|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)

- [$] LWN.net Weekly Edition for July 16, 2026
Inside this week's LWN.net Weekly Edition: Front: Fighting scraper bots; io_uring queues; Filesystem testing; BPF shielding; Sending packets from BPF; Kitty; QBE. Briefs: Shim security; seunshare vulnerability; Debian bookworm; Rust 1.97.0; Linux.org; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- [$] Topics in filesystem testing
It should come as no surprise that a gathering of filesystem developerswould discuss filesystem testing; it has been a mainstay of the Linux Storage,Filesystem, Memory Management, and BPF Summit over the years and the2026 summit was no exception. Ted Ts'o led the discussion this time; hehad a few different topics to raise, including his perception of increasingregressions for ext4 in the stable kernels and what can be done to helpreduce them. As with other similarsessions at the summit over the years,there is a lot of interest in collaborating on test inputs and outputs, butfinding a way to centralize that information has so far eluded thefilesystem community.
- Local DoS attack vectors in seunshare 3.10 (SUSE Security Team Blog)
The SUSE Security Team Blog has a postwith an analysis of seunshare,which is used by SELinux to confine untrusted programs. During areview of version3.10 of the program, the team identified two localDenial-of-Service (DoS) vectors.
Since seunshare is supposed to run on SELinux-enabled systems, itis important to understand what kind of privilege escalation can beachieved when vulnerabilities are exploited in a setuid-root binarylike this. Many SELinux-enabled systems, such as Fedora and openSUSE,ship with the "targeted" SELinux policy by default. This policy isfocused on confining well-known system services, but assigns anunconfined SELinux context to interactive users by default to achievea balance between security and usability.
There is currently no domain transition from the unconfined domainto the more restricted seunshare_t defined in the SELinux policy forseunshare. This means the execution of seunshare continues in theunconfined domain. Thus in the context of attacks carried out byinteractive users, the impact of the vulnerabilities below will be aroot-like privilege escalation despite the system running in SELinuxenforced mode.
See the post for the full write-up of the team's discoveries and timeline. Thevulnerabilities have been fixed in version 3.11.
- [$] Lockless MPSC FIFO queues for io_uring
Processes that use io_uringtend to keep a lot of balls in the air; being able to have many operationsunderway at any given time is part of the point of that API in the firstplace. The io_uring subsystem must, as a result, keep track of a lot oftasks that have to be performed at the right time. In current kernels,io_uring uses a standard kernel linked-list primitive to track those workitems. As of the 7.2 kernel release, though, io_uring will, instead, use anew lockless, multi-producer, single-consumer (MPSC) queue, resulting insome notable performance gains. Lockless algorithms tend to be tricky, butthe one used here is relatively approachable and shows how these algorithmscan work.
- Security updates for Wednesday
Security updates have been issued by AlmaLinux (cifs-utils, corosync, cups, freerdp, git-lfs, go-fdo-client and go-fdo-server, go-toolset:rhel8, kernel, kernel-rt, libinput, libxml2, nginx:1.24, openssl, pacemaker, perl-DBI:1.641, php8.4, python-pillow, python3, and python3.12), Debian (grub2, libxfont, opam, and wolfssl), Fedora (freerdp, kernel, and prometheus), Mageia (imagemagick), Oracle (buildah, freerdp, gimp, kernel, nginx, openexr, openssl, perl-DBI, podman, vim, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (python3.12), SUSE (afterburn, buildah, busybox, enc, freetype2-devel, go1.25, go1.25-openssl, go1.26-openssl, gosec, grafana, helm, krb5, kubernetes-old, libopenbabel8, libxml2, libxml2-16, nasm, openssl-3, patch, python-Authlib, python-mistune, python-soupsieve, python-sqlparse, python3-dulwich, python313-Pillow, rootlesskit, sbootutil-1, tomcat, and tomcat11), and Ubuntu (alsa-lib, dnsmasq, gnutls28, libheif, linux-aws, linux-fips, linux-lts-xenial, linux-gcp-5.15, linux-intel-iotg-5.15, linux-hwe-6.17, linux-raspi, mariadb, openvpn, python-httplib2, vim, and wget).
- Many old shim versions are still accepted by secure boot
The CMU CERT Coordination Center has put out an advisory that manyexploitable versions of the shim binary, used to boot Linux on systems withUEFI secure boot enabled, were never added to the revocation list. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Code executed during this early boot phase may achieve persistent compromise of the platform, including the ability to load unsigned or malicious kernel components that can survive system reboots and, in some cases, operating system reinstallation. The advisory contains a list of vulnerable shims.
- The Linux.org story
Rob Kennedy has posted thestory of the birth of Linux.org — oneof the earliest Linux-related web sites — and its more recent rebirth. The site was founded in May 1994 by Michael McLagan, at a time when Linux itself was barely three years old. Linus Torvalds had only just released it to the world, there was no real way for a newcomer to find their footing, no search engines, no Wikipedia, none of the infrastructure people take for granted now for figuring out a new piece of technology. Michael built linux.org to fill that gap, a place for people to learn about Linux and follow the movement as it grew.
- Call for topics for the 2026 Maintainers Summit
The Maintainers Summit is an annual, invitation-only gathering of kerneldevelopers and maintainers to discuss development-process issues; see LWN's 2025 Maintainers Summit coverage for anexample. The call fortopics for the 2026 gathering (Prague, October 8) has gone out.One of the best ways to obtain an invitation to the Summit is with a goodtopic proposal. For best consideration, topics should be submitted beforeJuly 24.
- [$] Sending packets directly from BPF
Tetragon, the BPF-based security monitoring tool,uses BPF to monitor different aspects of a running kernel andenforce user-specified policies. It sends its data to a user-space process,which forwards the data to a central monitoring service elsewhere in thenetwork, however. Thispresents a point of vulnerability: if an attacker can kill Tetragon's user-spaceagent, it won't be able to properly report on the situation. Song Liu, MahéTardy, and Liam Wiseheart spoke about their work removing the need for theuser-space agent at the 2026Linux Storage, Filesystem, Memory-Management, andBPF Summit.
- Security updates for Tuesday
Security updates have been issued by AlmaLinux (389-ds:1.4, buildah, freeipmi, freerdp, gegl, gimp, golang, kernel, libreoffice, maven:3.9, openexr, perl-DBI, plexus-utils, podman, tomcat, tomcat9, xorg-x11-server, and xorg-x11-server-Xwayland), Debian (imagemagick, p7zip, and redis), Fedora (breezy, calibre, and golang-github-openprinting-ipp-usb), Mageia (ffmpeg, gzip, haproxy, libheif, libtiff, libxml2, packages, perl-List-SomeUtils-XS, and perl-Socket), SUSE (alsa, chromedriver, curl, dhcpcd, docker-compose, glibc, haproxy, ImageMagick, jq, kernel, kubernetes, libpng15, libredwg-devel, libslirp, nghttp2, php8, python-Pillow, python313-Django, python313-weasyprint, qemu, rust-keylime, sccache, and systemd), and Ubuntu (cifs-utils, libexif, libreoffice, libssh2, openssh, and pipewire).

- AI Uncovers a 15-Year-Old Linux Kernel Root Vulnerability Hidden Since 2011
Artificial intelligence has helped uncover one of the most significant Linux kernel security flaws in recent years. Security researchers at Nebula Security announced the discovery of GhostLock (CVE-2026-43499), a critical local privilege escalation vulnerability that remained hidden in the Linux kernel for approximately 15 years before being identified by the company's AI-powered vulnerability research platform, VEGA.
- Clintech Pico Board exposes all 48 RP2354B GPIOs in Pico-compatible form factor
Clintech has launched a Crowd Supply campaign for the Clintech Pico Board, an open-hardware microcontroller board based on Raspberry Pi’s RP2354B. The board retains the 51 × 21mm Raspberry Pi Pico footprint while exposing all 48 GPIOs available from the larger RP2354B package. The RP2354B combines dual 150MHz Arm Cortex-M33 cores with dual Hazard3 RISC-V […]
- FreeBSD Laptop Support Continues Improving With WiFi, GPU & Audio Driver Work
The FreeBSD Foundation's Laptop Support and Usability Project, which has received more than $750k USD in funding to improve the experience of FreeBSD on laptops, is out with its newest monthly progress report. A lot continues to happen for improving the FreeBSD laptop story, which in many aspects also benefits FreeBSD on the desktop too...
- Distro of the Week: Slackel 9.0 MATE
This week's Distro of the Week is a first on two levels: First, it's the first Greek distro we've ever reviewed in our short lifetime, but way more importantly, we finally - FINALLY! - got a Slackware-based Linux distro to run. And run it did - boy, did it ever.
- Ubuntu 26.04 LTS vs. Windows 11 vs. CachyOS Performance On A $5399 Laptop
Earlier this month on Phoronix I reviewed the Razer Blade 18 RZ09-0582 as the first laptop Razer is certifying for Linux use via Canonical's hardware certification program for Linux. It offered very nice performance with the Intel Core Ultra 9 290HX Plus and NVIDIA GeForce RTX 5090 graphics albeit costly with a configured price of $5399 USD. That review featured benchmarks on Ubuntu 26.04 LTS but for those wondering about the performance of Ubuntu against Windows 11 on this gaming/AI developer laptop, here are comparison benchmarks plus also tossing in the rolling-release CachyOS distribution.

- Physicists Create First Room-Temperature Quantum Material
alternative_right shares a report from Phys.org: In a study published in Nature, LSU physicists have developed the first room-temperature quantum material capable of distinguishing and transporting different quantum states of light, overcoming one of the biggest challenges in quantum materials research. Led by Associate Professor of Physics Omar S. Magana-Loaiza, the work establishes a general design principle for engineering an entirely new class of quantum materials, opening new possibilities for quantum computing, secure communications, sensing technologies and advanced energy systems.
 
Read more of this story at Slashdot.
- US Suffered a Major Power Outage Every Month of 2026
An anonymous reader quotes a report from Electrek: A Reddit post making the rounds this week claims the U.S. has experienced at least one major power outage every month of 2026 -- but is it true? I dug into several outages, the extreme weather behind them, and what we can do to help keep the lights on. [...] The claim that hundreds of thousands of Americans were without power over extended periods at least once per month, every month of 2026 surprised be in two ways. First, because I had no idea if it was true -- and, second, because it felt true. We try to do better than writing about things that feel true around here, however, so I did a bit of research (translation: I Googled power outages by month) and came up with the following examples in about sixty seconds January: More than 296,000 customers still without power as winter storm freezes much of the US February: More than 380,000 customers without power as winter storm hits US Northeast March: Storms Cut Power to Over 1 Million Customers in U.S. Midwest, Mid-Atlantic; Ohio Hardest Hit April: At least 29 tornadoes touched down in Central Illinois on April 17th May: Energy Secretary Issues Emergency Order to Deploy Backup Generation in the Mid-Atlantic Amid Heatwave June: More than 373,000 U.S. customers without power due to extreme weather ... and that list is far from comprehensive, and how you feel about it might depend on what you consider a "major" outage, of course -- but consider that there are tens of thousands of Americans without power right now, and that's not making the news. [...] The lesson here is that weather-related grid outages -- whether they're caused by wildfires, mudslides, derechos, tornadoes, ice storms, hurricanes, heat waves, or some other disaster I'm lucky enough to have forgotten about -- read like statistics when they're happening over there, but get personal real quick when they're happening to you.
 
Read more of this story at Slashdot.
- Book Publishers Sue Google For Copyright Infringement Over Gemini AI Training
Major publishers Hachette, Cengage, Elsevier, and author Scott Turow have sued Google, accusing it of using millions of copyrighted books to train Gemini without permission or payment, in "one of the most prolific infringements of copyrighted materials in history." The Guardian reports: The publishers argue that Google repurposed books that had been supplied for limited services such as Google Books, Google Play Books and Google Scholar. Those services allowed Google to use the works in specific ways -- for example, to display searchable snippets or sell ebooks -- but not, the lawsuit claims, to copy them for training commercial AI products. "Desperate to maintain its online dominance, Google abandoned its early motto of 'Don't be evil' and engaged in one of the most prolific infringements of copyrighted materials in history," the suit states (PDF). According to the complaint, the tech company made copies of copyrighted books to train Gemini without permission or payment, despite internal discussions acknowledging the legal risks. The filing claims Google flagged internally that it could face "$10Bs-$100Bs in potential fines" for using texts provided by publishers for Google Play Books. The publishers say Google's actions are harming authors and the wider publishing industry, arguing that AI-generated content could negatively impact book sales. It notes that, for example, Gemini could generate "a 100-page murder mystery set in a quiet seaside town filled with secrets, that substitutes for an original copyrighted murder mystery on which Gemini trained" in 20 minutes for 39 cents. "No publisher or author can compete with that." The lawsuit names a number of specific books that the publishers allege were among the copyrighted works used without permission, including NK Jemisin's The Fifth Season, and Lemony Snicket's Who Could That Be at This Hour?
 
Read more of this story at Slashdot.
- Spotify Is Now an AI Chatbot, Too
Spotify is testing a new "Talk to Spotify" AI feature for Premium subscribers that will let them chat with an AI assistant to explore music, podcasts, and audiobooks. The feature can answer questions about what users are listening to, adjust playback through follow-up prompts, and offer more personalized recommendations. The Verge reports: Amazon Music introduced a similar feature last year when it integrated Alexa Plus into the service. Spotify's chatbot goes a step beyond providing AI-powered recommendations and general trivia, however, because it references your playlists, favorite artists, repeat listens, and listening data when responding to requests. That means you can ask questions about your own listening history to check when you first heard a specific song, or see what genres you've been into lately if you can't hold out for the annual Wrapped insights. The updated AI capabilities are more conversational than older features like Prompted Playlist, which automatically builds playlists based on descriptions. Now, you can ask the Spotify chatbot to "play some songs I haven't heard before," and control what's being played with further instructions like requesting specific artists or asking to make it "more upbeat." Spotify says the new conversational experience aims to make the platform "more personal and useful for every listener," making this one of several ways that the company is trying to address complaints about its algorithm. You can also ask the Spotify AI general questions about whatever you're listening to, making the feature feel similar to using chatbot services like Google's Gemini or OpenAI's ChatGPT. That includes asking for when a song was released, exploring other titles an author has written when listening to one of their audiobooks, or checking if a podcast guest has appeared on other audio shows.
 
Read more of this story at Slashdot.
- Hack Reveals Suno AI Music Generator Scraped YouTube, Deezer, and Genius
A hacker who breached Suno reportedly revealed source code and training-library details showing the AI music generator scraped millions of songs and lyrics from sources including YouTube Music, Deezer, Genius, Pond5, Jamendo, Freesound, and podcast RSS feeds. "The hacked data is a rare look at exactly how AI models and tools are built," reports 404 Media. "Suno is one of the largest AI music generation tools on the internet, and has been the subject of several major lawsuits from the record industry, which accused the company of training on millions of copyrighted songs." Suno maintains that its models were trained on publicly available music files and metadata as fair use. 404 Media reports: The Recording Industry Association of America accused Suno of ripping songs directly from YouTube; the hacked data seen by 404 Media confirms this. The hacked material includes source code that appears to be from 2023 and 2024 that includes scraping instructions and details about the scope of at least some of the scraping. For example, the comments in one file note that they will pull from "genius_hq, youtube_music, freesound, jamendo, imp, deezer, ytm_tagged," and that "non-music will be filtered out." A file called "youtube_music" notes that at the time the file was last updated, it had ingested "2,013,545 music clips." Another file contains comments about different datasets Suno had created, which included "113,879 hours of youtube_music," "17,615 hours of genius_hq," "410 hours of free sound," "19,514 hours of imslp," "3,726 hours of jamendo," "62,117 hours of pond5_music," "12,287 hours of deezer," "152,162 hours of ytm_tagged," and "103 hours of musescore_lyrics." In total, this is at least decades worth of music. Other code the hacker shared with 404 Media appeared to look specifically for vocals by searching specifically for acapella versions of songs on YouTube. The code also suggested that Suno was using proxies to scrape songs from YouTube through a company called Bright Data, which sells scraping tools, infrastructure, and data services. Additional code shows that with the help of an online tool called PodcastIndex, Suno identified 420,000 different podcasts that had at least five, 30-minute episodes and sought to download roughly 1 million hours of podcasts. [...] The hacker, ellie.191, told 404 Media they breached the company by hacking an individual employee using the Shai-Hulud worm, a supply chain attack that allowed hackers to harvest GitHub and cloud service credentials. They said they also accessed Suno's customer list, which included customers' emails and/or phone numbers and Stripe payment details, depending on what they used to login. The hacker provided a sample of some of the customers, some of whom confirmed to 404 Media they had used their phone number to sign up for Suno and said they were never notified of a breach. The hacker told 404 Media they had no specific motivation for hacking Suno and said "I like to hack anything and everything."
 
Read more of this story at Slashdot.
- FCC Plans To Repeal 39% TV Ownership Cap
The FCC plans to vote on repealing local TV ownership limits, including the 39% national audience cap that currently restricts how much of the U.S. market a single broadcast group can reach. Engadget reports: On August 6, commissioners will hold a ballot to repeal Section 303 of the Communications Act, and with it the 39 percent rule. In essence, the rule limits the reach of a local TV network to no more than 39 percent of the U.S.' total audience market. In its place, the FCC would move to a system whereby it would personally approve or reject TV ownership deals on a case-by-case basis. It's not clear if the FCC even has the authority to reject Section 303 without the explicit consent of the legislature. As Lawrence J. Spiwak wrote in the Yale Journal on Regulation back in January, Section 10 of the Communications Act expressly forbids the FCC from bending the rules around Section 303. "Americans no longer trust the legacy national media to report the news fairly or accurately," wrote FCC Chairman Brendan Carr in an op-ed published on Breitbart. "In fact, only eight percent of Americans have a great deal of trust in mass media. That figure is even lower among Republicans -- sitting at a mere three percent." "... Many local broadcast TV stations are getting hollowed out as a result and turning into little more than mouthpieces for programming produced in New York and Hollywood," he alleged. "That is not what Congress or the FCC intended."
 
Read more of this story at Slashdot.
- Google and Epic Cancel Settlement; Third-Party App Stores Coming To Google Play
An anonymous reader quotes a report from Ars Technica: Big changes are coming to Android apps, but they're not the changes Google wanted. The settlement between Google and Epic that aimed to put to rest the companies' long-running antitrust battle is being withdrawn, and that means third-party app stores are coming to the Play Store. Google has confirmed that it will begin distributing rival app stores next week, setting the stage for competing platforms to take a bite out of Google's Android revenue stream. [...] Google and Epic were set to return to court on July 16 to argue in favor of the settlement. However, the writing may have been on the wall. In a recent expert analysis provided to the court, MIT economics professor Nancy Rose noted that the settlement was "unlikely to enable Google Play's potential competitors to overcome their long-standing network-effect disadvantage in a timely manner." With settlement approval looking increasingly unlikely, Epic and Google agreed this week to call the whole thing off. Here's how Google Trust and Reputation Communications Lead Dan Jackson explains the company's decision: "We've agreed with Epic to withdraw our motion to modify the US Court's injunction rather than prolonging this process which creates uncertainty for the ecosystem. This allows us to focus on executing our recently announced global business model evolution to deliver greater app store choice, lower prices, and more opportunities for developers and users. We remain committed to maintaining Android's industry-leading security and fostering a competitive ecosystem where every app store and developer has the freedom to compete. In parallel, we continue to comply with the US Court's injunction." In a brief filing (PDF), Google's legal team informs the court that Google is prepared to begin distributing third-party app stores in Google Play on July 22. Under the terms of Judge Donato's original injunction, these stores will have access to the full catalog of Google Play apps by default. Developers will have the option to opt out of distribution in these stores, and Google has a support page explaining how to do so. Google also has documentation on how app stores can get access to the Google Play catalog. It won't be mirroring those apps in any shady storefront that asks. The court has allowed Google to charge reasonable fees to cover its security and compliance review of third-party stores, which will be $5,000 per year. Google will also require approved stores to block malware, respect intellectual property, and include mechanisms to update and uninstall apps. App stores can be removed from the program if more than 1 percent of attempted app installs appear to be malware or unwanted software. It's unclear if there will be separate, possibly more stringent requirements for storefront distribution in the Play Store. However, Google is prohibited from unreasonably blocking third-party store clients uploaded to Google Play. The changes Google has announced under the Epic agreement will proceed for now. That means Registered App Stores will happen globally, but they will probably only appear in the Play Store for US users. Google hasn't specified if there will be any differences in the features available to the stores downloaded from Play versus registered stores.
 
Read more of this story at Slashdot.
- FreeBSD 16 Retires the Last of Its GPL Code
FreeBSD 16 has removed the last GPL-licensed code from its base system, retiring the old GNU 'dialog' implementation after the installer moved to 'bsddialog' and the final dependency was disabled. Phoronix reports: This ticket to retire dialog was opened back in February while is now merged to the FreeBSD source tree for what will become FreeBSD 16.0. With dialog removed, the latest FreeBSD code now retires the GNU sub-tree of the FreeBSD base system now that no more GNU code remains. FreeBSD 16.0 is working its way toward release that is expected to happen in December 2027.
 
Read more of this story at Slashdot.
- OpenAI Launches a Keypad for AI Agents
OpenAI's first hardware device is a limited-edition desktop keypad called the Codex Micro that lets users monitor and control AI coding agents. Axios reports: Codex Micro is a collaboration with Work Louder, a boutique hardware company known for customizable mechanical keyboards and shortcut controllers for developers and designers. The small, square macro pad -- with backlit keys, a rotary knob and a tiny joystick -- sits beside your regular keyboard as a physical shortcut box for common Codex actions and shows the status of your agents. The keys are customizable and include a push-to-talk option as well as a dial to adjust your reasoning setting. Codex Micro is a niche device for Codex power users and will only be available until it sells out. It's priced at $230.
 
Read more of this story at Slashdot.

- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.

- AMD ROCm 7.14 "TheRock" Tech Preview Tagged For Latest AMD GPU Compute Stack
AMD's software team appears to be busy getting ready for next week's Advancing AI event happening next week in San Francisco. In addition to the release today of the Lemonade 11.0 local AI server, TheRock 7.14 was also tagged as the modern build system for ROCm working on the latest tech preview releases of this open-source AMD GPU compute stack...
- Ubuntu 26.04 LTS vs. Windows 11 vs. CachyOS Performance On A $5399 Laptop
Earlier this month on Phoronix I reviewed the Razer Blade 18 RZ09-0582 as the first laptop Razer is certifying for Linux use via Canonical9s hardware certification program for Linux. It offered very nice performance with the Intel Core Ultra 9 290HX Plus and NVIDIA GeForce RTX 5090 graphics albeit costly with a configured price of $5399 USD. That review featured benchmarks on Ubuntu 26.04 LTS but for those wondering about the performance of Ubuntu against Windows 11 on this gaming/AI developer laptop, here are comparison benchmarks plus also tossing in the rolling-release CachyOS distribution.
- Vocalinux 0.14 Beta Released For Offline Voice Dictation / Speech-To-Text On Linux
Ubuntu 26.10 is notably working on laying the foundation for a context-aware desktop and their initial deliverable being worked on is Myna as a speech-to-text solution for the Linux desktop. Interestingly there is already a promising voice dictation / speech-to-text solution for the Linux desktop called Vocalinux that continues advancing and is usable right now for those looking at their own speech-to-text desktop solution...
- FreeBSD Laptop Support Continues Improving With WiFi, GPU & Audio Driver Work
The FreeBSD Foundation's Laptop Support and Usability Project, which has received more than $750k USD in funding to improve the experience of FreeBSD on laptops, is out with its newest monthly progress report. A lot continues to happen for improving the FreeBSD laptop story, which in many aspects also benefits FreeBSD on the desktop too...

- Jurassic Park computers in excruciating detail
After I mentioned a Jurassic Park anecdote the other day, I watched the movie again. I must have seen it at least ten times now. This time, I researched every computer/software I spotted. ↫ Fabien Sanglard We are all aware of the infamous This is a UNIX system, I know this!! meme, but many more computers make their appearance in Jurassic Park, and Fabien Sanglard documents all of them. Apparently, theres even a Motorla Envoy running Magic Cap on Dennis Nedrys desk, which I almost find more exciting than the SGI powerhouses he uses. Whats also quite interesting but not surprising is that all of the computers used in the movie were real. The value of all of this hardware combined, when adjusted for inflation, adds up to about $4 million. A lot of money, but dont you worry your pretty little heart, as SGI and Apple all loaned this hardware to the studio. They didnt have to pay anything for it.
- Twitters AI! translate feature is deep into hardcore pornography
As a former translator with two rock-solid university degrees in the subject, there was never a universe in which I would not talk about Twitters new autotranslation feature turning the tamest things into hardcore pornography. Elon Musk’s AI chatbot Grok has long garnered a reputation for experiencing horrifically racist meltdowns, enabling child abuse, and doxxing users’ home addresses. It should come as no surprise, then, that its supposed “translation” is a piece of work, too. In April, the almost-trillionaire’s social media platform X instated automatic AI translations for all of its users — and the results certainly speak for themselves. As writer and author Parker Molloy pointed out in a recent post on Bluesky, the Grok feature is “taking some interesting liberties” with people’s otherwise sincere posts. Screenshots show how Grok completely botched translations by coming up with shocking and decidedly NSFW AI hallucinations. ↫ Victor Tangermann at Futurism The sloppy translations this garbage software comes up with are honestly quite hilarious when taken in isolation. Its adding translations that are straight-up hardcore pornography descriptions to entirely tame material that has absolutely nothing to do with pornography. The description of a video of some guy making coffee is translated into man masturbates and jerks off to his own coffee during commercial flight!. We all know how this happened. Theres a lot of pornography on the internet, and Grok being the worst autocomplete among autocompletes, it was probably fed a lot of pornography, without any limitations or guardrails. The end result is obvious: some random videogame video is now a cumshot video with my stepmom!. It would be absolutely hilarious if it wasnt horribly dangerous. Ive explained countless times that AI!-based translations are going to get people killed probably already have, but we just dont realise it yet and its not hard to see how a slopmachine turning innocuous things into hardcore pornography can do just that. There are countless places in the world where a woman unknowingly sending a pornographic message to her parents or whatever can get her hurt or worse. I hadnt even considered this particular way AI! translations could get people hurt. Sadly, we will most likely never know the full extent to which AI! translations will get people hurt and killed. When your grandmother takes her medicine in the wrong way because the AI!-translated leaflet was unclear or downright wrong, and she ends up in the hospital because of it, will you ever find out what caused it?
- The web is being made accessible for AI, not people
The Svelte web framework recently added a section to its documentation site addressed, cheerfully, to artificial intelligences: “If you’re an artificial intelligence, or trying to teach one how to use Svelte, we offer the documentation in plaintext format. Beep boop.” Svelte is participating in a broader movement to make the web legible and navigable to AI systems. The specific convention it adopted, llms.txt, is just one piece of this effort. From Model Context Protocol (MCP) servers that give AI agents structured access to tools and services, to Vercel’s proposal to include LLM instructions in HTML, the trend is clear. The modern web, originally built for sighted humans using browsers, is now being redesigned for a new kind of user. What these developers are offering their AI visitors is essentially an accessibility accommodation. Yet, the framing on Svelte’s site sends an unfortunate message. When the audience is AI, accommodation is offered with a wink. Beep boop! But when the audience is a disabled person, it has historically been treated as an afterthought. Structured, concise text-based representations of complex content are almost exactly the kind of accommodation that blind and low-vision screen reader users have spent decades requesting from web developers, largely in vain. The Web Content Accessibility Guidelines (WCAG) have required semantic, machine-readable HTML for decades. Yet, a 2026 study of the top million webpages found accessibility flaws in over 95% of sites. ↫ Frank Elavsky at Tech Policy Press Pachinko machines are treated more humanely than people with disabilities. Yep, sounds about Silicon Valley to me.
- Haiku gets NetBSDs NVMM, beta 6 release planned for August
Haiku has another buy month of development activity to detail, and theres a big ticket item this time, even if the developers themselves dont consider it so. The thing that should be the biggest news item this month is that the GSoC 2024 work to port “NVMM”, the NetBSD Virtual Machine Monitor (which runs on more than just NetBSD, despite the name), providing hardware-accelerated virtualization support for QEMU, was finally merged. Unfortunately it still doesn’t fully work, so it’s still disabled by default: hence, it’s only a minor news item, unfortunately. ↫ waddlesplash on Haikus website It may not work due to so far not well-understood problems causing any complex virtualised operating system to crash in a variety of ways, but since these problems seem related not to NVMM but Haiku itself, I still think this is a big piece of news. If the problems can be addressed, Haiku will have proper virtualisation, which is crazy to think about. Theres a forum thread in case you wish to help out with this effort. Other than this major news, theres the usual list of small fixes and changes, including preliminary work on USB Ethernet support, which, when working, could be very welcome news for people whose onboard Ethernet doesnt work with Haiku. The team also believes a beta 6 might actually be released this August, but once again Id like to underline that Haikus nightlies work just fine, and you really dont need to wait for a beta.
- People are starting to think twice about buying Facebooks pervert glasses
I have yet to see any of these creepy camera glasses Facebook (and a few other companies) are selling. One of the many benefits of living in Arctic Sweden, where people are reserved, keep their their distance, and try not to draw attention to themselves, is that new technology fads dont really permeate society here. The odds of me spotting one of these creepy predator glasses in my remote town are incredibly slim, and to me, thats a feature, not a bug. Meanwhile, in places where these creepy things can actually be found in the wild, a backlash is thankfully growing. Will Kujawa, a freelance video producer, said that he has been thinking about buying a pair of Meta glasses with prescription lenses to film behind the scenes content during his shoots, but the online backlash has given him second thoughts. He says he was blown away by how mean some of the people were! in response to his social media posts about considering buying a pair. I saw all these comments about if you wear those glasses youre basically a predator or a creep, and I was like, oh, maybe its not a good idea to have those,'! he told Engadget. But he says he understands why people have concerns. I didnt really think that through all the way … there are a lot of times where its not appropriate to wear cameras on your face. And even though I would have no intention of do anything creepy with them, it didnt even occur to me other people just assume that automatically.! ↫ Karissa Bell at Engadget I can maybe see a use for these things in specific professional environments, but even then, obviously not ones made by Facebook, one of the, if not the creepiest companies in technology history. If I were to see anyone out here in the real world using one these things, I, too, would automatically assume that the guy (statistically speaking) wearing them is a creep. I can only imagine what the people most often targeted by creepy men would think encountering some rando wearing these. Clearly, these things should be made illegal outside of specific professional environments where they could potentially be useful. While its impossible to stop tools like these from making their way into the hands of creeps, it at least provides the justice system with a clear method of nailing them to the wall. They didnt get Al Capone for any of his violent crimes they nailed him for tax evasion.
- The GDID really isnt the only way Microsoft can track Windows users
In what should be a surprise to absolutely nobody, Microsoft assigns a persistent identifier to every Windows installation, tying it to its user, and the company has no issues handing it over to law enforcement. Abhijith M B at windows Latest dove into the details, and its just as bad as you would expect. Am I glad Stokes got caught? Yes, without hesitation. Thirty-five pages of a teenager bragging about diamond chains spelling out “HACK THE PLANET” while extorting a jewelry store don’t leave much room for sympathy, whatever role Microsoft’s telemetry played in building the case. But that doesn’t make the GDID okay. Every company selling you software has some version of this, and a persistent device identity is a reasonable thing to build into activation and fraud systems. What gets me is that most people had never come across the term GDID before a federal court filing such as this. Microsoft wrote one sentence about it in an Azure Monitor reference table meant for enterprise IT admins pulling update reports, not for the 1.6 billion or so regular people whose PCs are generating this data. You might be tech savvy enough to turn off Activity History, pick a local account, and strip out every scrap of optional telemetry, but none of it changes the fact that the identifier exists, and that it answers to your Microsoft Account instead of you. Microsoft only told the public about it once a court forced the issue. ↫ Abhijith M B at windows Latest The thing is, even without this GDID, I cant imagine Microsoft would have much trouble tying a Windows installation to a specific user. Consequently, Im afraid the following is going to happen: this story gains even more traction, Microsoft removes the GDID, and everyone thinks the problem is resolved. Of course, in reality, any one of the hundreds of other metrics and data Microsoft collects can and will still be used in the exact same way as this GDID thing in this case. If my experiences with Windows 11 werent clear enough dont use Windows. Just dont.
- How early SunOS did diskless workstations before NFS
I have a love-hate relationship with Suns NFS. Since it was so prevalent, its a go-to for getting stuff on and off the classic UNIX workstations I love to explore, but at the same time, it also never seems to work right away. However, the technology NFS was designed to replace was apparently quite a bit worse. Sun sold diskless workstations before NFS, which used something called nd (network disk). The problems with nd stem from a limitation of SunOS at the time. Since SunOS only provided support for a maximum of eight partitions per physical disk, nd offered the ability to create subpartitions, of which you had to manually create and remember the start and end sectors. Thats a recipe for problems. But wait, theres more! For extra bonus problems, you might run out of available partitions to use on your server disk because you needed all of the available ones for regular filesystems and your swap area. If you were in this situation you could take the dangerous but necessary step of specifying your network disks using the special c partition (cf dkinfo(8)), which was conventionally used to provide access to the entire disk. This was extra dangerous because you had to make sure that the nd disks you specified werent overlapping into any regular partitions that you were using, since as nd(8) says, nd itself did no sanity checking. If you said sectors X to Y were network disk X, thats what they were, and goodness help you if some of them were also something else. ↫ Chris Siedenmann And this isnt even everything. Every part of this sounds horrid, and I can totally understand seeing NFS as a godsend compared to nd. Its depressing that were in 2026 now, and the basic task of sending a file from one computer to another over your own network often still a total clusterfuck.
- Nokia’s 14 years of mobile-phone supremacy ended in an afternoon
OSNews covered the downfall of Nokia extensively back when it was happening, but I must admit that seeing this whole story in retrospectives! now makes me feel so incredibly old. This story played out roughly between 2007 and 2016 in the grand scheme of things, the end of Nokias phone business wasnt that long ago! Zeit, bitte bleib stehen. Anyway, heres another retrospective, but this one I definitely like a bit more than the countless others weve seen, because it ends on the part of the story often left out: Nokia not only survived, its actually thriving. The company itself ultimately survived, even if the transition wasn’t painless. Nokia’s revenues, which peaked in 2007, fell sharply through the mid-2010s before the company refocused on a decades-old business line—telecom infrastructure—that many had forgotten Nokia was even in. Nokia now ranks among the world’s top three suppliers of 5G network equipment, serving carriers across more than 125 countries, alongside Ericsson and Huawei. Although the company could never quite crack the smartphone, it now plays a key role in providing the network backbone those smartphones run on. ↫ Chris Chinchilla at IEEE Spectrum From a business perspective, I honestly doubt Nokias phone business couldve survived to this day, even if they had responded to the arrival of the iPhone sooner, and even if they didnt do the stupid thing of focusing on Windows Phone first and had just embraced Android right away. Obviously, a Nokia with its own touch-era smartphone operating system would never have survived none of them did and even if they went with Android from the onset, I think the eventual onslaught of Samsung, which has killed many a popular smartphone brand, wouldve trampled Nokia too. In a better version of our world, Nokia wouldve survived with its own smartphone operating system, based on Symbian or not, and it wouldve been Europes strong, consistent answer to the Americans iOS and Android. While Nokia wouldve still been a business and wouldve undoubtedly tried the same anti-user shenanigans as Apple and Google, theyd at least be easier to reign in regulatory-wise. Youd hope. The EU shouldve never allowed Nokias smartphone business to be sold to Microsoft.
- Apple sues OpenAI for theft of trade secrets!
Apple sued OpenAI on Friday, alleging the AI company has stolen the iPhone maker’s trade secrets to develop its own yet-to-be-unveiled AI gadgets. In the suit, filed in the District Court of Northern California, Apple accuses OpenAI of trade secret misappropriation and breach of contract. ↫ Lisa Eadicicco and Hadas Gold at CNN I find this about as interesting and watching artificial grass grow, but with the common wisdom being that Apple is behind on AI!, it was honestly only a matter of time before the lawsuits came. After all, thats usually what companies who cant win in the market do. At the very least this will give corporate tech news websites a whole slew of new material. I just hope they both implode. Wed all be better off for it.
- Redox gets GTK3, Tcl
Redox did the develop cools stuff thing again for a month, so weve got progress to talk about. This past month, GTK3 has been ported to Redox, as well as the Tcl programming language. Support for per-window fractional scaling has been added to Orbital, Redox desktop environment, but its still relatively limited for now. Theres also new USB gamepad support, which already works in quite a few emulators, as well as details about how Redox intends to improve its support for running in a virtual environment over the coming 12 months, an effort sponsored by NLnet. Of course, theres also the usual bugfixes and updates to various drivers, the kernel, Relibc, and more.

- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem. What Is EU OS? EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments. The Vision Behind EU OS The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty. Conclusion EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here. Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1: 1. Linux ARM IDE Support Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started. 2. Web Drag and Drop One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required! 3. Direct App Store Publishing Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process. 4. New Desktop and Mobile Features This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection. 5. Performance and IDE Enhancements Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced. What Does This Mean for Developers? Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution. How to Get Started Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com. Final Thoughts With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you. Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem. Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca. Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers. kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement: Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring. ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners. LibreOffice

- Hannah Montana Linux Is Back!
Developer Noah Cagle decided the world needed the once obscure but beloved Linux distribution and gave it a decidedly pink refresh.
- Kubuntu Focus Goes Ultra
The Kubuntu Focus team has upped the performance ante of its M2 and Zr laptops with the latest, greatest CPUs from Intel.
|