Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

Show Descriptions... (Show All/All+Images) (Single Column)

LWN.net

  • The Linux.org story
    Rob Kennedy has posted thestory of the birth of Linux.org — oneof the earliest Linux-related web sites — and its more recent rebirth.
    The site was founded in May 1994 by Michael McLagan, at a time when Linux itself was barely three years old. Linus Torvalds had only just released it to the world, there was no real way for a newcomer to find their footing, no search engines, no Wikipedia, none of the infrastructure people take for granted now for figuring out a new piece of technology. Michael built linux.org to fill that gap, a place for people to learn about Linux and follow the movement as it grew.


  • Call for topics for the 2026 Maintainers Summit
    The Maintainers Summit is an annual, invitation-only gathering of kerneldevelopers and maintainers to discuss development-process issues; see LWN's 2025 Maintainers Summit coverage for anexample. The call fortopics for the 2026 gathering (Prague, October 8) has gone out.One of the best ways to obtain an invitation to the Summit is with a goodtopic proposal. For best consideration, topics should be submitted beforeJuly 24.


  • [$] Sending packets directly from BPF
    Tetragon, the BPF-based security monitoring tool,uses BPF to monitor different aspects of a running kernel andenforce user-specified policies. It sends its data to a user-space process,which forwards the data to a central monitoring service elsewhere in thenetwork, however. Thispresents a point of vulnerability: if an attacker can kill Tetragon's user-spaceagent, it won't be able to properly report on the situation. Song Liu, MahéTardy, and Liam Wiseheart spoke about their work removing the need for theuser-space agent at the 2026Linux Storage, Filesystem, Memory-Management, andBPF Summit.


  • Security updates for Tuesday
    Security updates have been issued by AlmaLinux (389-ds:1.4, buildah, freeipmi, freerdp, gegl, gimp, golang, kernel, libreoffice, maven:3.9, openexr, perl-DBI, plexus-utils, podman, tomcat, tomcat9, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (imagemagick, p7zip, and redis), Fedora (breezy, calibre, and golang-github-openprinting-ipp-usb), Mageia (ffmpeg, gzip, haproxy, libheif, libtiff, libxml2, packages, perl-List-SomeUtils-XS, and perl-Socket), SUSE (alsa, chromedriver, curl, dhcpcd, docker-compose, glibc, haproxy, ImageMagick, jq, kernel, kubernetes, libpng15, libredwg-devel, libslirp, nghttp2, php8, python-Pillow, python313-Django, python313-weasyprint, qemu, rust-keylime, sccache, and systemd), and Ubuntu (cifs-utils, libexif, libreoffice, libssh2, openssh, and pipewire).



  • Final normal Debian bookworm release
    Debian hasannounced the final normal update for Debian 12 ("bookworm"). Long-term-support updates will continue until 2028. As may be expected from a stable version, the update is mostly limited to security fixes. Still, it may be time for Debian users to look into upgrading to a more recent version. Conveniently, Debian 13 ("trixie") alsoreceived an update this weekend, with many of the same security fixes.


  • Security updates for Monday
    Security updates have been issued by Debian (chromium, libxfont, mesa, opam, and wireless-regdb), Fedora (acl, attr, chromium, cjson, composer, docker-compose, jfrog-cli, librabbitmq, libssh2, libXfont2, log4cxx, OpenImageIO, openssh, p11-kit, perl-Crypt-DSA, perl-HTML-Gumbo, prometheus, python-dulwich, python-idna, python-pillow, python-tornado, sssd, tmux, upower, webkitgtk, xorg-x11-server, and xorg-x11-server-Xwayland), Mageia (libarchive and vim), Oracle (389-ds:1.4, buildah, cups, edk2, freerdp, golang, grafana, gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, kernel, libexif, libsolv, libtasn1, libxml2, nginx:1.24, nginx:1.26, nodejs:22, nodejs:24, oci-seccomp-bpf-hook, podman, postgresql:18, python-urllib3, tigervnc, tomcat, unbound, and xorg-x11-server), Slackware (p11-kit), and SUSE (agama, dash, dracut, flannel, go1.26, gsasl, gstreamer-plugins-good, ImageMagick, imagemagick, kernel, krb5, krb5, krb5-mini, libIex-3_4-33, libmbedtls23, libxfont2, nasm, nghttp2, perl-CGI-Session, perl-dbi, perl-List-SomeUtils-XS, python-pillow, python-social-auth-app-django, python-urllib3, python313-Django4, python313-Django6, python313-pytest-html, python313-sqlparse, python313-websockets, rclone, rust-keylime, rustup, sccache, spectre-meltdown-checker, sssd, terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid, thunderbird, tiff, traefik2, xorg-x11-server, and xwayland).


  • Kernel prepatch 7.2-rc3
    The 7.2-rc3 kernel prepatch is out fortesting. Linus said: "Things continue to look normal (the 'new normal'with slightly higher rates of commits, although I do get the feeling thatwe're seeing that slightly balanced out by people starting to go on summervacation)".


  • [$] An update on the scraper situation
    Our article "Fighting the AI scraper botscourge", published in early 2025, discussed the problem of widespreadscraping of web sites in search of training data for large language modelsand related projects. This activity overwhelms sites with traffic. Over ayear after that article is published, the problem is still growing. Thehammering of sites by shadowy actors has reached new heights, and the openweb is becoming increasingly difficult to maintain. Where is this trafficcoming from, and what can be done about it?


  • [$] QBE 1.3: metaprogramming, performance, and cross-platform support
    QBE, a compact compiler backend developed by Quentin Carbonneaux, is alightweight alternative to larger compiler backends such as LLVM and GCC.Designed to be small enough for a single developer to understand, QBE uses astatic single-assignment (SSA) intermediate representation (IR), supports the C ABI,and serves as the backend for projects such as Hare andthe cproc C11 compiler. Frontendsemit the textual form of QBE's IR directly; QBE then takes care of register allocation,optimization, and native-code generation, producing assembly for the targetarchitecture.



LXer Linux News








  • Reworked System Call Entry Handling Slated For Linux 7.3
    Stemming from looking at a proposed Linux kernel patch to alter the Linux kernel's system call number handling, veteran Linux kernel developer Thomas Gleixner went down a rabbit hole of the kernel's system call entry handling to make a number of clean-ups and improvements to the code. That rework to the system call entry handling is now expected to land for the Linux 7.3 kernel cycle...




Linux Insider"LinuxInsider"












Slashdot

  • House Votes For Permanent Daylight Saving Time
    The House voted 308-117 to pass the Sunshine Protection Act, which would make daylight saving time permanent nationwide and end the twice-yearly clock change. The bill faces an uncertain future in the Senate, "where one G.O.P. leader said it was unclear whether it could move ahead and at least one Republican appears inclined to try to block it," reports The New York Times. Some sleep experts oppose permanent daylight saving time, arguing that year-round standard time better aligns with circadian rhythms and winter morning safety. The New York Times reports: President Trump has championed the effort to save an extra hour of daylight before nightfall and make the time zone permanent, describing the ritual of moving clocks forward in the spring and back in the fall a "ridiculous, twice yearly production." "We are going with the far more popular alternative, Saving Daylight, which gives you a longer, brighter Day," Mr. Trump wrote in a social media post in May. "And who can be against that." A sizable bloc of Florida Republicans in Congress is leading the charge on legislation that would do just that, mandating daylight saving time nationwide for the entire year. Representative Vern Buchanan of the Tampa Bay area is backing the bill, and Representative Anna Paulina Luna, another Tampa Bay-area Republican, cosponsored it. House leaders agreed to allow a vote on the measure this week as a sweetener for Ms. Luna in their efforts to persuade her to lift a legislative blockade she had maintained as she sought to force Senate action on a voting restriction bill Mr. Trump has championed.


    Read more of this story at Slashdot.


  • Iran Abused Mobile Networks' Vulnerabilities To Locate US Military In Middle East
    An anonymous reader quotes a report from TechCrunch: The Iranian government abused well-known vulnerabilities in the global telecoms infrastructure to locate U.S. military personnel in the build-up to the Iran War, as well as in the early days of the conflict, according to Financial Times. The Iranian government exploited Signaling System 7, or SS7, a set of protocols for 2G and 3G networks that has long been the backbone of how cellular networks connect to each other to route subscribers' calls and texts around the world, the newspaper reported, citing research by the Mobile Surveillance Monitor, as well as anonymous government officials with knowledge of the spy campaign. Intelligence agencies have long abused SS7 to track cellphones abroad, which is what happened in this campaign. Using this technique, Iran was reportedly able to locate U.S. military forces stationed in military bases as well as hotels in Iraq, Bahrain, and other countries in the Middle East, which allowed the regime to strike them. These attacks resulted in several injuries. Apart from SS7, Iran also abused advertising technology used to serve tailored ads to cellphone users, another well-known surveillance technique that relies on everyday technology.


    Read more of this story at Slashdot.


  • OpenAI's First Device Will Be Moveable, Screenless Speaker Built as AI Companion
    OpenAI is reportedly developing a screen-free, portable smart speaker meant to act as a personalized home computer and humanlike AI companion. "It will help control smart-home appliances, play media, answer questions, respond to messages and tap into the range of capabilities offered by OpenAI's ChatGPT," reports Bloomberg, citing people familiar with the matter. The device, expected to be unveiled this year and released in 2027, would mark OpenAI's first major hardware push after acquiring Jony Ive's io Products. Bloomberg reports: Apple sued OpenAI last week, accusing the company of stealing trade secrets. But OpenAI believes that the device veers significantly from anything Apple has on the market today and that it's unlikely that it violates trade secrets belonging to the iPhone maker, the people said. OpenAI's success in hardware will hinge on bringing a novel approach to the market -- something it aims to do with the smart speaker. For instance, the device's technology is meant to become increasingly personalized and proactive as it gains a deeper understanding of its owner over time, according to the people. OpenAI envisions the device anticipating needs, surfacing information proactively and serving as an expert on its user, they said. Though the speaker is designed to stay in the home, it will be easy to move around the house. OpenAI believes the product's defining feature will be its personality and ability to connect on a humanlike level with users. The speaker incorporates mechanical elements that can move on their own, creating a sense that it is alive and not just an object responding to commands. The machine also will draw on personal information such as emails to better understand its owner. The goal is for the device to feel like a companion and become a physical manifestation of OpenAI's ChatGPT. Still, the exact plans could change as the company works through the development and legal process. The device's communication abilities will rely on a more advanced version of the ChatGPT Voice Mode -- GPT-Live -- that OpenAI rolled out this month. The new voice mode is designed to act more like a human. It can listen and talk at the same time, adapt more naturally during conversations, and quickly process information. Though the new product resembles a speaker, OpenAI internally describes it as the first of its kind: a computer built for AI to help make busy people more productive. It includes a camera and other sensors that help it understand a user's surroundings and context, as well as advanced AI models beyond those available on conventional smart speakers. Another central difference is that the device includes a rechargeable battery, allowing it to be carried from room to room throughout the day. A user could bring it into the laundry room while doing chores, move it into the kitchen for cooking assistance, and later place it in a living room or bedroom to have it play music. It can also remain plugged into a single room if the customer chooses.


    Read more of this story at Slashdot.


  • Google Images Gets a Pinterest-Like Redesign Focused On Discovery
    Google Images is getting a Pinterest-like redesign that turns image search into a personalized discovery feed, with "For You" galleries, real-time updates, and collections for saving visual ideas. "Google is also adding a way for users to create AI images right in Search, as it celebrates 25 years since the debut of Google Images," reports TechCrunch. From the report: After navigating to the redesigned Google Images, users will see a "For You" gallery of images tailored to their interests and browsing history. Like Pinterest, the gallery is designed for continuous browsing, with Google saying it updates in real time with new images. As users browse, they can save ideas to their "collections," which will appear as tabs above the main gallery of photos. For example, users can create collections for things like vacation outfit ideas, travel inspiration, and ways to design a reading nook, which they can come back to later. [...] As for generating images directly in Search, Google says the feature is meant for moments when you have a highly specific idea for an image that doesn't already exist online. Google is bringing image generation directly into AI Overviews on Search and will use its latest Nano Banana model to transform a text prompt into a custom visual. The feature can also help users reimagine spaces and visualize ideas, such as seeing what a room might look like painted red or what a dorm room with a coastal theme could look like.


    Read more of this story at Slashdot.


  • Lawsuit Claims Meta's Layoff Decisions Were Made By AI, Not Humans
    A lawsuit from 26 Meta employees alleges the company used AI-driven scoring and monitoring systems to select workers for layoffs, disproportionately targeting employees with disabilities or those who had taken protected medical, family, pregnancy, or parental leave. "Meta did not assemble the termination list through the considered judgment of managers who knew the work. Instead, Meta used a constellation of internal artificial-intelligence systems -- including a system referred to internally as 'Metamate,' employee-trained 'second-brain' agents, keystroke- and activity-monitoring data, AI-token-usage dashboards, and algorithmically assisted performance ranking and calibration -- to score, rank, and select employees for inclusion on the list," the lawsuit (PDF) said. Ars Technica reports: Employees were allegedly graded, among other things, on how much they used Meta's AI tools. "Meta's internal dashboards classified employees by their stage of adoption of its artificial-intelligence tools, using categories such as 'AI Native,' 'AI First,' and 'AI Enabled,'" the lawsuit said. The lawsuit is apparently "the first against a major U.S. company to challenge the alleged use of AI in conducting layoffs," according to Reuters. The complaint alleges that Meta's tools for monitoring employees did not account for differences caused by disabilities and protected leaves. "Those tools draw on inputs -- performance ratings, calibration scores, productivity and output metrics, 'AI-native' ratings, and AI-token consumption -- that, by design, cannot be accumulated by an employee who is on protected medical or family leave, or whose output is reduced by a disability," the lawsuit said. The lawsuit alleged that Meta management did not take steps to adjust scores for employees who took leave or who requested reasonable accommodations for disabilities. "Meta did not neutralize those inputs for protected leave; did not exclude protected-leave-takers or accommodation-seekers from the selection cohort; and did not pause the system for the individualized, leave- and accommodation-neutral review that the law requires," the complaint alleged. "The result was that employees who took protected leaves were disproportionately selected for layoff, based on scoring that not only failed to account for their protected leaves, but in effect penalized the employees for exercising their legal rights to these leaves." The 26 plaintiffs requested leaves or disability accommodations in the 24 months before being selected for layoffs, the lawsuit said. The layoffs are not yet finalized, but employees are scheduled to start losing their jobs on July 22, the lawsuit said. "These claims lack merit and are not based on facts," said Meta in a statement. "Workforce management and organizational decisions were and are made by people, not AI."


    Read more of this story at Slashdot.


  • Google DeepMind Calls For US To Spearhead AI Standards Body
    Google DeepMind chief Demis Hassabis is calling for a U.S.-led AI standards body to review frontier models for national security risks such as cybersecurity and biological threats. His proposal would create a federally overseen public-private organization, initially voluntary and eventually mandatory for U.S. deployment. CNBC reports: Google DeepMind boss Demis Hassabis, a Nobel laureate, said in an article posted on X on Tuesday that "urgent action" was needed to address risks associated with artificial general intelligence (AGI) -- the point at which AI matches or surpasses human intelligence. "We've already seen the challenges frontier models pose for cybersecurity, and other threats including nuclear and bio risks may soon emerge as capabilities continue to advance," he said. [...] Hassabis said the U.S. was well positioned to lead in developing an AI framework "given its economic and technical standing." "It could establish a new Standards Body modelled on a federally overseen public-private partnership or self-regulatory organisation, much like the Financial Industry Regulatory Authority (FINRA), with a board that includes independent leading technical experts and open-source representatives," he added. FINRA regulates brokerage firms and exchange markets in the U.S. The proposed body would need "substantial" funding "in order to attract world-class technical talent and provide the necessary compute resources for large-scale testing," Hassabis said. Funding would "likely" come from industry, he added. Frontier labs would initially voluntarily share models with the body for review up to 30 days before release, before becoming mandatory for deployment in the U.S. market after being shown to be "effective." "Specific agentic AI tests could look for attempts to bypass safety guardrails or signs of deception, and ensure best practices, such as digitally watermarking AI-generated images and generating human-readable output tokens to understand model reasoning," Hassabis said. Further reading: Over 200 Economists Say 'We Must Act Now' On AI's Economic Impact


    Read more of this story at Slashdot.


  • Linux Foundation's Latest Foray Is To Standardize Internet-Native Payments For AI Agents
    Today, the Linux Foundation launched the x402 Foundation to standardize internet-native payments for AI agents, APIs, and applications, based on Coinbase's contributed x402 protocol. Backed by companies including AWS, American Express, Cloudflare, Google, Mastercard, Stripe, and Visa, the effort aims to make payments work directly over HTTP (assuming users are comfortable letting AI agents handle financial transactions). "The whole idea is to give agents access to money and, through that financial independence, improve their set of capabilities to pretty much anything on the internet," Lincoln Murr, Coinbase's AI product lead, told CNBC last month when the company announced the protocol. "In the 2010s, every internet company dealt with the transition from desktop and web into a mobile environment. And now in the late 2020s, we're seeing the exact same thing happen where agents are going to be the new primary economic actors on the internet."


    Read more of this story at Slashdot.


  • OnePlus Is Reportedly Shutting Down In the US, Europe
    OnePlus will reportedly announce this week that it is shutting down its brand in the U.S. and Europe, following months of signs that parent company Oppo was winding down the brand's global presence. India and China are reportedly unaffected, but it's unclear whether Oppo will replace the brand directly in those markets. The move also raises questions about future support for existing OnePlus users. 9to5Google reports: WinFuture reports that OnePlus is gearing up for an official withdrawal from the U.S. and European markets, with the announcement due in the "coming days" this week. Closed-door press conferences have apparently happened, with no details shared on the exact reason OnePlus as a brand is shutting down in these markets. India and China are, as far as this report claims, not affected. The report, citing "well-informed sources," notes that this OnePlus announcement will come amid "fundamental changes" to Oppo's strategy, but the big point here is the global death of OnePlus.


    Read more of this story at Slashdot.


  • IBM Stock Collapses After a Grave Warning About AI
    IBM shares plunged after the company warned that Q2 revenue and earnings would miss expectations, blaming customers' sudden shift in spending toward AI hardware instead of software services. However, CEO Arvind Krishna did not place all the blame on IBM's customers. The CEO also said it "faltered" by failing to "anticipate the magnitude of the capex reprioritization." "These conditions require our teams to execute perfectly, and this quarter we faltered. We did not adapt and move quickly enough, and numerous large deals failed to close on the timelines we expected, driving the majority of our shortfall." Fast Company reports: In the preliminary report, IBM said that for its second quarter of fiscal 2026, it expects revenue of $17.2 billion, which is up 1%. It also said it expects a Non-GAAP Diluted Earnings Per Share (EPS) of $2.93, up 5%. However, as noted by CNBC, these preliminary results are below what analysts were expecting, which was $17.86 billion in revenue, and an EPS of $3.01, according to FactSet data.


    Read more of this story at Slashdot.


  • New York Becomes First State To Impose Data Center Moratorium
    New York has become the first U.S. state to impose a moratorium on large new data centers, pausing construction for one year over concerns that AI-driven data center growth is raising utility bills, straining water supplies, and burdening communities. "As data center development threatens to hike up utility bills, deplete our natural resources, and create uncertainty for New Yorkers, it's my responsibility to take action and lead," said New York Governor Kathy Hochul. She will also pursue legislation to repeal sales tax exemptions for large data centers, Hochul added. Reuters reports: The construction ban will apply to data centers that use 50 megawatts or more of power, officials in the governor's office said. During the moratorium, the state's Department of Environmental Conservation will not issue any discretionary permits not already deemed complete, the governor's office said. Instead, Hochul directed state officials to develop a Generic Environmental Impact Statement to ensure that new data centers coming online are held to "consistent standards," as well as examine the potential environmental impacts of the construction and operation of data centers in the state. The ban will be lifted once the state finalizes those standards, according to Hochul's office.


    Read more of this story at Slashdot.


www.theregister.com - Articles












Linux.com




  • From DHCP to SZTP – The Trust Revolution
    By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]

    The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.








Phoronix




  • BOSGAME VTA-439: A Great, Linux-Friendly Mini PC Powered By AMD Ryzen AI 9 HX 470
    For those that were intrigued by the recent launch of the AMD Ryzen AI Halo developer platform with a very capable mini PC but looking for something more affordable and not needing quite as much horsepower or AI focus, BOSGAME recently launched their VTA-439 mini PC. The BOSGAME VTA-439 is powered by the AMD Ryzen AI 9 HX 470 with Radeon 890M graphics for those wanting still quite a capable mini PC that retails for around $1,049 USD while sporting 32GB of RAM and 1TB NVMe SSD storage.









Engadget"Engadget - Technology News & Expert Reviews"











OSnews

  • Haiku gets NetBSDs NVMM, beta 6 release planned for August
    Haiku has another buy month of development activity to detail, and theres a big ticket item this time, even if the developers themselves dont consider it so. The thing that should be the biggest news item this month is that the GSoC 2024 work to port “NVMM”, the NetBSD Virtual Machine Monitor (which runs on more than just NetBSD, despite the name), providing hardware-accelerated virtualization support for QEMU, was finally merged. Unfortunately it still doesn’t fully work, so it’s still disabled by default: hence, it’s only a minor news item, unfortunately. ↫ waddlesplash on Haikus website It may not work due to  so far  not well-understood problems causing any complex virtualised operating system to crash in a variety of ways, but since these problems seem related not to NVMM but Haiku itself, I still think this is a big piece of news. If the problems can be addressed, Haiku will have proper virtualisation, which is crazy to think about. Theres a forum thread in case you wish to help out with this effort. Other than this major news, theres the usual list of small fixes and changes, including preliminary work on USB Ethernet support, which, when working, could be very welcome news for people whose onboard Ethernet doesnt work with Haiku. The team also believes a beta 6 might actually be released this August, but once again Id like to underline that Haikus nightlies work just fine, and you really dont need to wait for a beta.


  • People are starting to think twice about buying Facebooks pervert glasses
    I have yet to see any of these creepy camera glasses Facebook (and a few other companies) are selling. One of the many benefits of living in Arctic Sweden, where people are reserved, keep their their distance, and try not to draw attention to themselves, is that new technology fads dont really permeate society here. The odds of me spotting one of these creepy predator glasses in my remote town are incredibly slim, and to me, thats a feature, not a bug. Meanwhile, in places where these creepy things can actually be found in the wild, a backlash is thankfully growing. Will Kujawa, a freelance video producer, said that he has been thinking about buying a pair of Meta glasses with prescription lenses to film behind the scenes content during his shoots, but the online backlash has given him second thoughts. He says he was blown away by how mean some of the people were! in response to his social media posts about considering buying a pair. I saw all these comments about if you wear those glasses youre basically a predator or a creep, and I was like, oh, maybe its not a good idea to have those,'! he told Engadget. But he says he understands why people have concerns. I didnt really think that through all the way … there are a lot of times where its not appropriate to wear cameras on your face. And even though I would have no intention of do anything creepy with them, it didnt even occur to me other people just assume that automatically.! ↫ Karissa Bell at Engadget I can maybe see a use for these things in specific professional environments, but even then, obviously not ones made by Facebook, one of the, if not the creepiest companies in technology history. If I were to see anyone out here in the real world using one these things, I, too, would automatically assume that the guy (statistically speaking) wearing them is a creep. I can only imagine what the people most often targeted by creepy men would think encountering some rando wearing these. Clearly, these things should be made illegal outside of specific professional environments where they could potentially be useful. While its impossible to stop tools like these from making their way into the hands of creeps, it at least provides the justice system with a clear method of nailing them to the wall. They didnt get Al Capone for any of his violent crimes  they nailed him for tax evasion.


  • The GDID really isnt the only way Microsoft can track Windows users
    In what should be a surprise to absolutely nobody, Microsoft assigns a persistent identifier to every Windows installation, tying it to its user, and the company has no issues handing it over to law enforcement. Abhijith M B at windows Latest dove into the details, and its just as bad as you would expect. Am I glad Stokes got caught? Yes, without hesitation. Thirty-five pages of a teenager bragging about diamond chains spelling out “HACK THE PLANET” while extorting a jewelry store don’t leave much room for sympathy, whatever role Microsoft’s telemetry played in building the case. But that doesn’t make the GDID okay. Every company selling you software has some version of this, and a persistent device identity is a reasonable thing to build into activation and fraud systems. What gets me is that most people had never come across the term GDID before a federal court filing such as this. Microsoft wrote one sentence about it in an Azure Monitor reference table meant for enterprise IT admins pulling update reports, not for the 1.6 billion or so regular people whose PCs are generating this data. You might be tech savvy enough to turn off Activity History, pick a local account, and strip out every scrap of optional telemetry, but none of it changes the fact that the identifier exists, and that it answers to your Microsoft Account instead of you. Microsoft only told the public about it once a court forced the issue. ↫ Abhijith M B at windows Latest The thing is, even without this GDID, I cant imagine Microsoft would have much trouble tying a Windows installation to a specific user. Consequently, Im afraid the following is going to happen: this story gains even more traction, Microsoft removes the GDID, and everyone thinks the problem is resolved. Of course, in reality, any one of the hundreds of other metrics and data Microsoft collects can and will still be used in the exact same way as this GDID thing in this case. If my experiences with Windows 11 werent clear enough  dont use Windows. Just dont.


  • How early SunOS did diskless workstations before NFS
    I have a love-hate relationship with Suns NFS. Since it was so prevalent, its a go-to for getting stuff on and off the classic UNIX workstations I love to explore, but at the same time, it also never seems to work right away. However, the technology NFS was designed to replace was apparently quite a bit worse. Sun sold diskless workstations before NFS, which used something called nd (network disk). The problems with nd stem from a limitation of SunOS at the time. Since SunOS only provided support for a maximum of eight partitions per physical disk, nd offered the ability to create subpartitions, of which you had to manually create and remember the start and end sectors. Thats a recipe for problems. But wait, theres more! For extra bonus problems, you might run out of available partitions to use on your server disk because you needed all of the available ones for regular filesystems and your swap area. If you were in this situation you could take the dangerous but necessary step of specifying your network disks using the special c partition (cf dkinfo(8)), which was conventionally used to provide access to the entire disk. This was extra dangerous because you had to make sure that the nd disks you specified werent overlapping into any regular partitions that you were using, since as nd(8) says, nd itself did no sanity checking. If you said sectors X to Y were network disk X, thats what they were, and goodness help you if some of them were also something else. ↫ Chris Siedenmann And this isnt even everything. Every part of this sounds horrid, and I can totally understand seeing NFS as a godsend compared to nd. Its depressing that were in 2026 now, and the basic task of sending a file from one computer to another over your own network often still a total clusterfuck.


  • Nokia’s 14 years of mobile-phone supremacy ended in an afternoon
    OSNews covered the downfall of Nokia extensively back when it was happening, but I must admit that seeing this whole story in retrospectives! now makes me feel so incredibly old. This story played out roughly between 2007 and 2016  in the grand scheme of things, the end of Nokias phone business wasnt that long ago! Zeit, bitte bleib stehen. Anyway, heres another retrospective, but this one I definitely like a bit more than the countless others weve seen, because it ends on the part of the story often left out: Nokia not only survived, its actually thriving. The company itself ultimately survived, even if the transition wasn’t painless. Nokia’s revenues, which peaked in 2007, fell sharply through the mid-2010s before the company refocused on a decades-old business line—telecom infrastructure—that many had forgotten Nokia was even in. Nokia now ranks among the world’s top three suppliers of 5G network equipment, serving carriers across more than 125 countries, alongside Ericsson and Huawei. Although the company could never quite crack the smartphone, it now plays a key role in providing the network backbone those smartphones run on. ↫ Chris Chinchilla at IEEE Spectrum From a business perspective, I honestly doubt Nokias phone business couldve survived to this day, even if they had responded to the arrival of the iPhone sooner, and even if they didnt do the stupid thing of focusing on Windows Phone first and had just embraced Android right away. Obviously, a Nokia with its own touch-era smartphone operating system would never have survived  none of them did  and even if they went with Android from the onset, I think the eventual onslaught of Samsung, which has killed many a popular smartphone brand, wouldve trampled Nokia too. In a better version of our world, Nokia wouldve survived with its own smartphone operating system, based on Symbian or not, and it wouldve been Europes strong, consistent answer to the Americans iOS and Android. While Nokia wouldve still been a business and wouldve undoubtedly tried the same anti-user shenanigans as Apple and Google, theyd at least be easier to reign in regulatory-wise. Youd hope. The EU shouldve never allowed Nokias smartphone business to be sold to Microsoft.


  • Apple sues OpenAI for theft of trade secrets!
    Apple sued OpenAI on Friday, alleging the AI company has stolen the iPhone maker’s trade secrets to develop its own yet-to-be-unveiled AI gadgets. In the suit, filed in the District Court of Northern California, Apple accuses OpenAI of trade secret misappropriation and breach of contract. ↫ Lisa Eadicicco and Hadas Gold at CNN I find this about as interesting and watching artificial grass grow, but with the common wisdom being that Apple is behind on AI!, it was honestly only a matter of time before the lawsuits came. After all, thats usually what companies who cant win in the market do. At the very least this will give corporate tech news websites a whole slew of new material. I just hope they both implode. Wed all be better off for it.


  • Redox gets GTK3, Tcl
    Redox did the develop cools stuff thing again for a month, so weve got progress to talk about. This past month, GTK3 has been ported to Redox, as well as the Tcl programming language. Support for per-window fractional scaling has been added to Orbital, Redox desktop environment, but its still relatively limited for now. Theres also new USB gamepad support, which already works in quite a few emulators, as well as details about how Redox intends to improve its support for running in a virtual environment over the coming 12 months, an effort sponsored by NLnet. Of course, theres also the usual bugfixes and updates to various drivers, the kernel, Relibc, and more.


  • Understanding Windows monthly updates: Servicing explained
    Windows has a fairly complex update ecosystem, so every now and then, the company feels like it needs to publish clarifications and explainers so people can keep up with whats going on. Most individuals and organizations regularly deploy monthly security updates, released on the second Tuesday of each month. Windows also provides optional non-security preview updates, which give IT teams and early adopters an opportunity to validate upcoming fixes before theyre included in the next monthly security update. This guide explains the purpose of each update type, when updates are released, and how they fit into the modern Windows servicing model. ↫ Chris Morrissey at the Windows IT Pro Blog Its easy to make fun of Microsoft and Windows for just how complex and obtuse the update ecosystem really is, but in all honestly its kind of understandable. Windows is a sprawling platform used by so many different people, companies, and organisations, under so many different circumstances and in so many different environments, it makes sense that Microsoft wants to address the multitude of needs that arise from that complexity. And so we end up not only with a dizzying array of update types and a long corpus of mystic terminology, but also a long list of complex different management tools to deploy said updates. And then theres the various preview channels making everything even more complex. Im definitely not smart, qualified, or experienced enough to come up with a better solution, but I do think choosing better names for the various update types, and perhaps a centralised settings panel inside Windows that gave users a better idea of what each type of update actually does, would go a long way to improving clarity. During my month with Windows 11, I also found it deeply frustrating just how little information Microsoft provides about each of the updates Windows is installing. As a user, I was expected to copy/paste the KB number and then hope that would lead me to useful information, while it would be much more convenient if such information was available right then and there inside Windows Update. If you cant reduce complexity, you should try to improve transparency.


  • You paid me, a long-time Linux user, to use Windows 11 exclusively for a month: heres how it went
    You all donated en masse to have me use Windows 11 for a month, and so I did. What was it like for a long-time Linux user to go back and experience Windows as it exists now? Is it really as bad as weve collectively made it out to be? Did my month with Windows 11 consist of nothing but pain and misery, or are there good things to say, too? Or, was it an unexpected pleasant surprise? And ultimately, did I stay with Windows 11, or move back to the Linux world?  Donate through Ko-Fi  Donate through SEPA transfer*  Buy merch from our store  Why a fundraiser? *Name: Thom Holwerda  IBAN: SE08 8000 0820 1684 4657 8414  BIC: SWEDSESS This year, Im celebrating the milestone of having posted 20000 stories on OSNews during my 21 years as managing editor of OSNews. This is my full-time job, and since nobody is going to give me any bonuses, stock options, or golden pens, were running a big fundraiser to keep OSNews going. To add some spice to the whole thing, I added some incentives, with the first being using Windows 11 for a month. Were slowly but steadily approaching the next incentive, too, which is a proper video tour of my office, (unique) computers, and massive devices collection. Theres a similar incentive to this Windows 11 one, but for macOS. Yikes. The rules for the Windows 11 incentive are simple: use stock Windows 11 for a month for my computing tasks (with the exception of gaming  converting my Linux gaming PC to Windows just to play the same games seemed silly). I wasnt allowed to use any debloating tools, but as an EU citizen, I do have the ability to remove a ton of Windows stuff thanks to the success of the Digital Markets Act. I also tried to stick to Microsofts own applications as much as possible, for that true ecosystem experience!, and wasnt allowed to hack my way into a normal local user account. I was all-in. So what was it like? Setting it all up The installation process posed a number of challenges and issues. First and foremost, the Windows 11 installation process is incredibly barebones, and basically assumes no other operating system exists in the world. It has no clue anything other than Windows filesystems exist, making it dangerously easy to accidentally damage or outright delete any other operating systems you might have installed. My laptop happens to have two M.2 SSDs in, so I could safely dedicate one of them to Windows 11 without interfering with the other SSD with Fedora installed on it, but if youre experimenting with Windows 11 on your Linux machine with just one drive, you might want to reconsider. I also had to perform the first portion of the installation process  the WinPE section  with just my keyboard, since apparently, my trackpad was not supported and did not work at all. Once the system went through its first of what would be many reboots to come and loaded into the phase of the installation where youre actually already running Windows 11, my trackpad came to life, but without any gestures support  so no scrolling. Not a gamebreaker or anything, but definitely annoying. A bigger issue was that the Wi-Fi 7 Intel BE200 chip in my laptop was not supported out of the box by Windows 11. This meant that I had to install these drivers during the installation process, which involves going to the Intel website and finding the correct drivers to use. To make this process more obtuse and less intuitive, you cant use the normal driver installer; you have to specifically opt for the Intel® PROSet/Wireless Software and Wi-Fi Drivers for IT Administrators , download the ZIP, unpack it on a different computer, put the unpacked drivers on a USB stick, and point the Windows 11 installer to this USB stick. Mind you, the BE200 chip was launched almost three years ago, and theres no excuse for Windows 11 not supporting this chip out of the box  like Linux does. The remainder of the installation process involved dodging a lot of tracking and telemetry prompts, reboots, a lot of waiting, setting up the dreaded online account, waiting some more, and then finally ending up at the desktop. I then set out to enjoy my EU privileges by removing whatever applications I didnt need and turning off features I didnt want, as well as making sure all the drivers were up to date. This mostly involved installing the Intel Driver 8 Support Assistant and the Intel graphics drivers. Curiously, this is where I hit a returning issue: after installing the Intel GPU drivers for the first time, as well as after every subsequent update, the screen would go black and stay that way, forcing a reboot. Windows graphics stack is supposed to be able to gracefully handle driver updates, but clearly, some bug or problem was preventing the updated Intel driver from being reinitialised. Once those initial setup tasks were behind me, I experienced two more problems. First, sleep/wake was entirely broken and simply did not work. It turns out Windows 11 really doesnt like S3 sleep, and I had to specifically go into my laptops Dasharo Coreboot firmware to switch to S0ix get sleep/wake to work on Windows 11. Windows defaults to something it calls Modern Standby!, which requires the S0ix state to be enabled. You can also disable Modern Standby which would presumably make sleep/wake work with S3 (?), but this is a whole ordeal and clearly not something Microsoft wants you to do. Of course, the correct way of handling this would be for Windows 11 to adapt its sleep/wake settings to what the firmware reports, but alas. Another problem were the laptops cooling fans seemingly leading lives of their own, spinning up loudly at entirely random times, irrespective of use. It was so bad and loud


  • The state of accessibility in GNOME
    With July being Disability Pride Month, GNOMEs Sophie Herold published a blog post taking stock of where GNOME stands on this front, progress thats been made, as well as areas where the project comes short. One particular paragraph from her introduction really hits the nail on the head about accessibility discussions in tech circles: The reality of tech communities is that they are often ableist and elitist. Probably more so than the average population. If a user or contributor struggles with a tool, blame is shifted to a “skill issue,” if an interface is simplified to make it accessible to more people, it’s “dumbed down”. Assistive technologies are often developed by abled people, without involving and paying disabled people. This also leads to an attitude where contributors expect gratefulness from disabled people for providing them with the most basic needs. All these issues are also not absent from the GNOME community. ↫ Sophie Herold Even as someone who isnt disabled and doesnt use any tools classically shelved under the accessibility! moniker, I encounter the attitudes she mentions in the quoted paragraph basically every day. While we can have normal, productive discussions and differences of opinion about accessibility  for instance, I strongly believe robust theming support is absolutely crucial to accessibility, while the wider GNOME community does not  the dismissive attitudes towards people with accessibility needs in the software world is shameful. Even if you dont have accessibility needs today, you will definitely be needing them at some point in your life. If accessibility isnt one of the first words you jot down on your mood board or whatever when you start a new software project, youve already done millions of people a massive disservice. Get educated, learn what you can about accessibility, listen to people with accessibility needs, and make your software better for everyone. Youll thank yourself one day.



Linux Journal News

  • EU OS: A Bold Step Toward Digital Sovereignty for Europe
    Image
    A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
    What Is EU OS?
    EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.

    Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
    The Vision Behind EU OS
    The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.

    Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.

    However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
    Conclusion
    EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.

    Source: It's FOSS
    European Union


  • Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight

    Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight

    Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.

    In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.

    On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.

    Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.

    The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.

    Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.

    You can download the latest kernel here.
    Linus Torvalds kernel


  • AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
    Image
    AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.

    This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.

    Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.

    Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.

    Source: 9to5Linux
    AerynOS


  • Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
    Image
    Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.

    Here’s a quick overview of what’s new in Xojo 2025r1:
    1. Linux ARM IDE Support
    Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
    2. Web Drag and Drop
    One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
    3. Direct App Store Publishing
    Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
    4. New Desktop and Mobile Features
    This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
    5. Performance and IDE Enhancements
    Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
    What Does This Mean for Developers?
    Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
    How to Get Started
    Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.

    Download Xojo 2025r1 today at xojo.com.
    Final Thoughts
    With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
    Xojo ARM


  • New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux

    Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.

    Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.

    Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest. 

    Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.

    Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.

    Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.

    By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
    Windows


  • Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities

    The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally. 

    As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.

    In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions. 

    After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.

    The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.

    At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.

    The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
    Security


  • Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges

    The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.

    A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.

    This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem. 

    The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.

    On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.

    In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
    kernel


  • Linux Celebrates 32 Years with the Release of 6.6-rc2 Version

    Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.

    The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.

    Here is what Linus Torvalds had to say in today's announcement:
    Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds


  • Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction

    Want to interact with ChatGPT from your Linux desktop without using a web browser?

    Bavarder, a new app, allows you to do just that.

    Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.

    With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.

    During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.

    At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.

    As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!

    Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
    ChatGPT AI


  • LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite

    Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.

    Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.

    LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.

    You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.

    All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.

    In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.

    Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.

    The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
    LibreOffice


Linux Magazine News (path: lmi_news)


  • Hannah Montana Linux Is Back!
    Developer Noah Cagle decided the world needed the once obscure but beloved Linux distribution and gave it a decidedly pink refresh.




  • Kubuntu Focus Goes Ultra
    The Kubuntu Focus team has upped the performance ante of its M2 and Zr laptops with the latest, greatest CPUs from Intel.







Page last modified on November 17, 2022, at 06:39 PM