|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- [$] Caching for extended attributes
Extendedattributes (xattrs) provide a way to attach key/value metadata toinodes—files, directories, and the like—in a filesystem. As with manyLinux filesystems, the FUSE filesystemsupports xattrs. In a filesystem-track session at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, FUSE maintainer MiklosSzeredi led a discussion about caching xattrs in kernel memory; he wouldlike to create some common infrastructure that could be used by FUSE andshared with other filesystems.
- [$] Trying to make sense of package-manager metadata
Package managers for operating systems and programming languages have beenaround for decades. Each package manager, and its accompanying packaging format,has been shaped by the needs of its respective ecosystem, but there is a growingneed to make use of package metadata for more than software management: forexample, in vulnerability scans, software bills of materials (SBOMs), and more. OnMay 19, Damián Vicino spoke at the Open Source Summit North America 2026about his experiences in the past year trying to make sense of the variedmetadata provided by more than 20 package managers.
- Vim Classic 8.3 released
Version8.3 of Vim Classic has beenreleased. This is the first release of the Vim fork since the projectwas announcedin March.
This release is based on Vim 8.2.0148, with a number of bug fixesand patches conservatively backported from future versions of Vimupstream. We elected to clean up this version of Vim, prepare it for arelease, and imagine an alternate history where Vim 8.3 was releasedwithout Vim9 script. The result is Vim Classic 8.3. We chose to takethis approach in order to reduce the long-term maintenance burden ofVim Classic, acknowledging that our fork lacks the resources andinstitutional knowledge available to Vim upstream. However, aconsequence is that there are some Vim plugins which are notcompatible with Vim Classic.
We have made a special effort to assess patches from Vim upstreamwhich mitigate some of the many CVEs affecting Vim which werediscovered and fixed between versions 8.2 and modern-day Vim, but wecan't be sure we've got all of the security patches which areapplicable to Vim Classic (and practically exploitable). This versionof Vim Classic is therefore recommended for early adopters who arecomfortable adopting a security posture which accounts for the factthat we may have overlooked some bugs.
LWN covered VimClassic and another Vim fork, EVi, in April.
- Security updates for Tuesday
Security updates have been issued by AlmaLinux (php:8.2 and php:8.3), Debian (gst-plugins-good1.0, symfony, and yelp), Fedora (dovecot, freeipa, hplip, libpng, perl-Catalyst-Plugin-Authentication, postfix, samba, unbound, and vim), Mageia (assimp, libcaca, sdl2_sound, and tar), Slackware (kernel), SUSE (alloy, apache-commons-lang3, apache-commons-text,, apache2, bubblewrap, busybox, chromium, cups, docker-stable, ffmpeg-8, google-osconfig-agent, gsasl, ignition, java-26-openjdk, kernel, libsolv-demo, libsoup, libzypp, localsearch, openjpeg2, postgresql-jdbc, putty, python-mistune, python-Pillow, python-python-multipart, python-Twisted, python3-Twisted, re, roundcubemail, vim, wireshark, and xz), and Ubuntu (evolution-data-server, exim4, gsasl, haveged, lcms2, libreoffice, linux-aws, linux-lts-xenial, linux-lowlatency, linux-nvidia-tegra, nginx, nncp, qtdeclarative-opensource-src, sslh, sssd, and xz-utils).
- Ombredanne: An AI agent ported our codebase from Python to Rust
Over on the AboutCode blog, leadmaintainer Philippe Ombredanne writesabout an agentic LLM system porting the ScanCodeToolkit to Rust. In the process, the LLM (or the people behind it)infringed the ScanCode trademark, stripped copyright and license notices,"and started an outreach campaign, without ever engaging the AboutCodecommunity". Ironically, the toolkit is used to scan source code and binaries inorder to figure out licensing and copyright information; it also reports onpackagedependencies, vulnerabilities, and more.This is worth repeating: A comprehensive test suite, decent documentation, and curated datasets is what makes automated porting possible. It is also what makes a codebase easier to replicate without understanding it.
The agent's initial approach, using an existing Rust license-detection library, failed to match ScanCode's output quality. The agent then did what any translator would do when a loose paraphrase fails: it copied the original more closely. The final port reproduces ScanCode's core algorithms, code organization, and data-driven architecture in Rust, not because the agent understood them, but because it had enough training data and test feedback to converge on equivalent code.
- [$] Representing the true signatures of kernel functions
Optimizing compilers can, under some circumstances, infer when a parameter to afunction is not needed, and remove it. This is all well and good until thekernel's tracing or BPF subsystems need information on how to call the functionor where its arguments are stored.Alan Maguire and Yonghong Song spoke at the 2026LinuxStorage, Filesystem, Memory-Management, and BPF Summit about their work onrecording information regarding changed function signatures in the kernel's BTF debugginginformation, to better support tracing such functions.
- Seven stable kernels for the first day of June
Greg Kroah-Hartman has announced the release of the 7.0.11, 6.18.34, 6.12.92, 6.6.142, 6.1.175, 5.15.209, and 5.10.258 stable kernels. As usual, eachcontains important fixes throughout the tree, including a fix for the "CIFSwitch" vulnerability (CVE-2026-46243) which could allow a local-privilege-escalation exploit. Users are advised toupgrade.
- DistroWatch turns 25
The DistroWatch site is celebrating its25th anniversary. "All in all, it has been an incredible ride. Manyof you who read these pages regularly know that downloading and testingdistributions is a highly addictive pastime. I have been an aviddistro-hopper for the last 25 years and I don't see myself abandoning thisactivity for many more years to come." Congratulations to LadislavBodnar and all the others who have kept that resource going for so long.
- [$] Reconsidering x32 — again
The x32 ABI was meantto be the best of both worlds, providing the expanded registers andinstruction set of the x86-64 architecture while preserving the lowermemory use of 32-bit systems. The Linux kernel has supported x32 since the3.4 release in 2012. The initial excitement around x32 did not last,though, and kernel developers are considering removing that support — andnot for the first time. Even the most unloved features tend to have a fewusers, though, making removal hard.
- Multiple redhat-cloud-services npm packages compromised (StepSecurity Blog)
StepSecurity is reportingthat a number of npm packages in the @redhat-cloud-servicesscope include malware that runs automatically on every npminstall:
The payload is a multi-stage credential harvester that sweepsGitHub Actions secrets along with AWS, GCP, Azure, Kubernetes,HashiCorp Vault, npm, and CircleCI tokens, and it is purpose-built toevade detection, including an explicit attempt to bypass StepSecurityHarden-Runner.
StepSecurity analyzed @redhat-cloud-services/host-inventory-client@5.0.3 in full. Itsindex.js, executed at install time, is 4.2 MB, a file that shouldweigh a few kilobytes, with the real payload buried under threeseparate layers of obfuscation. The malware is also a self-propagatingworm: using stolen npm tokens and npm's bypass_2fa parameter, itrepublishes backdoored versions of other packages on its own, evenagainst accounts protected by two-factor authentication, so everyinfected machine can seed the next wave with no attackerinvolvement. All affected packages were published via GitHub ActionsOIDC from the RedHatInsights/javascript-clients repository, indicatingthe upstream CI/CD pipeline itself was compromised. Analysis of theremaining packages is ongoing.
A blogpost from SafeDep has additional analysis about the incident. We did not find an advisory from Red Hat on this yet.
- Benchmarking The Different CachyOS Linux Kernel Flavors
CachyOS ships with a good Linux kernel configuration by default balancing the different features as well as performance. But they also ship a variety of other kernel builds for those preferring a more leading-edge kernel or the current LTS series, a hardened kernel configuration, and more. In this article are some fresh benchmarks of the Arch Linux based CachyOS Linux distribution with some of its main kernel flavors.
- AMD Radeon RX 9070 GRE Linux Performance
Yesterday AMD kicked off Computex 2026 in announcing the Radeon RX 9070 GRE alongside a number of other product announcements. With the Radeon RX 9070 GRE going on sale today, the review embargo has now lifted on this new RDNA 4 consumer graphics card slated to be priced around $549 USD. Here is an initial look at the Linux performance benchmarks of this new AMD graphics card offering.
- Intel Xeon Diamond Rapids EDAC Driver Changes Readied For Linux 7.2
Ahead of Intel Diamond Rapids server processors launching in 2027, the Linux kernel continues getting into shape for these next-gen Xeon processors. The latest enablement work taking place for Diamond Rapids is readying the Error Detection And Correction (EDAC) driver support for propagating memory errors/correction information under Linux...
- European Parliament Ditches Google For French Search Firm
The European Parliament is replacing Google with French search engine Qwant as the default on in-house computers, citing digital sovereignty and privacy concerns. Politico reports: As of Thursday June 4, "Qwant will replace Google as default search engine on European Parliament computers," officials told lawmakers in an email seen by POLITICO. The change is being made "in line with the Parliament's commitment to digital sovereignty and the protection of users' personal data." The search-engine switch comes as Brussels doubles down on its push for âoetech sovereignty.â The European Commission will on Wednesday unveil its long-awaited tech sovereignty package aimed at reducing dependence on foreign technology providers and boosting European alternatives. The email described Qwant as a "privacy-focused European search engine" designed to avoid tracking users or collecting personal data. Founded in 2013, Qwant markets itself as a privacy-first alternative to Google. Searches conducted through the address bar in Firefox and Edge browsers will automatically be routed through Qwant, although lawmakers will remain free to use competing search engines or change their default settings.
 
Read more of this story at Slashdot.
- Russian Spy Agency Says Foreign Spies Turned Officials' Smartphones Into Surveillance Devices
Russia's FSB claims foreign intelligence services compromised smartphones belonging to senior Russian officials, allegedly turning them into surveillance devices capable of stealing data, recording conversations, and activating microphones or cameras. "This software is used to steal existing data, eavesdrop on ongoing conversations, and conduct covert acoustic and video monitoring of the environment near electronic devices, all aimed at obtaining sensitive information," the FSB said. The Register reports: The agency said it had opened a criminal investigation into illegal access to computer information and the distribution of malicious software. It did not identify the alleged intelligence service responsible, disclose how many officials were affected, name the malware involved, or provide any technical indicators that would allow independent verification of the claims. As things stand, the FSB has revealed the accusation but not the proof.
Read more of this story at Slashdot.
- Microsoft Deliberately Bricking All Office For Mac 2019/2021 Installations
Microsoft Office 2019 and 2021 for Mac will reportedly drop into "reduced functionality mode" on July 13, 2026, when a license-validation certificate expires, leaving perpetually licensed apps able to open files but not edit or save them. Slashdot reader joshuark shares a report from OSnews: "Microsoft Office 2019 and 2021 for Mac view-only conversion (2026) is a scheduled remote degradation of perpetually-licensed Microsoft Office software for macOS and iOS, set for July 13, 2026 when a license-validation certificate used by the Office apps expires," reports the Consumer Rights Wiki. "After Office 2019 for Mac reached end of support in October 2023, Microsoft assured customers their installed apps would 'continue to function.' The July 13, 2026 conversion instead drops the apps into a Microsoft-defined 'reduced functionality mode,' in which files can be opened and viewed but not edited or saved. By May 30, 2026, the original 2023 end-of-support page had been re-dated and rewritten on Microsoft's site; the 'continue to function' clause was removed." Microsoft's advice to the users they're stealing from is to keep using the applications as mere viewers, switch to the free Office 365 web applications, pay for a 365 subscription, or buy a brand new regular copy of Office 2024. None of these make any sense, and clearly, all of this should be illegal, but it's not because the software industry is a clown show.
Read more of this story at Slashdot.
- Microsoft Unveils Scout, an Autonomous AI Agent Built On OpenClaw
Microsoft has unveiled Scout, an experimental always-on AI "autopilot" agent for Microsoft 365 that can operate across Teams, Outlook, OneDrive, SharePoint, calendars, contacts, browsers, and external apps via MCP. "Autopilots stay active in the background, understand how work gets done across your apps and systems, and take action without needing to be prompted each time," said Omar Shahine, a Microsoft veteran who recently announced he is leading a new team to bring OpenClaw-based personal assistants to Microsoft 365 apps. Computerworld reports: Shahine said Scout can reduce mundane tasks that office workers face, such as coordinating and scheduling meeting times with colleagues, or blocking times in a user's calendar based on upcoming work commitments. "It can also spot risks, like stalled decisions, so you can address them before they become blockers," he said. It's available as an "experimental release" to customers of the company's Frontier program, Microsoft said, and will require Intune policy configuration and "opt-in attestation." [...] It's not clear whether Scout will be included in Microsoft 365 Copilot subscriptions or charged separately. Microsoft did not immediately provide additional details about pricing.
Read more of this story at Slashdot.
- Trump Signs AI Executive Order Asking Companies To Give Government Early Access To Models
An anonymous reader quotes a report from CNBC: President Donald Trump on Tuesday signed an executive order asking artificial intelligence companies to provide models to the federal government to assess their capabilities ahead of a full release. The order asks companies, on a voluntary basis, to participate in a benchmarking process to assess a model's "advanced cyber capabilities" and determine whether it should be considered a "covered frontier model." It then asks for access to those models up to 30 days before the companies plan to release them more broadly, and enables the government to help select the "trusted partners" that will receive early access. "Nothing in this section shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models," the order said. Trump signed the order in private, just weeks after he postponed a signing ceremony with prominent tech CEOs because he "didn't like certain aspects of it," he told reporters at the time. [...] Trump's AI order outlines several timeframes to develop directives and other guidance, specifically calling on the Department of Defense to prioritize the cyber defense of its information systems.
Read more of this story at Slashdot.
- Adafruit Pauses Blog After Demand Letter From Flux.ai's Lawyers
Longtime Slashdot reader Matt_Bennett shares a blog post from Adafruit: Adafruit received at 10:38 p.m. ET on May 22, 2026 a letter from former FBI chief of staff, Jonathan F. Lenzner, and partner at Fenwick & West LLP, counsel for Flux, demanding, among other things, that Adafruit refrain from publishing an article addressing what the letter characterizes as false and potentially defamatory claims about Flux, including statements about Flux's intellectual property, commercial traction and user base. The letter further asserts claims under the Computer Fraud and Abuse Act. Adafruit accessed only information that Flux's own systems made publicly available through a server misconfiguration. Adafruit's reporting concerns a matter of public security interest and was conducted in the ordinary course of responsible disclosure. Although Adafruit vigorously rejects the assertions made in Flux's May 22, 2026 demand letter, we have temporarily stopped publishing on the Adafruit blog while we consider our response and next steps. We will update the community as appropriate. For context, Adafruit is a major open-source hardware company and electronics retailer known for its maker-focused boards, components, tutorials, and community publishing. Flux.ai is relevant because it is building an AI-assisted circuit-board design platform aimed at changing how engineers create and collaborate on PCB designs. "Adafruit probably did a review of AI PCB tools," writes HN user karmicthreat. "I've used Flux.ai before; it was a pretty bad experience. After about 50-100$ in tokens a couple of times, I couldn't get more than a couple of simple components on the schematic. And not in sensible positions..." Redditor AlexTaradox adds: "Nothing was published as far as I know. I assume they did review of AI tools and likely contacted flux with some preliminary results, but flux saw where it is going and decided to block them from publishing any results. Flux is garbage and they obviously know it, but they need to hold for some time until some other scam acquires them. Doing anything with them is just asking to be screwed..." Further discussions are taking place on Reddit and Hacker News.
Read more of this story at Slashdot.
- User-Replaceable Batteries Are Coming Back In a Big Way
New EU battery rules taking effect early next year are pushing tech makers toward user-replaceable batteries in products like headphones, e-readers, handheld consoles, laptops, and possibly earbuds. But carve-outs for smartphones and tablets may mean replaceable batteries won't necessarily return to phones in the way many users remember. The Verge's Dominic Preston reports: Since the upcoming law doesn't actually come into force until February 18th, 2027, companies still have plenty of time to get their ducks in a row. Still, it's likely that before then we'll see more and more manufacturers launch products with user-replaceable batteries, across audio, e-readers, gaming handhelds, and more. Only time will tell whether most of those products are EU only, or whether the new European laws shape the nature of tech worldwide. It's likely that some product categories will move slower than others. Tech companies will have breathed a sigh of relief that wearables look likely to be exempt, but if wireless earbuds aren't carved out as well then there may be a scramble to adapt the miniature designs for easy replaceability. "The in-ear form factor demands extreme miniaturization, to fit the driver, antenna, processor, microphones and battery," notes a recent report from consultants Futuresource, going on to suggest that meeting the requirements will make earbuds both bigger and more expensive to manufacture. There also remains uncertainty about how some elements of the law will be interpreted. The law requires that user repairs be possible using "commercially available tools," which are "tools available on the market to all end-users." Right to Repair Europe's Alberico points out that this is a broad definition, likely to include a lot of tools not found in most houses, so there will likely be nothing to stop manufacturers requiring the sorts of less common screws that require dedicated electronics tool kits. There's also no strict definition of the "reasonable" price that manufacturers are required to set for spare parts. "That will likely take time -- and possibly litigation -- to clarify in practice," Alberico says. "But without fair access to affordable spare parts, repair will struggle to become the simplest and most attractive option for consumers." The big disappointment is that the separate phone and tablet legislation means we won't see any real changes there, so long as manufacturers make their batteries and devices durable. "This creates a false tradeoff between durability and repairability," Alberico says. "Robust, waterproof devices should not have to come at the expense of user-replaceable batteries. While the ecodesign legislation requirements meant an improvement in battery durability and replaceability, at Right to Repair Europe we'll continue to advocate for all products to be designed with user-replaceable batteries." Whether the EU will listen remains to be seen. Otherwise, the main product people seem to want to replace the battery in may remain one of the only ones where they can't.
Read more of this story at Slashdot.
- GitHub Copilot Users React To New Usage-Based Pricing System
An anonymous reader quotes a report from Ars Technica: In April, GitHub announced that it was moving subscribers from request-based billing to a usage-based model for its AI-powered Copilot service. As that new pricing model goes into effect today, many GitHub Copilot users are reporting some extreme sticker shock as they realize just how quickly their previous "normal" usage is burning through their newly limited monthly allotment of AI credits. Across social media and forums, many Copilot users are sharing personal statistics showing how just a few hours of AI usage can now account for a large chunk of their new monthly subscription caps. For some users, it reportedly took less than a day to use up a month's usage quota. That's a big change from previous months, when GitHub Copilot subscribers were allocated a certain number of "requests" and "premium requests" based on their payment tier. GitHub said that the old system meant that "a quick chat question and a multi-hour autonomous coding session [could] cost the user the same amount," forcing Copilot itself to "absorb much of the escalating inference cost behind that usage." [...] Indeed, some Copilot users have been sharing estimates from GitHub's own tool showing that their previous monthly usage would rack up bills in the thousands of dollars under the new pricing plan. Under GitHub's new usage-based pricing system, paid Copilot subscriptions instead grant users a certain number of AI "credits" each month, with one credit corresponding to $0.01 of usage. Subscribers also get bonus credits depending on their subscription level: the $10/month Pro plan includes 1,500 credits ($15 worth); the $39 Pro+ plan includes 7,000 credits ($70 worth); and the $100/month Copilot Max plan includes 20,000 credits ($200 worth). The precise number of Copilot credits used by a given prompt is determined by the number of input and output tokens used and the rates charged by the underlying large language model. That means pricing is highly dependent not just on the type of request but on the specific model that a user chooses. One million output tokens from OpenAI's GPT-5.4 nano would run just $1.25 on GitHub Copilot, but that same level of output would run $30 on the frontier GPT-5.5 model (Copilot users who rely on "Auto" mode to pick the most appropriate available model for any request should be extremely careful, as some users report it can switch to expensive models for extremely simple queries).
Read more of this story at Slashdot.
- Google Requests Permission to Release 32 Million Mosquitoes In California and Florida
Google has asked the EPA for permission to release up to 32 million sterile male mosquitoes in California and Florida over two years. The effort is part of the company's Debug program, which uses Wolbachia-infected males to reduce populations of disease-spreading Aedes aegypti mosquitoes. Google cites a similar approach in Singapore that helped suppress mosquito populations and reduce dengue cases. The Guardian reports: As part of its successful "Debug" program, Google is tapping into its tech expertise to raise an army of sterile male mosquitoes to lower the number of illness-spreading bugs. Mosquitoes -- the world's deadliest animal -- kill more people than any other creature in the world every year by spreading lethal diseases such as dengue, West Nile virus, Zika, chikungunya and malaria. A notice (PDF) from the federal register shows the US Environmental Protection Agency (EPA) is reviewing Google's request to release up to 16 million mosquitoes annually, in Florida and California, over the span of two years. The EPA will decide whether to greenlight Google's request for an experimental use permit after a public comment period, which ends on 5 June. Male mosquitoes don't bite or carry disease. One of the main approaches Google is testing involves rearing male mosquitoes with a naturally occurring bacteria, called wolbachia, which stops them from having offspring with wild female mosquitoes. When an infected male tries to mate with a wild female, her eggs won't hatch; Google explains in a blog post: "the population gets smaller with each generation."
Read more of this story at Slashdot.
- Texas Adds Another Huge Solar Farm As ERCOT Grid Demand Soars
Texas is adding another large solar project as ERCOT electricity demand rises. According to Electrek, Vesper Energy has secured $236 million in financing for its 201 MW Nazareth Solar farm in Swisher County, which will be capable of generating enough electricity for about 53,000 homes. The project is expected to begin construction in June 2026 and come online in fall 2027. From the report: Nazareth Solar will sit on more than 2,400 acres of private land and generate enough electricity to power around 53,000 homes annually. The project will neighbor Vesper's Hornet Solar (pictured above), another large solar farm the company developed. ERCOT faces growing demand from population growth, industrial expansion, and power-hungry data centers. And despite political attacks on renewables, solar continues getting built in this red state because it's one of the fastest and cheapest ways to add new electricity to the grid. Vesper says the project will bring new tax revenue to local schools, infrastructure, and emergency services, along with construction jobs and long-term operations roles. Participating landowners are also expected to receive long-term lease income from the solar farm.
Read more of this story at Slashdot.
- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Benchmarking The Different CachyOS Linux Kernel Flavors
CachyOS ships with a good Linux kernel configuration by default balancing the different features as well as performance. But they also ship a variety of other kernel builds for those preferring a more leading-edge kernel or the current LTS series, a hardened kernel configuration, and more. In this article are some fresh benchmarks of the Arch Linux based CachyOS Linux distribution with some of its main kernel flavors.
- Mir 2.27 Released With More Wayland Rust Code
Canonical today released Mir 2.27 as the latest version of this set of compositor libraries for easily building Wayland-based shells on Linux and fitting into the Ubuntu Linux paradigm...
- ASUS ZenVision Laptop Lid Screen Reverse Engineered & Now Able To Work On Linux
ASUS ZenVision is a feature of some ASUS laptops like the Zenbook 14X OLED Space Edition where there is a 3.5-inch monochrome screen embedded into the top lid of the laptop. From this mini display embedded into the top lid of the laptop it's possible to display animated themes, show the current date/time, battery status, or customized messages and the like. The practicality is rather limited as primarily it's for showing off to people around you besides when your laptop lid is closed, but now with experimental code it's now possible to use ZenVision on Linux...
- COSMIC Desktop9s Frosted Glass Is Giving Windows Aero Vibes
Some of the latest feature work for the Rust and Wayland based COSMIC desktop environment is on creating their new "Frosted Glass" appearance. It's getting closer to release and giving off Windows Aero vibes for that design language from the Windows Vista days...
- Preparing for KDE Plasma’s last X11-supported release
With KDE Plasma 6.7 almost ready for release, developers have moved on to working on 6.8, and with that release comes probably one of the biggest deprecations in KDE�s history: as of today, the X11 session is gone from KDE. Of course, this change won�t make it to people�s computers until 6.8 actually releases, but as far the code goes, the X11 session is gone. Once 6.8 is actually released, you will only be able to log into a Wayland KDE session. This won�t affect KDE applications running in other X11 desktop environments, and of course, X11 applications will keep working in KDE as well thanks to XWayland. It�s also important to note that this won�t affect anyone sticking to older versions of KDE Plasma; it�s not like X11 session support will be yanked retroactively. From here on out, a lot of X11 code will be removed from KDE, and developers will be able to focus on just one code path, instead of accommodating the lowest common denominator in X11. Our internal metrics within KDE show that over 95% of users of Plasma 6.6 are on Wayland, with a gradual increase every release. The metrics also show that basically no one is testing or developing Plasma on X11 anymore. The platform was already, for all intents and purposes, abandoned by KDE contributors. ↫ David Edmundson The transition from legacy X11 to Wayland has been a long, painful journey, but I�m glad we�re finally reaching the destination. If you�re still having issues with KDE on Wayland, be sure you�re using an up-to-date distribution � not an LTS one � and see how that goes for you.
- The newest Instagram exploit! is the goofiest I�ve seen!
Yesterday, a slew of Instagram accounts, including some high profile ones like the Obama White House account, seemingly got hacked. Look, I’m no spring chicken. I’ve spent almost a decade and a half identifying vulnerabilities and exploits at unicorn scale, but this is hands down the most unserious, almost too stupid to be true! of them all. ↫ Sid at 0xsid.com 0it�s AI! isn�t it? All the attacker needs to kick this off is your account username. Then, they hop on a VPN or proxy close to your city so Instagram�s security algorithms don�t suspect a thing. (You can quite easily get this from your public profile or About! section or a hundred other ways.) Once it looks like the request is coming from the correct region, they tell the Meta support AI that the account is hacked and ask it to send the verification codes to an arbitrary email address they control. ↫ Sid at 0xsid.com It�s AI!. Yes, all that you need to do to gain control over big, massively popular Instagram accounts is ask Facebook�s AI! to send the verification codes to whatever email address you desire. That�s it. There�s no other steps, no other checks, no other verification. And the worst part is that this isn�t even a hack; this is AI! working entirely as intended. And these tools are now coding the Linux kernel, LLVM, systemd, PulseAudio, rsync, your browser, and so much more. What could possibly go wrong?
- Microsoft is intentionally bricking all Office for Mac 2019/2021 installations
You�re a smart cookie, so you opted to buy a copy of Microsoft Office for macOS back in 2019 or 2021, eschewing the Office 365 subscription, so you could keep on using Office 2019/2021 forever if you wanted to. Just like in the old days. I�ve got some bad news. Microsoft Office 2019 and 2021 for Mac view-only conversion (2026) is a scheduled remote degradation of perpetually-licensed Microsoft Office software for macOS and iOS, set for July 13, 2026 when a license-validation certificate used by the Office apps expires. After Office 2019 for Mac reached end of support in October 2023, Microsoft assured customers their installed apps would continue to function.! The July 13, 2026 conversion instead drops the apps into a Microsoft-defined reduced functionality mode,! in which files can be opened and viewed but not edited or saved. By May 30, 2026, the original 2023 end-of-support page had been re-dated and rewritten on Microsoft�s site; the continue to function! clause was removed. ↫ Consumer Rights Wiki Microsoft�s advice to the users they�re stealing from is to keep using the applications as mere viewers, switch to the free Office 365 web applications, pay for a 365 subscription, or buy a brand new regular copy of Office 2024. None of these make any sense, and clearly, all of this should be illegal, but it�s not because the software industry is a clown show. Proprietary software is unethical.
- NVIDIA unveils RTX Spark chip for laptops and desktop PCs
It was an open secret that NVIDIA was working on an ARM-based system-on-a-chip for laptops and desktops, and today at Computex 2026 the company unveiled what it�s been working on. It�s surely a beast, and unsurprisingly, it�s lathered in AI! buzzwords. At full strength, this chip offers up to 20 Arm CPU cores, a Blackwell GPU with 6,144 CUDA cores, 128GB of LPDDR5X RAM, and up to 300 GB/s of memory bandwidth. That powerful CPU and GPU, connected over NVLink C2C, and the large memory pool give AI agents and 120-billion-parameter models plenty of power and space for long-running tasks with context lengths stretching to a million tokens, according to Nvidia. RTX Spark will power high-end laptops from partners including Dell, HP, Lenovo, Asus, and MSI � and notably, a new Surface Ultra laptop from Microsoft. Nvidia says it’s worked with those partners to create “the most extraordinary laptops ever built,” with tandem OLED G-Sync displays, “all-day” battery life, premium aluminum chassis with large glass touchpads. ↫ Jeffrey Kampman at Tom�s Hardware I couldn�t care less about the AI! nonsense, but the chip itself seems like an absolute monster for laptops and mini PCs. With that much power and a solid NVIDIA GPU, these are also great for gaming and creative tasks, making them feel like the first true competition in the PC space to Apple�s M series of chips. They�re planned for late 2026, and tellingly, there�s no pricing information just yet.
- You don�t love systemd timers enough
My favorite metonymic technology term is cron job!: even though cron may not literally be the daemon that executes actions on a schedule, we apply the term to anything that walks like a cron and quacks like a cron. As Patrick McKenzie likes to point out, cron jobs are one of the most eminently useful computing primitives. They offer utility that�s almost immediately obvious for plenty of use cases that almost everybody has: do this every day; do that once a month. And yet. You probably shouldn�t use literal cron (or its more modern cousins) for scheduled tasks! In 2026 there are more modern options available, and my favorite is the humble systemd timer. I love systemd timers. If you don�t love them yet, maybe I can show you the reasons why you should love them, too. ↫ Tyler Langlois These are just timers. They are not consuming your computer or taking over the open source world. They do not phone home to Red Hat. These are just timers.
- MorphOS 3.20 released
Almost exactly 18 months after 3.19, the MorphOS team has released MorphOS 3.20. This is a major release, as it adds support for the upcoming Mirari PowerPC motherboards, which we talked about when that project was first announced. I�m quite excited about the Mirari, and can�t wait to have one, and MorphOS is the one operating system I really want to run it on. I have an almost mint condition PowerBook G4 17C specifically for MorphOS, but the hardware is simply too outdated to keep up with modern demands, which is sad, because MorphOS can clearly keep up if it had modern hardware. So, MorphOS 3.20 adds support for the Mirari platform and its various components, like its thermal management solution, networking, and so on. MorphOS 3.20 also expands the number of support Radeon graphics cards, improved support for various HDMI and DisplayPort ports, better support for multiple monitors, and overall better graphics performance in general. There�s also SFS2 support throughout the operating system so MorphOS now supports file sizes of up to 4GB and partition sizes of up to 2TB. The Ambient UI has also seen extensive work to improve performance and stability, as well as add a bunch of new features. Several new applications and utilities are included in MorphOS 3.20, such as DriveImager, MirrorBackup, SMARTDoctor, OFHTTP, OFHash, OFDNS, Replace, and Automator for scripting and controlling MUI applications. Iris has been updated to version 1.53 and now includes the new Contacts companion application for CalDAV-based address books. FlowStudio received extensive improvements for project management, printing, Markdown support, and development workflows. Networking and connectivity have also been improved with updates to OpenSSH 10.3p1, TLS 1.3 support in RDesktop, expanded SMB2 filesystem improvements, and improved USB, audio and multimedia subsystem stability. Numerous system libraries and frameworks including MUI, ixemul, Cairo, Harfbuzz, Freetype, OpenSSL4, and ObjFWRT have been updated or significantly modernized. ↫ MorphOS 3.20 release announcement Of course, there�s also the long list of smaller changes, bugfixes, and performance improvements. MorphOS has wide support for Apple PowerPC hardware, which is probably your best bet for using the operating system for now, at least until the Mirari becomes available for purchase.
- Accessibility input tool removes X11 support, doesn�t want to support Wayland; users caught in the middle
A sad, painful, and infuriating read for this calm Sunday. In recent years, a lot of attention has gone into improving the output side of the accessibility story on Wayland � screen readers and the like � but apparently, the input side has languished. People with reduced mobility need affordances and tools to use computers, but those aren�t ready for Wayland. A popular set of tools here is Talon Voice, which allows people with reduced mobility to create powerful hands-free input methods. The examples the article gives are incredibly cool, and it�s easy to see how Talon would become a cornerstone for people with reduced mobility who needs hands-free (or hands-fewer?) computer input methods. So what�s going wrong here? Talon requires deep integration with the window manager and compositor to carry out even the most basic of its duties, and Wayland offers… Absolutely no way to perform any of those actions. Frustrated by the endless lack of progress towards a real set of solutions for the entire ecosystem, and inundated by an endless series of requests for Wayland support which he cannot provide, Aegis, the main (and only) developer of Talon, has made a declaration: Enough. Talon Voice will imminently remove ALL Linux support from the public release, as X11 continues to sunset and users are switched to an environment in which their system can no longer function, with no option to go back. ↫ Insane Rambles About Technology So not only will Talon not gain Wayland support any time soon, its developers are even removing X11 support from it. What this means is that even if you decide to stick to X11 because Wayland doesn�t fulfill your needs, you�re eventually going to run into a brick wall. This is merely annoying if you need to use a different application for remote desktop or whatever, but it�s absolutely devastating when it involves the very input method you use to use your computer in the first place. There is some important nuance here though that the article doesn�t mention. The article takes the word of Talon�s developers as gospel, but in my conversations with KDE developers, a different story emerges. What they tell me is that Wayland implements all the APIs needed for Talon to work, but that Talon�s developers are simply not interested in using them. Apparently, KDE developers and others have tried to contact Talon�s developers, but their offers to help are being ignored. They�re being told Talon is simply not interested in supporting Wayland, end of story!. So, the story here seems to be a lot more complex than just Wayland bad!, and I�m getting a bit of a vibe that the Talon developers are, despite claims to the contrary in the article, indeed removing X11 support out of spite. Talon is entirely within their right to not want to work on Wayland support, but then just be honest with your users and say so, instead of pinning everything on Wayland bad!, being dishonest about Wayland�s capabilities, and ignoring offers of help and support from some of the most knowledgeable and capable developers in the field. Of course, that�s absolutely of no relevance to people like the author of this article who depend on these tools to use their computers. They�re caught in the middle of a transition and experiencing the worst byproducts, and that�s a huge failure on everybody�s end � Wayland, Talon, and desktop environments alike. I hope the parties involved can sort this out quickly, because everyone deserves equal access to computers, doubly so in the open source world.
- Remember when people said open video codecs would never win?
The Alliance for Open Media has published the first version of the AV2 specification. AV2 is the next-generation video coding specification from the Alliance for Open Media (AOMedia). Building on the foundation of AV1, AV2 is engineered to provide superior compression efficiency, enabling high-quality video delivery at significantly lower bitrates. It is optimized for the evolving demands of streaming, broadcasting, and real-time video conferencing. This specification serves as the definitive technical reference for AV2 implementations. It outlines the bitstream syntax, semantics, and decoding processes required to ensure full conformance. AV2 provides enhanced support for AR/VR applications, split-screen delivery of multiple programs, improved handling of screen content, and an ability to operate over a wider visual quality range. ↫ AV2 website Do you remember when the video codec wars � open vs. closed � were raging all across the web, for years? Even back then I argued that open would win, as it usually does, and over 15 years later the most widely-used video codecs on the planet being open is just a normal fact of life nobody writes or talks about anymore. VP8, VP9, AV1, and now this upcoming AV2 are all open and royalty-free, the by far largest video platform, YouTube, serves them by default, and the video codec problem is a solved problem, relegated to the spinning disk drive of history. I was told I was an idealist and that this would never happen, and yet, here we are.
- DECmate II: the little PDP-8 that could
When Cameron Kaiser speaks, we listen. In 1982, as we mentioned at length with our history of the DEC Professional, Digital Equipment Corporation attempted to keep their PDP-11 minicomputer market-relevant by turning the venerable architecture into a largely incompatible desktop microcomputer. But that wasn�t the only PDP-series mini it happened to, and it wasn�t even the first: the PDP-8 actually got the shrink-ray treatment several years before, and not content to merely make it into a smaller general purpose computer, DEC turned it into a word processor. ↫ Cameron Kaiser at Old Vintage Computing A word processor that�s still sort of a PDP-8 inside, and that could run CP/M or even DOS using a Z80 or 8086 expansion card.
- Settlers of Catan, TUI edition
A beautiful TUI might not be particularly accessible, and there�s effectively zero consistency between how different TUI applications look, feel, and behave, but damn if an amazing TUI isn�t a work of art. Case in point: El Poblador. This is a TUI version of Settles of Catan, written in Go. That�s it. That�s the post.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
|
