|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- [$] Removing Guix from Debian
As a rule, if a package is shipped with a Debian release, users cancount on it being available, and updated, for the entirelife of the release. If package foo is included in the stablerelease—currently Debian 13("trixie")—a user canreasonably expect that it will continue to be available with securitybackports as long as that release is supported, though it may not beincluded in Debian 14 ("forky"). However, it is likely that theGuix package manager will soonbe removed from the repositories for Debian 13 andDebian 12 ("bookworm", also called oldstable).
- The hidden vulnerabilities of open source (FastCode)
The FastCode site has alengthy article on how large language models make open-source projectsfar more vulnerable to XZ-style attacks.
Open source maintainers, already overwhelmed by legitimate contributions, have no realistic way to counter this threat. How do you verify that a helpful contributor with months of solid commits isn't an LLM generated persona? How do you distinguish between genuine community feedback and AI created pressure campaigns? The same tools that make these attacks possible are largely inaccessible to volunteer maintainers. They lack the resources, skills, or time to deploy defensive processes and systems.
The detection problem becomes exponentially harder when LLMs can generate code that passes all existing security reviews, contribution histories that look perfectly normal, and social interactions that feel authentically human. Traditional code analysis tools will struggle against LLM generated backdoors designed specifically to evade detection. Meanwhile, the human intuition that spot social engineering attacks becomes useless when the "humans" are actually sophisticated language models.
- Security updates for Tuesday
Security updates have been issued by AlmaLinux (kernel, mod_http2, postgresql, postgresql:15, and python39:3.9), Debian (libsndfile), Mageia (ceph, glibc, and golang), Oracle (postgresql and python39:3.9), Red Hat (aide, postgresql:12, postgresql:13, postgresql:15, and postgresql:16), SUSE (git, govulncheck-vulndb, jetty-minimal, nginx, python-future, and ruby2.5), and Ubuntu (imagemagick).
- GNOME loses another executive director
The GNOME Foundation has announcedthat Steven Deobald will be leaving the position of Executive Directorafter just four months.
We are extremely grateful to Steven for all this and more. Despite these many positive achievements, Steven and the board have come to the conclusion that Steven is not the right fit for the Executive Director role at this time. We are therefore bidding Steven a fond farewell.
- [$] The future of 32-bit support in the kernel
Arnd Bergmann started his OpenSource Summit Europe 2025 talk with a clear statement of position: 32-bitsystems are obsolete when it comes to use in any sort of new products. Theonly reason to work with them at this point is when there is existinghardware and software to support. Since Bergmann is the overall maintainerfor architecture support in the kernel, he is frequently asked whether32-bit support can be removed. So, he concluded, the time has come to talkmore about that possibility.
- Security updates for Monday
Security updates have been issued by AlmaLinux (postgresql16, postgresql:16, python3.11, and thunderbird), Debian (firebird4.0, libcommons-lang3-java, mbedtls, nodejs, openvpn, and ruby-saml), Fedora (cef, chromium, docker-buildx, exiv2, firefox, rocm-rpp, and udisks2), Oracle (postgresql:16), Red Hat (fence-agents, firefox, gdk-pixbuf2, httpd, kernel, kernel-rt, libarchive, libxml2, multiple packages, postgresql, postgresql16, postgresql:15, postgresql:16, python3.11, python3.12, python39:3.9, and thunderbird), Slackware (udisks2), SUSE (go-sendxmpp, helm, ImageMagick, javamail, jq, kea, kernel, libarchive, libsoup, libssh, libxml2, openssl-3, postgresql14, postgresql15, python, python-future, systemd, and xz), and Ubuntu (open-vm-tools and python2.7).
- Kernel prepatch 6.17-rc4
Linus has released 6.17-rc4 for testing."So it all looks fairly good.Please do keep testing, and we'll get 6.17 out in a timely manner andin good shape."
- Bcachefs goes to "externally maintained"
Linus Torvalds has quietly changedthe maintainer status of bcachefs to "externally maintained",indicating that further changes are unlikely to enter the mainline anytimesoon. This change also suggests, though, that the immediate removal ofbcachefs from the mainline kernel is not in the cards.
- [$] The challenge of maintaining curl
Keynote sessions at Open Source Summit events tend not to allow much time fordetailed talks, and the 2025 OpenSource Summit Europe did not diverge from that pattern. Even so,Daniel Stenberg, the maintainer of the curlproject, managed to cram a lot into the 15 minutes given to him.Like the maintainers of many other projects, Stenberg is feeling somestress, and the problems appear to be getting worse over time.
- [$] Highlights from systemd v258: part one
The next release of systemd has been percolating for an unusuallylong time. Systemd releases are usually about six months apart, butv257 came out inDecember 2024, and v258 just now seems to be nearing the finishline; the third release candidate for v258 was published onAugust 20 (releasenotes). Now is a good time to dig in and take a look at some ofthe new features, enhancements, and removals coming soon tosystemd. These include new workload-management features, a concept formultiple home-directory environments, and the final, once-and-for-allremoval of support for controlgroups version 1.
- Security updates for Friday
Security updates have been issued by AlmaLinux (aide, fence-agents, firefox, kernel-rt, python-cryptography, and thunderbird), Debian (golang-github-gin-contrib-cors, libxml2, and udisks2), Fedora (chromium), Oracle (postgresql16, postgresql:16, python3.11, and thunderbird), Red Hat (lz4 and mpfr), SUSE (chromium, docker, dpkg, firefox, gdk-pixbuf, git, git, git-lfs, obs-scm-bridge, python-PyYAML, gnutls, kernel, libarchive, libxml2, net-tools, netty, perl-Crypt-CBC, polkit, postgresql14, postgresql15, sqlite3, thunderbird, tomcat10, and udisks2), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-gcp, linux-hwe-6.14, linux-raspi, linux-realtime, linux-realtime-6.14, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-oracle-6.8, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-gke, linux-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi, linux-gke, linux-kvm, linux-oem-6.14, linux-realtime, linux-intel-iot-realtime, linux-realtime, linux-raspi-realtime, openldap, and udisks2).
- Python: The Documentary
Attendees at EuroPython had the chance to preview part ofPython: The Documentary during akeynote panel. The full film, created by CultRepo, is now available on YouTube:
This is the story of the world's most beloved programming language:Python. What began as a side project in Amsterdam during the 1990sbecame the software powering artificial intelligence, data science andsome of the world's biggest companies. But Python's future wasn'tcertain; at one point it almost disappeared.
This 90-minute documentary features Guido van Rossum, TravisOliphant, Barry Warsaw, and many more, and they tell the story ofPython's rise, its community-driven evolution, the conflicts thatalmost tore it apart, and the language's impact on... well...everything.
The videoof the keynote is also available.
- Seven stable kernels for Thursday
Greg Kroah-Hartman has announced the release of the 6.16.4, 6.12.44, 6.6.103, 6.1.149, 5.15.190, 5.10.241, and 5.4.297 stable Linux kernels. Each onecontains important fixes.
- [$] Changing GNOME technical governance?
The GNOME project, which recently celebrated its28th birthday, has never had a formal technical governance; progresshas been driven by individuals and groups that advocated for—and workedtoward—a particular goal in an ad hoc fashion. Longtime GNOME contributorEmmanuele Bassi would like to see that change by adding cross-project teamsand a steering committee for the project; to that end, he gave a talk (YouTubevideo) at GUADEC 2025in late July on his idea to establish some technical governance for theproject. He also put together a blogpost with his notes from the talk. The audience reaction wasfavorable, so he has followed up on the GNOME discussion forum with an RFC ongovernance to try to move the effort along.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (aide, firefox, kernel, and mod_http2), Debian (chromium and unbound), Fedora (mod_auth_openidc), Oracle (fence-agents and kernel), SUSE (ignition, jetty-minimal, kernel, libmozjs-128-0, matrix-synapse, postgresql13, postgresql15, postgresql16, and postgresql17), and Ubuntu (kernel).
- New GIMP Plug-In Integrates Google Gemini AI Image Creation
Separate from yesterday's upstream new GIMP 3.2 development release, open-source developer Josh Ellithorpe announced the creation of a new GIMP plug-in dubbed "Dream Prompter" for bringing the power of Google's Gemini 2.5 Flash Image Preview model to this open-source photo/image editing software...
- FFmpeg swscale Rewrite Begins Landing With 2.6x Faster Overall, As Much As 254x
Now that FFmpeg 8.0 has shipped for this widely-used multimedia library, development is back on of major feature work toward the next major release. Landing on Monday was the initial code for a major rewrite to the swscale code in providing a new framework that is faster and more maintainable/extensible moving forward...
- Fedora ARM Release Changes Due To Red Hat QA Team Reduction
Due to a "significant portion" of Red Hat's internal QA team responsible for Fedora QA leaving the company or switching to other teams at Red Hat, there are some Fedora ARM release changes coming to deal with the reduced abilities of their quality assurance team...
- Customizing KDE Plasma 6 | Simple Graphite Light Setup
Customize your KDE Plasma 6 desktop with the Simple Graphite Light theme for a clean and modern look. In this video, I’ll guide you through the setup, accent colors, and icon packs to make your Linux desktop look elegant and lightweight. Perfect for anyone who loves minimal design!
- AAEON UP Rolls Out Linux-Ready Intel Development Kits for Edge AI
AAEON’s UP brand has unveiled a new line of development kits aimed at edge AI workloads. The series includes the UP TWL AI Dev Kit, UP Squared Pro TWL AI Dev Kit, and UP Xtreme ARL AI Dev Kit, providing developers with entry-level, mid-tier, and high-end options. The kits combine Intel processors with optional AI […]
- Dozens of Scientists Find Errors in a New Energy Department Climate Report
A group of more than 85 scientists have issued a joint rebuttal to a recent U.S. Department of Energy report about climate change, finding it full of errors and misrepresenting climate science. NPR: The group of climate scientists found several examples where the DOE authors cherry-picked or misrepresented climate science in the agency's report. For instance, in the DOE report the authors claim that rising carbon dioxide can be a "net benefit" to U.S. agriculture, neglecting to mention the negative impacts of more heat and climate-change fueled extreme weather events on crops. The DOE report also states that there is no evidence of more intense "meteorological" drought in the U.S. or globally, referring to droughts that involve low rainfall. But the dozens of climate scientists point out that this is misleading, because higher temperatures and more evaporation -- not just low rainfall -- can lead to and exacerbate droughts. They say that there are, in fact, many studies showing how climate change has exacerbated droughts.
Read more of this story at Slashdot.
- Waymo Expands to Denver and Seattle
Waymo is expanding its U.S. robotaxi footprint by bringing its Jaguar I-Pace SUVs and Zeekr vans to Denver and Seattle. Testing is set to begin this week, with commercial rides expected as early as 2026. TechCrunch reports: The vehicles will be manually driven to start, before the company starts testing its autonomous tech in both cities. Waymo told TechCrunch that it hopes to start offering robotaxi trips in Denver next year and the Seattle metropolitan area "as soon as we're permitted to do so." Denver and Seattle will be two of the most extreme-weather cities that Waymo is feeling out, giving it a chance to test out its tech in snow, wind, and rain that is harder to come by in places like Phoenix. The report notes that Waymo currently operates more than 2,000 robotaxis in the U.S., concentrated in cities like San Francisco, Los Angeles, Phoenix, Austin, and Atlanta. The self-driving car company is expanding to Dallas, Miami, Washington D.C., and New York, while also "dipping its toes" in additional markets such as Philadelphia, Las Vegas, and Houston. Further reading: 'Why Do Waymos Keep Loitering in Front of My House?'
Read more of this story at Slashdot.
- Paramount and Activision Team For 'Call of Duty' Movie
Paramount and Activision are teaming up to produce a live-action Call of Duty movie, with Paramount promising the same blockbuster treatment it gave Top Gun: Maverick. David Ellison, Chairman and CEO of Paramount, said in a statement: "As a lifelong fan of Call of Duty this is truly a dream come true. From the first Allied campaigns in the original Call of Duty, through Modern Warfare and Black Ops, I've spent countless hours playing this franchise that I absolutely love. Being entrusted by Activision and players worldwide to bring this extraordinary storytelling universe to the big screen is both an honor and a responsibility that we don't take lightly. We're approaching this film with the same disciplined, uncompromising commitment to excellence that guided our work on Top Gun: Maverick, ensuring it meets the exceptionally high standards this franchise and its fans deserve. I can promise that we are resolute in our mission to deliver a cinematic experience that honors the legacy of this one-in-a-million brand -- thrilling longtime fans of Call of Duty while captivating a whole new generation." Rob Kostich, President of Activision, also commented: "Throughout its history, Call of Duty has captured our imagination with incredible action and intense stories that have brought millions of people together from around the world, and that focus on making incredible Call of Duty games remains unwavering. With Paramount, we have found a fantastic partner who we will work with to take that visceral, breathtaking action to the big screen in a defining cinematic moment. The film will honor and expand upon what has made this franchise great in the first place, and we cannot wait to get started. Our shared goal is quite simple -- to create an unforgettable blockbuster movie experience that our community loves, and one that also excites and inspires new fans of the franchise."
Read more of this story at Slashdot.
- Frostbyte10 Bugs Put Thousands of Refrigerators At Major Grocery Chains At Risk
An anonymous reader quotes a report from The Register: Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions. The flaws, collectively called Frostbyte10, affect Copeland E2 and E3 controllers, used to manage critical building and refrigeration systems, such as compressor groups, condensers, walk-in units, HVAC, and lighting systems. Three received critical-severity ratings. Operational technology security firm Armis found and reported the 10 bugs to Copeland, which has since issued firmware updates that fix the flaws in both the E3 and the E2 controllers. The E2s reached their official end-of-life in October, and affected customers are encouraged to move to the newer E3 platform. Upgrading to Copeland firmware version 2.31F01 mitigates all the security issues detailed here, and the vendor recommends patching promptly. In addition to the Copeland updates, the US Cybersecurity and Infrastructure Security Agency (CISA) is also scheduled to release advisories today, urging any organization that uses vulnerable controllers to patch immediately. Prior to these publications, Copeland and Armis execs spoke exclusively to The Register about Frostbyte10, and allowed us to preview an Armis report about the security issues. "When combined and exploited, these vulnerabilities can result in unauthenticated remote code execution with root privileges," it noted.[...] To be clear: there is no indication that any of these vulnerabilities were found and exploited in the wild before Copeland issued fixes. However, the manufacturer's ubiquitous reach across retail and cold storage makes it a prime target for all manner of miscreants, from nation-state attackers looking to disrupt the food supply chain to ransomware gangs looking for victims who will quickly pay extortion demands to avoid operational downtime and food spoilage.
Read more of this story at Slashdot.
- Chrome Increases Its Overwhelming Market Share, Now Over 70%
Chrome has extended its dominance in the browser wars, surpassing 70% market share on desktops while Edge, Safari, Firefox, and Opera trail far behind. Neowin reports: According to [Statcounter], in August 2025, Chrome kept on increasing its overwhelming market share, which is now above the 70% mark (70.25%, to be precise) in the desktop browser market. The gap between Chrome and its closest competitor, Microsoft Edge, is immense, with Edge holding just 11.8% (+0.01 points over the previous month). Apple's Safari is third with 6.34% (+1.04 points); Firefox has 4.94% (-0.36 points); and Opera is fifth with a modest 2.06% market share (-0.13 points). Things look similar on the mobile side of the market, with Google Chrome having 69.15% (+1.92 points) and Safari being second with 20.32% (-2.2 points). Samsung Internet is third with 3.33% (-0.17 points). As for Microsoft Edge, its mobile share is only 0.59% (+0.06 points). The findings can be found here.
Read more of this story at Slashdot.
- SAP To Invest Over 20 Billion Euros In 'Sovereign Cloud'
SAP will invest over 20 billion euros ($23 billion) in European sovereign cloud infrastructure over the next decade. "Innovation and sovereignty cannot be two separate things -- it needs to come together," said Thomas Saueressig, SAP's board member tasked with leading customer services and delivery. CNBC reports: The company said it was expanding its sovereign cloud offerings to include an infrastructure-as-a-service (IaaS) platform enabling companies to access various computing services via its data center network. IaaS is a market dominated by players like Microsoft and Amazon. It will also roll out a new on-site option that allows customers to use SAP-operated infrastructure within their own data centers. The aim of the initiative is to ensure that customer data is stored within the European Union to maintain compliance with regional data protection regulations such as the General Data Protection Regulation, or GDPR. [...] Saueressig said that SAP is "closely" involved in the creation of the new AI gigafactories but would not be the lead partner for the initiative. He added that the company's more than 20-billion-euro investment in Europe's sovereign cloud capabilities will not alter the company's capital expenditure for the next year and has already been baked into its financial plans.
Read more of this story at Slashdot.
- OpenAI To Acquire Product Testing Startup Statsig, Appoints CTO of Applications
An anonymous reader quotes a report from Reuters: OpenAI said on Tuesday it will acquire Statsig in an all-stock deal valuing the product testing startup at about $1.1 billion based on OpenAI's current valuation of $300 billion. The ChatGPT maker will also appoint Statsig's chief executive officer, Vijaye Raji, as OpenAI's tech chief of applications, in a push to build on its artificial intelligence products amid strong competition from rivals. [...] In his role, Vijaye will head product engineering for ChatGPT and the company's coding agent, Codex, with responsibilities that span core systems and product lines including infrastructure, the company said. Statsig builds tools to help software developers test and flag new features. It raised $100 million in funding earlier this year. Once the acquisition is finalized, Statsig employees will work for OpenAI but will continue operating independently out of its Seattle office, OpenAI said. The move follows the acquisition of iPhone designer Jony Ive's startup, io Products, in a $6.5 billion deal to usher in "a new family of products" for the age of artificial general intelligence.
Read more of this story at Slashdot.
- Google Gets To Keep Chrome But Is Barred From Exclusive Search Deals, Judge Rules
A federal judge spared Google from the harshest penalties in its antitrust case. The search giant can keep Chrome and avoid breaking up Android, but it has been barred from exclusive contracts and ordered to limit data sharing with rivals. CNBC reports: U.S. District Judge Amit Mehta ruled against the most severe consequences that were proposed by the U.S. Department of Justice, including selling off its Chrome browser, which provides data that helps its advertising business deliver targeted ads. "Google will not be required to divest Chrome; nor will the court include a contingent divestiture of the Android operating system in the final judgment," the decision stated. "Plaintiffs overreached in seeking forced divesture of these key assets, which Google did not use to effect any illegal restraints." The company can make payments to preload products, but it cannot have exclusive contracts, the decision stated. The DOJ asked Google to stop the practice of "compelled syndication," which refers to the practice of making certain deals with companies to ensure its search engine remains the default choice in browsers and smartphones. [...] The judge ordered the parties to meet by September 10th for the final judgement. "Google will not be barred from making payments or offering other consideration to distribution partners for preloading or placement of Google Search, Chrome, or its GenAI products. Cutting off payments from Google almost certainly will impose substantial -- in some cases, crippling -- downstream harms to distribution partners, related markets, and consumers, which counsels against a broad payment ban." [...] Google said it will appeal the ruling, which would delay any potential penalties. Mehta ruled Tuesday that Google will have to make available certain search index data and user interaction data though "not ads data." The court narrowed the datasets Google will be required to share and said they must occur on "ordinary commercial terms that are consistent with Google's current syndication services."
Read more of this story at Slashdot.
- Hackers Threaten To Submit Artists' Data To AI Models If Art Site Doesn't Pay Up
An old school ransomware attack has a new twist: threatening to feed data to AI companies so it'll be added to LLM datasets. 404 Media reports: Artists&Clients is a website that connects independent artists with interested clients. Around August 30, a message appeared on Artists&Clients attributed to the ransomware group LunaLock. "We have breached the website Artists&Clients to steal and encrypt all its data," the message on the site said, according to screenshots taken before the site went down on Tuesday. "If you are a user of this website, you are urged to contact the owners and insist that they pay our ransom. If this ransom is not paid, we will release all data publicly on this Tor site, including source code and personal data of users. Additionally, we will submit all artwork to AI companies to be added to training datasets." LunaLock promised to delete the stolen data and allow users to decrypt their files if the site's owner paid a $50,000 ransom. "Payment is accepted in either Bitcoin or Monero," the notice put on the site by the hackers said. The ransom note included a countdown timer that gave the site's owners several days to cough up the cash. "If you do not pay, all files will be leaked, including personal user data. This may cause you to be subject to fines and penalties under the GDPR and other laws."
Read more of this story at Slashdot.
- New Study Proves EVs Are Always Cleaner Than Gas Cars
An anonymous reader shares a report: It's broadly understood that electric vehicles are more environmentally friendly than their counterparts that burn only gasoline. And yes -- that includes the impact of manufacturing batteries and generating power to charge them. But even then, such generalizations gloss over specifics, like which EVs are especially eco-friendly, not to mention where. The efficiency of an electric car varies greatly depending on ambient temperature, which is less compromising for gas-burning vehicles. We now have the data and math to answer these questions, courtesy of the University of Michigan. Last week, researchers there released a study along with a calculator that allows users to compare the lifetime difference in greenhouse gas emissions of various vehicle types and powertrains from "cradle to grave," as they say. That includes vehicle production and disposal, as well as use-phase emissions from "driving and upstream fuel production and/or electricity generation," per the university itself. What's more, these calculations can be skewed by where you live. So, if I punch in my location of Bucks County, Pennsylvania, I can see that my generic, pure-ICE "compact sedan" emits 309 grams of carbon dioxide equivalent (gCO2e) per mile. A compact hybrid would emit 20% less; a plug-in hybrid, 44% less; and an EV with a 200-mile range, a whopping 63% less. And, if I moved to Phoenix, the gains would be even larger by switching to pure electric, to the tune of a 79% reduced carbon impact.
Read more of this story at Slashdot.
- Summer 2025 is the Warmest on Record for the UK
UK weather agency Met Office, in a blog post: Provisional Met Office statistics confirm that summer 2025 is officially the warmest summer on record for the UK. Analysis by Met Office climate scientists has also shown that a summer as hot or hotter than 2025 is now 70 times more likely than it would be in a 'natural' climate with no human caused greenhouse gas emissions. The UK's mean temperature from 1 June to 31 August stands at 16.10C, which is 1.51C above the long-term meteorological average. This surpasses the previous record of 15.76C, set in 2018, and pushes the summer of 1976 out of the top five warmest summers in a series dating back to 1884.
Read more of this story at Slashdot.
- Laravel Inventor Tells Devs To Quit Writing 'Cathedrals of Complexity'
Taylor Otwell, inventor and maintainer of popular PHP framework Laravel, is warning against overly complex code and the risks of bypassing the framework. From a report: Developers are sometimes drawn to building "cathedrals of complexity that aren't so easy to change," he said, speaking in a podcast for maintainable.fm, a series produced by Ruby on Rails consultancy Planet Argon. Software, he said, should be "simple and disposable and easy to change." Some problems are genuinely complex, but in general, if a developer finds a "clever solution" which goes beyond the standard documented way in a framework such as Laravel or Ruby on Rails, "that would be like a smell." A code smell -- for the uninitiated in the The Reg readership -- is a term developers use for code that works but may cause problems at a later date. Otwell described himself as a "pretty average programmer" but reckons many others are the same, solving basic problems as quickly and efficiently as they can.
Read more of this story at Slashdot.
- Poor Amazon Rains Linked To Brazil Deforestation
For decades, the dry season in the Amazon rainforest has been getting drier. A new study, published on Tuesday, found that about 75% of the decrease in rainfall is directly linked to deforestation. From a report: The study, in Nature Communications, also found that tree loss was partly responsible for increased heat across the Amazon. Since 1985, the hottest days in the Amazon have warmed by about 2 degrees Celsius. About 16% of that increase, the researchers found, was because of deforestation. Marco Franco, an assistant professor at the University of Sao Paulo who led the study, said he was surprised by the findings. "We were expecting to see deforestation as a driver, but not this much," he said. "It tells us a lot about what's going on in the biome." The Amazon rainforest is often called the lungs of the planet because its trees help to regulate the global climate by absorbing planet-warming carbon dioxide. But decades of large-scale logging and burning in the forest have recently flipped that script, and parts of the region have become net producers of greenhouse gases.
Read more of this story at Slashdot.
- YouTube Is Pausing Premium Family Plans if You Aren't Watching From the Same Address
An anonymous reader shares a report: If you're sharing an ad-free YouTube Premium or YouTube Music account with friends or family who live outside of your home, you could lose your premium privileges. Customers who lose these can still watch YouTube or listen to music with ads -- but let's be real, it's not the same. Multiple reports have shown people who have the service have been receiving notices that their premium service will be paused for 15 days due to violating a policy that's been in place since 2023. On its support page, YouTube says that an account manager can add up to five family members in a household to their Premium membership. But, the post says, "Family members sharing a YouTube family plan must live in the same household as the family manager."
Read more of this story at Slashdot.
- 32GB of RAM On Track To Become the New Majority For Gamers
Steam's August 2025 hardware survey shows 32GB RAM configurations reached 35.42% of users while 16GB systems fell to 41.67%, continuing a six-month trend that positions 32GB to become the dominant memory configuration among PC gamers before year's end. Windows 11 crossed 60% adoption among Steam users. The RTX 4060 continues gaining market share despite newer RTX 5060 availability. Display resolutions at 2560x1600 pixels saw the largest growth, primarily from gaming laptops.
Read more of this story at Slashdot.
- GNOME Foundation boss exits after just four months
Board calls move a mutual decision but offers no details on what went wrong
The GNOME Foundation is once again hunting for a new boss after executive director Steven Deobald departed less than four months into the role, a move the board described as mutual.…
- India hails 'first' home-grown chip as a milestone despite very modest specs
It’s been to space. It likely won’t launch India as a semiconductor superpower
India’s government yesterday celebrated an “important milestone” in the development of its semiconductor industry, and therefore the nation’s ambition to become a global contender, but the celebrations seem premature because the chip that was the star of the show is nothing special.…
- Biden stopped ICE from buying Israeli spyware, but Trump admin allows it to proceed
Privacy advocates don't care if Paragon is based in the US now - they still don't want ICE armed with spyware
ICE may soon have a new weapon in its arsenal. The White House has reversed a Biden-era decision to suspend the Immigration and Customs Enforcement (ICE)'s purchase of software from commercial spyware maker Paragon Solutions.…
- Microsoft rewarded for security failures with another US government contract
Free Copilot for any agency who actually wants it
Microsoft, the latest tech firm to agree to big software discounts for the US government, is digging even deeper into its bargain bin than the competition by offering a year of free Copilot access to government agencies willing to put up with its other problem products. …
- Salesforce sacrifices 4,000 support jobs on the altar of AI
Benioff boasts bots now handle half of customer chats as doubts over reliability linger
Speaking ahead of Labor Day – celebrated in the US to recognize the nation's labor movement – Salesforce CEO and co-founder Marc Benioff said the company had slashed 4,000 customer support roles through the application of AI agents.…
- Stolen OAuth tokens expose Palo Alto customer data
Security firm's Salesforce instance accessed using credentials stolen from Salesloft's Drift platform breach
Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lifted from the Salesloft Drift break-in to gain entry to its Salesforce instance.…
- Apple iOS 26 set to dump 75M iPhones on the e-waste pile
XR, XS, and XS Max owners left with $268M worth of scrap
The pending release of Apple's iOS 26 could see around 75 million iPhones rendered obsolete, generating more than 1.2 million kilograms of e-waste globally, according to new research.…
- Microsoft readies Windows 11 25H2 while Windows 10 circles the drain
Preview build drops as end-of-support deadline looms for predecessor
Microsoft has made Windows 11 25H2 available to Windows Insiders in the Release Preview channel, as market share figures show the company's flagship operating system continues to enjoy a lead over its doomed predecessor, Windows 10.…
- Four more execs man the decks at leaky sales vessel Atos
'Leading provider of AI-powered digital transformation' plays buzzword bingo as 'seasoned leaders' climb on board
A publication less kind than The Reg might couch Atos's latest leadership intake as the recruitment of more expensive execs coming armed with buckets to bail water from a sinking vessel.…
- Goldman Sachs warns AI bubble could burst datacenter boom
Investment bank predicts capacity surge to 92 GW by 2027 but remains on high alert for market weakness
Datacenter capacity is forecast to surge 50 percent by 2027 driven by AI demand, with the sector's energy consumption doubling by 2030, according to the latest research from Goldman Sachs. But the financial services biz says it's watching for signs that AI adoption may fall short of current hype.…
- Huawei counts cost of Western bans as UK business withers
Brit limb books just £188M in revenue – down 85% since 2019
Huawei's business in Britain has dwindled in the half-decade since the UK acquiesced to demands from the US to ban the Chinese networking giant from local telco networks.…
- Frostbyte10 bugs put thousands of refrigerators at major grocery chains at risk
Major flaws uncovered in Copeland controllers: Patch now
Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions.…
- Reg readers have spoken: 93% back move away from Microsoft in UK public sector
As government says £9B could end up in Redmond, poll says it's time for new thinking
Register debate series Register readers are backing a shift away from Microsoft software as a default across the UK public sector after the government confirmed it expects to spend £9 billion with the software giant over five years.…
- Microsoft-backed boffins show mega speed boost with hollow-core fiber
Could dramatically reduce latency between datacenters and on mobile nets
A team of networking boffins has published fresh research on hollow fiber cables that it claims could offer the lowest ever recorded optical loss for a fiber – meaning the signal would weaken less as it travels, leading to faster speeds and lower latencies.…
- White House nixes NASA unions amid budget uncertainty
Executive order adds space agency to National Security Exclusions, voiding collective bargaining rights for staff
Happy Labor Day. The US administration has removed union recognition from NASA as budget cuts and layoffs loom.…
- Norway's £10B UK frigate deal could delay Royal Navy ships
BAE's sub hunter production line warms up – shame it's not for Britain
Norway has ordered British-made Type 26 frigates in a contract valued at roughly £10 billion to the UK economy, but this may delay the introduction of the Royal Navy's own desperately needed ships.…
- DDoS is the neglected cybercrime that's getting bigger. Let's kill it off
Don't worry, there's a twist at the end
Opinion Agatha Christie stuck a dagger in the notion that crime doesn't pay. With sales of between two and four billion books – fittingly, the exact number is a mystery – she built a career out of murder that out-bloodied Jack the Ripper. It's a fair bet that had she chosen to write about accountancy fraud instead, her sales would be between two and four billion fewer. Some crime is sexy. Some is not.…
- LegalPwn: Tricking LLMs by burying badness in lawyerly fine print
Trust and believe – AI models trained to see 'legal' doc as super legit
Researchers at security firm Pangea have discovered yet another way to trivially trick large language models (LLMs) into ignoring their guardrails. Stick your adversarial instructions somewhere in a legal document to give them an air of unearned legitimacy – a trick familiar to lawyers the world over.…
- WhatsApp warns of 'attack against specific targeted users'
PLUS: Microsoft ends no-MFA Azure access; WorkDay attack diverts payments; FreePBX warns of CVSS 10 flaw; and more
Infosec In brief A flaw in Meta's WhatsApp app “may have been exploited in a sophisticated attack against specific targeted users.”…
- Bring your own brain? Why local LLMs are taking off
Running AIs on your own machine lets you stick it to the man and save some cash in the process
Feature After a decade or two of the cloud, we're used to paying for our computing capability by the megabyte. As AI takes off, the whole cycle promises to repeat itself again, and while AI might seem relatively cheap now, it might not always be so.…
- Programmers: you have to watch your weight, too
We are drowning in code, but at least some folks are swimming
opinion To fight the enshittification of software, the first step is to pinpoint why and how it happens. Some observers are trying to do that.…
- Uncle Sam doesn't want Samsung, SK Hynix making memories in China
End of verified end user status means South Korean memory vendors will need licenses to bring restricted chipmaking tech into Chinese fabs
The US government already has a lot to say about what products chipmakers can and can't sell in China. This week the Commerce Department moved to make it harder for South Korean memory vendors Samsung and SK Hynix to continue manufacturing in the region.…
- xAI's Grok has no place in US federal government, say advocacy groups
Bias, a lack of safety reporting, and the whole 'MechaHitler' thing are all the evidence needed, say authors
Public advocacy groups are demanding the US government cease any use of xAI's Grok in the federal government, calling the AI unsafe, untested, and ideologically biased.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Class justice: Google gets away with a gentle pat on the wrist for its illegal monopoly abuse
A little over a year ago, DC District Court Judge Amit Mehta ruled that Google is a monopolist and violated US antitrust law. Today, Mehta ruled that while Google violated the law, there won�t be any punishment for the search giant. They don�t have to divest Chrome or Android, they can keep paying third parties to preload their services and products, and they can keep paying Apple €20 billion a year to be the default search engine on iOS. Mehta declined to grant some of the more ambitious proposals from the Justice Department to remedy Google’s behavior and restore competition to the market. Besides letting Google keep Chrome, he’ll also let the company continue to pay distribution partners for preloading or placement of its search or AI products. But he did order Google to share some valuable search information with rivals that could help jumpstart their ability to compete, and bar the search giant from making exclusive deals to distribute its search or AI assistant products in ways that might cut off distribution for rivals. ↫ Lauren Feiner at The Verge Mehta granted Google a massive win here, further underlining that as long as you�re wealthy, a corporation, or better yet, both, you are free to break the law and engage in criminal behaviour. The only thing you�ll get is some mild negative press and a gentle pat on the wrist, and you can be on your merry way to continue your illegal behaviour. None of it is surprising, except perhaps for the brazenness of the class justice on display here. The events during and course of this antitrust case mirrors those of the antitrust case involving Microsoft, over 25 years ago. Microsoft, too, had a long, documented, and proven history of illegal behaviour, but like Google today, also got away with a similar gentle pat on the wrist. It�s likely that the antitrust cases currently running against Apple and Amazon will end in similar gentle pats on the wrist, further solidifying that you can break the law all you want, as long as you�re rich. Thank god the real criminal scum is behind bars.
- A gentle introduction to CP/M
For an operating system that was once incredibly popular and expected to become a standard for a long time to come, it�s remarkable how little experience most people have with CP/M. In fact, many conventions and historical limitations you might be aware of � like the 8.3 filename convention of DOS � come straight from CP/M, as it influenced DOS considerably. It�s quite easy to emulate CP/M today, but it�s just old and different enough that getting into it might be a but confusing, but that�s where Eerie Linux�s introduction to CP/M comes into play. This article is just what the headline promises: an introduction to the CP/M operating system. No previous knowledge of 1970s and early ’80s operating systems is required. However, some familiarity with Linux or a BSD-style operating system is assumed, as the setup process suggested here involves using a package manager and command-line tools. But why explore CP/M in the 2020s? There are (at least) two good reasons: 1) historical education 2) gaining a better understanding of how computers actually work. ↫ Eerie Linux This article is a great way to get up and running with CP/M fairly quickly, and I intend to do just that when I find some time to mess around with it. What are some of the core, crucial applications that one should try on CP/M? Things people would be using back when CP/M was properly in use?
- You no longer need JavaScript
My goal with this article is to share my perspectives on the web, as well as introduce many aspects of modern HTML/CSS you may not be familiar with. I’m not trying to make you give up JavaScript, I’m just trying to show you everything that’s possible, leaving it up to you to pick what works best for whatever you’re working on. I think there’s a lot most web developers don’t know about CSS. And I think JS is often used where better alternatives exist. So, let me show you what’s out there. ↫ Lyra Rebane As someone who famously can�t program, the one thing I like about CSS is that I find it quite readable and generally easy to figure out how I can change things like colours, fonts, and so on. Of course, anything more complex will still break my brain, but even the more complex elements are still at least nominally readable, and it�s often quite easy to determine what a piece of CSS does, even if I don�t know how to manipulate it or how to get even close to any desired result. It�s like how the fact I learned Latin and French in high school makes it possible for me to nominally understand a text in Spanish, even if I have never spent a single second studying it. JavaScript, on the other hand, is just a black box, incomprehensible gibberish I can�t make heads or tails of, which in my mind goes against what the web is supposed to be about. The web is supposed to be an open platform in more ways than one, and the ability to make a website should not be hidden behind complex programming languages or website builder gatekeepers. The fact JavaScript is a resource hog and misused all over the place sure doesn�t help, either. If you want to know more about the current state of CSS, the linked article by Lyra Rebane is a great place to start. I wish I had the skills to finally give OSNews a full makeover, but alas, I don�t.
- We need to seriously think about what to do with C++ modules
Jussi Pakkanen, creator of the Meson build system, has some words about modules in C++. If C++ modules can not show a 5× compilation time speedup (preferably 10×) on multiple existing open source code base, modules should be killed and taken out of the standard. Without this speedup pouring any more resources into modules is just feeding the sunk cost fallacy. That seems like a harsh thing to say for such a massive undertaking that promises to make things so much better. It is not something that you can just belt out and then mic drop yourself out. So let�s examine the whole thing in unnecessarily deep detail. You might want to grab a cup of $beverage before continuing, this is going to take a while. ↫ Jussi Pakkanen I�m not a programmer so I�m leaving this for the smarter people among us to debate.
- Redox gets COSMIC Readers and tons of bugfixes
The months keep slipping through our fingers, during this, our slow but relentless march towards the inevitability of certain death, so it�s time for another month of improvements to Redox, the general-purpose microkernel operating system written in Rust. This past month the work to bring various components of system76�s COSMIC desktop environment to Redox continues, with COSMIC Reader making its way to Redox. Jeremy Soller, creator of the Redox project and one of its primary engineers, will be using COSMIC Reader running on Redox to hold a presentation about Redox at RustConf. Aside from that important port, this month � in the middle of Summer on in this hemisphere � seems to mostly consist of a ton of smaller bugfixes and improvements. Relibc, Redox� C standard library, has seen a ton of work, as usual, a few ports were fixed and updated, like vim and OpenSSH, Orbital now has fullscreen support, and so, so much more.
- Apparently, Windows antivirus marking Linux ISOs as malware is a common issue
DistroWatch�s Jesse Smith is bringing some attention to an issue I have never encountered and had never heard of, and it has to do with antivirus software on Windows. It seems it�s not uncommon for antivirus software on Windows to mark Linux ISOs as malware or otherwise dangerous, and it seems people are reporting these findings to DistroWatch, for some reason. DistroWatch makes it clear they don�t host any of the ISOs, and that close to all of these warnings from antivirus software are false positives. So why do multiple Windows virus scanners report that they find malware in Linux downloads? Putting aside the obvious conspiracy theories about anti-virus vendors not wanting to lose customers, what is probably happening is the scanners are detecting an archive file (the ISO) which contains executable code, and flagging it as suspicious. Some of the code is even able to change the disk layout, which is something that looks nasty from a security point of view. It�s entirely understandable that a malware scanner which sees an archive full of executable code that could change the way the system boots would flag it as dangerous. ↫ Jesse Smith at DistroWatch I wonder how many people curious about Linux downloaded an ISO, only to delete is after their Windows antivirus marked it as dangerous. I can�t imagine the number to be particularly high � if you�re downloading a Linux ISO, you�re probably knowledgeable enough to figure out it�s a false positive � but apparently it�s a big enough issue that DistroWatch needs to inform its readers about it, which is absolutely wild to me.
- IceWM 3.9.0 released
Another small release for the IceWM window manager � one of the staples of the open source world. IceWM 3.9.0 seems focused mostly on cursor-related changes, as it adds libXcursor as an alternative to XPM cursors. This means IceWM is no longer dependent on libXpm, and gains the benefits that come with Xcursor. There�s the usual few bugfixes and translation updates as well.
- The first computer Linux was ever installed on
I stumbled upon an LWN.net article from 2023, in which Lars Wirzenius, a long-time Debian developer and friend of Linus Torvalds, recalls the very early days of Linux � in fact, before it was even called Linux. There�s so many fun little stories in here, like how the Linux kernel started out as a multitasking demo written in x86 assembly, which did nothing more than write As and Bs on the screen, or the fact Linux was originally called Freax before Ari Lemmke, one of the administrators of ftp.funet.fi, opted for the name Linux! when uploading the first release. However, my favourite story is about what installing Linux was like during those early days. During this time, people were interested in trying out this new thing, so Linus needed to provide an installation method and instructions. Since he only had one PC, he came to visit to install it on mine. Since his computer had been used to develop Linux, which had simply grown on top of his Minix installation, it had never actually been installed before. Thus, mine was the first PC where Linux was ever installed. While this was happening, I was taking a nap, and I recommend this method of installing Linux: napping, while Linus does the hard work. ↫ Lars Wirzenius at LWN.net The entire article is a joy to read, and since it�s from 2023, I�m sure I�m late to the party and none of it is news to many of you. On a more topical note, Wirzenius published a short article today detailing why he still uses Debian, after all these decades.
- EDK2: UEFI for the ROCK 5 ITX+ ARM board
I am a huge fan of my`Rock 5 ITX+. It wraps an ATX power connector, a 4-pin Molex, PoE support, 32 GB of eMMC, front-panel USB 2.0, and two Gen 3×2 M.2 slots around a Rockchip 3588 SoC that can slot into any Mini-ITX case. Thing is, I never put it in a case because the microSD slot lives on the side of the board, and pulling the case out and removing the side panel to install a new OS got old with a quickness. I originally wanted to rackmount the critter, but adding a deracking difficulty multiplier to the microSD slot minigame seemed a bit souls-like for my taste. So what am I going to do? Grab a microSD extender and hang that out the back? Nay! I’m going to neuralyze the SPI flash and install some Kelvin Timeline firmware that will allow me to boot and install generic ARM Linux images from USB. ↫ Interfacing Linux Using EDK2 to add UEFI to an ARM board is awesome, as it solves some of the most annoying problems of these ARM boards: they require custom images specifically prepared for the board in question. After flashing EDK2 to this board, you can just boot any ARM Linux distribution � or Windows, NetBSD, and so on � from USB and install it from there. There�s still a ton of catches, but it�s a clear improvement. The funniest detail for sure, at least for this very specific board, is that the SPI flash is exposed as a block device, so you can just use, say the GNOME Disk Utility to flash any new firmware into it. The board in question is a Radxa ROCK 5 ITX+, and they�re not all that expensive, so I�m kind of tempted here. I�m not entirely sure what I�d need yet another computer for, honestly, but it�s not like that�s ever stopped any of us before.
- It turns out Nokia�s legendary font makes for a great general user interface font
If you�re of a certain age (and not American), there�s a specific corporate font you�re most likely aware of. You may not know its exact name, and you may not actively remember it, but once you see it, you know exactly what you�re looking at. The font�s called Nokia Sans (and Nokia Serif), and it was used by pretty much every single Nokia device between roughly 2002 and 2013 or so, when it was replaced by a very bland font made by Bruno Maag (with help from the person who designed Comic Sans) that they used after that. I can�t remember why, exactly, but I got majorly nostalgic for Nokia�s characteristic, recognisable font, and decided to see if it would work as a user interface font. Now, the font is still owned by Nokia and I couldn�t find a proper place to download it, but I eventually stumbled upon a site that had each individual variant listed for download. I downloaded each of them, installed them using KDE�s font installation method, and tried it out as my user interface font. You�ll quickly discover you shouldn�t use the regular variant, but should instead opt for the Nokia Sans Wide variant. Back in 2011, when Nokia originally announced it was replacing Nokia Sans, the creator of the font, Erik Spiekermann, responded to the announcement on his blog. Apparently, one of the major reasons for Nokia to change fonts was that they claimed Nokia Sans wouldn�t work as a user interface font, but Spiekermann obviously disagrees, pointing specifically to the Wide variant. In fact, Spiekermann does not pull any punches. After 10 years it was high time to look at Nokia’s typefaces as the dominant visual voice of the brand but whoever decided on a completely new direction was either not aware of what was available or was persuaded by Bruno Maag to start over. Bruno may not create the most memorable typefaces, but he certainly knows how to sell them. And technically, their fonts are excellent. Too bad they didn’t have the confidence to work with me on an update. Instead they’re throwing out ten years of brand recognition in favour of blandness. ↫ Erik Spiekermann I was pleasently surprised by just how nice the font looks when used as a general user interface font. It�s extremely legible at a variety of sizes, and has a ton of character without becoming gimmicky or overbearing. What originally started as mere curiosity has now become my UI font of choice on all my machines, finally displacing Inter after many years of uncontested service. Of course, all of this is deeply personal and 95% an issue of taste, but I wanted to write about it to see if I�m just entirely crazy, or if there�s some method to my madness. Do note that I�m using high DPI displays, and KDE on Wayland, and that all of this may look different on Windows or macOS, or on displays with lower DPI. One of Inter�s strengths is that it renders great on both high and lower DPI displays, but since I don�t have any lower DPI displays anymore, I can�t test it in such an environment. I�m also not entirely sure about the legal status of downloading fonts like this, but I am fairly sure you�re at least allowed to use non-free fonts for personal, non-commercial use, but please don�t quote me on that. Since downloading each variant of these Nokia fonts is annoying, I�d love to create and upload a zip file containing all of them, but I�m sure that�s illegal. I�m not a font connoisseur, so I may be committing a huge faux pas here? Not that I care, but reading about font nerds losing their minds over things I never even noticed is always highly entertaining.
- Blocky Planet: making Minecraft spherical
Blocky Planet is a tech demo I created in the`Unity game engine`that attempts to map Minecraft’s cubic voxels onto a spherical planet. The planet is procedurally generated and fully destructible, allowing players to place or remove more than 20 different block types. While much of the implementation relies on common techniques you’d expect from your average Kirkland brand Minecraft clone, the spherical structure introduces a number of unique design considerations. This post will focus on these more novel challenges. ↫ Bowerbyte What a great read. Turning a �flat earth� game like Minecraft into something taking place on a spherical world seems impossible at first, but it seems Bowerbyte managed to do it. If you�ve ever wondered what it would be like to play a Minecraft-like game on an actual sphere, this is it.
- Genode OS Framework 25.08 released
Genode 25.08 is ripe with deeply technical topics that have been cooking since the beginning of the year or even longer. In particular our new kernel scheduler as the flagship feature of this release has been in the works since February 2024. Section`Kernel scheduling for fairness and low latency`tells its background story and explains the approach taken. Another culmination of a long-term endeavor is the introduction of an alternative to XML syntax, specifically designed for the usage patterns of Genode and Sculpt OS. Section`Consideration of a lean alternative to XML`kicks off the practical evaluation of an idea that gradually evolved over more than two years. Also the holistic storage optimizations presented in Section`Block-storage stack renovations`are the result of careful long-term analysis, planning, and execution. ↫ Genode 25.08 release notes While these are the three tentpole features for this release, there�s a whole lot more here, as well. Genode�s Linux-based PC device drivers have all been updated to Linux 6.12, there are a ton of fixes related to USB, optional EFI boot support in VirtualBox 6, and tons more.
- The EU needs a corporate open source contribution tax! to fund open source maintainers
Open source, the thing that drives the world, the thing Harvard says has an economic value of 8.8 trillion dollars (also a big number). Most of it is one person. And I can promise you not one of those single person projects have the proper amount of resources they need. If you want to talk about possible risks to your supply chain, a single maintainer that’s grossly underpaid and overworked. That’s the risk. The country they are from is irrelevant. ↫ Josh Bressers If the massive corporations that exploit the open source world for massive personal profit don�t want to contribute back, perhaps it�s time we start making them. I envision an European Economic Area-wide open source contribution tax!, levied against any technology corporation operating within the European Economic Area, whether they actually make use of open source code or not, not entirely unlike how insurance works � you pay into it even if you don�t make any claims. Such tax could be based on revenue, number of users, or any combination thereof or other factors. The revenue from this open source contribution tax is put into an EEA-wide fund and redistributed to EEA-based open source maintainers in the form of a monetary subsidy. Such types of taxes and money redistribution frameworks already exist in virtually every country for a whole wide variety of purposes and in a wide variety of forms, both in non-commercial and commercial settings. While it may seem complicated at first, it really isn�t. The most difficult aspect is definitely figuring out who, exactly, would be eligible to receive the subsidy and how much, but that, too, is a question both governments and commercial entities answer every single day. No, it will never be perfect, and some people will receive a subsidy who shouldn�t, and some who should receive it will not, but if that�s a valid reason not to implement a tax like this, no tax or insurance should be implemented. The benefits are legion. Of course, there is the primary benefit of alleviating the thousands of open source maintainers who form the backbone of pretty much out entire digital infrastructure, which in and of itself should be reason enough. On top of that, it would also strengthen the open source world � on which, I wish to reiterate, our entire digital infrastructure is built � against the kind of infiltration we saw with XZ Utils. And to put another top on top of that, it would cement Europe, or the EEA more specifically, as the hub for open source development, innovation, and leadership, and would surely attract countless open source maintainers to relocate to Europe. In other words, it would serve the grander European ambition to become less dependent on the criminal behaviour US tech giants and the erratic behaviour of the US government. We can either wait indefinitely for those who exploit the free labour of open source maintainers to contribute, or we make them.
- In-application browsers: the worst erosion of user choice you haven�t heard of
A long, long time ago, Android treated browser tabs in a very unique way. Individual tabs were were seen as �applications�, and would appear interspersed with the recent applications list as if they were, indeed, applications. This used to be one of my favourite Android features, as it made websites feel very well integrated into the overall user experience, and gave them a sense of place within your workflows. Eventually, though, Google decided to remove this unique approach, as we can�t have nice things and everything must be bland, boring, and the same, and now finding a website you have open requires going to your browser and finding the correct tab. More approachable to most people, I�d wager, but a reduction in usability, for me. I still mourn this loss. Similarly, we�ve seen a huge increase in the use of in-application browsers, a feature designed to trap users inside applications, instead of letting them freely explore the web the moment they click on a link inside an application. Application developers don�t want you leaving their application, so almost all of them, by default, will now open a webview inside the application when you click on an outbound link. For advertising companies, like Google and Facebook, this has the additional benefit of circumventing any and all privacy protections you may have set up in your browser, since those won�t apply to the webview the application opens. This sucks. I hate in-application browsers with a passion. Decades of internet use have taught me that clicking on a link means I�m opening a website in my browser. That�s what I want, that�s what I expect, and that�s how it should be. In-application webviews entirely break this normal chain of events; not because it improves the user experience, but because it benefits the bottom line of others. It�s also a massive security risk. Worst of all, this switch grants these apps the ability to spy and manipulate third-party websites. Popular apps like Instagram, Facebook Messenger and Facebook have all been caught injecting JavaScript via their in-app browsers into third party websites. TikTok was running commands that were essentially a keylogger. While we have no proof that this data was used or exfiltrated from the device, the mere presence of JavaScript code collecting this data combined with no plausible explanation is extremely concerning. ↫ Open Web Advocacy Open Web Advocacy has submitted a detailed and expansive report to the European Commission detailing the various issues with these in-application browsers, and suggests a number of remedies to strengthen security, improve privacy, and preserve browser choice. I hope this gets picked up, because in-application browsers are just another way in which we�re losing control over our devices.
- Word to save new files on Microsoft�s servers by default
You already need custom scripts and third-party applications that make custom Windows ISOs to make installing Windows somewhat bearable � unless you enjoy spending hours manually disabling all the anti-user settings in Windows � and now there�s another setting to add to the massive, growing list of stuff you have to fix after setting up a new Windows installation. Microsoft has announced that Word will start saving every new file to OneDrive (or another provider if you�ve installed one) by default. We are modernizing the way files are created and stored in Word for Windows! Now you don’t have to worry about saving your documents: Anything new you create will be saved automatically to OneDrive or your preferred cloud destination. ↫ Raul Munoz on the Microsoft 365 Insider Blog There�s the usual spiel of how this is safer and supposedly more convenient, but I suspect the real reason Microsoft is doing this is listed right there at the end of the list of supposed benefits: this enables the use of Copilot�s AI! features right from the beginning. In other words, by automatically saving your new Word documents to OneDrive by default, you�re giving Microsoft access to whatever you write for AI! training purposes. The setting can be changed, but defaults matter and few people change them. It�s also possible to set another provider than OneDrive as your online storage, but again � defaults matter. In fact, I wouldn�t be surprised if few people will even realise their Word documents will be stored not on their local PC, but on Microsoft�s servers.
- Dick Pick�s unique database operating system
We usually at least recognize old computer hardware and software names. But Asianmoetry taught us a new one: Pick OS. This 1960s-era system was sort of a database and sort of an operating system for big iron used by the Army. The request was for an English-like query language, and TRW assigned two guys, Don Nelson and Dick Pick, to the job. The planned query language would allow for things like “list the title, author, and abstract of every transportation system reference with the principal city ‘Los Angeles’.” This was GIM or generalized information management, and, in a forward-looking choice, it ran in a virtual machine. ↫ Al Williams at Hackaday The linked article is a short summary of a YouTube video by the YouTube channel Asianometry, which goes into a lot more detail about Pick OS, where it came from, what it can do, who the people involved were, and where Pick OS eventually ended up. I had never heard of this system before, and it�s easy to see why � not only was it used almost exclusively in vertically integrated complete solutions, it was also whitelabeled, so it existed under countless different names. Regardless, it seems the people who actually had to use it were incredibly enthusiastic about it, and to this day you can read new comments from people fondly remembering how easy to use it was. It has always been proprietary, and still is to this day, apparently owned by a company called Rocket Software, who don�t seem to actually be doing anything with it.
- From Novice to Pro: Mastering Lightweight Linux for Your Kubernetes Projects
by George Whittaker Introduction: Why Lightweight Matters for Kubernetes Devs
When running Kubernetes clusters for development, the operating system’s footprint can make or break performance and agility. Heavy, general-purpose Linux distributions waste memory and CPU cycles on components you’ll never use, while lightweight, container-focused distros keep your nodes lean and optimized. For developers experimenting with k3s, MicroK8s, or full-blown Kubernetes clusters, lightweight Linux offers faster spin-ups, lower overhead, and environments that better simulate production-grade setups.
In this guide, we’ll take a look at the best lightweight Linux options for Kubernetes developers, compare their strengths, and walk through code examples for quick setup. Whether you’re spinning up a local test cluster or building a scalable dev lab, this breakdown will help you pick the right base OS and make the most of your Kubernetes workflow.
Key Considerations for Dev-Focused Kubernetes Nodes
Before diving into individual distros, it’s important to understand what really matters when pairing Linux with Kubernetes:
Minimal Resource Usage: A slim OS footprint leaves more CPU and RAM for pods and workloads.
Container Runtime Compatibility: Built-in or easy-to-install support for containerd, CRI-O, or Docker ensures smooth cluster bootstrapping.
Init System Support: Compatibility with systemd or OpenRC impacts how Kubernetes services are managed.
Immutable vs. Mutable: Immutable systems like Fedora CoreOS or Talos enhance reliability but restrict tinkering, while Alpine and Ubuntu Core offer more flexibility for on-the-fly customization.
Developer Friendliness: A distro should integrate seamlessly with kubectl, Helm, CI/CD agents, and debugging workflows.
Go to Full Article
- Containers in 2025: Docker vs. Podman for Modern Developers
by George Whittaker Introduction
Container technology has matured rapidly, but in 2025, two tools still dominate conversations in developer communities: Docker and Podman. Both tools are built on OCI (Open Container Initiative) standards, meaning they can build, run, and manage the same types of images. However, the way they handle processes, security, and orchestration differs dramatically. This article breaks down everything developers need to know, from architectural design to CLI compatibility, performance, and security, with a focus on the latest changes in both ecosystems.
Architecture: Daemon vs. DaemonlessDocker's Daemon-Based Model
Docker uses a persistent background service, dockerd, to manage container lifecycles. The CLI communicates with this daemon, which supervises container creation, networking, and resource allocation. While this centralized approach is convenient, it introduces a single point of failure: if the daemon crashes, every running container goes down with it.
Podman’s Daemonless Approach
Podman flips the script. Instead of a single daemon, every container runs as a child process of the CLI command that started it. This design eliminates the need for a root-level service, which is appealing for environments concerned about attack surfaces. Containers continue to run independently even if the CLI session ends, and they can be supervised with systemd for long-term stability.
Developer Workflow and CLIFamiliar Command Structure
Podman was designed as a near drop-in replacement for Docker. Commands like podman run, podman ps, and podman build mirror their Docker equivalents, reducing the learning curve. Developers can often alias docker to podman and keep using their existing scripts.
Run an NGINX container
Docker
docker run -d --name web -p 8080:80 nginx:latest
Podman
podman run -d --name web -p 8080:80 nginx:latestGUI Options
For desktop users, Docker Desktop remains polished and feature-rich. However, Podman Desktop has matured significantly. It now supports Windows and macOS with better integration, faster file sharing, and no licensing restrictions, making it appealing for enterprise environments.
Go to Full Article
- Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape
by George Whittaker
When Red Hat announced the abrupt end of traditional CentOS in late 2020, the Linux ecosystem was shaken to its core. Developers, sysadmins, and enterprises that relied on CentOS for years suddenly found themselves scrambling for answers. Out of that disruption, two projects, AlmaLinux and Rocky Linux, emerged to carry forward the legacy of CentOS while forging their own identities. This article dives into how these two distributions established themselves as reliable, enterprise-grade options for developers and organizations alike.
The Fall of CentOS: An Industry Shockwave
For over a decade, CentOS was the backbone of countless servers, from small web hosts to enterprise data centers. It provided a stable, free, and RHEL-compatible platform, perfect for developers and administrators building and maintaining critical infrastructure.
That stability came to an end when Red Hat pivoted CentOS to a rolling-release model, CentOS Stream. Instead of offering a downstream, binary-compatible version of RHEL, Stream became a preview of future RHEL updates. This move caused widespread frustration:
Organizations that built production environments around CentOS suddenly faced shortened support lifecycles.
Developers who depended on a “set-and-forget” environment now had to deal with the unpredictability of a rolling release.
Compliance-driven industries were left in limbo, as running on an unsupported OS could trigger security and regulatory risks.
This disruption created a vacuum, and the Linux community quickly stepped up to fill it.
The Birth of AlmaLinux and Rocky LinuxAlmaLinux: Community-Driven, Enterprise-Ready
Shortly after the CentOS announcement, CloudLinux, a company with deep experience in server environments, launched AlmaLinux. The first stable release landed in March 2021. True to its name, “alma” meaning “soul”, the project’s mission was clear: to embody the spirit of CentOS while maintaining community governance. The non-profit AlmaLinux OS Foundation now oversees the project, ensuring it remains free and open for everyone.
Rocky Linux: A Tribute and a Promise
At almost the same time, Gregory Kurtzer, one of the original CentOS founders, unveiled Rocky Linux, named in honor of CentOS co-founder Rocky McGaugh. From the beginning, Rocky positioned itself as a 1:1 binary-compatible rebuild of RHEL, mirroring CentOS’s original mission. Its governance structure, managed by the Rocky Enterprise Software Foundation (RESF), ensures that the project remains rooted in community oversight rather than corporate ownership.
Go to Full Article
- Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer
by George Whittaker A Shift in GNOME’s Core Applications
For over two decades, Eye of GNOME (often shortened to EOG) was the silent workhorse of the GNOME desktop environment. It wasn’t flashy, but it did exactly what most people expected: double-click a picture, and it opened instantly. Yet, with the arrival of GNOME 45 in late 2023, a new name appeared in the lineup of “core” apps: Loupe. From that moment forward, Loupe became the official default image viewer on GNOME desktops, displacing EOG.
This decision wasn’t made lightly. GNOME has been steadily refreshing its default applications in recent years, Gedit was replaced by GNOME Text Editor, and Cheese gave way to Snapshot. Loupe is the continuation of this modernization trend. Eye of GNOME is still available in repositories for those who want it, but the GNOME team has shifted its endorsement to Loupe as the better long-term solution.
What Loupe Brings to the Table
Loupe isn’t just a reskin of EOG. It was built from scratch with today’s hardware, design standards, and security expectations in mind. At first glance, the interface looks minimal, but there’s more happening beneath the hood than many realize.
Rust-Powered Foundation – Unlike Eye of GNOME’s decades-old C codebase, Loupe is written in Rust. This choice immediately grants it memory safety, helping avoid whole categories of crashes and vulnerabilities. For an app that regularly opens untrusted files, this is an important safeguard.
GPU-Accelerated Image Handling – Instead of pushing all rendering to the CPU, Loupe leverages the GPU. Panning across a large image or zooming into a 50-megapixel photo feels fluid, even on high-resolution displays.
Touch-Friendly Navigation – GNOME has been preparing for a future that includes more touch devices. Loupe fits right in, supporting pinch-to-zoom, two-finger swipes to move between images, and smooth transitions that feel natural on both touchscreens and trackpads.
Streamlined Metadata View – Instead of burying photo information behind a separate dialog, Loupe integrates an optional sidebar. With a click, you can see dimensions, file size, EXIF data, and even location details without leaving the main view.
Security Through Sandboxing – Image decoding is handled in isolated processes using a new backend called Glycin. If a corrupt or malicious image tries to crash the decoder, it won’t take the entire viewer down with it.
Go to Full Article
- Ptyxis: Ubuntu’s Leap Into GPU-Powered Terminals
by George Whittaker
For decades, the humble terminal has been one of the most unchanging parts of the Linux desktop. Text streams flow in monochrome grids, and while the underlying libraries have evolved, the experience has remained more or less the same. Ubuntu, however, is preparing to rewrite this narrative. The distribution is adopting Ptyxis, a fresh terminal emulator designed for modern computing, and one of its standout qualities is that it leans on the GPU for rendering rather than relying solely on the CPU.
This shift is more than cosmetic. It represents a rethink of how command-line tools should perform in an era of container-heavy development, high-DPI displays, and demanding workloads. Let’s unpack what makes Ptyxis a different breed of terminal, why Ubuntu is betting on it, and what it means for everyday users and power developers alike.
The Origin Story of Ptyxis
Ptyxis is not an accidental side project. It was initially prototyped under the name GNOME Prompt by Christian Hergert, a well-known GNOME contributor also behind GNOME Builder. Early experiments showed there was space for a terminal designed from scratch with today’s GNOME ecosystem and GPU pipelines in mind.
To avoid conflicts with existing software, the project was later rebranded as Ptyxis. The application has since matured rapidly, and major distributions such as Fedora and Ubuntu have committed to it. Ubuntu introduced it in experimental form in 24.10, and by the upcoming Ubuntu 25.10 “Questing Quokka”, it is expected to replace the aging GNOME Terminal as the default choice.
A New Kind of Terminal ExperienceGPU Acceleration as the Core
Traditional terminals typically rely on CPU-bound rendering stacks, often through libraries like Cairo and Pango. This works fine until you throw thousands of lines of log output or try to run full-screen text-based UIs that push rendering to its limits. Ptyxis sidesteps these bottlenecks by shifting the drawing work to the graphics processor, taking advantage of Vulkan or OpenGL backends supplied by GTK4.
The result is immediately noticeable: smooth scrolling, responsive updates, and consistent performance even with massive amounts of text on screen. It’s not just about speed, either, offloading rendering to the GPU reduces CPU strain, leaving headroom for the processes you’re actually running.
Go to Full Article
- KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing
by George Whittaker Why this release cycle feels different
For most of the last decade, talk about Wayland on KDE sounded like a promise: stronger security, modern graphics, fewer legacy foot‑guns, once the pieces land. With Plasma 6, those pieces finally clicked into place. Plasma 6.1 delivered two changes that go straight to how frames hit your screen, explicit synchronization and smarter buffering, while 6.2 followed with color‑management and HDR work that makes creators and gamers care. Together, they turn “Wayland someday” into a desktop you can log into today without caveats.
The frame pipeline finally behavesExplicit sync: the missing handshake
On X11/older Wayland setups, graphics drivers and compositors often assumed when work finished (“implicit sync”), which is fine until it isn’t, especially on NVIDIA, where that guesswork frequently produced flicker or glitches. Plasma 6.1’s Wayland session speaks the explicit sync protocol instead. Now the compositor and apps exchange fences that say “this frame is done,” reducing visual artifacts and making delivery predictable. If you run the proprietary NVIDIA driver, this is the change you’ve been waiting for: NVIDIA added explicit‑sync support in the 555 series, and XWayland 24.1 gained matching support so many games and legacy X11 apps benefit as well.
What you’ll notice: fewer one‑off hitches, less tearing in XWayland content, and a general sense that motion is “locked in” rather than tentative, particularly with the 555.58+ drivers.
Dynamic triple buffering: fewer “missed the train” stutters
Traditional double buffering is cruel: miss a vblank by a hair and your framerate can fall in half. KWin 6.1 added triple buffering that only kicks in when the compositor predicts a frame won’t make the next refresh, letting another frame be “in flight” without permanently increasing latency. One of KWin’s core developers outlined how it activates selectively, tries not to add avoidable lag, and works regardless of GPU vendor. It sounds simple; it feels like the end of random judder during heavy scenes.
VRR/Adaptive‑Sync polish
Variable refresh is no longer a roulette wheel. KDE’s devs chased down stutter/flicker under Adaptive‑Sync, and those fixes landed in the same timeframe as Plasma 6.1. If your monitor supports FreeSync/G‑Sync Compatible and the GPU stack is sane, frame pacing is noticeably calmer.
Go to Full Article
- GNOME 48 Reimagined: Smoother Settings, Glorious HDR, and Precision Scaling
by George Whittaker Introduction
With the arrival of GNOME 48, the desktop experience steps into a refreshing new era, blending clarity, visual richness, and adaptability. This release unfolds a more intuitive configuration interface, native HDR capability, and finer-grained display scaling. Whether you’re streaming, tweaking your workspace, or simply glancing over your notifications, GNOME 48 brings you improvements that feel both modern and meaningful, crafted to feel like they were made for real people doing real tasks.
A Refined Settings EnvironmentRevamped Configuration Hub
GNOME 48’s Settings app has shed its former rigidity and stepped into a role that feels inviting and efficient. Never again will you wade through scattered sections, options are now neatly grouped, and the design flow intuitively matches how your mind works. Menus anticipate your focus, search responds predictably, and the overall layout whispers, “you’re in control.”
Assistive Features Front and Center
Accessibility isn’t an afterthought anymore, it’s central. Icons are clearer, toggles are easier to reach, and each label reads like someone actually sat down to ask, “How can we make this tool-friendly for everyone?” GNOME 48 puts inclusivity on full display, ensuring that those who rely on adaptive tech never need to dig for solutions.
Tighter System Synergy
Gone are the days when Wi-Fi, sound levels, or power settings felt tucked away. These essentials now respond faster, with less visual fuss and more behind-the-scenes connection to smarter system logic. It’s the kind of integration where you flick a switch and everything else falls into harmony.
Elevating Visuals with HDRWhy HDR Lights Up the Desktop Experience
Forget washed-out colors or muddled shades, GNOME 48 steps up with HDR rendering, delivering brightness, depth, and contrast that bring your display to life. Darker shadows, gleaming highlights, sumptuous gradients, HDR transforms ordinary visuals into something cinematic. It’s not just eye candy; it's more faithful media, smoother workflows, and next-level artistic clarity.
What You’ll Need to Shine
This full-color upgrade doesn’t work across all drift of hardware, but it does mesh well with modern, HDR-capable monitors and compatible GPU drivers accelerating through Wayland. GNOME 48 ensures things just click when your stack supports it, activating the richer palette whenever your display and graphics card are game.
Go to Full Article
- Guardians of Privacy: How Security-Driven Linux Distributions Are Rising to Meet Growing Digital Fears
by George Whittaker
In the last decade, the digital landscape has shifted from a space of casual convenience to a battleground for personal information. From constant corporate profiling to sprawling government surveillance programs, the reality is clear, our devices have become treasure troves for those seeking to exploit or monitor us. As trust in mainstream platforms erodes, a surge of interest has emerged around operating systems that place security and privacy at their very core. At the forefront of this movement are a new breed of Linux distributions designed not just for power users and security experts, but for anyone who values control over their data.
The Age of Hyper-Exposure
Every click, swipe, and typed search leaves a footprint. This wasn’t always a mainstream concern, many users once traded data for convenience without a second thought. But a string of high-profile incidents changed the narrative: massive data breaches leaking millions of personal records, whistleblower revelations exposing global surveillance programs, and marketing giants quietly building extensive behavioral profiles of individuals.
For the average person, these events have shattered the illusion of online privacy. For professionals handling sensitive work, journalists, lawyers, healthcare providers, data exposure is more than a nuisance; it’s a potential threat to safety, reputation, and trust. The result? An accelerating search for technology that resists tracking, intercepts intrusions, and limits data leakage before it can begin.
Why Linux Has Become the Privacy Battleground
Linux, in its many forms, has always worn transparency as a badge of honor. Unlike proprietary systems where code is hidden from public scrutiny, Linux distributions are open-source, meaning anyone can inspect the source code, audit for vulnerabilities, or suggest improvements. This creates a self-reinforcing cycle of trust and accountability.
Beyond transparency, Linux allows deep configurability. Users can strip away unnecessary software, remove hidden telemetry, and harden their system against attacks. Updates arrive quickly, often patched within hours of a security flaw being reported, compared to the slower cycles of commercial operating systems. And most importantly, Linux is free from the corporate incentives that often drive aggressive data collection.
What Sets Security-Focused Distros Apart
While all Linux distributions benefit from open-source transparency, security-oriented distros go several steps further by building privacy and protection into their foundation:
Hardened System Kernels: Some distros use custom kernels with advanced security patches (like grsecurity) to close off potential attack vectors.
Go to Full Article
- When Flatpak’s Sandbox Cracks: Real‑Life Security Issues Beyond the Ideal
by George Whittaker Introduction
Flatpak promises a secure runtime for Linux applications through container-like isolation, relying on bubblewrap namespaces, syscall filtering, and portal interfaces. In theory, each app should operate inside a strong sandbox, disconnected from the host system. But in reality, experience shows gaps, tiny cracks through which apps may escape with serious consequences.
The Sandbox Promise… and the Reality
Flatpak applications begin life in a highly-restricted environment: no network by default, no access to host files beyond the runtime and a private data directory, limited syscalls, and restricted access to session or system services. Portals provide a controlled channel for granting specific capabilities (e.g. file dialogs, screenshot, printing) without broad privileges.
Yet, many Flatpak packages declare broad permissions like filesystem=home, filesystem=host, or device=all. That effectively grants full read-write access to the user's home directory or even system devices, defeating the purpose of the sandbox in practice. Users often assume that 'sandboxed' means locked-down, but blanket permissions expose them to risk.
Real-World Breakouts from the SandboxCVE‑2024‑32462: RequestBackground Portal Abuse
Security researcher Gergo Koteles uncovered a high-severity vulnerability where malicious Flatpak apps could craft a .desktop file via the org.freedesktop.portal.Background.RequestBackground interface. That tricked Flatpak’s --command= parsing into injecting bwrap arguments (e.g. --bind). This allowed arbitrary host commands to execute outside the sandbox boundary. Versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8 were affected. Patched in the listed versions and mitigated in xdg-desktop-portal 1.18.4 and newer.
CVE‑2024‑42472: Persistent Data Symlink Exploit
A Flatpak flag, --persist (or persistent= in manifest), allows apps writable storage within their data directory. But if a malicious install replaces that directory with a symlink pointing to sensitive host folders (e.g. ~/.ssh), the sandbox mount entry follows it into the real filesystem, giving the app unintended access to files outside its name-spaced area. All versions up to 1.14.8 and 1.15.x ≤ 1.15.9 are vulnerable; patched in 1.14.10 and 1.15.10+.
Policy Complexity and Ecosystem Slip-Ups
A detailed study of hundreds of Flatpak and Snap packages found that nearly 42% of Flatpak apps either override the supposed isolation or misconfigure sandboxing, resulting in overprivilege or potential escape paths. Crafting fine-grained sandbox policy is hard, and mistakes slip through easily.
Go to Full Article
- Veil of Vigilance: Tails 6.0’s New Frontiers in Surveillance Resistance
by George Whittaker Opening the Curtain on Tails 6.0
On February 27, 2024, the Tails Project unveiled version 6.0, a milestone release built atop Debian 12 “Bookworm” and GNOME 43 . Tails, short for The Amnesic Incognito Live System, is engineered from the ground up to prevent data leakage, protect against targeted surveillance, and ensure that every use leaves no trace unless explicitly permitted . Version 6.0 refines this mission with a bold suite of features tailored to block modern surveillance tactics.
USB Integrity: Stopping Sneaky Hardware ThreatsWarnings for Persistent Storage Failures
Live USBs are critical lifelines for persistence in Tails. Now, Tails 6.0 alerts users when underlying storage suffers read/write errors. This early detection, prior to catastrophic data loss, allows users to back up their encrypted areas before disaster strikes .
Defense Against Rogue USB Devices
One of the stealthiest attack vectors involves plugging in malicious USB gear while a device is unattended. Tails now ignores any USB device connected while the screen is locked. Only when the screen is unlocked can new USB devices be activated, closing the door on rubber‑duckying-style malware delivery .
Usability Upgrades That Don’t Sacrifice SecurityAutomatic Device Mounting with Safeguards
Plug in a flash drive or encrypted external disk while Tails is unlocked, and the system now instantly mounts the device and prompts for decryption (e.g. VeraCrypt volumes), smoothing workflow while preserving safeguards .
Ambient Display Options for Privacy-Conscious Use
GNOME 43 brings native support for dark mode, night‑light warm tones, or combinations thereof, all accessible via the system menu. These modes reduce eye strain and lower screen glare in sensitive situations, minimizing accidental disclosure in low-light settings .
Simplified Screenshots and Screencast Access
Through a redesigned system menu, users can now take screenshots or record screencasts with a few clicks—reducing reliance on external tools and minimizing exposure via unnecessary browser or app use .
Streamlined Gmail Setup in Thunderbird
Configuring a Gmail account is now smoother: Tails 6.0 allows direct sign‑in within Thunderbird using standard two-step verification, no manual IMAP or security adjustments required, eliminating error-prone manual steps .
Go to Full Article
|
