devices, interfaces, and even the display to work properly as well. The next step was getting DOS to work, and after MS-DOS 6.22 refused to work, FreeDOS did the trick and booted just fine. There�s still a ton more possible things that can be done here, but this is already quite amazing.
- Swift at Apple: migrating the TrueType hinting interpreter
TrueType is a widely used vector font standard for rendering text in web pages, PDFs, operating systems, and applications. Familiar fonts like Helvetica, Garamond, and Monaco are all built on TrueType outlines. The format specifies a hinting interpreter intended to help outlines rasterize faithfully on low-resolution displays. Modern high-resolution displays enable beautiful typography from outlines alone, but TrueType fonts that need hinting to render legibly remain in use and we continue to support them. Font parsers process data from untrusted sources, making the TrueType hinting interpreter a security-critical attack surface. To make the format more resilient on Apple platforms, we rewrote its hinting interpreter from C to memory-safe Swift for the Fall 2025 releases. In addition to memory safety, we also improved performance: on average, our Swift interpreter runs 13% faster than the C interpreter it replaced. ↫ Scott Perry This article provides a deep dive into how, exactly they did that.
- Kyvos is the easiest, cheapest, and possibly fastest way to run AmigaOS 4 and MorphOS
If you want to try out a modern Amiga operating system, your choices are severely constrained. Both MorphOS and AmigaOS 4 need PowerPC hardware, and at the moment, there�s little to no modern hardware available for purchase to run these operating systems on. The only AmigaOS 4 hardware you can buy is either incredibly outdated, incredibly expensive, or both, and while MorphOS does run on readily available Apple PowerPC machines, those, too, are getting quite long in the tooth and performance simply isn�t keeping up. Until the Mirari becomes available � with the project steadily progressing, I have high hopes � the reality for people wanting to try out AmigaOS or MorphOS is going to be expensive, at best. Or is it? QEMU exists, and QEMU can emulate various PowerPC systems just fine. Shouldn�t it be possible to run these two unique operating systems in a virtual environment on your modern PC, thereby making it trivial for those of us interested in the world of Amiga to dip our toes into the water without having to spend inordinate sums for outdated hardware? It turns out that yes, this is entirely possible, and as I highlighted almost a year ago, George Sokianos has made this process effectively foolproof by developing a custom GUI frontend for QEMU specifically designed to make it incredibly easy to set up and run AmigaOS 4 and MorphOS in QEMU virtual machines. We�re almost a year since that first version, and in that time, Sokianos has updated the tool, called Kyvos, to version 2. It costs a mere €9, and works on Linux (x86 and ARM), Windows (x86 and ARM) and macOS (x86 and ARM). You also get an incredibly detailed manual with step-by-step instructions for every supported operating system and specific emulated machine, which includes instructions for the convoluted AmigaOS 4 installation process, as well as a bunch of other information and helpful tips. In addition, the manual includes links to where you can buy AmigaOS 4 � be sure to use these specific links to buy AmigaOS 4, because Sokianos gets a commission for sales through these links. AmigaOS 4 costs like €30, so it�s not a big investment. MorphOS can be downloaded for free, but after 30 minutes of use, the operating system will slow down and cripple itself, unless you pay for and register your copy for €79. I own a copy for my 17C PowerBook G4 1.25Ghz, but I think copies are tied to hardware, so I haven�t tried registering it with my key yet. The MorphOS registration tool does not accept virtual machines, so you can�t use it to buy a copy for a virtual machine. Kyvos� graphical user interface mimics the UI of other virtual machine software like VirtualBox, and it will check to make sure you have all the correct dependencies and requirements installed. The guided setup processes for MorphOS and AmigaOS 4 virtual machines will tell you exactly which operating system ISOs and files you need and makes sure you have them, before setting up the QEMU virtual machines with the optimal settings. Once created, start the virtual machine, and they�ll boot from the installation media. Follow the included manual as you install the operating systems, including some post-install help, and you�ll end up with fully working, network-capable virtual machines running MorphOS and AmigaOS 4. Both installation and setup procedures worked without any issues on my machine, and within like half an our I had to two fully working copies of MorphOS and AmigaOS 4 running on my Linux desktop gaming PC (I exempted myself from the Windows 11 incentive for this one, since my Linux gaming PC is by far the most powerful computer I own). Networking and sound works � AmigaOS 4 requires some post-install steps for those, listed in the Kyvos manual � and I could browse the web right away with the included web browsers. The online update tool for AmigaOS 4 also works perfectly, allowing me to upgrade to the latest version of the operating system and various included components. I�m anything but a MorphOS or AmigaOS 4 expert, so I can�t confidently say much about performance compared to best real compatible hardware out there, but at least for MorphOS I can say it runs considerably faster in this virtual machine than it does on my old 17C PowerBook G4 1.25Ghz. I feel like AmigaOS 4 runs a bit smoother than MorphOS does, as with the latter I experienced the occasional hiccup and stutter which were absent on AmigaOS 4. Still, both are entirely usable and a pleasure to use. With how limited the hardware selection for these two operating systems is, using QEMU through Kyvos is by far the easiest and most straightforward way to dip your toes into the waters of the modern Amiga operating systems. For a total of around €40, you�ll be running AmigaOS 4 in a very capable and straightforward way, and if and when MorphOS allows registration for virtual machines (they really should), an additional €79 will give you a fully working installation of that unique operating system, too. Kyvos is a complete no-brainer for anyone reading OSNews.
- Web browsers on video game consoles
Video game consoles have a long history with web browsers. From the advent of the World Wide Web, consoles have been trying to get online. Browsers on video game consoles were initially very much an attempt to provide a cheap gateway to the web for a casual audience lacking technical expertise, though as time progressed they’ve become a greater and more integrated part of systems. This article takes a look at browsers on video game consoles in detail, though only covers official web browsers. Many consoles have browsers installable via custom firmware and homebrew, but they’re beyond the scope of this post, as are non-web systems such as Satellaview and online services that didn’t provide a browser, such as XBAND, Sega Meganet, and Sega Channel. ↫ Declan Chidlow The article starts off with the Philips CD-I, which has always been a fascinating product for technology fans in The Netherlands because that�s where Philips is from. Memory that far back is untrustworthy, but I can definitely remember being inundated with commercials, advertising, magazine articles, and newspaper reports about the CD-I, all throughout its rather troubled life. Yet, I don�t remember anything about it being capable of browsing a rudimentary web. Of course, we�re talking 1995 here, a time when I didn�t even have internet at home yet, although I did use the web at a friend�s place at that time. We didn�t get internet at home until I think 1997 or 1998, followed by the move to broadband cable internet just a year later, since our small rural town happened to be one of the first places to get broadband. Good times. Did anyone ever actually use browsers on consoles, though? I mean, using them always felt incredibly clunky, and by the time they were capable enough to really do anything we all had laptops and later smartphones anyway. I certainly don�t remember anyone using them for anything but a gimmick, but perhaps my sample size was far too small and not diverse enough.
- MacOS 27 drops Intel support, will be last release with Rosetta 2
With the announcement of an upcoming new macOS release also come the usual changes in which Macs will still be supported. MacOS 27 Golden Gate is an important release in this regard, as it will be the first release of Apple�s desktop operating system that will be entirely ARM-only, dropping support for all Intel Macs. It�s important to note that Apple will provide three more years of security updates for the final Intel release of macOS, so Intel users won�t be dropped like a brick immediately. Still, the Intel Mac Pro was still being sold all the way up until mid-2023, and I�d be royally pissed off if my expensive 2023 Intel Mac went out of support a mere six years after purchase. They weren�t cheap machines, and while you can argue everybody knew the writing was on the wall for the Intel Mac Pro in 2023, it still feels way too short of a supported lifespan for such an expensive, high-end piece of equipment. It didn�t sell many units, I�m sure, but still. In addition, MacOS 27 will be the last release to include the Rosetta 2 translation layer that allows Intel binaries to run on ARM macOS. I have no idea how many important applications are still Intel-only, but I have a feeling that number is going to be relatively small, and will become even smaller as the first macOS release without Rosetta 2 support nears release. On top op of that, I�m sure enterprising users will find a way to transplant Rosetta 2 onto unsupported macOS releases, and if all else fails, there�s always virtual machines.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
- KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
|
