|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- [$] LWN.net Weekly Edition for November 20, 2025
Inside this week's LWN.net Weekly Edition:
Front: Hardware architectures; Fedora Flatpaks; Debian hardware support; sockaddr structure; NUMA nodes; Homebrew. Briefs: LightDM security; Debian Libre Live; Xubuntu postmortem; Blender 5.0; Git 2.52.0; Rust in Android; Thunderbird 145; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- Postmortem of the Xubuntu.org download site compromise
In mid-October, the Xubuntudownload site was compromised and had directed users to a maliciouszip file instead of the Torrent file that users expected. ElizabethK. Joseph has publisheda postmortem of the incident, along with plans to avoid such a breachin the future:
To be perfectly clear: this only impacted our website, and the torrentlinks provided there.
If you downloaded or opened a file named "Xubuntu-Safe-Download.zip"from the Xubuntu downloads page during this period, you should assumeit was malicious. We strongly recommend scanning your computer with atrusted antivirus or anti-malware solution and deleting the fileimmediately.
Nothing on cdimages.ubuntu.com or any of the other official Ubunturepositories was impacted, and our mirrors remained safe as long asthey were also mirroring from official resources.
None of the build systems, packages, or other components of Xubuntuitself were impacted.
- GStreamer Conference 2025 video recordings now available
Recordings from the GStreamerConference 2025, held in London in late October, are nowavailable on the GStreamer Conferences Archive site. Includes theGStreamerState of the Union talk by Tim-Philipp Müller, Stateof MPEG 2 Transport Stream (MPEG-TS) by Edward Hervey, and manyothers.
- Security updates for Wednesday
Security updates have been issued by Debian (pdfminer), Fedora (chromium and firefox), Mageia (bubblewrap, flatpak, cups-filters, and thunderbird), Oracle (container-tools:rhel8, kernel, and squid), Red Hat (kernel), Slackware (libarchive), SUSE (gimp, itextpdf, kernel, thunderbird, and unbound), and Ubuntu (lasso).
- Blender 5.0 released
Version5.0 of the Blender animation system has been released. Notableimprovements include improved color management, HDR capabilities, anda new storyboarding template. See the releasenotes for a lengthy list of new features and changes, and the bugfixespage for the 588 commits that fixed bugs in Blender 4.5 or older.
- [$] The current state of Linux architecture support
There have been several recent announcements about Linux distributions changingthe list of architectures they support, or adjusting how they build binaries forsome versions of those architectures.Ubuntu introduced architecture variants, Fedoraconsidered dropping support for i686 butreversed course after some pushback, and Debian developershave discussed raising its architecture baseline for the upcomingDebian 14("forky").Linux supports a large number of architectures, and it's not alwaysclear where or by whom they are used. With increasing concerns about diminishing support for legacyarchitectures, it's a good time to look at the overall state of architecturesupport on Linux.
- [$] Pouring packages with Homebrew
The Homebrew project is anopen-source package-management system that comes with a repository ofuseful packages for Linux and macOS. Even though Linux distributionshave their own package management and repositories, Homebrew is oftenused to obtain software that is not available in a distribution's repositoryor to install more current versions of projects than are availablefrom long-term-support (LTS) distributions. Homebrew 5.0.0,released on November 12, 2025, expanded Linux support to include64-bit Arm packages in addition to x86_64, and turned on concurrentdownloads by default to speed up package downloads.
- Security updates for Tuesday
Security updates have been issued by Debian (libwebsockets), Fedora (chromium and fvwm3), Mageia (apache, firefox, and postgresql13, postgresql15), Oracle (idm:DL1), Red Hat (bind, bind9.18, firefox, and openssl), SUSE (alloy, ghostscript, and openssl-1_0_0), and Ubuntu (ffmpeg and freeglut).
- Git 2.52.0 released
Version 2.52.0 of the Gitsource-code management system has been released. Changes include a newlast-modified command to find the closest ancestor commit thattouched one or more paths, a couple of git refs improvements, anew git repo command for obtaining information about therepository itself, and more. See the announcement and thisGitHub blog entry for more information.
- [$] Hot-page migration and specific-purpose NUMA nodes
For better or for worse, the NUMA node is the abstraction used by thekernel to keep track of different types of memory. How that abstraction isused, though, is still an active area of development. Two patch setsfocused on this problem are currently under review; one addresses theperennial problem of promoting heavily used folios from slower to fastermemory, while the other aims to improve the kernel's handling of nodescontaining special memory installed for a specific purpose.
- Josefsson: Introducing the Debian Libre Live Images
Debian developer Simon Josefsson has announcedthe DebianLibre Live Images project, to allow installing Debian without anynon-free software:
Since the 2022 decision on non-free firmware, the official imagesfor bookworm and trixie contains non-free software.
The Debian Libre Live Images project provides Live ISO images forIntel/AMD-compatible 64-bit x86 CPUs (amd64) built without anynon-free software, suitable for running and installing Debian. Theimages are similar to the Debian Live Images...
He does warn that this is a first public release, so there may beproblems. See the currentlist of known issues before trying the images out.
- Security updates for Monday
Security updates have been issued by Debian (gst-plugins-base1.0, lasso, and thunderbird), Fedora (bind9-next, chromium, containerd, fvwm3, luksmeta, opentofu, python-pdfminer, python-uv-build, ruff, rust-get-size-derive2, rust-get-size2, rust-regex, rust-regex-automata, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, suricata, uv, and xmedcon), Mageia (apache-commons-beanutils, apache-commons-fileupload, apache-commons-lang, botan2, python-django, spdlog, stardict, webkit2, and yelp-xsl), Slackware (xpdf), and SUSE (bind, chromedriver, firefox, kernel, libxml2, and openssh).
- Kernel prepatch 6.18-rc6
Linus has released 6.18-rc6 for testing."So we have a slightly larger rc6 than usual, but I think it's just therandom noise and a result of pull request timings rather than due to anyissues with the release. But I guess we have a couple of weeks remaining tofind out."
- [$] A struct sockaddr sequel
One of the many objectives of the LinuxKernel Self-Protection Project (KSPP), which just completed ten years ofwork, is to ensure that all array references can be bounds-checked,even in the case of flexible array members, the size of which is not knownat compile time. One of the most challenging flexible array members in thekernel is not even declared as such. Almost exactly one year ago, LWN looked at the effort to increase safety aroundthe networking subsystem's heavily used sockaddr structure. Oneyear later, Kees Cook is still looking for a way to bring this work to aclose.
- Firefox 145: A Major Release with 32-Bit Linux Support Dropped
bMozilla has rolled out Firefox 145, a significant update that brings a range of usability, security and privacy enhancements, while marking a clear turning point by discontinuing official support for 32-bit Linux systems. For users on older hardware or legacy distros, this change means it’s time to consider moving to a 64-bit environment or opting for a supported version. Here’s a detailed look at what’s new, what’s changed, and what you need to know.
- AMD Threadripper 7980X Performance On Linux Two Years After Release
This week marks two years since the debut of the Ryzen Threadripper 7000 series processors. Given the occasion, I decided to revisit the Linux performance of the Threadripper 7980X compared to original benchmarks from November 2023 to see how the latest Linux software stack performs for these Zen 4 HEDT processors.
- Linux Career Opportunities in 2025: Skills in High Demand
The Linux job market has reached unprecedented heights in 2025, with demand for professionals who possess Linux expertise continuing to surge across multiple technology sectors. Organizations worldwide are prioritizing candidates who can leverage Linux systems in cloud-native environments, AI operations, and DevOps workflows.
- Vulkan SER Showing Up To ~47% Performance Improvement For Ray-Tracing
Last week's Vulkan 1.4.333 brought a new ray-tracing extension with VK_EXT_ray_tracing_invocation_reorder that was derived from a prior NVIDIA vendor extension (VK_NV_ray_tracing_invocation_reorder). This new extension for Shader Execution Reordering "SER" is showing to deliver some nice performance potential for Vulkan ray-tracing performance...
- Cloudflare broke itself and a big chunk of the Internet with a bad database query
Thought it was the victim of a ‘hyper-scale DDoS attack’ before finding the fixCloudflare CEO Matthew Prince has admitted that the cause of its massive Tuesday outage was a change to database permissions, and that the company initially thought the symptoms of that adjustment indicated it was the target of a “hyper-scale DDoS attack,” before figuring out the real problem.…
- AMD ROCm 7.1 vs. RADV Vulkan For Llama.cpp With The Radeon AI PRO R9700
In the past we have seen Llama.cpp with Vulkan outperforming AMD's ROCm compute stack in some of the large language model (LLM) AI benchmarks. Curious if anything has changed given the recent ROCm 7.1 release, I ran some benchmarks of an up-to-date Llama.cpp using the AMD ROCm back-end compared to the Vulkan back-end with the latest RADV driver. For this round of testing the Radeon AI PRO R9700 graphics card was used.
- Proctorio Settles Curious Lawsuit With Librarian Who Shared Public YouTube Videos
Canadian librarian Ian Linkletter has ended a five-year legal battle with ed-tech firm Proctorio after being sued for sharing public YouTube help videos that exposed how the company's remote-proctoring AI works. Ars Technica reports: ... Together, the videos, the help center screenshot, and another screenshot showing course material describing how Proctorio works were enough for Proctorio to take Linkletter to court. The ed tech company promptly filed a lawsuit and obtained a temporary injunction by spuriously claiming that Linkletter shared private YouTube videos containing confidential information. Because the YouTube videos -- which were public but "unlisted" when Linkletter shared them -- had been removed, Linkletter did not have to delete the seven tweets that initially caught Proctorio's attention, but the injunction required that he remove two tweets, including the screenshots. In the five years since, the legal fight dragged on, with no end in sight until last week, as Canadian courts tangled with copyright allegations that tested a recently passed law intended to shield Canadian rights to free expression, the Protection of Public Participation Act. To fund his defense, Linkletter said in a blog announcing the settlement that he invested his life savings "ten times over." Additionally, about 900 GoFundMe supporters and thousands of members of the Association of Administrative and Professional Staff at UBC contributed tens of thousands more. For the last year of the battle, a law firm, Norton Rose Fulbright, agreed to represent him on a pro bono basis, which Linkletter said âoewas a huge relief to me, as it meant I could defend myself all the way if Proctorio chose to proceed with the litigation." The terms of the settlement remain confidential, but both Linkletter and Proctorio confirmed that no money was exchanged. For Proctorio, the settlement made permanent the injunction that restricted Linkletter from posting the company's help center or instructional materials. But it doesn't stop Linkletter from remaining the company's biggest critic, as "there are no other restrictions on my freedom of expression," Linkletter's blog noted. "I've won my life back!" Linkletter wrote, while reassuring his supporters that he's "fine" with how things ended. "It doesn't take much imagination to understand why Proctorio is a nightmare for students," Linkletter wrote. "I can say everything that matters about Proctorio using public information."
Read more of this story at Slashdot.
- Quantum Teleportation Between Photons From Two Distant Light Sources Achieved
Researchers in Germany achieved a major milestone for the future quantum internet by successfully teleporting quantum information between photons generated by two different, physically separated quantum dots -- something never accomplished before due to the difficulty of producing indistinguishable photons from remote sources. Phys.org reports: At the University of Stuttgart, the team succeeded in teleporting the polarization state of a photon originating from one quantum dot to another photon from a second quantum dot. One quantum dot generates a single photon, the other an entangled photon pair. Entangled means that the two particles constitute a single quantum entity, even when they are physically separated. One of the two particles travels to the second quantum dot and interferes with its light particle. The two overlap. Because of this superposition, the information of the single photon is transferred to the distant partner of the pair. Instrumental for the success of the experiment were quantum frequency converters, which compensate for residual frequency differences between the photons. These converters were developed by a team led by Prof. Christoph Becher, an expert in quantum optics at Saarland University. [...] In the Stuttgart experiment, the quantum dots were separated only by an optical fiber of about 10 m length. "But we are working on achieving considerably greater distances," says Strobel. In earlier work, the team had shown that the entanglement of the quantum dot photons remains intact even after a 36-kilometer transmission through the city center of Stuttgart. Another aim is to increase the current success rate of teleportation, which currently stands at just over 70%. Fluctuations in the quantum dot still lead to slight differences in the photons. The findings have been published in the journal Nature Communications.
Read more of this story at Slashdot.
- In the AI Race, Chinese Talent Still Drives American Research
An anonymous reader quotes a report from the New York Times: When Mark Zuckerberg, Meta's chief executive, unveiled the company's Superintelligence Lab in June, he named 11 artificial intelligence researchers who were joining his ambitious effort to build a machine more powerful than the human brain. All 11 were immigrants educated in other countries. Seven were born in China, according to a memo viewed by The New York Times. Although many American executives, government officials and pundits have spent months painting China as the enemy of America's rapid push into A.I., much of the groundbreaking research emerging from the United States is driven by Chinese talent. Two new studies show that researchers born and educated in China have for years played major roles inside leading U.S. artificial intelligence labs. They also continue to drive important A.I. research in industry and academia, despite the Trump administration's crackdown on immigration and growing anti-China sentiment in Silicon Valley. The research, from two organizations, provides a detailed look at how much the American tech industry continues to rely on engineers from China, particularly in A.I. The findings also offer a more nuanced understanding of how researchers in the two countries continue to collaborate, despite increasingly heated language from Washington and Beijing.
Read more of this story at Slashdot.
- China's Diesel Trucks Are Shifting To Electric
Longtime Slashdot reader ukoda shares a report from the Associated Press: China is replacing its diesel trucks with electric models faster than expected, potentially reshaping global fuel demand and the future of heavy transport. In 2020, nearly all new trucks in China ran on diesel. By the first half of 2025, battery-powered trucks accounted for 22% of new heavy truck sales, up from 9.2% in the same period in 2024, according to Commercial Vehicle World, a Beijing-based trucking data provider. The British research firm BMI forecasts electric trucks will reach nearly 46% of new sales this year and 60% next year. China's trucking fleet, the world's second-largest after the U.S., still mainly runs on diesel, but the landscape is shifting. Transport fuel demand is plateauing, according to the International Energy Agency and diesel use in China could decline faster than many expect, said Christopher Doleman, an analyst at the Institute for Energy Economics and Financial Analysis. Electric trucks now outsell LNG models in China, so its demand for fossil fuels could fall, and "in other countries, it might never take off," he said. [...] The share of electrics in new truck sales, from 8% in 2024 to 28% by August 2025, has more than tripled as prices have fallen. Electric trucks outsold LNG-powered vehicles in China for five consecutive months this year, according to Commercial Vehicle World. While electric trucks are two to three times more expensive than diesel ones and cost roughly 18% more than LNG trucks, their higher energy efficiency and lower costs can save owners an estimated 10% to 26% over the vehicle's lifetime, according to research by Chinese scientists. "When it comes to heavy trucks, the fleet owners in China are very bottom-line driven," Doleman said.
Read more of this story at Slashdot.
- Tokyo Court Finds Cloudflare Liable For Manga Piracy in Long-Running Lawsuit
A Tokyo court ruled that Cloudflare is liable for aiding manga piracy after failing to act on infringement notices and continuing to cache and serve content for major piracy sites, awarding about $3.2 million in damages. TorrentFreak says the decision sets a significant precedent in Japan, suggesting CDN providers can face direct liability when they don't verify customers or respond adequately to large-scale copyright abuse. From the report: After a wait of more than three and a half years, the Tokyo District Court rendered its decision this morning. In a statement provided to TorrentFreak by the publishers, they declare "Victory Against Cloudflare" after the Court determined that Cloudflare is indeed liable for the pirate sites' activities. In a statement provided to TorrentFreak, the publishers explain that they alerted Cloudflare to the massive scale of the infringement, involving over 4,000 works and 300 million monthly visits, but their requests to stop distribution were ignored. "We requested that the company take measures such as stopping the distribution of pirated content from servers under its management. However, Cloudflare continued to provide services to the manga piracy sites even after receiving notices from the plaintiffs," the group says. The publishers add that Cloudflare continued to provide services even after receiving information disclosure orders from U.S. courts, leaving them with "no choice but to file this lawsuit." "The judgment recognized that Cloudflare's failure to take timely and appropriate action despite receiving infringement notices from the plaintiffs, and its negligent continuation of pirated content distribution, constituted aiding and abetting copyright infringement, and that Cloudflare bears liability for damages to the plaintiffs," they write. "The judgment, in that regard, attached importance to the fact that Cloudflare, without conducting any identity verification procedures, had enabled a massive manga piracy site to operate "under circumstances where strong anonymity was secured,' as a basis for recognizing the company's liability." The publishers believe that the judgment clarifies the conditions under which a company such as Cloudflare incurs liability for copyright infringement. Failure to carry out identity verification appears at the top of the publishers' list, followed by a lack of timely and appropriate action in response to infringement notices sent by rightsholders. "We believe this is an important decision given the current situation where piracy site operators often hide their identities and repeatedly conduct large-scale distribution using CDN services from overseas. We hope that this judgment will be a step toward ensuring proper use of CDN services. We will continue our efforts to protect the rights of works, creators, and related parties, while aiming for further expansion of legitimate content," the publishers conclude. Cloudflare plans to appeal the verdict.
Read more of this story at Slashdot.
- Adobe Bolsters AI Marketing Tools With $1.9 Billion Semrush Buy
Adobe is buying Semrush for $1.9 billion in a move to supercharge its AI-driven marketing stack. Reuters reports: Semrush designs and develops AI software that helps companies with search engine optimization, social media and digital advertising. The acquisition, expected to close in the first half of next year, would allow Adobe to help marketers better understand how their brands are viewed by online consumers through searches on websites and generative AI bots such as ChatGPT and Gemini. "The price is steep as Semrush isn't a massive revenue engine on its own, so Adobe is likely paying for strategic value. The payoff could be high too if Adobe can quickly turn Semrush's data into monetizable AI products," said Emarketer analyst Grace Harmon. "While we are positive on Adobe restarting its M&A engine given the success that it has seen with this motion over the years... this deal likely does little to answer the questions revolving around the company's creative cloud business," added William Blair analysts.
Read more of this story at Slashdot.
- Apple N1 Wi-Fi Chip Improves On Older Broadcom Chips In Every Way
An anonymous reader quotes a report from Ars Technica: This year's newest iPhones included one momentous change that marked a new phase in the evolution of Apple Silicon: the Apple N1, Apple's first in-house chip made to handle local wireless connections. The N1 supports Wi-Fi 7, Bluetooth 6, and the Thread smart home communication protocol, and it replaces the third-party wireless chips (mostly made by Broadcom) that Apple used in older iPhones. Apple claimed that the N1 would enable more reliable connectivity for local communication features like AirPlay and AirDrop but didn't say anything about how users could expect it to perform. But Ookla, the folks behind the SpeedTest app and website, have analyzed about five weeks' worth of users' testing data to get an idea of how the iPhone 17 lineup stacks up to the iPhone 16, as well as Android phones with Wi-Fi chips from Qualcomm, MediaTek, and others. While the N1 isn't at the top of the charts, Ookla says Apple's Wi-Fi chip "delivered higher download and upload speeds on Wi-Fi compared to the iPhone 16 across every studied percentile and virtually every region." The median download speed for the iPhone 17 series was 329.56Mbps, compared to 236.46Mbps for the iPhone 16; the upload speed also jumped from 73.68Mbps to 103.26Mbps. Ookla noted that the N1's best performance seemed to improve scores most of all in the bottom 10th percentile of performance tests, "implying Apple's custom silicon lifts the floor more than the ceiling." The iPhone 17 also didn't top Ookla's global performance charts -- Ookla found that the Pixel 10 Pro series slightly edges out the iPhone 17 in download speed, while a Xiaomi 15T Pro with MediaTek Wi-Fi silicon featured better upload speeds.
Read more of this story at Slashdot.
- Saudi Makes Big Bet On AI Films As Hollywood Moves From Studios To Datacenters
pbahra writes: Saudi Arabia is betting that the future of Hollywood won't be built in physical stages but in datacenters. In a push to anchor itself in next-generation film production, Riyadh-based Humain has led Luma AI's latest Series C round, backing the shift towards cloud-based, AI-generated video rather than traditional studio infrastructure.. Humain's announcement says the new investment will accelerate Luma's development of world models capable of learning from video, audio and language to generate photorealistic scenes, environments and characters on demand. Supporters argue this could upend film-making by pushing much of Hollywood's production pipeline into high-performance datacenters rather than physical sets.
Read more of this story at Slashdot.
- Nvidia Beats Earnings Expectations, Even As Bubble Concerns Mount
Nvidia blew past earnings expectations with soaring revenue and profit, easing fears of an AI bubble and reinforcing its position as the engine of the global AI boom. From a report: Nvidia's sales grew 62% year-over-year to $57 billion in the October quarter, ahead of the $54.9 billion Wall Street had projected, signaling that demand for AI chips remains strong even as more questions emerge about whether returns from the technology will keep up with the pace of AI infrastructure investments. It posted profits of $31.9 billion, up 65% from the year-ago quarter and also slightly above expectations. "Blackwell sales are off the charts, and cloud GPUs are sold out," Nvidia CEO Jensen Huang said in a statement, a message that echoes his earlier arguments that fears of an AI bubble are overblown. The company also posted stronger-than-expected sales guidance of around $65 billion for the fourth quarter, another indicator that the AI spending spree isn't slowing anytime soon.
Read more of this story at Slashdot.
- Dutch Hand Back Control of Chinese-Owned Chipmaker Nexperia
An anonymous reader quotes a report from Bloomberg: The Dutch government suspended its powers over chipmaker Nexperia, restoring control to its Chinese owner (paywalled; alternative source) and defusing a standoff with Beijing that had begun to hamper automotive production around the world. The order that gave the Netherlands powers to block or revise decisions at Nexperia was dropped as "a show of goodwill," Economic Affairs Minister Vincent Karremans said Wednesday in a post on social media site X. Bloomberg had reported earlier this month that the Netherlands was prepared to take the step if chip deliveries from the company's site in China could be confirmed.The move marks a significant de-escalation of a dispute that underscored the global nature of supply chains and highlighted Beijing's growing leverage. Even though Nexperia's chips aren't advanced and the company only operates one facility in China, the spat disrupted automakers from Honda Motor Co. to Volkswagen AG. The reversal by the Dutch government was set in motion after a breakthrough in talks earlier that involved Chinese and Dutch officials, with input from Germany, the European Union as well as the US. To help resolve the stalemate, Beijing agreed to loosen export restrictions from Nexperia's Chinese plant, the largest of its kind in the world. The Dutch economic affairs ministry sent a delegation to Beijing this week to negotiate a "mutually agreeable solution," according to a ministry statement.
Read more of this story at Slashdot.
- Can Chinese-Made Buses Be Hacked? Norway Drove One Down a Mine To Find Out
An anonymous reader shares a report: This summer, Oslo's public-transport authority drove a Chinese electric bus deep into a decommissioned mine inside a nearby mountain to answer a question: Could it be hacked? Isolated by rock from digital interference, cybersecurity experts came back with a qualified yes: The bus could in theory be remotely disabled using the control system for the battery. The revelation, presented at a recent public-transport conference, has spurred officials in Denmark and the U.K. to start their own investigations into Chinese vehicles. It has also fed into broader security concerns across Europe about the growing prevalence of Chinese-made equipment in the region's energy and telecommunications infrastructure. The worry is the same for autos, solar panels and other connected devices: that mechanisms used for wirelessly delivering system updates could also be exploited by a hostile government or third-party hacker to compromise critical networks. [...] The Oslo transport authority, Ruter, said the bus's mobile-network connection via a Romanian SIM card gave manufacturer Yutong access to the control system for battery and power supply. Ruter said it is addressing the vulnerability by developing firewalls and delaying the signals sent to the vehicles, among other solutions.
Read more of this story at Slashdot.
- New Antibiotic Could Be a Breakthrough in Treatment for Killer TB, Trial Suggests
A new treatment for tuberculosis could boost cure rates and shorten the time needed to treat the disease by months, trial results suggest. The Guardian: Globally, an estimated 10.7 million people fell ill with TB last year and 1.23 million died from it. In its annual report on tuberculosis, launched last week, the World Health Organization said it remained a "major global public-health problem" and the leading infectious cause of death. [...] Sorfequiline, a new antibiotic, showed stronger action against the deadly bacteria than existing treatments, with a comparable safety profile, researchers from the TB Alliance told the Union Conference on Lung Health in Copenhagen on Wednesday. The trial involved 309 people across 22 sites in South Africa, the Philippines, Georgia, Tanzania and Uganda, with different dose regimens. All participants had "drug-sensitive" tuberculosis, meaning a standard cocktail of drugs can safely treat them but researchers believe TB infections that are resistant to standard treatment could also be helped. The trial suggested a sorfequiline-based regimen could be used for anyone testing positive, said Dr Maria Beumont, vice-president of TB Alliance.
Read more of this story at Slashdot.
- Ultra-Processed Food is Global Health Threat, Researchers Warn
Action is needed now to reduce ultra-processed food (UPF) in diets worldwide because of their threat to health, say international experts in a global review of research. From a report: They say the way we eat is changing - with a move away from fresh, whole foods to cheap, highly-processed meals - which is increasing our risk of a range of chronic diseases, including obesity and depression. Writing in The Lancet, the researchers say governments need "to step up" and introduce warnings and higher taxes on UPF products, to help fund access to more nutritious foods. [...] This review of evidence on the impact of UPFs on health, carried out by 43 global experts and based on 104 long-term studies, suggests these foods are linked to a greater risk of 12 health conditions. These include type 2 diabetes, cardiovascular disease, kidney disease, depression and dying prematurely from any cause.
Read more of this story at Slashdot.
- Europe's Cookie Nightmare is Crumbling
The EU's cookie consent policies have been an annoying and unavoidable part of browsing the web in Europe since their introduction in 2018. But the cookie nightmare is about to crumble thanks to some big proposed changes announced by the European Commission today. From a report: Instead of having to click accept or reject on a cookie pop-up for every website you visit in Europe, the EU is preparing to enforce rules that will allow users to set their preferences for cookies at the browser level. "People can set their privacy preferences centrally -- for example via the browser -- and websites must respect them," says the EU. "This will drastically simplify users' online experience." This key change is part of a new Digital Package of proposals to simplify the EU's digital rules, and will initially see cookie prompts change to be a simplified yes or no single-click prompt ahead of the "technological solutions" eventually coming to browsers. Websites will be required to respect cookie choices for at least six months, and the EU also wants website owners to not use cookie banners for "harmless uses" like counting website visits, to lessen the amount of pop-ups.
Read more of this story at Slashdot.
- Linus Torvalds Says Vibe Coding is Fine For Getting Started, 'Horrible Idea' For Maintenance
Linus Torvalds is "fairly positive" about vibe coding as a way for people to get computers to do things they otherwise could not. The Linux kernel maintainer made the comments during an interview at the Linux Foundation Open Source Summit in Seoul earlier this month. But he cautioned that vibe coding would be a "horrible, horrible idea from a maintenance standpoint" for production code. Torvalds told Dirk Hohndel, head of open source at Verizon, that computers have become more complicated than when he learned to code by typing in programs from computer magazines. He said vibe coding offers a path into computing for newcomers. The kernel maintainer is not using AI-assisted coding himself. He said his role has shifted from rejecting new ideas to sometimes pushing for them against opposition from longstanding maintainers who "kind of get stuck in a rut." Rust is "actually becoming a real part of the kernel instead of being this experimental thing," he said. Torvalds said AI crawlers have been "very disruptive to a lot of our infrastructure" because they gather data from kernel.org source code. Kernel maintainers receive bugs and security notices that are "made up by people who misuse AI," though the problem is smaller than for other projects such as curl.
Read more of this story at Slashdot.
- Manchester hits snooze again on joining Palantir-run NHS data platform
Care board still waiting for evidence that it will be in the best interests of the population
Greater Manchester Integrated Care Board (ICB) has again put off its adoption of an NHS data platform prescribed by the UK government and run by Palantir until there is more evidence that it will be in the "best interests" of the city's population.…
- Palo Alto CEO tips nation-states to weaponize quantum computing by 2029
Company thinks you’ll contemplate replacing most security kit in the next few years to stay safe
Palo Alto Networks CEO Nikesh Arora has suggested hostile nation-states will possess quantum computers in 2029, or even a little earlier, at which point most security appliances will need to be replaced.…
- US, UK, Australia sanction Lockbit gang’s hosting provider
‘Bulletproof’ hosts partly dodged the last attack of this sort
Cybercrime fighters in the US, UK, and Australia have imposed sanctions on several Russia-linked entities they claim provide hosting services to ransomware gangs Lockbit, BlackSuit, and Play.…
- Fortinet 'fesses up to second 0-day within a week
Attackers may be joining the dots to enable unauthenticated RCE
Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that attackers had found and abused a month earlier.…
- DARPA making low-hanging satellites that use air to move
Skim the atmosphere and air-breathing VLEO sats can theoretically maintain orbit
DARPA is on the verge of reaching a new low - an orbital one - as the Defense Department's research arm moves its Very Low Earth Orbit (VLEO) Otter satellite program into the production phase. …
- Canada ups its European Space Agency bet 10x with $376M
Massive jump in spending shows the Great White North isn’t betting everything on NASA
Canada will boost its investment in European Space Agency (ESA) programs by CA$528.5 million ($376 million USD), a tenfold increase, according to the Canadian Space Agency.…
- San Jose's 'warrantless' license plate queries land cops in court
Digital rights groups argue cameras used to unconstitutionally surveil locals
The Electronic Frontier Foundation (EFF) and American Civil Liberties Union of Northern California (ACLU-NC) are suing the City of San Jose and its police department over alleged abuses of automatic license plate recognition (ALPR) technology.…
- Mastodon CEO steps down with €1M payout and a deep sigh
Burnout and slowing growth push Eugen Rochko into an advisory role after nearly a decade in charge
Eugen Rochko, CEO and founder of decentralized social network Mastodon, is stepping down after nearly a decade at the helm and walking away with a sizable exit payment.…
- Commodity memory prices set to double as fabs pivot to AI market
Analysts warn LPDDR4 supply is tightening fast with shift to higher-end components
Updated Memory prices could soon be double what they were earlier this year as chipmakers switch to advanced products to target the AI market, leaving a shortfall of more mature chips such as those meeting the LPDDR4 standard.…
- Whatever your job, mentoring is your job – and the one that matters most
Nobody succeeds alone, and no community thrives without generosity
Opinion When I started coding for a living 43 years ago, I didn't know shit from Shinola. I'd written a lot of BASIC, some Z80 assembler, and knew my way around floppy drives and a disk operating system. I knew nothing at all about how to operate as a junior engineer in a professional environment.…
- Cloudflare broke itself – and a big chunk of the Internet – with a bad database query
Thought it was the victim of a ‘hyper-scale DDoS attack’ before finding the fix
Cloudflare CEO Matthew Prince has admitted that the cause of its massive Tuesday outage was a change to database permissions, and that the company initially thought the symptoms of that adjustment indicated it was the target of a “hyper-scale DDoS attack,” before figuring out the real problem.…
- Networking startup Meter takes a page from the Steve Jobs playbook
Vertical integration meets subscriptions
"We love moving packets," declared Anil Varanasi, CEO and co-founder of Meter, on a stage overlooking San Francisco Bay at the networking startup's annual networking event. He continued, "This crowd probably knows this intimately, but everything in the world is packets. Regardless of what type of work you do, it is just packets all the way down."…
- Anthropic is at the heart of the latest billion-dollar circular AI investment bonanza
What do you get when you combine Anthropic, Microsoft, and Nvidia? A bubble that blows itself
It wouldn't be a week of tech news without more circular exchanges of billions of dollars between AI firms. This time around, it's a $45 billion back-scratching session involving Microsoft, Anthropic, and Nvidia, announced during Redmond's Ignite conference.…
- Self-replicating botnet attacks Ray clusters
Using AI to attack AI
updated Malefactors are actively attacking internet-facing Ray clusters and abusing the open source AI framework to spread a self-replicating botnet that mines for cryptocurrency, steals data, and launches distributed denial of service (DDoS) attacks.…
- FCC looks to torch Biden-era cyber rules sparked by Salt Typhoon mess
Regulator sides with telcos that claimed new cybersecurity duties were too ‘burdensome’
The Federal Communications Commission (FCC) will vote this week on whether to scrap Biden-era cybersecurity rules, enacted after the Salt Typhoon attacks came to light in 2024, that required telecom carriers to adopt basic security controls.…
- China readies a lifeboat for stranded Shenzhou crew
Stuck on the Tiangong station with a cracked capsule for company
China is preparing for an early launch of the Shenzhou-22 spacecraft to rescue the crew of Shenzou-21, who were left stranded aboard the Tiangong space station after their emergency rescue of the Shenzou-20 crew earlier this month.…
- Take fight to the enemy, US cyber boss says
When? Sean Cairncross wouldn't say
America is fed up with being the prime target for foreign hackers. So US National Cyber Director Sean Cairncross says Uncle Sam is going on the offensive – he just isn't saying when.…
- Datacenter fossil fuel habit 'not sustainable' as AI workloads soar
Rising AI power demand is straining grids and pushing operators toward hydrogen, batteries, geothermal, and nuclear
Gartner warns that fossil fuel dominance in on-site power generation is not sustainable, given the rapid rise in datacenter energy consumption due to AI servers.…
- Brussels eyes AWS, Azure for gatekeeper tag in cloud clampdown
European Commission probes whether Amazon and Microsoft wield outsized control under Digital Markets Act
The European Commission has launched investigations into Amazon and Microsoft's cloud services, and plans to review if legislation introduced in 2022 is being applied effectively to the cloud market.…
- Linus Torvalds is OK with vibe coding as long as it's not used for anything that matters
Linux inventor also discusses Rust in the kernel, Nvidia's proprietary code, and the problem of AI crawlers
Linux and Git inventor Linus Torvalds discussed AI in software development in an interview earlier this month, describing himself as "fairly positive" about vibe coding, but as a way into computing, not for production coding where it would likely be horrible to maintain.…
- Cloudflare coughs, half the internet catches a cold
Outage leaves users staring at error pages while recovery crawls along
Updated Internet services provider Cloudflare is suffering a major outage that has knocked chunks of the web offline – including The Register.…
- Rust on the Moon? Far-side dirt says yes, actually
Chang'e 6's soil sample turns up iron oxides where none were supposed to exist
A Chinese-led team of boffins has uncovered tiny grains of hematite and maghemite in materials scooped from the Moon's far-side South Pole-Aitken Basin by the Chang'e 6 probe – iron oxides more at home on rusty tools on Earth than on our bone-dry satellite.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Microsoft warns its new AI! agents in Windows can install malware
Microsoft has just announced a whole slew of new AI! features for Windows, and this time, they�ll be living in your taskbar. Microsoft is trying to transform Windows into a “canvas for AI,” with new AI agents integrated into the Windows 11 taskbar. These new taskbar capabilities are designed to make AI agents feel like an assistant in Windows that can go off and control your PC and do tasks for you at the click of a button. It’s part of a broader overhaul of Windows to turn the operating system into an “agentic OS.” Microsoft is integrating a variety of AI agents directly into the Windows 11 taskbar, including its own Microsoft 365 Copilot and third-party options. “This integration isn’t just about adding agents; it’s about making them part of the OS experience,” says Windows chief Pavan Davuluri. ↫ Tom Warren at The Verge These AI! agents will control your computer, applications, and files for you, which may make some of you a little apprehensive, and for good reason. AI! tools don�t have a great track record when it comes to privacy � Windows Recall comes to mind � and as such, Microsoft claims this time, it�ll be different. These new AI! agents will run in what are essentially dedicated Windows accounts acting as sandboxes, to ensure they can only access certain resources. While I find the addition of these AI! tools to Windows insufferable and dumb, I�m at least glad Microsoft is taking privacy and security seriously this time, and I doubt Microsoft would repeat the same mistakes they made with the entirely botched rollout of Windows Recall. in addition, after the Cloudstrike fiasco, Microsoft made clear commitments to improve its security practices, which further adds to the confidence we should all have these new AI! tools are safe, secure, and private. But wait, what�s this? Additionally, agentic AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation. ↫ Microsoft support document about the new AI! features Microsoft�s new AI! features can go out and install malware without your consent, because these features possess the access and privileges to do so. The mere idea that some application � which is essentially what these AI! features really are � can go out onto the web and download and install whatever it wants, including malware, on your behalf!, in the background, is so utterly dystopian to me I just can�t imagine any serious developer looking at this and thinking yeah, ship it!. I�m living in an insane asylum.
- Run old versions of UNIX for PDP-11 and x86 on modern hardware
The contents of this repository allow older versions of UNIX (ancient UNIX) to run easily on modern Unix-like systems (Linux, FreeBSD, macOS, among others). ↫ Run ancient UNIX GitHub page With the guides in this repository, you can easily run Versions 1/5/7 UNIX and 2.11BSD UNIX for the PDP-11 and Version 7 UNIX for x86 (ported to x86 by Robert Nordier in 1999, with patches in 2006-2007). That�s it.
- Living my best Sun Microsystems ecosystem life in 2025
In my lifetime, there�s been one ecosystem I deeply regret having missed out on: the Sun Microsystems ecosystem of the late 2000s. At that time, the company offered a variety of products that, when used together, formed a comprehensive ecosystem that was a fascinating, albeit expensive alternative to Microsoft and Apple. While not really intended for home use, I�ve always believed that Sun�s approach to computing would�ve made for an excellent computing environment in the home. Since I was but a wee university student in the late 2000s living in a small apartment, I did not have the financial means nor the space to really test this hypothesis. Now, though, Sun�s products from that era are decidedly retro, and a lot more approachable � especially if you have incredibly generous readers. So sit down and buckle up, because we�ve got a long one today. If you wish to support OSNews and longform content like this, consider becoming a Patreon or donating to our Ko-Fi. Note that absolutely zero generative AI! was used in the writing of this article. No AI! writing aids, no AI! summaries, no ChatGPT, no Gemini search nonsense, nothing. I take pride in doing research and writing properly, without the aid! of digital parrots with brain damage, and if there�s any errors, they�re mine and mine alone. Take pride in your work and reject AI!. The Ultra 45: the central hub In the early 2000s, it had already become obvious that the future of workstations lied not with custom architectures, bespoke processors, and commercial UNIX variants, but with standard x86, off-the-shelf Intel and AMD processors, and Windows and Linux. The writing was on the wall, everyone knew it, and the ensuing consolidation on x86 turned into a veritable bloodbath. In the �80s and �90s, many of these ISAs were touted as vastly superior x86 killers, but fast-forward a decade or two, and x86 had bested them all in both price and performance, leaving behind a trail of dead ISAs. Never bet against x86. Virtually none of the commercial UNIX variants survived the one-two punch of losing the ISA they were married to and the rising popularity of Linux in the workstation space. HP-UX was tied to HP�s PA-RISC, and both died. SGI�s IRIX was tied to MIPS, and both died. Tru64 was tied to Alpha, and both died. The two exceptions are IBM�s AIX and Sun�s Solaris. AIX workstations were phased out, but AIX is still nominally in development for POWER servers, but wholly inaccessible to anyone who doesn�t wear a suit and has a massive corporate spending budget. Solaris, meanwhile, which had long been available on x86, saw its own! ISA SPARC live on in the server space until roughly 2017 or so, and was even briefly available as open source until Oracle did its thing. As a result, Solaris and its derivative Illumos are still nominally in active development, but in the grand scheme of things they�re barely even a blip on the radar in 2025. Never bet against Linux. During these tumultuous times, the various commercial UNIX vendors all pushed out systems that would become the final hurrahs of their respective UNIX workstation lines. DEC, then owned by HP, released its AlphaStation ES47 in 2003, marking the end of the road for Alpha and Tru64 UNIX. HP�s own PA-RISC architecture and HP-UX met their end with the HP c8000 (which I own), an all-out PA-RISC monster with two dual-core processors running at 1.1GHz. SGI gave its MIPS line of machines running IRIX a massive send-off with the enigmatic and rare Tezro in 2003. In 2005, IBM tried one last time with the IntelliStation POWER 285, followed a few months later by the heavily cut-down 185, the final AIX workstation. And Sun unveiled the Ultra 45, its final SPARC workstation, in 2006. Sun was already in the middle of its transition to x86 with machines like the Sun Java Desktop System and its successors, the Ultra 20 and 40, and then surprised everyone by reviving their UltraSPARC workstation line with the Ultra 25 and 45, which shared most � all? � of their enclosures with their x86 brethren. They were beautiful, all-aluminium machines with gorgeous interior layouts, and a striking full-grill front, somewhat inspired by the PowerMac G5 of that era. And ever since the Ultra 45 was rumoured in late 2005 and then became available in early 2006, I�ve been utterly obsessed with it. It�s taken almost two decades, but thanks to an unfathomably generous donation from KDE e.V. board member and FreeBSD contributor Adriaan de Groot, a very unique and storied Sun Ultra 45 and a whole slew of accessories showed up at my doorstep only a few weeks ago. Let�s look back upon this piece of history that is but a footnote to most, but a whole book to me � and experience Sun�s ecosystem from around 2006, today. First and foremost, I want to express my deep gratitude to Adriaan de Groot. Without him, none of this would have been possible, and I can�t put into words how grateful I am. He donated this Ultra 45 to me at no cost � not even the cost of shipping � and he also shipped another box to me containing a few Sun Ray thin clients, completing the late 2000s Sun ecosystem I now own. Since the Ultra 45 was technically owned by KDE e.V. � more on that below � I�d also like to thank the KDE e.V. Board for giving Adriaan permission for the donation. I�d also like to thank Volker A. Brandt, who sent me a Sun Ray 3, a few Ultra 45 hard drive brackets, and some other Sun goodies. The Sun Ultra 45 De Groot sent me was a base model with an upgraded GPU. It had a single UltraSPARC IIIi 1.6Ghz processor, 1GB of RAM, and the most powerful GPU Sun ever released for its SPARC workstation line, the Sun XVR-2500, a rebadged 3Dlabs Wildcat Realizm with
- Using Rust in Android speeds up development considerably
Google has been using Rust in Android more and more for its memory safety characteristics, and the results on that front were quite positive. It turns out, however, that not only does using Rust reduce the number memory safety issues, it�s also apparently a lot faster to code in Rust than C or C++. We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust�s impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one. ↫ Jeff Vander Stoep at the Google Security Blog When you think about it, it actually makes sense. If you have fewer errors of a certain type, you�ll spend less time fixing those issues, time which you can then spend developing new code. Of course, it�s not that simple and there�s a ton more factors to consider, but on a base level, it definitely makes sense. Spellcheck in word processors means you have to spend less time detecting and fixing spelling errors, so you have more time to spend on actually writing. I�m sure we�ll all be very civil about this, and nobody will be weird about Rust at all.
- Haiku gets new guarded heap for the kernel
Another month, another Haiku activity report, and this time we�ve got a major change under the hood: a brand new guarded heap. The old guarded heap was suboptimal and had started to lag behind, so the new one attempts to rectify some of these shortcomings. So, to rectify these limitations, I rewrote the kernel guarded heap more or less from scratch, taking the old code into account where it made sense but otherwise creating entirely new bookkeeping structures, interacting directly with the page table and virtual memory systems, and more. This new guarded heap implementation frees physical pages when not in use, meaning that the “virtual memory reuse disabled” mode now runs for quite long periods of time (indeed, I could successfully boot to the desktop and run compile jobs.) It also prints more diagnostics when kernel panics due to memory faults inside the heap happen, which the old kernel guarded heap didn’t (but the userland one has always done). ↫ Haiku�s activity report for October The new guarded heap is optional for now, but Haiku is planning on releasing some pre-built test builds so users can start testing it out. Of course, this isn�t the only change or improvement from this past month � the list of changes is long, but there�s no real tentpole features here. Haiku�s development pace is still very much on track.
- Google cancels plans to require Android application certification outside of the Play Store
Only a few months ago, Google announced it was going to require that all Android applications � even those installed outside of the Play Store � had to be verified. This led to a massive backlash, and it seems our protests and complaints have had effect: the company announced a change in plans today, and will, in fact, not require certification for installing applications outside of the Play Store. Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn�t verified. We are designing this flow specifically to resist coercion, ensuring that users aren�t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months. ↫ Matthew Forsythe Director at the Android Developers Blog While this is great news, I�m still concerned this is only temporary. Companies like Google have a tendency to announce some draconian measure to test the waters, walk it back in response to backlash, only to then reintroduce it through some sneaky backdoor a year later when nobody�s looking. Installing whatever we want on the devices we own should be a protected right, not something graciously afforded to us by our corporate overlords. If you think this is the end of this story, you�re a fool.
- Big news for small OpenBSD /usr partitions
Ever ran into issues using sysupgrade on OpenBSD because /usr ran out of space? OpenBSD developers are trying to address this issue. Firstly, Stuart Henderson (sthen@) modified the installer to increase free space prior to installing. Theo de Raadt (deraadt@) modified sysupgrade(8) so that, if space is too tight, it will fail gracefully rather than risk leaving the administrator with a broken system. ↫ OpenBSD Journal These are very welcome additions.
- Valve brings x86 gaming to ARM Linux with FEX
Valve announced a few new devices yesterday. There�s a new Steam console, which is essentially just a tiny PC with SteamOS installed � think of it as a Steam Deck without a display. Second, Valve finally released a new Steam Controller to go with the Steam console, which has taken them long enough. Lastly, there�s a brand new Steam VR headset, the Steam Frame. Other websites with actual access to these new devices will do a better job of covering them than I ever could, but I do want to highlight something crucially important about the Steam Frame: it contains a Snapdragon ARM processor, but can still run Steam and all of its games. How does this work? Well, after developing Proton to allow Windows games to run on Linux, Valve introduced! FEX, which will allow you to run x86 Windows games on ARM Linux. I put the quotation marks there because FEX was an existing project Valve invested heavily into in recent times, and it�s now at the point where Valve seems confident enough it will be capable of running enough x86 games on ARM Linux. As such, the Steam Frame runs full SteamOS with KDE Plasma, you can run x86 Steam games, and as an additional bonus, you can install Android APKs as well. I�ve yet to even try VR, because I�m not particularly interested in buying into any locked-down platform. The Steam Frame may be the first VR device I�ll buy � depending on price, of course � and the Steam console definitely looks like a great addition to the living room, too. My wife and I have little to no interesting in buying an Xbox or PS5, but having easy, no-hassle access to our massive Steam libraries on our TV will be awesome.
- VMS/XDE: an OpenVMS x86 development environment for Linux and Windows/WSL
VMS/XDE is an OpenVMS x86 development environment for Linux and WIndows (via WSL). It provides a familiar user experience for OpenVMS developers working in Linux and Windows yet offers 100% binary and file system compatilibilty with OpenVMS. VMS/XDE includes OpenVMS V9.2-3 user, supervisor and executive mode operating system environments and a set of x86 native compilers and layered products geared towards OpenVMS software development and testing. ↫ VMS/XDE website VMS/XDE is a beta version, and comes with the usual annoying OpenVMS x86 time bombs, this time exploding on 3 January 2026. If you intend to use the finalised commercial version after the beta period ends, you�ll have to employ the same licenses as regular OpenVMS. It�s a bit of a mess, but that�s the OpenVMS way, sadly � and I don�t blame them, either, as I�m sure they�re hamstrung by a ton of agreements and restrictions imposed upon them by HP. Regardless, VMS/XDE brings a zero setup OpenVMS environment to the operating system you�re already using, making it easier to develop and cross-compile for the platform. I still have absolutely no clue just how many people OpenVMS is still relevant for, but I absolutely adore the fact VMS Software Inc. is working on this. In a world where so many of its former competitors are being held hostage by corporate indifference, it�s refreshing to see VMS still moving forward.
- Plasma Mobile 6.5 keeps improving
As part of the KDE Plasma 6.5 release, we also got a new release of Plasma Mobile. As there�s a lot of changes, improvements, and new features in Plasma Mobile 6.5, the Plasma Mobile Team published a blog post to highlight them all. The biggest improvement is probably the further integration of Waydroid, a necessary evil to run Android applications until the Plasma Mobile ecosystem manages to become a bit more well-rounded. Waydroid can now be managed straight from the settings application and the quick settings dropdown. Furthermore, the lockscreen has been improved considerably, there�s been a ton of polish for the home screen and the user interface in general, the quick settings panel can now be customised to make it fit better on different form factors, the first early test version of the new Plasma mobile keyboard is included, and so much more. This is definitely a release I would want to try out, but since I don�t have any of the supported devices, I�m a bit stuck. This is, of course, one of the two major problems facing proper mobile Linux: the lack of device support. It�s improving due to the tireless work of countless volunteers, but they�re always going to be swimming upstream. The other major problem is, of course, application availability, but at least Waydroid can bridge the gap for the adventurous among us.
- Tribblix m38 released
Tribblix, the Illumos distribution focused on giving you a classic UNIX-style experience, has released a new version. Milestone 38 isn�t the most consequential release of all time, but it does bring a few small changes accompanied by the usual long list of updated open source packages. The zap install command now installs dependencies by default, while zap create-user will now restrict new home directories to mode 0700 by default. Meanwhile, int16h at Cryogenix published an article about using a Bhyve VM running FreeBSD to act as a Wi-Fi bridge for laptops with 802.11xx chips that Tribblix doesn�t support. This is a great, albeit somewhat convoluted option if your hardware uses any Wi-Fi chips Tribblix doesn�t support. There�s honestly a solution for everything, isn�t there?
- Setting up a combined 68k/PA-RISC HP-UX 9 cluster
Jonathan Pallant got lucky and managed to score a massive haul of �90s UNIX workstations, one of which was an HP 9000 Model 340, a HP-UX workstation built around a Motorola 68030 processor at 16.7 MHz. It doesn�t come with a hard drive or even a floppy controller, though, so he decided to borrow a PA-RISC-based HP 9000 Model 705 to set up an HP-UX 9 cluster. But wait, how does that work, when we�re dealing with two entirely different architectures? What�s more fun though, is putting it into a cluster with the Model 705 and network booting it. Yes, that a 68030 machine network booting from a PA-RISC machine 0 and`sharing the same root filesystem. But aren�t PA-RISC binaries and 68K binaries quite different? Oh yes, they really are. So, how does that work? ↫ Jonathan Pallant HP-UX is far more interesting and fascinating than a lot of people give it credit for, and while my interest lies with HP-UX 11i, I find what Pallant is doing here with HP-UX 9 just as fascinating. You first need to install HP-UX 9 for PA-RISC on the 700 series machine, convert it to a cluster server, and then install HP-UX 9 for 68k on top of that PA-RISC installation. After this is done, you effectively end up with a single root file system that contains both PA-RISC and 68k binaries, and you can network boot the 68k-based Model 340 right from it � using the same root filesystem on both machines. Absolutely wild. No, these are not universal binaries or some other trick you might know of from more modern system. In fact, installing the 68k version of HP-UX 9 into! the PA-RISC HP-UX 9 cluster server, you end up with something called a Context Dependent Filesystem. To get a better idea of what this means and how this works, you should really head on over to Pallant�s excellent article for all the details.
- Ironclad 0.7.0 and 0.8.0 released, adds RISC-V support
We�ve talked about Ironclad a few times, but there�s been two new releases since the 0.6.0 release we covered last, so let�s see what the project�s been up to. As a refresher, Ironclad is a formally verified, hard real-time capable kernel written in SPARK and Ada. Versions 0.7.0 and 0.8.0 improved support for block device caching, added a basic NVMe driver, added support for x86’s SMAP, switched from KVM to NVMM for Ironclad’s virtualization interface, and much, much more. In the meantime, Ironclad also added support for RISC-V, making it usable on any 64 bit RISC-V target that supports a Limine-protocol compatible bootloader. The easiest way to try out Ironclad is to download Gloire, a distribution that uses Ironclad and the GNU tools. It can be installed in both a virtual machine and on real hardware.
- Mac OS 7.6 and 8 for CHRP releases discovered
For those of us unaware � unlikely on OSNews, but still � for a hot minute in the second half of the �90s, Apple licensed its Mac OS to OEMs, resulting in officially sanctioned Mac clones from a variety of companies. While intended to grow the Mac�s market share, what ended up happening instead is that the clone makers outcompeted Apple on performance, price, and features, with clones offering several features and capabilities before Apple did � for far lower prices. When Steve Jobs returned to Apple, he killed the clone program almost instantly. The rather abrupt end of the clone program means there�s a number of variants of the Mac OS that never made their way into the market, most notable variants intended for the Common Reference Hardware Platform, or CHRP, a standard defined by IBM and Apple for PowerPC-based PCs. Thanks to the popular classic Mac YouTuber Mac84, we now have a few of these releases out in the wild. These CDs contain release candidates for Mac OS 7.6 and Mac OS 8 for CHRP (Common Hardware Reference Platform) systems. They were created to support CHRP computers, but were never released, likely due to Steve Jobs returning to Apple in September 1997 and eliminating the Mac Clone program and any CHRP efforts. ↫ Mac OS 7.6/8 CHRP releases page Mac84 has an accompanying video diving into more detail about these individual releases by booting and running them in an emulator, so we can get a better idea of what they contain. While most clone makers only got access to Mac OS 7.x, some of them did, in fact, gain access to Mac OS 8, namely UMAX and Power Computing (the latter of which was acquired by Apple). It�s not the clone nature of these releases that make them special, but the fact they�re CHRP releases is. This reference platform was a failure in the market, and only a few of IBM�s own machines and some of Motorola�s PowerStack machines properly supported it. Apple, meanwhile, only aid minor lip service to CHRP in its New World Power Macintosch machines.
- FreeBSD now builds reproducibly and without root privilege
The FreeBSD Foundation is pleased to announce that it has completed work to build FreeBSD without requiring root privilege. We have implemented support for all source release builds to use no-root infrastructure, eliminating the need for root privileges across the FreeBSD release pipeline. This work was completed as part of the`program commissioned by the Sovereign Tech Agency. ↫ FreeBSD Foundation blog This is great news in and of itself, but there�s more: FreeBSD has also improved build reproducability. This means that given the same source input, you should end up with the same binary output, which is an important part of building a verifiable chain of trust. These two improvements combined further add to making FreeBSD a trustworthy, secure option � something it already is anyway. In case you haven�t noticed, the FreeBSD project and its countless contributors are making a ton of tangible progress lately on a wide variety of topics, from improving desktop use, to solidifying Wi-Fi support, to improving the chain of trust. I think the time is quite right for FreeBSD to make some inroads in the desktop UNIX-y space, especially for people to whom desktop Linux has strayed too far from the traditional UNIX philosphy (whatever that means).
- LXQt 2.3.0 released
LXQt, the other Qt desktop environment, released version 2.3.0. This new version comes roughly six months after 2.2.0, and continues the project�s adoption of Wayland. The enhancement of Wayland support has been continued, especially in LXQt Panel, whose Desktop Switcher is now enabled for Labwc, Niri, …. It is also equipped with a backend specifically for Wayfire. In addition, the Custom Command plugin is made more flexible, regardless of Wayland and X11. ↫ LXQt 2.3.0 release announcement The screenshot utility has been improved as well, and lxqt-qdbus has been added to lxqt-wayland-session to make qdbus commands easier to use with all kinds of Wayland compositors.
- Firefox 145: A Major Release with 32-Bit Linux Support Dropped
by George Whittaker Introduction
Mozilla has rolled out Firefox 145, a significant update that brings a range of usability, security and privacy enhancements, while marking a clear turning point by discontinuing official support for 32-bit Linux systems. For users on older hardware or legacy distros, this change means it’s time to consider moving to a 64-bit environment or opting for a supported version.
Here’s a detailed look at what’s new, what’s changed, and what you need to know.
Major Changes in Firefox 145End of 32-Bit Linux Builds
One of the headline items in this release is Mozilla’s decision to stop building and distributing Firefox for 32-bit x86 Linux. As per their announcement:
“32-bit Linux (on x86) is no longer widely supported by the vast majority of Linux distributions, and maintaining Firefox on this platform has become increasingly difficult and unreliable.”
From Firefox 145 onward, only 64-bit (x86_64) and relevant 64-bit architectures (such as ARM64) will be officially supported. For those still running 32-bit Linux builds, Mozilla recommends migrating to 64-bit or switching to the Extended Support Release (ESR) branch (Firefox 140 ESR) which still supports 32-bit for a limited period.
Usability & Interface Enhancements
Firefox 145 brings several improvements designed to make everyday web browsing smoother and more flexible:
PDF viewer enhancements: You can now add, edit, and delete comments in PDFs, and a comments sidebar helps you easily navigate your annotations.
Tab-group preview: When you hover over the name of a collapsed tab group, a thumbnail preview of the tabs inside appears, helpful for reorganizing or returning to work.
Access saved passwords from the sidebar, without needing to open a new tab or window.
“Open links from apps next to your active tab” setting: When enabled, links opened from external applications insert next to your current tab instead of at the end of the tab bar.
Slight UI refinements: Buttons, input fields, tabs and other elements get more rounded edges, horizontal tabs are redesigned to align with vertical-tab aesthetics.
Privacy, Security & Under-the-Hood Upgrades
Mozilla has also doubled down on privacy and risk reduction:
Fingerprinting defenses: Firefox 145 introduces new anti-fingerprinting techniques that Mozilla estimates reduce the number of users identified as unique by nearly half when Private Browsing mode or Enhanced Tracking Protection (strict) is used.
Go to Full Article
- MX Linux 25 ‘Infinity’ Arrives: Debian 13 ‘Trixie’ Base, Modern Tools & A Fresh Installer
by George Whittaker Introduction
The team behind MX Linux has just released version 25, carrying the codename “Infinity”, and it brings a significant upgrade by building upon the stable base of Debian 13 “Trixie”. Released on November 9, 2025, this edition doesn’t just refresh the desktop, it introduces modernized tooling, updated kernels, dual init-options, and installer enhancements aimed at both newcomers and long-time users.
In the sections that follow, we’ll walk through the key new features of MX Linux 25, what’s changed for each desktop edition, recommended upgrade or fresh-install paths, and why this release matters in the wider Linux-distribution ecosystem.
What’s New in MX Linux 25 “Infinity”
Here are the headline changes and improvements that define this release:
Debian 13 “Trixie” Base
By moving to Debian 13, Infinity inherits all the stability, security updates, and broader hardware support of the latest Debian stable release. The base system now aligns with Trixie’s libraries, kernels, and architecture support.
Kernel Choices & Hardware Support
The standard editions ship with the Linux 6.12 LTS kernel series, offering a solid baseline for most hardware.
For newer hardware or advanced users, the “AHS” (Advanced Hardware Support) variants and the KDE Plasma edition adopt a Liquorix-flavored Linux 6.16 (or 6.15 in some variants) kernel, maximizing performance and compatibility with cutting-edge setups.
Dual Init Option: systemd and SysVinit
Traditionally associated with lighter-weight init options, MX Linux now offers both systemd by default and SysVinit editions (particularly for Xfce and Fluxbox variants). This gives users the freedom to choose their init system preference without losing new features.
Updated Desktop Environments
Xfce edition: Ships with Xfce 4.20. Improvements include a revamped Whisker Menu, updated archive management tools (Engrampa replacing File Roller in some editions).
KDE Plasma edition: Uses KDE Plasma 6.3.6, defaults to Wayland for a modern session experience (with X11 still optionally available), adds root-actions and service menus to Dolphin, and switches TLP out for power-profiles-daemon to resolve power widget issues.
Fluxbox edition: Offers a more minimal, highly customizable environment: new panel layouts, updated “appfinder” configs for Rofi, toolbar changes and themes refined. Defaults the audio player to Audacious (instead of the older DeaDBeeF).
Go to Full Article
- Arch Linux November 2025 ISO: Fresh Snapshot, Smarter Installer (Archinstall 3.0.12) & Pacman 7.1
by George Whittaker
Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:
Archinstall 3.0.12 – a more polished, smarter TUI installer
Pacman 7.1 – a package manager update with stricter security and better tooling
If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.
Why Arch Still Ships Monthly ISOs in a Rolling World
Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:
sudo pacman -Syu
…but in practice, that’s painful:
Huge initial update downloads
Possible breakage jumping across many months of changes
Outdated installer tooling
That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:
Start with a current kernel and userland
Spend less time updating right after install
Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)
The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.
What’s Inside the November 2025 ISO (2025.11.01)
The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:
Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.
Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.
The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.
You can download it from the official Arch Linux download page or via BitTorrent mirrors.
One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.
Archinstall 3.0.12: What’s Actually New?
Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.
Go to Full Article
- AMD Confirms Zen 5 RNG Flaw: When ‘Random’ Isn’t Random Enough
by George Whittaker
AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.
Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.
What AMD Just Confirmed
AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:
Return the value 0 from RDSEED far more often than true randomness would allow
Still signal “success” (carry flag CF=1), so software thinks it got a good random value
The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.
Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.
AMD classifies the impact as:
Loss of confidentiality and integrity (High severity).
How the Vulnerability Works (In Plain English)What RDSEED Is Supposed to Do
Modern CPUs expose hardware instructions like RDRAND and RDSEED:
RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.
RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).
Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.
What’s Going Wrong on Zen 5
On affected Zen 5 CPUs:
The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.
Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.
In cryptographic terms, this means:
Entropy can be dramatically reduced (many key bits become predictable or even fixed).
Keys or nonces derived from those values can become partially or fully guessable.
Go to Full Article
- The Most Critical Linux Kernel Breaches of 2025 So Far
by George Whittaker
The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.
CVE-2025-21756 – Use-After-Free in the vsock Subsystem
One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.
How the exploit works:A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.
Why it matters:Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.
Mitigation:Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.
CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets
Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.
Attack scenario:A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.
Why it matters:This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.
Mitigation:Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.
CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers
In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Go to Full Article
- Steam Deck 2 Rumors Ignite a New Era for Linux Gaming
by George Whittaker
The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.
What the Rumours Suggest
Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:
Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.
A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.
One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.
Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.
In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.
Why This Matters for Linux Gaming
The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:
Validation of SteamOS & Linux Gaming
The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.
Handheld PC Ecosystem Momentum
Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.
Go to Full Article
- Kali Linux 2025.3 Lands: Enhanced Wireless Capabilities, Ten New Tools & Infrastructure Refresh
by George Whittaker Introduction
The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.
In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.
What’s New in Kali Linux 2025.3
This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.
Tooling Additions: Ten Fresh Packages
One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:
Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).
Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.
Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.
krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.
ligolo-mp – a multiplayer pivoting solution for network-lateral movement.
llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).
mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.
patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).
vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.
Go to Full Article
- VMScape: Cracking VM-Host Isolation in the Speculative Execution Age & How Linux Patches Respond
by George Whittaker Introduction
In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.
Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.
In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).
What VMScape Is & Why It MattersThe Basics of Speculative Side-Channels
Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.
One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.
VMScape: Guest to Host via Branch Predictor
VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”
Here are the key elements making VMScape significant:
The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).
Go to Full Article
- Self-Tuning Linux Kernels: How LLM-Driven Agents Are Reinventing Scheduler Policies
by George Whittaker Introduction
Modern computing systems rely heavily on operating-system schedulers to allocate CPU time fairly and efficiently. Yet many of these schedulers operate blindly with respect to the meaning of workloads: they cannot distinguish, for example, whether a task is latency-sensitive or batch-oriented. This mismatch, between application semantics and scheduler heuristics, is often referred to as the semantic gap.
A recent research framework called SchedCP aims to close that gap. By using autonomous LLM‐based agents, the system analyzes workload characteristics, selects or synthesizes custom scheduling policies, and safely deploys them into the kernel, without human intervention. This represents a meaningful step toward self-optimizing, application-aware kernels.
In this article we will explore what SchedCP is, how it works under the hood, the evidence of its effectiveness, real-world implications, and what caveats remain.
Why the Problem Matters
At the heart of the issue is that general-purpose schedulers (for example the Linux kernel’s default policy) assume broad fairness, rather than tailoring scheduling to what your application cares about. For instance:
A video-streaming service may care most about minimal tail latency.
A CI/CD build system may care most about throughput and job completion time.
A cloud analytics job may prefer maximum utilisation of cores with less concern for interactive responsiveness.
Traditional schedulers treat all tasks mostly the same, tuning knobs generically. As a result, systems often sacrifice optimisation opportunities. Some prior efforts have used reinforcement-learning techniques to tune scheduler parameters, but these approaches have limitations: slow convergence, limited generalisation, and weak reasoning about why a workload behaves as it does.
SchedCP starts from the observation that large language models can reason semantically about workloads (expressed in plain language or structured summaries), propose new scheduling strategies, and generate code via eBPF that is loaded into the kernel via the sched_ext interface. Thus, a custom scheduler (or modified policy) can be developed specifically for a given workload scenario, and in a self-service, automated way.
Architecture & Key Components
SchedCP comprises two primary subsystems: a control-plane framework and an agent loop that interacts with it. The framework decouples “what to optimise” (reasoning) from “how to act” (execution) in order to preserve kernel stability while enabling powerful optimisations.
Here are the major components:
Go to Full Article
- Bcachefs Ousted from Mainline Kernel: The Move to DKMS and What It Means
by George Whittaker Introduction
After years of debate and development, bcachefs—a modern copy-on-write filesystem once merged into the Linux kernel—is being removed from mainline. As of kernel 6.17, the in-kernel implementation has been excised, and future use is expected via an out-of-tree DKMS module. This marks a turning point for the bcachefs project, raising questions about its stability, adoption, and relationship with the kernel development community.
In this article, we’ll explore the background of bcachefs, the sequence of events leading to its removal, the technical and community dynamics involved, and implications for users, distributions, and the filesystem’s future.
What Is Bcachefs?
Before diving into the removal, let’s recap what bcachefs is and why it attracted attention.
Origin & goals: Developed by Kent Overstreet, bcachefs emerged from ideas in the earlier bcache project (a block-device caching layer). It aimed to build a full-featured, general-purpose filesystem combining performance, reliability, and modern features (snapshots, compression, encryption) in a coherent design.
Mainline inclusion: Bcachefs was merged into the mainline kernel in version 6.7 (released January 2024) after a lengthy review and incubation period.
“Experimental” classification: Even after being part of the kernel, bcachefs always carried disclaimers about its maturity and stability—they were not necessarily recommends for production use by all users.
Its presence in mainline gave distributions a path to ship it more casually, and users had easier access without building external modules—an important convenience for adoption.
What Led to the Removal
The excision of bcachefs from the kernel was not sudden but the culmination of tension over development practices, patch acceptance timing, and upstream policy norms.
“Externally Maintained” status in 6.17
In kernel 6.17’s preparation, maintainers marked bcachefs as “externally maintained.” Though the code remained present, the change signified that upstream would no longer accept new patches or updates within the kernel tree.
This move allowed a transitional period. The code was “frozen” inside the tree to avoid breaking existing systems immediately, while preparation was made for future removal.
Go to Full Article
|
