|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- [$] A struct sockaddr sequel
One of the many objectives of the LinuxKernel Self-Protection Project (KSPP), which just completed ten years ofwork, is to ensure that all array references can be bounds-checked,even in the case of flexible array members, the size of which is not knownat compile time. One of the most challenging flexible array members in thekernel is not even declared as such. Almost exactly one year ago, LWN looked at the effort to increase safety aroundthe networking subsystem's heavily used sockaddr structure. Oneyear later, Kees Cook is still looking for a way to bring this work to aclose.
- Security updates for Friday
Security updates have been issued by Debian (keystone and lxd), Fedora (docker-buildkit, firefox, gh, gitleaks, lasso, runc, and seamonkey), Mageia (perl-Authen-SASL, perl-Cpanel-JSON-XS, perl-Crypt-OpenSSL-RSA, perl-JSON-XS, python-flask-cors, python-py, python-setuptools, and ruby), Oracle (java-1.8.0-openjdk), SUSE (binutils, cargo-packaging, rust-bindgen, chromium, go-sendxmpp, helm, lasso, libxml2, openssh, openssh8.4, python-Django, python-Scrapy-doc, python311-Brotli, squid, tomcat10, and weblate), and Ubuntu (linux-nvidia-6.8, linux-oracle, linux-oracle-6.8 and linux-xilinx-zynqmp).
- Two new stable kernels
Greg Kroah-Hartman has announced the release of the 6.17.8 and 6.12.58 stable kernels. Each contains animportant set of fixes. Users are advised to upgrade.
- Rust in Android: move fast and fix things (Google Security Blog)
The Google Security Blog has anew post on just how well the use of Rust is working out for theAndroid project.
We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android's C and C++ code. But the biggest surprise was Rust's impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one.
- Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blog)
The SUSE Security Team has published an in-deptharticle on its findings after reviewing a D-Bus service containedin LightDMGreeter by KDE (the lightdm-kde-greeter package)for addition to openSUSE Tumbleweed. The team found a privilegeescalation from the lightdm service user to root, aswell as other attack vectors in the service:
In agreement with upstream, we assigned CVE-2025-62876 to track thelightdm service user to root privilege escalation aspect described inthis report. The severity of the issue is low, since it only affectsdefense-in-depth (if the lightdm service user were compromised) andthe problematic logic can only be reached and exploited if triggeredinteractively by a privileged user.
The fixes are contained in the 6.0.4release of the project.
- Thunderbird 145 released
Version145 of the Thunderbird email client has been released. Notablechanges in this release include enabling DNS over HTTPS, support forMicrosoft Exchange via Exchange Web Services, and quite a few bugfixes. As of 145, the project is no longer shipping 32-bit binariesfor Linux on x86.
- [$] Another Fedora Flatpak discussion
Many distributions provide support out of the proverbial box forFlatpak packages, but Fedora is unusual in that it also provides, anddefaults, to its own repository of Fedora-built Flatpaks. This has beena source of confusion for Fedora users, who expect to get the Flatpakbuilt by the original developers and hosted on Flathub. It has also been a sourceof conflict with upstream projects, because users complain of bugs inFlatpak packages they are not responsible for. The situation has also frustrated someFedora developers, who would prefer to put Flathub's offeringsfirst. A new complaint that Fedora has apparently used manifestsfrom Flathub to build the packages for Fedora—without giving credit tothe original authors—has spurred discussions about Fedora'sFlatpaks once again. While no concrete changes are on the table, yet,there may be some movement toward addressing persistent complaints.
- Security updates for Thursday
Security updates have been issued by Debian (chromium and firefox-esr), Fedora (firefox, rubygem-rack, skopeo, and webkitgtk), Mageia (perl, perl-CPAN, perl-HTTP-Tiny, perl-Data-Entropy, perl-FCGI, perl-File-Find-Rule, perl-YAML-LibYAML, python-tornado, python-urllib3, python-pip, python3, and unbound), Oracle (ipa and kernel), Red Hat (container-tools:rhel8, krb5, openssl, pcs, podman, and runc), Slackware (mozilla), SUSE (binutils, kernel, netty, netty-tcnative, podman, python311-pdfminer, and tomcat11), and Ubuntu (bind9 and linux-aws-6.8).
- [$] LWN.net Weekly Edition for November 13, 2025
Inside this week's LWN.net Weekly Edition:
Front: FUSE performance; Magic kfuncs; Tails Linux; Direct I/O and modifying buffers; Working with bootable containers. Briefs: Kernel LLM policy; Firefox 145; FHS; Homebrew 5.0.0; Mastodon 4.5; Public-inbox 2.0.0; Pytest 9.0.0; Quote; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- Homebrew 5.0.0 released
Version5.0.0 of the Homebrew packagemanager for Linux and macOS has been released. Notable changes in thisrelease include download concurrency by default, official support for64-bit Arm on Linux, and more.
- Nouveau Driver To Support Larger Pages & Compression Support With Linux 6.19
While the "Nova" driver continues to be developed as a modern Rust-written, open-source and in-kernel NVIDIA graphics driver for Linux, for the time being Nouveau is what's working for end-users for those wanting a mainline open-source NVIDIA graphics driver for gaming and other workloads. With Linux 6.19 the Nouveau driver is picking up support for handling larger pages as well as compression support...
- Fedora at Kirinyaga University Docs workshop
We did it again, Fedora at Kirinyaga university in Kenya. This time, we didn’t just introduce what open source is – we showed students how to participate and actually contribute in real time. Many students had heard of open source before, but were not sure how to get started or where they could fit. We […]
- GNU C Library Adds Linux "mseal" Function For Memory Sealing
Introduced last year in the Linux 6.10 kernel was the mseal system call for memory sealing to protect the memory mapping against modifications to seal non-writable memory segments or better protecting sensitive data structures. The GNU C Library has finally introduced its mseal function making use of this modern Linux kernel functionality...
- Google Begins Aggresively Using the Law To Stop Text Message Scams
"Google is going to court to help put an end to, or at least limit, the prevalence of phishing scams over text message," reports BGR:Google said it's bringing suit against Lighthouse, an impressively large operation that allegedly provides tools customers can buy to set up their own specialized phishing scams. All told, Google estimates that Lighthouse-affiliated scams in the U.S. have stolen anywhere between 12.7 million and 115 million credit cards. "Bad actors built Lighthouse as a phishing-as-a-service kit to generate and deploy massive SMS phishing attacks," Google notes. "These attacks exploit established brands like E-Z Pass to steal people's financial information." Google's legal action is comprehensive and is intent on completely dismantling Lighthouse's operations. The search giant is bringing claims under RICO, the Lanham Act, and the Computer Fraud and Abuse Act (CFAA). RICO, which often comes up in movies and television shows, allows authorities to treat Lighthouse's phishing operation as a broad criminal enterprise as opposed to isolated scams. By using RICO, Google also expands the list of individuals who can be found liable, whether it be the people who started Lighthouse, the people who run it, or even unaffiliated customers who used the company's services. The Lanham Act, for those unaware, targets malicious actors who misappropriate well-known company trademarks in order to confuse consumers. This Lanham Act comes into play because many phishing scams masquerade as legitimate messages from companies like Amazon and FedEx. The Computer Fraud and Abuse Act, meanwhile, is relevant because scammers typically use stolen credentials to gain unauthorized access to financial systems, something the CFAA is designed to target... The fact that Google is invoking all three of the acts above underscores how serious the company is about putting a stop to SMS-based scams. By using all three, Google's legal attack is more potent and also expands the range of available remedies to include civil damages and criminal penalties. In short, Google isn't merely trying to win a legal case; it's aiming to emphatically and permanently stop Lighthouse in its tracks. Getting even more aggressive, Google says it's also working with the U.S. Congress to pass new anti-scammer legislation, and endorsed these three new bipartisan bills:The Scam Compound Accountability and Mobilization (SCAM) Act "would develop a national strategy to counter scam compounds, enhance sanctions and support survivors of human trafficking within these compounds."The Foreign Robocall Elimination Act "would establish a taskforce focused on how to best block foreign-originated illegal robocalls before they ever reach American consumers."The Guarding Unprotected Aging Retirees from Deception (GUARD) Act "would empower state and local law enforcement by enabling them to utilize federal grant funding to investigate financial fraud and scams specifically targeting retirees. "Thanks to Slashdot reader anderzole for sharing the article.
Read more of this story at Slashdot.
- A Quantum Error Correction Breakthrough?
The dream of quantum computers has been hampered by the challenge of error correction, writes the Harvard Gazette, since qubits "are inherently susceptible to slipping out of their quantum states and losing their encoded information." But in a newly-published paper, a research team "combined various methods to create complex circuits with dozens of error correction layers" that "suppresses errors below a critical threshold — the point where adding qubits further reduces errors rather than increasing them.""For the first time, we combined all essential elements for a scalable, error-corrected quantum computation in an integrated architecture," said Mikhail Lukin, co-director of the Quantum Science and Engineering Initiative, Joshua and Beth Friedman University Professor, and senior author of the new paper. "These experiments — by several measures the most advanced that have been done on any quantum platform to date — create the scientific foundation for practical large-scale quantum computation..." "There are still a lot of technical challenges remaining to get to very large-scale computer with millions of qubits, but this is the first time we have an architecture that is conceptually scalable," said lead author Dolev Bluvstein, Ph.D. '25, who did the research during his graduate studies at Harvard and is now an assistant professor at Caltech. "It's going to take a lot of effort and technical development, but it's becoming clear that we can build fault-tolerant quantum computers...." Hartmut Neven, vice president of engineering at the Google Quantum AI team, said the new paper came amid an "incredibly exciting" race between qubit platforms. "This work represents a significant advance toward our shared goal of building a large-scale, useful quantum computer," he said... With recent advances, Lukin believes the core elements for building quantum computers are falling into place. "This big dream that many of us had for several decades, for the first time, is really in direct sight," he said. "In theory, a system of 300 quantum bits can store more information than the number of particles in the known universe..." the article points out. "The new paper represents an important advance in a three-decade pursuit of quantum error correction." Thanks to long-time Slashdot reader schwit1 for sharing the article.
Read more of this story at Slashdot.
- Fear Drives the AI 'Cold War' Between America and China
A new "cold war" between America and China is "pushing leaders to sideline concerns about the dangers of powerful AI models," reports the Wall Street Journal, "including the spread of disinformation and other harmful content, and the development of superintelligent AI systems misaligned with human values..." "Both countries are driven as much by fear as by hope of progress. "In Washington and Silicon Valley, warnings abound that China's"authoritarian AI," left unchecked, will erode American techsupremacy. Beijing is gripped by the conviction that a failure tokeeppace in AI will make it easier for the U.S. to cut short China'sresurgence as a global power. Both countries believe market sharefor their companies across the world is up for grabs — and with it,the potential to influence large swaths of the global population. The U.S. still has a clear lead, producing the most powerful AImodels. China can't match it in advancedchips and has no answer for the financial firepower of privateAmerican investors, who funded AI startups to the tune of $104billion in the first half of 2025, and are gearingup for more. But it has a massive population of capableengineers, lower costs and a state-led development model that oftenmoves faster than the U.S., all of which Beijing is working toharness to tip the contest in its direction. A new "whole ofsociety" campaign looks to accelerate the construction of computingclusters in areas like Inner Mongolia, where vast solar and windfarms provide plentiful cheap energy, and connect hundreds of datacenters to create a shared compute pool — some describe it as a"national cloud" — by 2028. China is also funneling hundreds ofbillions of dollars into its power grid to support AI training andadoption... "Our lead is probably in the 'months but not years' realm,"said Chris McGuire, who helped design U.S. export controls on AIchips while serving on the National Security Council under the Bidenadministration. Chinese AI models currently rank at or near the topin every task from coding to video generation, with the exception ofsearch, according to Chatbot Arena, a popular crowdsourced rankingplatform. China's manufacturing sector, meanwhile, is rocketingpast the U.S. in bringingAI into the physical world through robotaxis, autonomous dronesand humanoidrobots. Given China's progress, McGuire said, the U.S. is"very lucky" to have its advantage in chips... If AI surpasses human intelligence and acquires the ability toimprove itself, it could confer unshakable scientific, economic andmilitary superiority on the country that controls it. Short of that,AI's ability to automate tedious tasks and process vast amounts ofdata quickly promises to supercharge everything from cancer diagnosesto missile defense. With so much at stake, hacking and cyberespionage are likely to get worse, as AI gives hackers more powerfultools, while increasing incentives for state-backed groups to try tosteal AI-related intellectual property. As distrust grows, Washingtonand Beijing will also find it hard, if not impossible, to cooperatein areas like preventing extremist groups from using AI indestructive ways, such as building bioweapons. "The costs of theAI Cold War are already high and will go much higher," said PaulTriolo, a former U.S. government analyst and current technologypolicy lead at business consulting firm DGA-Albright StonebridgeGroup. "A U.S.-China AI arms race becomes a self-fulfillingprophecy, with neither side able to trust that the other wouldobserve any restrictions on advanced AI capability development...." The article includes an interesting observation from Helen Toner, director of strategy for Georgetown's Center for Security and Emerging Technology and a former OpenAI board member. Toner points out "We don't actually know" if boosting computing power with better chips will continue producing more-powerful AI models. So "If performance plateaus," the Journal writes, "despite all the spending by OpenAI and others — a growing concern in Silicon Valley — China has a chance to compete."
Read more of this story at Slashdot.
- EV Sales Are Still Rising. They Have Not Slumped
"Media headlines suggesting some slowdown in EV sales are simply incorrect," writes the site Electrek, "and leave out the bigger picture that gas car sales actually are dropping..."Over the course ofthe last two years or so, sales of battery electric vehicles, whilecontinuing to grow, have posted lower year-over-year percentagegrowth rates than they had in years prior. EV sales used to grow at50%+ per year, but for the last couple years, they have grown closerto ~25% per year. This alone is not particularly remarkable — itis inevitable that any growing product or category will show slowerpercentage growth rates as sales rise, particularly one that has beengrowing at such a fast rate for so long. In some recent years, wehad even seen year-over-yeardoublings in EV market share (though one of those was 2020->2021,which was anomalous). To expect improvement at that level perpetuallywould be close to impossible — after 3 years of doublingmarket share from 2023's 18% number, EVs would account for morethan 100% of the global automotive market, which cannot happen... We have seen a global EV sales growth rate of 23% in the first 10months of this year, according to a report just released by RhoMotion (recently acquired by Benchmark Mineral Intelligence). Thatincludes a +32% bump in Europe, +22% bump in China, +4% in NorthAmerica, and a big +48% bump in the "rest of the world." Notably,this 23% global growth rate is higher than last year's YTD growthrate, which was 22%at this time... In covering these trends, some journalists have attempted to usethe less-wrong phrase "slower growth," showing that EV sales arestill growing, but at a lower percentage change than previously seen. But for the first ten months of this year, that isn't true — EVsales are up more in 2025 than in 2024 by a percentage basis. Theyare also up in raw sales numbers — in 2024, EVsales grew by a larger number than in 2023. And the same is trueso far in 2025. Going back to 2023, 10.7 million EVs were soldglobally in the first 10 months. Then in 2024, 13.3 million weresold, a difference of 2.6 million. And so far in 2025, 16.5 millionEVs have sold, a difference of 3.2 million. Not only are the numbersgetting bigger, but the growth in unit sales is getting bigger aswell. Even in America, theEV market "has increased so far this year, with 11.7%US EV sales growth YTD."In terms of US hybrid sales, much has been made of customers"shifting from EVs to hybrids," which is also not the case.Conventional gas-hybrid sales areindeed up and plug-in hybrids, which have grown more slowlythan gas-hybrids/BEVs, have also shown some growth lately. Butgas-hybrid sales have not come at the cost of EV sales, rather at thecost of gas-only car sales. Because that'sjust the thing: the number of gas-only vehiclesbeing sold worldwide is a number that actually is falling.That number continues to go down year over year. Sales of newgas-powered cars are down by abouta quarter from their peak in 2017, and show no signs ofrecovering... And yet, somehow, virtually every headline you read isabout the "EV sales slump," rather than the "gas-car salesslump." The one you keep hearing about isn't happening,but the one you rarely hear about is happening... No matterwhat region of the world you're in, EV sales were up in the first10 months of this year.
Read more of this story at Slashdot.
- While Meta Crawls the Web for AI Training Data, Bruce Ediger Pranks Them with Endless Bad Data
From the personal blog of interface expert Bruce Ediger:Early in March 2025, I noticed that a web crawler with a useragent string of meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) was hitting my blog's machine at an unreasonable rate. I followed the URL and discovered this is what Meta uses to gather premium,human-generated content to train its LLMs. I found the rate ofrequests to be annoying. I already have a PHP program that creates the illusion of an infinite website. I decided to answer any HTTP request that had"meta-externalagent" in its user agent string with the contentsof a bork.php generated file... This workedbrilliantly. Meta ramped up to requesting 270,000 URLs on May 30 and31, 2025...After about 3 months, I got scared that Meta's insatiableconsumption of Super Great Pages about condiments, underwear andcirca 2010 C-List celebs would start costing me money. So I switchedto giving "meta-externalagent" a 404 status code. I decided tosee how long it would take one of the highest valued companies in theworld to decide to go away.The answer is 5 months.
Read more of this story at Slashdot.
- Sony Killed This Game in 2024. Three Developers Reverse-Engineered It Back to Life
An anonymous reader shared this post from the gaming news site Aftermath: Concord, Sony Interactive Entertainment and Firewalk Studios' Overwatch-like shooter, was live for just two weeks before it was pulled offline. Though Concord certainly had some dedicated players, it didn't have many — which is why it may be surprising to hear that a group of players are reverse-engineering the game and its servers to bring it back to life. Publisher Sony removed Concord from stores and digital marketplaces, automatically refunded some, and, later, shut down Firewalk Studios. Two hundred or so people were laid off, and any hopes of Concord's return were dashed. Poor sales — estimated to be under 25,000 copies sold — and low player numbers marred the release. Firewalk Studios' game director Ryan Ellis said in a blog post that pieces of the game "resonated with players," but "other aspects of the game and [Concord's] initial launch didn't land the way [Firewalk Studios] intended." Concord wasn't a bad game, but it just didn't generate enough interest with enough players. Now, a group of three hobbyist reverse-engineers, who go by real, Red, and gwog online, are trying to make it playable again... "Sometimes there's enough of the server left in the game, that we can 'activate' that code and make the game believe it's a server," Red said. "We do pretty much always need to fill in the gaps though..." Concord used an anti-tamper software to keep people from cheating, which also creates a problem for people reverse engineering. It's "nearly impossible" to crack, Red said, so the group didn't — they found an exploit to "forcefully decrypt the game's code" to "restore the game and start working on servers...." It's not open to the public, but people can sign up for future tests. Even former Firewalk Studios employees have joined the server. They're excited to see Concord come back to life, too, the developers said. "Friday morning, a video of the playtest was posted to the Concord Reddit page," according to the article. (Though ironically by Friday night YouTube had had removed the video "due to a copyright claim by MarkScan Enforcement."
Read more of this story at Slashdot.
- Why Solarpunk Is Already Happening In Africa
Long-time Slashdot reader schwit1 shares a Substack post by economist/entrepreneur Skander Garroum:You know that feeling when you're waiting for the cable guy, and they said 'between 8am and 6pm, and you waste your entire day, and they never show up? Now imagine that, except the cable guy is 'electricity,' the day is '50 years,' and you're one of 600 million people. At some point, you stop waiting and figure it out yourself. What's happening across Sub-Saharan Africa right now is the most ambitious infrastructure project in human history, except it's not being built by governments or utilities or World Bank consortiums. It's being built by startups selling solar panels to farmers on payment plans. And it's working. Over 30 million solar products sold in 2024. 400,000 new solar installations every month across Africa. 50% market share captured by companies that didn't exist 15 years ago. Carbon credits subsidizing the cost. IoT chips in every device. 90%+ repayment rates on loans to people earning $2/day. And if you understand what's happening in Africa, you understand the template for how infrastructure will get built everywhere else for the next 50 years.
Read more of this story at Slashdot.
- Woman Pleads Guilty to Lying About Astronaut Accessing Bank Account From International Space Station
It was the first allegation of a crime committed in space — back in 2019. But by 2020 it had led tocharges of lying to federal authorities.And now a former Air Force intelligence officer "has pleaded guilty to lying to a federal agent," reports CNBC, "by falsely claiming that her estranged astronaut wife illegally accessed her bank account while aboard the International Space Station for six months, prosecutors in Houston, Texas, said Friday."The guilty plea by Summer Worden, 50, on Thursday comes more than five years after she was indicted in the space case for lying about actions by her wife, Anne McClain, a U.S. Army colonel, West Point graduate and Iraq war combat veteran, while they were in the midst of a divorce. The claim came at a time when Worden said that the couple was engaged in a custody battle over what Worden's then-6-year-old son, who had been conceived through in vitro fertilizationand carried by a surrogate... McClain was aboard the Space Station from December 2018 through June 2019. She recently commanded the SpaceX Crew-10 crew mission to the Space Station from March this year until August. Worden, who remains free on bond, is scheduled to be sentenced on February 12. She faces a maximum possible sentence of up to five years in prison.
Read more of this story at Slashdot.
- A 'Peak Oil' Prediction Surprise From the International Energy Agency
"The International Energy Agency's latest outlook signals that oil demand could keep growing through to the middle of the century," reports CNBC, "reflecting a sharp tonal shift from the world's energy watchdog and raising further questions about the future of fossil fuels."In its flagship World Energy Outlook, the Paris-based agency on Wednesday laid out a scenario in which demand for oil climbs to 113 million barrels per day by 2050, up 13% from 2024 levels. The IEA had previously estimated a peak in global fossil fuel demand before the end of this decade and said that, in order to reach net-zero emissions by 2050, there should be no new investments in coal, oil and gas projects... The IEA's end-of-decade peak oil forecast kick-started a long-running war of words with OPEC, an influential group of oil exporting countries, which accused the IEA of fearmongering and risking the destabilization of the global economy. The IEA's latest forecast of increasing oil demand was outlined in its "Current Policies Scenario" — one of a number of scenarios outlined by the IEA. This one assumes no new policies or regulations beyond those already in place. The CPS was dropped five years ago amid energy market turmoil during the coronavirus pandemic, and its reintroduction follows pressure from the Trump administration... Gregory Brew, an analyst at Eurasia Group's Energy, Climate and Resources team, said the IEA's retreat on peak oil demand signified "a major shift" from the group's position over the last five years. "The justifications offered for the shift include policy changes in the U.S., where slow EV penetration indicates robust oil [consumption], but is also tied to expected increases in petrochemical and aviation fuel in East and Southeast Asia," Brew told CNBC by email. "It's unlikely the agency is adjusting based on political pressure — though there has been some of that, with the Trump administration criticizing the group's supposed bias in favor of renewable energy — and the shift reflects a broader skepticism that oil demand is set to peak any time soon," he added... Alongside its CPS, the IEA also laid out projections under its so-called "Stated Policies Scenario" (STEPS), which reflects the prevailing direction of travel for the global energy system. In this assumption, the IEA said it expects oil demand to peak at 102 million barrels per day around 2030, before gradually declining. Global electric car sales are much stronger under this scenario compared to the CPS. The IEA said its multiple scenarios explore a range of consequences from various policy choices and should not be considered forecasts. Thanks to Slashdot reader magzteel for sharing the news.
Read more of this story at Slashdot.
- GM Wants Parts Makers To Pull Supply Chains From China
schwit1 shares a report from the Business Times: General Motors (GM) has directed several thousand of its suppliers to scrub their supply chains of parts from China, four people familiar with the matter said, reflecting automakers' growing frustration over geopolitical disruptions to their operations. GM executives have been telling suppliers they should find alternatives to China for their raw materials and parts, with the goal of eventually moving their supply chains out of the country entirely, the people said. The automaker has set a 2027 deadline for some suppliers to dissolve their China sourcing ties, some of the sources said. GM approached some suppliers with the directive in late 2024, but the effort took on fresh urgency this past spring, during the early days of an escalating US-China trade battle, the sources said.
Read more of this story at Slashdot.
- Apple’s new 15% mini-app deal finally gets Tencent to cut Cupertino in
When is an app not an app? When it’s a mini app inside another app
Apple has cut its take to 15 percent on purchases inside mini apps running within other iOS apps, and reached a parallel agreement with Tencent that brings WeChat's vast mini-program ecosystem into its revenue net.…
- Researchers find hole in AI guardrails by using strings like =coffee
Who guards the guardrails? Often the same shoddy security as the rest of the AI stack
Large language models frequently ship with "guardrails" designed to catch malicious input and harmful output. But if you use the right word or phrase in your prompt, you can defeat these restrictions.…
- Crims poison 150K+ npm packages with token-farming malware
Amazon spilled the TEA
Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.…
- Now you can share your AI delusions with Group ChatGPT
Just when you thought virtual collaboration couldn’t get worse, OpenAI stuffs a bot into your group conversations
Feel like your team's group chat is a bit lifeless? Remote coworkers not really collaborating as well as they should be? There's a new way to stir the pot now that OpenAI has piloted ChatGPT group chats: cram a chatbot into the conversation and let it chime in whenever it thinks it should.…
- AMD grabs more x86 share as Intel stumbles in entry-level chips
Mercury Research blames stockpiling and low-end shortages for unusually flat CPU market
AMD continues to claw market share away from Intel in CPU shipments, growing faster than its rival in most segments. Meanwhile business in the x86 processor arena is unusually flat overall, likely due to stockpiling over tariff fears.…
- Project Kuiper becomes Amazon Leo as satellite network trickles into orbit
Starlink challenger drops the codename, but full-blown service still years out
Amazon has rebranded its satellite broadband plan from Project Kuiper to Amazon Leo. And no, Leo doesn't stand for "Late Entrants Only," even though the project is years behind Starlink and still not ready for anyone to use.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Using Rust in Android speeds up development considerably
Google has been using Rust in Android more and more for its memory safety characteristics, and the results on that front were quite positive. It turns out, however, that not only does using Rust reduce the number memory safety issues, it�s also apparently a lot faster to code in Rust than C or C++. We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust�s impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one. ↫ Jeff Vander Stoep at the Google Security Blog When you think about it, it actually makes sense. If you have fewer errors of a certain type, you�ll spend less time fixing those issues, time which you can then spend developing new code. Of course, it�s not that simple and there�s a ton more factors to consider, but on a base level, it definitely makes sense. Spellcheck in word processors means you have to spend less time detecting and fixing spelling errors, so you have more time to spend on actually writing. I�m sure we�ll all be very civil about this, and nobody will be weird about Rust at all.
- Haiku gets new guarded heap for the kernel
Another month, another Haiku activity report, and this time we�ve got a major change under the hood: a brand new guarded heap. The old guarded heap was suboptimal and had started to lag behind, so the new one attempts to rectify some of these shortcomings. So, to rectify these limitations, I rewrote the kernel guarded heap more or less from scratch, taking the old code into account where it made sense but otherwise creating entirely new bookkeeping structures, interacting directly with the page table and virtual memory systems, and more. This new guarded heap implementation frees physical pages when not in use, meaning that the “virtual memory reuse disabled” mode now runs for quite long periods of time (indeed, I could successfully boot to the desktop and run compile jobs.) It also prints more diagnostics when kernel panics due to memory faults inside the heap happen, which the old kernel guarded heap didn’t (but the userland one has always done). ↫ Haiku�s activity report for October The new guarded heap is optional for now, but Haiku is planning on releasing some pre-built test builds so users can start testing it out. Of course, this isn�t the only change or improvement from this past month � the list of changes is long, but there�s no real tentpole features here. Haiku�s development pace is still very much on track.
- Google cancels plans to require Android application certification outside of the Play Store
Only a few months ago, Google announced it was going to require that all Android applications � even those installed outside of the Play Store � had to be verified. This led to a massive backlash, and it seems our protests and complaints have had effect: the company announced a change in plans today, and will, in fact, not require certification for installing applications outside of the Play Store. Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn�t verified. We are designing this flow specifically to resist coercion, ensuring that users aren�t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months. ↫ Matthew Forsythe Director at the Android Developers Blog While this is great news, I�m still concerned this is only temporary. Companies like Google have a tendency to announce some draconian measure to test the waters, walk it back in response to backlash, only to then reintroduce it through some sneaky backdoor a year later when nobody�s looking. Installing whatever we want on the devices we own should be a protected right, not something graciously afforded to us by our corporate overlords. If you think this is the end of this story, you�re a fool.
- Big news for small OpenBSD /usr partitions
Ever ran into issues using sysupgrade on OpenBSD because /usr ran out of space? OpenBSD developers are trying to address this issue. Firstly, Stuart Henderson (sthen@) modified the installer to increase free space prior to installing. Theo de Raadt (deraadt@) modified sysupgrade(8) so that, if space is too tight, it will fail gracefully rather than risk leaving the administrator with a broken system. ↫ OpenBSD Journal These are very welcome additions.
- Valve brings x86 gaming to ARM Linux with FEX
Valve announced a few new devices yesterday. There�s a new Steam console, which is essentially just a tiny PC with SteamOS installed � think of it as a Steam Deck without a display. Second, Valve finally released a new Steam Controller to go with the Steam console, which has taken them long enough. Lastly, there�s a brand new Steam VR headset, the Steam Frame. Other websites with actual access to these new devices will do a better job of covering them than I ever could, but I do want to highlight something crucially important about the Steam Frame: it contains a Snapdragon ARM processor, but can still run Steam and all of its games. How does this work? Well, after developing Proton to allow Windows games to run on Linux, Valve introduced! FEX, which will allow you to run x86 Windows games on ARM Linux. I put the quotation marks there because FEX was an existing project Valve invested heavily into in recent times, and it�s now at the point where Valve seems confident enough it will be capable of running enough x86 games on ARM Linux. As such, the Steam Frame runs full SteamOS with KDE Plasma, you can run x86 Steam games, and as an additional bonus, you can install Android APKs as well. I�ve yet to even try VR, because I�m not particularly interested in buying into any locked-down platform. The Steam Frame may be the first VR device I�ll buy � depending on price, of course � and the Steam console definitely looks like a great addition to the living room, too. My wife and I have little to no interesting in buying an Xbox or PS5, but having easy, no-hassle access to our massive Steam libraries on our TV will be awesome.
- VMS/XDE: an OpenVMS x86 development environment for Linux and Windows/WSL
VMS/XDE is an OpenVMS x86 development environment for Linux and WIndows (via WSL). It provides a familiar user experience for OpenVMS developers working in Linux and Windows yet offers 100% binary and file system compatilibilty with OpenVMS. VMS/XDE includes OpenVMS V9.2-3 user, supervisor and executive mode operating system environments and a set of x86 native compilers and layered products geared towards OpenVMS software development and testing. ↫ VMS/XDE website VMS/XDE is a beta version, and comes with the usual annoying OpenVMS x86 time bombs, this time exploding on 3 January 2026. If you intend to use the finalised commercial version after the beta period ends, you�ll have to employ the same licenses as regular OpenVMS. It�s a bit of a mess, but that�s the OpenVMS way, sadly � and I don�t blame them, either, as I�m sure they�re hamstrung by a ton of agreements and restrictions imposed upon them by HP. Regardless, VMS/XDE brings a zero setup OpenVMS environment to the operating system you�re already using, making it easier to develop and cross-compile for the platform. I still have absolutely no clue just how many people OpenVMS is still relevant for, but I absolutely adore the fact VMS Software Inc. is working on this. In a world where so many of its former competitors are being held hostage by corporate indifference, it�s refreshing to see VMS still moving forward.
- Plasma Mobile 6.5 keeps improving
As part of the KDE Plasma 6.5 release, we also got a new release of Plasma Mobile. As there�s a lot of changes, improvements, and new features in Plasma Mobile 6.5, the Plasma Mobile Team published a blog post to highlight them all. The biggest improvement is probably the further integration of Waydroid, a necessary evil to run Android applications until the Plasma Mobile ecosystem manages to become a bit more well-rounded. Waydroid can now be managed straight from the settings application and the quick settings dropdown. Furthermore, the lockscreen has been improved considerably, there�s been a ton of polish for the home screen and the user interface in general, the quick settings panel can now be customised to make it fit better on different form factors, the first early test version of the new Plasma mobile keyboard is included, and so much more. This is definitely a release I would want to try out, but since I don�t have any of the supported devices, I�m a bit stuck. This is, of course, one of the two major problems facing proper mobile Linux: the lack of device support. It�s improving due to the tireless work of countless volunteers, but they�re always going to be swimming upstream. The other major problem is, of course, application availability, but at least Waydroid can bridge the gap for the adventurous among us.
- Tribblix m38 released
Tribblix, the Illumos distribution focused on giving you a classic UNIX-style experience, has released a new version. Milestone 38 isn�t the most consequential release of all time, but it does bring a few small changes accompanied by the usual long list of updated open source packages. The zap install command now installs dependencies by default, while zap create-user will now restrict new home directories to mode 0700 by default. Meanwhile, int16h at Cryogenix published an article about using a Bhyve VM running FreeBSD to act as a Wi-Fi bridge for laptops with 802.11xx chips that Tribblix doesn�t support. This is a great, albeit somewhat convoluted option if your hardware uses any Wi-Fi chips Tribblix doesn�t support. There�s honestly a solution for everything, isn�t there?
- Setting up a combined 68k/PA-RISC HP-UX 9 cluster
Jonathan Pallant got lucky and managed to score a massive haul of �90s UNIX workstations, one of which was an HP 9000 Model 340, a HP-UX workstation built around a Motorola 68030 processor at 16.7 MHz. It doesn�t come with a hard drive or even a floppy controller, though, so he decided to borrow a PA-RISC-based HP 9000 Model 705 to set up an HP-UX 9 cluster. But wait, how does that work, when we�re dealing with two entirely different architectures? What�s more fun though, is putting it into a cluster with the Model 705 and network booting it. Yes, that a 68030 machine network booting from a PA-RISC machine 0 and`sharing the same root filesystem. But aren�t PA-RISC binaries and 68K binaries quite different? Oh yes, they really are. So, how does that work? ↫ Jonathan Pallant HP-UX is far more interesting and fascinating than a lot of people give it credit for, and while my interest lies with HP-UX 11i, I find what Pallant is doing here with HP-UX 9 just as fascinating. You first need to install HP-UX 9 for PA-RISC on the 700 series machine, convert it to a cluster server, and then install HP-UX 9 for 68k on top of that PA-RISC installation. After this is done, you effectively end up with a single root file system that contains both PA-RISC and 68k binaries, and you can network boot the 68k-based Model 340 right from it � using the same root filesystem on both machines. Absolutely wild. No, these are not universal binaries or some other trick you might know of from more modern system. In fact, installing the 68k version of HP-UX 9 into! the PA-RISC HP-UX 9 cluster server, you end up with something called a Context Dependent Filesystem. To get a better idea of what this means and how this works, you should really head on over to Pallant�s excellent article for all the details.
- Ironclad 0.7.0 and 0.8.0 released, adds RISC-V support
We�ve talked about Ironclad a few times, but there�s been two new releases since the 0.6.0 release we covered last, so let�s see what the project�s been up to. As a refresher, Ironclad is a formally verified, hard real-time capable kernel written in SPARK and Ada. Versions 0.7.0 and 0.8.0 improved support for block device caching, added a basic NVMe driver, added support for x86’s SMAP, switched from KVM to NVMM for Ironclad’s virtualization interface, and much, much more. In the meantime, Ironclad also added support for RISC-V, making it usable on any 64 bit RISC-V target that supports a Limine-protocol compatible bootloader. The easiest way to try out Ironclad is to download Gloire, a distribution that uses Ironclad and the GNU tools. It can be installed in both a virtual machine and on real hardware.
- MX Linux 25 ‘Infinity’ Arrives: Debian 13 ‘Trixie’ Base, Modern Tools & A Fresh Installer
by George Whittaker Introduction
The team behind MX Linux has just released version 25, carrying the codename “Infinity”, and it brings a significant upgrade by building upon the stable base of Debian 13 “Trixie”. Released on November 9, 2025, this edition doesn’t just refresh the desktop, it introduces modernized tooling, updated kernels, dual init-options, and installer enhancements aimed at both newcomers and long-time users.
In the sections that follow, we’ll walk through the key new features of MX Linux 25, what’s changed for each desktop edition, recommended upgrade or fresh-install paths, and why this release matters in the wider Linux-distribution ecosystem.
What’s New in MX Linux 25 “Infinity”
Here are the headline changes and improvements that define this release:
Debian 13 “Trixie” Base
By moving to Debian 13, Infinity inherits all the stability, security updates, and broader hardware support of the latest Debian stable release. The base system now aligns with Trixie’s libraries, kernels, and architecture support.
Kernel Choices & Hardware Support
The standard editions ship with the Linux 6.12 LTS kernel series, offering a solid baseline for most hardware.
For newer hardware or advanced users, the “AHS” (Advanced Hardware Support) variants and the KDE Plasma edition adopt a Liquorix-flavored Linux 6.16 (or 6.15 in some variants) kernel, maximizing performance and compatibility with cutting-edge setups.
Dual Init Option: systemd and SysVinit
Traditionally associated with lighter-weight init options, MX Linux now offers both systemd by default and SysVinit editions (particularly for Xfce and Fluxbox variants). This gives users the freedom to choose their init system preference without losing new features.
Updated Desktop Environments
Xfce edition: Ships with Xfce 4.20. Improvements include a revamped Whisker Menu, updated archive management tools (Engrampa replacing File Roller in some editions).
KDE Plasma edition: Uses KDE Plasma 6.3.6, defaults to Wayland for a modern session experience (with X11 still optionally available), adds root-actions and service menus to Dolphin, and switches TLP out for power-profiles-daemon to resolve power widget issues.
Fluxbox edition: Offers a more minimal, highly customizable environment: new panel layouts, updated “appfinder” configs for Rofi, toolbar changes and themes refined. Defaults the audio player to Audacious (instead of the older DeaDBeeF).
Go to Full Article
- Arch Linux November 2025 ISO: Fresh Snapshot, Smarter Installer (Archinstall 3.0.12) & Pacman 7.1
by George Whittaker
Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:
Archinstall 3.0.12 – a more polished, smarter TUI installer
Pacman 7.1 – a package manager update with stricter security and better tooling
If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.
Why Arch Still Ships Monthly ISOs in a Rolling World
Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:
sudo pacman -Syu
…but in practice, that’s painful:
Huge initial update downloads
Possible breakage jumping across many months of changes
Outdated installer tooling
That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:
Start with a current kernel and userland
Spend less time updating right after install
Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)
The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.
What’s Inside the November 2025 ISO (2025.11.01)
The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:
Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.
Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.
The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.
You can download it from the official Arch Linux download page or via BitTorrent mirrors.
One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.
Archinstall 3.0.12: What’s Actually New?
Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.
Go to Full Article
- AMD Confirms Zen 5 RNG Flaw: When ‘Random’ Isn’t Random Enough
by George Whittaker
AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.
Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.
What AMD Just Confirmed
AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:
Return the value 0 from RDSEED far more often than true randomness would allow
Still signal “success” (carry flag CF=1), so software thinks it got a good random value
The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.
Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.
AMD classifies the impact as:
Loss of confidentiality and integrity (High severity).
How the Vulnerability Works (In Plain English)What RDSEED Is Supposed to Do
Modern CPUs expose hardware instructions like RDRAND and RDSEED:
RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.
RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).
Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.
What’s Going Wrong on Zen 5
On affected Zen 5 CPUs:
The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.
Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.
In cryptographic terms, this means:
Entropy can be dramatically reduced (many key bits become predictable or even fixed).
Keys or nonces derived from those values can become partially or fully guessable.
Go to Full Article
- The Most Critical Linux Kernel Breaches of 2025 So Far
by George Whittaker
The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.
CVE-2025-21756 – Use-After-Free in the vsock Subsystem
One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.
How the exploit works:A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.
Why it matters:Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.
Mitigation:Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.
CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets
Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.
Attack scenario:A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.
Why it matters:This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.
Mitigation:Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.
CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers
In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Go to Full Article
- Steam Deck 2 Rumors Ignite a New Era for Linux Gaming
by George Whittaker
The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.
What the Rumours Suggest
Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:
Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.
A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.
One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.
Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.
In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.
Why This Matters for Linux Gaming
The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:
Validation of SteamOS & Linux Gaming
The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.
Handheld PC Ecosystem Momentum
Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.
Go to Full Article
- Kali Linux 2025.3 Lands: Enhanced Wireless Capabilities, Ten New Tools & Infrastructure Refresh
by George Whittaker Introduction
The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.
In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.
What’s New in Kali Linux 2025.3
This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.
Tooling Additions: Ten Fresh Packages
One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:
Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).
Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.
Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.
krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.
ligolo-mp – a multiplayer pivoting solution for network-lateral movement.
llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).
mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.
patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).
vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.
Go to Full Article
- VMScape: Cracking VM-Host Isolation in the Speculative Execution Age & How Linux Patches Respond
by George Whittaker Introduction
In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.
Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.
In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).
What VMScape Is & Why It MattersThe Basics of Speculative Side-Channels
Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.
One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.
VMScape: Guest to Host via Branch Predictor
VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”
Here are the key elements making VMScape significant:
The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).
Go to Full Article
- Self-Tuning Linux Kernels: How LLM-Driven Agents Are Reinventing Scheduler Policies
by George Whittaker Introduction
Modern computing systems rely heavily on operating-system schedulers to allocate CPU time fairly and efficiently. Yet many of these schedulers operate blindly with respect to the meaning of workloads: they cannot distinguish, for example, whether a task is latency-sensitive or batch-oriented. This mismatch, between application semantics and scheduler heuristics, is often referred to as the semantic gap.
A recent research framework called SchedCP aims to close that gap. By using autonomous LLM‐based agents, the system analyzes workload characteristics, selects or synthesizes custom scheduling policies, and safely deploys them into the kernel, without human intervention. This represents a meaningful step toward self-optimizing, application-aware kernels.
In this article we will explore what SchedCP is, how it works under the hood, the evidence of its effectiveness, real-world implications, and what caveats remain.
Why the Problem Matters
At the heart of the issue is that general-purpose schedulers (for example the Linux kernel’s default policy) assume broad fairness, rather than tailoring scheduling to what your application cares about. For instance:
A video-streaming service may care most about minimal tail latency.
A CI/CD build system may care most about throughput and job completion time.
A cloud analytics job may prefer maximum utilisation of cores with less concern for interactive responsiveness.
Traditional schedulers treat all tasks mostly the same, tuning knobs generically. As a result, systems often sacrifice optimisation opportunities. Some prior efforts have used reinforcement-learning techniques to tune scheduler parameters, but these approaches have limitations: slow convergence, limited generalisation, and weak reasoning about why a workload behaves as it does.
SchedCP starts from the observation that large language models can reason semantically about workloads (expressed in plain language or structured summaries), propose new scheduling strategies, and generate code via eBPF that is loaded into the kernel via the sched_ext interface. Thus, a custom scheduler (or modified policy) can be developed specifically for a given workload scenario, and in a self-service, automated way.
Architecture & Key Components
SchedCP comprises two primary subsystems: a control-plane framework and an agent loop that interacts with it. The framework decouples “what to optimise” (reasoning) from “how to act” (execution) in order to preserve kernel stability while enabling powerful optimisations.
Here are the major components:
Go to Full Article
- Bcachefs Ousted from Mainline Kernel: The Move to DKMS and What It Means
by George Whittaker Introduction
After years of debate and development, bcachefs—a modern copy-on-write filesystem once merged into the Linux kernel—is being removed from mainline. As of kernel 6.17, the in-kernel implementation has been excised, and future use is expected via an out-of-tree DKMS module. This marks a turning point for the bcachefs project, raising questions about its stability, adoption, and relationship with the kernel development community.
In this article, we’ll explore the background of bcachefs, the sequence of events leading to its removal, the technical and community dynamics involved, and implications for users, distributions, and the filesystem’s future.
What Is Bcachefs?
Before diving into the removal, let’s recap what bcachefs is and why it attracted attention.
Origin & goals: Developed by Kent Overstreet, bcachefs emerged from ideas in the earlier bcache project (a block-device caching layer). It aimed to build a full-featured, general-purpose filesystem combining performance, reliability, and modern features (snapshots, compression, encryption) in a coherent design.
Mainline inclusion: Bcachefs was merged into the mainline kernel in version 6.7 (released January 2024) after a lengthy review and incubation period.
“Experimental” classification: Even after being part of the kernel, bcachefs always carried disclaimers about its maturity and stability—they were not necessarily recommends for production use by all users.
Its presence in mainline gave distributions a path to ship it more casually, and users had easier access without building external modules—an important convenience for adoption.
What Led to the Removal
The excision of bcachefs from the kernel was not sudden but the culmination of tension over development practices, patch acceptance timing, and upstream policy norms.
“Externally Maintained” status in 6.17
In kernel 6.17’s preparation, maintainers marked bcachefs as “externally maintained.” Though the code remained present, the change signified that upstream would no longer accept new patches or updates within the kernel tree.
This move allowed a transitional period. The code was “frozen” inside the tree to avoid breaking existing systems immediately, while preparation was made for future removal.
Go to Full Article
- Linux Mint 22.2 ‘Zara’ Released: Polished, Modern, and Built for Longevity
by George Whittaker Introduction
The Linux Mint team has officially unveiled Linux Mint 22.2, codenamed “Zara”, on September 4, 2025. As a Long-Term Support (LTS) release, Zara will receive updates through 2029, promising users stability, incremental improvements, and a comfortable desktop experience.
This version is not about flashy overhauls; rather, it’s about refinement — applying polish to existing features, smoothing rough edges, weaving in new conveniences (like fingerprint login), and improving compatibility with modern hardware. Below, we’ll delve into what’s new in Zara, what users should know before upgrading, and how it continues Mint’s philosophy of combining usability, reliability, and elegance.
What’s New in Linux Mint 22.2 “Zara”
Here’s a breakdown of key changes, refinements, and enhancements in Zara.
Base, Support & Kernel Stack
Ubuntu 24.04 (Noble) base: Zara continues to use Ubuntu 24.04 as its upstream base, ensuring broad package compatibility and long-term security support.
Kernel 6.14 (HWE): The default kernel for new installations is 6.14, bringing support for newer hardware.
However — for existing systems upgraded from Mint 22 or 22.1 — the older kernel (6.8 LTS) remains the default, because 6.14’s support window is shorter.
Zara is an LTS edition, with security updates and maintenance promised through 2029.
Major Features & EnhancementsFingerprint Authentication via Fingwit
Zara introduces a first-party tool called Fingwit to manage fingerprint-based authentication. With compatible hardware and support via the libfprint framework, users can:
Enroll fingerprints
Use fingerprint login for the screensaver
Authenticate sudo commands
Launch administrative tools via pkexec using the fingerprint
In some cases, bypass password entry at login (unless home directory encryption or keyring constraints force password fallback)
It is important to note that fingerprint login on the actual login screen may be disabled or limited depending on encryption or keyring usage; in those cases, the system falls back to password entry.
UI & Theming Refinements
Sticky Notes app now sports rounded corners, improved Wayland compatibility, and a companion Android app named StyncyNotes (available via F-Droid) to sync notes across devices.
Go to Full Article
|
