|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- Racket 9.0 released
The Racket programming languageproject has released Racketversion 9.0. Racket is a descendant of Scheme, so it is part of the Lisp family of languages. The headline feature in the release is parallelthreads, which adds to the concurrency tools in the language: "WhileRacket has had green threads for some time, and supports parallelism viafutures and places, we feel parallel threads is a major addition."Other new features include the black-boxwrapper to prevent the compiler from optimizing calculations away, the decompile-linkletfunction to map linkletsback to an s-expression, theaddition of Weibulldistributions to the math library, and more.
- Improving GCC Buffer Overflow Detection for C Flexible Array Members (Oracle)
The Oracle blog has alengthy article on enhancements to GCC to help detect overflows offlexible array members (FAMs) in C programs.
We describe here two new GNU extensions which specify size information for FAMs. These are a new attribute, "counted_by" and a new builtin function, "__builtin_counted_by_ref". Both extensions can be used in GNU C applications to specify size information for FAMs, improving the buffer overflow detection for FAMs in general.
This work has been covered on LWN as well.
- The 2025 Linux Foundation Technical Advisory Board election
The call forcandidates for the 2025 election for the Linux Foundation TechnicalAdvisory Board has been posted.
The TAB exists to provide advice from the kernel community to the Linux Foundation and holds a seat on the LF's board of directors; it also serves to facilitate interactions both within the community and with outside entities. Over the last year, the TAB has overseen the organization of the Linux Plumbers Conference, advised on the setup of the kernel CVE numbering authority, worked behind the scenes to help resolve a number of contentious community discussions, worked with the Linux Foundation on community conference planning, and more.
Nominations close on December 13.
- [$] Unpacking for Python comprehensions
Unpacking Python iterables of various sorts, such as dictionaries or lists,is useful in a number of contexts, including for function arguments, butthere has long been a call for extending that capability to comprehensions. PEP 798 ("Unpacking inComprehensions") was first proposed in June 2025 to fill that gap. In earlyNovember, the steering council acceptedthe PEP, which means that the feature will be coming to Python 3.15 inOctober 2026. It may be something of a niche feature, but it is aninconsistency that has been apparent for a while—to the point that some Python programmersassume that it is already present in the language.
- PHP 8.5.0 released
Version8.5.0 of the PHP language has been released. Changes include a new"|>" operator that, for some reason, makes these two linesequivalent:
$result = strlen("Hello world"); $result = "Hello world" |> strlen(...);
Other changes include a new function attribute, "#[\NoDiscard]" toindicate that the return value should be used, attributes on constants, andmore; see themigration guide for details.
- Security updates for Friday
Security updates have been issued by AlmaLinux (delve and golang), Debian (webkit2gtk), Oracle (expat and thunderbird), Red Hat (kernel), Slackware (openvpn), SUSE (chromium, grub2, and kernel), and Ubuntu (cups-filters, imagemagick, and libcupsfilters).
- Racing karts on a Rust GPU kernel driver (Collabora blog)
In July, Collabora announcedthe Rust-based TyrGPU driver for Arm MaliGPUs. Daniel Almeida has posted an updateon progress with a prototype of the driver running on a Rock 5B boardwith the Rockchip RK3588 system-on-chip:
The Tyr prototype has progressed from basic GPU job execution torunning GNOME, Weston, and full-screen 3D games like SuperTuxKart,demonstrating a functional, high-performance Rust driver that matchesC-driver performance and paves the way for eventual upstreamintegration! [...]
Tyr is not ready to be used as a daily-driver, and it will stilltake time to replicate this upstream, although it is now clear that wewill surely get there. And as a mere prototype, it has a lot ofshortcuts that we would not have in an upstream version, even thoughit can run on top of an unmodified (i.e., upstream) version ofMesa.
That said, this prototype can serve as an experimental driver andas a testbed for all the Rust abstraction work taking placeupstream. It will let us experiment with different design decisionsand gather data on what truly contributes to the project'sobjective.
There is also a video onYouTube of the prototype in action.
- [$] BPF and io_uring, two different ways
BPF allows programs uploaded from user space to be run, safely, within thekernel. The io_uring subsystem, too, can be thought of as a way of loadingprograms in the kernel, though the programs in question are mostly asequence of I/O-related system calls. It has sometimes seemed inevitablethat io_uring would, like many other parts of the kernel, gain BPFcapabilities as a way of providing more flexibility to user space. Thathas not yet happened, but there are currently two patch sets underconsideration that take different approaches to the problem.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (bind, bind9.18, container-tools:rhel8, expat, grub2, haproxy, idm:DL1, kernel, kernel-rt, lasso, libsoup, libssh, libtiff, pcs, podman, python-kdcproxy, qt5-qt3d, redis, redis:7, runc, shadow-utils, sqlite, squid, vim, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), Debian (chromium), Oracle (lasso and postgresql), SUSE (erlang27, ghostscript, grub2, kernel, libIex-3_4-33, python312, and sbctl), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-aws-6.8, linux-fips, linux-aws-fips, linux-gcp-fips, linux-oracle, and mysql-8.0, mysql-8.4).
- [$] LWN.net Weekly Edition for November 20, 2025
Inside this week's LWN.net Weekly Edition:
Front: Hardware architectures; Fedora Flatpaks; Debian hardware support; sockaddr structure; NUMA nodes; Homebrew. Briefs: LightDM security; Debian Libre Live; Xubuntu postmortem; Blender 5.0; Git 2.52.0; Rust in Android; Thunderbird 145; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- Postmortem of the Xubuntu.org download site compromise
In mid-October, the Xubuntudownload site was compromised and had directed users to a maliciouszip file instead of the Torrent file that users expected. ElizabethK. Joseph has publisheda postmortem of the incident, along with plans to avoid such a breachin the future:
To be perfectly clear: this only impacted our website, and the torrentlinks provided there.
If you downloaded or opened a file named "Xubuntu-Safe-Download.zip"from the Xubuntu downloads page during this period, you should assumeit was malicious. We strongly recommend scanning your computer with atrusted antivirus or anti-malware solution and deleting the fileimmediately.
Nothing on cdimages.ubuntu.com or any of the other official Ubunturepositories was impacted, and our mirrors remained safe as long asthey were also mirroring from official resources.
None of the build systems, packages, or other components of Xubuntuitself were impacted.
- GStreamer Conference 2025 video recordings now available
Recordings from the GStreamerConference 2025, held in London in late October, are nowavailable on the GStreamer Conferences Archive site. Includes theGStreamerState of the Union talk by Tim-Philipp Müller, Stateof MPEG 2 Transport Stream (MPEG-TS) by Edward Hervey, and manyothers.
- Security updates for Wednesday
Security updates have been issued by Debian (pdfminer), Fedora (chromium and firefox), Mageia (bubblewrap, flatpak, cups-filters, and thunderbird), Oracle (container-tools:rhel8, kernel, and squid), Red Hat (kernel), Slackware (libarchive), SUSE (gimp, itextpdf, kernel, thunderbird, and unbound), and Ubuntu (lasso).
- Blender 5.0 released
Version5.0 of the Blender animation system has been released. Notableimprovements include improved color management, HDR capabilities, anda new storyboarding template. See the releasenotes for a lengthy list of new features and changes, and the bugfixespage for the 588 commits that fixed bugs in Blender 4.5 or older.
- Diamond Technologies Adds New OSM Modules Based on i.MX 91, i.MX 93, and STM32MP2
Diamond Technologies, Inc. has introduced three new OSM-based embedded computing modules: the DEC i.MX 91-OSM, DEC i.MX 93-OSM, and DEC MP2-OSM. Designed and supported in the United States, the modules expand the company’s embedded lineup with new processing, connectivity, and edge-level compute options. The new modules target connected industrial equipment, energy-efficient edge systems, and compact […]
- Radxa Unveils Solder-Down rCore Module Line With RK3308 and IQ-9075 Edge AI Variants
Radxa has introduced two new solder-down modules in its rCore series, using LGA or castellated interfaces for compact, vibration-resistant designs suited to industrial, transportation, and rugged IoT systems. The new rCore-RK3308 and rCore-Q9075 modules integrate processing, memory, storage, and connectivity within small footprints to support applications ranging from low-power IoT to high-performance edge AI. The […]
- Panasonic Automotive Advances Linux Collaboration Through OIN
On Thursday, Japan-based Panasonic Automotive Systems announced that it had become a community member of Durham, North Carolina-based Open Invention Network. OIN is a nonprofit that’s mandated to protect the “Linux system” — the kernel plus key open-source components — using a large patent portfolio as defense against infringement claims.
- Nautilus File Manager In GNOME 50 Will Load Thumbnails Much Faster
Just last week GNOME's Nautilus file manager "GNOME Files" made headlines for finally supporting Ctrl+INsert and Shift+Insert while this week there is more activity worth pointing out. Nautilus in GNOME 50 will be loading thumbnail images much faster than in prior versions...
- Wine 10.19 Released: Game Changing Support for Windows Reparse Points on Linux
If you use Linux and occasionally run Windows applications, whether via native Wine or through gaming layers like Proton, you’ll appreciate what just dropped in Wine 10.19. Released November 14 2025, this version brings a major enhancement: official support for Windows reparse points, a filesystem feature many Windows apps rely on, and a host of other compatibility upgrades.
- TUXEDO Computers Drops Snapdragon X1 Elite Linux Laptop Plans
Back in mid-2024, the Bavarian Linux PC vendor TUXEDO Computers teased plans for developing a Snapdragon X Elite Linux laptop. Initially they hoped to have it out by Christmas 2024. That didn't happen and now approaching Christmas 2025 they confirmed they have stopped their plans for shipping a Snapdragon X1 Elite laptop for Linux customers...
- One Company's Plan to Sink Nuclear Reactors Deep Underground
Long-time Slashdot reader jenningsthecat shared this article from IEEE Spectrum:By dropping a nuclear reactor 1.6 kilometers (1 mile) underground, Deep Fission aims to use the weight of a billion tons of rock and water as a natural containment system comparable to concrete domes and cooling towers. With the fission reaction occurring far below the surface, steam can safely circulate in a closed loop to generate power. The California-based startup announced in October that prospective customers had signed non-binding letters of intent for 12.5 gigawatts of power involving data center developers, industrial parks, and other (mostly undisclosed) strategic partners, with initial sites under consideration in Kansas, Texas, and Utah... The company says its modular approach allows multiple 15-megawatt reactors to be clustered on a single site: A block of 10 would total 150 MW, and Deep Fission claims that larger groupings could scale to 1.5 GW. Deep Fission claims that using geological depth as containment could make nuclear energy cheaper, safer, and deployable in months at a fraction of a conventional plant's footprint... The company aims to finalize its reactor design and confirm the pilot site in the coming months. [Company founder Liz] Muller says the plan is to drill the borehole, lower the canister, load the fuel, and bring the reactor to criticality underground in 2026. Sites in Utah, Texas, and Kansas are among the leading candidates for the first commercial-scale projects, which could begin construction in 2027 or 2028, depending on the speed of DOE and NRC approvals. Deep Fission expects to start manufacturing components for the first unit in 2026 and does not anticipate major bottlenecks aside from typical long-lead items. In short "The same oil and gas drilling techniques that reliably reach kilometer-deep wells can be adapted to host nuclear reactors..." the article points out. Their design would also streamline construction, since "Locating the reactors under a deep water column subjects them to roughly 160 atmospheres of pressure — the same conditions maintained inside a conventional nuclear reactor — which forms a natural seal to keep any radioactive coolant or steam contained at depth, preventing leaks from reaching the surface." Other interesting points from the article:They plan on operating and controlling the reactor remotely from the surface.Company founder Muller says if an earthquake ever disrupted the site, "you seal it off at the bottom of the borehole, plug up the borehole, and you have your waste in safe disposal."For waste management, the company "is eyeing deep geological disposal in the very borehole systems they deploy for their reactors.""The company claims it can cut overall costs by 70 to 80 percent compared with full-scale nuclear plants.""Among its competition are projects like TerraPower's Natrium, notesthe tech news site Hackaday, saying TerraPower's fast neutron reactors "are already under construction and offer much more power per reactor, along with Natrium in particular also providing built-in grid-level storage. "One thing is definitely for certain..." they add. "The commercial power sector in the US has stopped being mind-numbingly boring."
Read more of this story at Slashdot.
- Could High-Speed Trains Shorten US Travel Times While Reducing Emissions?
With some animated graphics, CNN "reimagined" what three of America's busiest air and road travel routes would look like with high-speed trains, for "a glimpse into a faster, more connected future."The journey from New York City to Chicago could take just over six hours by high-speed train at an average speed of 160 mph, cutting travel time by more than 13 hours compared with the current Amtrak route... The journey from San Francisco to Los Angeles could be completed in under three hours by high-speed train... The journey from Atlanta to Orlando could be completed in under three hours by high-speed train that reaches 160 mph, cutting travel time by over half compared with driving... While high-speed rail remains a fantasy in the United States, it is already hugely successful across the globe. Passengers take 3 billion trips annually on more than 40,000 miles of modern high-speed railway across the globe, according to the International Union of Railways. China is home to the world's largest high-speed rail network. The 809-mile train journey from Beijing to Shanghai takes just four and a half hours... In Europe, France's Train a Grand Vitesse (TGV) is recognized as a pioneer of high-speed rail technology. Spain soon followed France's success and now hosts Europe's most extensive high-speed rail network... [T]rain travel contributes relatively less pollution of every type, said Jacob Mason of the Institute for Transportation and Development Policy, from burning less gasoline to making less noise than cars and taking up less space than freeways. The reduction in greenhouse gas emissions is staggering: Per kilometer traveled, the average car or a short-haul flight each emit more than 30 times the CO2 equivalent than Eurostar high-speed trains, according to data from the UK government.
Read more of this story at Slashdot.
- Microsoft and GitHub Preview New Tool That Identifies, Prioritizes, and Fixes Vulnerabilities With AI
"Security, development, and AI now move as one," says Microsoft's director of cloud/AI securityproduct marketing. Microsoft and GitHub "have launched a native integration between Microsoft Defender for Cloud and GitHub Advanced Security that aims to address what one executive calls decades of accumulated security debt in enterprise codebases..." according to The New Stack:The integration, announced this week in San Francisco at theMicrosoftIgnite 2025 conference and now available in public preview,connects runtime intelligence from production environments directlyinto developer workflows. The goal is to help organizationsprioritize which vulnerabilities actually matter and use AI to fixthem faster. "Throughout my career, I've seen vulnerabilitytrends going up into the right. It didn't matter how good of adetectionengine and how accurate our detection engine was, people justcouldn't fix things fast enough," said MarceloOliveira, VP of product management at GitHub, who has spentnearly a decade in application security. "That basically resultedin decades of accumulation of security debt into enterprise codebases." According to industry data, critical and high-severityvulnerabilities constitute 17.4% of security backlogs, with a meantime to remediation of 116 days, said AndrewFlick, senior director of developer services, languages and toolsat Microsoft, in a blogpost. Meanwhile, applications face attacks as frequently as onceevery three minutes, Oliveira said. The integration represents the first native link between runtimeintelligence and developer workflows, said ElifAlgedik, director of product marketing for cloud and AI securityat Microsoft, in a blogpost... The problem, according to Flick, comes down to threechallenges: security teams drowning in alert fatigue while AI rapidlyintroduces new threatvectors that they have little time to understand; developerslacking clear prioritization while remediation takes too long; andboth teams relying on separate, nonintegrated tools that makecollaboration slow and frustrating... The new integration worksbidirectionally. When Defender for Cloud detects a vulnerability in arunning workload, that runtime context flows into GitHub, showingdevelopers whether the vulnerability is internet-facing, handlingsensitive data or actually exposed in production. This is powered bywhat GitHub calls the Virtual Registry, which creates code-to-runtimemapping, Flick said... In the past, this alert would age in a dashboard while developersworked on unrelated fixes because they didn't know this was thecritical one, he said. Now, a security campaign can be created inGitHub, filtering for runtime risk like internet exposure orsensitive data, notifying the developer to prioritize this issue. GitHub Copilot "now automatically checks dependencies, scansfor first-party code vulnerabilities and catches hardcoded secretsbefore code reaches developers," the article points out — butGitHub's VP of product management says this takes things evenfurther. "We're not only helping you fix existing vulnerabilities,we're also reducing the number of vulnerabilities that come intothe system when the level of throughput of new code being created isincreasing dramatically with all these agentic coding agent platforms."
Read more of this story at Slashdot.
- Engineers are Building the Hottest Geothermal Power Plant on Earth - Next to a US Volcano
"On the slopes of an Oregon volcano, engineers are building the hottest geothermal power plant on Earth," reports the Washington Post:The plant will tap into the infernal energy of Newberry Volcano, "one of the largest and most hazardous active volcanoes in the United States," according to the U.S. Geological Survey. It has already reached temperatures of 629 degrees Fahrenheit, making it one of the hottest geothermal sites in the world, and next year it will start selling electricity to nearby homes and businesses. But the start-up behind the project, Mazama Energy, wants to crank the temperature even higher — north of 750 degrees — and become the first to make electricity from what industry insiders call "superhot rock." Enthusiasts say that could usher in a new era of geothermal power, transforming the always-on clean energy source from a minor player to a major force in the world's electricity systems. "Geothermal has been mostly inconsequential," said Vinod Khosla, a venture capitalist and one of Mazama Energy's biggest financial backers. "To do consequential geothermal that matters at the scale of tens or hundreds of gigawatts for the country, and many times that globally, you really need to solve these high temperatures." Today, geothermal produces less than 1 percent of the world's electricity. But tapping into superhot rock, along with other technological advances, could boost that share to 8 percent by 2050, according to the International Energy Agency (IEA). Geothermal using superhot temperatures could theoretically generate 150 times more electricity than the world uses, according to the IEA. "We believe this is the most direct path to driving down the cost of geothermal and making it possible across the globe," said Terra Rogers, program director for superhot rock geothermal at the Clean Air Task Force, an environmentalist think tank. "The [technological] gaps are within reason. These are engineering iterations, not breakthroughs." The Newberry Volcano project combines two big trends that could make geothermal energy cheaper and more widely available. First, Mazama Energy is bringing its own water to the volcano, using a method called "enhanced geothermal energy"... [O]ver the past few decades, pioneering projects have started to make energy from hot dry rocks by cracking the stone and pumping in water to make steam, borrowing fracking techniques developed by the oil and gas industry... The Newberry project also taps into hotter rock than any previous enhanced geothermal project. But even Newberry's 629 degrees fall short of the superhot threshold of 705 degrees or above. At that temperature, and under a lot of pressure, water becomes "supercritical" and starts acting like something between a liquid and a gas. Supercritical water holds lots of heat like a liquid, but it flows with the ease of a gas — combining the best of both worlds for generating electricity... [Sriram Vasantharajan, Mazama's CEO] said Mazama will dig new wells to reach temperatures above 750 degrees next year. Alongside an active volcano, the company expects to hit that temperature less than three miles beneath the surface. But elsewhere, geothermal developers might have to dig as deep as 12 miles. While Mazama plans to generate 15 megawatts of electricity next year, it hopes to eventually increase that to 200 megawatts. (And the company's CEO said it could theoretically generate five gigawatts of power.) But more importantly, successful projects "motivate other players to get into the market," according to a senior geothermal research analyst at energy consultancy Wood Mackenzie, who predicted "a ripple effect," to the Washington Post where "we'll start seeing more companies get the financial support to kick off their own pilots."
Read more of this story at Slashdot.
- How the Internet Rewired Work - and What That Tells Us About AI's Likely Impact
"The internet did transform work — but not the way 1998 thought..." argues the Wall Street Journal. "The internet slipped inside almost every job and rewired how work got done." So while the number of single-task jobs like travel agent dropped, most jobs "are bundles of judgment, coordination and hands-on work," and instead the internet brought "the quiet transformation of nearly every job in the economy... Today, just 10% of workers make minimal use of the internet on the job — roles like butcher and carpet installer."[T]he bigger story has been additive. In 1998, few could conceive of social media — let alone 65,000 social-media managers — and 200,000 information-security analysts would have sounded absurd when data still lived on floppy disks... Marketing shifted from campaign bursts to always-on funnels and A/B testing. Clinics embedded e-prescribing and patient portals, reshaping front-office and clinical handoffs. The steps, owners and metrics shifted. Only then did the backbone scale: We went from server closets wedged next to the mop sink to data centers and cloud regions, from lone system administrators to fulfillment networks, cybersecurity and compliance. That is where many unexpected jobs appeared. Networked machines and web-enabled software quietly transformed back offices as much as our on-screen lives. Similarly, as e-commerce took off, internet-enabled logistics rewired planning roles — logisticians, transportation and distribution managers — and unlocked a surge in last-mile work. The build-out didn't just hire coders; it hired coordinators, pickers, packers and drivers. It spawned hundreds of thousands of warehouse and delivery jobs — the largest pockets of internet-driven job growth, and yet few had them on their 1998 bingo card... Today, the share of workers in professional and managerial occupations has more than doubled since the dawn of the digital era. So what does that tell us about AI? Our mental model often defaults to an industrial image — John Henry versus the steam drill — where jobs are one dominant task, and automation maps one-to-one: Automate the task, eliminate the job. The internet revealed a different reality: Modern roles are bundles. Technologies typically hit routine tasks first, then workflows, and only later reshape jobs, with second-order hiring around the backbone. That complexity is what made disruption slower and more subtle than anyone predicted. AI fits that pattern more than it breaks it... [LLMs] can draft briefs, summarize medical notes and answer queries. Those are tasks — important ones — but still parts of larger roles. They don't manage risk, hold accountability, reassure anxious clients or integrate messy context across teams. Expect a rebalanced division of labor: The technical layer gets faster and cheaper; the human layer shifts toward supervision, coordination, complex judgment, relationship work and exception handling. What to expect from AI, then, is messy, uneven reshuffling in stages. Some roles will contract sharply — and those contractions will affect real people. But many occupations will be rewired in quieter ways. Productivity gains will unlock new demand and create work that didn't exist, alongside a build-out around data, safety, compliance and infrastructure. AI is unprecedented; so was the internet. The real risk is timing: overestimating job losses, underestimating the long, quiet rewiring already under way, and overlooking the jobs created in the backbone. That was the internet's lesson. It's likely to be AI's as well.
Read more of this story at Slashdot.
- Microsoft Warns Its Windows AI Feature Brings Data Theft and Malware Risks, and 'Occasionally May Hallucinate'
"Copilot Actions on Windows 11" is currently available in Insider builds (version 26220.7262) as part of Copilot Labs, according to a recent report, "and is off by default, requiring admin access to set it up." But maybe it's off for a good reason...besides the fact that it can access any apps installed on your system:In a support document, Microsoft admits that features like Copilot Actions introduce " novel security risks ." They warn about cross-prompt injection (XPIA), where malicious content in documents or UI elements can override the AI's instructions. The result? " Unintended actions like data exfiltration or malware installation ." Yeah, you read that right. Microsoft is shipping a feature that could be tricked into installing malware on your system. Microsoft's own warning hits hard: "We recommend that you only enable this feature if you understand the security implications." When you try to enable these experimental features, Windows shows you a warning dialog that you have to acknowledge. ["This feature is still being tested and may impact the performance or security of your device."] Even with these warnings, the level of access Copilot Actions demands is concerning. When you enable the feature, it gets read and write access to your Documents, Downloads, Desktop, Pictures, Videos, and Music folders... Microsoft says they are implementing safeguards. All actions are logged, users must approve data access requests, the feature operates in isolated workspaces, and the system uses audit logs to track activity. But you are still giving an AI system that can "hallucinate and produce unexpected outputs" (Microsoft's words, not mine) full access to your personal files. To address this, Ars Technica notes, Microsoft added this helpful warning to its support document this week. "As these capabilities are introduced, AI models still face functional limitations in terms of how they behave and occasionally may hallucinate and produce unexpected outputs." But Microsoft didn't describe "what actions they should take to prevent their devices from being compromised. I asked Microsoft to provide these details, and the company declined..."
Read more of this story at Slashdot.
- Amazon's AI-Powered IDE Kiro Helps Vibe Coders with 'Spec Mode'
A promotional video for Amazon's Kiro software development system took a unique approach, writes GeekWire. "Instead of product diagrams or keynote slides, a crew from Seattle's Packrat creative studio used action figures on a miniature set to create a stop-motion sequence..." "Can the software development hero conquer the 'AI Slop Monster' to uncover the gleaming, fully functional robot buried beneath the coding chaos?"Kiro (pronounced KEE-ro) is Amazon's effort to rethink how developers use AI. It's an integrated development environment that attempts to tame the wild world of vibe coding... But rather than simply generating code from prompts [in "vibe mode"], Kiro breaks down requests into formal specifications, design documents, and task lists [in "spec mode"]. This spec-driven development approach aims to solve a fundamental problem with vibe coding: AI can quickly generate prototypes, but without structure or documentation, that code becomes unmaintainable... The market for AI-powered development tools is booming. Gartner expects AI code assistants to become ubiquitous, forecasting that 90% of enterprise software engineers will use them by 2028, up from less than 14% in early 2024... Amazon launched Kiro in preview in July, to a strong response. Positive early reviews were tempered by frustration from users unable to gain access. Capacity constraints have since been resolved, and Amazon says more than 250,000 developers used Kiro in the first three months... Now, the company is taking Kiro out of preview into general availability, rolling out new features and opening the tool more broadly to development teams and companies... During the preview period, Kiro handled more than 300 million requests and processed trillions of tokens as developers explored its capabilities, according to stats provided by the company.Rackspace used Kiro to complete what they estimated as 52 weeks of software modernization in three weeks, according to Amazon executives. SmugMug and Flickr are among other companies espousing the virtues of Kiro's spec-driven development approach. Early users are posting in glowing terms about the efficiencies they're seeing from adopting the tool... startups in most countries can apply for up to 100 free Pro+ seats for a year's worth of Kiro credits. Kiro offers property-based testing "to verify that generated code actually does what developers specified," according to the article — plus a checkpointing system that "lets developers roll back changes or retrace an agent's steps when an idea goes sideways..." "And yes, they've been using Kiro to build Kiro, which has allowed them to move much faster."
Read more of this story at Slashdot.
- Did Bitcoin Play a Role in Thursday's Stock Sell-Off?
A week ago Bitcoin was at $93,714. Saturday it dropped to $85,300. Late Thursday, market researcher Ed Yardeni blamed some of Thursday's stock market sell-off on "the ongoing plunge in bitcoin's price," reports Fortune:"There has been a strong correlation between it and the price of TQQQ, an ETF that seeks to achieve daily investment results that correspond to three times (3x) the daily performance of the Nasdaq-100 Index," [Yardeni wrote in a note]. Yardeni blamed bitcoin's slide on the GENIUS Act, which was enacted on July 18, saying that the regulatory framework it established for stablecoins eliminated bitcoin's transactional role in the monetary system. "It's possible that the rout in bitcoin is forcing some investors to sell stocks that they own," he added... Traders who used leverage to make crypto bets would need to liquidate positions in the event of margin calls. Steve Sosnick, chief strategist at Interactive Brokers, also said bitcoin could swing the entire stock market, pointing out that it's become a proxy for speculation. "As a long-time systematic trader, it tells me that algorithms are acting upon the relationship between stocks and bitcoin," he wrote in a note on Thursday.
Read more of this story at Slashdot.
- PHP 8.5 Brings Long-Awaited Pipe Operator, Adds New URI Tools
"PHP 8.5 landed on Thursday with a long-awaited pipe operator and a new standards-compliant URI parser," reports the Register, "marking one of the scripting language's more substantial updates... "The pipe operator allows function calls to be chained together, which avoids theextraneous variables and nested statements that might otherwise beinvolved. Pipes tend to make code more readable than other ways toimplement serial operations. Anyone familiar with the Unix/Linuxcommand line or programming languages like R,F#,Clojure, orElixirmay have used the pipe operator. In JavaScript, aka ECMAScript, apipe operator has been proposed, though there are alternativeslike method chaining. Another significant addition is the URIextension, which allows developers to parse and modify URIs andURLs based on both the RFC 3986 and the WHATWG URL standards. Parsingwith URIs and URLs â" reading them and breaking them down into theirdifferent parts â" is a rather common task for web-orientedapplications. Yet prior versions of PHP didn't include astandards-compliant parser in the standard library. As notedby software developer Tim Düsterhus, the parse_url()function that dates back to PHP 4 doesn't follow any standard andcomes with a warning that it should not be used with untrusted ormalformed URLs. Other noteworthy additions to the language include: CloneWith, for updating properties more efficiently; the #[\NoDiscard] attribute, for warning when a return value goes unused; theability to use static closures and first-class callables in constant expressions; and persistent cURL handles that can be shared across multiple PHP requests.
Read more of this story at Slashdot.
- 'The Strange and Totally Real Plan to Blot Out the Sun and Reverse Global Warming'
In a 2023 pitch to investors, a "well-financed, highly credentialed" startup named Stardust aimed for a "gradual temperature reduction demonstration" in 2027, according to a massive new 9,600-word article from Politico. ("Annually dispersing ~1 million tons of sun-reflecting particles," says one slide. "Equivalent to ~1% extra cloud coverage.") "Another page told potential investors Stardust had already run low-altitude experiments using 'test particles'," the article notes:[P]ublic records and interviews with more than three dozen scientists, investors, legal experts and others familiar with the company reveal an organization advancing rapidly to the brink of being able to press "go" on its planet-cooling plans. Meanwhile, Stardust is seeking U.S. government contracts and quietly building an influence machine in Washington to lobby lawmakers and officials in the Trump administration on the need for a regulatory framework that it says is necessary to gain public approval for full-scale deployment.... The presentation also included revenue projections and a series of opportunities for venture capitalists to recoup their investments. Stardust planned to sign "government contracts," said a slide with the company's logo next to an American flag, and consider a "potential acquisition" by 2028.By 2030, the deck foresaw a "large-scale demonstration" of Stardust's system. At that point, the company claimed it would already be bringing in $200 million per year from its government contracts and eyeing an initial public offering, if it hadn't been sold already. The article notes that for "a widening circle of researchers and government officials,Stardust's perceived failures to be transparent about its work and technology have triggered a larger conversation about what kind of international governance framework will be needed to regulate a new generation of climate technologies." (Since currently Stardust and its backers "have no legal obligations to adhere to strenuous safety principles or to submit themselves to the public view.") In October Politico spoke to Stardust CEO, Yanai Yedvab, a former nuclear physicist who was once deputy chief scientist at the Israeli Atomic Energy Commission. Stardust "was ready to announce the $60 million it had raised from 13 new investors," the article points out, "far larger than any previous investment in solar geoengineering."[Yedvab] was delighted, he said, not by the money, but what it meant for the project."We are, like, few years away from having the technology ready to a level that decisions can be taken" — meaning that deployment was still on track to potentially begin on the timeline laid out in the 2023 pitch deck. The money raised was enough to start "outdoor contained experiments" as soon as April, Yedvab said. These would test how their particles performed inside a plane flying at stratospheric heights, some 11 miles above the Earth's surface... The key thing, he insisted, was the particle was "safe." It would not damage the ozone layer and, when the particles fall back to Earth, they could be absorbed back into the biosphere, he said. Though it's impossible to know this is true until the company releases its formula. Yedvab said this round of testing would make Stardust's technology ready to begin a staged process of full-scale, global deployment before the decade is over — as long as the company can secure a government client. To start, they would only try to stabilize global temperatures — in other words fly enough particles into the sky to counteract the steady rise in greenhouse gas levels — which would initially take a fleet of 100 planes. This begs the question: should the world attempt solar geoengineering?That the global temperature would drop is not in question. Britain's Royal Society... said in a report issued in early November that there was little doubt it would be effective. They did not endorse its use, but said that, given the growing interest in this field, there was good reason to be better informed about the side effects... [T]hat doesn't mean it can't have broad benefits when weighed against deleterious climate change, according to Ben Kravitz, a professor of earth and atmospheric sciences at Indiana University who has closely studied the potential effects of solar geoengineering. "There would be some winners and some losers. But in general, some amount of ... stratospheric aerosol injection would likely benefit a whole lot of people, probably most people," he said. Other scientists are far more cautious. The Royal Society report listed a range of potential negative side effects that climate models had displayed, including drought in sub-Saharan Africa. In accompanying documents, it also warned of more intense hurricanes in the North Atlantic and winter droughts in the Mediterranean. But the picture remains partial, meaning there is no way yet to have an informed debate over how useful or not solar geoengineering could be... And then there's the problem of trying to stop. Because an abrupt end to geoengineering, with all the carbon still in the atmosphere, would cause the temperature to soar suddenly upward with unknown, but likely disastrous, effects... Once the technology is deployed, the entire world would be dependent on it for however long it takes to reduce the trillion or more tons of excess carbon dioxide in the atmosphere to a safe level... Stardust claims to have solved many technical and safety challenges, especially related to the environmental impacts of the particle, which they say would not harm nature or people. But researchers say the company's current lack of transparency makes it impossible to trust. Thanks to long-time Slashdot reader fjo3 for sharing the article.
Read more of this story at Slashdot.
- Meta Plans New AI-Powered 'Morning Brief' Drawn From Facebook and 'External Sources'
Meta "is testing a new product that would give Facebook users a personalized daily briefing powered by the company's generative AI technology" reports the Washington Post. They cite records they've reviwed showing that Meta "would analyze Facebook content and external sources to push custom updates to its users."The company plans to test the product with a small group of Facebook users in select cities such as New York and San Francisco, according to a person familiar with the project who spoke on the condition of anonymity to discuss private company matters... Meta's foray into pushing updates for consumers follows years of controversy over its relationship with publishers. The tech company has waffled between prominently featuring content from mainstream news sources on Facebook to pulling news links altogether as regulators pushed the tech giant to pay publishers for content on its platforms. More recently, publishers have sued Meta, alleging it infringed on their copyrighted works to train its AI models.
Read more of this story at Slashdot.
- Are Astronomers Wrong About Dark Energy?
An anonymous reader shared this report from CNN:The universe's expansion might not be accelerating but slowing down, a new study suggests. If confirmed, the finding would upend decades of established astronomical assumptions and rewrite our understanding of dark energy, the elusive force that counters the inward pull of gravity in our universe... Last year, a consortium of hundreds of researchers using data from the Dark Energy Spectroscopic Instrument (DESI) in Arizona, developed the largest ever 3D map of the universe. The observations hinted at the fact that dark energy may be weakening over time, indicating that the universe's rate of expansion could eventually slow. Now, a study published November 6 in the journal Monthly Notices of the Royal Astronomical Society provides further evidence that dark energy might not be pushing on the universe with the same strength it used to. The DESI project's findings last year represented "a major, major paradigm change ... and our result, in some sense, agrees well with that," said Young-Wook Lee, a professor of astrophysics at Yonsei University in South Korea and lead researcher for the new study.... To reach their conclusions, the researchers analyzed a sample of 300 galaxies containing Type 1a supernovas and posited that the dimming of distant exploding stars was not only due to their moving farther away from Earth, but also due to the progenitor star's age... [Study coauthor Junhyuk Son, a doctoral candidate of astronomy at Yonsei University, said] "we found that their luminosity actually depends on the age of the stars that produce them — younger progenitors yield slightly dimmer supernovae, while older ones are brighter." Son said the team has a high statistical confidence — 99.99% — about this age-brightness relation, allowing them to use Type 1a supernovas more accurately than before to assess the universe's expansion... Eventually, if the expansion continues to slow down, the universe could begin to contract, ending in what astronomers imagine may be the opposite of the big bang — the big crunch. "That is certainly a possibility," Lee said. "Even two years ago, the Big Crunch was out of the question. But we need more work to see whether it could actually happen." The new research proposes a radical revision of accepted knowledge, so, understandably, it is being met with skepticism. "This study rests on a flawed premise," Adam Riess, a professor of physics and astronomy at the Johns Hopkins University and one of the recipients of the 2011 Nobel Prize in physics, said in an email. "It suggests supernovae have aged with the Universe, yet observations show the opposite — today's supernovae occur where young stars form. The same idea was proposed years ago and refuted then, and there appears to be nothing new in this version." Lee, however, said Riess' claim is incorrect. "Even in the present-day Universe, Type Ia supernovae are found just as frequently in old, quiescent elliptical galaxies as in young, star-forming ones — which clearly shows that this comment is mistaken. The so-called paper that 'refuted' our earlier result relied on deeply flawed data with enormous uncertainties," he said, adding that the age-brightness correlation has been independently confirmed by two separate teams in the United States and China... "Extraordinary claims require extraordinary evidence," Dragan Huterer, a professor of physics at the University of Michigan in Ann Arbor, said in an email, noting that he does not feel the new research "rises to the threshold to overturn the currently favored model...." The new Vera C. Rubin Observatory, which started operating this year, is set to help settle the debate with the early 2026 launch of the Legacy Survey of Space and Time, an ultrawide and ultra-high-definition time-lapse record of the universe made by scanning the entire sky every few nights over 10 years to capture a compilation of asteroids and comets, exploding stars, and distant galaxies as they change.
Read more of this story at Slashdot.
- Britain Sets New Record, Generating Enough Wind Power for 22 Million Homes
An anonymous reader shared this report from Sky News:A new wind record has been set for Britain, with enough electricity generated from turbines to power 22 million homes, the system operator has said. The mark of 22,711 megawatts (MW) was set at 7.30pm on 11 November... enough to keep around three-quarters of British homes powered, the National Energy System Operator (Neso) said. The country had experienced windy conditions, particularly in the north of England and Scotland... Neso has predicted that Britain could hit another milestone in the months ahead by running the electricity grid for a period entirely with zero carbon power, renewables and nuclear... Neso said wind power is now the largest source of electricity generation for the UK, and the government wants to generate almost all of the UK's electricity from low-carbon sources by 2030. "Wind accounted for 55.7 per cent of Britain's electricity mix at the time..." reports The Times:Gas provided only 12.5 per cent of the mix, with 11.3 per cent coming from imports over subsea power cables, 8 per cent from nuclear reactors, 8 per cent from biomass plants, 1.4 per cent from hydroelectric plants and 1.1 per cent from storage. Britain has about 32 gigawatts of wind farms installed, approximately half of that onshore and half offshore, according to the Wind Energy Database from the wind industry body Renewable UK. That includes five of the world's biggest offshore wind farms. The government is seeking to double onshore wind and quadruple offshore wind power by 2030 as part of its plan for clean energy.... Jane Cooper, deputy chief executive of Renewable UK, said: "On a cold, dark November evening, wind was generating enough electricity to power 80 per cent of British homes when we needed it most.
Read more of this story at Slashdot.
- Analyzing 47,000 ChatGPT Conversations Shows Echo Chambers, Sensitive Data - and Unpredictable Medical Advice
For nearly three years OpenAI has touted ChatGPT as a "revolutionary" (and work-transforming) productivity tool, reports the Washington Post. But after analyzing 47,000 ChatGPT conversations, the Post found that users "are overwhelmingly turning to the chatbot for advice and companionship, not productivity tasks."The Post analyzed a collection of thousands of publicly shared ChatGPT conversations from June 2024 to August 2025. While ChatGPT conversations are private by default, the conversations analyzed were made public by users who created shareable links to their chats that were later preserved in the Internet Archive and downloaded by The Post. It is possible that some people didn't know their conversations would become publicly preserved online. This unique data gives us a glimpse into an otherwise black box... Overall, about 10 percent of the chats appeared to show people talking about their emotions, role-playing, or seeking social interactions with the chatbot. Some users shared highly private and sensitive information with the chatbot, such as information about their family in the course of seeking legal advice. People also sent ChatGPT hundreds of unique email addresses and dozens of phone numbers in the conversations... Lee Rainie, director of the Imagining the Digital Future Center at Elon University, said that it appears ChatGPT "is trained to further or deepen the relationship." In some of the conversations analyzed, the chatbot matched users' viewpoints and created a personalized echo chamber, sometimes endorsing falsehoods and conspiracy theories. Four of ChatGPT's answers about health problems got a failing score from a chair of medicine at the University of California San, Francisco, the Post points out. But four other answers earned a perfect score.
Read more of this story at Slashdot.
- 780,000 Windows Users Downloaded Linux Distro Zorin OS in the Last 5 Weeks
In October Zorin OS claimed it had 100,000 downloads in a little over two days in the days following Microsoft's end of support for Windows 10. And one month later, Zorin OS developers now claim that 780,000 people downloaded it from a Windows computer in the space of a month, according to the tech news site XDA Developers.In a post on the Zorin blog, the developers of the operating system Zorin OS 18 announced that they've managed to accrue one million downloads of the operating system in a single month [since its launch on October 14]. While this is plenty impressive by itself, the developers go on to reveal that, out of that million, 78% of the downloads came from a Windows machine. That means that at least 780,000 people on Windows gave Zorin OS 18 a download... [I]t's easy to see why: the developers put a heavy emphasis on making their system the perfect home for ex-Windows users.
Read more of this story at Slashdot.
- Bossware booms as bots determine whether you're doing a good job
A lot of companies are turning to employee monitoring tools to make sure workers aren't slacking off
The COVID-19 lockdown meant a surge in remote work, and the trend toward remote and hybrid workplaces has persisted long after the pandemic receded. That has changed the nature of workplace management as well. Bosses can't check for butts in seats or look over their employees' shoulders in the office to make sure they're working instead of having a LAN party. So they've turned to software tools to fill the gap.…
- Copackaged optics have officially found their killer app - of course it's AI
With power in such short supply, every watt counts
SC25 Power is becoming a major headache for datacenter operators as they grapple with how to support ever larger deployments of GPU servers - so much so that the AI boom is now driving the adoption of a technology once thought too immature and failure-prone to merit the risk.…
- Self-destructing thumb drive can brick itself and wipe your secret files away
Catch: you have to plug it into a computer first
If you’ve ever watched Mission Impossible, where Jim Phelps gets instructions from an audio tape that catches fire after five seconds, TeamGroup has an external SSD with your name on it. The T-Create Expert P35S is a portable USB-powered SSD that comes with a self-destruct button, which wipes all your data and physically renders the device useless.…
- Researchers get inside the mind of bots, find out what texts they trained on
RECAP agent overcomes model alignment efforts to hide memorized proprietary content
If you've ever wondered whether that chatbot you're using knows the entire text of a particular book, answers are on the way. Computer scientists have developed a more effective way to coax memorized content from large language models, a development that may address regulatory concerns while helping to clarify copyright infringement claims arising from AI model training and inference.…
- Makers slam Qualcomm for tightening the clamps on Arduino
But the Wiring folks were disenchanted even before Qualcomm swallowed Arduino
Qualcomm quietly rewrote the terms of service for its newest acquisition, programmable microcontroller and SBC maker Arduino, drawing intense fire from the maker community for grabbing additional rights to user-generated content on its platform and prohibiting reverse-engineering of what was once very open software.…
- Pentagon pumps $29.9M into bid to turn waste into critical minerals
It's unclear how much scandium and gallium ElementUSA will contribute to the supply chain, or when
The US Department of Defense is asserting its desire to be an integral part of the American rare earths and critical minerals supply chain with a deal to establish a domestic pipeline of gallium and scandium production.…
- Google's AI is eating your email by default. Here's how to shut its mouth
Want out of those new 'smart features'? We’ve got you covered
Google's "don't be evil" ethos is so 2015. These days, the Chocolate Factory is all about integrating users with bots, whether they like it or not. Now, it's rolling out Workspace "smart features" that process personal content with AI, and many users are finding the settings enabled by default.…
- SpaceX loses debut V3 Super Heavy in ground test mishap
Redesigned booster ruptures during early checks, delaying latest Starship iteration
SpaceX has responded to Blue Origin's announcement of a heftier version of its New Glenn rocket in the only way it knows how – by accidentally destroying a Starship booster.…
- Four charged over alleged plot to smuggle Nvidia AI chips into China
Prosecutors say front companies, falsified paperwork, and overseas drop points used to dodge US export rules
Four people have been charged in the US with plotting to funnel restricted Nvidia AI chips into China, allegedly relying on shell firms, fake invoices, and covert routing to slip cutting-edge GPUs past American export controls.…
- AI nudification site fined £55K for skipping age checks
Decision marks second penalty issued under the UK's Online Safety Act
The UK's online regulator has lobbed a £50,000 fine at an AI nudification website for failing to implement mandatory age checks, potentially allowing under-18s to waltz past the virtual velvet rope.…
- Microsoft exec finds AI cynicism 'mindblowing'
The tech is impressive. Shoehorning it into absolutely everything is not
Opinion In a tweet lamenting all the "cynics" unmoved by AI, Microsoft AI boss Mustafa Suleyman demonstrated that Redmond's Reality Distortion Field is running at full power.…
- SC25 gets heavy with mega power and cooling solutions
Hydrogen-powered turbines, megawatt-scale coolant loops, and 800V power take center stage at annual supercomputing conference
SC25 Hydrogen-fueled gas turbines, backup generators, and air handlers probably aren't the kinds of equipment you'd expect on the show floor of a supercomputing conference. But your expectations would be wrong.…
- Trump, Republicans try again to stop states from regulating AI
If at first you don’t succeed, swing again - Big Tech certainly isn’t complaining
The Trump administration and congressional Republicans are trying again to eliminate state-level AI regulations in favor of a federal standard. The plan faces opposition from many state governments and civil-society organizations, while AI vendors have welcomed it.…
- Thunderbird 145 finally adds ‘native’ Exchange support
EWS-powered email only for now, with calendars and contacts still on the to-do list
It's easy to forget in the FOSS world, but Exchange still runs most corporate email – and the new version of Thunderbird can talk to it directly.…
- AWS under pressure as big three battle to eat the cloud market
Google and Microsoft are catching up, while Oracle and neoclouds are growing from a small base
The big three cloud companies are all growing thanks to an expanding market, but Amazon is under increasing pressure from Microsoft and Google, while newcomers are on the rise.…
- TP-Link accuses rival Netgear of 'smear campaign' over alleged China ties
Networking vendor claims rival helped portray it as a national-security risk in the US
TP-Link is suing rival networking vendor Netgear, alleging that the rival and its CEO carried out a smear campaign by falsely suggesting, it says, that the biz had been infiltrated by the Chinese government.…
- Google and Westinghouse lean on AI to speed US nuclear plant builds
Pair say digital twin-powered scheduling will cut costs, shrink timelines for 10 planned reactors
Google and atomic power biz Westinghouse Electric claim that AI will speed construction and cut the cost of building the new US power plants it is planning in response to rising demands for energy to fuel AI.…
- Manchester hits snooze again on joining Palantir-run NHS data platform
Care board still waiting for evidence that it will be in the best interests of the population
Greater Manchester Integrated Care Board (ICB) has again put off its adoption of an NHS data platform prescribed by the UK government and run by Palantir until there is more evidence that it will be in the "best interests" of the city's population.…
- Palo Alto CEO tips nation-states to weaponize quantum computing by 2029
Company thinks you’ll contemplate replacing most security kit in the next few years to stay safe
Palo Alto Networks CEO Nikesh Arora has suggested hostile nation-states will possess quantum computers in 2029, or even a little earlier, at which point most security appliances will need to be replaced.…
- US, UK, Australia sanction Lockbit gang’s hosting provider
‘Bulletproof’ hosts partly dodged the last attack of this sort
Cybercrime fighters in the US, UK, and Australia have imposed sanctions on several Russia-linked entities they claim provide hosting services to ransomware gangs Lockbit, BlackSuit, and Play.…
- Fortinet 'fesses up to second 0-day within a week
Attackers may be joining the dots to enable unauthenticated RCE
Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that attackers had found and abused a month earlier.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- LionsOS: an adaptable OS based on the seL4 microkernel
LionsOS is an operating system based on the seL4 microkernel with the goal of making the achievements of seL4 accessible. That is, to provide performance, security, and reliability. It is not a conventional operating system, but contains composable components for creating custom operating systems that are specific to a particular task. Components are joined together using the Microkit tool. ↫ LionsOS website The project is under active research and development, led by the Trustworthy Systems research group at UNSW Sydney in Australia. The source code is available on GitHub.
- HP, Dell quietly disable HEVC on certain laptops over minute license fee increase
Inter-corporation bullshit screwing over consumers � a tale as old as time. Major laptop vendors have quietly removed hardware decode support for the H.265/HEVC codec in several business and entry-level models, a decision apparently driven by rising licensing fees. Users working with H.265 content may face reduced performance unless they verify codec support or rely on software workarounds. ↫ Hilbert Hagedoornn at The Guru of 3D You may want to know how much these licensing fees are, and by how much they�re increasing next year, making these laptop OEMs remove features to avoid the costs. The HEVC licensing fee is $0.20 per device, and in 2026 it�s increasing to $0.24. Yes, a $0.04 increase per device is forcing! these giant companies to screw over their consumers. Nobody�s coming out a winner here, and everyone loses. We took a wrong turn, but nobody seems to know when and where.
- The why of LisaGUI
LisaGUI is an amazing project that recreates the entire user interface of the Apple Lisa in the browser, using nothing but CSS, a bit of HTML, and SVG files, and it�s an absolute joy to use and experience. Its creator, Andrew Yaros, has published a blog post diving into the why and how of LisaGUI. I had been trying to think of a good project to add to my programming portfolio, which was lacking. Finding an idea I was willing and able to execute on proved harder than expected. Good ideas are born from necessity and enthusiasm; trying to create a project for its own sake tends to be an uphill battle. I was also hoping to think of a specific project idea that hasn�t really been tried before. As you may have guessed by the title of this post, LisaGUI ended up being that project, although I didn�t really set out to make it as much as I stumbled into it while trying to accomplish something else. ↫ Andrew Yaros I�m someone who prefers to run the real thing on real hardware, but in a lot of cases, that�s just not realistic anymore. Hardware like the Apple Lisa are not only hard to find and expensive, they also require considerable knowledge and skill to maintain and possibly repair, which not everyone can do. For these types of machines, virtualisation, emulation, and recreation are much better, more accessible options, especially if it involves hardware and software you�re not interested enough in to spend time and money on them.
- Fixing! the broken Solaris Management Console Oracle won�t fix
In my detailed article about the Sun Microsystems ecosystem of the late 2000s, I mentioned an issue I ran into with the latest (leaked) patchset for Solaris 10, the one from 2020, available on Archive.org. Sun does not make Solaris 10 patches and patchsets from 2014 and later freely available online, restricting them to big enterprise customers with expensive support contracts. The same restrictions apply to mere support documents for Solaris 10, so that issues documented by Oracle, including causes and possible solutions, are only accessible to those with support contracts. The specific issue I ran into is that after installing the 2020 patchset, the Solaris Management Console, a GUI application written in Java with which you can manage certain aspects of your system, would no longer work. It would start up, but any settings panel you tried to load would throw up an RMI_ERR: error unmarshalling return, rendering the SMC effectively non-functional. This problem is documented in Oracle Doc ID 1559490.1, but of course, the Cause and Solution sections are hidden. I like weird commercial UNIX configuration GUIs, so even though you can do all of the SMC�s tasks with command-line tools, I still want it to work. Judging by the error and the countless references to Java updates, it�s easy to figure out that the root cause is an updated version of Java installed by the patchset that the SMC doesn�t like. You�d think uninstalling any relevant patches would solve the problem, but I tried that and it didn�t make a difference, so I was hoping Oracle perhaps had a later patch to fix the issue, or perhaps a proper workaround to get the SMC working again. Well, a screenshot of the remainder of that Oracle Doc ID mysteriously materialised on my Ultra 45 this morning, and it turns out that Oracle just0 Doesn�t care. Honestly, I can�t blame them. Solaris 10 is old, outdated, pure legacy, and the very small number of organisations still using it are probably using it in Solaris Zones on servers anyway, and definitely not as a workstation/desktop operating system. There is zero incentive for Oracle to waste any time trying to fix this issue that, let�s be honest, really only affects one person in the entire world: me. Still, I wanted it fixed, and so I brute-forced a solution. It�s pretty straightforward: just change your default Java version back to one that the Solaris Management Console can work with. While I have Java 1.6.0 and 1.8.0 installed on the Ultra 45, with 1.6.0 being the default, the SMC will only work when 1.5.0 is set as your default Java version. There�s a wide variety of ways to do this, ranging from hatchets to scalpels, but considering nothing else on Solaris 10/SPARC on the Ultra 45 relies on 1.6.0 or later (as far as I can tell, at least), I took a hatchet approach and just changed the /usr/java symlink so that it pointed to 1.5.0 again. It�s that simple. Like I said, there are far more elegant ways of doing this, down to various scripts and other things to force only the SMC to use this specific Java version, but it�s not worth the effort to figure that out, and this works just as well. So, just in case there�s ever going to be a second person looking to fix this problem, here you are. You weird, weird person.
- Microsoft warns its new AI! agents in Windows can install malware
Microsoft has just announced a whole slew of new AI! features for Windows, and this time, they�ll be living in your taskbar. Microsoft is trying to transform Windows into a “canvas for AI,” with new AI agents integrated into the Windows 11 taskbar. These new taskbar capabilities are designed to make AI agents feel like an assistant in Windows that can go off and control your PC and do tasks for you at the click of a button. It’s part of a broader overhaul of Windows to turn the operating system into an “agentic OS.” Microsoft is integrating a variety of AI agents directly into the Windows 11 taskbar, including its own Microsoft 365 Copilot and third-party options. “This integration isn’t just about adding agents; it’s about making them part of the OS experience,” says Windows chief Pavan Davuluri. ↫ Tom Warren at The Verge These AI! agents will control your computer, applications, and files for you, which may make some of you a little apprehensive, and for good reason. AI! tools don�t have a great track record when it comes to privacy � Windows Recall comes to mind � and as such, Microsoft claims this time, it�ll be different. These new AI! agents will run in what are essentially dedicated Windows accounts acting as sandboxes, to ensure they can only access certain resources. While I find the addition of these AI! tools to Windows insufferable and dumb, I�m at least glad Microsoft is taking privacy and security seriously this time, and I doubt Microsoft would repeat the same mistakes they made with the entirely botched rollout of Windows Recall. in addition, after the Cloudstrike fiasco, Microsoft made clear commitments to improve its security practices, which further adds to the confidence we should all have these new AI! tools are safe, secure, and private. But wait, what�s this? Additionally, agentic AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation. ↫ Microsoft support document about the new AI! features Microsoft�s new AI! features can go out and install malware without your consent, because these features possess the access and privileges to do so. The mere idea that some application � which is essentially what these AI! features really are � can go out onto the web and download and install whatever it wants, including malware, on your behalf!, in the background, is so utterly dystopian to me I just can�t imagine any serious developer looking at this and thinking yeah, ship it!. I�m living in an insane asylum.
- Run old versions of UNIX for PDP-11 and x86 on modern hardware
The contents of this repository allow older versions of UNIX (ancient UNIX) to run easily on modern Unix-like systems (Linux, FreeBSD, macOS, among others). ↫ Run ancient UNIX GitHub page With the guides in this repository, you can easily run Versions 1/5/7 UNIX and 2.11BSD UNIX for the PDP-11 and Version 7 UNIX for x86 (ported to x86 by Robert Nordier in 1999, with patches in 2006-2007). That�s it.
- Living my best Sun Microsystems ecosystem life in 2025
In my lifetime, there�s been one ecosystem I deeply regret having missed out on: the Sun Microsystems ecosystem of the late 2000s. At that time, the company offered a variety of products that, when used together, formed a comprehensive ecosystem that was a fascinating, albeit expensive alternative to Microsoft and Apple. While not really intended for home use, I�ve always believed that Sun�s approach to computing would�ve made for an excellent computing environment in the home. Since I was but a wee university student in the late 2000s living in a small apartment, I did not have the financial means nor the space to really test this hypothesis. Now, though, Sun�s products from that era are decidedly retro, and a lot more approachable � especially if you have incredibly generous readers. So sit down and buckle up, because we�ve got a long one today. If you wish to support OSNews and longform content like this, consider becoming a Patreon or donating to our Ko-Fi. Note that absolutely zero generative AI! was used in the writing of this article. No AI! writing aids, no AI! summaries, no ChatGPT, no Gemini search nonsense, nothing. I take pride in doing research and writing properly, without the aid! of digital parrots with brain damage, and if there�s any errors, they�re mine and mine alone. Take pride in your work and reject AI!. The Ultra 45: the central hub In the early 2000s, it had already become obvious that the future of workstations lied not with custom architectures, bespoke processors, and commercial UNIX variants, but with standard x86, off-the-shelf Intel and AMD processors, and Windows and Linux. The writing was on the wall, everyone knew it, and the ensuing consolidation on x86 turned into a veritable bloodbath. In the �80s and �90s, many of these ISAs were touted as vastly superior x86 killers, but fast-forward a decade or two, and x86 had bested them all in both price and performance, leaving behind a trail of dead ISAs. Never bet against x86. Virtually none of the commercial UNIX variants survived the one-two punch of losing the ISA they were married to and the rising popularity of Linux in the workstation space. HP-UX was tied to HP�s PA-RISC, and both died. SGI�s IRIX was tied to MIPS, and both died. Tru64 was tied to Alpha, and both died. The two exceptions are IBM�s AIX and Sun�s Solaris. AIX workstations were phased out, but AIX is still nominally in development for POWER servers, but wholly inaccessible to anyone who doesn�t wear a suit and has a massive corporate spending budget. Solaris, meanwhile, which had long been available on x86, saw its own! ISA SPARC live on in the server space until roughly 2017 or so, and was even briefly available as open source until Oracle did its thing. As a result, Solaris and its derivative Illumos are still nominally in active development, but in the grand scheme of things they�re barely even a blip on the radar in 2025. Never bet against Linux. During these tumultuous times, the various commercial UNIX vendors all pushed out systems that would become the final hurrahs of their respective UNIX workstation lines. DEC, then owned by HP, released its AlphaStation ES47 in 2003, marking the end of the road for Alpha and Tru64 UNIX. HP�s own PA-RISC architecture and HP-UX met their end with the HP c8000 (which I own), an all-out PA-RISC monster with two dual-core processors running at 1.1GHz. SGI gave its MIPS line of machines running IRIX a massive send-off with the enigmatic and rare Tezro in 2003. In 2005, IBM tried one last time with the IntelliStation POWER 285, followed a few months later by the heavily cut-down 185, the final AIX workstation. And Sun unveiled the Ultra 45, its final SPARC workstation, in 2006. Sun was already in the middle of its transition to x86 with machines like the Sun Java Desktop System and its successors, the Ultra 20 and 40, and then surprised everyone by reviving their UltraSPARC workstation line with the Ultra 25 and 45, which shared most � all? � of their enclosures with their x86 brethren. They were beautiful, all-aluminium machines with gorgeous interior layouts, and a striking full-grill front, somewhat inspired by the PowerMac G5 of that era. And ever since the Ultra 45 was rumoured in late 2005 and then became available in early 2006, I�ve been utterly obsessed with it. It�s taken almost two decades, but thanks to an unfathomably generous donation from KDE e.V. board member and FreeBSD contributor Adriaan de Groot, a very unique and storied Sun Ultra 45 and a whole slew of accessories showed up at my doorstep only a few weeks ago. Let�s look back upon this piece of history that is but a footnote to most, but a whole book to me � and experience Sun�s ecosystem from around 2006, today. First and foremost, I want to express my deep gratitude to Adriaan de Groot. Without him, none of this would have been possible, and I can�t put into words how grateful I am. He donated this Ultra 45 to me at no cost � not even the cost of shipping � and he also shipped another box to me containing a few Sun Ray thin clients, completing the late 2000s Sun ecosystem I now own. Since the Ultra 45 was technically owned by KDE e.V. � more on that below � I�d also like to thank the KDE e.V. Board for giving Adriaan permission for the donation. I�d also like to thank Volker A. Brandt, who sent me a Sun Ray 3, a few Ultra 45 hard drive brackets, and some other Sun goodies. The Sun Ultra 45 De Groot sent me was a base model with an upgraded GPU. It had a single UltraSPARC IIIi 1.6Ghz processor, 1GB of RAM, and the most powerful GPU Sun ever released for its SPARC workstation line, the Sun XVR-2500, a rebadged 3Dlabs Wildcat Realizm with
- Using Rust in Android speeds up development considerably
Google has been using Rust in Android more and more for its memory safety characteristics, and the results on that front were quite positive. It turns out, however, that not only does using Rust reduce the number memory safety issues, it�s also apparently a lot faster to code in Rust than C or C++. We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust�s impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one. ↫ Jeff Vander Stoep at the Google Security Blog When you think about it, it actually makes sense. If you have fewer errors of a certain type, you�ll spend less time fixing those issues, time which you can then spend developing new code. Of course, it�s not that simple and there�s a ton more factors to consider, but on a base level, it definitely makes sense. Spellcheck in word processors means you have to spend less time detecting and fixing spelling errors, so you have more time to spend on actually writing. I�m sure we�ll all be very civil about this, and nobody will be weird about Rust at all.
- Haiku gets new guarded heap for the kernel
Another month, another Haiku activity report, and this time we�ve got a major change under the hood: a brand new guarded heap. The old guarded heap was suboptimal and had started to lag behind, so the new one attempts to rectify some of these shortcomings. So, to rectify these limitations, I rewrote the kernel guarded heap more or less from scratch, taking the old code into account where it made sense but otherwise creating entirely new bookkeeping structures, interacting directly with the page table and virtual memory systems, and more. This new guarded heap implementation frees physical pages when not in use, meaning that the “virtual memory reuse disabled” mode now runs for quite long periods of time (indeed, I could successfully boot to the desktop and run compile jobs.) It also prints more diagnostics when kernel panics due to memory faults inside the heap happen, which the old kernel guarded heap didn’t (but the userland one has always done). ↫ Haiku�s activity report for October The new guarded heap is optional for now, but Haiku is planning on releasing some pre-built test builds so users can start testing it out. Of course, this isn�t the only change or improvement from this past month � the list of changes is long, but there�s no real tentpole features here. Haiku�s development pace is still very much on track.
- Google cancels plans to require Android application certification outside of the Play Store
Only a few months ago, Google announced it was going to require that all Android applications � even those installed outside of the Play Store � had to be verified. This led to a massive backlash, and it seems our protests and complaints have had effect: the company announced a change in plans today, and will, in fact, not require certification for installing applications outside of the Play Store. Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn�t verified. We are designing this flow specifically to resist coercion, ensuring that users aren�t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months. ↫ Matthew Forsythe Director at the Android Developers Blog While this is great news, I�m still concerned this is only temporary. Companies like Google have a tendency to announce some draconian measure to test the waters, walk it back in response to backlash, only to then reintroduce it through some sneaky backdoor a year later when nobody�s looking. Installing whatever we want on the devices we own should be a protected right, not something graciously afforded to us by our corporate overlords. If you think this is the end of this story, you�re a fool.
- Big news for small OpenBSD /usr partitions
Ever ran into issues using sysupgrade on OpenBSD because /usr ran out of space? OpenBSD developers are trying to address this issue. Firstly, Stuart Henderson (sthen@) modified the installer to increase free space prior to installing. Theo de Raadt (deraadt@) modified sysupgrade(8) so that, if space is too tight, it will fail gracefully rather than risk leaving the administrator with a broken system. ↫ OpenBSD Journal These are very welcome additions.
- Valve brings x86 gaming to ARM Linux with FEX
Valve announced a few new devices yesterday. There�s a new Steam console, which is essentially just a tiny PC with SteamOS installed � think of it as a Steam Deck without a display. Second, Valve finally released a new Steam Controller to go with the Steam console, which has taken them long enough. Lastly, there�s a brand new Steam VR headset, the Steam Frame. Other websites with actual access to these new devices will do a better job of covering them than I ever could, but I do want to highlight something crucially important about the Steam Frame: it contains a Snapdragon ARM processor, but can still run Steam and all of its games. How does this work? Well, after developing Proton to allow Windows games to run on Linux, Valve introduced! FEX, which will allow you to run x86 Windows games on ARM Linux. I put the quotation marks there because FEX was an existing project Valve invested heavily into in recent times, and it�s now at the point where Valve seems confident enough it will be capable of running enough x86 games on ARM Linux. As such, the Steam Frame runs full SteamOS with KDE Plasma, you can run x86 Steam games, and as an additional bonus, you can install Android APKs as well. I�ve yet to even try VR, because I�m not particularly interested in buying into any locked-down platform. The Steam Frame may be the first VR device I�ll buy � depending on price, of course � and the Steam console definitely looks like a great addition to the living room, too. My wife and I have little to no interesting in buying an Xbox or PS5, but having easy, no-hassle access to our massive Steam libraries on our TV will be awesome.
- VMS/XDE: an OpenVMS x86 development environment for Linux and Windows/WSL
VMS/XDE is an OpenVMS x86 development environment for Linux and WIndows (via WSL). It provides a familiar user experience for OpenVMS developers working in Linux and Windows yet offers 100% binary and file system compatilibilty with OpenVMS. VMS/XDE includes OpenVMS V9.2-3 user, supervisor and executive mode operating system environments and a set of x86 native compilers and layered products geared towards OpenVMS software development and testing. ↫ VMS/XDE website VMS/XDE is a beta version, and comes with the usual annoying OpenVMS x86 time bombs, this time exploding on 3 January 2026. If you intend to use the finalised commercial version after the beta period ends, you�ll have to employ the same licenses as regular OpenVMS. It�s a bit of a mess, but that�s the OpenVMS way, sadly � and I don�t blame them, either, as I�m sure they�re hamstrung by a ton of agreements and restrictions imposed upon them by HP. Regardless, VMS/XDE brings a zero setup OpenVMS environment to the operating system you�re already using, making it easier to develop and cross-compile for the platform. I still have absolutely no clue just how many people OpenVMS is still relevant for, but I absolutely adore the fact VMS Software Inc. is working on this. In a world where so many of its former competitors are being held hostage by corporate indifference, it�s refreshing to see VMS still moving forward.
- Plasma Mobile 6.5 keeps improving
As part of the KDE Plasma 6.5 release, we also got a new release of Plasma Mobile. As there�s a lot of changes, improvements, and new features in Plasma Mobile 6.5, the Plasma Mobile Team published a blog post to highlight them all. The biggest improvement is probably the further integration of Waydroid, a necessary evil to run Android applications until the Plasma Mobile ecosystem manages to become a bit more well-rounded. Waydroid can now be managed straight from the settings application and the quick settings dropdown. Furthermore, the lockscreen has been improved considerably, there�s been a ton of polish for the home screen and the user interface in general, the quick settings panel can now be customised to make it fit better on different form factors, the first early test version of the new Plasma mobile keyboard is included, and so much more. This is definitely a release I would want to try out, but since I don�t have any of the supported devices, I�m a bit stuck. This is, of course, one of the two major problems facing proper mobile Linux: the lack of device support. It�s improving due to the tireless work of countless volunteers, but they�re always going to be swimming upstream. The other major problem is, of course, application availability, but at least Waydroid can bridge the gap for the adventurous among us.
- Tribblix m38 released
Tribblix, the Illumos distribution focused on giving you a classic UNIX-style experience, has released a new version. Milestone 38 isn�t the most consequential release of all time, but it does bring a few small changes accompanied by the usual long list of updated open source packages. The zap install command now installs dependencies by default, while zap create-user will now restrict new home directories to mode 0700 by default. Meanwhile, int16h at Cryogenix published an article about using a Bhyve VM running FreeBSD to act as a Wi-Fi bridge for laptops with 802.11xx chips that Tribblix doesn�t support. This is a great, albeit somewhat convoluted option if your hardware uses any Wi-Fi chips Tribblix doesn�t support. There�s honestly a solution for everything, isn�t there?
- Setting up a combined 68k/PA-RISC HP-UX 9 cluster
Jonathan Pallant got lucky and managed to score a massive haul of �90s UNIX workstations, one of which was an HP 9000 Model 340, a HP-UX workstation built around a Motorola 68030 processor at 16.7 MHz. It doesn�t come with a hard drive or even a floppy controller, though, so he decided to borrow a PA-RISC-based HP 9000 Model 705 to set up an HP-UX 9 cluster. But wait, how does that work, when we�re dealing with two entirely different architectures? What�s more fun though, is putting it into a cluster with the Model 705 and network booting it. Yes, that a 68030 machine network booting from a PA-RISC machine 0 and`sharing the same root filesystem. But aren�t PA-RISC binaries and 68K binaries quite different? Oh yes, they really are. So, how does that work? ↫ Jonathan Pallant HP-UX is far more interesting and fascinating than a lot of people give it credit for, and while my interest lies with HP-UX 11i, I find what Pallant is doing here with HP-UX 9 just as fascinating. You first need to install HP-UX 9 for PA-RISC on the 700 series machine, convert it to a cluster server, and then install HP-UX 9 for 68k on top of that PA-RISC installation. After this is done, you effectively end up with a single root file system that contains both PA-RISC and 68k binaries, and you can network boot the 68k-based Model 340 right from it � using the same root filesystem on both machines. Absolutely wild. No, these are not universal binaries or some other trick you might know of from more modern system. In fact, installing the 68k version of HP-UX 9 into! the PA-RISC HP-UX 9 cluster server, you end up with something called a Context Dependent Filesystem. To get a better idea of what this means and how this works, you should really head on over to Pallant�s excellent article for all the details.
- Wine 10.19 Released: Game Changing Support for Windows Reparse Points on Linux
by George Whittaker Introduction
If you use Linux and occasionally run Windows applications, whether via native Wine or through gaming layers like Proton, you’ll appreciate what just dropped in Wine 10.19. Released November 14 2025, this version brings a major enhancement: official support for Windows reparse points, a filesystem feature many Windows apps rely on, and a host of other compatibility upgrades.
In simpler terms: Wine now understands more of the Windows filesystem semantics, which means fewer workarounds, better application compatibility, and smoother experiences for many games and tools previously finicky under Linux.
What Are Reparse Points & Why They MatterUnderstanding Reparse Points
On Windows, a reparse point is a filesystem object (file or directory) that carries additional data, often used for symbolic links, junctions, mount points, or other redirection features. When an application opens or queries a file, the OS may check the reparse tag to determine special behavior (for example “redirect this file open to this other path”).
Because many Windows apps, installers, games, DRM systems, file-managers, use reparse points for features like directory redirection, path abstractions, or filesystem overlays, lacking full support for them in Wine means those apps often misbehave.
What Wine 10.19 Adds
With Wine 10.19, support for these reparse point mechanisms has been implemented in key filesystem APIs: for example NtQueryDirectoryFile, GetFileInfo, file attribute tags, and DeleteFile/RemoveDirectory for reparse objects.
This means that in Wine 10.19:
Windows apps that create or manage symbolic links, directory junctions or mount-point style re-parsing will now function correctly in many more cases.
Installers or frameworks that rely on “when opening path X, redirect to path Y” will work with less tinkering.
Games or utilities that check for reparse tags or use directory redirections will have fewer “stuck” behaviors or missing files.
In effect, this is a step toward closer to native behavior for Windows file-system semantics under Linux.
Other Key Highlights in Wine 10.19
Beyond reparse points, the release brings several notable improvements:
Expanded support for WinRT exceptions (Windows Runtime error handling) meaning better compatibility for Universal Windows Platform (UWP) apps and newer Windows-based frameworks.
Refactoring of “Common Controls” (COMCTL32) following the version 5 vs version 6 split, which helps GUI applications that rely on older controls or expect mixed versions.
Go to Full Article
- Firefox 145: A Major Release with 32-Bit Linux Support Dropped
by George Whittaker Introduction
Mozilla has rolled out Firefox 145, a significant update that brings a range of usability, security and privacy enhancements, while marking a clear turning point by discontinuing official support for 32-bit Linux systems. For users on older hardware or legacy distros, this change means it’s time to consider moving to a 64-bit environment or opting for a supported version.
Here’s a detailed look at what’s new, what’s changed, and what you need to know.
Major Changes in Firefox 145End of 32-Bit Linux Builds
One of the headline items in this release is Mozilla’s decision to stop building and distributing Firefox for 32-bit x86 Linux. As per their announcement:
“32-bit Linux (on x86) is no longer widely supported by the vast majority of Linux distributions, and maintaining Firefox on this platform has become increasingly difficult and unreliable.”
From Firefox 145 onward, only 64-bit (x86_64) and relevant 64-bit architectures (such as ARM64) will be officially supported. For those still running 32-bit Linux builds, Mozilla recommends migrating to 64-bit or switching to the Extended Support Release (ESR) branch (Firefox 140 ESR) which still supports 32-bit for a limited period.
Usability & Interface Enhancements
Firefox 145 brings several improvements designed to make everyday web browsing smoother and more flexible:
PDF viewer enhancements: You can now add, edit, and delete comments in PDFs, and a comments sidebar helps you easily navigate your annotations.
Tab-group preview: When you hover over the name of a collapsed tab group, a thumbnail preview of the tabs inside appears, helpful for reorganizing or returning to work.
Access saved passwords from the sidebar, without needing to open a new tab or window.
“Open links from apps next to your active tab” setting: When enabled, links opened from external applications insert next to your current tab instead of at the end of the tab bar.
Slight UI refinements: Buttons, input fields, tabs and other elements get more rounded edges, horizontal tabs are redesigned to align with vertical-tab aesthetics.
Privacy, Security & Under-the-Hood Upgrades
Mozilla has also doubled down on privacy and risk reduction:
Fingerprinting defenses: Firefox 145 introduces new anti-fingerprinting techniques that Mozilla estimates reduce the number of users identified as unique by nearly half when Private Browsing mode or Enhanced Tracking Protection (strict) is used.
Go to Full Article
- MX Linux 25 ‘Infinity’ Arrives: Debian 13 ‘Trixie’ Base, Modern Tools & A Fresh Installer
by George Whittaker Introduction
The team behind MX Linux has just released version 25, carrying the codename “Infinity”, and it brings a significant upgrade by building upon the stable base of Debian 13 “Trixie”. Released on November 9, 2025, this edition doesn’t just refresh the desktop, it introduces modernized tooling, updated kernels, dual init-options, and installer enhancements aimed at both newcomers and long-time users.
In the sections that follow, we’ll walk through the key new features of MX Linux 25, what’s changed for each desktop edition, recommended upgrade or fresh-install paths, and why this release matters in the wider Linux-distribution ecosystem.
What’s New in MX Linux 25 “Infinity”
Here are the headline changes and improvements that define this release:
Debian 13 “Trixie” Base
By moving to Debian 13, Infinity inherits all the stability, security updates, and broader hardware support of the latest Debian stable release. The base system now aligns with Trixie’s libraries, kernels, and architecture support.
Kernel Choices & Hardware Support
The standard editions ship with the Linux 6.12 LTS kernel series, offering a solid baseline for most hardware.
For newer hardware or advanced users, the “AHS” (Advanced Hardware Support) variants and the KDE Plasma edition adopt a Liquorix-flavored Linux 6.16 (or 6.15 in some variants) kernel, maximizing performance and compatibility with cutting-edge setups.
Dual Init Option: systemd and SysVinit
Traditionally associated with lighter-weight init options, MX Linux now offers both systemd by default and SysVinit editions (particularly for Xfce and Fluxbox variants). This gives users the freedom to choose their init system preference without losing new features.
Updated Desktop Environments
Xfce edition: Ships with Xfce 4.20. Improvements include a revamped Whisker Menu, updated archive management tools (Engrampa replacing File Roller in some editions).
KDE Plasma edition: Uses KDE Plasma 6.3.6, defaults to Wayland for a modern session experience (with X11 still optionally available), adds root-actions and service menus to Dolphin, and switches TLP out for power-profiles-daemon to resolve power widget issues.
Fluxbox edition: Offers a more minimal, highly customizable environment: new panel layouts, updated “appfinder” configs for Rofi, toolbar changes and themes refined. Defaults the audio player to Audacious (instead of the older DeaDBeeF).
Go to Full Article
- Arch Linux November 2025 ISO: Fresh Snapshot, Smarter Installer (Archinstall 3.0.12) & Pacman 7.1
by George Whittaker
Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:
Archinstall 3.0.12 – a more polished, smarter TUI installer
Pacman 7.1 – a package manager update with stricter security and better tooling
If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.
Why Arch Still Ships Monthly ISOs in a Rolling World
Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:
sudo pacman -Syu
…but in practice, that’s painful:
Huge initial update downloads
Possible breakage jumping across many months of changes
Outdated installer tooling
That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:
Start with a current kernel and userland
Spend less time updating right after install
Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)
The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.
What’s Inside the November 2025 ISO (2025.11.01)
The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:
Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.
Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.
The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.
You can download it from the official Arch Linux download page or via BitTorrent mirrors.
One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.
Archinstall 3.0.12: What’s Actually New?
Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.
Go to Full Article
- AMD Confirms Zen 5 RNG Flaw: When ‘Random’ Isn’t Random Enough
by George Whittaker
AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.
Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.
What AMD Just Confirmed
AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:
Return the value 0 from RDSEED far more often than true randomness would allow
Still signal “success” (carry flag CF=1), so software thinks it got a good random value
The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.
Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.
AMD classifies the impact as:
Loss of confidentiality and integrity (High severity).
How the Vulnerability Works (In Plain English)What RDSEED Is Supposed to Do
Modern CPUs expose hardware instructions like RDRAND and RDSEED:
RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.
RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).
Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.
What’s Going Wrong on Zen 5
On affected Zen 5 CPUs:
The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.
Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.
In cryptographic terms, this means:
Entropy can be dramatically reduced (many key bits become predictable or even fixed).
Keys or nonces derived from those values can become partially or fully guessable.
Go to Full Article
- The Most Critical Linux Kernel Breaches of 2025 So Far
by George Whittaker
The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.
CVE-2025-21756 – Use-After-Free in the vsock Subsystem
One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.
How the exploit works:A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.
Why it matters:Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.
Mitigation:Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.
CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets
Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.
Attack scenario:A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.
Why it matters:This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.
Mitigation:Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.
CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers
In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Go to Full Article
- Steam Deck 2 Rumors Ignite a New Era for Linux Gaming
by George Whittaker
The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.
What the Rumours Suggest
Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:
Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.
A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.
One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.
Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.
In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.
Why This Matters for Linux Gaming
The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:
Validation of SteamOS & Linux Gaming
The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.
Handheld PC Ecosystem Momentum
Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.
Go to Full Article
- Kali Linux 2025.3 Lands: Enhanced Wireless Capabilities, Ten New Tools & Infrastructure Refresh
by George Whittaker Introduction
The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.
In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.
What’s New in Kali Linux 2025.3
This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.
Tooling Additions: Ten Fresh Packages
One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:
Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).
Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.
Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.
krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.
ligolo-mp – a multiplayer pivoting solution for network-lateral movement.
llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).
mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.
patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).
vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.
Go to Full Article
- VMScape: Cracking VM-Host Isolation in the Speculative Execution Age & How Linux Patches Respond
by George Whittaker Introduction
In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.
Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.
In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).
What VMScape Is & Why It MattersThe Basics of Speculative Side-Channels
Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.
One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.
VMScape: Guest to Host via Branch Predictor
VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”
Here are the key elements making VMScape significant:
The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).
Go to Full Article
- Self-Tuning Linux Kernels: How LLM-Driven Agents Are Reinventing Scheduler Policies
by George Whittaker Introduction
Modern computing systems rely heavily on operating-system schedulers to allocate CPU time fairly and efficiently. Yet many of these schedulers operate blindly with respect to the meaning of workloads: they cannot distinguish, for example, whether a task is latency-sensitive or batch-oriented. This mismatch, between application semantics and scheduler heuristics, is often referred to as the semantic gap.
A recent research framework called SchedCP aims to close that gap. By using autonomous LLM‐based agents, the system analyzes workload characteristics, selects or synthesizes custom scheduling policies, and safely deploys them into the kernel, without human intervention. This represents a meaningful step toward self-optimizing, application-aware kernels.
In this article we will explore what SchedCP is, how it works under the hood, the evidence of its effectiveness, real-world implications, and what caveats remain.
Why the Problem Matters
At the heart of the issue is that general-purpose schedulers (for example the Linux kernel’s default policy) assume broad fairness, rather than tailoring scheduling to what your application cares about. For instance:
A video-streaming service may care most about minimal tail latency.
A CI/CD build system may care most about throughput and job completion time.
A cloud analytics job may prefer maximum utilisation of cores with less concern for interactive responsiveness.
Traditional schedulers treat all tasks mostly the same, tuning knobs generically. As a result, systems often sacrifice optimisation opportunities. Some prior efforts have used reinforcement-learning techniques to tune scheduler parameters, but these approaches have limitations: slow convergence, limited generalisation, and weak reasoning about why a workload behaves as it does.
SchedCP starts from the observation that large language models can reason semantically about workloads (expressed in plain language or structured summaries), propose new scheduling strategies, and generate code via eBPF that is loaded into the kernel via the sched_ext interface. Thus, a custom scheduler (or modified policy) can be developed specifically for a given workload scenario, and in a self-service, automated way.
Architecture & Key Components
SchedCP comprises two primary subsystems: a control-plane framework and an agent loop that interacts with it. The framework decouples “what to optimise” (reasoning) from “how to act” (execution) in order to preserve kernel stability while enabling powerful optimisations.
Here are the major components:
Go to Full Article
|
