|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- Systemd v261 released
Systemd v261 has been released with a long list of changes, including a newcloud "Instance Metadata Service" (IMDS) subsystem, "boot secret"functionality for use on systems that lack a physical TPM, as well assupport for the kernel's Live Update Orchestration (LUO) / KexecHandover (KHO) systems when they are present and enabled. See therelease notes for the full list of changes.
- [$] AURpocalypse now: a look at the recent AUR attacks
The Arch User Repository (AUR) hasbeen subjected to a sustained attack recently. The attacker, or attackers, havespun up a series of new accounts then used them to adopt orphanedpackages and push malicious updates that would install malware on users' systems.It is unclear how many users were compromised in the attack, but the maintainerswere playing Whac-A-Mole for several days to respond to each newly compromisedpackage. The project has turnedoff the AUR's new-user registration, for now, but it is unclear what its long-term response will be or if the AUR can be secured without major changes toits existing collaboration model.
- Security updates for Friday
Security updates have been issued by AlmaLinux (dracut), Debian (chromium, firefox-esr, and thunderbird), Fedora (chromium, firefox, nss, ocserv, ongres-scram, ongres-stringprep, perl-Archive-Tar, perl-GD, perl-HTTP-Daemon, perl-Net-Statsd, restic, singularity-ce, util-linux, and vorbis-tools), Mageia (gstreamer1.0-*, libupnp, luajit, opensc, and ruby-rack), SUSE (curl, dnsmasq, ffmpeg-4, frr, google-osconfig-agent, java-1_8_0-ibm, kernel, krb5, kubernetes-old, ldns, liburiparser1, openvswitch, rootlesskit, strongswan, traefik, and trivy), and Ubuntu (ldns, libheif, libnet-cidr-lite-perl, lxd, tomcat11, and vim).
- Eight new stable kernels for Friday
Greg Kroah-Hartman has announced the release of the 7.1.1, 7.0.13, 6.18.36, 6.12.94, 6.6.143, 6.1.176, 5.15.210, and 5.10.259 stable kernels. As usual, eachcontains important fixes. Users are advised to upgrade.
- The Software Freedom Conservancy's LLM-backed generative AI recommendations
The Software FreedomConservancy (SFC) has announcedthe release of its recommendationsfor using LLM-backed generative AI systems for FOSScontributions. The recommendations were created by the SFC andvolunteers from the free-software community.
The recommendations reflect the extremely difficult dilemmas thatthese systems pose for FOSS contributors. SFC and its volunteersunderstand that FOSS developers are approaching LLM-gen-AI from avariety of perspectives. The recommendations offer practicalassistance to minimize the damage caused by using proprietary systems,whether FOSS contributors reject LLM-gen-AI or choose (voluntarily orby employer mandate) to use them.
These recommendations are best practices (but not definitions orrequirements) that SFC and its volunteers formulated after carefulstudy of the growing LLM-gen-AI use among FOSS contributors. SFC willfollow these recommendations with a series of supporting materials,including documents, online tutorials, public Q&As, podcasts,and other community engagement. We will routinely refine ourrecommendations and continue to support FOSS contributors as theynavigate this difficult landscape.
- [$] The first half of the 7.2 merge window
The 7.2 merge window started with the 7.1kernel release on June 14. As of this writing, just over 7,000non-merge changesets have been pulled into the mainline for the next kernelrelease. Many of the core subsystems have been pulled at this point,meaning that most of the changes that can be expected in 7.2 have now comeinto focus.
- Mastodon 4.6 released
Version4.6 of the Mastodon fediverse platform has been released.
The headliner of this release is Collections, a way to create and share curated collections of profiles. Part of Mastodon's work ethos is our commitment to trust and safety, so we've put a lot of thought and care into the design of this feature to avoid some of the pitfalls and abuse people have experienced with similar features on other platforms, while focusing on its primary goal: Helping new users discover more of the Fediverse.
Other new features include support for subscribing to posts via email, theability to generate a "year in review" post, accessibility improvements,and more.
- [$] Single-hop block replication with RMR and BRMR
How can cloud providers efficiently supply durable virtual block devices? RemoteDirect Memory Access (RDMA) provides a way for servers in a cluster to sharechunks of memory, but there still needs to be a protocol that operates on top ofRDMA to provide the guarantees expected of a block device. The kernel's RDMA transportlibrary (RTRS) provides a way to send messages via RDMA. Ipresented about twonew components built on top of RTRS at the 2026LinuxStorage, Filesystem, Memory Management and BPF Summit: Reliable Multicastover RTRS (RMR) and Block device over RMR (BRMR). These modules, which Iam working on with Jia Li, could be a way for cloud providers toexpose durable block devices with as little overhead as possible. To accomplishthat, however, we need some discussion and feedback from the community beforesending the modules upstream.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (dracut, podman, postfix, rsync, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (atril, firefox-esr, and nginx), Mageia (libcap, perl, and python-pillow), Oracle (firefox, gstreamer-plugins-base and gstreamer-plugins-good, httpd:2.4, kernel, libpng12, libpng15, libxml2, libxslt, opencryptoki, openssl, postfix, rsync, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), Slackware (bind, libidn, mozilla, and openssl), SUSE (alloy, docker, elemental-system-agent, glibc, grafana, helm, LibVNCServer, openssh8.4, perl-GD, perl-HTTP-Daemon, python-WebOb-doc, python311-google-adk, rustup, traefik2, wireshark, and xwayland), and Ubuntu (dolibarr, golang-go.crypto, graphite2, gst-plugins-bad1.0, kitty, libconfig-inifiles-perl, libnginx-mod-js, and webpy).
- ESP32 Bit Pirate update adds WiFi Hotspot mode, Pirate Assistant, and Web Flasher
The ESP32 Bus Pirate project has been renamed ESP32 Bit Pirate as part of its continued development as an ESP32-S3-based multi-protocol firmware platform. The open-source project, developed by Geo-tp, turns supported ESP32-S3 boards into debugging and experimentation tools for wired protocols, radio interfaces, scripting, and browser-based interaction. The project remains inspired by the original Bus […]
- New Super PAC Aims to Rally Tech Workers to Help Limit AI: 'the Guardrails Alliance'
"A grassroots movement is forming among everyday tech workers who are demanding their companies develop and deploy AI responsibly," reports TechCrunch. Hoping to leverage that discontent is a new super PAC called the Guardrails Alliance. The New York Times reports that it launched Thursday with backers that included tech employees and labor unions:Guardrails positions itself as a populist political movement that runs on small donations from people in the trenches of the AI boom. The PAC has about $5 million at its disposal today and planGuardrails will buy ads to support Alex Bores, a New York congressional candidate who became Leading the Future's first target and is running in the primaries next week. s to raise $15 million this cycle — small potatoes compared to deep-pocketed adversaries like Leading the Future, which has more than $100 million from tech leaders like OpenAI president Greg Brockman... "This is not about matching [Leading the Future] dollar for dollar," [said the super PAC's co-founder, political operative Shaunna Thomas]. "What this vehicle is meant to do is be a political home for people who are concerned about the way the anti-regulation AI tech sector is trying to manipulate elections." Meanwhile a former Netflix and Warner Bros. executive has launched the Alliance for Responsible Innovation in the Arts & Media, reports Variety, calling it an AI-focused content coalition that says it's dedicated to supporting "responsible and sustainable AI innovation and the importance of human creativity."The initial members of the coalition, announced Monday, include Disney, the New York Times, Adobe, Condé Nast, the Financial Times, ITV, Advance, BBC, Cambridge University Press & Assessment, U.K. publisher Reach and Wiley. Many of the coalition's members have either struck deals with AI companies or are developing their own AI tools... The group plans to argue for legal and policy guardrails around AI's usage, with its funding directed towards analyses, tools and services focused on advancing those initiatives... One of the group's launch advisers is Damian Collins, OBE, who previously served as the U.K. Parliamentary Under-Secretary of State in the Department for Science, Innovation and Technology under prime ministers Boris Johnson and Liz Truss. "Using AI to break the law can never be an acceptable excuse," he said in a statement. "Laws around personal safety, intellectual property and financial crime still apply in the age of AI. This is why ARIAM has been created and why I'm proud to working with this necessary initiative."
 
Read more of this story at Slashdot.
- Facial Recognition on Public Buses? Kansas City Says Yes
An anonymous reader shared this report from the Associated Press:Officials in Kansas City, Missouri, are preparing to equip cameras on some public buses with facial recognition software capable of identifying passengers who appear on a list of banned riders or missing persons. Supporters and opponents alike view the effort as a major litmus test for tapping the AI-powered software on a U.S. public transportation system, positioning Kansas City as the latest epicenter of a fierce debate over whether the safety benefits of artificial intelligence are worth the privacy costs. "The idea of running face recognition on a camera that is pointed on live spaces in public is a line that until recently has never really been crossed in the last 25 years," said Jay Stanley, senior policy analyst for the Project on Speech, Privacy and Technology at the American Civil Liberties Union. The state of Missouri declined to help fund the project as expected due to concerns with the facial recognition component. Still, the city is pushing ahead with local and federal money, said Tyler Means, chief mobility and strategy officer at the Kansas City Transportation Authority. "Privacy is always a tricky thing," Means said. "We've always had cameras on our buses. It's just new technology. I think in time it'll smooth over and people will realize, 'Well, it didn't really feel any different'...." Images captured by cameras aboard the buses would immediately be checked against any active alerts, generated when a missing person, banned rider or someone on a law enforcement watch list designated by the transportation authority is identified... After the buses return to the depot, the transportation authority would archive the regular video footage on a local server for up to five years. The company partnering with Kansas City to run the cameras "started using live facial recognition years ago to alert nursing homes when residents left the building," according to the article, and then "brought the technology to correctional institutions and schools." But this is its first attempt at bringing its cameras onto public transportation. The article also includes this quote from Will Owen, communications director for the Surveillance Technology Oversight Project. "City residents should not be guinea pigs for transit systems to test Silicon Valley's latest unproven, biased surveillance tech."
Read more of this story at Slashdot.
- Polymarket Paid Dozens to Post Videos of Themselves 'Winning' With Fake Bets
In January a college student posted a video showing him winning $100,000 on Polymarket — one of 145 that appeared to show bets adding up to almost $410,000, reports the Wall Street Journal. "But none of those bets were real." Instead its creator was "one of dozens of mostly college-age creators Polymarket paid to film themselves making fake trades and sometimes scoring fake wins," the Journal reports, citing interviews with the creators an an analysis of more than 1,100 of their videos:Polymarket built near-perfect copies of its website, then instructed creators to make simulated trades on those dummy sites and hide that they were being paid by Polymarket. To get the videos to go viral, Polymarket has recruited a social-media army to copy and re-post creators' footage. Though the New York-based company has been banned from offering its primary crypto platform in the U.S. since 2022, the social-media creators are paid to specifically target U.S. users, who can still access the site with a virtual private network... Polymarket hired and worked closely with a marketing contractor to promote the site. In a message reviewed by the Journal, that contractor told its social-media army to repost content made by 10 Polymarket creators in particular... These creators didn't initially identify themselves as paid by Polymarket, although one offered a $20 bonus code in his social-media bio... The company instructed creators not to disclose they are paid, according to creators who have worked with the company. They said the pay often added up to $2,000 to $3,000 a month... A handful of videos the Journal reviewed also contained short glimpses of URLs indicating the sites were test environments for Polymarket engineers... Creators said they send the finished videos to Polymarket for review. If a video isn't engaging enough, or if it bears obvious signs of being faked, Polymarket will ask for the videos to be reshot, the creators said... Polymarket sends creators bullet-point guidance on what to say, according to creators who have worked with the company and a recruiting website... Polymarket's viral clipping campaign racked up more than 140 million views on TikTok, YouTube and Instagram, according to the analytics provider Tubular... Internal materials show that Polymarket and Virality promote videos showing how easy it is to conduct insider trades on the platform. Polymarket has paid clippers to promote at least 19 videos discussing opportunities to use inside information or other tactics to manipulate markets. America's advertising laws "require people who are paid to endorse a product to disclose their ties," the article notes, "although there is some gray area about what's permitted." (After the Journal's investigation, the creators started adding "@polymarket partner" to their bios, the article points out._ And when asked for a comment, Polymarket "said it plans to conduct a comprehensive audit of active promotional content."
Read more of this story at Slashdot.
- Gamers Sue PlayStation: It's Not Clear They're Selling Licenses Rather Than Ownership of Games
The gaming news site Aftermath reports:Four gamers are suing Sony Interactive Entertainment for allegedly breaking a California law that requires digital storefronts selling games to make it clear people are buying licenses, not actually owning the games. Sony Interactive Entertainment's PlayStation store uses language like "Buy Now" and "Confirm Purchase," lawyers wrote in a complaint filed on Thursday... "In reality, consumers who 'purchase' digital games through PlayStation do not obtain ownership of those products," lawyers wrote. "Instead, PlayStation grants only a limited, revocable license to access the software, subject to multiple restrictions contained in a separate Software Product License Agreement".... [T]he PlayStation store does have a disclosure. Above the "Confirm Purchase" button, there's a note: "By selecting [Confirm Purchase], you agree to complete the purchase in accordance with the PlayStation Terms of Service before using this content. You further acknowledge that your purchase of this digital product amounts to a license subject to the Software Product License Agreement." These four gamers aren't satisfied with that; they said in the complaint that it's too small, and that "a reasonable customer completing a purchase would not necessarily notice this disclosure." "It's a proposed class action complaint, meaning the group of four gamers is asking a judge to grant them class action status."
Read more of this story at Slashdot.
- How Millions of Digital Home Devices Are Secretly Powering Cyberattacks
The Wall Street Journal reports on internet-connected devices — and how every year millions of them "can contain a secret digital backdoor that opens up access to your home internet, so that anyone... can surf the web as if they were you." (And this is especially true for "knockoffs that you buy online"...) In a video report this week they tested two digital picture frames from Amazon and three streaming devices from Walmart "because we heard that they often ship with backdoor software used in cyberattacks. Security experts believe manufacturers are being paid to add this malware, but many people also get tricked into downloading the software onto their phones or computers... Within minutes of turning the devices on, there was a surge of internet traffic... Visits to gambling, porn, cryptocurrency and loads of other sketchy web sites started pouring in from users around the world." (And remote visitors also tried to access Outlook and Gmail accounts...) Residential proxy companies even rent out access to "tens of millions of home networks around the world," according to the report. "But the problem is actually worse than that. Hackers figured out a way to seize control of these backdoors, and they started taking over these residential networks. Last month authorities arrested a 23-year-old Ottawa man, saying he'd taken control of more than a million devices to launch some of the largest cyberattacks anyone had ever seen.." After a couple months the Journal's reporter collected logs of all the traffic, and sent it to an investigator at Comcast, who said both were conducting DDoS attacks. But estimate for the number of infected devices are as low as tens of millions or as high 500 million-plus. "We've seen nation state attacks launched through these kind of endpoints, which means your device sitting in your house is part of a nation state attack against another nation state... We've seen ad fraud, we've seen ticket scalping, we've seen financial fraud." But more importantly, "We have seen some of the largest computer attacks — meaning computers attacking other computers at human request — ever recorded in our digital history in the last several months." At cybersecurity conferences, some are warning "there are much larger ones on the horizon if we don't get a hold of this problem." The company making the picture frame "couldn't be reached for comment," while Amazon said it's been out of stock since last year. Both Amazon and Walmart said they take action when they confirm malware on a third-party product.
Read more of this story at Slashdot.
- OpenAI Announces Benchmarks for AI Life Sciences Research. Its Best Model Failed 63.9% of the Test
This week OpenAI announced a 750-task test to to measure "whether AI systems can support realistic life science research tasks, not just answer biology questions." But while OpenAI's top-performing GPT-Rosalind model led the rankings, Slashdot reader BrianFagioli notes that "it achieved a pass rate of just 36.1 percent, failing nearly two-thirds of benchmark tasks." Nerds.xyz points out that means "the best-performing model failed nearly two-thirds of the benchmark's tasks."The benchmark also revealed a familiar weakness. AI systems generally perform better when everything is presented as text. Once they are forced to work with supporting documents, figures, or complex datasets, performance drops noticeably. GPT-Rosalind's pass rate fell from 45.1 percent on text-only tasks to 28.1 percent on tasks involving artifacts or URLs. To be fair, the benchmark is not intended to suggest AI is useless in research. Quite the opposite. OpenAI found that models are becoming increasingly capable of scientific communication, evidence synthesis, and translating research findings into practical explanations. Those are valuable skills, particularly for researchers drowning in information. But LifeSciBench serves as a useful reminder that today's AI systems are still far from autonomous scientists. They can help. They can assist. They can sometimes provide surprisingly useful insights. What they cannot reliably do, however, is replace the expertise, judgment, and skepticism that real scientific research requires.
Read more of this story at Slashdot.
- Remembering When Alan Turing Developed a Portable Voice Encryption Device
Long-time Slashdot reader smooth wombat writes: Alan Turing, one of the more famous people who worked at Bletchley Park to decipher the German Enigma coding machine, was also working on a separate project. His private papers, known as the Bayley papers for his assistant Donald Bayley who held onto the papers until his death in 2020, reveal Turning had produced a working model of a portable voice encryption device. He even demonstrated it by using a Winston Churchill speech recording. "Weighing just 39 kg, including its power pack," Jack Copeland wrote in an article for IEEE Spectrum, "Delilah would be at home in a truck, a trench, or a large backpack." More from Popular Mechanics:Turingâ(TM)s work at Bletchley Park actually informed the Delilah experimentation he was doing at Hanslope Park, and not just because he used Red Forms, the Army-issue sheets Hanslope staffers were meant to use to alert Bletchley staffers to enemy signals, as his personal scrap paper for Delilah experiments. He drew inspiration from one of the German cipher machines they had decoded at Bletchley; not the famed Enigma machine, but rather the SZ42. While the former relied on Morse Code, the latter utilized a 5-bit telegraph code, which Copeland notes âoewas a forerunner of ASCII and Unicode and is still used by some ham radio operators.â The SZ42 produced an obscuring key of telegraph characters, with an identical key produced to both the sender and receiver. If it could be done for text, Turing reasoned it could be done for sound as well... [T]he reason Delilah fell to the wayside of history isnâ(TM)t because it was a failure, but rather because it simply wasnâ(TM)t needed anymore. By the time Turing had built and demonstrated his device, the war was over. What good was a portable voice encryptor if you had no major enemies trying to intercept your calls, the government reasoned. So funding for the project stopped, and Turingâ(TM)s two-year experiment ended with a whimper. Turingâ(TM)s time as an electrical engineer at Hanslope Park became a footnote in his story, if even that.
Read more of this story at Slashdot.
- Tech Pundit Cringely Co-Founds Startup '2Brains Inc' to Solve LLM Hallucinations
Long-time tech pundit Robert Cringely started his career at the Stanford Artificial Intelligence Lab back in 1978. Last month 73-year-old Cringely explained why his site went on a two-year hiatus — and it's not just because of a heart attack and a stroke last July:Just like everyone else, I've been busy all this time on Artificial Intelligence, founding with two partners a company called 2Brains... The work we were doing together is unfinished, but it's not stopped. The patents are filed, the architecture is documented, and the small team continuing the work includes me. Cringely's first piece made the cast that "the trillion-dollar bet the AI industry is making right now may be wrong, and that there's an architectural alternative we've patented and built."In Machines of Loving Grace, Amodei made the case that scaling compute would eventually solve essentially every hard problem in artificial intelligence. Buried in that optimism — or maybe not buried, maybe right out in the open — was a quiet absolution. Hallucinations, the embarrassing tendency of these systems to state falsehoods with total confidence, would take care of themselves. Make the models big enough, train them long enough, and the problem dissolves. You don't have to solve it. You just have to wait, and spend. And so the entire AI industry breathed a sigh of relief. I have spent forty years watching this industry, and I know a permission slip when I see one. Because that is what the essay became, whatever Amodei intended. It gave every other person writing nine- and ten-figure checks a reason not to worry about the one thing that should worry them most. The hallucination problem is the difference between a clever toy and a system a hospital or a bank or a court can actually rely on. It is the whole ballgame for enterprise AI. And the prevailing wisdom, blessed from the top, is that you needn't address it directly. Scale will provide... A small company I helped start, 2Brains Inc., set out in 2022 to solve hallucinations — before ChatGPT, before the scaling consensus hardened into received truth, back when the polite assumption was that the problem was simply insurmountable. We did not solve it by waiting for bigger models. We solved it architecturally, by separating the part of the system that generates language from the part that retrieves and verifies facts, and reconciling the two before anything reaches the user. It runs on ordinary processors. It is cheap. And on the industry's own benchmark for this kind of faithfulness, it more than doubles the published baseline, with no fabricated facts in the verified case at all. The article asks whether scaling will, at tremendous cost, eventually reduce hallucinations — or even worse, if the largest companies in the world "are spending a fortune chasing a cure that is not coming." And last week Cringely pitched more advantages for their solution, noting that most prompts aren't even chatbot-level creative prompts — but just requests to retrieve simple data:The reason 2Brains doesn't lie and the reason it's cheap are the same reason. It looks the fact up instead of guessing it — so it cannot fabricate, and the lookup runs on a processor that sips power instead of a chip that gulps it. Trust and thrift are not a trade-off you balance against each other. They fall out of a single design decision. You do not pay extra for the honest version. The honest version is the cheap version. That sentence is the whole company.
Read more of this story at Slashdot.
- Waymo Recalls About 3,900 Robotaxis After Some Drove Into 'Freeway Construction Zones'
CNBC reports:Waymo is recalling almost 3,900 robotaxis in the U.S. to fix software issues after some cars drove into freeway construction zones, according to notices filed with the National Highway Traffic Safety Administration. The voluntary recall, the Alphabet-owned company's second in just over a month, followed 13 known incidents where Waymo robotaxis drove into construction zones on freeways in Phoenix, or entered freeway lanes with active construction in the San Francisco area, the filings published Thursday said...A letter posted to the regulator's website... noted that, "Driving through a closed construction zone increases the risk of a crash..." [Waymo said in a statement emailed to CNBC] "We voluntarily restricted freeway operations last month while making improvements, proactively notified state and federal regulators, and decided to file a voluntary software recall with NHTSA. We continue to safely serve riders on surface streets in all the cities where we operate...." The company implemented another voluntary recall in May after some of its robotaxis had driven into flooded zones or standing water. The NHTSA Safety Board also initiated a probe of Waymo after a January incident in which a robotaxi illegally passed a stopped school bus.
Read more of this story at Slashdot.
- Cellphone Alert System Breached in Brazil, Message Sent in Leetspeak
CNN reports:An unauthorized alert bearing a mysterious message that was sent to cell phones in several states across Brazil on Saturday morning is suspected to be the work of hackers, the Brazilian government said. Devices lit up with the word "misantropi4," an alphanumeric spelling of the Portuguese word "misantropia," which in English translates to "misanthropy". The final letter "a" was substituted with a number '4' — a practice often used by hackers and termed "leetspeak.". The alert — categorized as "extreme" — was initially received in the southern state of Paraná, but a second warning was triggered a few minutes later for cell phones in the major cities of São Paulo and Rio de Janeiro. Brazilian authorities said that the National Civil Defense's warning platform was taken offline after being targeted by a likely hacker attack, and the government is working to restore the tool once all security conditions are reestablished.
Read more of this story at Slashdot.
- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Google9s Gemini Partially Figures Out A Lengthy Linux Boot Time On Modern ASUS Laptop
Google Antigravity with the Gemini 3.5 Flash model helped a Linux user sort out a situation where his laptop was taking around 36 seconds to boot the kernel, which shouldn't be the case for the high-end laptop with AMD Ryzen 9 processor and 32GB of RAM. It ended up being yet another case of device firmware issues, but now a Linux kernel patch is pending for working around the issue on the ASUS ROG Strix G16 G614 laptop while discussions are ongoing in getting the vendor to provide a proper firmware fix...
- Linux 7.2 Begins Making Preparations For NVIDIA "Blackwell-Next"
When going through the VFIO subsystem patches for the ongoing Linux 7.2 merge window, there isn't too much to get excited about for end users with these changes. But there is the first time mentioning "Blackwell-Next" enablement by NVIDIA for the Linux kernel...
- Linux9s KUnit Finally Supporting JUnit Output
KUnit as the unit testing framework for the Linux kernel and was inspired in part by Java's JUnit when originally conceived, is now finally able to output to the JUnit format for better interoperability with other CI systems and the like that standardize on that common format...
- Linux Finally Eliminates The strncpy API After Six Years Of Work, 360+ Patches
Linux 7.2 has finally eliminated the strncpy API from the Linux kernel. The strncpy() function for copying up to a specified number of bytes has long been deprecated and after six years of work and hundreds of patches, no more users of the strncpy interface within the Linux kernel remained that it has now been eliminated...
- Linux9s ARM64 NEON Intrinsics CRC64 Code Adapted To Work On 32-bit ARM
Merged for Linux 7.1 was ARMM64 NEON-accelerated CRC64-NVMe support for around 6x the performance out of that checksumming algorithm. The generic code had been a bottleneck in NVMe and other storage subsystem code of the Linux kernel with CRC64-NVMe being used to help verify against data corruption. Now for Linux 7.2, the NEON-accelerated code will also work for those still relying on 32-bit ARM...
- GIMP v0.54 From 1996 With Motif Toolkit Now Flatpak9ed For Modern Linux Desktops
The open-source world waited long enough for the GIMP 3.0 release that finally came last year with its GTK3 port and more, but for those with time on their hands this weekend and want to relive GIMP's past from long ago, GIMP 0.54 has been adapted for Flatpak to work on modern Linux desktops. What makes this version of GIMP from 1996 notable is that it was the last to use the Motif toolkit...
- What was nice about the UI of Windows 2000
I mean, this is preaching to the choir, but let�s go anyway. I liked the UIs of the entire era from 3.0 to 2000, really. I�m mostly using Windows 2000 as an example here because it runs so well in QEMU/KVM and that allows me to easily take screenshots. Some of the following will sound absolutely trivial, but I think it�s worth pointing out. ↫ movq.de blog Just a series of observations about how much better graphical user interfaces were back in the �90s and early 2000s. We�ve lost so many affordances based on both common sense and scientific study, and what we ended up with is a confusing, inconsistent mess. It doesn�t really matter where you look � user interface design has deteriorated since the early 2000s, a decline that only accelerated thanks to the arrival of the iPhone, where consistency is a dirty word, and the web, where the advertising people took prominence over the design people. I just want my buttons to look like buttons man.
- To study how chips really work, MIT researchers built their own operating system
A fascinating novel approach by researchers at MIT, called Fractal, to study in-depth how processors actually work. A team at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) decided to build something different. Fractal, an operating system kernel written from the ground up, treats the hardware itself as the object of study. Its first major use, a deep look at branch predictors — a CPU’s way of guessing what code to run next, before it knows for certain, so it doesn’t have to waste time waiting to find out — inside Apple’s M1 processor, has already turned up findings that prior work missed, including the first evidence that a class of speculative attack known as “Phantom” affects Apple Silicon. “We’re using hardware in ways it wasn’t designed for,” says Joseph Ravichandran, the MIT PhD student in electrical engineering and computer science (EECS) who led the project. “It’s not even obvious that this is a possible thing you could do with the hardware. But we found a way to pull all these different primitives off. It’s like a microscope. If you’ve got a hand magnifying glass, you can see a little bit. But if you had an electron microscope, now we’re really talking. That’s what Fractal is. The electron microscope of operating systems.” ↫ Rachel Gordon at MIT News While Fractal is small, its creators also added POSIX system calls, a C library, vim, GCC, a shell, and more. This way, it feels more familiar, and makes it easier for researchers to get started with the tool. Fractal is open source and hosted on GitHub, it has its own website, and there�s a detailed research paper with more in-depth information.
- AmigaOS 2: the greatest upgrade
Five years after releasing the Amiga 1000, Commodore was about to launch the Amiga 3000, their first real high-end Amiga. With a 68030 processor, on-board SCSI and a slightly updated graphics chipset, all in a sleek desktop case, the Amiga was truly ready for the era of professional 32-bit computing. But Moore�s law wasn�t the only thing thad had been pressuring Commodore since the release of the Amiga 1000: The desktop metaphor had matured even further, and the competition had been hard at work. IBM had launched OS/2, Windows 3.0 had turned Microsoft�s offering from a proof of concept into something actually usable, and new players had entered the scene � among them NeXTStep, with its polished 3D look. It was time to bring AmigaOS, too, into the 1990s. ↫ Carl Svensson It�s interesting � there�s a lot of focus on the first version of the Amiga operating system and the third one, but you don�t hear a lot about AmigaOS 2.x. It turns out this is rather odd, because as Svensson details, this version came with an absolute ton of changes and improvements, from an entirely new widget toolkit to a brand new file system, and so much more. The new widget toolkit and accompanying style guide also ensured that the operating system looked, felt, and behaved consistently. Remember when we cared about that? There�s so much more cool features, though, like command history, line editing, universal clipboard support and more just for the CLI, as well as something called Commodities. These were tiny little programs managed from a central location, which didn�t even need a GUI to work. Commodities included by default were things like ClickToFront, a focus-follows-mouse option, and more. Oh and of course, BASIC was replaced by ARexx. The list just keeps going, and you should really read Svensson�s article.
- Oracle Solaris 11.4 SRU93 released
Oracle is sticking to its promise of more regular Solaris updates with the release of Oracle Solaris 11.4 SRU93. This release, like other SRU releases, is for paying Solaris customers, as the CBE releases for enthusiasts are on a different cadence. With Solaris� focus being on enterprise server environments, it should come as no surprise that most of the changes and improvements are focused on things like enterprise networking and security, such as changes to how policy settings for the Kernel Crypto Framework (KCF) are stored, moving from using RPC over sockets instead of STREAMS, and more. Of course, there�s also the long list of updated open source packages. SRU 93.221.2 updates a broad set of platform, runtime, developer, networking, desktop, and open source components. Notable updates include Apache Tomcat to 9.0.116, bash to 5.3 patch 9, BIND to 9.20.18 and 9.20.21, Django 4.2 to 4.2.30, Django 5.2 to 5.2.13, Firefox to 140.8.0esr, Golang to 1.25.8, Node.js 20 to 20.20.2, Node.js 22 to 22.22.2, Node.js 24 to 24.14.1, NSS to 3.119.1, Perl to 5.42, Python 3.11 to 3.11.15, Python 3.13 to 3.13.12, RabbitMQ to 4.2.4, Thunderbird to 140.8.0esr, vim to 9.2.0340, and zlib to 1.3.2. Additional updates include development tools, Python modules, X11 utilities, printing components, libraries, cryptographic packages, networking tools, and desktop-related packages. ↫ Colin Kavanagh at the Oracle Solaris Blog Existing Oracle Solaris customers can update to the new release through pkg update.
- Android 17 released for Pixel devices with very few interesting improvements
Yesterday, Google released Android 17 to Pixel devices, so late last night I updated my Pixel 10 Pro with the intent to write a news item about the release today. The reality is that that I totally forgot I even upgraded last night, because Android 17 is about the biggest nothingburger I�ve ever seen. Virtually all of the new features listed in the upgrade blurb on my phone were AI! nonsense I don�t encounter, so over the course of the day, I didn�t really notice anything new about my phone�s operating system. The only interesting feature that I think will be particularly useful on tablets and perhaps foldable devices is something called App Bubbles!. Basically, you can turn any application into an overlay that can be minimised into a bubble, which then lives anywhere on your screen. Tap it, and you can maximise the overlay again. This little multitasking bubble can contain multiple applications, effectively making it a dock or taskbar. Neat, but I didn�t see much use for it on my phone. The remainder of the new non- AI! features are hard to spot, at best. I guess the ability to turn one half of a foldable display into a gamepad is neat if you can deal with gaming on glass buttons (I cannot), and the changes to location access (you can now grant it for just one time) and contacts access (it�s more fine-grained and temporary now instead of granting access to everything forever) are welcome, but that�s about it for user-facing features. Under the hood, the one thing that stands out is that Google is enforcing stricter memory limits for applications, based on how much RAM a device has. The idea is that this should prevent memory leaks from getting out of control and leading to crashes, which is nice, especially for devices with less RAM. Android 17 is available for Pixel devices now, and will probably find its way to non-Pixel devices over the coming months or years. With how little meat there is on Android 17�s bones, this might be the first release where Android�s update woes don�t really matter.
- KDE Plasma 6.7 released
The KDE team released KDE Plasma 6.7 today, and with it comes a long list of improvements, new features, bug fixes, new old themes, and so much more. A new feature that is sure to please those among us who use virtual desktops: you can now have different virtual desktop setups per display. It�s been a long-requested feature, so it�s great to see it makes its way to the KDE users. I despise virtual desktops, but I�m happy to see something that I assumed was already part of KDE to finally actually become available. Another major feature in KDE Plasma 6.7 is something we�ve already talked about: the return of the classic Oxygen and Air themes from the KDE 4.x days. These themes have seen extensive work over the past year or so to make them usable on the latest KDE release, which includes tons of bug fixes, visual nips and tucks, and countless additions to the collection of assets required to make a modern KDE theme look complete. This includes a ton of new icons in the old styles, light and dark modes, accent colour support, and much more. There�s still work left here, including adding support for QtQuick/Kirigami applications � which brings us to the next major new addition to KDE 6.7 This is also something we�ve already talked about: Union. I won�t repeat what I already explained last time Union came up, but suffice it to say that Union effectively unifies the various different ways KDE applications are themed, allowing theme designers to use relatively standard CSS to create themes that cover every aspect of the KDE user experience. Before Union, theme designers had to create individual, unique themes for a variety of parts of KDE � the Plasma desktop, QtWidgets using QStyle, QtQuick/Kirigami � which was a ton of work, and in the case of QtQuick/Kirigami, wasn�t really possible at all. As such, without Union, KDE�s theming is essentially broken, and Union fixes that. For now, Union is not enabled by default, and must be installed and enabled separately for testing. Of course, there�s a ton of other smaller new features, changes, and bug fixes as well. KDE Plasma 6.7 will find its way to your distribution soon enough.
- Apple adds keylogger to iOS App Store for targeted advertising: tied to your account and unencrypted
A week or so ago, Apple announced a bunch of features for the App Store on iOS, including personalised recommendations based on your activity and usage of iOS. It turns out this includes a keylogger (taplogger?) in the App Store, which records every single tap you make, every single letter you enter, and a lot of other information. All of this information is unencrypted and sent to Apple. Now Apple is putting the extensive identifiable analytics they collect in the App Store in action. They record every tap and there’s no way to turn it off. They can even calculate your typing speed. ↫ Michael Tsai, quoting Mysk The provided screenshots of the data collected are terrifying, especially because the data is unencrypted, sent to Apple, and fully tied to your user account. Apple clearly wants a slice of that big, juicy advertising pie, and they, too, are discovering that the easiest and best way to serve targeted ads is to collect as much data as they can about you. Of course, this is something the entire internet (but not OSNews!) and several megacorporations are built on by now, but Apple has been incredibly sanctimonious about how it supposedly actually cares about user privacy, making this keylogger yet another case of Apple�s hypocrisy on full display. Of course, if you care about privacy, you�re entirely free to download your iOS applications from somewhere other than the App Store and install them yours0 Oh, wait.
- The time the Windows x86 emulator team found code so bad that they fixed it during emulation
Another story from the good old days from Raymond Chen. During an exchange of war stories, a colleague of mine told one from back in the days when Windows included a processor emulator for x86-32 on systems that natively ran some other processor. (This has happened many times. And no, I don’t know which processor this particular story applied to.) ↫ Raymond Chen at The Old New Thing So the core of the story comes down to this: All in all, it took this program 256 kilobytes of code to initialize 64 kilobytes of data. ↫ Raymond Chen at The Old New Thing The people working on Windows were so offended by this, they added code to the processor emulator just to fix this program.
- FreeBSD 15.1 released
Speaking of FreeBSD, the project released version 15.1 of their operating system today. As it�s a point release, it�s not full of massive changes, but it still brings the LinuxKPI-based wireless drivers up to Linux 7.0, support for the C23 version of the C has progressed considerably, Unicode has bene updated to version 17.0.0 and CLDR 48, and more.
- FreeBSD 15 with KDE and Wayland on a Laptop
Expect to see more and more articles like this one, as more and more people discover that FreeBSD�s desktop/laptop support keeps improving rapidly. FreeBSD 15 really feels like a breakthrough release. It’s always been my favorite operating system for servers, but with the arrival of`pkgbase, massive improvements to theLinuxKPI`drivers, and the launch of the`Laptop Support and Usability Project, it’s become my primary desktop, too. ↫ Cullum Smith Since Smith tried FreeBSD 14.0, there�s now KDE Plasma 6.x, you can leave legacy X11 behind and use Wayland on FreeBSD now, and support for Intel Wi-Fi chips has greatly expanded. Apparently, battery life has improved as well, which is one of the hardest problems to solve for an operating system, especially with the wide variety of hardware combinations in the x86 world. The rest of Smith�s article is a guide to setting up FreeBSD 15 with KDE and Wayland. It�s quite detailed with a ton of low-level tuning and fiddling, accompanied by clear and concise explanation of what the changes do, which I really like. Definitely a bookmark for anyone who wants to try out FreeBSD with KDE.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
- KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
|
