|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- Debian to require Rust as of May 2026
Julian Andres Klode has announced that theDebian APT package-management tool will acquire "hard Rustdependencies sometime after May 2026. "If you maintain a portwithout a working Rust toolchain, please ensure it has one within the next6 months, or sunset the port."
- [$] Mergiraf: syntax-aware merging for Git
The idea of automatic syntax-aware merging in version-control systems goes back to2005 or earlier, but initial implementations wereoften language-specific and slow.Mergiraf is a merge-conflict resolver that uses a generic algorithm plus asmall amount of language-specific knowledgeto solve conflicts that Git's default strategy cannot.The project's contributors have been working on thetool for just under a year, but it alreadysupports 33 languages, including C,Python, Rust, and evenSystemVerilog.
- Ubuntu introduces architecture variants
Michael Hudson-Doyle, a member of Ubuntu's Foundations team, has announcedthe introduction of an "architecture variant" for Ubuntu 25.10:
By making changes to dpkg, apt and Launchpad, we are able to buildmultiple versions of a package, each for a different level of thex86-64 architecture, meaning we can have packages that specificallytarget x86-64-v3, for example.
As a result, we're very excited to share that in Ubuntu 25.10, somepackages are available, on an opt-in basis, in their optimized formfor the more modern x86-64-v3 architecture level.
See the announcement for details on opting in to x86-64-v3packages.
- Security updates for Friday
Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, java-17-openjdk, libtiff, redis, and redis:6), Debian (chromium, mediawiki, pypy3, and squid), Fedora (openbao), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, chromium, chrony, expat, haproxy, himmelblau, ImageMagick, iputils, kernel, libssh, libxslt, openssl-3, podman, strongswan, xorg-x11-server, and xwayland), and Ubuntu (kernel, libxml2, libyaml-syck-perl, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-fips, linux-aws-fips, linux-gcp-fips, linux-kvm, and netty).
- Rust 1.91.0 released
Version1.91.0 of the Rust language has been released. Changes includepromoting aarch64-pc-windows-msvc to a tier-1 platform, a new lint ruleto catch dangling raw pointers from local variables, and a fair number ofnewly stabilized APIs.
- [$] The long path toward optimizing short reads
The kernel's file-I/O subsystems have been highly optimized over the yearsin the hope of providing the best performance for a wide variety ofworkloads. There is, however, one workload type that suffers with currentkernels: applications that perform many short reads, in multiple processes,from the same file. Kiryl Shutsemau has been working on a patch totry to optimize this case, but the task is turning out to be harder thanone might expect.
- Bazzite Fall update released
The Universal Blueproject has announcedthe Fall update for the Fedora-based Bazzite gaming distribution. Thisrelease brings Bazzite up to Fedora 43, includes support foradditional handheld gaming systems, as well as drivers for a number ofsteering wheel devices, and more.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (java-21-openjdk and libtiff), Debian (pdns-recursor and xorg-server), Fedora (bind, bind-dyndb-ldap, dtk6core, dtk6gui, dtk6log, dtk6widget, fcitx5-qt, fluidsynth, gammaray, kddockwidgets, LabPlot, mingw-qt6-qt3d, mingw-qt6-qt5compat, mingw-qt6-qtactiveqt, mingw-qt6-qtbase, mingw-qt6-qtcharts, mingw-qt6-qtdeclarative, mingw-qt6-qtimageformats, mingw-qt6-qtlocation, mingw-qt6-qtmultimedia, mingw-qt6-qtpositioning, mingw-qt6-qtscxml, mingw-qt6-qtsensors, mingw-qt6-qtserialport, mingw-qt6-qtshadertools, mingw-qt6-qtsvg, mingw-qt6-qttools, mingw-qt6-qttranslations, mingw-qt6-qtwebchannel, mingw-qt6-qtwebsockets, nheko, python-pyqt6, qt-creator, qt6, qt6-qt3d, qt6-qt5compat, qt6-qtbase, qt6-qtcharts, qt6-qtcoap, qt6-qtconnectivity, qt6-qtdatavis3d, qt6-qtdeclarative, qt6-qtgrpc, qt6-qthttpserver, qt6-qtimageformats, qt6-qtlanguageserver, qt6-qtlocation, qt6-qtlottie, qt6-qtmqtt, qt6-qtmultimedia, qt6-qtnetworkauth, qt6-qtopcua, qt6-qtpositioning, qt6-qtquick3d, qt6-qtquick3dphysics, qt6-qtquicktimeline, qt6-qtremoteobjects, qt6-qtscxml, qt6-qtsensors, qt6-qtserialbus, qt6-qtserialport, qt6-qtshadertools, qt6-qtspeech, qt6-qtsvg, qt6-qttools, qt6-qttranslations, qt6-qtvirtualkeyboard, qt6-qtwayland, qt6-qtwebchannel, qt6-qtwebengine, qt6-qtwebsockets, qt6-qtwebview, unbound, xorg-x11-server-Xwayland, and zeal), Oracle (kernel and libtiff), Red Hat (redis:6), Slackware (tigervnc and xorg), SUSE (java-21-openjdk, java-25-openjdk, strongswan, and xorg-x11-server), and Ubuntu (amd64-microcode, binutils, and xorg-server, xwayland).
- [$] LWN.net Weekly Edition for October 30, 2025
Inside this week's LWN.net Weekly Edition:
Front: Pixnapping attack; Fil-C; Debian ftpmasters; GoFundMe complaints; Safer user-space access. Briefs: Man pages 6.16; Btrfs on AlmaLinux; Fedora Linux 43; ICANN report; PSF grants; Rust Coreutils 0.3.0; Tor Browser 15.0; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- GNU/Linux man pages 6.16 released
Alejandro Colomar has announced the release of version 6.16 of the GNU/Linux man pages. This release includes new or rewritten man pages for fsconfig(), fsmount(), and fsopen(), as well as a number of newly documented interfaces in existing man pages. The release is also available as a PDF book.
- ICANN report: DNS runs on FOSS
ICANN's Security andStability Advisory Committee (SSAC) has announceda reporton "the critical role of Free and Open Source Software (FOSS)within the Domain Name System (DNS)". The report is aimed atpolicymakers and examines recent cybersecurity regulations in the US,UK, and EU as they apply to FOSS in the DNS system; it includesfindings and guidelines "to strengthen the FOSS ecosystem that iscritical to the secure and stable operation of the Internet". Fromthe report's summary:
This ecosystem depends on a global network of maintainers andcontributors who are often unpaid volunteers. While many are unpaidvolunteers, the DNS space is unique in also relying on a handful oflong-lived maintenance organizations. This creates a model based oncommunity collaboration rather than the commercial contracts thatdefine a traditional software supply chain, which introduces uniquerisks related to financial sustainability for the maintenanceorganizations and maintainer burnout for volunteers.
These unique characteristics mean that regulatory frameworksdesigned for proprietary software may not be well-suited for FOSS andtherefore could have severe unintended consequences to the stabilityof critical Internet infrastructure.
Thanks to SSAC member Maarten Aertsen for the tip.
- [$] Retrieving pixels from Android phones with Pixnapping
A new class of attacks on Android phones, called "Pixnapping", was announced onOctober 13. It allows a malicious app to gather output rendered in avictim app, pixel-by-pixel, by exploiting a GPU side-channel. Depending onwhat the victim app displays, anything from sensitive email and chats totwo-factor authentication (2FA) codes could be captured—and shipped off toan attacker's site.
- Tor Browser 15.0 released
Version 15.0of the TorBrowser has been released:
This is our first stable release based on Firefox ESR 140, incorporating a year's worth of changes that have been shippedupstream in Firefox. As part of this process, we've also completed ourannual ESR transition audit, where we reviewed and addressed around200 Bugzilla issues for changes in Firefox that may negatively affectthe privacy and security of Tor Browser users. Our final reports fromthis audit are now available in the tor-browser-specrepository on our GitLab instance.
This release inherits the vertical tabs feature, unified searchbutton, as well as other new features and usability improvements inFirefox that have passed the Tor Project's audit.
- [$] Debian splits ftpmaster team
Debian's ftpmasterteam has been responsible for allowing new packages to enter Debian,removing old packages, and otherwise maintaining Debian's packagearchive for more than two decades. As of October 26, the team isno more and its duties are being split between two new teams. The ArchiveOperations Team will focus on the infrastructure required tosupport the Debianarchives, and the DFSG, Licensing & NewPackages Team, which is responsible for reviewing packagesentering the newqueue. In time, this move could speed up processing of newpackages, as well as making the teams more sustainable, but only afternew members are recruited and trained. For now, the same folks aredoing the work but spread across two teams.
- Seven stable kernels for Wednesday
Greg Kroah-Hartman has announced the release of the 6.17.6, 6.12.56, 6.6.115, 6.1.158, 5.15.196, 5.10.246, and 5.4.301 stable kernels. As always, eachcontains important fixes throughout the tree. Users of these kernelsare advised to upgrade.
- Radxa Launches AICore DX-M1 Edge AI Accelerator with DeepX DX-M1 NPU
After unveiling the AICore AX-M1 earlier this year, Radxa has launched the new AICore DX-M1, a compact M.2 M Key AI acceleration module designed for energy-efficient inference at the edge. The module is built around the DeepX DX-M1 processor, delivering up to 25 TOPS of INT8 performance within a 3 to 5 W power envelope. […]
- HUSKYLENS 2 Expands Edge AI Vision with MCP Integration and YOLO Model Support
DFRobot has introduced HUSKYLENS 2, a compact AI vision sensor for real-time visual recognition. It integrates a 6 TOPS dual-core processor, a 2 MP camera, and a touchscreen interface, offering over twenty pre-trained models for object, face, and hand recognition, along with support for custom YOLO-based models. The HUSKYLENS 2 is powered by a Kendryte […]
- Steam On Linux Gaming Finally Cracks 3% For October 2025
Steam on Linux use has hit an all-time high! With the Steam Survey results for October 2025 coming out this evening, Steam on Linux has finally cracked the 3% threshold! A few months back Steam on Linux was close to 3% before stumbling a bit but now it's above that elusive threshold. The only time Steam on Linux use was close to the 3% mark was when Steam on Linux initially debuted a decade ago and at that time the overall Steam user-base was much smaller than it is today. Long story short, thanks to the ongoing success of Valve's Steam Deck and other handhelds plus Steam Play (Proton) working out so well, these October numbers are the best yet...
- How to install Joomla on Debian 13
In the tutorial, we will explain how to install Joomla on Debian 13 OS. Joomla is a free and open-source CMS (content management system) written in PHP used to build and manage websites and other online applications. Creating content with Joomla has never been easier with the latest versions, and it allows users to easily create and publish web content, blogs, e-commerce stores, forums, etc.
- How to Install Vaultwarden Password Manager on Ubuntu 24.04
Vaultwarden, a password manager application, is an unofficial Bitwarden server alternative written in Rust. Vaultwarden supports connections through the Bitwarden client and is relatively resource-light compared to the official Bitwarden service. Caddy itself is a modern, easy-to-use web server known for its automated HTTPS management capabilities using Let’s Encrypt.
- Ubuntu 25.10 amd64v3 Benchmarks: Some Minor & Rare Performance Advantages For Desktop Workloads
Yesterday Canonical announced architecture variants for Ubuntu Linux with Ubuntu 25.10 seeing the introduction of "amd64v3" packages that are built for the x86_64-v3 micro-architecture feature level to assume AVX/AVX2 and other newer CPU ISA features found since Intel Haswell and AMD Excavator processors. Eager to run some initial tests, here is a first look at the Ubuntu 25.10 amd64v3 performance for desktop workloads.
- Daylight Saving Time: Still Happening. Still Unpopular
Millions will set their clocks back an hour tonight for Daylight Saving Time — only to set them forward an hour six months later. But does anyone like doing this, asks Yahoo News:A recent AP-NORC poll found that about half of the American public, 47%, oppose the current daylight saving time system, compared to 40% who neither favor nor oppose the current practice, while 12% favor the current system, which involves most states switching their clocks twice a year. Of those polled, 56% would prefer to have daylight saving time year-round, meaning less light in the morning for a tradeoff of more light in the evening. While 42% of Americans said they would prefer to have standard time year-round, which means more light in the morning and less light in the evening. And 12% of Americans prefer switching between standard time and daylight saving time. Sleep doctors would prefer we switch to standard time permanently. "The U.S. should eliminate seasonal time changes in favor of a national, fixed, year-round time," the American Academy of Sleep Medicine said in a statement published in the Journal of Clinical Sleep Medicine last year. "Current evidence best supports the adoption of year-round standard time, which aligns best with human circadian biology and provides distinct benefits for public health and safety."
Read more of this story at Slashdot.
- Cloudflare Raves About Performance Gains After Rust Rewrite
"We've spent the last year rebuilding major components of our system," Cloudflare announced this week, "and we've just slashed the latency of traffic passing through our network for millions of our customers," (There's a 10ms cut in the median time to respond, plus a 25% performance boost as measured by CDN performance tests.) They replaced a 15-year-old system named FL (where they run security and performance features), and "At the same time, we've made our system more secure, and we've reduced the time it takes for us to build and release new products." And yes, Rust was involved:We write a lot of Rust, and we've gotten pretty good at it... We built FL2 in Rust, on Oxy [Cloudflare's Rust-based next generation proxy framework], and built a strict module framework to structure all the logic in FL2...Built in Rust, [Oxy] eliminates entire classes of bugs that plagued our Nginx/LuaJIT-based FL1, like memory safety issues and data races, while delivering C-level performance. At Cloudflare's scale, those guarantees aren't nice-to-haves, they're essential. Every microsecond saved per request translates into tangible improvements in user experience, and every crash or edge case avoided keeps the Internet running smoothly. Rust's strict compile-time guarantees also pair perfectly with FL2's modular architecture, where we enforce clear contracts between product modules and their inputs and outputs... It's a big enough distraction from shipping products to customers to rebuild product logic in Rust. Asking all our teams to maintain two versions of their product logic, and reimplement every change a second time until we finished our migration was too much. So, we implemented a layer in our old NGINX and OpenResty based FL which allowed the new modules to be run. Instead of maintaining a parallel implementation, teams could implement their logic in Rust, and replace their old Lua logic with that, without waiting for the full replacement of the old system. Over 100 engineers worked on FL2 — and there was extensive testing, plus a fallback-to-FL1 procedure. But "We started running customer traffic through FL2 early in 2025, and have been progressively increasing the amount of traffic served throughout the year...."As we described at the start of this post, FL2 is substantially faster than FL1. The biggest reason for this is simply that FL2 performs less work [thanks to filters controlling whether modules need to run]... Another huge reason for better performance is that FL2 is a single codebase, implemented in a performance focussed language. In comparison, FL1 was based on NGINX (which is written in C), combined with LuaJIT (Lua, and C interface layers), and also contained plenty of Rust modules. In FL1, we spent a lot of time and memory converting data from the representation needed by one language, to the representation needed by another. As a result, our internal measures show that FL2 uses less than half the CPU of FL1, and much less than half the memory. That's a huge bonus — we can spend the CPU on delivering more and more features for our customers! Using our own tools and independent benchmarks like CDNPerf, we measured the impact of FL2 as we rolled it out across the network. The results are clear: websites are responding 10 ms faster at the median, a 25% performance boost. FL2 is also more secure by design than FL1. No software system is perfect, but the Rust language brings us huge benefits over LuaJIT. Rust has strong compile-time memory checks and a type system that avoids large classes of errors. Combine that with our rigid module system, and we can make most changes with high confidence... We have long followed a policy that any unexplained crash of our systems needs to be investigated as a high priority. We won't be relaxing that policy, though the main cause of novel crashes in FL2 so far has been due to hardware failure. The massively reduced rates of such crashes will give us time to do a good job of such investigations. We're spending the rest of 2025 completing the migration from FL1 to FL2, and will turn off FL1 in early 2026. We're already seeing the benefits in terms of customer performance and speed of development, and we're looking forward to giving these to all our customers. After that, when everything is modular, in Rust and tested and scaled, we can really start to optimize...! Thanks to long-time Slashdot reader Beeftopia for sharing the article.
Read more of this story at Slashdot.
- Researchers Consider The Advantages of 'Swarm Robotics'
The Wall Street Journal looks at swarm robotics, where no single robot is in charge, robots interact only with nearby robots — and the swarm accomplishes complex tasks through simple interactions. "Researchers say this approach could excel where traditional robots fail, like situations where central control is impractical or impossible due to distance, scale or communication barriers."For instance, a swarm of drones might one day monitor vast areas to detect early-stage wildfires that current monitoring systems sometimes miss... A human operator might set parameters like where to search, but the drones would independently share information like which areas have been searched, adjust search patterns based on wind and other weather data from other drones in the swarm, and converge for more complete coverage of a particular area when one detects smoke.In another potential application, a swarm of robots could make deliveries across wide areas more efficient by alerting each other to changing traffic conditions or redistributing packages among themselves if one breaks down. Robot swarms could also manage agricultural operations in places without reliable internet service. And disaster-response teams see potential for swarms in hurricane and tsunami zones where communication infrastructure has been destroyed. At the microscopic scale, researchers are developing tiny robots that could work together to navigate the human body to deliver medication or clear blockages without surgery... In recent demonstrations, teams of tiny magnetic robots — each about the size of a grain of sand — cleared blockages in artificial blood vessels by forming chains to push through the obstructions. The robots navigate individually through blood vessels to reach a clog, guided by doctors or technicians using magnetic fields to steer them, says researcher J.J. Wie, a professor of organic and nano engineering at Hanyang University in South Korea. When they reach an obstruction, the robots coordinate with each other to team up and break through. Wie's group is developing versions of these robots that biodegrade after use, eliminating the need for surgical removal, and coatings that make the robots compatible with human tissue. And while robots the size of sand grains work for some applications, Wie says that they will need to be shrunk to nano scale to cross biological barriers, such as cell membranes, or bind to specific molecular targets, like surface proteins or receptors on cancer cells. Some researchers are even exploring emergent intelligence — "when simple machines, following only a few local cues, begin to organize and act as if they share a mind...beyond human-designed coordination." Thanks to long-time Slashdot reader fjo3 for sharing the article.
Read more of this story at Slashdot.
- Race for All-Solid-State EV Batteries Heats Up with New Samsung SDI/BMW/Solid Power Partnership
All-solid-state batteries (ASSBs) "are widely viewed as the 'holy grail' of EV battery tech," writes Electrek, "promising to double driving range, halve charging times, and reduce costs." Toyota hopes to launch its first production EV powered by the batteries in 2027 or 2028, and Mercedes-Benz and Volkswagen are also testing the technology. But now Samsung SDI is teaming up with BMW and US-based battery company Solid Power for their own effort at commercializing all-solid-state EV batteries "in what's expected to be a trilateral powerhouse."BMW and Solid Power have been working together to develop the next-gen battery tech since 2022...Under the new agreement signed this week, Samsung will supply all-solid-state battery cells. Samsung will use Solid Power's Sulfide-Based Solid Electrolyte solution, while BMW will develop the battery pack and modules. The strategic alliance aims to take the lead in commercializing all-solid-state batteries (ASSBs). Together, they've created a real-world system for producing ASSB cells, pooling their expertise in batteries, automaking, and materials to bring it closer to mass production. Solid Power's electrolyte solution is designed for stability and maximum conductivity. By teaming up with BMW and Samsung SDI, the company said it aims to bring all-solid-state batteries closer to widespread adoption. "By pooling resources, BMW, Samsung SDI, and Solid Power have a real shot..." argues Electrek.
Read more of this story at Slashdot.
- Could a Faint Glow in the Milky Way Be Dark Matter?
"A nearby galaxy once thought to be dominated by dark matter seems to have a surprise supermassive black hole at its centre," reports New Scientist. Yet scientists "are convinced dark matter is out there," writes Space.com. "The quest to detect it arguably remains both one of the most frustrating and most exhilarating challenges in modern physics." And now they report that the century-old mystery of dark matter — the invisible glue thought to hold galaxies together — "just got a modern clue."Scientists say they may be one step closer to confirming the existence of this elusive material, thanks to new simulations suggesting that a faint glow at the center of the Milky Way could be dark matter's long-sought signature. "It's very hard to actually prove, but it does seem likely," Moorits Muru of the Leibniz Institute for Astrophysics Potsdam in Germany, who led the new study, told Space.com... The findings, show that dark matter near the Milky Way's center might not form a perfect sphere as scientists long thought. Instead, it appears flattened, almost egg-shaped, and that shape closely mirrors the pattern of mysterious gamma rays observed by NASA's Fermi Gamma-ray Space Telescope... Using powerful supercomputers, [the researchers] recreated how the Milky Way formed, including billions of years of violent collisions and mergers with smaller galaxies. Those violent events, the researchers found, left deep "fingerprints" on the way dark matter is distributed in the galactic core.... matching the pattern of gamma-ray emission Fermi has observed, the new study reports... If the excess truly arises from dark matter collisions, it would mark the first indirect evidence that weakly interacting massive particles [WIMPs], a leading dark matter candidate, really exist... "We have run dozens of direct detection experiments around the globe hunting for WIMPS," notesPhys.org, in an article titled "The Empty Search for Dark Matter."We have run dozens of direct detection experiments around the globe hunting for WIMPS — dark matter particles in this particular mass range. And they're not all the same kind of experiments. There are also the scintillators, which use a giant vat of liquefied noble gas, like several tons of xenon. They wait for a dark matter particle to strike the xenon and cause it to scintillate, which is a fancy science word for "sparkle." We see the sparkle; we detect dark matter... They're just one example of a broader class of dark matter candidates, with delightful names like Q-balls, WIMPzillas, and sterile neutrinos. We've tuned our different experiments to capture different mass ranges or interaction strengths to cover as much of that wide dark matter spectrum as possible. We've even tried to manufacture various kinds of dark matter in our particle collider experiments. And we've found nothing.
Read more of this story at Slashdot.
- Employees Are the New Hackers: 1Password Warns AI Use Is Breaking Corporate Security
Slashdot reader BrianFagioli writes: Password manager 1Password's 2025 Annual Report: The Access-Trust Gap exposes how everyday employees are becoming accidental hackers in the AI era. The company's data shows that 73% of workers are encouraged to use AI tools, yet more than a third admit they do not always follow corporate policies. Many employees are feeding sensitive information into large language models or using unapproved AI apps to get work done, creating what 1Password calls "Shadow AI." At the same time, traditional defenses like single sign-on (SSO) and mobile device management (MDM) are failing to keep pace, leaving gaps in visibility and control. The report warns that corporate security is being undermined from within. More than half of employees have installed software without IT approval, two-thirds still use weak passwords, and 38% have accessed accounts at previous employers. Despite rising enthusiasm for passkeys and passwordless authentication, 1Password says most organizations still depend on outdated systems that were never built for cloud-native, AI-driven work. The result is a growing "Access-Trust Gap" that could allow AI chaos and employee shortcuts to dismantle enterprise security from the inside.
Read more of this story at Slashdot.
- NASA Seeks Backup Plan for Carrying Astronauts to the Moon
An anonymous reader shared this report from CNN:[C]iting delays in Starship's development and competitive pressure from China, NASA asked SpaceX and Blue Origin — which holds a separate lunar lander contract with the space agency — to submit plans to expedite development of their respective spacecraft by October 29. Both companies have responded. But the space agency is also asking the broader commercial space industry to detail how they might get the job done more quickly, hinting that NASA leadership is prepared to sideline its current partners. CNN spoke with half a dozen companies about how they plan to respond to NASA's call to action, which the agency will formally issue once the government shutdown ends, according to a source familiar with the matter. One possibility is Lockheed Martin...Notably, as a legacy NASA contractor, the company built the $20.4 billion Orion spacecraft that astronauts will ride when they take off from Earth... Now, Lockheed says it can piece together a two-stage lunar lander that uses spare parts harvested from Orion. The company would make use of Space Shuttle-era OMS-E engines — which are also used on Orion — to serve as the propulsion for an "ascent stage" of the lunar lander, providing the thrust for the vehicle to lift off the moon after a mission is completed. But the vehicle also needs a descent stage to get down to the lunar surface in the first place... Other commercial space companies contacted by CNN — including Firefly Aerospace and Northrop Grumman — said simply that they were "ready to support" NASA in its endeavor to find a faster way to complete the Artemis III mission. They did not confirm whether they would formally respond to the space agency's anticipated request for companies to submit proposals. The more important goal, argue some experts, is to pave the way for a permanent lunar base where astronauts can live and work...[P]erhaps the true winner will be the country that is able to build lasting infrastructure, experts say."It makes great press fodder to frame this as competition," said one space policy source, who was among several that spoke to CNN on the condition of anonymity to discuss controversial issues. "But this is about the long game and the sustainability."
Read more of this story at Slashdot.
- Scientists Say 'Dueling Dinosaurs' Fossil Confirms a Smaller Tyrannosaur Species, Not a Teenaged T. Rex
An anonymous reader shared this report from NPR:It's known as the "Dueling Dinosaurs" fossil: A triceratops and a tyrannosaur, skeletons entangled, locked in apparent combat right up until the moment of their mutual demise... That discovery in 2006 now appears to have overturned decades of dinosaur dogma about Tyrannosaurus rex, the fearsome giant long thought to be the sole top predator stalking the late Cretaceous. In a paper in the journal Nature, paleontologists Lindsay Zanno and James Napoli conclude that some of the bones from that specimen belong not to a teenage T. rex, but to a fully grown individual of a different tyrannosaur species — Nanotyrannus lancensis.... One of the first of those red flags in the new specimen was the arm bones. They looked completely different than T. rex's puny appendages... "These are powerful arms with large claws, large hands. They were using them for prey capture." Contrast that with T. rex, "an animal that's a mouth on legs." There were additional clues. The animal had fewer tail vertebrae and more teeth than T. rex. Zanno and Napoli considered other lines of evidence. They created 3D models of numerous purported T. rexes against which they compared their specimen. They looked at the growth stages of the cranial nerves and sinuses of close living relatives of dinosaurs, features that were visible in the fossilized skeleton. "But maybe the most important and damning thing that we did was we were able to figure out that our animal is not a juvenile at all," she says. This conclusion was based on slicing through the fossil's limb bones to examine the growth rings. That work demonstrated that this animal was mature and done growing when it died around the age of 20. "That means it's half the size and a tenth of the mass of a full grown Tyrannosaurus rex," says Zanno... In addition, while making models of all those other alleged T. rex skeletons, Zanno says they identified another new species of tyrannosaur, one they're calling Nanotyrannus lethaeus... "It tells us that these end-Cretaceous ecosystems right before the asteroid hit were flourishing," says Zanno. "They had an abundance of different predators. And refutes this idea that dinosaurs were in decline before the asteroid struck."
Read more of this story at Slashdot.
- Ubuntu Will Use Rust For Dozens of Core Linux Utilities
Ubuntu "is adopting the memory-safe Rust language," reports ZDNet, citing remarks at this year's Ubuntu Summit from Jon Seager, Canonical's VP of engineering for Ubuntu:. Seager said the engineering team is focused on replacing key system components with Rust-based alternatives to enhance safety and resilience, starting with Ubuntu 25.10. He stressed that resilience and memory safety, not just performance, are the principal drivers: "It's the enhanced resilience and safety that is more easily achieved with Rust ports that are most attractive to me". This move is echoed in Ubuntu's adoption of sudo-rs, the Rust implementation of sudo, with fallback and opt-out mechanisms for users who want to use the old-school sudo command. In addition to sudo-rs, Ubuntu 26.04 will use the Rust-based uutils/coreutils for Linux's default core utilities. This setup includes ls, cp, mv, and dozens of other basic Unix command-line tools. This Rust reimplementation aims for functional parity with GNU coreutils, with improved safety and maintainability. On the desktop front, Ubuntu 26.04 will also bring seamless TPM-backed full disk encryption. If this approach reminds you of Windows BitLocker or MacOS FileVault, it should. That's the idea. In other news, Canonical CEO Mark Shuttleworth said "I'm a believer in the potential of Linux to deliver a desktop that could have wider and universal appeal." (Although he also thinks "the open-source community needs to understand that building desktops for people who aren't engineers is different. We need to understand that the 'simple and just works' is also really important.") Shuttleworth answered questions from Slashdot's readers in 2005 and 2012.
Read more of this story at Slashdot.
- Did a Weather Balloon, Not a Mysterious Space Object, Strike That United Airlines Flight?
Slashdot reader joshuark shares this report from SFGate:The mystery object that struck a plane at 36,000 feet is likely not space debris, as some speculated, but rather a Silicon Valley test project gone wrong... WindBorne Systems, a Palo Alto startup that uses atmospheric balloons to collect weather data for AI-based forecast models,has come forward to say that they believe they may be responsible for the object that hit the windshield... "At 6am PT, we sent our preliminary investigation to both NTSB and FAA, and are working with both of them to investigate further," [WindBorne's CEO John Dean posted on social media...] WindBorne said the company has launched more than 4,000 balloons and that it coordinates with the Federal Aviation Administration for every launch. WindBorne "has conducted more than 4,000 launches," the company said in a statement, noting that they've always coordinated those launched with America's Federal Aviation Administration and filed aviation alerts for every launched balloon. Plus "The system is designed to be safe in the event of a midair collision... Our balloon is 2.4 pounds at launch and gets lighter throughout flight."We are working closely with the FAA on this matter. We immediately rolled out changes to minimize time spent between 30,000 and 40,000 feet. These changes are already live with immediate effect. Additionally, we are further accelerating our plans to use live flight data to autonomously avoid planes, even if the planes are at a non-standard altitude. We are also actively working on new hardware designs to further reduce impact force magnitude and concentration.
Read more of this story at Slashdot.
- Security Holes Found in OpenAI's ChatGPT Atlas Browser (and Perplexity's Comet)
The address bar/ChatGPT input window in OpenAI's browser ChatGPT Atlas "could be targeted for prompt injection using malicious instructions disguised as links," reports SC World, citing a report from AI/agent security platform NeuralTrust:NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following "https:" prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser's address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default. An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a "copy link" button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user's integrated applications or logged-in sites like Google Drive, NeuralTrust said. Last month browser security platform LayerX also described how malicious prompts could be hidden in URLs (as a parameter) for Perplexity's browser Comet. And last week SquareX Labs demonstrated that a malicious browser extension could spoof Comet's AI sidebar feature and have since replicated the proof-of-concept (PoC) attack on Atlas. But another new vulnerability in ChatGPT Atlas "could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code," reports The Hacker News, citing a report from browser security platform LayerX:"This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT's persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user's account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes.... "What makes this exploit uniquely dangerous is that it targets the AI's persistent memory, not just the browser session," Michelle Levy, head of security research at LayerX Security, said. "By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT's memory was tainted, subsequent 'normal' prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards...." LayerX said the problem is exacerbated by ChatGPT Atlas' lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity's Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages. From The Conversation:Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn't malicious code — it's a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation. Thanks to Slashdot reader spatwei for suggesting the topic.
Read more of this story at Slashdot.
- MIT Physicists Find a Way To See Inside Atoms That May Aid Search For Antimatter
"Traditionally, exploring the interior of atomic nuclei requires enormous particle accelerators that stretch for kilometers and propel beams of electrons at extremely high speeds," writes SciTechDaily. But MIT physicists have unveiled a groundbreaking alternative that "used the atom's own electrons as probes to momentarily enter the nucleus..."In research published in Science, a team of MIT physicists achieved exceptionally precise measurements of the energy of electrons orbiting a radium atom that had been chemically bonded with a fluoride atom to form radium monofluoride. By studying these molecules, the researchers created a kind of miniature particle collider. Within this environment, the electrons surrounding the radium atom were confined closely enough to occasionally slip into the nucleus before returning to their usual orbits... When those electrons returned to their outer paths, they retained the altered energy, effectively carrying a "message" from within the nucleus that could be decoded to reveal its internal arrangement... [The researchers] trapped and cooled the molecules and sent them through a system of vacuum chambers, into which they also sent lasers, which interacted with the molecules. In this way, the researchers were able to precisely measure the energies of electrons inside each molecule. When the researchers analyzed their measurements, they noticed that the electrons carried slightly different energies than expected if they had remained outside the nucleus. The difference was incredibly small, only about one millionth of the energy of the laser photon used to excite the molecules, but it was clear evidence that the electrons had entered the radium nucleus and interacted with its protons and neutrons... The researchers plan to use this new technique to create a detailed map of how forces are distributed inside the nucleus... to chart the nucleus with greater precision and search for possible violations of fundamental symmetries in nature. "It is thought that additional sources of fundamental symmetry violation are required to explain the almost complete absence of antimatter in our universe," the article points out. "Such violations could be seen within the nuclei of certain atoms such as radium... "Unlike most atomic nuclei, which are spherical in shape, the radium atom's nucleus has a more asymmetrical configuration, similar to a pear. Scientists predict that this pear shape could significantly enhance their ability to sense the violation of fundamental symmetries, to the extent that they may be potentially observable."
Read more of this story at Slashdot.
- Samsung Building Facility With 50,000 Nvidia GPUs To Automate Chip Manufacturing
An anonymous reader quotes a report from CNBC: Korean semiconductor giant Samsung said Thursday that it plans to buy and deploy a cluster of 50,000 Nvidia graphics processing units to improve its chip manufacturing for mobile devices and robots. The 50,000 Nvidia GPUs will be used to create a facility Samsung is calling an "AI Megafactory." Samsung didn't provide details about when the facility would be built. It's the latest splashy partnership for Nvidia, whose chips remain essential for building and deploying advanced artificial intelligence. [...] On Thursday, Nvidia representatives said they will work with Samsung to adapt the Korean company's chipmaking lithography platform to work with Nvidia's GPUs. That process will results in 20 times better performance for Samsung, the Nvidia representatives said. Samsung will also use Nvidia's simulation software called Omniverse. Known for its mobile phones, Samsung also said it would use the Nvidia chips to run its own AI models for its devices. In addition to being a partner and customer, Samsung is also a key supplier for Nvidia. Samsung makes the kind of high-performance memory Nvidia uses in large quantities, alongside its AI chips, called high bandwidth memory. Samsung said it will work with Nvidia to tweak its HBM4 memory for use in AI chips.
Read more of this story at Slashdot.
- Falling Panel Prices Lead To Global Solar Boom, Except For the US
Longtime Slashdot reader AmiMoJo shares a report from the Financial Times: Solar power developers want to cover an area larger than Washington, DC, with silicon panels and batteries, converting sunlight into electricity that will power air conditioners in sweltering Las Vegas along with millions of other homes and businesses. But earlier this month, bureaucrats in charge of federal lands scrapped collective approval for the Esmeralda 7 projects, in what campaigners fear is part of an attack on renewable energy under President Donald Trump. "We will not approve wind or farmer destroying [sic] Solar," he posted on his Truth Social platform in August. Developers will need to reapply individually, slowing progress. Thousands of miles away on the other side of the Pacific Ocean, it is a different story. China has laid solar panels across an area the size of Chicago high up on the Tibetan Plateau, where the thin air helps more sunlight get through. The Talatan Solar Park is part of China's push to double its solar and wind generation capacity over the coming decade. "Green and low-carbon transition is the trend of our time," President Xi Jinping told delegates at a UN summit in New York last month. China's vast production of solar panels and batteries has also pushed down the prices of renewables hardware for everyone else, meaning it has "become very difficult to make any other choice in some places," according to Heymi Bahar, senior analyst at the International Energy Agency. [...] More broadly, the US's focus on fossil fuels and pullback of support for clean energy further cedes influence over the future global energy system to China. The US is trying to tie its trading partners into fossil fuels, pressing the EU to buy $750 billion of American oil, natural gas, and nuclear technologies during his presidency as part of a trade deal, scuppering an initiative to begin decarbonizing world shipping and pressuring others to reduce their reliance on Chinese technology. But the collapsing cost of solar panels in particular has spoken for itself in many parts of the world. Experts caution that the US's attacks on renewables could cause lasting damage to its competitiveness against China, even if an administration more favorable to renewables were to follow Trump's.
Read more of this story at Slashdot.
- SpaceX Set To Win $2 Billion Pentagon Satellite Deal
According to the Wall Street Journal, SpaceX is reportedly poised to secure a $2 billion Pentagon contract to develop hundreds of missile-tracking satellites for President Trump's ambitious Golden Dome defense system. The Independent reports: The planned "air moving target indicator" system in question could ultimately feature as many as 600 satellites once it is fully operational, The Wall Street Journal reports. Musk's company has also been linked to two more satellite ventures, which are concerned with relaying sensitive communications and tracing vehicles, respectively. Golden Dome, inspired by Israel's "Iron Dome," was announced by Trump and Secretary of War Pete Hegseth at the White House in May and will amount to a complex system of satellites and weaponry capable of destroying incoming missiles before they hit American targets. The president promised it would be "fully operational" before he leaves office in January 2029, capable of intercepting rockets, "even if they are launched from space," with an overall price tag of $175 billion.
Read more of this story at Slashdot.
- Robotic lawnmower uses AI to dodge cats, toys
The Sunseeker Elite X5 can mow on its own, but it doesn't come cheap
The tentacles of AI seem to be reaching everywhere, even to the humble lawnmower. We tested the Sunseeker Elite X5, a robotic mower that uses machine learning to steer around your lawn, to see what happens when artificial intelligence meets whirling blades of doom.…
- Ransomware gang runs ads for Microsoft Teams to pwn victims
You click and think you're getting a download page, but get malware instead
Imagine searching for Microsoft Teams, seeing a text link at the top of the results, visiting it, and then getting hit with malware. The Rhysida ransomware gang, an especially insidious criminal organization that has stolen millions of people's info, has been placing fake ads for Microsoft Teams in search engines and then infecting victims who make the mistake of clicking them.…
- YouTube's AI moderator pulls Windows 11 workaround videos, calls them dangerous
Creators baffled as videos on local accounts, unsupported PCs vanish under ‘harmful acts’ rule
Is installing Windows 11 with a local account or on unsupported hardware harmful or dangerous? YouTube's AI moderation system seems to think so, as it has started pulling videos that show users how to sidestep Microsoft's setup restrictions.…
- A word about comments and forums...
Our house, our rules
One of the biggest surprises of my tenure at El Reg so far is the activity in our forums and article comments. Reg readers are engaged, opinionated, and unafraid to express themselves. I love this. Thank you for reading, and for commenting.…
- Developer puts Windows 7 on a crash diet, drops it to down to 69 MB
Trim down for obsolete operating system leaves it booting, but not much else
Stripping Windows to the bare essentials is a favorite hobby among enthusiasts, especially as Microsoft continues loading its OS with unwanted bloat. The latest achievement is Windows 7 being reduced to 69 MB.…
- Attackers dig up $11M in Garden Finance crypto exploit
Bitcoin bridge biz offers 10 percent reward to attackers if they play nice
Blockchain company Garden admits it was compromised and temporarily shut down its app after approximately $11 million worth of assets were stolen.…
- Meta to sell $30B in bonds to build AI datacenters
Zuckcorp will gladly pay you in 2065 for the eyewatering sums it is borrowing today
Even the world's richest companies need outside help to fulfill their datacenter dreams. Now, Meta is selling $30 billion in bonds to build out its infrastructure estate and support its ambition in AI markets. Some of these won't mature for 40 years.…
- SpaceX shows off progress on its lunar Starship
NASA is short of options when it comes to alternatives
SpaceX has published an update on its lunar Starship progress, and it still has a long way to go before the impressive-looking renders are translated into reality.…
- The clock's ticking for MySQL 8.0 as end of life looms
Percona says more than half of installs remain on version set to lose support in 2026
Users have six months to migrate from MySQL 8.0 if they are to stay on a supported version of the open source database, or face security and reliability risks.…
- Linux vendors are getting into Ubuntu – and Snap
Ubuntu's much-maligned format may be finally reaching critical mass
Ubuntu Summit More than one Linux-adjacent vendor presented at the Ubuntu Summit, and a small but recurring theme is offering official Snap packages.…
- VodafoneThree to offshore UK network jobs to India
TUPE or not TUPE? Not for roles being sent overseas amid a push to meet post-merger rollout targets
Exclusive VodafoneThree has told some staff their roles may be offshored to India under new contracts with Ericsson and Nokia – and that employment protections won't apply.…
- NHS left with sick PCs as suppliers resist Windows 11 treatment
Hospitals told to upgrade, but some medical device makers haven't prescribed compatibility yet
NHS hospitals are being blocked from fully upgrading to Windows 11 by a small number of suppliers that have yet to make their medical devices compatible with Microsoft's latest operating system.…
- Actor couldn’t understand why computer didn’t work when the curtain came down
When tech support collides with Halloween, the results are scary
On Call Happy Halloween, dear reader! The Register wishes you a wonderfully scary day. To kick things off, we’ve twisted On Call, our weekly reader-contributed column about keeping computers alive despite the best efforts of zombie coworkers and demonic bosses, to bring tales of times tech support turned spooky.…
- Europe preps Digital Euro to enter circulation in 2029
Because fewer people like banknotes, and payment sovereignty is a problem
The Governing Council of the European Central Bank (ECB) has decided the bloc needs a digital version of the Euro, and ordered work that could see it enter circulation in 2029.…
- Hacking LED Halloween masks is frighteningly easy
No costume idea? We've got you covered
Hacking makes the holidays so much more enjoyable, and nothing says trick or treat quite like pwning LED Halloween masks belonging to every neighborhood kid during candy-collection hours.…
- Claude code will send your data to crims ... if they ask it nicely
Company tells users concerned about exfiltration to 'stop it if you see it'
A researcher has found a way to trick Claude into uploading private data to an attacker's account using indirect prompt injection. Anthropic says it has already documented the risk, and its foolproof solution is: keep an eye on your screen.…
- Proton trains new service to expose corporate infosec cover-ups
Service will tell on compromised organizations, even if they didn't plan on doing so themselves
Some orgs would rather you not know when they've suffered a cyberattack, but a new platform from privacy-focused tech firm Proton will shine a light on the big breaches that might otherwise stay buried.…
- Trump and Xi ease trade tensions, but Nvidia still can't sell Blackwell in China
US President did discuss chip exports with his counterpart, but made no breakthroughs
Talks between US President Trump and Chinese leader Xi Jinping in South Korea yielded a modest thaw, with the two agreeing to trim tariffs and pause new rare-earth export curbs. But whether Nvidia can sell its latest GPUs to China remains an open question.…
- Invisible npm malware pulls a disappearing act – then nicks your tokens
PhantomRaven slipped over a hundred credential-stealing packages into npm
A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The packages appear safe when first downloaded, making them particularly difficult for security apps to identify.…
- Canonical CEO says no to IPO in current volatile market
We should be a public company,' Shuttleworth tells The Reg, just not 'with our trousers around our ankles
Interview An initial public offering is a matter of when, not if, for Canonical founder and CEO Mark Shuttleworth, though interested stock owners shouldn't expect a prospectus anytime soon.…
- Equinix revealed as occupant of £3.9B UK datacenter campus
Investment will fund 250 MW, three-facility campus near London as AI and cloud demand surge
Equinix will occupy a massive datacenter campus near London's M25, investing £3.9 billion ($5.1 billion) in the 85-acre (0.34 square kilometers) Hertfordshire plot close to South Mimms services.…
- Cyberpunks mess with Canada's water, energy, and farm systems
Infosec agency warns hacktivists broke into critical infrastructure systems to tamper with controls
Hacktivists have breached Canadian critical infrastructure systems to meddle with controls that could have led to dangerous conditions, marking the latest in a string of real-world intrusions driven by online activists rather than spies.…
- There's mushroom for improvement in fungal computing
Ohio State boffins coax shiitake and button varieties into behaving like memristors
US boffins claim early tests indicate edible mushrooms can function as organic memory devices, though significant challenges remain before the lab experiment can be turned into something practical.…
- AI is making Google and Meta even stronger and richer
So they’re increasing spending on infrastructure to keep it that way
When generative AI exploded into public view in late 2022, plenty of pundits predicted it would be bad news for the likes of Google and Meta as nimble AI-powered rivals found new ways to capture netizens’ attention and monetize it.…
- Major telecom supplier compromised by unnamed nation-state attackers
Snoops remained undetected for nearly 10 months
Nation-state snoops broke into Ribbon Communications – an outfit that provides software and networking gear to Verizon, CenturyLink, and the US Defense Department – last December, remained hidden for about nine months, and stole files belonging to three customers, according to the US telecommunications firm.…
- Microsoft gives Windows 11 a fresh Start – here's how to get it
More convenient layout saves you a click
Four years after the debut of Windows 11, Microsoft has finally fixed one of the biggest problems with its Start menu: The need to click the “All” button to view a complete list of all of your apps. A new Start menu, which gives you three different ways to view all installed programs without that extra click, is slowly rolling out to users.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Removing obfuscation in Minecraft: Java Edition
Gaming isn�t something we talk about very often here on OSNews, but I think this piece of news is actually a rare piece of good, welcome news from this industry. Mojang, the Microsoft-owned company behind Minecraft, has announced it�s going to stop obfuscating the code behind the Java edition of Minecraft. A refresher: the Java edition of Minecraft is the original version of the game, which exists alongside the Bedrock Edition, which is written in C++. Both variants are kept more or less in sync with each other. The Java edition has historically been far more moddable, and comes with far fewer restrictions than the Bedrock Edition, which Microsoft maintains far tighter control over. Still, the modding scene around the Java Edition sprung up in spite of Mojang and Microsoft, not because of them, but over the years the modding scene has been embraced more and more by these two companies. The final step in this embrace comes today as Mojang will no longer obfuscate the code behind th Java Edition. Minecraft: Java Edition has been obfuscated since its release. This obfuscation meant that people couldn’t see our source code. Instead, everything was scrambled – and those who wanted to mod Java Edition had to try and piece together what every class and function in the code did.` But we encourage people to get creative both in Minecraft and with Minecraft – so in 2019 we tried to make this tedious process a little easier by releasing “obfuscation mappings”. These mappings were essentially a long list that allowed people to match the obfuscated terms to un-obfuscated terms. This alleviated the issue a little, as modders didn’t need to puzzle out what everything did, or what it should be called anymore. But why stop there? ↫ Minecraft website This is excellent news for the game, the wider modding community, and players. Minecraft is still a massively popular game, and making modding easier is very welcome, as for a lot of people, mods are what make Minecraft actually interesting. It�s also rare to see a massive force in gaming making a positive step like this, so they deserve the few kudos.
- How did the Windows 95 user interface code get brought to the Windows NT code base?
After the release of Windows 95, with its brand new and incredibly influential graphical user interface, it was only a matter of time before this new taskbar, Start menu, and everything else would make its way to Microsoft�s other operating system line, Windows NT. The development of Windows 95 more or less lined up with that of Windows NT 3.5, but it wouldn�t be until Windows NT 4.0, released a little less than a year after Windows 95, that NT, too, would have the brand new user interface. Raymond Chen has published a blog post detailing the cooperation and interplay between the Windows 95 and Windows NT teams, and, as always with Chen, it�s a joy to read. Members of the Windows 95 user interface team`met regularly with members of the Windows NT user interface team`to keep them aware of what was going on and even get their input on some ideas that the Windows 95 team were considering. The Windows NT user interface team were focused on shipping Windows NT, but they appreciated being kept in the loop. During the late phases of the development of Windows 95, the Windows NT side of the house took a more active role in bringing the Windows 95 user interface to Windows NT. ↫ Raymond Chen at The Old New Thing Chen details there was a lot of code-sharing, to the point where the Windows 95 version of the GUI contained NT-specific code, and vice versa. This code-sharing was quite a lot less elegant than today with tools like git, since Microsoft�s own internal source code system called SLM (pronounced �slime�) did not support branches, so they had to regularly perform three-way merges manually. It was a different time, for sure. Anyway, it�s amazing how much of this ancient Microsoft lore could�ve been lost to time, or shrouded in mystery, if it wasn�t for someone like Raymond Chen regularly sharing the stories from Microsoft�s past.
- OpenIndiana 2025.10 released
OpenIndiana, the Illumos distribution for general use, has released its latest snapshot release, and there�s some really interesting things in there. To refresh your memory: Illumos is a fork of the final OpenSolaris release, based on Solaris 11, before Oracle closed Solaris back up. It�s been in development ever since that fateful day back in 2010, and several Illumos distributions with unique identities have sprung up around the project. OpenIndiana is one of them, and functions like a rolling release with a snapshot release every six months. OpenIndiana 2025.10 was released today, and this snapshot�s changelog covers changes over the past six months. It comes with all the latest open source packages you would expect, like the latest or at least very recent versions of Firefox, Thunderbird, LibreOffice, and much more, but the GNOME version (44.4 from 2023) is definitely a bit outdated. There�s a ton new utilities written in Rust, and the usual bug and security fixes as well, like for crucial utilities such as OpenSSL and OpenSSH, and things like Python versions 3.14 3.13, 3.12, and 3.9. A particularly interesting bullet point is maintenance work and improvements for Sun Ray support, and the changelog notes that these little thin clients are still popular among their users. I�m very deep into the world of Sun Rays at the moment, so reading that you can still use them through OpenIndiana is amazingly cool. There�s a Sun Ray metapackage that installs the necessary base components, allowing you to install Sun�s/Oracle�s original Sun Ray Server software on OpenIndiana. Even though MATE is the default desktop for OpenIndiana, the Sun Ray Server software does depend on a few GNOME components, so those will be pulled in. I�ve definitely put this on my list, once I�m done with my current Sun Ray deep dive on Solaris 10. If you�re interested in SPARC support, there�s quite a few machines that do work with the SPARC version of OpenIndiana, and recently, there�s been a lot of progress on this front. Running the SPARC version on various servers can work, but desktop use, say, on a Sun Ultra 45, is a bit more problematic due to boot issues and a lack of graphics drivers. The work is ongoing, though, and there�s been a ton of renewed interest.
- Windows to automatically suggest a memory scan after a blue screen
Microsoft is introducing a new feature in Windows to better deal with blue screens of death. In the release notes for Windows 11 Insider Preview Build 26220.6982 (Dev Channel), the company detailed that after a user experiences a blue screen, Windows will automatically perform a memory scan. We’re introducing a new feature that helps improve system reliability. If your PC experiences a bugcheck (unexpected restart), you may see a notification when signing in suggesting a quick memory scan. If you choose to run it, the system will schedule a Windows Memory Diagnostic scan to run during your next reboot (taking 5 minutes or less on average) and then continue to Windows. If a memory issue is found and mitigated, you will see a notification post-reboot. ↫ Amanda Langowski at the Windows Blogs In its current iteration, this memory scan will trigger after every single error code to collect as much data as possible, but Microsoft states it will refine and narrow the number of error codes in the future. In addition, this feature will not be available on Arm64 and systems with Administrator Protection and/or BitLocker without Secure Boot. Let�s hope this feature won�t be a nuisance, but an actually useful feature that helps people uncover memory problems that otherwise remain undiagnosed.
- Python Software Foundation has bigger spine than big tech
Back in January 2025, the Python Software Foundation applied for a $1.5 million grant from the US government�s National Science Foundation, under the Safety, Security, and Privacy of Open Source Ecosystems program, to address structural vulnerabilities in Python and PyPI. After a lot of paperwork, their application was approved, but upon receiving the contractual agreement, the Python Software Foundation decided to back out. Why? We became concerned, however, when we were presented with the terms and conditions we would be required to agree to if we accepted the grant. These terms included affirming the statement that we “do not, and will not during the term of this financial assistance award, operate any programs that advance or promote DEI, or discriminatory equity ideology in violation of Federal anti-discrimination laws.” This restriction would apply not only to the security work directly funded by the grant, but to any and all activity of the PSF as a whole. Further, violation of this term gave the NSF the right to “claw back” previously approved and transferred funds. This would create a situation where money we’d already spent could be taken back, which would be an enormous, open-ended financial risk. In the end, however, the PSF simply can’t agree to a statement that we won’t operate any programs that “advance or promote” diversity, equity, and inclusion, as it would be a betrayal of our mission and our community. ↫ Loren Crary at the PSF blog The fact that this is news at all is a deeply sad state of affairs, but it�s great to see at least some organisations in tech still have a spine. In a world where tech giants and their sleazy CEOs are falling over each other to lather the US president in bribes and tasteless gifts, it�s refreshing to see someone passing up on what would be an enormous amount of money for them. The PSF operates on a budget of $5 million a year, so $1.5 million would be a massive boon for the effort. The efforts of the PSF regarding outreach have been incredibly successful over the years. PyCon US had 1% female speakers in 2011, 7% in 2012, 15% in 2013, 33% in both 2014 and 2015, and 40% in 2016. DEI! efforts usually just mean the gruntwork of reaching out to members of underrepresented groups within your community, and ensuring they feel welcome, safe, and respected. Monocultures tend to be self-destructive, whether we�re talking about operating systems or people. Having perspectives from people with different backgrounds, different life experiences, and different approaches is a massive net benefit to your organisation. Making efforts to foster such environments illegal is absolute batshit insanity, and I�m glad that unlike cowards like Tim Cook or Sundar Pichai, the Python Software Foundation has a spine and is standing up for what�s right.
- I�d like to speak to the Bellcore ManaGeR
I love it when I discover � usually through people smarter than I � an operating system or graphical user interface I�ve never heard of. This time, we�ve got Bellcore MGR, as meticulously detailed by Nina Kalinina a few weeks ago. I love old computers, and I enjoy looking at old user interfaces immensely. I could spend a whole evening on installing an old version of MS Word and playing with it: Ah, look, how cute, they didn�t invent scrollbars just yet!. A special place in my heart is taken by user interfaces that were historically significant and yet fell into relative obscurity (like Windows 2 or BTRON). This is why I absolutely had to try Bellcore MGR. An early windowing system (1984), it was made by the Bell Communications Research, and it looked like Plan 9�s older sister. The system was distributed over the Usenet, ported to every conceivable Unix-like system, including Minix, Linux and Coherent, and � eventually � mostly forgotten. The only two videos on YouTube that have something to do with MGR have a bit over 1000 views combined, and don�t really show it in the best light possible. And I think it�s a crying shame. ↫ Nina Kalinina The reference to Plan 9 is apt, as MGR definitely seems to function almost exactly like Plan 9�s rio graphical user interface, including things like drawing a rectangle to open a new window. Rio is an acquired taste � to put it very mildly � and it seems MGR fits the same bill. There�s also $home movie, an entire video editor for MGR, which is honestly mind-blowing considering it�s running on a mere SPARCstation in the late �80s and early �90s. It has an incredibly unique UNIXy flavour: If you don�t have 40 minutes to watch the tour, please do spend two minutes on this demo of the $HOME MOVIE! system. It is a suite of tools for the capture, editing and playback of window system sessions on a Sun Sparcstation! based on MGR. It is probably the most Unix way of making videos: the window manager dumps the rendering commands into a file, then the rendering commands can be altered with a set of small tools, some of which are in awk, and then these rendering commands can be packaged into a single demo. ↫ Nina Kalinina Kalinina had to more or less reverse-engineer its unique video format, too, but in doing so managed to upload the original demonstration of $movie home, narrated by its creator and created in $movie home itself, to YouTube. Kalinina also created and uploaded a ready-made hard disk image of Debian 0.93 with Bellcore MGR preinstalled for use in Qemu and 86Box.
- The Linux boot process: from power button to kernel
You press the power button. A second later a wall of text scrolls by, or a logo fades in, and eventually Linux appears. What happens in between is not magic. It is a careful handshake between tiny programs and a very literal CPU. This part follows that handshake until the very first line of C code inside the Linux kernel runs. ↫ 0xkato�s blog Exactly what it says on the tin.
- Upcoming Kwin changes extend battery life
I think most of us are aware that compositors use multiple planes to render our user interfaces, and in the case of KDE�s Kwin specifically, they use two planes � one for the user interface, and one specifically for the mouse cursor. Kwin developer Xaver Hugl has been working on changing Kwin to use more than just two planes, and it turns out this delivers some considerable power use reductions and thus battery life improvements. So, when can you use these changes and test them? Due to various driver issues when trying to use overlays, like slow atomic tests on AMD as well as display freezes on some AMD and NVidia GPUs, this feature is still off by default. However, if you want to experiment anyways or attempt to fix the drivers, starting from Plasma 6.5, you can set the KWIN_USE_OVERLAYS environment variable to enable the feature anyways. If you test it, please report your findings! If there’s problems in the drivers, we’d like to know and have bug reports for the GPU vendors of course, but also if things work well that would be nice to hear. ↫ Xaver Hugl Leave it to Linux graphics-related developers to uncover driver bugs in graphics drivers.
- AI! assistants misrepresent news content 45% of the time
An extensive study by the European Broadcasting Union and the BBC highlights just how deeply inaccurate and untrustworthy AI! news results really are. AI! sucks even at its most basic function. It�s incredible how much money is being pumped into this scam, and how many people are wholeheartedly defending these bullshit generators as if their lives depended on it. If these tools can�t even summarise a text � something you learn in early primary school as a basic skill � how on earth are they supposed to perform more complex tasks like coding, making medical assessments, distinguish between a chips bag and a gun? Maybe we deserve it.
- Teenager detained at gunpoint by US cops because AI! mistook a chips bag for a gun
If you�re eating a bag of chips in an area where AI! software is being used to monitor people�s behaviour, you might want to reconsider. Some high school kid in the US was hanging out with his friends, when all of a sudden, he was being swarmed by police officers with with guns drawn. Held at gunpoint, he was told to lie down, after which he was detained. Obviously, this is a rather unpleasant experience, so say the least, especially considering the kid in question is a person of colour. In the US. Anyway, the AI! software used by the police department to monitor citizens� behaviour mistook an empty chips bag in his pocket for a gun. US police officers, who only receive a few weeks of training, didn�t question what the computer told them and pointed guns at a teenager. In a statement, Omnilert expressed regret over the incident, acknowledging that the image “closely resembled a gun being held.” The company called it a “false positive,” but defended the system’s response, stating it “functioned as intended: to prioritize safety and awareness through rapid human verification.” ↫ Alexa Dikos and Rebecca Pryor at FOX45 News I�ve been warning that the implementation of AI! was going to lead to people dying, and while this poor kid got lucky this time, you know it�s only a matter of time before people start getting shot by US police because they�re too stupid to question their computer overlords. Add in the fact that AI! is well-known to be deeply racist, and we have a very deadly cocktail of failures.
- OpenBSD 7.8 released
Like clockwork, every six months, we have a new OpenBSD release. OpenBSD 7.8 adds support for the Raspberry Pi 5, tons of improvements to sleep, wake, and hibernate, the TCP stack can now run in parallel on multiple processors, and so much more. DRM has been updated to match Linux 6.12.50, and drivers for the Qualcomm Snapdragon DRM subsystem and Qualcomm DisplayPort controller were added as well. The changelog is, as always, long and detailed, so head on over for the finer details. OpenBSD users will know how to upgrade, and new users can visit the download page.
- What about the icons in pifmgr.dll?
Raymond Chen has another great post about some of the classic icons from Windows 95, this time focusing on pifmgr.dll. In this file, there are a variety of random-seeming icons, and it turns out they�re random for a reason: they were just a bunch a fun, generic icons intended for people to use when creating PIF files. The icons in pifmgr.dll were created just for fun. They were not created with any particular programs in mind, with one obvious exception. They were just a fun mix of icons for people to use for their own homemade shortcut files. ↫ Raymond Chen at The Old New Thing For those of us who didn�t grow up with Windows, or who, god forbid, are too young to know, PIF or personal information files are effectively shortcuts to DOS programs for use in a multitasking environment. A PIF file would not only point to the relevant DOS executable, but also contain information about the environment in which said executable was supposed to run. Their history goes back to IBM�s TopView, and Microsoft later embraced and adapted them for use in Windows.
- Understanding driver updates through Windows Update
Microsoft has published a set of short questions and answers about driver updates through Windows Update, and there�s one tidbit in there I found interesting. Driver dates might look old, but that is not true. The driver date is descriptive info set by the driver provider and can be any date they choose. When determining which driver to install, Windows Update uses targeting information set by the provider inside the driver files to determine the best driver. This lets the device provider promote the best driver, regardless of the chosen date. ↫ Microsoft knowledge base article Whenever I do have to fiddle with Windows machines, I always wondered about why some drivers in Windows Update would show some seriously old dates. It turns out the answer is as obvious as it always tends to be: OEMs.
- KDE Plasma 6.5 released
KDE is on a roll lately, and keeps on rolling with today�s release of KDE Plasma 6.5. As the project itself notes, this release focuses on relatively small improvements, refinements, and other niceties, without making any massive changes. With Linux desktops taking accessibility more seriously lately than ever before, I want to focus on the accessibility improvements first. The Orca screen reader now announces caps lock state changes, and screen readers will now describe the Shortcuts and Autostart pages more optimally. There�s also a new grayscale colour filter for people sensitive to colours, developers have done Plasma-wide pass to eliminate bright flashes in the UI, and the desktop zoom feature will now follow the text insertion point as it moves around the UI. Keyboard navigation in various parts of Plasma have been improved, and a few other small changes have been to improve accessiblity. Other changes include rounded bottom window corners (which can be turned off), automatic and scheduled theme and wallpaper transitions (e.g. from light to dark), and a new and improved applications permissions settings panel. A small new feature that will be a massive time saver for me is the ability to favourite items in your clipboard history, so they remain available over time. I reuse certain copied bits of text all the time, and I can�t wait to start using this little addition. Remote desktop has also received a ton of love in Plasma 6.5. You can now share your clipboard, and you no longer need to create dedicated RDP user accounts; you can just log in with your normal account credentials as you would expect you could. Plasma�s Discover application, used for application and update management, has seen major work to improve its performance � very welcome, for sure. Of course, there�s a ton of other changes, too. KDE Plasma 6.5 will find its way to your distribution soon enough.
- Intel, AMD to bring memory tagging to x86, at some point
Now that ARM�s memory tagging, used extensively by Android ROMs such as GrapheneOS and now also by Apple, is becoming the new norm to aid in improving memory safety, the x86 world can�t sit idly by. As such, Intel and AMD have announced a ChkTag, x86�s version of memory tagging. ChkTag is a set of new and enhanced x86 instructions to detect memory safety violations, such as buffer overflows and misuses of freed memory (use-after-free). ChkTag is designed to be suitable for hardening applications, operating system kernels, hypervisors for virtualization, and UEFI firmware. ChkTag places control in the software developers’ hands to balance their security needs with operational elements that often become prominent when deploying code. For example, ChkTag provides instruction-granular control over which memory accesses are checked. Compilers can offer optimizations and new language features or intrinsics. ChkTag prepares x86 for a future with increasing amounts of code written in memory-safe languages running alongside code in other languages. Furthermore, ChkTag loads tags from linear/virtual memory that can often be committed on demand. ↫ Intel and AMD�s announcement It�s important to note that ChkTag � why not just call it CheckTag � isn�t ready yet, nor is there any indication when it will be included in any processors from Intel and AMD. The goal is to catch certain memory safety problems in hardware. According to Intel and AMD�s shared announcement, developers will have fine-grained control over the feature, allowing them to tap into the functionality in whatever way they deem necessary or valuable for their software in specific circumstances. My fear is that Intel and AMD will use this feature as a product differentiator, restricting it to either more expensive processors or to Xeon/Threadripper processors, thereby fracturing the market. This would inevitably lead to spotty support for the feature across the x86 landscape, meaning most ordinary consumer won�t benefit from it at all.
- This is how much Anthropic and Cursor spend on Amazon Web Services
I can exclusively reveal today Anthropic’s spending on Amazon Web Services for the entirety of 2024, and for every month in 2025 up until September, and that that Anthropic’s spend on compute far exceeds that previously reported.` Furthermore, I can confirm that through September, Anthropic has spent more than 100% of its estimated revenue (based on reporting in the last year) on Amazon Web Services, spending $2.66 billion on compute on an estimated $2.55 billion in revenue. ↫ Ed Zitron These numbers do not even include what the company spends on Google�s services. Going through all the numbers and reporting, Zitron explains that the more successful! Anthropic becomes, the bigger the gap between income from paying customers and its spending on Amazon and Google services becomes. It�s simply unsustainable, and the longer we keep this scam going, the worse the consequences will be when the bubble pops. Sadly, nobody will go to jail once hell breaks loose.
- Steam Deck 2 Rumors Ignite a New Era for Linux Gaming
by George Whittaker
The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.
What the Rumours Suggest
Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:
Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.
A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.
One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.
Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.
In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.
Why This Matters for Linux Gaming
The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:
Validation of SteamOS & Linux Gaming
The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.
Handheld PC Ecosystem Momentum
Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.
Go to Full Article
- Kali Linux 2025.3 Lands: Enhanced Wireless Capabilities, Ten New Tools & Infrastructure Refresh
by George Whittaker Introduction
The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.
In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.
What’s New in Kali Linux 2025.3
This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.
Tooling Additions: Ten Fresh Packages
One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:
Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).
Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.
Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.
krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.
ligolo-mp – a multiplayer pivoting solution for network-lateral movement.
llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).
mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.
patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).
vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.
Go to Full Article
- VMScape: Cracking VM-Host Isolation in the Speculative Execution Age & How Linux Patches Respond
by George Whittaker Introduction
In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.
Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.
In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).
What VMScape Is & Why It MattersThe Basics of Speculative Side-Channels
Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.
One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.
VMScape: Guest to Host via Branch Predictor
VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”
Here are the key elements making VMScape significant:
The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).
Go to Full Article
- Self-Tuning Linux Kernels: How LLM-Driven Agents Are Reinventing Scheduler Policies
by George Whittaker Introduction
Modern computing systems rely heavily on operating-system schedulers to allocate CPU time fairly and efficiently. Yet many of these schedulers operate blindly with respect to the meaning of workloads: they cannot distinguish, for example, whether a task is latency-sensitive or batch-oriented. This mismatch, between application semantics and scheduler heuristics, is often referred to as the semantic gap.
A recent research framework called SchedCP aims to close that gap. By using autonomous LLM‐based agents, the system analyzes workload characteristics, selects or synthesizes custom scheduling policies, and safely deploys them into the kernel, without human intervention. This represents a meaningful step toward self-optimizing, application-aware kernels.
In this article we will explore what SchedCP is, how it works under the hood, the evidence of its effectiveness, real-world implications, and what caveats remain.
Why the Problem Matters
At the heart of the issue is that general-purpose schedulers (for example the Linux kernel’s default policy) assume broad fairness, rather than tailoring scheduling to what your application cares about. For instance:
A video-streaming service may care most about minimal tail latency.
A CI/CD build system may care most about throughput and job completion time.
A cloud analytics job may prefer maximum utilisation of cores with less concern for interactive responsiveness.
Traditional schedulers treat all tasks mostly the same, tuning knobs generically. As a result, systems often sacrifice optimisation opportunities. Some prior efforts have used reinforcement-learning techniques to tune scheduler parameters, but these approaches have limitations: slow convergence, limited generalisation, and weak reasoning about why a workload behaves as it does.
SchedCP starts from the observation that large language models can reason semantically about workloads (expressed in plain language or structured summaries), propose new scheduling strategies, and generate code via eBPF that is loaded into the kernel via the sched_ext interface. Thus, a custom scheduler (or modified policy) can be developed specifically for a given workload scenario, and in a self-service, automated way.
Architecture & Key Components
SchedCP comprises two primary subsystems: a control-plane framework and an agent loop that interacts with it. The framework decouples “what to optimise” (reasoning) from “how to act” (execution) in order to preserve kernel stability while enabling powerful optimisations.
Here are the major components:
Go to Full Article
- Bcachefs Ousted from Mainline Kernel: The Move to DKMS and What It Means
by George Whittaker Introduction
After years of debate and development, bcachefs—a modern copy-on-write filesystem once merged into the Linux kernel—is being removed from mainline. As of kernel 6.17, the in-kernel implementation has been excised, and future use is expected via an out-of-tree DKMS module. This marks a turning point for the bcachefs project, raising questions about its stability, adoption, and relationship with the kernel development community.
In this article, we’ll explore the background of bcachefs, the sequence of events leading to its removal, the technical and community dynamics involved, and implications for users, distributions, and the filesystem’s future.
What Is Bcachefs?
Before diving into the removal, let’s recap what bcachefs is and why it attracted attention.
Origin & goals: Developed by Kent Overstreet, bcachefs emerged from ideas in the earlier bcache project (a block-device caching layer). It aimed to build a full-featured, general-purpose filesystem combining performance, reliability, and modern features (snapshots, compression, encryption) in a coherent design.
Mainline inclusion: Bcachefs was merged into the mainline kernel in version 6.7 (released January 2024) after a lengthy review and incubation period.
“Experimental” classification: Even after being part of the kernel, bcachefs always carried disclaimers about its maturity and stability—they were not necessarily recommends for production use by all users.
Its presence in mainline gave distributions a path to ship it more casually, and users had easier access without building external modules—an important convenience for adoption.
What Led to the Removal
The excision of bcachefs from the kernel was not sudden but the culmination of tension over development practices, patch acceptance timing, and upstream policy norms.
“Externally Maintained” status in 6.17
In kernel 6.17’s preparation, maintainers marked bcachefs as “externally maintained.” Though the code remained present, the change signified that upstream would no longer accept new patches or updates within the kernel tree.
This move allowed a transitional period. The code was “frozen” inside the tree to avoid breaking existing systems immediately, while preparation was made for future removal.
Go to Full Article
- Linux Mint 22.2 ‘Zara’ Released: Polished, Modern, and Built for Longevity
by George Whittaker Introduction
The Linux Mint team has officially unveiled Linux Mint 22.2, codenamed “Zara”, on September 4, 2025. As a Long-Term Support (LTS) release, Zara will receive updates through 2029, promising users stability, incremental improvements, and a comfortable desktop experience.
This version is not about flashy overhauls; rather, it’s about refinement — applying polish to existing features, smoothing rough edges, weaving in new conveniences (like fingerprint login), and improving compatibility with modern hardware. Below, we’ll delve into what’s new in Zara, what users should know before upgrading, and how it continues Mint’s philosophy of combining usability, reliability, and elegance.
What’s New in Linux Mint 22.2 “Zara”
Here’s a breakdown of key changes, refinements, and enhancements in Zara.
Base, Support & Kernel Stack
Ubuntu 24.04 (Noble) base: Zara continues to use Ubuntu 24.04 as its upstream base, ensuring broad package compatibility and long-term security support.
Kernel 6.14 (HWE): The default kernel for new installations is 6.14, bringing support for newer hardware.
However — for existing systems upgraded from Mint 22 or 22.1 — the older kernel (6.8 LTS) remains the default, because 6.14’s support window is shorter.
Zara is an LTS edition, with security updates and maintenance promised through 2029.
Major Features & EnhancementsFingerprint Authentication via Fingwit
Zara introduces a first-party tool called Fingwit to manage fingerprint-based authentication. With compatible hardware and support via the libfprint framework, users can:
Enroll fingerprints
Use fingerprint login for the screensaver
Authenticate sudo commands
Launch administrative tools via pkexec using the fingerprint
In some cases, bypass password entry at login (unless home directory encryption or keyring constraints force password fallback)
It is important to note that fingerprint login on the actual login screen may be disabled or limited depending on encryption or keyring usage; in those cases, the system falls back to password entry.
UI & Theming Refinements
Sticky Notes app now sports rounded corners, improved Wayland compatibility, and a companion Android app named StyncyNotes (available via F-Droid) to sync notes across devices.
Go to Full Article
- Ubuntu Update Backlog: How a Brief Canonical Outage Cascaded into Multi-Day Delays
by George Whittaker Introduction
In early September 2025, Ubuntu users globally experienced disruptive delays in installing updates and new packages. What seemed like a fleeting outage—only about 36 minutes of server downtime—triggered a cascade of effects: mirrors lagging, queued requests overflowing, and installations hanging for days. The incident exposed how fragile parts of Ubuntu’s update infrastructure can be under sudden load.
In this article, we’ll walk through what happened, why the fallout was so severe, how Canonical responded, and lessons for users and infrastructure architects alike.
What Happened: Outage & Immediate Impact
On September 5, 2025, Canonical’s archive servers—specifically archive.ubuntu.com and security.ubuntu.com—suffered an unplanned outage. The status page for Canonical showed the incident lasting roughly 36 minutes, after which operations were declared “resolved.”
However, that brief disruption set off a domino effect. Because the archives and security servers serve as the central hubs for Ubuntu’s package ecosystem, any downtime causes massive backlog among mirror servers and client requests. Mirrors found themselves out of sync, processing queues piled up, and users attempting updates or new installs encountered failed downloads, hung operations, or “404 / package not found” errors.
On Ubuntu’s community forums, Canonical acknowledged that while the server outage was short, the upload / processing queue for security and repository updates had become “obscenely” backlogged. Users were urged to be patient, as there was no immediate workaround.
Throughout September 5–7, users continued reporting incomplete or failed updates, slow mirror responses, and installations freezing mid-process. Even newly provisioning systems faced broken repos due to inconsistent mirror states.
By September 8, the situation largely stabilized: mirrors caught up, package availability resumed, and normal update flows returned. But the extended period of degraded service had already left many users frustrated.
Why a Short Outage Turned into Days of Disruption
At first blush, 36 minutes seems trivial. Why did it have such prolonged consequences? Several factors contributed:
Centralized repository backplane Ubuntu’s infrastructure is architected around central canonical repositories (archive, security) which then propagate to mirrors worldwide. When the central system is unavailable, mirrors stop receiving updates and become stale.
Go to Full Article
- Bringing Desktop Linux GUIs to Android: The Next Step in Graphical App Support
by George Whittaker Introduction
Android has long been focused on running mobile apps, but in recent years, features aimed at developers and power users have begun pushing its boundaries. One exciting frontier: running full Linux graphical (GUI) applications on Android devices. What was once a novelty is now gradually becoming more viable, and recent developments point toward much smoother, GPU-accelerated Linux GUI experiences on Android.
In this article, we’ll trace how Linux apps have run on Android so far, explain the new architecture changes enabling GPU rendering, showcase early demonstrations, discuss remaining hurdles, and look at where this capability is headed.
The State of Linux on Android TodayThe Linux Terminal App
Google’s Linux Terminal app is the core interface for running Linux environments on Android. It spins up a virtual machine (VM), often booting Debian or similar, and lets users enter a shell, install packages, run command-line tools, etc.
Initially, the app was limited purely to text / terminal-based Linux programs; graphical apps were not supported meaningfully. More recently, Google introduced support for launching GUI Linux applications in experimental channels.
Limitations: Rendering & Performance
Even now, most GUI Linux apps on Android are rendered in software, that is, all drawing happens on the CPU (via a software renderer) rather than using the device’s GPU. This leads to sluggish UI, high CPU usage, more thermal stress, and shorter battery life.
Because of these limitations, running heavy GUI apps (graphics editors, games, desktop-level toolkits) has been more experimental than practical.
What’s Changing: GPU-Accelerated Rendering
The big leap forward is moving from CPU rendering to GPU-accelerated rendering, letting the device’s graphics hardware do the heavy lifting.
Lavapipe (Current Baseline)
At present, the Linux VM uses Lavapipe (a Mesa software rasterizer) to interpret GPU API calls on the CPU. This works, but is inefficient, especially for complex GUIs or animations.
Introducing gfxstream
Google is planning to integrate gfxstream into the Linux Terminal app. gfxstream is a GPU virtualization / forwarding technology: rather than reinterpreting graphics calls in software, it forwards them from the guest (Linux VM) to the host’s GPU directly. This avoids CPU overhead and enables near-native rendering speeds.
Go to Full Article
- Fedora 43 Beta Released: A Preview of What's Ahead
by George Whittaker Introduction
Fedora’s beta releases offer one of the earliest glimpses into the next major version of the distribution — letting users and developers poke, test, and report issues before the final version ships. With Fedora 43 Beta, released on September 16, 2025, the community begins the final stretch toward the stable Fedora 43.
This beta is largely feature-complete: developers hope it will closely match what the final release looks like (barring last-minute fixes). The goal is to surface regression bugs, UX issues, and compatibility problems before Fedora 43 is broadly adopted.
Release & Availability
The Fedora Project published the beta across multiple editions and media — Workstation, KDE Plasma, Server, IoT, Cloud, and spins/labs where applicable. ISO images are available for download from the official Fedora servers.
Users already running Fedora 42 can upgrade via the DNF system-upgrade mechanism. Some spins (e.g. Mate or i3) are not fully available across all architectures yet.
Because it’s a beta, users should be ready to encounter bugs. Fedora encourages testers to file issues via the QA mailing list or Fedora’s issue tracking infrastructure.
Major New Features & Changes
Fedora 43 Beta brings many updates under the hood — some in visible user features, others in core tooling and system behavior.
Kernel, Desktop & Session Updates
Fedora 43 Beta is built on Linux kernel 6.17.
The Workstation edition features GNOME 49.
In a bold shift, Fedora removes GNOME X11 packages for the Workstation, making Wayland-only the default and only session for GNOME. Existing users are migrated to Wayland.
On KDE, Fedora 43 Beta ships with KDE Plasma 6.4 in the Plasma edition.
Installer & Package Management
Fedora’s Anaconda installer gets a WebUI by default for all Spins, providing a more unified and modern install experience across desktop variants.
The installer now uses DNF5 internally, phasing out DNF4 which is now in maintenance mode.
Auto-updates are enabled by default in Fedora Kinoite, ensuring that systems apply updates seamlessly in the background with minimal user intervention.
Programming & Core Tooling Updates
The Python version in Fedora 43 Beta moves to 3.14, an early adoption to catch bugs before the upstream release.
Go to Full Article
- Linux Foundation Welcomes Newton: The Next Open Physics Engine for Robotics
by George Whittaker Introduction
Simulating physics is central to robotics: before a robot ever moves in the real world, much of its learning, testing, and control happens in a virtual environment. But traditional simulators often struggle to match real-world physical complexity, especially where contact, friction, deformable materials, and unpredictable surfaces are involved. That discrepancy is known as the sim-to-real gap, and it’s one of the biggest hurdles in robotics and embodied AI.
On September 29th, the Linux Foundation announced that it is contributing Newton, a next-generation, GPU-accelerated physics engine, as a fully open, community-governed project. This move aims to accelerate robotics research, reduce barriers to entry, and ensure long-term sustainability under neutral governance.
In this article, we’ll unpack what Newton is, how its architecture stands out, the role the Linux Foundation will play, early use cases and challenges, and what this could mean for the future of robotics and simulation.
What Is Newton?
Newton is a physics simulation engine designed specifically for roboticists and simulation researchers who want high fidelity, performance, and extensibility. It was conceived through collaboration among Disney Research, Google DeepMind, and NVIDIA. The recent contribution to the Linux Foundation transforms Newton into an open governance project, inviting broader community collaboration.
Design Goals & Key Features
GPU-accelerated simulation: Newton leverages NVIDIA Warp as its compute backbone, enabling physics computations on GPUs for much higher throughput than traditional CPU-based simulators.
Differentiable physics: Newton allows gradients to be propagated through simulation steps, making it possible to integrate physics into learning pipelines (e.g. backpropagation through control parameters).
Extensible and multi-solver architecture: Users or researchers can plug in custom solvers, mix models (rigid bodies, soft bodies, cloth), and tailor functionality for domain-specific needs.
Interoperability via OpenUSD: Newton builds on OpenUSD (Universal Scene Description) to allow flexible data modeling of robots and environments, and easier integration with asset pipelines.
Compatibility with MuJoCo-Warp: As part of the Newton project, the MuJoCo backbone is adapted (MuJoCo-Warp) for high-performance simulation within Newton’s framework.
Go to Full Article
|
