|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- [$] Another Fedora Flatpak discussion
Many distributions provide support out of the proverbial box forFlatpak packages, but Fedora is unusual in that it also provides, anddefaults, to its own repository of Fedora-built Flatpaks. This has beena source of confusion for Fedora users, who expect to get the Flatpakbuilt by the original developers and hosted on Flathub. It has also been a sourceof conflict with upstream projects, because users complain of bugs inFlatpak packages they are not responsible for. The situation has also frustrated someFedora developers, who would prefer to offer put Flathub's offeringsfirst. A new complaint that Fedora has apparently used manifestsfrom Flathub to build the packages for Fedora—without giving credit tothe original authors—has spurred discussions about Fedora'sFlatpaks once again. While no concrete changes are on the table, yet,there may be some movement toward addressing persistent complaints.
- Security updates for Thursday
Security updates have been issued by Debian (chromium and firefox-esr), Fedora (firefox, rubygem-rack, skopeo, and webkitgtk), Mageia (perl, perl-CPAN, perl-HTTP-Tiny, perl-Data-Entropy, perl-FCGI, perl-File-Find-Rule, perl-YAML-LibYAML, python-tornado, python-urllib3, python-pip, python3, and unbound), Oracle (ipa and kernel), Red Hat (container-tools:rhel8, krb5, openssl, pcs, podman, and runc), Slackware (mozilla), SUSE (binutils, kernel, netty, netty-tcnative, podman, python311-pdfminer, and tomcat11), and Ubuntu (bind9 and linux-aws-6.8).
- [$] LWN.net Weekly Edition for November 13, 2025
Inside this week's LWN.net Weekly Edition:
Front: FUSE performance; Magic kfuncs; Tails Linux; Direct I/O and modifying buffers; Working with bootable containers. Briefs: Kernel LLM policy; Firefox 145; FHS; Homebrew 5.0.0; Mastodon 4.5; Public-inbox 2.0.0; Pytest 9.0.0; Quote; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- Homebrew 5.0.0 released
Version5.0.0 of the Homebrew packagemanager for Linux and macOS has been released. Notable changes in thisrelease include download concurrency by default, official support for64-bit Arm on Linux, and more.
- [$] The intersection of unstable pages and direct I/O
Longtime LWN readers will have encountered the concept of "stable pages"before; it was first covered here nearly15 years ago. For the most part, the problem that stable pages weremeant to solve — preventing errors when user space modifies a buffer thatis under I/O — has been dealt with. Butrecent discussions show that there is one area where problems remain:direct I/O. There is some disagreement,though, over whether those problems are the result of user-space bugs andhow much of a performance price should be paid to address them.
- Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libtiff), Debian (kernel, libarchive, rust-sudo-rs, and squid), Fedora (chromium, dotnet8.0, forgejo, ruby, and webkitgtk), Oracle (bind, bind9.18, kernel, kernel-uek*, libtiff, and runc), Red Hat (firefox, kernel, and kernel-rt), Slackware (mozilla), SUSE (buildah, colord, containerd, kernel, lasso, libsoup, micropython, ongres-scram, openssh, proxy-helm, uyuni-tools, python-pdfminer.six, qatengine, qatlib, regclient, and runc), and Ubuntu (raptor and raptor2).
- Firefox 145 released
Firefox 145 has been released. Notablechanges in this release include note-takingfeatures for PDFs viewed in Firefox, enhancedprivacy protections, and the ability to access and manage passwords inthe sidebar. This release also drops support for 32-bit Linux systems.
- [$] Protecting privacy with Tails
Tails is an unusual Linuxdistribution developed by the Tor Project; itis designed to help users work around internet censorship and avoidsurveillance. It is a "portable" operating system that is meant to berun from a USB stick or ISO image and to leave no trace on thecomputer it was run on. Tails routes connections to the internet overthe Tornetwork and includes a selection of applications and toolssuited to working with sensitive documents, communicating securely,and preserving users' anonymity. The tradeoff, of course, is thatTails is less convenient and requires users to learn a new set oftools to avoid compromising their own security and anonymity. Tails 7.1 wasreleased in October, and it seemed like as good a time as any to takeit for a spin.
- Security updates for Tuesday
Security updates have been issued by AlmaLinux (bind, expat, kernel, osbuild-composer, qt6-qtsvg, runc, valkey, and xorg-x11-server-Xwayland), Debian (incus), Fedora (cef and dotnet8.0), Mageia (strongswan), Red Hat (fence-agents and python-requests), SUSE (chromium, colord, erlang26, java-1_8_0-openjdk, libsoup, python-django, thunderbird, tiff, and warewulf4), and Ubuntu (intel-microcode and rust-sudo-rs).
- Public-inbox 2.0.0 released
Version 2.0.0 of public-inbox, the mail archiving system behindlore.kernel.org and LWN's email archive, has been released. "Thisrelease includes several new features and fixes; mostly around improvedintegration between inboxes and coderepos for solver. Portability andreliability is also improved, especially in the internal process managementof lei."
- Mozilla's Firefox 145 is heeeeeere: Buffs up privacy, bloats AI
Improves tracking prevention, profile management, PDF editing, and Perplexity creeps into your address barFirefox 145 is out, with more privacy, better profile handling, better image search for Google users… and, almost inevitably, more LLM bot integration.…
- Intel Finds Great Performance With PostgreSQL's AVX-512 Support
Back in April PostgreSQL added AVX-512 support for CRC32 computations. At the time the gains for CRC32 computations with this popular open-source database server were reported to be 50% to 3x faster for x86_64 CPUs able to leverage AVX-512. That AVX-512 support is found with PostgreSQL 18.0 that released in September and now Intel is praising this addition to PostgreSQL for which their developers also had a part in along with AWS and others...
- Mozilla Launches AI Window for Firefox
Mozilla announced on Thursday that it is building an AI Window for Firefox, a new opt-in browsing mode that will let users interact with an AI assistant and chatbot. The feature will become one of three browsing experiences in Firefox alongside the existing classic and private windows. Users will be able to select which AI model they want to use in the AI Window, according to a post on the Mozilla Connect forum. The company opened a waitlist for users who want to receive updates and be among the first to test the feature. Mozilla described the AI Window as an "intelligent and user-controlled space" that it is developing in the open through community feedback. Users who try the feature and decide against it can switch it off entirely.
Read more of this story at Slashdot.
- Proton Might Recycle Abandoned Email Addresses
BrianFagioli writes: Popular privacy firm Proton is floating a plan on Reddit that should unsettle anyone who values privacy, writes Nerds.xyz. The company is considering recycling abandoned email addresses that were originally created by bots a decade ago. These addresses were never used, yet many of them are extremely common names that have silently collected misdirected emails, password reset attempts, and even entries in breach datasets. Handing those addresses to new owners today would mean that sensitive messages intended for completely different people could start landing in a stranger's inbox overnight. Proton says it's just gathering feedback, but the fact that this made it far enough to ask the community is troubling. Releasing these long-abandoned addresses would create confusion, risk exposure of personal data, and undermine the trust users place in a privacy focused provider. It's hard to see how Proton could justify taking a gamble with other people's digital identities like this.
Read more of this story at Slashdot.
- Verizon To Cut About 15,000 Jobs
Verizon is planning to cut roughly 15,000 jobs, looking to reduce costs as it contends with increased competition for wireless service and home internet, according to WSJ, which cites people familiar with the matter. From the report: The cuts, the largest ever for the carrier, are set to take place in the next week, the people said. The majority of the reduction is expected to be made through layoffs. Verizon also plans to transition about 200 stores into franchised operations, which will shift employees off its payroll. Verizon, the largest U.S. telecommunications provider by subscriber base, faces a fierce battle for both wireless and home internet customers. It has lost crucial postpaid phone subscribers for three consecutive quarters. Last month, Verizon named its lead independent director Daniel Schulman as its new chief executive officer. Schulman, a former CEO of PayPal and Virgin Mobile USA, has said he would aggressively reduce the company's entire cost base and take steps to reverse the customer losses.
Read more of this story at Slashdot.
- Reddit Cofounder Had a Bad Feeling About Giving Data To Sam Altman
Reddit cofounder Alexis Ohanian said he had serious doubts a decade ago about sharing the platform's data with Sam Altman. Ohanian recounted on the "Brew Markets" podcast that between 2015 and 2016, Altman asked Reddit to let him "aggressively scrape" the site's content. Altman had recently helped Reddit raise $50 million in a Series B round and was launching OpenAI as a nonprofit. Ohanian described Altman as "very smart" and "incredibly cunning" but questioned whether he was "the most philanthropically minded guy." The Reddit cofounder said he "felt in my bones" the company should refuse the request and debated internally about it against Steve Huffman. Ohanian said he "lost that debate." Reddit and OpenAI announced a formal licensing deal in 2024.
Read more of this story at Slashdot.
- France Fully Lifts Travel Ban on Telegram Founder Durov
An anonymous reader shares a report: France has lifted its travel ban on Telegram founder Pavel Durov, who is under investigation over illegal content on his messaging app, judicial sources close to the case said Thursday. The entrepreneur, 41, was detained in Paris in 2024 and is under formal investigation by French authorities over the platform's alleged complicity in criminal activity. Durov, who was initially banned from leaving France, had his judicial control relaxed in July, allowing him to reside in the United Arab Emirates, where Telegram is based, for a maximum of two weeks at a time.
Read more of this story at Slashdot.
- China's EV Market Is Imploding
An anonymous reader shares a report: The Chinese electric car has become a symbol of the country's seemingly unstoppable rise on the world stage. Many observers point to their growing popularity as evidence that China is winning the race to dominate new technologies. But in China, these electric cars represent something entirely different: the profound threats that Beijing's meddling in markets poses to both China and the world. Bloated by excessive investment, distorted by government intervention, and plagued by heavy losses, China's EV industry appears destined for a crash. EV companies are locked in a cutthroat struggle for survival. Wei Jianjun, the chairman of the Chinese automaker Great Wall Motor, warned in May that China's car industry could tumble into a financial crisis; it "just hasn't erupted yet." To bypass government censorship of bad economic news, market analysts have opted for a seemingly anodyne term to describe the Chinese car industry's downward spiral: involution, which connotes falling in on oneself. What happens in China's EV sector promises to influence the entire global automobile market. China's emergence as the world's largest manufacturer of EVs highlights the serious challenge the country poses to even the most advanced industries in the U.S., Europe, and other rich economies. Given the vital role the car industry plays in economies around the world, and the jobs, supply chains, and technologies involved, the stakes are high. But the wobbles in China's EV sector demonstrate the downside of China's state-led economic model. China's government threw ample resources at the EV industry in the hopes of leapfrogging foreign rivals in the transition to battery-powered vehicles. The Center for Strategic and International Studies estimates that the government provided more than $230 billion of financial assistance to the EV sector from 2009 to 2023. The strategy worked: China's EV makers would likely never have grown as quickly as they have without this substantial state support. By comparison, the recent Republican-sponsored tax bill eliminated nearly all federal subsidies for EVs in the U.S. The problem is that China's program encouraged too much investment in the sector. Michael Dunne, the CEO of Dunne Insights, a California-based consulting firm focused on the EV industry, counts 46 domestic and international automakers producing EVs in China, far too many for even the world's second-largest economy to sustain.
Read more of this story at Slashdot.
- Google To Allow 'Experienced Users' To Install Unverified Android Apps
Google says it will build a new "advanced flow" to allow experienced users to install Android apps from unverified developers, easing up on restrictions it proposed in late August. The company said earlier that Android would block such installations starting next year. The new flow will include clear warnings about security risks but will give users final control over the decision. Google said it is designing the system to resist coercion and prevent users from being tricked into bypassing safety checks. The company is currently gathering early feedback on the feature's design. Google also announced that developers who distribute apps exclusively outside the Play Store can now join an early access program for developer verification.
Read more of this story at Slashdot.
- Iceland Deems Possible Atlantic Current Collapse A Security Risk
Iceland has formally classified the potential collapse of a major Atlantic Ocean current system a national security threat, warning that a disruption could trigger a modern-day ice age in Northern Europe and destabilize global weather systems. The move elevates the risk across government and enables it to strategize for worst-case scenarios. Reuters reports: The Atlantic Meridional Overturning Circulation, or AMOC, current brings warm water from the tropics northward toward the Arctic, and the flow of warm water helps keep Europe's winters mild. But as warming temperatures speed the thaw of Arctic ice and cause meltwater from Greenland's ice sheet to pour into the ocean, scientists warn the cold freshwater could disrupt the current's flow. A potential collapse of AMOC could trigger a modern-day ice age, with winter temperatures across Northern Europe plummeting to new cold extremes, bringing far more snow and ice. The AMOC has collapsed in the past - notably before the last Ice Age that ended about 12,000 years ago. "It is a direct threat to our national resilience and security," Iceland Climate Minister Johann Pall Johannsson said by email. "(This) is the first time a specific climate-related phenomenon has been formally brought before the National Security Council as a potential existential threat." Elevation of the issue means Iceland's ministries will be on alert and coordinating a response, Johannsson said. The government is assessing what further research and policies are needed, with work underway on a disaster preparedness policy. Risks being evaluated span a range of areas, from energy and food security to infrastructure and international transportation. "Sea ice could affect marine transport; extreme weather could severely affect our capabilities to maintain any agriculture and fisheries, which are central to our economy and food systems," Johannsson said. "We cannot afford to wait for definitive, long-term research before acting."
Read more of this story at Slashdot.
- Alien: Earth Renewed For Second Season
FX has renewed Alien: Earth for a second season and signed creator Noah Hawley to a massive nine-figure overall deal with Disney Entertainment Television. Deadline reports: Inspired by Ridley Scott's sci-fi thriller film Alien, Hawley adapted the film franchise for television with the strong support of Scott Free and its president, David W. Zucker, who is an executive producer of the series. It earned a positive reaction from fans, posting a 94% Certified Fresh rating from Rotten Tomatoes and a Metacritic Must-Watch score of 85. "It has been our great privilege to work with Noah for more than a decade on some of FX's best and biggest shows, and we are thrilled to extend our partnership well into the future," said FX Chairman John Landgraf. "Noah never stops surprising us with truly original stories -- and his unique ability to bring them to vibrant life as a director and producer as well as writer makes him extraordinary. We can't wait to get to work on the next season of Alien: Earth, as well as some equally exciting future projects in advanced development."
Read more of this story at Slashdot.
- Scientists Watch Supernova Shockwave Shoot Through a Dying Star For First Time
For the first time, astronomers captured the shockwave of a supernova bursting through the surface of a dying red supergiant star, revealing a surprisingly symmetrical, grape-shaped explosion. Space.com reports: Seeing this moment in detail has previously been elusive because it's rare for a supernova to be spotted early enough and for telescopes to be trained on it -- and when they have been, the exploding star has been too far away. So, when supernova 2024ggi went boom on April 10, 2024 in the relatively nearby spiral galaxy NGC 3621, which is 22 million light-years away in the constellation of Hydra, the Water Snake, astronomer Yi Yang of Tsinghua University in Beijing knew he had to act. Although the supernova itself couldn't be resolved as anything put a point of light, the polarization of that light held the clues as to the geometry of the breakout. "The geometry of a supernova explosion provides fundamental information on stellar evolution and the physical processes leading to these cosmic fireworks," said Yang. "Spectropolarimetry delivers information about the geometry of the explosion that other types of observation cannot provide because the angular scales are too tiny," said another team-member, Lifan Wang of Texas A&M University. The measurement showed that the shape of the breakout explosion was flattened, like an olive or grape. Crucially, though, the explosion propagated symmetrically, and continued to do so even when it collided with a ring of circumstellar material. "These findings suggest a common physical mechanism that drives the explosion of many massive stars, which manifests a well-defined axial symmetry and acts on large scales," said Yang. The findings will allow astronomers to rule out some models and strengthen others that describe what drives the shockwave in a supernova explosion. The findings have been described in a paper on the ESO website.
Read more of this story at Slashdot.
- AI pilots keep crashing, mostly because firms skip the prep, survey finds
Under a third of PoCs make it past testing, but those that do often boost productivity
It is the best of AI times; it is the worst of AI times, depending on whom you ask. Nearly a third of firms are seeing almost total failure of their AI proof-of-concept (PoC) projects, while 46 percent are successfully moving more than 10 percent of theirs into operational use.…
- ERP carnage continues as orgs jump in unprepared
Lack of executive backing, unrealistic plans, and muddled goals remain recipe for failure
In Barcelona this week, consultancy Gartner once again tried to answer one of the perennial questions in IT: what is it about ERP projects that makes them so likely to fail?…
- Britain's first small modular reactors to be built in Wales
Government picks Wylfa on Anglesey for initial trio of units, but power unlikely before mid-2030s
The UK will build its first small modular reactor (SMR) nuclear plant at Wylfa on Anglesey, an island off northwest Wales - but it won't generate power until the mid-2030s.…
- Geopolitics push European CIOs to think local on cloud
Majority of customers plan to favor domestic providers as sovereignty fears rise
A survey of CIOs and tech leaders in Western Europe has found 61 percent want to increase their use of local cloud providers amid global geopolitical uncertainty.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Google cancels plans to require Android application certification outside of the Play Store
Only a few months ago, Google announced it was going to require that all Android applications � even those installed outside of the Play Store � had to be verified. This led to a massive backlash, and it seems our protests and complaints have had effect: the company announced a change in plans today, and will, in fact, not require certification for installing applications outside of the Play Store. Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn�t verified. We are designing this flow specifically to resist coercion, ensuring that users aren�t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months. ↫ Matthew Forsythe Director at the Android Developers Blog While this is great news, I�m still concerned this is only temporary. Companies like Google have a tendency to announce some draconian measure to test the waters, walk it back in response to backlash, only to then reintroduce it through some sneaky backdoor a year later when nobody�s looking. Installing whatever we want on the devices we own should be a protected right, not something graciously afforded to us by our corporate overlords. If you think this is the end of this story, you�re a fool.
- Big news for small OpenBSD /usr partitions
Ever ran into issues using sysupgrade on OpenBSD because /usr ran out of space? OpenBSD developers are trying to address this issue. Firstly, Stuart Henderson (sthen@) modified the installer to increase free space prior to installing. Theo de Raadt (deraadt@) modified sysupgrade(8) so that, if space is too tight, it will fail gracefully rather than risk leaving the administrator with a broken system. ↫ OpenBSD Journal These are very welcome additions.
- Valve brings x86 gaming to ARM Linux with FEX
Valve announced a few new devices yesterday. There�s a new Steam console, which is essentially just a tiny PC with SteamOS installed � think of it as a Steam Deck without a display. Second, Valve finally released a new Steam Controller to go with the Steam console, which has taken them long enough. Lastly, there�s a brand new Steam VR headset, the Steam Frame. Other websites with actual access to these new devices will do a better job of covering them than I ever could, but I do want to highlight something crucially important about the Steam Frame: it contains a Snapdragon ARM processor, but can still run Steam and all of its games. How does this work? Well, after developing Proton to allow Windows games to run on Linux, Valve introduced! FEX, which will allow you to run x86 Windows games on ARM Linux. I put the quotation marks there because FEX was an existing project Valve invested heavily into in recent times, and it�s now at the point where Valve seems confident enough it will be capable of running enough x86 games on ARM Linux. As such, the Steam Frame runs full SteamOS with KDE Plasma, you can run x86 Steam games, and as an additional bonus, you can install Android APKs as well. I�ve yet to even try VR, because I�m not particularly interested in buying into any locked-down platform. The Steam Frame may be the first VR device I�ll buy � depending on price, of course � and the Steam console definitely looks like a great addition to the living room, too. My wife and I have little to no interesting in buying an Xbox or PS5, but having easy, no-hassle access to our massive Steam libraries on our TV will be awesome.
- VMS/XDE: an OpenVMS x86 development environment for Linux and Windows/WSL
VMS/XDE is an OpenVMS x86 development environment for Linux and WIndows (via WSL). It provides a familiar user experience for OpenVMS developers working in Linux and Windows yet offers 100% binary and file system compatilibilty with OpenVMS. VMS/XDE includes OpenVMS V9.2-3 user, supervisor and executive mode operating system environments and a set of x86 native compilers and layered products geared towards OpenVMS software development and testing. ↫ VMS/XDE website VMS/XDE is a beta version, and comes with the usual annoying OpenVMS x86 time bombs, this time exploding on 3 January 2026. If you intend to use the finalised commercial version after the beta period ends, you�ll have to employ the same licenses as regular OpenVMS. It�s a bit of a mess, but that�s the OpenVMS way, sadly � and I don�t blame them, either, as I�m sure they�re hamstrung by a ton of agreements and restrictions imposed upon them by HP. Regardless, VMS/XDE brings a zero setup OpenVMS environment to the operating system you�re already using, making it easier to develop and cross-compile for the platform. I still have absolutely no clue just how many people OpenVMS is still relevant for, but I absolutely adore the fact VMS Software Inc. is working on this. In a world where so many of its former competitors are being held hostage by corporate indifference, it�s refreshing to see VMS still moving forward.
- Plasma Mobile 6.5 keeps improving
As part of the KDE Plasma 6.5 release, we also got a new release of Plasma Mobile. As there�s a lot of changes, improvements, and new features in Plasma Mobile 6.5, the Plasma Mobile Team published a blog post to highlight them all. The biggest improvement is probably the further integration of Waydroid, a necessary evil to run Android applications until the Plasma Mobile ecosystem manages to become a bit more well-rounded. Waydroid can now be managed straight from the settings application and the quick settings dropdown. Furthermore, the lockscreen has been improved considerably, there�s been a ton of polish for the home screen and the user interface in general, the quick settings panel can now be customised to make it fit better on different form factors, the first early test version of the new Plasma mobile keyboard is included, and so much more. This is definitely a release I would want to try out, but since I don�t have any of the supported devices, I�m a bit stuck. This is, of course, one of the two major problems facing proper mobile Linux: the lack of device support. It�s improving due to the tireless work of countless volunteers, but they�re always going to be swimming upstream. The other major problem is, of course, application availability, but at least Waydroid can bridge the gap for the adventurous among us.
- Tribblix m38 released
Tribblix, the Illumos distribution focused on giving you a classic UNIX-style experience, has released a new version. Milestone 38 isn�t the most consequential release of all time, but it does bring a few small changes accompanied by the usual long list of updated open source packages. The zap install command now installs dependencies by default, while zap create-user will now restrict new home directories to mode 0700 by default. Meanwhile, int16h at Cryogenix published an article about using a Bhyve VM running FreeBSD to act as a Wi-Fi bridge for laptops with 802.11xx chips that Tribblix doesn�t support. This is a great, albeit somewhat convoluted option if your hardware uses any Wi-Fi chips Tribblix doesn�t support. There�s honestly a solution for everything, isn�t there?
- Setting up a combined 68k/PA-RISC HP-UX 9 cluster
Jonathan Pallant got lucky and managed to score a massive haul of �90s UNIX workstations, one of which was an HP 9000 Model 340, a HP-UX workstation built around a Motorola 68030 processor at 16.7 MHz. It doesn�t come with a hard drive or even a floppy controller, though, so he decided to borrow a PA-RISC-based HP 9000 Model 705 to set up an HP-UX 9 cluster. But wait, how does that work, when we�re dealing with two entirely different architectures? What�s more fun though, is putting it into a cluster with the Model 705 and network booting it. Yes, that a 68030 machine network booting from a PA-RISC machine 0 and`sharing the same root filesystem. But aren�t PA-RISC binaries and 68K binaries quite different? Oh yes, they really are. So, how does that work? ↫ Jonathan Pallant HP-UX is far more interesting and fascinating than a lot of people give it credit for, and while my interest lies with HP-UX 11i, I find what Pallant is doing here with HP-UX 9 just as fascinating. You first need to install HP-UX 9 for PA-RISC on the 700 series machine, convert it to a cluster server, and then install HP-UX 9 for 68k on top of that PA-RISC installation. After this is done, you effectively end up with a single root file system that contains both PA-RISC and 68k binaries, and you can network boot the 68k-based Model 340 right from it � using the same root filesystem on both machines. Absolutely wild. No, these are not universal binaries or some other trick you might know of from more modern system. In fact, installing the 68k version of HP-UX 9 into! the PA-RISC HP-UX 9 cluster server, you end up with something called a Context Dependent Filesystem. To get a better idea of what this means and how this works, you should really head on over to Pallant�s excellent article for all the details.
- Ironclad 0.7.0 and 0.8.0 released, adds RISC-V support
We�ve talked about Ironclad a few times, but there�s been two new releases since the 0.6.0 release we covered last, so let�s see what the project�s been up to. As a refresher, Ironclad is a formally verified, hard real-time capable kernel written in SPARK and Ada. Versions 0.7.0 and 0.8.0 improved support for block device caching, added a basic NVMe driver, added support for x86’s SMAP, switched from KVM to NVMM for Ironclad’s virtualization interface, and much, much more. In the meantime, Ironclad also added support for RISC-V, making it usable on any 64 bit RISC-V target that supports a Limine-protocol compatible bootloader. The easiest way to try out Ironclad is to download Gloire, a distribution that uses Ironclad and the GNU tools. It can be installed in both a virtual machine and on real hardware.
- Mac OS 7.6 and 8 for CHRP releases discovered
For those of us unaware � unlikely on OSNews, but still � for a hot minute in the second half of the �90s, Apple licensed its Mac OS to OEMs, resulting in officially sanctioned Mac clones from a variety of companies. While intended to grow the Mac�s market share, what ended up happening instead is that the clone makers outcompeted Apple on performance, price, and features, with clones offering several features and capabilities before Apple did � for far lower prices. When Steve Jobs returned to Apple, he killed the clone program almost instantly. The rather abrupt end of the clone program means there�s a number of variants of the Mac OS that never made their way into the market, most notable variants intended for the Common Reference Hardware Platform, or CHRP, a standard defined by IBM and Apple for PowerPC-based PCs. Thanks to the popular classic Mac YouTuber Mac84, we now have a few of these releases out in the wild. These CDs contain release candidates for Mac OS 7.6 and Mac OS 8 for CHRP (Common Hardware Reference Platform) systems. They were created to support CHRP computers, but were never released, likely due to Steve Jobs returning to Apple in September 1997 and eliminating the Mac Clone program and any CHRP efforts. ↫ Mac OS 7.6/8 CHRP releases page Mac84 has an accompanying video diving into more detail about these individual releases by booting and running them in an emulator, so we can get a better idea of what they contain. While most clone makers only got access to Mac OS 7.x, some of them did, in fact, gain access to Mac OS 8, namely UMAX and Power Computing (the latter of which was acquired by Apple). It�s not the clone nature of these releases that make them special, but the fact they�re CHRP releases is. This reference platform was a failure in the market, and only a few of IBM�s own machines and some of Motorola�s PowerStack machines properly supported it. Apple, meanwhile, only aid minor lip service to CHRP in its New World Power Macintosch machines.
- FreeBSD now builds reproducibly and without root privilege
The FreeBSD Foundation is pleased to announce that it has completed work to build FreeBSD without requiring root privilege. We have implemented support for all source release builds to use no-root infrastructure, eliminating the need for root privileges across the FreeBSD release pipeline. This work was completed as part of the`program commissioned by the Sovereign Tech Agency. ↫ FreeBSD Foundation blog This is great news in and of itself, but there�s more: FreeBSD has also improved build reproducability. This means that given the same source input, you should end up with the same binary output, which is an important part of building a verifiable chain of trust. These two improvements combined further add to making FreeBSD a trustworthy, secure option � something it already is anyway. In case you haven�t noticed, the FreeBSD project and its countless contributors are making a ton of tangible progress lately on a wide variety of topics, from improving desktop use, to solidifying Wi-Fi support, to improving the chain of trust. I think the time is quite right for FreeBSD to make some inroads in the desktop UNIX-y space, especially for people to whom desktop Linux has strayed too far from the traditional UNIX philosphy (whatever that means).
- Arch Linux November 2025 ISO: Fresh Snapshot, Smarter Installer (Archinstall 3.0.12) & Pacman 7.1
by George Whittaker
Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:
Archinstall 3.0.12 – a more polished, smarter TUI installer
Pacman 7.1 – a package manager update with stricter security and better tooling
If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.
Why Arch Still Ships Monthly ISOs in a Rolling World
Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:
sudo pacman -Syu
…but in practice, that’s painful:
Huge initial update downloads
Possible breakage jumping across many months of changes
Outdated installer tooling
That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:
Start with a current kernel and userland
Spend less time updating right after install
Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)
The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.
What’s Inside the November 2025 ISO (2025.11.01)
The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:
Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.
Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.
The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.
You can download it from the official Arch Linux download page or via BitTorrent mirrors.
One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.
Archinstall 3.0.12: What’s Actually New?
Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.
Go to Full Article
- AMD Confirms Zen 5 RNG Flaw: When ‘Random’ Isn’t Random Enough
by George Whittaker
AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.
Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.
What AMD Just Confirmed
AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:
Return the value 0 from RDSEED far more often than true randomness would allow
Still signal “success” (carry flag CF=1), so software thinks it got a good random value
The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.
Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.
AMD classifies the impact as:
Loss of confidentiality and integrity (High severity).
How the Vulnerability Works (In Plain English)What RDSEED Is Supposed to Do
Modern CPUs expose hardware instructions like RDRAND and RDSEED:
RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.
RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).
Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.
What’s Going Wrong on Zen 5
On affected Zen 5 CPUs:
The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.
Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.
In cryptographic terms, this means:
Entropy can be dramatically reduced (many key bits become predictable or even fixed).
Keys or nonces derived from those values can become partially or fully guessable.
Go to Full Article
- The Most Critical Linux Kernel Breaches of 2025 So Far
by George Whittaker
The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.
CVE-2025-21756 – Use-After-Free in the vsock Subsystem
One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.
How the exploit works:A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.
Why it matters:Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.
Mitigation:Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.
CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets
Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.
Attack scenario:A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.
Why it matters:This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.
Mitigation:Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.
CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers
In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Go to Full Article
- Steam Deck 2 Rumors Ignite a New Era for Linux Gaming
by George Whittaker
The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.
What the Rumours Suggest
Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:
Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.
A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.
One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.
Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.
In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.
Why This Matters for Linux Gaming
The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:
Validation of SteamOS & Linux Gaming
The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.
Handheld PC Ecosystem Momentum
Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.
Go to Full Article
- Kali Linux 2025.3 Lands: Enhanced Wireless Capabilities, Ten New Tools & Infrastructure Refresh
by George Whittaker Introduction
The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.
In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.
What’s New in Kali Linux 2025.3
This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.
Tooling Additions: Ten Fresh Packages
One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:
Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).
Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.
Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.
krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.
ligolo-mp – a multiplayer pivoting solution for network-lateral movement.
llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).
mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.
patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).
vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.
Go to Full Article
- VMScape: Cracking VM-Host Isolation in the Speculative Execution Age & How Linux Patches Respond
by George Whittaker Introduction
In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.
Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.
In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).
What VMScape Is & Why It MattersThe Basics of Speculative Side-Channels
Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.
One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.
VMScape: Guest to Host via Branch Predictor
VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”
Here are the key elements making VMScape significant:
The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).
Go to Full Article
- Self-Tuning Linux Kernels: How LLM-Driven Agents Are Reinventing Scheduler Policies
by George Whittaker Introduction
Modern computing systems rely heavily on operating-system schedulers to allocate CPU time fairly and efficiently. Yet many of these schedulers operate blindly with respect to the meaning of workloads: they cannot distinguish, for example, whether a task is latency-sensitive or batch-oriented. This mismatch, between application semantics and scheduler heuristics, is often referred to as the semantic gap.
A recent research framework called SchedCP aims to close that gap. By using autonomous LLM‐based agents, the system analyzes workload characteristics, selects or synthesizes custom scheduling policies, and safely deploys them into the kernel, without human intervention. This represents a meaningful step toward self-optimizing, application-aware kernels.
In this article we will explore what SchedCP is, how it works under the hood, the evidence of its effectiveness, real-world implications, and what caveats remain.
Why the Problem Matters
At the heart of the issue is that general-purpose schedulers (for example the Linux kernel’s default policy) assume broad fairness, rather than tailoring scheduling to what your application cares about. For instance:
A video-streaming service may care most about minimal tail latency.
A CI/CD build system may care most about throughput and job completion time.
A cloud analytics job may prefer maximum utilisation of cores with less concern for interactive responsiveness.
Traditional schedulers treat all tasks mostly the same, tuning knobs generically. As a result, systems often sacrifice optimisation opportunities. Some prior efforts have used reinforcement-learning techniques to tune scheduler parameters, but these approaches have limitations: slow convergence, limited generalisation, and weak reasoning about why a workload behaves as it does.
SchedCP starts from the observation that large language models can reason semantically about workloads (expressed in plain language or structured summaries), propose new scheduling strategies, and generate code via eBPF that is loaded into the kernel via the sched_ext interface. Thus, a custom scheduler (or modified policy) can be developed specifically for a given workload scenario, and in a self-service, automated way.
Architecture & Key Components
SchedCP comprises two primary subsystems: a control-plane framework and an agent loop that interacts with it. The framework decouples “what to optimise” (reasoning) from “how to act” (execution) in order to preserve kernel stability while enabling powerful optimisations.
Here are the major components:
Go to Full Article
- Bcachefs Ousted from Mainline Kernel: The Move to DKMS and What It Means
by George Whittaker Introduction
After years of debate and development, bcachefs—a modern copy-on-write filesystem once merged into the Linux kernel—is being removed from mainline. As of kernel 6.17, the in-kernel implementation has been excised, and future use is expected via an out-of-tree DKMS module. This marks a turning point for the bcachefs project, raising questions about its stability, adoption, and relationship with the kernel development community.
In this article, we’ll explore the background of bcachefs, the sequence of events leading to its removal, the technical and community dynamics involved, and implications for users, distributions, and the filesystem’s future.
What Is Bcachefs?
Before diving into the removal, let’s recap what bcachefs is and why it attracted attention.
Origin & goals: Developed by Kent Overstreet, bcachefs emerged from ideas in the earlier bcache project (a block-device caching layer). It aimed to build a full-featured, general-purpose filesystem combining performance, reliability, and modern features (snapshots, compression, encryption) in a coherent design.
Mainline inclusion: Bcachefs was merged into the mainline kernel in version 6.7 (released January 2024) after a lengthy review and incubation period.
“Experimental” classification: Even after being part of the kernel, bcachefs always carried disclaimers about its maturity and stability—they were not necessarily recommends for production use by all users.
Its presence in mainline gave distributions a path to ship it more casually, and users had easier access without building external modules—an important convenience for adoption.
What Led to the Removal
The excision of bcachefs from the kernel was not sudden but the culmination of tension over development practices, patch acceptance timing, and upstream policy norms.
“Externally Maintained” status in 6.17
In kernel 6.17’s preparation, maintainers marked bcachefs as “externally maintained.” Though the code remained present, the change signified that upstream would no longer accept new patches or updates within the kernel tree.
This move allowed a transitional period. The code was “frozen” inside the tree to avoid breaking existing systems immediately, while preparation was made for future removal.
Go to Full Article
- Linux Mint 22.2 ‘Zara’ Released: Polished, Modern, and Built for Longevity
by George Whittaker Introduction
The Linux Mint team has officially unveiled Linux Mint 22.2, codenamed “Zara”, on September 4, 2025. As a Long-Term Support (LTS) release, Zara will receive updates through 2029, promising users stability, incremental improvements, and a comfortable desktop experience.
This version is not about flashy overhauls; rather, it’s about refinement — applying polish to existing features, smoothing rough edges, weaving in new conveniences (like fingerprint login), and improving compatibility with modern hardware. Below, we’ll delve into what’s new in Zara, what users should know before upgrading, and how it continues Mint’s philosophy of combining usability, reliability, and elegance.
What’s New in Linux Mint 22.2 “Zara”
Here’s a breakdown of key changes, refinements, and enhancements in Zara.
Base, Support & Kernel Stack
Ubuntu 24.04 (Noble) base: Zara continues to use Ubuntu 24.04 as its upstream base, ensuring broad package compatibility and long-term security support.
Kernel 6.14 (HWE): The default kernel for new installations is 6.14, bringing support for newer hardware.
However — for existing systems upgraded from Mint 22 or 22.1 — the older kernel (6.8 LTS) remains the default, because 6.14’s support window is shorter.
Zara is an LTS edition, with security updates and maintenance promised through 2029.
Major Features & EnhancementsFingerprint Authentication via Fingwit
Zara introduces a first-party tool called Fingwit to manage fingerprint-based authentication. With compatible hardware and support via the libfprint framework, users can:
Enroll fingerprints
Use fingerprint login for the screensaver
Authenticate sudo commands
Launch administrative tools via pkexec using the fingerprint
In some cases, bypass password entry at login (unless home directory encryption or keyring constraints force password fallback)
It is important to note that fingerprint login on the actual login screen may be disabled or limited depending on encryption or keyring usage; in those cases, the system falls back to password entry.
UI & Theming Refinements
Sticky Notes app now sports rounded corners, improved Wayland compatibility, and a companion Android app named StyncyNotes (available via F-Droid) to sync notes across devices.
Go to Full Article
- Ubuntu Update Backlog: How a Brief Canonical Outage Cascaded into Multi-Day Delays
by George Whittaker Introduction
In early September 2025, Ubuntu users globally experienced disruptive delays in installing updates and new packages. What seemed like a fleeting outage—only about 36 minutes of server downtime—triggered a cascade of effects: mirrors lagging, queued requests overflowing, and installations hanging for days. The incident exposed how fragile parts of Ubuntu’s update infrastructure can be under sudden load.
In this article, we’ll walk through what happened, why the fallout was so severe, how Canonical responded, and lessons for users and infrastructure architects alike.
What Happened: Outage & Immediate Impact
On September 5, 2025, Canonical’s archive servers—specifically archive.ubuntu.com and security.ubuntu.com—suffered an unplanned outage. The status page for Canonical showed the incident lasting roughly 36 minutes, after which operations were declared “resolved.”
However, that brief disruption set off a domino effect. Because the archives and security servers serve as the central hubs for Ubuntu’s package ecosystem, any downtime causes massive backlog among mirror servers and client requests. Mirrors found themselves out of sync, processing queues piled up, and users attempting updates or new installs encountered failed downloads, hung operations, or “404 / package not found” errors.
On Ubuntu’s community forums, Canonical acknowledged that while the server outage was short, the upload / processing queue for security and repository updates had become “obscenely” backlogged. Users were urged to be patient, as there was no immediate workaround.
Throughout September 5–7, users continued reporting incomplete or failed updates, slow mirror responses, and installations freezing mid-process. Even newly provisioning systems faced broken repos due to inconsistent mirror states.
By September 8, the situation largely stabilized: mirrors caught up, package availability resumed, and normal update flows returned. But the extended period of degraded service had already left many users frustrated.
Why a Short Outage Turned into Days of Disruption
At first blush, 36 minutes seems trivial. Why did it have such prolonged consequences? Several factors contributed:
Centralized repository backplane Ubuntu’s infrastructure is architected around central canonical repositories (archive, security) which then propagate to mirrors worldwide. When the central system is unavailable, mirrors stop receiving updates and become stale.
Go to Full Article
|
