|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- Debian LTS: DLA-4217-1: icu security update
A stack-based buffer overflow has been fixed in ICU, a C++ and C library for Unicode and Globalization support. For Debian 11 bullseye, this problem has been fixed in version
- Changes to Kubernetes Slack (Kubernetes Contributors blog)
The Kubernetes project has announcedthat it will be losing its "special status" with the Slack communication platform and will bedowngraded to the free tier in a matter of days:
On Friday, June 20, we will be subject to the featurelimitations of free Slack. The primary ones which will affect uswill be only retaining 90 days of history, and having to disableseveral apps and workflows which we are currently using. The SlackAdmin team will do their best to manage these limitations.
The project has a FAQcovering the change, its impacts, and more. The CNCF projects staffhas proposeda move to the Discord service asthe best option to handle the more than 200,000 users and thousands ofposts per day from the Kubernetes community. The Kubernetes SteeringCommittee will be making its decision "in the next few weeks".
- Git 2.50.0 released
Version2.50.0 of the Git source-code management system has been releasedwith a long list of new user features, performance improvements, andbug fixes. See the announcement and thisGitHub blog post for details.
- [$] Supporting NFS v4.2 WRITE_SAME
At the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit(LSFMM+BPF), Anna Schumaker led a discussion about implementing the NFSv4.2 WRITE_SAMEcommand in both the NFS client and server. WRITE_SAME ismeant to write large amounts of identical data (e.g. zeroes) to the serverwithout actually needing to transfer all of it over the wire. In her topicproposal, Schumaker wondered whether other filesystems needed thefunctionality, so that it should be implemented at the virtual filesystem(VFS) layer, or whether it should simply be handled as an NFS-specific ioctl().
- Security updates for Monday
Security updates have been issued by AlmaLinux (.NET 8.0 and .NET 9.0), Arch Linux (curl, ghostscript, go, konsole, python-django, roundcubemail, and samba), Fedora (aerc, chromium, golang-x-perf, libkrun, python3.11, python3.12, rust-kbs-types, rust-sev, rust-sevctl, valkey, and wireshark), Gentoo (Konsole and sysstat), Oracle (.NET 9.0), Red Hat (bootc, grub2, keylime-agent-rust, python3.12-cryptography, rpm-ostree, rust-bootupd, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (apache2-mod_auth_openidc, docker, grub2, java-1_8_0-openj9, kernel, less, python-Django, screen, and sqlite3), and Ubuntu (cifs-utils and modsecurity-apache).
- Kernel prepatch 6.16-rc2
Linus Torvalds has released 6.16-rc2,which is "admittedlyeven smaller than usual", though rc2 is not uncommonly one of the smallerrelease candidates.It may be that people are taking a breather after a fairly sizablemerge window, but it might also be seasonal, with Europe starting tosee summer vacations... We'll see how this goes.
The diffstat looks somewhat unusual, with a lot of one-liners withboth ARC and pincontrol having (presumably independently) ended updoing some unrelated trivial cleanups.
But even that is probably noticeable only because everything else ispretty small. That "everything else" is mostly network drivers (andbluetooth) and bcachefs, with some rust infrastructure and corenetworking changes thrown in.
- [$] CoMaps emerges as an Organic Maps fork
The open-source mobile app OrganicMaps is used by millions of people on both the Android and iOSplatforms. In addition to featuring offline maps (generated from OpenStreetMap cartography) andturn-by-turn navigation, it also promises its users greater privacythan proprietary options. However, controversial decisions taken by theproject's leaders, feelings of disenfranchisement among contributors, andeven accusations of embezzlement have precipitated a divide in thecommunity, leading to a new fork called CoMaps.
- Radicle Desktop released
The Radicle peer-to-peer codecollaboration project has released RadicleDesktop: a graphical interface designed to simplify more complexparts of using Radicle such as issue management and patch reviews.
Radicle Desktop is not trying to replace your terminal, IDE, or codeeditor - you already have your preferred tools for code browsing. Itwon't replace our existing app.radicle.xyz and search.radicle.xyz forfinding and exploring projects. It also doesn't run a node foryou. Instead, it communicates with your existing Radicle node,supporting your current workflow and encourages gradual adoption.
LWN covered Radiclein March 2024.
- Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, glibc, kernel, and mod_security), Fedora (chromium, gh, mingw-icu, nginx-mod-modsecurity, python3.10, python3.9, thunderbird, valkey, and yarnpkg), Oracle (.NET 8.0, .NET 9.0, glibc, grafana-pcp, kernel, libxml2, mod_security, nodejs:20, and thunderbird), SUSE (audiofile, helm, kubernetes-old, kubernetes1.23, kubernetes1.24, libcryptopp, postgresql15, thunderbird, and valkey), and Ubuntu (linux-nvidia-tegra-igx).
- [$] FAIR package management for WordPress
The last year has been a rocky one for the WordPress community. MattMullenweg—WordPress co-founder andCEO of WordPress hosting company Automattic—started a messy public spat withWP Engine in September andhas proceeded to use his control of the project's WordPress.orginfrastructure as weapons against the company, with the communitycaught in the crossfire. It is not surprising, then, that onJune 6 a group of WordPress community participants announced theFederatedand Independent Repositories Package Manager (FAIR.pm) project. Itis designed to be a decentralized alternative to WordPress.org with agoal of building "public digital infrastructure that is bothresilient and fair".
- Summaries from the 2025 Python Language Summit
The Python Software Foundation blog is carrying aset of detailed summaries from the 2025 Python Language Summit:
The Python Language Summit 2025 occurred on May 14th in Pittsburgh, Pennsylvania. Core developers and special guests from around the world gathered in one room for an entire day of presentations and discussions about the future of the Python programming language.
Topics covered include making breaking changes less painful, free-threadedPython, interaction with Rust, and challenges faced by the SteeringCouncil.
- [$] Parallelizing filesystem writeback
Writeback for filesystems is the process of flushing the "dirty" (written)data in the page cache to storage. At the 2025 Linux Storage,Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Anuj Gupta led acombined storage and filesystem session on some work that has been doneto parallelize the writeback process. Some of the performance problemsthat have been seen with the existing single-threaded writeback came up ina session at last year's summit, where theidea of doing writeback in parallel was discussed.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel), Debian (chromium, gst-plugins-bad1.0, node-tar-fs, and ublock-origin), Gentoo (Emacs, File-Find-Rule, GStreamer, GStreamer Plugins, GTK+ 3, LibreOffice, Node.js, OpenImageIO, Python, PyPy, Qt, X.Org X server, XWayland, and YAML-LibYAML), Mageia (mariadb and roundcubemail), Red Hat (go-toolset:rhel8, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, libxml2, libxslt, mod_security, nodejs:20, and perl-FCGI:0.78), Slackware (mozilla), SUSE (docker, docker-compose, iputils, kernel, libsoup, open-vm-tools, rabbitmq-server, rabbitmq-server313, wget, and yelp), and Ubuntu (libsoup2.4 and webkit2gtk).
- [$] LWN.net Weekly Edition for June 12, 2025
Inside this week's LWN.net Weekly Edition:
Front: Nyxt; Cyber Resilience Act; Unwanted file descriptors; Core-dump API; 6.16 Merge window; Uniprocessor configurations; Smatch; FUSE zero-copy; iov_iter; Fedora documentation. Briefs: Android tracking; /e/OS 3.0; FreeBSD laptops; Ubuntu X11 support; Netdev 0x19; OIN anniversary; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- [$] Finding locking bugs with Smatch
Smatch is a GPL-licensedstatic-analysis tool for C that has a lot of specialized checks for the kernel. Smatchhas been used in the kernel for more than 20 years; DanCarpenter, its primary author, decided last year that some details of its plugin systemwere due for a rewrite. He spoke at Linaro Connect 2025 about his work onSmatch, the changes to its implementation, and how those changes enabled him to easilyadd additional checks for locking bugs in the kernel.
- Slowing the flow of core-dump-related CVEs
The handling of core dumps has indeed been a constant source of vulnerabilities for the Linux kernel. With luck, the 6.16 work will result in rather fewer of them in the future.
- Linuxiac Weekly Wrap-Up: Week 24 (Jun 9 – 15, 2025)
Catch up on the latest Linux news: Rocky 10, Kali 2025.2, KDE Frameworks 6.15, Archinstall 3.0.8, XBPS 0.60, Wine 10.10, Gitea 1.24, End of Windows 10: Don’t worry, be happy, and more.
- OpenMoonRay Introduces NUMA Support
Two years ago DreamWorks Animation open-sourced their MoonRay renderer that is an award-winning, state-of-the-art production MCRT renderer used for a number of feature films. Since then they have continued advancing this open-source code as OpenMoonRay and adding more features. The newest feature release of OpenMoonRay is now available with yet more capabilities for this impressive renderer...
- Linux 6.16-rc2 Released With An Initial Batch Of Fixes
Following the release of Linux 6.16-rc1 last Sunday that capped off the Linux 6.16 merge window, Linux 6.16-rc2 is now available with an initial week's worth of bug/regression fixes. Linux 6.16 development continues in aiming toward a stable release around the end of July...
- 9to5Linux Weekly Roundup: June 15th, 2025
The 244th installment of the 9to5Linux Weekly Roundup is here for the week ending on June 15th, 2025, keeping you updated with the most important things happening in the Linux world.
- Gemini 435Le Features Active Stereo, Dual-Laser Modules, and 6-Axis IMU for 3D Vision
The Gemini 435Le is Orbbec’s newest 3D camera, designed to deliver robust, high-precision depth sensing for demanding industrial and outdoor robotics environments. Engineered with industrial-grade construction and IP67 protection, it supports logistics automation, robotic arms, and autonomous mobile robots operating in variable and dynamic conditions. The system employs stereo vision technology with a 95 mm […]
- Lyra Zero W Packs RK3506B and Wi-Fi 6 into Raspberry Pi Zero-Sized Board
Luckfox has just launched a new development board with a form factor similar to the Raspberry Pi Zero, but based on the Rockchip RK3506B system-on-chip. The Lyra Zero W is designed to offer a low-cost, compact solution for embedded Linux development, priced at $16.99. The Lyra Zero W uses the Rockchip RK3506B processor, which integrates […]
- The US Navy Is More Aggressively Telling Startups, 'We Want You'
An anonymous reader quotes a report from TechCrunch: While Silicon Valley executives like those from Palantir, Meta, and OpenAI are grabbing headlines for trading their Brunello Cucinelli vests for Army Reserve uniforms, a quieter transformation has been underway in the U.S. Navy. How so? Well, the Navy's chief technology officer, Justin Fanelli, says he has spent the last two and a half years cutting through the red tape and shrinking the protracted procurement cycles that once made working with the military a nightmare for startups. The efforts represent a less visible but potentially more meaningful remaking that aims to see the government move faster and be smarter about where it's committing dollars. "We're more open for business and partnerships than we've ever been before," Fanelli told TechCrunch in a recent episode of StrictlyVC Download. "We're humble and listening more than before, and we recognize that if an organization shows us how we can do business differently, we want that to be a partnership." Right now, many of these partnerships are being facilitated through what Fanelli calls the Navy's innovation adoption kit, a series of frameworks and tools that aim to bridge the so-called Valley of Death, where promising tech dies on its path from prototype to production. "Your granddaddy's government had a spaghetti chart for how to get in," Fanelli said. "Now it's a funnel, and we are saying, if you can show that you have outsized outcomes, then we want to designate you as an enterprise service." In one recent case, the Navy went from a Request for Proposal (RFP) to pilot deployment in under six months with Via, an eight-year-old, Somerville, Massachusetts-based cybersecurity startup that helps big organizations protect sensitive data and digital identities through, in part, decentralization, meaning the data isn't stored in one central spot that can be hacked. (Another of Via's clients is the U.S. Air Force.) The Navy's new approach operates on what Fanelli calls a "horizon" model, borrowed and adapted from McKinsey's innovation framework. Companies move through three phases: evaluation, structured piloting, and scaling to enterprise services. The key difference from traditional government contracting, Fanelli says, is that the Navy now leads with problems rather than predetermined solutions. "Instead of specifying, 'Hey, we'd like this problem solved in a way that we've always had it,' we just say, 'We have a problem, who wants to solve this, and how will you solve it?'" Fanelli said.
Read more of this story at Slashdot.
- Obscure Chinese Stock Scams Dupe American Investors by the Thousands
Thousands of American investors have lost millions of dollars to sophisticated pump-and-dump schemes involving small Chinese companies listed on Nasdaq, prompting the Justice Department to declare the fraud a priority under the Trump administration's white-collar enforcement program. The scams recruit victims through social media ads and WhatsApp messages, directing them to purchase shares in obscure Chinese firms whose stock prices are artificially inflated before collapsing. Since 2020, nearly 60 China-based companies have conducted initial public offerings on Nasdaq raising $15 million or less each, with more than one-third experiencing sudden single-day price drops exceeding 50%. In one recent case, seven traders earned over $480 million by defrauding 600 victims who purchased shares in China Liberal Education Holdings.
Read more of this story at Slashdot.
- OpenAI, Growing Frustrated With Microsoft, Has Discussed Making Antitrust Complaints To Regulators
Tensions between OpenAI and Microsoft over the future of their famed AI partnership are flaring up. WSJ, minutes ago: OpenAI wants to loosen Microsoft's grip on its AI products and computing resources, and secure the tech giant's blessing for its conversion into a for-profit company. Microsoft's approval of the conversion is key to OpenAI's ability to raise more money and go public. But the negotiations have been so difficult that in recent weeks, OpenAI's executives have discussed what they view as a nuclear option: accusing Microsoft of anticompetitive behavior during their partnership, people familiar with the matter said. That effort could involve seeking federal regulatory review of the terms of the contract for potential violations of antitrust law, as well as a public campaign, the people said.
Read more of this story at Slashdot.
- That 'Unsubscribe' Button Could Be a Trap, Researchers Warn
Researchers are cautioning users against clicking unsubscribe links embedded in email bodies, citing new data showing such actions can expose recipients to malicious websites and confirm active email addresses to attackers. DNSFilter found that one in every 644 clicks on unsubscribe links leads users to potentially malicious websites. "You've left the safe, structured environment of your email client and entered the open web," TK Keanini, DNSFilter's chief technology officer, told WSJ. The risks range from confirming to bad actors that an email address belongs to an active user to redirecting victims to fake websites designed to steal login credentials or install malware. Clicking such links "can make you a bigger target in the future," said Michael Bargury, CTO of security company Zenity.
Read more of this story at Slashdot.
- Dutch Court Confirms Apple Abused Dominant Position in Dating Apps
A Dutch court on Monday confirmed a 2021 consumer watchdog's ruling saying that Apple had abused its dominant position by imposing unfair conditions on providers of dating apps in the App Store. From a report: The Rotterdam District Court ruled that the Dutch Authority for Consumers and Markets (ACM) was therefore right to impose an order subject to a penalty for non-compliance. The court ruled that ACM was right in finding that dating app providers had to use Apple's own payment system, were not allowed to refer to payment options outside the App Store, and had to pay a 30% commission (15% for small providers) to Apple.
Read more of this story at Slashdot.
- Windows Hello Face Unlock No Longer Works in the Dark and Microsoft Says It's Not a Bug
Microsoft has disabled Windows Hello's ability to authenticate users in low-light environments through a recent security update that now requires both infrared sensors and color cameras to verify faces. The change forces the system to see a visible face through the webcam before completing authentication with IR sensors. Windows Hello earlier relied solely on infrared sensors to create 3D facial scans, allowing the feature to work in complete darkness similar to iPhone's Face ID. Microsoft pushed the dual-camera requirement to address a spoofing vulnerability in the biometric system.
Read more of this story at Slashdot.
- Japan Builds Near $700 Million Fund To Lure Foreign Academic Talent
An anonymous reader shares a report: Japan is the latest nation hoping to tempt disgruntled US researchers alarmed by the Trump administration's hostile attitude to academia to relocate to the Land of the Rising Sun. The Japanese government aims to create an elite research environment, and has detailed a $693 million package to attract researchers from abroad, including those from America who may have seen their budgets slashed or who fear a clampdown on their academic freedom.
Read more of this story at Slashdot.
- Researchers Create World's First Completely Verifiable Random Number Generator
Researchers have built a breakthrough random number generator that solves a critical problem: for the first time, every step of creating random numbers can be independently verified and audited, with quantum physics guaranteeing the numbers were truly unpredictable. Random numbers are essential for everything from online banking encryption to fair lottery drawings, but current systems have serious limitations. Computer-based generators follow predictable algorithms -- if someone discovers the starting conditions, they can predict all future outputs. Hardware generators that measure physical processes like electronic noise can't prove their randomness wasn't somehow predetermined or tampered with. The new system, developed by teams at the University of Colorado Boulder and the National Institute of Standards and Technology, uses quantum entanglement -- Einstein's "spooky action at a distance" -- to guarantee unpredictability. The setup creates pairs of photons that share quantum properties, then sends them to measurement stations 110 meters apart. When researchers measure each photon's properties, quantum mechanics ensures the results are fundamentally random and cannot be influenced by any classical communication between the stations. The team created a system called "Twine" that distributes the random number generation process across multiple independent parties, with each step recorded in tamper-proof digital ledgers called hash chains. This means no single organization controls the entire process, and anyone can verify that proper procedures were followed. During a 40-day demonstration, the system successfully generated random numbers in 7,434 of 7,454 attempts -- a 99.7% success rate. Each successful run produced 512 random bits with mathematical certainty of randomness bounded by an error rate of 2^-64, an extraordinarily high level of confidence.
Read more of this story at Slashdot.
- Trump Organization Announces Mobile Plan, $499 Smartphone
The Trump Organization on Monday unveiled a mobile phone plan and a $499 smartphone that is set to launch in September. CNBC: The new service, Trump Mobile, will offer a $47.45-per-month plan that includes "unlimited" talk, text and data, as well as roadside assistance and a "Telehealth and Pharmacy Benefit," according to its website. The company, owned by President Donald Trump, also announced it will sell a "T1" smartphone, which appears to feature a gold-colored metal case etched with an American flag. Further reading: I Tried Pre-Ordering the Trump Phone. The Page Failed and It Charged My Credit Card the Wrong Amount.
Read more of this story at Slashdot.
- Novo Nordisk Loses Canadian Patent Protection For Blockbuster Diabetes Drug Over Unpaid $450 Fee
Pharmaceutical giant Novo Nordisk forfeited patent protection for semaglutide -- the active ingredient in blockbuster diabetes and weight loss drugs Ozempic and Wegovy -- in Canada after failing to pay a $450 maintenance fee in 2019. The company had paid maintenance fees through 2018 but requested a refund for the 2017 fee, apparently seeking more time to decide whether to continue protecting the patent. When the 2019 fee came due at $450 with late penalties, Novo never paid despite having a one-year grace period. Canadian patent authorities confirmed the patent "cannot be revived" once lapsed. The oversight is particularly costly given Canada represents the world's second-largest semaglutide market, worth billions annually. Generic drugmaker Sandoz plans to launch a competing version in early 2026, while Novo's U.S. patent protection extends until at least 2032.
Read more of this story at Slashdot.
- WhatsApp Introduces Ads in Its App
An anonymous reader shares a report: When Facebook bought WhatsApp for $19 billion in 2014, the messaging app had a clear focus. No ads, no games and no gimmicks. For years, that is what WhatsApp's two billion users -- many of them in Brazil, India and other countries around the world -- got. They chatted with friends and family unencumbered by advertising and other features found on social media. Now that is set to change. On Monday, WhatsApp said it would start showing ads inside its app for the first time. The promotions will appear only in an area of the app called Updates, which is used by around 1.5 billion people a day. WhatsApp will collect some data on users to target the ads, such as location and the device's default language, but it will not touch the contents of messages or whom users speak with. The company added that it had no plans to place ads in chats and personal messages. [...] In-app ads are a significant change from WhatsApp's original philosophy. Jan Koum and Brian Acton, who founded WhatsApp in 2009, were committed to building a simple and quick way for friends and family to communicate with end-to-end encryption, a method of keeping texts, photos, videos and phone calls inaccessible by third parties. Both left the company seven years ago. Since then, Mark Zuckerberg, the chief executive of Facebook, now Meta, has focused on WhatsApp's growth and user privacy while also melding the app into the company's other products, including Instagram and Messenger.
Read more of this story at Slashdot.
- Walmart's Drone Deliveries Expand, Now in Five Different US States
"Walmart is bringing drone deliveries to three more states," reports CNBC:On Thursday, the big-box retailer said it plans to launch the speedier delivery option at 100 stores in Atlanta, Charlotte, Houston, Orlando and Tampa within the coming year. With the expansion, Walmart's drone deliveries will be available in a total of five states: [parts of northwest] Arkansas, Florida, Georgia, North Carolina and [the Dallas-Fort Worth area of] Texas... The drone operator will have an up to a six-mile range from stores. Walmart tells CNBC the most frequently delivered items include ice cream, fresh fruit, and pet food, as well as "urgent items, such as hamburger buns for a cookout, eggs to make brownies or Tylenol or cold medicine needed when sick." It's all part of Walmart's effort to compete with Amazon:With more than 4,600 Walmart stores across the U.S., the retailer has used its large footprint to get online orders to customers faster. It has an Express Delivery service that drops purchases at customers' doors in as fast as 30 minutes, along with InHome, a subscription-based service, that puts items directly into people's fridges. The company began same-day prescription deliveries last fall and has expanded the service across the country.... Walmart stores have an assortment of over 150,000 items in a location. Over 50% of those can be delivered by drone, said Greg Cathey [Walmart's senior VP for U.S. transformation and innovation]... Walmart's drone delivery count so far is modest. The company did not share the specific count, but said it has racked up a total of more than 150,000 drone deliveries since 2021.
Read more of this story at Slashdot.
- LibreOffice Explains 'Real Costs' of Upgrading to Microsoft's Windows 11, Urges Taking Control with Linux
KDE isn't the only organization reaching out to " as Microsoft prepares to end support for Windows 10. "Now, The Document Foundation, maker of LibreOffice, has also joined in to support the Endof10 initiative," reports the tech blog Neowin:The foundation writes: "You don't have to follow Microsoft's upgrade path. There is a better option that puts control back in the hands of users, institutions, and public bodies: Linux and LibreOffice. Together, these two programmes offer a powerful, privacy-friendly and future-proof alternative to the Windows + Microsoft 365 ecosystem." It further adds the "real costs" of upgrading to Windows 11 as it writes: "The move to Windows 11 isn't just about security updates. It increases dependence on Microsoft through aggressive cloud integration, forcing users to adopt Microsoft accounts and services. It also leads to higher costs due to subscription and licensing models, and reduces control over how your computer works and how your data is managed. Furthermore, new hardware requirements will render millions of perfectly good PCs obsolete.... The end of Windows 10 does not mark the end of choice, but the beginning of a new era. If you are tired of mandatory updates, invasive changes, and being bound by the commercial choices of a single supplier, it is time for a change. Linux and LibreOffice are ready — 2025 is the right year to choose digital freedom!" The first words on LibreOffice's announcement? "The countdown has begun...."
Read more of this story at Slashdot.
- Fake Bands and Artificial Songs are Taking Over YouTube and Spotify
Spain's newspaper El Pais found an entire fake album on YouTube titled Rumba Congo (1973). And they cite a study from France's International Confederation of Societies of Authors and Composers that estimated revenue from AI-generated music will rise to $4 billion in 2028, generating 20% of all streaming platforms' revenue:One of the major problems with this trend is the lack of transparency. María Teresa Llano, an associate professor at the University of Sussex who studies the intersection of creativity, art and AI, emphasizes this aspect: "There's no way for people to know if something is AI or not...." On Spotify Community — a forum for the service's users — a petition is circulating that calls for clear labeling of AI-generated music, as well as an option for users to block these types of songs from appearing on their feeds. In some of these forums, the rejection of AI-generated music is palpable. Llano mentions the feelings of deception or betrayal that listeners may experience, but asserts that this is a personal matter. There will be those who feel this way, as well as those who admire what the technology is capable of... One of the keys to tackling the problem is to include a warning on AI-generated songs. YouTube states that content creators must "disclose to viewers when realistic content [...] is made with altered or synthetic media, including generative AI." Users will see this if they glance at the description. But this is only when using the app, because on a computer, they will have to scroll down to the very end of the description to get the warning.... The professor from the University of Sussex explains one of the intangibles that justifies the labeling of content: "In the arts, we can establish a connection with the artist; we can learn about their life and what influenced them to better understand their career. With artificial intelligence, that connection no longer exists." YouTube says they may label AI-generated content if they become aware of it, and may also remove it altogether, according to the article. But Spotify "hasn't shared any policy for labeling AI-powered content..." In an interview with Gustav Söderström, Spotify's co-president and chief product & technology officer, he emphasized that AI "increases people's creativity" because more people can be creative, thanks to the fact that "you don't need to have fine motor skills on the piano." He also made a distinction between music generated entirely with AI and music in which the technology is only partially used. But the only limit he mentioned for moderating artificial music was copyright infringement... something that has been a red line for any streaming service for many years now. And such a violation is very difficult to legally prove when artificial intelligence is involved.
Read more of this story at Slashdot.
- UK students flock to AI to help them cheat
No need to plagiarize if you can have AI do it for you
A series of Freedom of Information requests shows that students in British universities are increasingly getting busted for using AI to cheat.…
- Penn State boffins create silicon-free two-dimensional computer
Clock speed of 25 kHz means 2D CMOS system won't run Doom quite yet
Gaze into the temporal distance and you might spot the end of the age of silicon looming somewhere out there, as a research team at Penn State University claims to have built the first working CMOS computer entirely from two-dimensional materials.…
- Japan builds near $700M fund to lure foreign academic talent
For researchers yearning to earn some yen and escape Trump 2.0
Japan is the latest nation hoping to tempt disgruntled US researchers alarmed by the Trump administration's hostile attitude to academia to relocate to the Land of the Rising Sun.…
- ISS leaks push Axiom Mission 4 launch to no earlier than June 19
Evaluation of latest repairs to Russian segment ongoing
NASA has pushed back the launch of Axiom Mission 4 to the International Space Station (ISS), citing concerns over persistent leaks aboard the aging orbital outpost. A new No Earlier Than (NET) date is set for June 19.…
- BT chief says AI could deliver more job cuts, hints at Openreach sell-off
As others roll back use of tech due to quality, customers preferring to talk to humans
Not content with a corporate blueprint to cut up to 55,000 employees by 2030, UK telecoms giant BT now says even more staff could be replaced with AI, despite the experience of some orgs that have already tried this.…
- Spy school dropout: GCHQ intern jailed for swiping classified data
Student 'believed he could finish' software dev 'project alone and therefore that the rules did not apply to him'
A former GCHQ intern was jailed for seven-and-a-half years for stealing top-secret files during a year-long placement at the British intelligence agency.…
- Northern Ireland government confirms it did not ask Fujitsu to continue bidding for project
Scandal-hit IT giant said it wouldn't take on new UK.gov contracts or continue bidding on existing ones unless asked
Exclusive The Northern Ireland government did not ask Fujitsu to continue bidding for a £125 million ($167 million) contract, yet the Japanese tech giant to continued to do so, despite promising to quit competing for UK government work during the fallout from the Horizon scandal.…
- Techie exposed giant tax grab, maybe made government change the rules
Custom text fields can be a powerful form of protest
Who, Me? The only certainties in life are death, taxes … and tech causing trouble, a topic that The Register covers each week in this reader-contributed column we call “Who, Me?” that celebrates the moments you made trouble at work and somehow escaped.…
- Dems demand audit of CVE program as Federal funding remains uncertain
PLUS: Discord invite links may not be safe; Miscreants find new way to hide malicious JavaScript; and more!
Infosec In Brief A pair of Congressional Democrats have demanded a review of the Common Vulnerabilities and Exposures (CVE) program amid uncertainties about continued US government funding for the scheme.…
- Windows 95 testing almost stalled due to cash register overflow
Microsoft veteran on breaking down numbers at the computer store
Windows 95 will soon turn 30. Microsoft veteran Raymond Chen recalled that when testing Microsoft's reimagining of Windows, an overflow was discovered that had nothing to do with the operating system itself.…
- Cyber weapons in the Israel-Iran conflict may hit the US
With Tehran’s military weakened, digital retaliation likely, experts tell The Reg
The current Israel–Iran military conflict is taking place in the era of hybrid war, where cyberattacks amplify and assist missiles and troops, and is being waged between two countries with very capable destructive cyber weapons.…
- Larry Ellison is still not the world's richest person
Oracle’s 80-year-old co-founder pulls off a $25 billion cloud day to leapfrog Zuck and Bezos into the No. 2 spot
Oracle co-founder and CTO Larry Ellison has reclaimed the No. 2 spot on Forbes's real-time billionaire list, trailing only Elon Musk after leapfrogging Mark Zuckerberg and Jeff Bezos.…
- PCIe 7.0 specs finalized at 512 GBps bandwidth, PCIe 8.0 in the pipeline
Work on next gen already underway, while bandwidth needs for datacenters just keep rising
The PCI Special Interest Group (PIC-SIG) just released official specs for PCIe 7.0, doubling the bandwidth again for high-performance kit such as network cards, while hinting that PCIe 8.0 may not achieve the same.…
- Apple fixes zero-click exploit underpinning Paragon spyware attacks
Zero-day potentially tied to around 100 suspected infections in 2025 and a spyware scandal on the continent
Apple has updated its iOS/iPadOS 18.3.1 documentation, confirming it introduced fixes for the zero-click vulnerability used to infect journalists with Paragon's Graphite spyware.…
- The trendline doesn’t look good for hard disk drives
Sales of HDDs to non-hyperscale outfits increasingly rare, say analysts
Feature In early May, independent digital storage analyst Thomas Coughlin shared news of falling sales and revenue in the first quarter of 2025, continuing a trend that started in around 2010. Coughlin cites data from that year showing around 600 million annual hard disk shipments.…
- Wanted: Junior cybersecurity staff with 10 years' experience and a PhD
Infosec employers demanding too much from early-career recruits, says ISC2
Cybersecurity hiring managers need a reality check when it comes to hiring junior staff, with job adverts littered with unfair expectations that are hampering recruitment efforts, says industry training and cert issuer ISC2.…
- Friday the 13th strikes for Barclays' corporate customers
Superstitions stoked by blackout of iPortal centralized platform when no maintenance was scheduled
Barclays Bank is wrestling with some digital gremlins affecting its corporate banking services this Friday the 13th of June – the final day of the working week for many of us, but perhaps not the poor techies beavering away to restore normal play.…
- Danish department determined to dump Microsoft
Jutes revolt against Redmond: Minister for Digital Affairs aims the longboats away from Vinland
Comment The boss of Denmark's Ministry for Digitalization says her department will move away from Microsoft – starting with LibreOffice.…
- UK unis to cough up to £10M on Java to keep Oracle off their backs
Deal includes 'waiver of historic fees'
UK universities and colleges have signed a framework worth up to £9.86 million ($13.33 million) with Oracle to use its controversial Java SE Universal Subscription model, in exchange for a "waiver of historic fees due for any institutions who have used Oracle Java since 2023."…
- User demanded a ‘wireless’ computer and was outraged when its battery died
Abusive manager had to be told there's no such thing as an atomic laptop
On Call By Friday morning, Reg readers’ batteries can sometimes be a little low, which is why we always use the day to offer a jolt of amusement in the form of On Call – the reader contributed column in which we celebrate the lows and lows of tech support.…
- I'm just a Barbie Girl in a ChatGPT world
Mattel-OpenAI deal paves the way for an AI beach-off
Toy giant Mattel has signed a deal with OpenAI to bring the tech industry's buzziest technology to the very youngest generation.…
- Ransomware scum disrupted utility services with SimpleHelp attacks
Good news: The vendor patched the flaw in January. Bad news: Not everyone got the memo
Ransomware criminals infected a utility billing software providers' customers, and in some cases disrupted services, after exploiting unpatched versions of SimpleHelp’s remote monitoring and management (RMM) tool, according to a Thursday CISA alert.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Twin: a text-mode window environment
Wayland this, Liquid Glass that � but what if you just want a nice, comforting text-based environment? Sure, you can just boot straight into a terminal, or perhaps get fancy about it with Screen or whatever, but what if you want a text-based environment, but don�t want to give up windows, menus, your mouse? How about a graphical user interface made up entirely of text? It looks exactly like what you�d think this would look like, and I find it absolutely fascinating. I�m not entirely sure how usable it is or who or what use case it�s optimised for, but I adore the dedication to the cause. It works on both Linux and FreeBSD, and most likely other systems as well.
- Making GNOME’s GdkPixbuf image loading safer
A new image loading machinery, called glycin, has been in the works for a while. It is already used by GNOME’s default Image Viewer (Loupe), as well as by a bunch of other apps. Glycin provides many security benefits over existing solutions due to the use of the Rust programming language and sandboxing. Distributions will now be able to use the security benefits and broader format support of glycin for other GNOME apps, thumbnailers, and GNOME Shell, whithout changing any existing software. This is made possible by a new option for GNOME’s legacy image-loading library, GdkPixbuf, to use glycin internally. ↫ Sophie Herold Clearly, this is an improvement over the previous image loading library, but there�s a bit of a catch that is in line with GNOME�s increased reliance on systemd features: glycin only works on Linux due to its sandbox mechanisms and how it communicates with its loaders. However, there�s no need to fret this time, and that�s why I�m posting this item � you just know this tiny little tidbit will find their way into internet discussion forums and social media as another example of GNOME not caring about non-Linux users. While some of the sandboxing and communication features in glycin can be made to work on the BSDs and perhaps macOS, it won�t be perfect. As such, great care has been taken to ensure non-Linux platforms can continue to use GdkPixbuf just fine, since support for other platforms is part of the goals of this change before traditional loaders are removed. As a general solution for other platforms, I am planning a mechanism to compile the loaders into the library. This will not provide sandboxing and format extendability without recompilation. But since most loaders are written in Rust, this is still a huge step-up security wise. Contributions for support on other platforms are welcome. For GdkPixbuf users, this will not pose an immediate issue since traditional gdk-pixbuf loaders are not going away until all platforms it supported, are supported by glycin. ↫ Sophie Herold There are a few other issues, as any change like this tends to cause, like the list of supported images formats. Glycin supports AVIF, BMP, DDS, Farbfeld, QOI, GIF, HEIC, ICO, JPEG, JPEG XL, OpenEXR, PNG, PNM, SVG, TGA, TIFF, and WEBP out of the box, but some of the subformats within each of these might potentially not work entirely correctly due to incorrect implementations by, say, camera manufacturers. A special case here is the TIFF format, which apparently still has a number of issues and might end up relying on a fallback. Glycin brings a ton of benefits, such as improved colour support for things like HDR and wider colour gamut displays, better metadata support, basic image editing functions out of the box, increased performance, as well as the benefits inherent in using a memory-safe language like Rust.
- Reddit user surprised when 1960s computer panel emerged from collapsed family garage
Recently, a Reddit user discovered a rare RCA Spectra 70/35 computer control panel from 1966 in their family�s old collapsed garage, posting photos of the pre-moon landing mainframe component to the retrobattlestations! subreddit that celebrates vintage computers. After cleaning the panel and fixing most keyswitches, the original poster noted that actually running it would require 1,500lbs of mainframe!—the rest of the computer system that�s missing. ↫ Benj Edwards at Ars Technica Apparently, no photos of this panel existed online, and it may be one of the few � if only � �surviving� example of such a panel. Of course, it�s effectively useless without all of the other chunks that make up the entire Spectra mainframe, but it�s still an interesting find. The person who found it intends to turn it into what is essentially a piece of home decor, but maybe we�ll get lucky and someone else out there who has been collecting parts and pieces to assemble a working RCA Spectra 70/35 can do something more productive with it.
- LibreOffice 25.8 removes support for Windows 7, 8, and 8.1
Are you still using Windows 7, 8, 8.1, or a 32 bit version of Windows, relying on LibreOffice for your sexy office tasks of writing TPS reports and calculating and tabulating juicy, plump numbers? Bad news: the next version of LibreOffice will remove support for these platforms. Buried deep in the release notes of the second beta for LibreOffice 25.8, it reads: Support for Windows 7 and 8/8.1 was removed. Support for x86 (32-bit) Windows builds is deprecated. ↫ LibreOffice 25.8 beta 2 release notes I honestly doubt many people actually still rely on LibreOffice on these platforms, and even if for some unfathomable reason you do, you are probably also okay with sticking with an older version of LibreOffice to keep your weird setup going a few years longer. You do you.
- An excuse to mention Void Linux: XBPS 0.60 released
Since Void Linux uses a rolling release model, there�s not much to report on in the form of new releases and major new features, so I�m taking the release of version 0.60 of XBPS, Void Linux� package manager, to cheat my way into talking about this excellent Linux distribution. I always think of Void as the BSD of Linux distributions!, which should give you some vague hint as to what it�s going for. XBPS 0.60 doesn�t come packed with major new features either, and mostly fixes a ton of bugs, addresses few memory leaks, and changes the way held dependencies and directory removal/creation works when reinstalling a packages, just to name a few. There�s also some performance improvements, as there were apparently some problems in that department due to the increasing number of virtual packages in the Void repository. If you�re looking for a more traditional, hands-on Linux distribution, Void is an excellent choice. It�s my back-up for if (let�s face it: when) Fedora messes something up.
- MacOS Tahoe brings a new disk image format
Disk images have been valuable tools marred by poor performance. In the wrong circumstances, an encrypted sparse image (UDSP) stored on the blazingly fast internal SSD of an Apple silicon Mac may write files no faster than 100 MB/s, typical for a cheap hard drive. One of the important new features introduced in macOS 26 Tahoe is a new disk image format that can achieve near-native speeds: ASIF, documented here. This has been detailed as a major improvement in lightweight virtualisation, where it promises to overcome the most significant performance limitation of VMs running on Apple silicon Macs. However, ASIF disk images are available for general use, and even work in macOS Sequoia. This article shows what they can do. ↫ Howard Oakley Exactly what it says on the tin.
- Rumour: Google intends to discontinue the Android Open Source Project
With the release of Android 16, Google changed how it developed Android. Development is now taking place behind closed doors, with the code dropped after the corresponding version has been released to Pixel devices. Well, it turns out this wasn�t the only thing Google has changed about Android development. As the developers of CalyxOS, a popular de-Googled Android ROM, dove into the Android 16 AOSP source code, they realised something very important was missing: the device-specific source code for modern Pixel devices. Android 16 was released to AOSP yesterday but with a one big difference than typical releases: Google did not publish any device-specific source code for supported, modern Pixel devices. In previous years, Google released full device trees alongside new Android versions. This allowed developers to build and boot AOSP on Pixel hardware relatively easily. With Android 16, only the platform/framework code has been released. The device trees are missing, at least for now. This means AOSP 16 cannot currently be built or run on any recent Pixel device easily just using official source. It’s unclear whether this is a delay or a policy change. Either way, it seriously disrupts custom ROM development and our porting efforts. ↫ CalyxOS on Reddit If this is truly a policy change, it�s a big one that affects custom ROM developers considerably. Pixel devices were special! among custom ROM developers because support for them was part of AOSP releases, so they were well-supported by projects like CalyxOS, GrapheneOS, and LineageOS, including all the hardware components, and with quick updates. Without access to the Pixel-specific source code for the Pixel 6 to Pixel 9a, these devices will now have to be treated like any other Android phone as far as ROM developers go, meaning it�ll take a lot more work and time to get them to work properly with new major Android releases. Google did not announce this potential policy change, and this has some in the custom Android ROM community on edge. I�ve been talking to people in the custom ROM community, and the story goes that a few months ago, at least one of these communities was approached by a journalist who wanted to talk to them. This journalist claimed that Google intends to discontinue the Android Open Source Project, with the first step Google would take being no longer releasing the device-specific Pixel source code (something nobody knew would happen until yesterday). The fact that this first step has now become a reality lends some credence to the journalist�s claim that Google is discontinuing AOSP. However, since such tips are not uncommon, and since there was no way to verify, the custom ROM developers in question didn�t really know what to do with it. During the writing of this article over the past 12 hours, Google itself has also responded to what is apparently a growing, now public concern in the wider Android community. Seang Chau, Google VP and GM of Android Platform, published a Tweet, disclaiming Google has any intentions to close up shop for AOSP. We�re seeing some speculation that AOSP is being discontinued. To be clear, AOSP is NOT going away. AOSP was built on the foundation of being an open platform for device implementations, SoC vendors, and instruction set architectures. AOSP needs a reference target that is flexible, configurable, and affordable – independent of any particular hardware, including those from Google. For years, developers have been building Cuttlefish (available on GitHub as the reference device for AOSP) and GSI targets from source. We continue to make those available for testing and development purposes. ↫ Seang Chau This seems like a solid denial from Google, but it leaves a lot of room for Google to make a wide variety of changes to Android�s development and open source status without actually killing off AOSP entirely. Since Android is licensed under the Apache 2.0 license, Google is free to make Pixel Android! � its own Android variant � closed source, leaving AOSP up until that point available under the Apache 2.0 license. This is reminiscent of what Oracle did with Solaris. Of course, any modifications to the Linux kernel upon which Android is built will remain open source, since the Linux kernel is licensed under the GPLv2. If Google were indeed intending to do this, what could happen is that Google takes Android closed source from here on out, spinning off whatever remains of AOSP up until that point into a separate company or project, as potentially ordered during the antitrust case against Google in the United States. This would leave Google free to continue developing its own Pixel Android! entirely as proprietary software � save for the Linux kernel � while leaving AOSP in the state it�s in right now outside of Google. This technically means AOSP is not going away!, as Chau claims. Of course, other parties would then be free to continue working on and contributing to AOSP, but AOSP itself would no longer benefit from the work done by Google. Again, this feels very similar to how illumos and OpenIndiana are built atop the last open source release of Solaris from 2010, without any of the additional work Oracle has done on Solaris since then. As you can tell, there�s a lot of speculation here, because even if all of this is true, it seems the ongoing court case and any rulings that come of it will play a major role in Google�s decision-making process. The Android Open Source Project has been gutted over the years, with Google leaving more and more parts of it to languish, while moving a lot of code and functionality into proprietary components like Google Mobile Services and Google Play Services. Taking Pixel Android! closed source almost feels like the natural next step in the process of gutting AOSP that�s been ongoing for well over a decade. As it stands today, a default AOSP installation requires a lot of additional components and applications before it can be considered a complete mobile
- GNOME adds dependencies on systemd, lots of work to do for systemd-less environments
GNOME has announced it�ll be increasing its dependency on systemd, the popular init system used by most (popular) Linux distributions. While GNOME already had a few relatively inconsequential dependencies on systemd, it was effectively not a huge problem to run GNOME on operating systems that don�t have systemd, which most notably includes the various flavours of BSD. That�s going to change. There�s going to be two changes, one of which is relatively minor, and one of which will pose much bigger problems. The minor change involves GDM becoming dependent on systemd’s userdb infrastructure in order to clean up a lot of GDM�s code involved in multi-seat setups and remote login. Currently, this works through a series of hacks that the GDM developers are going to clean up, switching to using systemd-userdb to dynamically allocate user accounts, and then runs each login screen as a unique user!. To aid non-systemd environments during this transition, GDM will get a temporary alternate code path that enables you to run GDM without systemd-userdb. So if you compile GDM against elogind, GDM will use an alternative trick to enable multiple graphical sessions under the same user. This trick will remain in place at least until GNOME 50, but its future after that is uncertain. The second change is much more involved. Next, the bigger change. Since GNOME 3.34, gnome-session uses the systemd user instance to start and manage the various GNOME session services. When systemd is unavailable, gnome-session falls back to a builtin service manager. This builtin service manager uses .desktop files to start up the various GNOME session services, and then monitors them for failure. This code was initially implemented for GNOME 2.24, and is starting to show its age. It has received very minimal attention in the 17 years since it was first written. Really, there’s no reason to keep maintaining a bespoke and somewhat primitive service manager when we have systemd at our disposal. The only reason this code hasn’t completely bit rotted is the fact that GDM’s aforementioned hacks break systemd and so we rely on the builtin service manager to launch the login screen. Well, that has now changed. The hacks in GDM are gone, and the login screen’s session is managed by systemd. This means that the builtin service manager will now be completely unused and untested. Moreover: we’d like to implement a session save/restore feature, but the builtin service manager interferes with that. For this reason, the code is being removed. ↫ Adrian Vovk Mitigating this change will be a lot more involved for operating systems that don�t use systemd, and the blog post goes into detail into what, exactly, needs to be done in systemd-less environments. There�s quite a few systemd components and other little tidbits that you will need to find or create alternatives for, and considering you�ll need to have all of it in place roughly by GNOME 50, roughly a year from now, I can imagine this causing quite a few headaches for platforms like the BSDs and Linux distributions using init systems other than systemd. With these changes, GNOME further solidifies itself as a Linux desktop only � and lest anyone forget, that�s entirely within their right to do. Systemd haters can jump up and down all they want, but in the end, they have no right to demand that GNOME developers spend precious time and resources testing GNOME on and developing it for platforms that they themselves do not use. They�re clearly targeting the trifecta of Linux, system, and Wayland, and that�s their choice to make, not anyone else�s. Still, if operating systems like OpenBSD and FreeBSD, or Linux distributions without systemd intend to continue offering a fully functional GNOME desktop, they�re going to have some work to do.
- Munal OS: experimental operating system fully written in Rust as an EFI binary
And I�ve got another custom hobby operating system for you today: Munal OS. An experimental operating system fully written in Rust, with a unikernel design, cooperative scheduling and a security model based on WASM sandboxing. ↫ Munal OS GitHub page Munal OS has no bootloader, but is instead compiled into a single EFI binary that contains all it needs to function, including a few applications. Since Munal OS relies on a PCI driver that communicates with QEMU via the VirtIO 1.1 specification for things like input and graphics, it can�t yet run on real hardware. It has its own UI toolkit, and comes with applications like a basic web browser, a text editor, and a Python terminal.
- XenevaOS: a custom operating system with networking and graphical desktop environment
Xeneva is an operating system for both x86_64 and ARM64 architectures, built from the ground up. The Kernel is known as �Aurora� with hybrid kernel design and the entire operating system is known as �Xeneva�. ↫ XenevaOS GitHub page It�s remarkably complete, with driver loading and linking, up to SSE 3 support, USB3 and Intel HD audio support, networking, and a whole lot more of the basics that make up a modern complete operating system. On top of all this, it also has a compositing window manager, a desktop environment, a terminal with VT100 support, Freetype2 font rendering, and much more. It also comes with a few basic applications like a file manager, calculator, audio player, and so on. It�s written in C (and some C++), and uniquely, can only be built in a Windows environment, something you don�t see very often. It definitely looks quite impressive.
- Android 16 released
Today, we’re bringing you Android 16, rolling out first to supported Pixel devices with more phone brands to come later this year. This is the earliest Android has launched a major release in the last few years, which ensures you get the latest updates as soon as possible on your devices. Android 16 lays the foundation for our new Material 3 Expressive design, with features that make Android more accessible and easy to use. ↫ Seang Chau at the Google blog Android 16 doesn�t seem like a very big release, and that�s because for most users, it really isn�t. There�s some neat features in here, like improved notification grouping, live notifications, a slew of protection features for people who run increased risk (think journalists or victims of abuse), and proper desktop-style windowing on tablets, which seems like the tentpole feature for now. The Material 3 Expressive design is not really here yet, though as that will come in subsequent Android 16 updates. The release for devices coincides with the release of the source code, which is no longer released as part of the development process, but dumped across the fence at release time. This means that those of us using a de-Googled Android ROM � I use GrapheneOS � will have to wait a bit longer than we�re used to before getting the new version.
- Apple releases Containerization, a Swift package for running Linux containers on macOS
As part of its WWDC announcements, Apple has unveiled Containerization, which uses macOS� virtualisation framework to run Linux containers on Apple Silicon Macs. Containerization executes each Linux container inside of its own lightweight virtual machine. Clients can create dedicated IP addresses for every container to remove the need for individual port forwarding. Containers achieve sub-second start times using an optimized Linux kernel configuration and a minimal root filesystem with a lightweight init system. vminitd is a small init system, which is a subproject within Containerization. vminitd is spawned as the initial process inside of the virtual machine and provides a GRPC API over vsock. The API allows the runtime environment to be configured and containerized processes to be launched. vminitd provides I/O, signals, and events to the calling process when a process is ran. ↫ Containerization GitHub page Alongside this new tool, Apple also released container, which creates and runs OCI-compliant container images. Yes, both of these names are horribly generic and are definitely going to lead to confusion in online discussions and writing, but the tools themselves seem quite nice. People stuck on macOS who need to do Linux work can now easily get their work done on macOS � if you�re okay with using Electron for developers, of course, which is what containers really are. Clearly, nobody can ignore Linux, not even Apple or Microsoft.
- MacOS 26 is the final Intel version, sucks to be a 2023 Intel Mac Pro owner
macOS Tahoe is the final software update that Intel-based Macs will get, as Apple works to phase them out following its transition to Apple silicon. During its Platforms State of the Union event, Apple said that Intel Macs won�t get macOS 27, coming next year, though there could still be updates that add security fixes. ↫ Juli Clover at MacRumors Not particularly surprising, but definitely not great for someone who bought one of those ungodly expensive Intel Mac Pro only a few years ago � it wasn�t taken off the shelves until 2023. That�s a hard pill to swallow, and definitely something I do not think should be legal.
- Windowing, menu bar, and background processes come to iPadOS
For years now � it feels more like decades, honestly � Apple has been trying a variety of approaches to make the iPad more friendly to power users, most notably by introducing, and subsequently abandoning, various multitasking models. After its most recent attempts � Stage Manager � fell on deaf ears, the company has thrown its hands up in the air and just implemented what we all wanted on the iPad anyway: a normal windowing environment. Apple today revealed an overhaul of iPad multitasking, introducing a completely new windowing system, a macOS-style Menu Bar, a pointer, and more. The centerpiece of the multitasking improvements is a new macOS-style windowing system. Apps still launch in full-screen by default, preserving the familiar iPad experience, but users can now resize apps into windows using a new grab handle. If an app was previously used in a windowed state, it will remember that layout and reopen the same way next time. ↫ Hartley Charlton at MacRumors The new window manager includes tiling features, Exposé, support for multiple displays, and swiping twice on the home button will minimise all open windows. It�s literally the macOS way of managing windows transplanted onto the iPad, with some small affordances for touch input. This is excellent news, and should make the multitasking features of the iPad, which, at this point, is as powerful as a MacBook, much more accessible and effortless than all those hidden gesture-based features from before. The amount of RAM in your iPad seems to determine how many active windows you can have open before the older ones get put to sleep, from four on the oldest iPad Pro models, to many more on the most recent models. Any windows above that limit will still be visible, but will just be a screenshot of their most recent state until you interact with them again. Any windows above a limit of twelve will be pushed to the recents screen instead. In addition, and almost just as important, iPadOS 26 also introduces proper background processes, allowing applications to actually keep running in the background instead of being put to sleep. Anyone who has ever done any serious work on an iPad that involves long processes like exporting a video will consider this a godsend. Now all we need is a proper terminal and Xcode and the iPad can be a real computer.
- FreeBSD 14.3 released
FreeBSD 14.3 has been released, an important point release for those of us using the FreeBSD 14.x branch. This release brings 802.11ac (Wi-Fi 5) support to many modern laptop wireless chips, OCI container images are now available in Docker and GitHub repositories, and a number of cornerstone packages have been updated to their latest versions.
- �Dystopian tales of that time when I sold out to Google�
If you ever wanted to know what it was like to be an engineer at Google during the early to late 2000s, here you go. Now even though Google is fundamentally a spyware advertising company (some 80% of its revenue is advertising; the proportion was even higher back then), we Engineers were kept carefully away from that reality, as much as meat eaters are kept away from videos of the meat industry: don�t think about it, just enjoy your steak. If you think about it it will stop being enjoyable, so we just churned along, pretending to work for an engineering company rather than for a giant machine with the sole goal of manipulating people into buying cruft. The ads and business teams were on different floors, and we never talked to them. ↫ Elilla Even back then, Google knew full well that what they were doing and working towards was deeply problematic and ethically dubious, at best, and reading about how young, impressionable Google engineers at the time figured that out by themselves is kind of heartbreaking. In those days, Google tried really hard to cultivate an image of being different than Apple or Microsoft, a place where employees were treated better and had more freedom, working for a company trying to make the web a better place. Of course, none of that was actually true, but for a short while back then, a lot of people fell for it � yes, including you, even if you now say you didn�t � and reading about the experiences from people on the inside at the time, it was never actually true.
- Discover Linux Mint 22: How Cinnamon Became the Sleek, Speedy Desktop Champion of 2025
by George Whittaker
Linux Mint has long held a cherished place in the hearts of Linux users seeking a balance between elegance, ease of use, and rock-solid stability. In 2025, that reputation is only strengthened with the release of Linux Mint 22, a version that brings not just incremental updates, but substantial improvements — particularly in the form of the latest Cinnamon 6.x desktop environment. Sleeker visuals, faster performance, and thoughtful refinements mark this release as one of the most polished in Mint’s history.
In this article, we’ll take a look into what makes Linux Mint 22 with Cinnamon a standout — from under-the-hood performance boosts to user-facing enhancements that elevate daily computing.
The Legacy of Linux Mint and Cinnamon
Linux Mint has consistently been among the most recommended distributions for both newcomers and seasoned Linux users. Its mission: to deliver a desktop experience that “just works” out of the box, with sensible defaults and a traditional desktop metaphor.
At the heart of this experience is Cinnamon, Mint’s flagship desktop environment born as a fork of GNOME Shell over a decade ago. Cinnamon has matured into an independent, cohesive environment that champions:
Simplicity.
Customizability.
Consistency.
Linux Mint 22’s release continues this tradition while embracing modern UI trends and leveraging powerful performance optimizations.
Cinnamon 6.x: A New Standard of Sleekness
Cinnamon 6.x introduces a suite of visual and functional improvements designed to make Mint 22 feel both contemporary and familiar:
Refined Visuals: The theming engine has received significant attention. The default theme sports cleaner lines, flatter icons, and subtle gradients that provide depth without visual clutter.
Polished Animations: Transitions between windows, workspaces, and menus are noticeably smoother, thanks to improved animation handling that feels natural without being distracting.
Modernized Panels and Applets: Applets now integrate better with the system theme, and their configuration interfaces have been streamlined. The panel is slimmer, with better spacing for multi-resolution icons.
These changes might seem small on paper, but together they give Cinnamon 6.x an air of maturity and refinement, reducing visual noise while enhancing usability.
Performance Improvements: Speed Where It Counts
Where Linux Mint 22 truly shines is in its performance optimizations:
Go to Full Article
- Fedora 41’s Immutable Future: The Rise of Fedora Atomic Desktops
by George Whittaker
The Fedora Project has long stood at the forefront of Linux innovation, often acting as a proving ground for transformative technologies later adopted by the wider Linux ecosystem. With the release of Fedora 41, the project takes another major leap into the future by fully embracing immutable desktops through its newly unified and rebranded initiative: Fedora Atomic.
This bold shift represents more than a technical update — it signals a philosophical evolution in how Linux desktops are built, managed, and secured. Fedora Atomic is not just a feature of Fedora 41; it's the flagship identity for a new kind of Linux desktop. In this article, we explore the origins, architecture, benefits, and implications of Fedora Atomic as it makes its debut in Fedora 41.
What Are Immutable Desktops? A Paradigm Shift in OS Architecture
An immutable desktop is a system whose core filesystem is read-only, meaning the foundational components of the operating system cannot be altered during regular use. This design flips traditional Linux system management on its head.
In mutable systems — like the standard Fedora Workstation or most desktop Linux distributions — the root filesystem is writable, allowing users or software to modify system libraries, configurations, and services at will. While this provides flexibility, it introduces risks of accidental misconfiguration, malware persistence, or system instability.
Immutable desktops tackle these issues with several key principles:
Read-Only Root Filesystem: Ensures the core system is consistent and protected.
Atomic Updates: System updates are applied as a whole, transactional unit. If something breaks, you can simply roll back to the previous working version.
Separation of Concerns: Applications are isolated in containers (e.g., Flatpaks), and development environments run in dedicated containers (e.g., Toolbox).
Reproducibility and Consistency: Identical environments across systems, ideal for testing and deployment pipelines.
Fedora Atomic is the embodiment of these principles — and Fedora 41 is the foundation upon which it stands.
From Silverblue to Atomic: The Evolution of Fedora's Immutable Desktop Vision
Fedora Atomic is not built from scratch. It is the evolution of Fedora Silverblue, Kinoite, and Sericea, which previously offered immutable desktop environments with GNOME, KDE Plasma, and Sway respectively. In Fedora 41, these projects are now rebranded and unified under the Fedora Atomic name, creating a streamlined identity and experience for users.
Go to Full Article
- Breaking Barriers: How Pop!_OS 24.04 Revolutionizes Hybrid Graphics for Linux Users
by George Whittaker
In the realm of Linux desktop distributions, few names stand out as prominently as Pop!_OS, the custom-built operating system from System76. Known for its user-centric design, seamless hardware integration, and a progressive attitude toward Linux usability, Pop!_OS has earned a special place in the hearts of developers, engineers, gamers, and power users alike.
With the release of Pop!_OS 24.04, System76 boldly pushes the limits of what Linux desktops can do—particularly in the domain of hybrid graphics. This version introduces a host of under-the-hood improvements and user-facing enhancements aimed at solving a long-standing pain point for Linux laptop users: managing systems that have both integrated and dedicated GPUs.
This article dives into what makes Pop!_OS 24.04 a game-changer, focusing especially on its sophisticated, yet user-friendly approach to hybrid graphics.
A Leap Forward: What’s New in Pop!_OS 24.04
Pop!_OS 24.04 is based on Ubuntu 24.04 LTS, meaning it inherits long-term support, stability, and updated software packages. But Pop!_OS never simply repackages Ubuntu; it transforms it. Here are some of the standout features introduced in this release:
COSMIC Desktop Enhancements: System76’s in-house desktop environment has matured, delivering better window management, smoother animations, and more customization options. COSMIC is designed from the ground up using Rust, and this release brings faster performance and reduced resource consumption.
Kernel and Driver Upgrades: Linux kernel 6.8+ ensures better hardware compatibility and performance, especially for newer CPUs and GPUs. The latest NVIDIA and Mesa drivers are pre-integrated and optimized.
Refined Installer and Recovery: The Pop!_OS installer now includes better detection for hybrid graphics setups and offers system recovery options right from the boot menu.
However, the crown jewel of 24.04 is undoubtedly its radical improvements in hybrid graphics support.
Understanding Hybrid Graphics and Why It Matters
Most modern laptops come with two GPUs:
Integrated GPU (iGPU) – Built into the CPU (e.g., Intel Iris Xe, AMD Radeon Graphics), offering energy-efficient graphics rendering.
Discrete GPU (dGPU) – A powerful standalone GPU (e.g., NVIDIA RTX, AMD Radeon), ideal for gaming, 3D modeling, and heavy computation.
This setup, known as hybrid graphics, allows users to conserve battery power when performance isn’t needed and tap into powerful hardware when it is.
Go to Full Article
- Ubuntu 25.04 “Plucky Puffin”: A Bold Leap Forward with GNOME 48 and HDR Brilliance
by George Whittaker
Ubuntu has long stood as a bastion of accessibility, polish, and power in the Linux ecosystem. With the arrival of Ubuntu 25.04, codenamed “Plucky Puffin”, Canonical has once again demonstrated its commitment to delivering a modern, forward-thinking operating system. This release isn’t just a routine update — it’s a confident stride into a future where Linux desktops are visually stunning, developer-friendly, and brimming with potential.
From the sleek new GNOME 48 desktop environment to the long-awaited HDR (High Dynamic Range) support, Ubuntu 25.04 introduces meaningful innovations for casual users, creative professionals, and hardcore enthusiasts alike. Let’s explore this release in depth.
The Spirit of “Plucky Puffin”
Ubuntu releases are known for their quirky animal-themed codenames, but “Plucky Puffin” feels particularly fitting. The word plucky denotes courage and determination — a nod to the OS’s bold push into new visual territories and its refined user experience. The puffin, a resilient seabird, suggests adaptability and elegance — both apt descriptors for Ubuntu’s trajectory in 2025.
Canonical has positioned Ubuntu 25.04 as a springboard for technological maturity ahead of the next long-term support (LTS) release. While it’s a standard, short-term release with 9 months of support, it packs significant under-the-hood improvements and user-facing features that elevate it beyond expectations.
GNOME 48: The Best Desktop Yet
One of the crown jewels of Ubuntu 25.04 is GNOME 48, the latest iteration of the popular desktop environment. GNOME 48 continues to refine the modern, minimalist ethos that has become its signature — but this time, with more responsiveness, better gesture support, and improved multitasking.
Visual Enhancements and Layout Tweaks
The Activities Overview is smoother and now integrates multitouch gestures on laptops and touchscreens. Swipe-based workspace switching feels intuitive and immediate.
New settings panels have been reorganized for clarity, especially in areas like display, accessibility, and power management.
The Files (Nautilus) app has received subtle UI updates and performance boosts, with quicker load times and enhanced file indexing.
Performance and Accessibility
GNOME 48 is noticeably lighter on RAM, thanks to backend improvements in Mutter (the window manager) and GTK 4 refinements.
Accessibility tools like screen readers and magnifiers now offer smoother integration for users with visual or physical impairments.
Go to Full Article
- Transform Your Workflow With These 10 Essential Yet Overlooked Linux Tools You Need to Try
by George Whittaker
Linux is a treasure trove of powerful tools, many of which remain undiscovered by casual users. While staples like grep, awk, sed, and top dominate tutorials and guides, there's a second layer of utilities—lesser-known yet immensely powerful—that can dramatically improve your daily efficiency and control over your system.
In this article, we dive into 10 underrated Linux tools that can help you streamline your workflow, improve productivity, and unlock new levels of system mastery. Whether you’re a developer, sysadmin, or Linux hobbyist, these tools deserve a place in your arsenal.
1. fd: Find Files Fast with Simplicity
The traditional find command is incredibly powerful but notoriously verbose and complex. Enter fd, a modern, user-friendly alternative.
Why It Stands Out
Cleaner syntax (fd pattern instead of find . -name pattern)
Recursive by default
Colorized output
Ignores .gitignore files for cleaner results
Example
fd ".conf"
Finds all files containing .conf in the name, starting from the current directory.
Use Case
Quickly locate configuration files, scripts, or assets without navigating nested directories or crafting complex expressions.
2. bat: cat on Steroids
bat is a drop-in replacement for cat with superpowers. It adds syntax highlighting, Git integration, and line numbers to your file viewing experience.
Why It Stands Out
Syntax highlighting for dozens of languages
Git blame annotations
Works as a pager with automatic line wrapping
Example
bat /etc/ssh/sshd_config
You’ll get a beautifully highlighted and numbered output, much easier to parse than with cat.
Use Case
Perfect for reading scripts, configs, and logs with visual clarity—especially helpful during debugging or code reviews.
3. ripgrep: Blazing-Fast Text Search
Also known as rg, ripgrep is a command-line search tool that recursively searches your current directory for a regex pattern, similar to grep—but much faster and more intuitive.
Go to Full Article
- Explore Exciting Linux DIY Projects: Automate Your World with Raspberry Pi and Arduino
by George Whittaker Introduction: The Rise of the Maker Revolution
Over the last decade, the open-source movement has not only transformed the world of software, but also catalyzed a sweeping revolution in hardware tinkering. At the heart of this shift lies a convergence of accessible microcomputers like the Raspberry Pi and microcontrollers like Arduino—each supercharged by the robust ecosystem of Linux. This combination offers hobbyists, engineers, and creators a versatile, low-cost, and endlessly customizable toolkit for automating their homes, collecting environmental data, and even experimenting with artificial intelligence at the edge.
This article serves as your dive into the world of Linux-based DIY automation. Whether you're looking to build a smart garden, a weather station, or simply learn how to use Bash scripts to control physical components, you're in for a journey that fuses digital logic with real-world interaction.
Understanding the Core PlatformsRaspberry Pi: The Linux Microcomputer Powerhouse
The Raspberry Pi is a credit card-sized computer capable of running full-fledged Linux distributions such as Raspberry Pi OS, Ubuntu, or even lightweight server OSes like DietPi. It features a Broadcom SoC, USB ports, HDMI output, Ethernet, Wi-Fi, and a 40-pin GPIO header for interfacing with sensors, relays, and other peripherals.
Key Features:
Runs full Linux OSes.
Offers Python, C/C++, and shell scripting environments.
Suitable for tasks requiring networking, databases, file systems, and multimedia.
Use Cases:
Home automation hub.
Data logging and processing.
Media streaming and game emulation.
Arduino: The Precise Microcontroller
Arduino, by contrast, is not a full computer but a microcontroller. Devices like the Arduino Uno or Nano excel at reading analog sensors, controlling motors, and maintaining precise timing. They are programmed using the Arduino IDE, which runs on Linux, Windows, and macOS.
Key Features:
Real-time control of electronic components.
Lightweight and low-power.
Supports C/C++ with a vast array of libraries.
Use Cases:
Reading temperature, humidity, motion sensors.
Driving LEDs, motors, and servos.
Reliable execution of small, repeatable tasks.
Setting Up a DIY Linux Development EnvironmentPreparing the Raspberry Pi
Download Raspberry Pi Imager from raspberrypi.com.
Go to Full Article
- Fortifying Debian With SELinux by Enforcing Mandatory Access Control for Ultimate System Security
by George Whittaker
In an era where cyber threats are evolving rapidly, securing Linux systems goes far beyond basic user permissions. Traditional security mechanisms like Discretionary Access Control (DAC) offer limited safeguards against privilege escalation, compromised applications, and insider threats. To address these limitations, Security-Enhanced Linux (SELinux) offers a powerful, fine-grained framework for Mandatory Access Control (MAC) — and it's not just for Red Hat-based distributions anymore.
In this article, we'll explore how to integrate SELinux into Debian, one of the most widely used and respected GNU/Linux distributions. We'll break down its architecture, setup procedures, policy management, and troubleshooting techniques. Whether you're running a mission-critical server or seeking to harden your desktop environment, this guide will show you how SELinux can elevate your system security to enterprise-grade standards.
Understanding the Foundations of SELinuxWhat Is SELinux?
SELinux is a kernel security module initially developed by the United States National Security Agency (NSA) in collaboration with the open-source community. It introduces the concept of mandatory access controls by enforcing policy-based rules that strictly define how processes and users can interact with files, directories, sockets, and devices.
Unlike DAC, where file owners control access, MAC policies are imposed by the system administrator and enforced by the kernel, regardless of user ownership or permissions.
Core Components of SELinux
Subjects: Active entities (usually processes).
Objects: Passive entities (like files, directories, devices).
Contexts: Security labels assigned to subjects and objects.
Types/Domains: Used to define access rules and behavior.
Policies: Written rulesets that determine access control logic.
Enforcement Modes
Enforcing: SELinux policies are applied and violations are blocked.
Permissive: Policies are not enforced, but violations are logged.
Disabled: SELinux is turned off entirely.
SELinux on Debian: A Reality Check
Debian has traditionally favored AppArmor for its simplicity and ease of integration. However, SELinux support is fully present in Debian’s repositories. As of Debian 12 (Bookworm) and later, integrating SELinux is more streamlined and better documented than ever.
Go to Full Article
- Linux Networking: Mastering VLAN Trunking, Bonding, and QoS for High-Performance Systems
by George Whittaker Introduction
In today's fast-paced IT environments, performance, reliability, and scalability are critical factors that determine the effectiveness of a network. Advanced Linux networking techniques such as VLAN trunking, interface bonding, and Quality of Service (QoS) are key tools in the hands of system administrators and network engineers who aim to build robust and efficient systems. Whether you're managing a data center, configuring high-availability clusters, or optimizing bandwidth for critical services, these technologies provide the foundation for high-performance networking on Linux.
This article explores each of these advanced networking capabilities, explaining their benefits, configurations, and practical use cases. By the end, you will have a comprehensive understanding of how to implement VLANs, bonding, and QoS effectively on your Linux systems.
Understanding VLAN Trunking in LinuxWhat is VLAN Trunking?
Virtual LANs (VLANs) allow the segmentation of a physical network into multiple logical networks. VLAN trunking is the process of transporting multiple VLANs over a single network link—typically between switches or between a switch and a server. This allows a single network interface card (NIC) to handle traffic for multiple VLANs, optimizing resource usage and simplifying cabling.
Trunking is crucial in virtualized environments where multiple virtual machines (VMs) or containers need to reside in separate VLANs for security or organizational reasons.
Why Use VLAN Trunking?
Isolation: Separates traffic for security and compliance.
Efficiency: Reduces the number of physical interfaces needed.
Scalability: Makes it easy to add or modify VLANs without physical changes.
Linux Support for VLANs
Linux supports VLANs natively via the kernel module 8021q. The modern toolset uses the ip command from the iproute2 package for configuration. Older systems may use the vconfig utility, though it's now deprecated.
Ensure the module is loaded:
sudo modprobe 8021q
Creating VLAN Interfaces
Use the ip command:
sudo ip link add link eth0 name eth0.10 type vlan id 10 sudo ip addr add 192.168.10.1/24 dev eth0.10 sudo ip link set dev eth0.10 up
Persistent Configuration
On Ubuntu (netplan):
Go to Full Article
- Beyond Basics: Unlocking the Power of Advanced Bash Scripting
by George Whittaker
Bash scripting is often seen as a convenient tool for automating repetitive tasks, managing simple file operations, or orchestrating basic system utilities. But beneath its surface lies a trove of powerful features that allow for complex logic, high-performance workflows, and robust script behavior. In this article, we’ll explore the lesser-known but incredibly powerful techniques that take your Bash scripting from basic automation to professional-grade tooling.
Mastering Arrays for Structured DataIndexed and Associative Arrays
Bash supports both indexed arrays (traditional, numeric indexes) and associative arrays (key-value pairs), which are ideal for structured data manipulation.
# Indexed array fruits=("apple" "banana" "cherry") # Associative array declare -A user_info user_info[name]="Alice" user_info[role]="admin"
Looping Through Arrays
# Indexed for fruit in "${fruits[@]}"; do echo "Fruit: $fruit" done # Associative for key in "${!user_info[@]}"; do echo "$key: ${user_info[$key]}" done
Use Case: Managing dynamic options or storing configuration mappings, such as service port numbers or user roles.
Indirect Expansion and Parameter Indirection
Ever needed to reference a variable whose name is stored in another variable? Bash allows this with indirect expansion using the ${!var} syntax.
user1="Alice" user2="Bob" var="user1" echo "User: ${!var}" # Outputs: Alice
Use Case: When parsing dynamically named variables from a configuration or runtime-generated context.
Process Substitution: Piping Like a Pro
Process substitution enables a command’s output to be treated as a file input for another command.
diff
- Ubuntu Security Reinvented: Hardening Your System with AppArmor
by George Whittaker
In an age where data breaches and cyber threats are growing both in frequency and sophistication, securing your Linux system is more important than ever. Ubuntu, one of the most popular Linux distributions, comes with a powerful security tool that many users overlook — AppArmor. Designed to provide a robust layer of defense, AppArmor enhances Ubuntu's built-in security model by confining programs with access control profiles.
This article will walk you through the ins and outs of AppArmor, explain why it's a crucial part of a hardened Ubuntu system, and teach you how to leverage it to protect your environment.
Understanding AppArmor: What It Is and Why It Matters
AppArmor (Application Armor) is a Mandatory Access Control (MAC) system that supplements the traditional Discretionary Access Control (DAC) provided by Linux file permissions. While DAC relies on user and group ownership for access control, MAC goes a step further by enforcing rules that even privileged users must obey.
AppArmor operates by loading security profiles for individual applications, specifying exactly what files, capabilities, and system resources they are allowed to access. This approach prevents compromised or misbehaving applications from harming the rest of the system.
AppArmor vs. SELinux
While SELinux (Security-Enhanced Linux) is another MAC system popular on Red Hat-based distributions, AppArmor is often preferred in Ubuntu environments for its ease of use, human-readable syntax, and simple profile management. Where SELinux can be daunting and complex, AppArmor offers a more user-friendly approach to strong security.
Core Concepts of AppArmor
Before diving into how to use AppArmor, it's important to understand its core concepts:
Profiles
A profile is a set of rules that define what an application can and cannot do. These are usually stored in the /etc/apparmor.d/ directory and loaded into the kernel at runtime.
Modes
Enforce: The profile is actively enforced, and actions outside the defined rules are blocked.
Complain: The profile logs rule violations but doesn’t enforce them, which is useful for debugging.
Profile Components
Profiles specify permissions for:
File access (read, write, execute)
Capabilities (e.g., net_admin, sys_admin)
Network operations
Signals and inter-process communications
Go to Full Article
|
