|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Single Column)
- Fedora 42: bind9-next Critical DNSSEC Issues Fix 2025-d9f9394ecd
Update to 9.21.14 (rhbz#2394406) Security Fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780)
|
- OAK 4 D and OAK 4 S Standalone Edge Vision Cameras with PoE and 48MP Imaging
Luxonis has opened early access preorders for the OAK 4 D and OAK 4 S, two standalone edge-processing cameras designed for computer vision tasks. Both systems provide a 48MP RGB sensor with optional autofocus or wide-angle variants, USB 3 and PoE connectivity, IP67-rated enclosures, and on-device inference capabilities. Both devices are built around the RVC4 […]
- Banana Pi Previews Its First SOPHGO BM1688-Based Compute Module
Banana Pi has previewed the BPI-SM9 16-ENC-A3, a compact deep learning compute module built around the SOPHGO BM1688 processor. The module is described as targeting low-power AI workloads, hardware video acceleration, and mixed-precision neural inference across microservers, edge systems, industrial platforms, and AIoT devices. The BM1688 datasheet does not appear to be available on the […]
- How to install Git on Debian 13
In this blog post, we will explain how to install Git on Debian 13 OS. Git is a free and open-source distributed version control system that manages the code changes in files among multiple developers. The main characteristic of Git is its distributed nature, which means that every developer has a complete copy of the entire project locally.
- Waveshare Pairs RISC-V ESP32-P4 and ESP32-C6 for Wi-Fi 6, Bluetooth 5 LE, and PoE Support
Waveshare has released the ESP32-P4-WIFI6-POE-ETH, a compact development board built around the ESP32-P4 along with an ESP32-C6 wireless module. The design combines Wi-Fi 6, Bluetooth 5 LE, Ethernet, and optional PoE power delivery in a single platform aimed at multimedia processing, display and camera applications, and general embedded development. Like the earlier Waveshare ESP32-P4-WIFI6 development […]
- Nouveau Driver To Support Larger Pages & Compression Support With Linux 6.19
While the "Nova" driver continues to be developed as a modern Rust-written, open-source and in-kernel NVIDIA graphics driver for Linux, for the time being Nouveau is what's working for end-users for those wanting a mainline open-source NVIDIA graphics driver for gaming and other workloads. With Linux 6.19 the Nouveau driver is picking up support for handling larger pages as well as compression support...
| |
|
|
- Security Researchers Spot 150,000 Function-less npm Packages in Automated 'Token Farming' Scheme
An anonymous reader shared this report from The Register:Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" — but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign. Amazon Inspector security researchers, using a new detection rule and AI assistance, originally spotted the suspicious npm packages in late October, and, by November 7, the team had flagged thousands. By November 12, they had uncovered more than 150,000 malicious packages across "multiple" developer accounts. These were all linked to a coordinated tea.xyz token farming campaign, we're told. This is a decentralized protocol designed to reward open-source developers for their contributions using the TEA token, a utility asset used within the tea ecosystem for incentives, staking, and governance. Unlike the spate of package poisoning incidents over recent months, this one didn't inject traditional malware into the open source code. Instead, the miscreants created a self-replicating attack, infecting the packages with code to automatically generate and publish, thus earning cryptocurrency rewards on the backs of legitimate open source developers. The code also included tea.yaml files that linked these packages to attacker-controlled blockchain wallet addresses. At the moment, Tea tokens have no value, points out CSO Online. "But it is suspected that the threat actors are positioning themselves to receive real cryptocurrency tokens when the Tea Protocol launches its Mainnet, where Tea tokens will have actual monetary value and can be traded..."In an interview on Friday, an executive at software supply chain management provider Sonatype, which wrote about the campaign in April 2024, told CSO that number has now grown to 153,000. "It's unfortunate that the worm isn't under control yet," said Sonatype CTO Brian Fox. And while this payload merely steals tokens, other threat actors are paying attention, he predicted. "I'm sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride that, not just to get the Tea tokens but to put some actual malware in there, because if it's replicating that fast, why wouldn't you?" When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person. With the swollen numbers reported this week, Amazon researchers wrote that it's "one of the largest package flooding incidents in open source registry history, and represents a defining moment in supply chain security...." For now, says Sonatype's Fox, the scheme wastes the time of npm administrators, who are trying to expel over 100,000 packages. But Fox and Amazon point out the scheme could inspire others to take advantage of other reward-based systems for financial gain, or to deliver malware. After deplooying a new detection rule "paired with AI", Amazon'ssecurity researchers' write, "within days, the system began flagging packages linked to the tea.xyz protocol...By November 7, the researchers flagged thousands of packages and began investigating what appeared to be a coordinated campaign. The next day, after validating the evaluation results and analyzing the patterns, they reached out to OpenSSF to share their findings and coordinate a response. Their blog post thanks the Open Source Security Foundation (OpenSSF) for rapid collaboration, while calling the incident "a defining moment in supply chain security..."
Read more of this story at Slashdot.
- Solar and Wind are Covering ALl New Power Demand in 2025
An anonymous reader shared this report from Electrek:Solar and wind are growing fast enough to meet all new electricity demand worldwide for the first three quarters of 2025, according to new data from energy think tank Ember. The group now expects fossil power to stay flat for the full year, marking the first time since the pandemic that fossil generation won't increase. Solar and wind aren't just expanding; they're outpacing global electricity demand itself. Solar generation jumped 498 TWh (+31%) compared to the same period last year, already topping all the solar power produced in 2024. Wind added another 137 TWh (+7.6%). Together, they supplied 635 TWh of new clean electricity, beating out the 603 TWh rise in global demand (+2.7%). That lifted solar and wind to 17.6% of global electricity in the first three quarters of the year, up from 15.2% year-over-year. That brought the total share of renewables in global electricity -solar, wind, hydro, bioenergy, and geothermal — to 43%. Fossil fuels slid to 57.1%, down from 58.7%. For the first time in 2025, renewables collectively generated more electricity than coal. And fossil generation as a whole has stalled. Fossil output slipped slightly by 0.1% (-17 TWh) through the end of Q3. Ember expects no fossil-fuel growth for the full year, driven by clean power growth outpacing demand.
Read more of this story at Slashdot.
- 'Holy Winamp! Opera Puts a Music Visualizer Inside Its Browser'
An anonymous reader shared this report from PC World: It won't whip the llama's ass, but Opera has added a Spotify visualizer to its latest iteration of its free Opera One browser. Known as Sonic, the visualizer will be part of Opera's Dynamic Themes, which use the WebGPU standard to employ a dynamic theme that runs in the background of the browser. It's essentially a shader, which uses your PC's graphics engine to generate the moving background. The browser also comes with a music player, which is set to Spotify by default. Users will have an opportunity to upgrade to Spotify Premium as part of the browser upgrade, Opera said. Opera's Sonic theme... takes the Spotify input and transforms it into a dynamic background. "As any old tech head knows, the original visualizer was found in Winamp, which would sync visualizations to the beat and flow of music being played," the article points out. And 27 years later, WinAmp arrived as an app in Apple's App Store and Google Play and in April of 2024. (The latest version was apparently released this May — and you can also download it to your desktop...) Somewhere along the way, Winamp also announced "Winamp for Creators," which they're describing as a dedicated platform for music artists with monetization and promotion tools, music management services, and other essential resources "to help creators take control of their careers" (including "a powerful social media publishing tool that lets users write a single post and push it to all their social media channels simultaneously.")
Read more of this story at Slashdot.
- Could C# Overtake Java in TIOBE's Programming Language Popularity Rankings?
It's been trying to measure the popularity of programming languages since 2000 using metrics like the number of engineers, courses, and third-party vendors. And "The November 2025 TIOBE Index brings another twist below Python's familiar lead," writes TechRepublic. "C solidifies its position as runner-up, C++ and Java lose some ground, and C# moves sharply upward, narrowing the gap with Java to less than a percentage point..." TIO CEO Paul Jansen said this month that "Instead of Python, programming language C# is now the fastest rising language,"How did C# achieve this? Java and C# are battling for a long time in the same areas. Right now it seems like C# has removed every reason why not to use C# instead of Java: it is cross platform nowadays, it is open source and it contains all new language features a developer wants. While the financial world is still dominated by Java, all other terrains show equal shares between Java and C#. Besides this, Microsoft is going strong and C# is still their most backed programming language. Interesting note: C# has never been higher than Java in the TIOBE index. Currently the difference between the two rivals is less than 1%. There are exciting times ahead of us. Is C# going to surpass Java for the first time in the TIOBE index history? "The fact that C# has been in the news for the successive betas and pre-release candidates prior to the release of C# 14 may have bumped up its percentage share in the last few months," notes a post on the site i-Programmer. But they also point out that by TIOBE's reckoning, Java — having been overtaken by Python in 2021 — "has been in decline ever since." TechRepublic summarizes the rest of the Top Ten:JavaScript stays in sixth place at 3.42%, and Visual Basic edges up to seventh with 3.31%. Delphi/Object Pascal nudges upward to eighth at 2.06%, while Perl returns to the top 10 in ninth at 1.84% after a sharp year-over-year climb. SQL rounds out the list at tenth with 1.80%, maintaining a foothold that shows the enduring centrality of relational databases. Go, which held eighth place in October, slips out of the top 10 entirely. Here's how TIOBE's methodology ranks programming language popularity in November:PythonCC++JavaC#JavaScriptVisual BasicDelphi/Object PascalPerlSQL
Read more of this story at Slashdot.
- Copy-and-Paste Now Exceeds File Transferring as the Top Corporate Data Exfiltration Vector
Slashdot reader spatwei writes: It is now more common for data to leave companies through copying and pasting than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025. This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-pastes from corporate accounts to non-corporate accounts occurring within genAI tools. 'Traditional governance built for email, file-sharing, and sanctioned SaaS didn't anticipate that copy/paste into a browser prompt would become the dominant leak vector,' LayerX CEO Or Eshed wrote in a blog post summarizing the report. "GenAI now accounts for 11% of enterprise application usage," notes this article from SC World, "with adoption rising faster than many data loss protection (DLP) controls can keep up. Overall, 45% of employees actively use AI tools, with 67% of these tools being accessed via personal accounts and ChatGPT making up 92% of all use..." "With the rise of AI-driven browsers such as OpenAI's Atlas and Perplexity's Comet, governance of AI tools' access to corporate data becomes even more urgent, the LayerX report notes."
Read more of this story at Slashdot.
- Google Begins Aggresively Using the Law To Stop Text Message Scams
"Google is going to court to help put an end to, or at least limit, the prevalence of phishing scams over text message," reports BGR:Google said it's bringing suit against Lighthouse, an impressively large operation that allegedly provides tools customers can buy to set up their own specialized phishing scams. All told, Google estimates that Lighthouse-affiliated scams in the U.S. have stolen anywhere between 12.7 million and 115 million credit cards. "Bad actors built Lighthouse as a phishing-as-a-service kit to generate and deploy massive SMS phishing attacks," Google notes. "These attacks exploit established brands like E-Z Pass to steal people's financial information." Google's legal action is comprehensive and is intent on completely dismantling Lighthouse's operations. The search giant is bringing claims under RICO, the Lanham Act, and the Computer Fraud and Abuse Act (CFAA). RICO, which often comes up in movies and television shows, allows authorities to treat Lighthouse's phishing operation as a broad criminal enterprise as opposed to isolated scams. By using RICO, Google also expands the list of individuals who can be found liable, whether it be the people who started Lighthouse, the people who run it, or even unaffiliated customers who used the company's services. The Lanham Act, for those unaware, targets malicious actors who misappropriate well-known company trademarks in order to confuse consumers. This Lanham Act comes into play because many phishing scams masquerade as legitimate messages from companies like Amazon and FedEx. The Computer Fraud and Abuse Act, meanwhile, is relevant because scammers typically use stolen credentials to gain unauthorized access to financial systems, something the CFAA is designed to target... The fact that Google is invoking all three of the acts above underscores how serious the company is about putting a stop to SMS-based scams. By using all three, Google's legal attack is more potent and also expands the range of available remedies to include civil damages and criminal penalties. In short, Google isn't merely trying to win a legal case; it's aiming to emphatically and permanently stop Lighthouse in its tracks. Getting even more aggressive, Google says it's also working with the U.S. Congress to pass new anti-scammer legislation, and endorsed these three new bipartisan bills:The Scam Compound Accountability and Mobilization (SCAM) Act "would develop a national strategy to counter scam compounds, enhance sanctions and support survivors of human trafficking within these compounds."The Foreign Robocall Elimination Act "would establish a taskforce focused on how to best block foreign-originated illegal robocalls before they ever reach American consumers."The Guarding Unprotected Aging Retirees from Deception (GUARD) Act "would empower state and local law enforcement by enabling them to utilize federal grant funding to investigate financial fraud and scams specifically targeting retirees. "Thanks to Slashdot reader anderzole for sharing the article.
Read more of this story at Slashdot.
- A Quantum Error Correction Breakthrough?
The dream of quantum computers has been hampered by the challenge of error correction, writes the Harvard Gazette, since qubits "are inherently susceptible to slipping out of their quantum states and losing their encoded information." But in a newly-published paper, a research team "combined various methods to create complex circuits with dozens of error correction layers" that "suppresses errors below a critical threshold — the point where adding qubits further reduces errors rather than increasing them.""For the first time, we combined all essential elements for a scalable, error-corrected quantum computation in an integrated architecture," said Mikhail Lukin, co-director of the Quantum Science and Engineering Initiative, Joshua and Beth Friedman University Professor, and senior author of the new paper. "These experiments — by several measures the most advanced that have been done on any quantum platform to date — create the scientific foundation for practical large-scale quantum computation..." "There are still a lot of technical challenges remaining to get to very large-scale computer with millions of qubits, but this is the first time we have an architecture that is conceptually scalable," said lead author Dolev Bluvstein, Ph.D. '25, who did the research during his graduate studies at Harvard and is now an assistant professor at Caltech. "It's going to take a lot of effort and technical development, but it's becoming clear that we can build fault-tolerant quantum computers...." Hartmut Neven, vice president of engineering at the Google Quantum AI team, said the new paper came amid an "incredibly exciting" race between qubit platforms. "This work represents a significant advance toward our shared goal of building a large-scale, useful quantum computer," he said... With recent advances, Lukin believes the core elements for building quantum computers are falling into place. "This big dream that many of us had for several decades, for the first time, is really in direct sight," he said. "In theory, a system of 300 quantum bits can store more information than the number of particles in the known universe..." the article points out. "The new paper represents an important advance in a three-decade pursuit of quantum error correction." Thanks to long-time Slashdot reader schwit1 for sharing the article.
Read more of this story at Slashdot.
- Fear Drives the AI 'Cold War' Between America and China
A new "cold war" between America and China is "pushing leaders to sideline concerns about the dangers of powerful AI models," reports the Wall Street Journal, "including the spread of disinformation and other harmful content, and the development of superintelligent AI systems misaligned with human values..." "Both countries are driven as much by fear as by hope of progress. "In Washington and Silicon Valley, warnings abound that China's"authoritarian AI," left unchecked, will erode American techsupremacy. Beijing is gripped by the conviction that a failure tokeeppace in AI will make it easier for the U.S. to cut short China'sresurgence as a global power. Both countries believe market sharefor their companies across the world is up for grabs — and with it,the potential to influence large swaths of the global population. The U.S. still has a clear lead, producing the most powerful AImodels. China can't match it in advancedchips and has no answer for the financial firepower of privateAmerican investors, who funded AI startups to the tune of $104billion in the first half of 2025, and are gearingup for more. But it has a massive population of capableengineers, lower costs and a state-led development model that oftenmoves faster than the U.S., all of which Beijing is working toharness to tip the contest in its direction. A new "whole ofsociety" campaign looks to accelerate the construction of computingclusters in areas like Inner Mongolia, where vast solar and windfarms provide plentiful cheap energy, and connect hundreds of datacenters to create a shared compute pool — some describe it as a"national cloud" — by 2028. China is also funneling hundreds ofbillions of dollars into its power grid to support AI training andadoption... "Our lead is probably in the 'months but not years' realm,"said Chris McGuire, who helped design U.S. export controls on AIchips while serving on the National Security Council under the Bidenadministration. Chinese AI models currently rank at or near the topin every task from coding to video generation, with the exception ofsearch, according to Chatbot Arena, a popular crowdsourced rankingplatform. China's manufacturing sector, meanwhile, is rocketingpast the U.S. in bringingAI into the physical world through robotaxis, autonomous dronesand humanoidrobots. Given China's progress, McGuire said, the U.S. is"very lucky" to have its advantage in chips... If AI surpasses human intelligence and acquires the ability toimprove itself, it could confer unshakable scientific, economic andmilitary superiority on the country that controls it. Short of that,AI's ability to automate tedious tasks and process vast amounts ofdata quickly promises to supercharge everything from cancer diagnosesto missile defense. With so much at stake, hacking and cyberespionage are likely to get worse, as AI gives hackers more powerfultools, while increasing incentives for state-backed groups to try tosteal AI-related intellectual property. As distrust grows, Washingtonand Beijing will also find it hard, if not impossible, to cooperatein areas like preventing extremist groups from using AI indestructive ways, such as building bioweapons. "The costs of theAI Cold War are already high and will go much higher," said PaulTriolo, a former U.S. government analyst and current technologypolicy lead at business consulting firm DGA-Albright StonebridgeGroup. "A U.S.-China AI arms race becomes a self-fulfillingprophecy, with neither side able to trust that the other wouldobserve any restrictions on advanced AI capability development...." The article includes an interesting observation from Helen Toner, director of strategy for Georgetown's Center for Security and Emerging Technology and a former OpenAI board member. Toner points out "We don't actually know" if boosting computing power with better chips will continue producing more-powerful AI models. So "If performance plateaus," the Journal writes, "despite all the spending by OpenAI and others — a growing concern in Silicon Valley — China has a chance to compete."
Read more of this story at Slashdot.
- EV Sales Are Still Rising. They Have Not Slumped
"Media headlines suggesting some slowdown in EV sales are simply incorrect," writes the site Electrek, "and leave out the bigger picture that gas car sales actually are dropping..."Over the course ofthe last two years or so, sales of battery electric vehicles, whilecontinuing to grow, have posted lower year-over-year percentagegrowth rates than they had in years prior. EV sales used to grow at50%+ per year, but for the last couple years, they have grown closerto ~25% per year. This alone is not particularly remarkable — itis inevitable that any growing product or category will show slowerpercentage growth rates as sales rise, particularly one that has beengrowing at such a fast rate for so long. In some recent years, wehad even seen year-over-yeardoublings in EV market share (though one of those was 2020->2021,which was anomalous). To expect improvement at that level perpetuallywould be close to impossible — after 3 years of doublingmarket share from 2023's 18% number, EVs would account for morethan 100% of the global automotive market, which cannot happen... We have seen a global EV sales growth rate of 23% in the first 10months of this year, according to a report just released by RhoMotion (recently acquired by Benchmark Mineral Intelligence). Thatincludes a +32% bump in Europe, +22% bump in China, +4% in NorthAmerica, and a big +48% bump in the "rest of the world." Notably,this 23% global growth rate is higher than last year's YTD growthrate, which was 22%at this time... In covering these trends, some journalists have attempted to usethe less-wrong phrase "slower growth," showing that EV sales arestill growing, but at a lower percentage change than previously seen. But for the first ten months of this year, that isn't true — EVsales are up more in 2025 than in 2024 by a percentage basis. Theyare also up in raw sales numbers — in 2024, EVsales grew by a larger number than in 2023. And the same is trueso far in 2025. Going back to 2023, 10.7 million EVs were soldglobally in the first 10 months. Then in 2024, 13.3 million weresold, a difference of 2.6 million. And so far in 2025, 16.5 millionEVs have sold, a difference of 3.2 million. Not only are the numbersgetting bigger, but the growth in unit sales is getting bigger aswell. Even in America, theEV market "has increased so far this year, with 11.7%US EV sales growth YTD."In terms of US hybrid sales, much has been made of customers"shifting from EVs to hybrids," which is also not the case.Conventional gas-hybrid sales areindeed up and plug-in hybrids, which have grown more slowlythan gas-hybrids/BEVs, have also shown some growth lately. Butgas-hybrid sales have not come at the cost of EV sales, rather at thecost of gas-only car sales. Because that'sjust the thing: the number of gas-only vehiclesbeing sold worldwide is a number that actually is falling.That number continues to go down year over year. Sales of newgas-powered cars are down by abouta quarter from their peak in 2017, and show no signs ofrecovering... And yet, somehow, virtually every headline you read isabout the "EV sales slump," rather than the "gas-car salesslump." The one you keep hearing about isn't happening,but the one you rarely hear about is happening... No matterwhat region of the world you're in, EV sales were up in the first10 months of this year.
Read more of this story at Slashdot.
- While Meta Crawls the Web for AI Training Data, Bruce Ediger Pranks Them with Endless Bad Data
From the personal blog of interface expert Bruce Ediger:Early in March 2025, I noticed that a web crawler with a useragent string of meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) was hitting my blog's machine at an unreasonable rate. I followed the URL and discovered this is what Meta uses to gather premium,human-generated content to train its LLMs. I found the rate ofrequests to be annoying. I already have a PHP program that creates the illusion of an infinite website. I decided to answer any HTTP request that had"meta-externalagent" in its user agent string with the contentsof a bork.php generated file... This workedbrilliantly. Meta ramped up to requesting 270,000 URLs on May 30 and31, 2025...After about 3 months, I got scared that Meta's insatiableconsumption of Super Great Pages about condiments, underwear andcirca 2010 C-List celebs would start costing me money. So I switchedto giving "meta-externalagent" a 404 status code. I decided tosee how long it would take one of the highest valued companies in theworld to decide to go away.The answer is 5 months.
Read more of this story at Slashdot.
|
- Apple’s new 15% mini-app deal finally gets Tencent to cut Cupertino in
When is an app not an app? When it’s a mini app inside another app
Apple has cut its take to 15 percent on purchases inside mini apps running within other iOS apps, and reached a parallel agreement with Tencent that brings WeChat's vast mini-program ecosystem into its revenue net.…
- Researchers find hole in AI guardrails by using strings like =coffee
Who guards the guardrails? Often the same shoddy security as the rest of the AI stack
Large language models frequently ship with "guardrails" designed to catch malicious input and harmful output. But if you use the right word or phrase in your prompt, you can defeat these restrictions.…
- Crims poison 150K+ npm packages with token-farming malware
Amazon spilled the TEA
Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.…
- Now you can share your AI delusions with Group ChatGPT
Just when you thought virtual collaboration couldn’t get worse, OpenAI stuffs a bot into your group conversations
Feel like your team's group chat is a bit lifeless? Remote coworkers not really collaborating as well as they should be? There's a new way to stir the pot now that OpenAI has piloted ChatGPT group chats: cram a chatbot into the conversation and let it chime in whenever it thinks it should.…
- AMD grabs more x86 share as Intel stumbles in entry-level chips
Mercury Research blames stockpiling and low-end shortages for unusually flat CPU market
AMD continues to claw market share away from Intel in CPU shipments, growing faster than its rival in most segments. Meanwhile business in the x86 processor arena is unusually flat overall, likely due to stockpiling over tariff fears.…
- Project Kuiper becomes Amazon Leo as satellite network trickles into orbit
Starlink challenger drops the codename, but full-blown service still years out
Amazon has rebranded its satellite broadband plan from Project Kuiper to Amazon Leo. And no, Leo doesn't stand for "Late Entrants Only," even though the project is years behind Starlink and still not ready for anyone to use.…
| |
|
|
|
