NTLUG | Main / All the News that Matters browse

Show Descriptions... (Show All /All+Images) (Single Column)

Debian: Thunderbird Critical Arbitrary Code Exec Update DLA-4372-1
Multiple security issues were discovered in Thunderbird, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.

Fedora 43: chrome Significant Vulnerability Alert CVE-2025-13042
Update to 142.0.7444.162 * High CVE-2025-13042: Inappropriate implementation in V8

Fedora 43: bind9-next Security Update CVE-2025-8677 Cache Poisoning
Update to 9.21.14 (rhbz#2394406) Security Fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780)

Fedora 41: LUKSData Integrity Restoration Update CVE-2025-11678
New upstream release v10 Fix: CVE-2025-11568

Fedora 42: bind9-next Critical DNSSEC Issues Fix 2025-d9f9394ecd
Update to 9.21.14 (rhbz#2394406) Security Fixes: DNSSEC validation fails if matching but invalid DNSKEY is found. (CVE-2025-8677) Address various spoofing attacks. (CVE-2025-40778) Cache-poisoning due to weak pseudo-random number generator. (CVE-2025-40780)

Fedora 42: luksmeta Update CVE-2025-11568 Severity Informational
New upstream release v10 Fix: CVE-2025-11568

[$] A struct sockaddr sequel
One of the many objectives of the LinuxKernel Self-Protection Project (KSPP), which just completed ten years ofwork, is to ensure that all array references can be bounds-checked,even in the case of flexible array members, the size of which is not knownat compile time. One of the most challenging flexible array members in thekernel is not even declared as such. Almost exactly one year ago, LWN looked at the effort to increase safety aroundthe networking subsystem's heavily used sockaddr structure. Oneyear later, Kees Cook is still looking for a way to bring this work to aclose.

Security updates for Friday
Security updates have been issued by Debian (keystone and lxd), Fedora (docker-buildkit, firefox, gh, gitleaks, lasso, runc, and seamonkey), Mageia (perl-Authen-SASL, perl-Cpanel-JSON-XS, perl-Crypt-OpenSSL-RSA, perl-JSON-XS, python-flask-cors, python-py, python-setuptools, and ruby), Oracle (java-1.8.0-openjdk), SUSE (binutils, cargo-packaging, rust-bindgen, chromium, go-sendxmpp, helm, lasso, libxml2, openssh, openssh8.4, python-Django, python-Scrapy-doc, python311-Brotli, squid, tomcat10, and weblate), and Ubuntu (linux-nvidia-6.8, linux-oracle, linux-oracle-6.8 and linux-xilinx-zynqmp).

Two new stable kernels
Greg Kroah-Hartman has announced the release of the 6.17.8 and 6.12.58 stable kernels. Each contains animportant set of fixes. Users are advised to upgrade.

Rust in Android: move fast and fix things (Google Security Blog)
The Google Security Blog has anew post on just how well the use of Rust is working out for theAndroid project.
We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android's C and C++ code. But the biggest surprise was Rust's impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one.

Privilege escalation in LightDM Greeter by KDE (SUSE Security Team Blog)
The SUSE Security Team has published an in-deptharticle on its findings after reviewing a D-Bus service containedin LightDMGreeter by KDE (the lightdm-kde-greeter package)for addition to openSUSE Tumbleweed. The team found a privilegeescalation from the lightdm service user to root, aswell as other attack vectors in the service:
In agreement with upstream, we assigned CVE-2025-62876 to track thelightdm service user to root privilege escalation aspect described inthis report. The severity of the issue is low, since it only affectsdefense-in-depth (if the lightdm service user were compromised) andthe problematic logic can only be reached and exploited if triggeredinteractively by a privileged user.
The fixes are contained in the 6.0.4release of the project.

Thunderbird 145 released
Version145 of the Thunderbird email client has been released. Notablechanges in this release include enabling DNS over HTTPS, support forMicrosoft Exchange via Exchange Web Services, and quite a few bugfixes. As of 145, the project is no longer shipping 32-bit binariesfor Linux on x86.

[$] Another Fedora Flatpak discussion
Many distributions provide support out of the proverbial box forFlatpak packages, but Fedora is unusual in that it also provides, anddefaults, to its own repository of Fedora-built Flatpaks. This has beena source of confusion for Fedora users, who expect to get the Flatpakbuilt by the original developers and hosted on Flathub. It has also been a sourceof conflict with upstream projects, because users complain of bugs inFlatpak packages they are not responsible for. The situation has also frustrated someFedora developers, who would prefer to put Flathub's offeringsfirst. A new complaint that Fedora has apparently used manifestsfrom Flathub to build the packages for Fedora—without giving credit tothe original authors—has spurred discussions about Fedora'sFlatpaks once again. While no concrete changes are on the table, yet,there may be some movement toward addressing persistent complaints.

Security updates for Thursday
Security updates have been issued by Debian (chromium and firefox-esr), Fedora (firefox, rubygem-rack, skopeo, and webkitgtk), Mageia (perl, perl-CPAN, perl-HTTP-Tiny, perl-Data-Entropy, perl-FCGI, perl-File-Find-Rule, perl-YAML-LibYAML, python-tornado, python-urllib3, python-pip, python3, and unbound), Oracle (ipa and kernel), Red Hat (container-tools:rhel8, krb5, openssl, pcs, podman, and runc), Slackware (mozilla), SUSE (binutils, kernel, netty, netty-tcnative, podman, python311-pdfminer, and tomcat11), and Ubuntu (bind9 and linux-aws-6.8).

[$] LWN.net Weekly Edition for November 13, 2025
Inside this week's LWN.net Weekly Edition:
Front: FUSE performance; Magic kfuncs; Tails Linux; Direct I/O and modifying buffers; Working with bootable containers. Briefs: Kernel LLM policy; Firefox 145; FHS; Homebrew 5.0.0; Mastodon 4.5; Public-inbox 2.0.0; Pytest 9.0.0; Quote; ... Announcements: Newsletters, conferences, security updates, patches, and more.

Homebrew 5.0.0 released
Version5.0.0 of the Homebrew packagemanager for Linux and macOS has been released. Notable changes in thisrelease include download concurrency by default, official support for64-bit Arm on Linux, and more.

[$] The intersection of unstable pages and direct I/O
Longtime LWN readers will have encountered the concept of "stable pages"before; it was first covered here nearly15 years ago. For the most part, the problem that stable pages weremeant to solve — preventing errors when user space modifies a buffer thatis under I/O — has been dealt with. Butrecent discussions show that there is one area where problems remain:direct I/O. There is some disagreement,though, over whether those problems are the result of user-space bugs andhow much of a performance price should be paid to address them.

Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libtiff), Debian (kernel, libarchive, rust-sudo-rs, and squid), Fedora (chromium, dotnet8.0, forgejo, ruby, and webkitgtk), Oracle (bind, bind9.18, kernel, kernel-uek*, libtiff, and runc), Red Hat (firefox, kernel, and kernel-rt), Slackware (mozilla), SUSE (buildah, colord, containerd, kernel, lasso, libsoup, micropython, ongres-scram, openssh, proxy-helm, uyuni-tools, python-pdfminer.six, qatengine, qatlib, regclient, and runc), and Ubuntu (raptor and raptor2).

Firefox 145 released
Firefox 145 has been released. Notablechanges in this release include note-takingfeatures for PDFs viewed in Firefox, enhancedprivacy protections, and the ability to access and manage passwords inthe sidebar. This release also drops support for 32-bit Linux systems.

[$] Protecting privacy with Tails
Tails is an unusual Linuxdistribution developed by the Tor Project; itis designed to help users work around internet censorship and avoidsurveillance. It is a "portable" operating system that is meant to berun from a USB stick or ISO image and to leave no trace on thecomputer it was run on. Tails routes connections to the internet overthe Tornetwork and includes a selection of applications and toolssuited to working with sensitive documents, communicating securely,and preserving users' anonymity. The tradeoff, of course, is thatTails is less convenient and requires users to learn a new set oftools to avoid compromising their own security and anonymity. Tails 7.1 wasreleased in October, and it seemed like as good a time as any to takeit for a spin.

Security updates for Tuesday
Security updates have been issued by AlmaLinux (bind, expat, kernel, osbuild-composer, qt6-qtsvg, runc, valkey, and xorg-x11-server-Xwayland), Debian (incus), Fedora (cef and dotnet8.0), Mageia (strongswan), Red Hat (fence-agents and python-requests), SUSE (chromium, colord, erlang26, java-1_8_0-openjdk, libsoup, python-django, thunderbird, tiff, and warewulf4), and Ubuntu (intel-microcode and rust-sudo-rs).

Debian 13.2 Released With Dozens Of Fixes
Debian 13.2 is out today as the latest maintenance update to this current stable version of Debian GNU/Linux...

OAK 4 D and OAK 4 S Standalone Edge Vision Cameras with PoE and 48MP Imaging
Luxonis has opened early access preorders for the OAK 4 D and OAK 4 S, two standalone edge-processing cameras designed for computer vision tasks. Both systems provide a 48MP RGB sensor with optional autofocus or wide-angle variants, USB 3 and PoE connectivity, IP67-rated enclosures, and on-device inference capabilities. Both devices are built around the RVC4 […]

GNOME's Nautilus File Manager Finally Supporting Ctrl+Insert & Shift+Insert
GNOME's Nautilus file manager is finally matching the behavior of other file managers like KDE's Dolphin and Xfce's Thunar with a keyboard shortcut for copying and pasting files...

Banana Pi Previews Its First SOPHGO BM1688-Based Compute Module
Banana Pi has previewed the BPI-SM9 16-ENC-A3, a compact deep learning compute module built around the SOPHGO BM1688 processor. The module is described as targeting low-power AI workloads, hardware video acceleration, and mixed-precision neural inference across microservers, edge systems, industrial platforms, and AIoT devices. The BM1688 datasheet does not appear to be available on the […]

How to install Git on Debian 13
In this blog post, we will explain how to install Git on Debian 13 OS. Git is a free and open-source distributed version control system that manages the code changes in files among multiple developers. The main characteristic of Git is its distributed nature, which means that every developer has a complete copy of the entire project locally.

Debian 13.2 “Trixie” Released with 123 Bug Fixes and 55 Security Updates
Today, the Debian Project announced the release and general availability of Debian 13.2 as the second update to the latest Debian GNU/Linux 13 “Trixie” operating system series.

How To Enable Activate Linux Watermark Notification In Linux Desktop
Want a harmless Linux trick? Here's how to enable the 'Activate Linux' watermark on your desktop.

Waveshare Pairs RISC-V ESP32-P4 and ESP32-C6 for Wi-Fi 6, Bluetooth 5 LE, and PoE Support
Waveshare has released the ESP32-P4-WIFI6-POE-ETH, a compact development board built around the ESP32-P4 along with an ESP32-C6 wireless module. The design combines Wi-Fi 6, Bluetooth 5 LE, Ethernet, and optional PoE power delivery in a single platform aimed at multimedia processing, display and camera applications, and general embedded development. Like the earlier Waveshare ESP32-P4-WIFI6 development […]

Nouveau Driver To Support Larger Pages & Compression Support With Linux 6.19
While the "Nova" driver continues to be developed as a modern Rust-written, open-source and in-kernel NVIDIA graphics driver for Linux, for the time being Nouveau is what's working for end-users for those wanting a mainline open-source NVIDIA graphics driver for gaming and other workloads. With Linux 6.19 the Nouveau driver is picking up support for handling larger pages as well as compression support...

How To Backup And Restore Installed Packages In Ubuntu Linux
Learn how to easily backup and restore installed packages, PPAs, Snap, Flatpak apps, and dotfiles in Ubuntu Linux Step-by-Step.

GCC Compiler Developers Begin Considering C++20 Default
Compiler engineer Marek Polacek of Red Hat recently proposed making the C++20 language specification (or rather the GNU++20 dialect) the default C++ version when not otherwise specified...

Fedora at Kirinyaga University Docs workshop
We did it again, Fedora at Kirinyaga university in Kenya. This time, we didn’t just introduce what open source is – we showed students how to participate and actually contribute in real time. Many students had heard of open source before, but were not sure how to get started or where they could fit. We […]

Mesa 25.3 Open-Source Graphics Stack Improves Support for Many Video Games
The Mesa 25.3 open-source graphics stack has been released today as a major update with new features, improvements for the built-in open-source graphics drivers, and better support for many video games.

StarlingX cranks open-source cloud network infrastructure to 11
The open-source StarlingX cloud infrastructure project is out with its second major update of 2025, bringing with it new edge security and usability improvements.

Debian 13.2 Released with Security Fixes and Stability Updates
Debian 13 "Trixie" receives its second refresh (13.2), featuring 123 bug fixes and 55 security updates. Here's more on that.

GNU C Library Adds Linux "mseal" Function For Memory Sealing
Introduced last year in the Linux 6.10 kernel was the mseal system call for memory sealing to protect the memory mapping against modifications to seal non-writable memory segments or better protecting sensitive data structures. The GNU C Library has finally introduced its mseal function making use of this modern Linux kernel functionality...

KeePassXC Clarifies AI Policy: Used Only in Development, Never in the App
KeePassXC’s developers explain that AI helps with code reviews and small pull requests, but never appears in the KeePassXC codebase.

Fedora 44 Looking At Replacing FBCON With KMSCON As Default VT Console
Fedora 44 is looking at replacing the Linux kernel's console "FBCON" with the user-space-based KMSCON implementation. Eventually the hope remains to deprecate the FBCON/FBDEV code within the Linux kernel...

Wine 10.19 Released With More Improvements
Ahead of the Wine 11.0 code freeze beginning in early December, Wine 10.19 is out today as the newest bi-weekly development release for running Windows games and applications on Linux...

Bring CachyOS KVM Hypervisor along with KDE Plasma 6.5.2 and Kernel 6.17.7 to Arch Linux VM
This post is an immediate follow up for Fedora 43 KVM Hypervisor && bring CachyOS KDE Plasma 6.5.1 along with kernel to Arch Linux VM ( https://lxer.com/module/newswire/view/358937/index.html ) It is quite clear that there is a way to automatically start services virtstoraged, virtnetworkd, virtqemud, virtnodedevd on Arch Linux VM , however I was not lucky enough to automate this procedure.

Linux Insider"LinuxInsider"

Red Hat’s Evolution: How a Subsidiary Became an AI Powerhouse
Red Hat has become a foundational player in enterprise AI by combining open-source infrastructure with hybrid cloud flexibility, maintaining independence while leveraging IBM’s global scale. The post Red Hat’s Evolution: How a Subsidiary Became an AI Powerhouse appeared first on LinuxInsider.

Open-Source Security Tool AdaptixC2 Fueling Ransomware Attacks
Ransomware gangs are exploiting AdaptixC2, an open-source command-and-control framework originally built for red team testing, to support stealthy post-exploitation operations. The post Open-Source Security Tool AdaptixC2 Fueling Ransomware Attacks appeared first on LinuxInsider.

Open-Source Model Near Breaking Point Despite Trillions in Value
A coalition of open-source stewards warns that the software industry’s reliance on goodwill to maintain critical infrastructure is unsustainable, despite open source fueling trillions in global economic value. The post Open-Source Model Near Breaking Point Despite Trillions in Value appeared first on LinuxInsider.

The Linux Foundation Expands Agentic AI Push With Third Major Project
The Linux Foundation has launched its third major agentic AI initiative in three months, designed to secure communication, enhance interoperability, and drive open-source innovation in multi-agent environments. The post The Linux Foundation Expands Agentic AI Push With Third Major Project appeared first on LinuxInsider.

TuxCare’s In-Memory CVE Scanner Enhances Linux Security With Radar
TuxCare Radar is an in-memory CVE scanner that reduces false positives, speeds compliance, and delivers real-time Linux vulnerability detection. The post TuxCare’s In-Memory CVE Scanner Enhances Linux Security With Radar appeared first on LinuxInsider.

Linux Patch Blind Spot Exposes Critical Cybersecurity Risks
Linux patch delays leave enterprises exposed to long-standing vulnerabilities. Experts warn automation and consistent management are essential to closing this critical security gap. The post Linux Patch Blind Spot Exposes Critical Cybersecurity Risks appeared first on LinuxInsider.

The Year of the Linux Desktop? This Time, the Data Says Yes
Linux is making real gains on the desktop. New data shows its market share passing 5% in the U.S., signaling a long-awaited breakthrough. The post The Year of the Linux Desktop? This Time, the Data Says Yes appeared first on LinuxInsider.

From Kernel to Cloud: Open Source Takes On Security Trade-Offs
Open-source systems are adopting live patching and isolation technologies to support always-on security and meet enterprise compliance demands in the cloud. The post From Kernel to Cloud: Open Source Takes On Security Trade-Offs appeared first on LinuxInsider.

Kubernetes Cost Optimization May Be Doing More Harm Than Good
Slashing Kubernetes costs sounds smart — until it backfires. Here’s how to reduce spend safely while improving platform stability and speed. The post Kubernetes Cost Optimization May Be Doing More Harm Than Good appeared first on LinuxInsider.

Is a Security Baseline Enough for Open-Source Software?
The OpenSSF’s new baseline sets minimum security expectations for open-source projects — but not all developers agree it’s practical, scalable, or sufficient. The post Is a Security Baseline Enough for Open-Source Software? appeared first on LinuxInsider.

Deaths Linked to Antibiotic-Resistant Superbugs Rose 17% in England in 2024
An anonymous reader shared this report from the Guardian:The number of deaths linked to superbugs that do not respond to frontline antibiotics increased by 17% in England last year, according to official figures that raise concerns about the ongoing increase in antimicrobial resistance. The figures, released by the UK Health Security Agency, also revealed a large rise in private prescriptions for antibiotics, with 22% dispensed through the private sector in 2024. The increase in private prescribing is partly explained by the Pharmacy First scheme, a flagship policy of Rishi Sunak's government that allows patients to be prescribed antibiotics for common illnesses without seeing a GP, raising questions about whether the shift in prescribing patterns risks contributing to the rise in resistance. "Antibiotic resistance is one of the greatest health threats we face," said the UKHSA's chief executive, Prof Susan Hopkins. "More people than ever are acquiring infections that cannot be effectively treated by antibiotics. This puts them at greater risk of serious illness and even death, with our poorest communities hit the hardest... It's positive that we've seen antibiotic use fall in England within the NHS but we need to go further, faster," said Hopkins. "Please remember to only take antibiotics if you have been told to do so by a healthcare professional. Do not save some for later or share them with friends and family. If you have leftover antibiotics, please bring them to a pharmacy for appropriate disposal."

Read more of this story at Slashdot.

The Internet Archive Now Captures AI-Generated Content (Including Google's AI Overviews)
CNN profiled the non-profit Internet Archive today — and included this tidbit about how they archive parts of the internet that are now "tucked in conversations with AI chatbots."The rise of artificial intelligence and AI chatbots means the Internet Archive is changing how it records the history of the internet. In addition to web pages, the Internet Archive now captures AI-generated content, like ChatGPT answers and those summaries that appear at the top of Google search results. The Internet Archive team, which is made up of librarians and software engineers, are experimenting with ways to preserve how people get their news from chatbots by coming up with hundreds of questions and prompts each day based on the news, and recording both the queries and outputs, [says Wayback Machine Director Mark Graham]. It sounds like a fun place to work...Archivists use bespoke machines to digitize books page by page, livestreaming their work on YouTube for all to see (alongside some lo-fi music). Record players churn out vintage tunes from 1920s and 1940s, and the building houses every type of media console for any type of content imaginable, from microfilm, to CDs and satellite television. (The Internet Archive preserves music, television, books and video games, too)... "There are a lot of people that are just passionate about the cause. There's a cyberpunk atmosphere," Annie Rauwerda, a Wikipedia editor and social media influencer, said at a party thrown at the Internet Archive's headquarters to celebrate reaching a trillion pages "The internet (feels) quite corporate when I use it a lot these days, but you wouldn't know from the people here."

Read more of this story at Slashdot.

Could Firefox Be the Browser That Protects the Privacy of AI Users?
Tech entrepreneur/blogger Anil Dash has been critical of AI browsers like ChatGPT Atlas. (He's written that Atlas "substitutes its own AI-generated content for the web, but it looks like it's showing you the web," while its prompt-based/command-line interface resembles a clunky text adventure, and it's true purpose seems to be ingesting more training data.) And at the Mozilla Festival in Spain, "Virtually everyone shared some version of what I'd articulated as the majority view on AI, which is approximately that LLMs can be interesting as a technology, but that Big Tech, and especially Big AI, are decidedly awful and people are very motivated to stop them from committing their worst harms upon the vulnerable." But...Another reality that people were a little more quiet in acknowledging, and sometimes reluctant to engage with out loud, is the reality that hundreds of millions of people are using the major AI tools every day... I don't know why today's Firefox users, even if they're the most rabid anti-AI zealots in the world, don't say, "well, even if I hate AI, I want to make sure Firefox is good at protecting the privacy of AI users so I can recommend it to my friends and family who use AI"... My personal wishlist would be pretty simple: * Just give people the "shut off all AI features" button. It's a tiny percentage of people who want it, but they're never going to shut up about it, and they're convinced they're the whole world and they can't distinguish between being mad at big companies and being mad at a technology so give them a toggle switch and write up a blog post explaining how extraordinarily expensive it is to maintain a configuration option over the lifespan of a global product. * Market Firefox as "The best AI browser for people who hate Big AI". Regular users have no idea how creepy the Big AI companies are — they've just heard their local news talk about how AI is the inevitable future. If Mozilla can warn me how to protect my privacy from ChatGPT, then it can also mention that ChatGPT tells children how to self-harm, and should be aggressive in engaging with the community on how to build tools that help mitigate those kinds of harms — how do we catalyze that innovation? * Remind people that there isn't "a Firefox" — everyone is Firefox. Whether it's Zen, or your custom build of Firefox with your favorite extensions and skins, it's all part of the same story. Got a local LLM that runs entirely as a Firefox extension? Great! That should be one of the many Firefoxes, too. Right now, so much of the drama and heightened emotions and tension are coming from people's (well... dudes') egos about there being One True Firefox, and wanting to be the one who controls what's in that version, as an expression of one set of values. This isn't some blood-feud fork, there can just be a lot of different choices for different situations. Make it all work.

Read more of this story at Slashdot.

Are Data Centers Raising America's Electricity Prices?
Residential utility bills in America "rose 6% on average nationwide in August compared with the same period in the previous year," reports CNBC, citing statistics from the U.S. Energy Information Administration:The reasons for price increases are often complex and vary by region. But in at least three states with high concentrations of data centers, electric bills climbed much faster than the national average during that period. Prices, for example, surged by 13% in Virginia, 16% in Illinois and 12% in Ohio. The tech companies and AI labs are building data centers that consume a gigawatt or more of electricity in some cases, equivalent to more than 800,000 homes, the size of a city essentially... "The techlash is real," said Abraham Silverman, who served as general counsel for New Jersey's public utility board from 2019 until 2023 under outgoing Democratic Gov. Phil Murphy. "Data centers aren't always great neighbors," said Silverman, now a researcher at Johns Hopkins University. "They tend to be loud, they can be dirty and there's a number of communities, particularly in places with really high concentrations of data centers, that just don't want more data centers..." [C]apacity prices get passed down to consumers in their utility bills, Silverman said. The data center load in PJM [America's largest grid, serving 13 states] is also impacting prices in states that are not industry leaders such as New Jersey, where prices jumped about 20% year over year... There are other reasons for rising electricity prices, Silverman said. The aging electric grid needs upgrades at a time of broad inflation and the cost of building new transmission lines has gone up by double digits, he said. The utilities also point to rising demand from the expansion of domestic manufacturing and the broader electrification of the economy, such as electric vehicles and the adoption of electric heat pumps in some regions... In other states, however, the relationship between rising electricity prices and data centers is less clear. Texas, for example, is second only to Virginia with more than 400 data centers. But prices in the Lone Star state increased about 4% year over year in August, lower than the national average. Texas operates its own grid, ERCOT, with a relatively fast process that can connect new electric supply to the grid in around three years, according to a February 2024 report from the Brattle Group. California, meanwhile, has the third most data centers in the nation and the second highest residential electricity prices, nearly 80% above the national average. But prices in the Golden State increased about 1% in August 2024 over the prior year period, far below the average hike nationwide. One of the reasons California's electricity rates are so much higher than most of the country is the costs associated with preventing wildfires.

Read more of this story at Slashdot.

Security Researchers Spot 150,000 Function-less npm Packages in Automated 'Token Farming' Scheme
An anonymous reader shared this report from The Register:Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" — but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign. Amazon Inspector security researchers, using a new detection rule and AI assistance, originally spotted the suspicious npm packages in late October, and, by November 7, the team had flagged thousands. By November 12, they had uncovered more than 150,000 malicious packages across "multiple" developer accounts. These were all linked to a coordinated tea.xyz token farming campaign, we're told. This is a decentralized protocol designed to reward open-source developers for their contributions using the TEA token, a utility asset used within the tea ecosystem for incentives, staking, and governance. Unlike the spate of package poisoning incidents over recent months, this one didn't inject traditional malware into the open source code. Instead, the miscreants created a self-replicating attack, infecting the packages with code to automatically generate and publish, thus earning cryptocurrency rewards on the backs of legitimate open source developers. The code also included tea.yaml files that linked these packages to attacker-controlled blockchain wallet addresses. At the moment, Tea tokens have no value, points out CSO Online. "But it is suspected that the threat actors are positioning themselves to receive real cryptocurrency tokens when the Tea Protocol launches its Mainnet, where Tea tokens will have actual monetary value and can be traded..."In an interview on Friday, an executive at software supply chain management provider Sonatype, which wrote about the campaign in April 2024, told CSO that number has now grown to 153,000. "It's unfortunate that the worm isn't under control yet," said Sonatype CTO Brian Fox. And while this payload merely steals tokens, other threat actors are paying attention, he predicted. "I'm sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride that, not just to get the Tea tokens but to put some actual malware in there, because if it's replicating that fast, why wouldn't you?" When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person. With the swollen numbers reported this week, Amazon researchers wrote that it's "one of the largest package flooding incidents in open source registry history, and represents a defining moment in supply chain security...." For now, says Sonatype's Fox, the scheme wastes the time of npm administrators, who are trying to expel over 100,000 packages. But Fox and Amazon point out the scheme could inspire others to take advantage of other reward-based systems for financial gain, or to deliver malware. After deplooying a new detection rule "paired with AI", Amazon'ssecurity researchers' write, "within days, the system began flagging packages linked to the tea.xyz protocol...By November 7, the researchers flagged thousands of packages and began investigating what appeared to be a coordinated campaign. The next day, after validating the evaluation results and analyzing the patterns, they reached out to OpenSSF to share their findings and coordinate a response. Their blog post thanks the Open Source Security Foundation (OpenSSF) for rapid collaboration, while calling the incident "a defining moment in supply chain security..."

Read more of this story at Slashdot.

Solar and Wind are Covering All New Power Demand in 2025
An anonymous reader shared this report from Electrek:Solar and wind are growing fast enough to meet all new electricity demand worldwide for the first three quarters of 2025, according to new data from energy think tank Ember. The group now expects fossil power to stay flat for the full year, marking the first time since the pandemic that fossil generation won't increase. Solar and wind aren't just expanding; they're outpacing global electricity demand itself. Solar generation jumped 498 TWh (+31%) compared to the same period last year, already topping all the solar power produced in 2024. Wind added another 137 TWh (+7.6%). Together, they supplied 635 TWh of new clean electricity, beating out the 603 TWh rise in global demand (+2.7%). That lifted solar and wind to 17.6% of global electricity in the first three quarters of the year, up from 15.2% year-over-year. That brought the total share of renewables in global electricity -solar, wind, hydro, bioenergy, and geothermal — to 43%. Fossil fuels slid to 57.1%, down from 58.7%. For the first time in 2025, renewables collectively generated more electricity than coal. And fossil generation as a whole has stalled. Fossil output slipped slightly by 0.1% (-17 TWh) through the end of Q3. Ember expects no fossil-fuel growth for the full year, driven by clean power growth outpacing demand.

Read more of this story at Slashdot.

'Holy Winamp! Opera Puts a Music Visualizer Inside Its Browser'
An anonymous reader shared this report from PC World: It won't whip the llama's ass, but Opera has added a Spotify visualizer to its latest iteration of its free Opera One browser. Known as Sonic, the visualizer will be part of Opera's Dynamic Themes, which use the WebGPU standard to employ a dynamic theme that runs in the background of the browser. It's essentially a shader, which uses your PC's graphics engine to generate the moving background. The browser also comes with a music player, which is set to Spotify by default. Users will have an opportunity to upgrade to Spotify Premium as part of the browser upgrade, Opera said. Opera's Sonic theme... takes the Spotify input and transforms it into a dynamic background. "As any old tech head knows, the original visualizer was found in Winamp, which would sync visualizations to the beat and flow of music being played," the article points out. And 27 years later, WinAmp arrived as an app in Apple's App Store and Google Play and in April of 2024. (The latest version was apparently released this May — and you can also download it to your desktop...) Somewhere along the way, Winamp also announced "Winamp for Creators," which they're describing as a dedicated platform for music artists with monetization and promotion tools, music management services, and other essential resources "to help creators take control of their careers" (including "a powerful social media publishing tool that lets users write a single post and push it to all their social media channels simultaneously.")

Read more of this story at Slashdot.

Could C# Overtake Java in TIOBE's Programming Language Popularity Rankings?
It's been trying to measure the popularity of programming languages since 2000 using metrics like the number of engineers, courses, and third-party vendors. And "The November 2025 TIOBE Index brings another twist below Python's familiar lead," writes TechRepublic. "C solidifies its position as runner-up, C++ and Java lose some ground, and C# moves sharply upward, narrowing the gap with Java to less than a percentage point..." TIO CEO Paul Jansen said this month that "Instead of Python, programming language C# is now the fastest rising language,"How did C# achieve this? Java and C# are battling for a long time in the same areas. Right now it seems like C# has removed every reason why not to use C# instead of Java: it is cross platform nowadays, it is open source and it contains all new language features a developer wants. While the financial world is still dominated by Java, all other terrains show equal shares between Java and C#. Besides this, Microsoft is going strong and C# is still their most backed programming language. Interesting note: C# has never been higher than Java in the TIOBE index. Currently the difference between the two rivals is less than 1%. There are exciting times ahead of us. Is C# going to surpass Java for the first time in the TIOBE index history? "The fact that C# has been in the news for the successive betas and pre-release candidates prior to the release of C# 14 may have bumped up its percentage share in the last few months," notes a post on the site i-Programmer. But they also point out that by TIOBE's reckoning, Java — having been overtaken by Python in 2021 — "has been in decline ever since." TechRepublic summarizes the rest of the Top Ten:JavaScript stays in sixth place at 3.42%, and Visual Basic edges up to seventh with 3.31%. Delphi/Object Pascal nudges upward to eighth at 2.06%, while Perl returns to the top 10 in ninth at 1.84% after a sharp year-over-year climb. SQL rounds out the list at tenth with 1.80%, maintaining a foothold that shows the enduring centrality of relational databases. Go, which held eighth place in October, slips out of the top 10 entirely. Here's how TIOBE's methodology ranks programming language popularity in November:PythonCC++JavaC#JavaScriptVisual BasicDelphi/Object PascalPerlSQL

Read more of this story at Slashdot.

Copy-and-Paste Now Exceeds File Transferring as the Top Corporate Data Exfiltration Vector
Slashdot reader spatwei writes: It is now more common for data to leave companies through copying and pasting than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025. This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-pastes from corporate accounts to non-corporate accounts occurring within genAI tools. 'Traditional governance built for email, file-sharing, and sanctioned SaaS didn't anticipate that copy/paste into a browser prompt would become the dominant leak vector,' LayerX CEO Or Eshed wrote in a blog post summarizing the report. "GenAI now accounts for 11% of enterprise application usage," notes this article from SC World, "with adoption rising faster than many data loss protection (DLP) controls can keep up. Overall, 45% of employees actively use AI tools, with 67% of these tools being accessed via personal accounts and ChatGPT making up 92% of all use..." "With the rise of AI-driven browsers such as OpenAI's Atlas and Perplexity's Comet, governance of AI tools' access to corporate data becomes even more urgent, the LayerX report notes."

Read more of this story at Slashdot.

Google Begins Aggresively Using the Law To Stop Text Message Scams
"Google is going to court to help put an end to, or at least limit, the prevalence of phishing scams over text message," reports BGR:Google said it's bringing suit against Lighthouse, an impressively large operation that allegedly provides tools customers can buy to set up their own specialized phishing scams. All told, Google estimates that Lighthouse-affiliated scams in the U.S. have stolen anywhere between 12.7 million and 115 million credit cards. "Bad actors built Lighthouse as a phishing-as-a-service kit to generate and deploy massive SMS phishing attacks," Google notes. "These attacks exploit established brands like E-Z Pass to steal people's financial information." Google's legal action is comprehensive and is intent on completely dismantling Lighthouse's operations. The search giant is bringing claims under RICO, the Lanham Act, and the Computer Fraud and Abuse Act (CFAA). RICO, which often comes up in movies and television shows, allows authorities to treat Lighthouse's phishing operation as a broad criminal enterprise as opposed to isolated scams. By using RICO, Google also expands the list of individuals who can be found liable, whether it be the people who started Lighthouse, the people who run it, or even unaffiliated customers who used the company's services. The Lanham Act, for those unaware, targets malicious actors who misappropriate well-known company trademarks in order to confuse consumers. This Lanham Act comes into play because many phishing scams masquerade as legitimate messages from companies like Amazon and FedEx. The Computer Fraud and Abuse Act, meanwhile, is relevant because scammers typically use stolen credentials to gain unauthorized access to financial systems, something the CFAA is designed to target... The fact that Google is invoking all three of the acts above underscores how serious the company is about putting a stop to SMS-based scams. By using all three, Google's legal attack is more potent and also expands the range of available remedies to include civil damages and criminal penalties. In short, Google isn't merely trying to win a legal case; it's aiming to emphatically and permanently stop Lighthouse in its tracks. Getting even more aggressive, Google says it's also working with the U.S. Congress to pass new anti-scammer legislation, and endorsed these three new bipartisan bills:The Scam Compound Accountability and Mobilization (SCAM) Act "would develop a national strategy to counter scam compounds, enhance sanctions and support survivors of human trafficking within these compounds."The Foreign Robocall Elimination Act "would establish a taskforce focused on how to best block foreign-originated illegal robocalls before they ever reach American consumers."The Guarding Unprotected Aging Retirees from Deception (GUARD) Act "would empower state and local law enforcement by enabling them to utilize federal grant funding to investigate financial fraud and scams specifically targeting retirees. "Thanks to Slashdot reader anderzole for sharing the article.

Read more of this story at Slashdot.

A Quantum Error Correction Breakthrough?
The dream of quantum computers has been hampered by the challenge of error correction, writes the Harvard Gazette, since qubits "are inherently susceptible to slipping out of their quantum states and losing their encoded information." But in a newly-published paper, a research team "combined various methods to create complex circuits with dozens of error correction layers" that "suppresses errors below a critical threshold — the point where adding qubits further reduces errors rather than increasing them.""For the first time, we combined all essential elements for a scalable, error-corrected quantum computation in an integrated architecture," said Mikhail Lukin, co-director of the Quantum Science and Engineering Initiative, Joshua and Beth Friedman University Professor, and senior author of the new paper. "These experiments — by several measures the most advanced that have been done on any quantum platform to date — create the scientific foundation for practical large-scale quantum computation..." "There are still a lot of technical challenges remaining to get to very large-scale computer with millions of qubits, but this is the first time we have an architecture that is conceptually scalable," said lead author Dolev Bluvstein, Ph.D. '25, who did the research during his graduate studies at Harvard and is now an assistant professor at Caltech. "It's going to take a lot of effort and technical development, but it's becoming clear that we can build fault-tolerant quantum computers...." Hartmut Neven, vice president of engineering at the Google Quantum AI team, said the new paper came amid an "incredibly exciting" race between qubit platforms. "This work represents a significant advance toward our shared goal of building a large-scale, useful quantum computer," he said... With recent advances, Lukin believes the core elements for building quantum computers are falling into place. "This big dream that many of us had for several decades, for the first time, is really in direct sight," he said. "In theory, a system of 300 quantum bits can store more information than the number of particles in the known universe..." the article points out. "The new paper represents an important advance in a three-decade pursuit of quantum error correction." Thanks to long-time Slashdot reader schwit1 for sharing the article.

Read more of this story at Slashdot.

Fear Drives the AI 'Cold War' Between America and China
A new "cold war" between America and China is "pushing leaders to sideline concerns about the dangers of powerful AI models," reports the Wall Street Journal, "including the spread of disinformation and other harmful content, and the development of superintelligent AI systems misaligned with human values..." "Both countries are driven as much by fear as by hope of progress. "In Washington and Silicon Valley, warnings abound that China's"authoritarian AI," left unchecked, will erode American techsupremacy. Beijing is gripped by the conviction that a failure tokeeppace in AI will make it easier for the U.S. to cut short China'sresurgence as a global power. Both countries believe market sharefor their companies across the world is up for grabs — and with it,the potential to influence large swaths of the global population. The U.S. still has a clear lead, producing the most powerful AImodels. China can't match it in advancedchips and has no answer for the financial firepower of privateAmerican investors, who funded AI startups to the tune of $104billion in the first half of 2025, and are gearingup for more. But it has a massive population of capableengineers, lower costs and a state-led development model that oftenmoves faster than the U.S., all of which Beijing is working toharness to tip the contest in its direction. A new "whole ofsociety" campaign looks to accelerate the construction of computingclusters in areas like Inner Mongolia, where vast solar and windfarms provide plentiful cheap energy, and connect hundreds of datacenters to create a shared compute pool — some describe it as a"national cloud" — by 2028. China is also funneling hundreds ofbillions of dollars into its power grid to support AI training andadoption... "Our lead is probably in the 'months but not years' realm,"said Chris McGuire, who helped design U.S. export controls on AIchips while serving on the National Security Council under the Bidenadministration. Chinese AI models currently rank at or near the topin every task from coding to video generation, with the exception ofsearch, according to Chatbot Arena, a popular crowdsourced rankingplatform. China's manufacturing sector, meanwhile, is rocketingpast the U.S. in bringingAI into the physical world through robotaxis, autonomous dronesand humanoidrobots. Given China's progress, McGuire said, the U.S. is"very lucky" to have its advantage in chips... If AI surpasses human intelligence and acquires the ability toimprove itself, it could confer unshakable scientific, economic andmilitary superiority on the country that controls it. Short of that,AI's ability to automate tedious tasks and process vast amounts ofdata quickly promises to supercharge everything from cancer diagnosesto missile defense. With so much at stake, hacking and cyberespionage are likely to get worse, as AI gives hackers more powerfultools, while increasing incentives for state-backed groups to try tosteal AI-related intellectual property. As distrust grows, Washingtonand Beijing will also find it hard, if not impossible, to cooperatein areas like preventing extremist groups from using AI indestructive ways, such as building bioweapons. "The costs of theAI Cold War are already high and will go much higher," said PaulTriolo, a former U.S. government analyst and current technologypolicy lead at business consulting firm DGA-Albright StonebridgeGroup. "A U.S.-China AI arms race becomes a self-fulfillingprophecy, with neither side able to trust that the other wouldobserve any restrictions on advanced AI capability development...." The article includes an interesting observation from Helen Toner, director of strategy for Georgetown's Center for Security and Emerging Technology and a former OpenAI board member. Toner points out "We don't actually know" if boosting computing power with better chips will continue producing more-powerful AI models. So "If performance plateaus," the Journal writes, "despite all the spending by OpenAI and others — a growing concern in Silicon Valley — China has a chance to compete."

Read more of this story at Slashdot.

EV Sales Are Still Rising. They Have Not Slumped
"Media headlines suggesting some slowdown in EV sales are simply incorrect," writes the site Electrek, "and leave out the bigger picture that gas car sales actually are dropping..."Over the course ofthe last two years or so, sales of battery electric vehicles, whilecontinuing to grow, have posted lower year-over-year percentagegrowth rates than they had in years prior. EV sales used to grow at50%+ per year, but for the last couple years, they have grown closerto ~25% per year. This alone is not particularly remarkable — itis inevitable that any growing product or category will show slowerpercentage growth rates as sales rise, particularly one that has beengrowing at such a fast rate for so long. In some recent years, wehad even seen year-over-yeardoublings in EV market share (though one of those was 2020->2021,which was anomalous). To expect improvement at that level perpetuallywould be close to impossible — after 3 years of doublingmarket share from 2023's 18% number, EVs would account for morethan 100% of the global automotive market, which cannot happen... We have seen a global EV sales growth rate of 23% in the first 10months of this year, according to a report just released by RhoMotion (recently acquired by Benchmark Mineral Intelligence). Thatincludes a +32% bump in Europe, +22% bump in China, +4% in NorthAmerica, and a big +48% bump in the "rest of the world." Notably,this 23% global growth rate is higher than last year's YTD growthrate, which was 22%at this time... In covering these trends, some journalists have attempted to usethe less-wrong phrase "slower growth," showing that EV sales arestill growing, but at a lower percentage change than previously seen. But for the first ten months of this year, that isn't true — EVsales are up more in 2025 than in 2024 by a percentage basis. Theyare also up in raw sales numbers — in 2024, EVsales grew by a larger number than in 2023. And the same is trueso far in 2025. Going back to 2023, 10.7 million EVs were soldglobally in the first 10 months. Then in 2024, 13.3 million weresold, a difference of 2.6 million. And so far in 2025, 16.5 millionEVs have sold, a difference of 3.2 million. Not only are the numbersgetting bigger, but the growth in unit sales is getting bigger aswell. Even in America, theEV market "has increased so far this year, with 11.7%US EV sales growth YTD."In terms of US hybrid sales, much has been made of customers"shifting from EVs to hybrids," which is also not the case.Conventional gas-hybrid sales areindeed up and plug-in hybrids, which have grown more slowlythan gas-hybrids/BEVs, have also shown some growth lately. Butgas-hybrid sales have not come at the cost of EV sales, rather at thecost of gas-only car sales. Because that'sjust the thing: the number of gas-only vehiclesbeing sold worldwide is a number that actually is falling.That number continues to go down year over year. Sales of newgas-powered cars are down by abouta quarter from their peak in 2017, and show no signs ofrecovering... And yet, somehow, virtually every headline you read isabout the "EV sales slump," rather than the "gas-car salesslump." The one you keep hearing about isn't happening,but the one you rarely hear about is happening... No matterwhat region of the world you're in, EV sales were up in the first10 months of this year.

Read more of this story at Slashdot.

While Meta Crawls the Web for AI Training Data, Bruce Ediger Pranks Them with Endless Bad Data
From the personal blog of interface expert Bruce Ediger:Early in March 2025, I noticed that a web crawler with a useragent string of meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) was hitting my blog's machine at an unreasonable rate. I followed the URL and discovered this is what Meta uses to gather premium,human-generated content to train its LLMs. I found the rate ofrequests to be annoying. I already have a PHP program that creates the illusion of an infinite website. I decided to answer any HTTP request that had"meta-externalagent" in its user agent string with the contentsof a bork.php generated file... This workedbrilliantly. Meta ramped up to requesting 270,000 URLs on May 30 and31, 2025...After about 3 months, I got scared that Meta's insatiableconsumption of Super Great Pages about condiments, underwear andcirca 2010 C-List celebs would start costing me money. So I switchedto giving "meta-externalagent" a 404 status code. I decided tosee how long it would take one of the highest valued companies in theworld to decide to go away.The answer is 5 months.

Read more of this story at Slashdot.

Sony Killed This Game in 2024. Three Developers Reverse-Engineered It Back to Life
An anonymous reader shared this post from the gaming news site Aftermath: Concord, Sony Interactive Entertainment and Firewalk Studios' Overwatch-like shooter, was live for just two weeks before it was pulled offline. Though Concord certainly had some dedicated players, it didn't have many — which is why it may be surprising to hear that a group of players are reverse-engineering the game and its servers to bring it back to life. Publisher Sony removed Concord from stores and digital marketplaces, automatically refunded some, and, later, shut down Firewalk Studios. Two hundred or so people were laid off, and any hopes of Concord's return were dashed. Poor sales — estimated to be under 25,000 copies sold — and low player numbers marred the release. Firewalk Studios' game director Ryan Ellis said in a blog post that pieces of the game "resonated with players," but "other aspects of the game and [Concord's] initial launch didn't land the way [Firewalk Studios] intended." Concord wasn't a bad game, but it just didn't generate enough interest with enough players. Now, a group of three hobbyist reverse-engineers, who go by real, Red, and gwog online, are trying to make it playable again... "Sometimes there's enough of the server left in the game, that we can 'activate' that code and make the game believe it's a server," Red said. "We do pretty much always need to fill in the gaps though..." Concord used an anti-tamper software to keep people from cheating, which also creates a problem for people reverse engineering. It's "nearly impossible" to crack, Red said, so the group didn't — they found an exploit to "forcefully decrypt the game's code" to "restore the game and start working on servers...." It's not open to the public, but people can sign up for future tests. Even former Firewalk Studios employees have joined the server. They're excited to see Concord come back to life, too, the developers said. "Friday morning, a video of the playtest was posted to the Concord Reddit page," according to the article. (Though ironically by Friday night YouTube had had removed the video "due to a copyright claim by MarkScan Enforcement."

Read more of this story at Slashdot.

Nvidia-backed photonics startup Ayar Labs eyes hyperscale customers with GUC design collab
Who needs 600 kilowatt racks when a single computer can span entire datacenters?
Exclusive Nvidia-backed photonics startup Ayar Labs announced a new collaboration with Global Unichip Corp (GUC) on Sunday to integrate its optical I/O chiplets into the Taiwanese semiconductor design services provider's XPU reference designs.…

Power: The answer to and source of all your AI datacenter problems
Digital Realty CTO Chris Sharp weights impact of densification on the datacenter and the rise of the AI factory
Interview In the datacenter biz, power is the product. You either have it or you don't, Chris Sharp tells El Reg.…

Apple’s new 15% mini-app deal finally gets Tencent to cut Cupertino in
When is an app not an app? When it’s a mini app inside another app
Apple has cut its take to 15 percent on purchases inside mini apps running within other iOS apps, and reached a parallel agreement with Tencent that brings WeChat's vast mini-program ecosystem into its revenue net.…

Memory boom-bust cycle booms again as Samsung reportedly jacks memory prices 60%
Leaving buyers to cry, AI AI AI
If you haven't noticed, DRAM memory has gotten a lot more expensive in recent weeks. …

Researchers find hole in AI guardrails by using strings like =coffee
Who guards the guardrails? Often the same shoddy security as the rest of the AI stack
Large language models frequently ship with "guardrails" designed to catch malicious input and harmful output. But if you use the right word or phrase in your prompt, you can defeat these restrictions.…

Fortinet finally cops to critical make-me-admin bug under active exploitation
More than a month after PoC made public
Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation – but it appears digital intruders got a month's head start.…

Canonical pushes Ubuntu LTS support even further - if you pay
Enterprise Linux vendors keep jostling to see who can prop up geriatric distros the longest
Last year, Canonical increased its paid extended support lifespan to 12 years. Now, it's increasing it again, to 15 years ... for a price.…

Crims poison 150K+ npm packages with token-farming malware
Amazon spilled the TEA
Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.…

Now you can share your AI delusions with Group ChatGPT
Just when you thought virtual collaboration couldn’t get worse, OpenAI stuffs a bot into your group conversations
Feel like your team's group chat is a bit lifeless? Remote coworkers not really collaborating as well as they should be? There's a new way to stir the pot now that OpenAI has piloted ChatGPT group chats: cram a chatbot into the conversation and let it chime in whenever it thinks it should.…

AMD grabs more x86 share as Intel stumbles in entry-level chips
Mercury Research blames stockpiling and low-end shortages for unusually flat CPU market
AMD continues to claw market share away from Intel in CPU shipments, growing faster than its rival in most segments. Meanwhile business in the x86 processor arena is unusually flat overall, likely due to stockpiling over tariff fears.…

Project Kuiper becomes Amazon Leo as satellite network trickles into orbit
Starlink challenger drops the codename, but full-blown service still years out
Amazon has rebranded its satellite broadband plan from Project Kuiper to Amazon Leo. And no, Leo doesn't stand for "Late Entrants Only," even though the project is years behind Starlink and still not ready for anyone to use.…

FBI flags scam targeting Chinese speakers with bogus surgery bills
Crooks spoof US insurers, threaten bogus extradition to pry loose personal data and cash
Chinese speakers in the US are being targeted as part of an aggressive health insurance scam campaign, the FBI warns.…

GPU goliaths are devouring supercomputing – and legacy storage can't feed the beast
VDURA boss: Your x86 clusters are obsolete, metadata is eating 20% of I/O, and every idle GPU second burns cash
The supercomputing landscape is fracturing. What once was a relatively unified world of massive multi-processor x86 systems has splintered into competing architectures, each racing to serve radically different masters: traditional academic workloads, extreme-scale physics simulations, and the voracious appetite of AI training runs.…

CISA flags imminent threat as Akira ransomware starts hitting Nutanix AHV
Advisory updated as leading cybercrime crew opens up its target pool
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware operation, which poses an imminent threat to critical sectors.…

Retro Games opens pre-orders for THEA1200, a full-size working Amiga replica
Company behind THESPECTRUM brings the holiday season early for retro computing fans
Retro Games Ltd (RGL), the company behind THESPECTRUM and THEA500 Mini, has started accepting pre-orders for its full-size Amiga 1200 replica, THEA1200.…

Shenzhou-20 crew rides Shenzhou-21 home after debris strike
Original spacecraft deemed unsafe after cracks spotted in window
The Shenzhou-20 astronauts have returned to Earth on the Shenzhou-21 spacecraft after engineers deemed the Shenzhou-20 vehicle unsafe following a debris strike while it was docked to the Tiangong space station.…

The Steam Machine rises again as Valve readies 2026 hardware trifecta
Linux-powered PC, Arm VR headset, and refreshed controller all land on pre-order for next year
The holiday season is almost upon us, but the new gear on gamers' wish lists won't arrive until next year.…

Google pitches EU on adtech fixes to dodge breakup after €2.95B slap
Brussels reviewing proposal as Mountain View insists it will appeal antitrust ruling
Google has proposed a plan to the European Commission aimed at addressing antitrust concerns following a €2.95 billion fine imposed on the company for its online advertising practices.…

Europe's IT spend to surge 11% as cloud sovereignty fever takes hold
AI, cybersecurity, and geopolitical jitters forecast to push market to $1.4T next year
IT spending in Europe will grow 11 percent next year to hit $1.4 trillion amid a desire for cloud sovereignty, according to Gartner.…

Software engineer reveals the dirty little secret about AI coding assistants: They don't save much time
Stay in control and think for yourself
Feature Artificial intelligence is rapidly reshaping the way software gets built, tested, and maintained — but not in the simplistic, headline-grabbing sense of "AI replacing developers."…

Report blasts UK Ministry of Defence over Afghan data-handling failures
Public Accounts Committee tears into department responsible for the most dangerous breach in British history
The UK Parliament's Public Accounts Committee (PAC) says the Ministry of Defence (MoD) has failed to appropriately improve its data protection mechanisms, three years after the infamous 2022 Afghan data breach.…

Why Elon Musk won't ever realize the shareholder-approved Tesla payout
Trillionaire fantasies, investor dreams, reality nightmares
Opinion At Tesla's annual shareholder meeting in Austin, Texas, more than 75 percent of voting shares backed a compensation deal for CEO Elon Musk that would make him history's first trillionaire.…

UK tribunal says reselling Microsoft licenses is A-OK
Windows giant disagrees and plans to appeal
Microsoft's attempt to claim that its software can't be resold has hit a wall at the UK Competition Appeal Tribunal, which decided that Office having clipart does not mean customers can't sell their licenses on.…

Digital overhaul at UK's NS&I bank is £1.3B over budget and 4 years late
Watchdog says program buckled under procurement failures and technical complexity
Updated The UK's state-owned savings bank has blown past its budget by £1.3 billion on a digital transformation program beset by delays, according to the National Audit Office.…

Clop claims it hacked 'the NHS.' Which bit? Your guess is as good as theirs
Cybercrime crew has ravaged multiple private organizations using Oracle EBS zero-day for months
The UK's National Health Service (NHS) is investigating claims of a cyberattack by extortion crew Clop.…

Execs make rules that control AI usage, then break them for their own work
FOMO trumps corporate governance when it comes to AI
More than two-thirds of corporate executives say they've violated their own AI usage policies in the past three months, and over half of the leaders also ranked security and compliance as the greatest AI implementation challenge.…

Developer battled to write his own documentation, but lost the boss fight
Org chart games were more important than speed and accuracy
On Call Welcome once again to On Call, The Register's reader-contributed column in which we tell your tales of tech support troubles and other workplace woes.…

Chinese web giant Tencent can't buy all the GPUs it wants
Getting by with a meager $2 billion quarterly capex – vastly less than rivals, but still cashing in on AI
Chinese web giant Tencent’s capital expenditure is slowing and the company expects it will decelerate further due to its inability to buy all the GPUs it wants.…

Kubernetes overlords decide Ingress NGINX isn’t worth saving
Maintenance to end next year after ‘helpful options’ became ‘serious security flaws’
Kubernetes maintainers have decided it’s not worth trying to save Ingress NGINX and will instead stop work on the project and retire it in March 2026.…

Chinese spies told Claude to break into about 30 critical orgs. Some attacks succeeded
Anthropic dubs this the first AI-orchestrated cyber snooping campaign
Chinese cyber spies used Anthropic's Claude Code AI tool to attempt digital break-ins at about 30 high-profile companies and government organizations – and the government-backed snoops "succeeded in a small number of cases," according to a Thursday report from the AI company.…

Happy holidays: AI-enabled toys teach kids how to play with fire, sharp objects
Consumer advocacy researchers at PIRG tested four AI toys, and none of them passed muster
Picture the scene: It's Christmas morning and your child is happily chatting with the AI-enabled teddy bear you got them when you hear it telling them about sexual kinks, where to find the knives, and how to light matches. This is not a hypothetical scenario. …

Firefox adds AI Window, users want AI wall to keep it out
Browser maker scolds AI objectors, "The web is changing, and sitting it out doesn’t help anyone"
Mozilla is apparently a lot more excited about adding AI features to Firefox than its community. The org has decided that AI deserves its own new environment in the browser, a move its fans met with withering criticism.…

Ransomed CTO falls on sword, refuses to pay extortion demand
Checkout.com will instead donate the amount to fund cybercrime research
Digitial extortion is a huge business, because affected orgs keep forking over money to get their data back. However, instead of paying a ransom demand after getting hit by extortionists last week, payment services provider Checkout.com donated the demanded amount to fund cybercrime research.…

Baidu answers China's call for home-grown silicon with custom AI accelerators
Chinese search giant plans to bring custom silicon to the rack scale in 2026 with 256- and 512-chip systems
Chinese search giant Baidu unveiled two new AI accelerators this week amid a national push to end reliance on Western chips.…

States that aren't nice to ICE still sharing key database full of personal info
Lawmakers warn of ‘information gap’ lets immigration agents sidestep states’ data safeguards
Democratic lawmakers say some states that don't want to assist Immigration and Customs Enforcement (ICE) may be unintentionally allowing the agency access to residents' driver and criminal records through a law-enforcement data network.…

AI pilots keep crashing, mostly because firms skip the prep, survey finds
Under a third of PoCs make it past testing, but those that do often boost productivity
It is the best of AI times; it is the worst of AI times, depending on whom you ask. Nearly a third of firms are seeing almost total failure of their AI proof-of-concept (PoC) projects, while 46 percent are successfully moving more than 10 percent of theirs into operational use.…

Ubuntu 25.10's Rusty sudo holes quickly welded shut
The goal of 'oxidizing' the Linux distro hits another bump
Two vulnerabilities in Ubuntu 25.10's new "sudo-rs" command have been found, disclosed, and fixed in short order.…

Avalonia brings Linux, browser support to Microsoft's MAUI cross-platform app solution
Third-party framework builds alternative backend using its own renderer and WebAssembly
Microsoft's MAUI (Multi-platform App UI), the official .NET solution for cross-platform desktop and mobile apps, will get Linux and browser support via Avalonia, a third-party framework.…

ERP carnage continues as orgs jump in unprepared
Lack of executive backing, unrealistic plans, and muddled goals remain recipe for failure
In Barcelona this week, consultancy Gartner once again tried to answer one of the perennial questions in IT: what is it about ERP projects that makes them so likely to fail?…

Blue Origin hopes third time's the charm for New Glenn after two scrubbed launches
Bezos booster blasted by solar emissions
A blast from the Sun kept Blue Origin's New Glenn rocket on the pad as the Northern Lights forced NASA to halt the launch.…

HPE details Vera Rubin blades for next-gen Cray supercomputers
Promised for 2027 racks, mixing Nvidia and AMD silicon in one liquid-cooled box
HPE's next-gen Cray supercomputing platform will offer a choice of compute nodes with Nvidia's Vera Rubin or AMD's upcoming Venice Epyc CPUs – or a mix of both.…

Extra, extra, read all about it: Washington Post clobbered in Clop caper
Nearly 10,000 staff and contractors warned after attackers raided newspaper's Oracle EBS setup
The Washington Post has confirmed that nearly 10,000 employees and contractors had sensitive personal data stolen in the Clop-linked Oracle E-Business Suite (EBS) attacks.…

To solve compatibility issues, Microsoft would quietly patch other people's code
Long before automatic updates, the Windows 95 team tweaked third-party software to keep it running
How to get that all-important piece of software working on Windows has vexed Microsoft since the beginning of the operating system. Compatibility was king.…

Britain's first small modular reactors to be built in Wales
Government picks Wylfa on Anglesey for initial trio of units, but power unlikely before mid-2030s
The UK will build its first small modular reactor (SMR) nuclear plant at Wylfa on Anglesey, an island off northwest Wales - but it won't generate power until the mid-2030s.…

Geopolitics push European CIOs to think local on cloud
Majority of customers plan to favor domestic providers as sovereignty fears rise
A survey of CIOs and tech leaders in Western Europe has found 61 percent want to increase their use of local cloud providers amid global geopolitical uncertainty.…

Rhadamanthys malware admin rattled as cops seize a thousand-plus servers
Operation Endgame also takes down Elysium and VenomRAT infrastructure
International cops have pulled apart the Rhadamanthys infostealer operation, seizing 1,025 servers tied to the malware in coordinated raids between November 10-13.…

London left buffering as Hyperoptic backup link refuses to boot
Broadband provider says damaged fiber and dormant failover path knocked customers offline for nearly 24 hours
Updated UK broadband provider Hyperoptic learned the importance of testing backup systems this week after the service went dark for customers in London.…

NHS supplier ends probe into ransomware attack that contributed to patient death
Synnovis's 18-month forensic review of Qilin intrusion completed, now affected patients to be notified
Synnovis has finally wrapped up its investigation into the 2024 ransomware attack that crippled pathology services across London, ending an 18-month effort to untangle what the NHS supplier describes as one of the most complex data reconstruction jobs it has ever faced.…

To 'Infinity' ... and beyond: MX Linux 25 has arrived
Systemd-free option still available if you choose that download
MX Linux 25 "Infinity" is now available, and the new version has some significant differences from the 2023 release, with things that used to be boot-time choices having become pre-install decisions.…

Networking students need an explanation of the internet that can fit in their heads
Networks have changed profoundly, except for the parts that haven’t
Systems Approach When my colleague and co-author Bruce Davie delivered his keynote at the SIGCOMM conference, he was asked a thought-provoking question: How should we think about educating the next generation of students about networking, given how different and more complex the internet is today?…

Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights Part Two
In Part One of this series, we examined how the SONiC control plane and the VPP data plane form a cohesive, software-defined routing stack through the Switch Abstraction Interface.` We outlined how SONiC’s Redis-based orchestration and VPP’s user-space packet engine come together to create a high-performance, open router architecture. In this second part, we’ll turn [0]

The post Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights Part Two appeared first on Linux.com.

Disaggregated Routing with SONiC and VPP: Architecture and Integration Part One
The networking industry is undergoing a fundamental architectural transformation, driven by the relentless demands of cloud-scale data centers and the rise of software-defined infrastructure. At the heart of this evolution is the principle of disaggregation: the systematic unbundling of components that were once tightly integrated within proprietary, monolithic systems.` This movement began with the separation [0]

The post Disaggregated Routing with SONiC and VPP: Architecture and Integration Part One appeared first on Linux.com.

Kubernetes on Bare Metal for Maximum Performance
When teams consider deploying Kubernetes, one of the first questions that arises is: where should it run? The default answer is often the public cloud, thanks to its flexibility and ease of use. However, a growing number of organizations are revisiting the advantages of running Kubernetes directly on bare metal servers. For workloads that demand [0]

The post Kubernetes on Bare Metal for Maximum Performance appeared first on Linux.com.

How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM
This article was contributed by Vedrana Vidulin, Head of Responsible AI Unit at Intellias (LinkedIn). As AI becomes central to smart devices, embedded systems, and edge computing, the ability to run language models locally — without relying on the cloud — is essential. Whether its for reducing latency, improving data privacy, or enabling offline functionality, local AI [0]

The post How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM appeared first on Linux.com.

Automating Compliance Management with UTMStacks Open Source SIEM 8 XDR
Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth. Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions [0]

The post Automating Compliance Management with UTMStacks Open Source SIEM & XDR appeared first on Linux.com.

A Simple Way to Install Talos Linux on Any Machine, with Any Provider
Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence [0]

The post A Simple Way to Install Talos Linux on Any Machine, with Any Provider appeared first on Linux.com.

Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely

The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.

Project Tazama, A Project Hosted by LF Charities With Support From the Gates Foundation, Receives Digital Public Good Designation.
Exciting news! The Tazama project is officially a Digital Public Good having met the criteria to be accepted to the Digital Public Goods Alliance ! Tazama is a groundbreaking open source software solution for real-time fraud prevention, and offers the first-ever open source platform dedicated to enhancing fraud management in digital payments. Historically, the financial [0]

The post Project Tazama, A Project Hosted by LF Charities With Support From the Gates Foundation, Receives Digital Public Good Designation. appeared first on Linux.com.

Xen 4.19 is released
Xen Project 4.19 has been officially out since July 31st, 2024, and it brings significant updates. With enhancements in performance, security, and versatility across various architectures like Arm, PPC, RISC-V, and x86, this release is an important milestone for the Xen community. Read more at XCP-ng Blog

The post Xen 4.19 is released appeared first on Linux.com.

Advancing Xen on RISC-V: key updates
At Vates, we are heavily invested in the advancement of Xen and the RISC-V architecture. RISC-V, a rapidly emerging open-source hardware architecture, is gaining traction due to its flexibility, scalability and openness, which align perfectly with our ethos of fostering open development ecosystems. Although the upstream version of Xen for RISC-V is not yet fully [0]

The post Advancing Xen on RISC-V: key updates appeared first on Linux.com.

NVIDIA Highlights The Shortcomings With Wayland Screencasting
In addition to showing the need for unifying DRM driver-side APIs within the Linux kernel, NVIDIA's Linux graphics driver team at XDC2025 also showcased the shortcomings of screencasting under Wayland...

Qt Moves Away From Direct RDRAND/RDSEED Usage For Better Performance & Less Bugs
The Qt toolkit is moving away from directly relying on the CPU's RDRAND and RDSEED instructions for random number generation and to instead rely on the OS-supplied entropy...

Linux 6.19 Landing Initial Display Support For Xe3P_LPD / Nova Lake
The upcoming Linux 6.19 kernel cycle is set to introduce initial Xe3P_LPD GPU support for Nova Lake as well as beginning to build out support for the Crescent Island graphics card. Now joining DRM-Next with that initial Intel Xe3P_LPD code for Linux 6.19 is being able to drive displays with that Xe3 hardware...

NVIDIA Linux Engineer Highlights The Need For Unifying DRM Driver-Side API
One of the NVIDIA presentations at the recent XDC2025 developer conference was not around the NVIDIA driver itself but the ongoing fragmentation that's happening within the Linux Direct Rendering Manager (DRM) subsystem and arguing the need for unifying more driver-side APIs for supporting different Linux DRM clinets...

GCC Developer Discovers "Our Codebase Isn9t Fully C++20 Ready"
Following the recent idea floated to consider C++20 as the default C++ language dialect by the GCC compiler rather than C++17, it was discovered that the GNU Compiler Collection itself has problems building in C++20 model...

PureAudio Lotus DAC5 & Other PureAudio Hardware Supported For Linux 6.18
As part of this week's sound subsystem fixes ahead of today's Linux 6.18-rc6 kernel release is adding some quirks for supporting the PureAudio Lotus DAC5 and other PureAudio audio hardware...

Servo 0.0.2 Released For Those Wanting To Try Out This Example Rust Web Browser
Released minutes ago was the Servo 0.0.2 web browser engine update. Along with this new Rust-based web engine release is also the "servoshell" in tow for the example implementation built around this open-source codebase...

GNOME's Nautilus File Manager Finally Supporting Ctrl+Insert & Shift+Insert
GNOME's Nautilus file manager is finally matching the behavior of other file managers like KDE's Dolphin and Xfce's Thunar with a keyboard shortcut for copying and pasting files...

Debian 13.2 Released With Dozens Of Fixes
Debian 13.2 is out today as the latest maintenance update to this current stable version of Debian GNU/Linux...

Latest Proposed Guidelines For Tool-Generated / AI Submissions To The Linux Kernel
Posted to the mailing list on Friday were the latest proposed guidelines for tool-generated contributions to the Linux kernel. The coding tools in large part being focused on AI generated content...

NVIDIA Sends Out Initial Turing GPU Support For Open-Source Nova Driver
NVIDIA engineers continue working a lot on the in-development and in-tree open-source Nova kernel driver for their GPUs. Sent out on Friday night were the Turing enablement patches for this Rust-written Nova-Core driver code...

AMD Releases Additional Zen 5 CPU Microcode For RDSEED Issue
Stemming from AMD's recently acknowledged Zen 5 issue with the RDSEED instruction and AMD releasing Zen 5 CPU microcode updates to address it, this week brought some additional microcode updates...

Servo Shell Improvements For macOS & Android, More Servo Browser Engine Progress
The Servo open-source and Rust-based web browser engine made a lot of progress during the month of October. The project has issued its monthly status report to outline all of the exciting new features made on the engine itself as well as its "servoshell" example web browser application...

Plasma 6.6 Will Avoid Running Out Of RAM When Something Crashes In A Loop
KDE Plasma 6.6 continues seeing a lot of development activity while the Plasma 6.5 series is calming down after its first few point releases. Plasma 6.6 landed many more features and improvements this week...

Mesa 25.3 Released With Many Open-Source Vulkan Driver Improvements
Mesa 25.3 is out tonight as the newest quarterly feature release to this set of (predominantly) OpenGL and Vulkan drivers widely used across Linux systems. Mesa 25.3 features numerous Vulkan extensions added to the different open-source drivers, continued enhancements to the OpenGL drivers, and various other changes...

Wine 10.19 Released With More Improvements
Ahead of the Wine 11.0 code freeze beginning in early December, Wine 10.19 is out today as the newest bi-weekly development release for running Windows games and applications on Linux...

AMD GCN 1.0/1.1 GPUs Will Default To AMDGPU Driver In Linux 6.19, SMART POWER OLED Added
Sent out today is likely the last batch of AMDGPU kernel graphics driver feature updates ahead of the Linux 6.19 merge window getting underway around the start of December. And it's an exciting one too from adding a new SMART POWER OLED feature to switching from the Radeon to AMDGPU drivers by default for aging GCN 1.0 Southern Islands and GCN 1.1 Sea Islands GPUs...

ollama 0.12.11 Brings Vulkan Acceleration
ollama 0.12.11 released this week as the newest feature update to this easy-to-run method of deploying OpenAI GPT-OSS, DeepSeek-R1, Gemma 3, and other large language models. Exciting with ollama 0.12.11 is that it's now supporting the Vulkan API...

Vulkan 1.4.333 Released With New Ray-Tracing Extension
Vulkan 1.4.333 is out with a handful of fixes plus two new extensions...

AMD GAIA 0.13 Released With New AI Coding & Docker Agents
AMD's GAIA open-source project as a reminder is their "Generrative AI Is Awesome" quick-setup solution for demonstrating generative AI use on AMD hardware platforms with Ryzen CPUs, Radeon GPUs, and/or Ryzen AI NPUs. GAIA is predominantly Microsoft Windows focused but recently they did introduce limited support for Linux that is currently bound to Vulkan-accelerated GPU support. Out today is AMD GAIA 0.13 as another step forward for this AI demonstrator...

Nouveau Driver To Support Larger Pages & Compression Support With Linux 6.19
While the "Nova" driver continues to be developed as a modern Rust-written, open-source and in-kernel NVIDIA graphics driver for Linux, for the time being Nouveau is what's working for end-users for those wanting a mainline open-source NVIDIA graphics driver for gaming and other workloads. With Linux 6.19 the Nouveau driver is picking up support for handling larger pages as well as compression support...

Intel Submits Last Batch Of Xe Driver Feature Updates For Linux 6.19
Intel today sent out their last batch of planned feature patches for their Xe kernel graphics driver of material intended for Linux 6.19...

GNU C Library Adds Linux "mseal" Function For Memory Sealing
Introduced last year in the Linux 6.10 kernel was the mseal system call for memory sealing to protect the memory mapping against modifications to seal non-writable memory segments or better protecting sensitive data structures. The GNU C Library has finally introduced its mseal function making use of this modern Linux kernel functionality...

Mainline Linux Patches For The VisionFive 2 Lite: RISC-V For As Little As $19.9 USD
Following the mainline Linux kernel support for the VisionFive 2 RISC-V single board computer from StarFive, Linux kernel patches are on the way for their new VisionFive 2 Lite low-cost offering. With the StarFive VisionFive 2 Lite this RISC-V board can be procured for as little as $19.9 USD as one of the cheapest yet fairly capable RISC-V SBCs...

The Headaches Supporting Content Protection With Linux GPU Drivers
Intel driver engineer Suraj Kandpal presented at the recent X.Org Developer's Conference (XDC2025) on the challenges around supporting content protection on Linux such as for High-bandwidth Digital Content Protection (HDCP) and Protected Audio Video Path (PAVP)...

Fedora 44 Looking At Replacing FBCON With KMSCON As Default VT Console
Fedora 44 is looking at replacing the Linux kernel's console "FBCON" with the user-space-based KMSCON implementation. Eventually the hope remains to deprecate the FBCON/FBDEV code within the Linux kernel...

GCC Compiler Developers Begin Considering C++20 Default
Compiler engineer Marek Polacek of Red Hat recently proposed making the C++20 language specification (or rather the GNU++20 dialect) the default C++ version when not otherwise specified...

EROFS File-System Continues Attracting More Industry Players
The EROFS read-only file-system started by Huawei and now maintained by a growing number of contributors continues attracting even more interest. EROFS has exhibited much potential for mobile devices as well as container use-cases while proving itself to be quite robust since its mainlining back in 2019...

Proton 10.0-3 Released For Steam Play With Dozens Of Fixes, More Games Working
Valve and CodeWeavers today released Proton 10.0-3 as the newest stable update to this Wine-based software that powers Steam Play for enabling countless Windows games to run often extremely well under Linux...

New Patch Moves AMD GCN 1.0 GPUs Over To AMDGPU Driver By Default
Following the recent patch proposal for moving AMD GCN 1.1 generation GPUs over to the AMDGPU Linux driver by default in place of the legacy Radeon driver, a similar patch has now been proposed for the GCN 1.0 graphics processors. AMD GCN 1.0/1.1 GPUs are at parity with the AMDGPU driver to the Radeon driver while needing this newer kernel driver for enjoying RADV Vulkan support, better performance, and overall a better experience...

The Incredible Evolution Of AMD EPYC HPC Performance Shown In The Azure Cloud
Last week the Microsoft Azure HBv5 instances reached general availability as powered by the custom EPYC 9V64H CPUs with HBM3 memory. These very interesting EPYC processors for memory bandwidth intensive workloads were announced last year while have finally reached GA with jaw-dropping results for software able to take advantage of the 6.7 TB/s memory bandwidth thanks to the HBM memory. The Azure HBv5 benchmarks last week showed how they compare to prior generation HBv4 instances while this article is taking things further and putting the performance into perspective against the older HBv2 and HBv3 instances.

Framework Laptop 16 Upgrade To AMD Ryzen AI 300 Series Benchmarks
Framework Computer announced back in August that the Framework Laptop 16 would be rolling out upgrades to the AMD Ryzen AI 300 series and a GeForce RTX 5070 graphics option. Today the review embargo lifts on these new Framework 16 laptop upgrades and some Linux benchmarking of the new hardware.

Living my best Sun Microsystems ecosystem life in 2025
In my lifetime, theres been one ecosystem I deeply regret having missed out on: the Sun Microsystems ecosystem of the late 2000s. At that time, the company offered a variety of products that, when used together, formed a comprehensive ecosystem that was a fascinating, albeit expensive alternative to Microsoft and Apple. While not really intended for home use, Ive always believed that Suns approach to computing wouldve made for an excellent computing environment in the home. Since I was but a wee university student in the late 2000s living in a small apartment, I did not have the financial means nor the space to really test this hypothesis. Now, though, Suns products from that era are decidedly retro, and a lot more approachable especially if you have incredibly generous readers. So sit down and buckle up, because weve got a long one today. If you wish to support OSNews and longform content like this, consider becoming a Patreon or donating to our Ko-Fi. Note that absolutely zero generative AI! was used in the writing of this article. No AI! writing aids, no AI! summaries, no ChatGPT, no Gemini search nonsense, nothing. I take pride in doing research and writing properly, without the aid! of digital parrots with brain damage, and if theres any errors, theyre mine and mine alone. Take pride in your work and reject AI!. The Ultra 45: the central hub In the early 2000s, it had already become obvious that the future of workstations lied not with custom architectures, bespoke processors, and commercial UNIX variants, but with standard x86, off-the-shelf Intel and AMD processors, and Windows and Linux. The writing was on the wall, everyone knew it, and the ensuing consolidation on x86 turned into a veritable bloodbath. In the 80s and 90s, many of these ISAs were touted as vastly superior x86 killers, but fast-forward a decade or two, and x86 had bested them all in both price and performance, leaving behind a trail of dead ISAs. Never bet against x86. Virtually none of the commercial UNIX variants survived the one-two punch of losing the ISA they were married to and the rising popularity of Linux in the workstation space. HP-UX was tied to HPs PA-RISC, and both died. SGIs IRIX was tied to MIPS, and both died. Tru64 was tied to Alpha, and both died. The two exceptions are IBMs AIX and Suns Solaris. AIX workstations were phased out, but AIX is still nominally in development for POWER servers, but wholly inaccessible to anyone who doesnt wear a suit and has a massive corporate spending budget. Solaris, meanwhile, which had long been available on x86, saw its own! ISA SPARC live on in the server space until roughly 2017 or so, and was even briefly available as open source until Oracle did its thing. As a result, Solaris and its derivative Illumos are still nominally in active development, but in the grand scheme of things theyre barely even a blip on the radar in 2025. Never bet against Linux. During these tumultuous times, the various commercial UNIX vendors all pushed out systems that would become the final hurrahs of their respective UNIX workstation lines. DEC, then owned by HP, released its AlphaStation ES47 in 2003, marking the end of the road for Alpha and Tru64 UNIX. HPs own PA-RISC architecture and HP-UX met their end with the HP c8000 (which I own), an all-out PA-RISC monster with two dual-core processors running at 1.1GHz. SGI gave its MIPS line of machines running IRIX a massive send-off with the enigmatic and rare Tezro in 2003. In 2005, IBM tried one last time with the IntelliStation POWER 285, followed a few months later by the heavily cut-down 185, the final AIX workstation. And Sun unveiled the Ultra 45, its final SPARC workstation, in 2006. Sun was already in the middle of its transition to x86 with machines like the Sun Java Desktop System and its successors, the Ultra 20 and 40, and then surprised everyone by reviving their UltraSPARC workstation line with the Ultra 25 and 45, which shared most all? of their enclosures with their x86 brethren. They were beautiful, all-aluminium machines with gorgeous interior layouts, and a striking full-grill front, somewhat inspired by the PowerMac G5 of that era. And ever since the Ultra 45 was rumoured in late 2005 and then became available in early 2006, Ive been utterly obsessed with it. Its taken almost two decades, but thanks to an unfathomably generous donation from KDE e.V. board member and FreeBSD contributor Adriaan de Groot, a very unique and storied Sun Ultra 45 and a whole slew of accessories showed up at my doorstep only a few weeks ago. Lets look back upon this piece of history that is but a footnote to most, but a whole book to me and experience Suns ecosystem from around 2006, today. First and foremost, I want to express my deep gratitude to Adriaan de Groot. Without him, none of this would have been possible, and I cant put into words how grateful I am. He donated this Ultra 45 to me at no cost not even the cost of shipping and he also shipped another box to me containing a few Sun Ray thin clients, completing the late 2000s Sun ecosystem I now own. Since the Ultra 45 was technically owned by KDE e.V. more on that below Id also like to thank the KDE e.V. Board for giving Adriaan permission for the donation. Id also like to thank Volker A. Brandt, who sent me a Sun Ray 3, a few Ultra 45 hard drive brackets, and some other Sun goodies. The Sun Ultra 45 De Groot sent me was a base model with an upgraded GPU. It had a single UltraSPARC IIIi 1.6Ghz processor, 1GB of RAM, and the most powerful GPU Sun ever released for its SPARC workstation line, the Sun XVR-2500, a rebadged 3Dlabs Wildcat Realizm with

Using Rust in Android speeds up development considerably
Google has been using Rust in Android more and more for its memory safety characteristics, and the results on that front were quite positive. It turns out, however, that not only does using Rust reduce the number memory safety issues, its also apparently a lot faster to code in Rust than C or C++. We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rusts impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one. ↫ Jeff Vander Stoep at the Google Security Blog When you think about it, it actually makes sense. If you have fewer errors of a certain type, youll spend less time fixing those issues, time which you can then spend developing new code. Of course, its not that simple and theres a ton more factors to consider, but on a base level, it definitely makes sense. Spellcheck in word processors means you have to spend less time detecting and fixing spelling errors, so you have more time to spend on actually writing. Im sure well all be very civil about this, and nobody will be weird about Rust at all.

Haiku gets new guarded heap for the kernel
Another month, another Haiku activity report, and this time weve got a major change under the hood: a brand new guarded heap. The old guarded heap was suboptimal and had started to lag behind, so the new one attempts to rectify some of these shortcomings. So, to rectify these limitations, I rewrote the kernel guarded heap more or less from scratch, taking the old code into account where it made sense but otherwise creating entirely new bookkeeping structures, interacting directly with the page table and virtual memory systems, and more. This new guarded heap implementation frees physical pages when not in use, meaning that the “virtual memory reuse disabled” mode now runs for quite long periods of time (indeed, I could successfully boot to the desktop and run compile jobs.) It also prints more diagnostics when kernel panics due to memory faults inside the heap happen, which the old kernel guarded heap didn’t (but the userland one has always done). ↫ Haikus activity report for October The new guarded heap is optional for now, but Haiku is planning on releasing some pre-built test builds so users can start testing it out. Of course, this isnt the only change or improvement from this past month the list of changes is long, but theres no real tentpole features here. Haikus development pace is still very much on track.

Google cancels plans to require Android application certification outside of the Play Store
Only a few months ago, Google announced it was going to require that all Android applications even those installed outside of the Play Store had to be verified. This led to a massive backlash, and it seems our protests and complaints have had effect: the company announced a change in plans today, and will, in fact, not require certification for installing applications outside of the Play Store. Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isnt verified. We are designing this flow specifically to resist coercion, ensuring that users arent tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months. ↫ Matthew Forsythe Director at the Android Developers Blog While this is great news, Im still concerned this is only temporary. Companies like Google have a tendency to announce some draconian measure to test the waters, walk it back in response to backlash, only to then reintroduce it through some sneaky backdoor a year later when nobodys looking. Installing whatever we want on the devices we own should be a protected right, not something graciously afforded to us by our corporate overlords. If you think this is the end of this story, youre a fool.

Big news for small OpenBSD /usr partitions
Ever ran into issues using sysupgrade on OpenBSD because /usr ran out of space? OpenBSD developers are trying to address this issue. Firstly, Stuart Henderson (sthen@) modified the installer to increase free space prior to installing. Theo de Raadt (deraadt@) modified sysupgrade(8) so that, if space is too tight, it will fail gracefully rather than risk leaving the administrator with a broken system. ↫ OpenBSD Journal These are very welcome additions.

Valve brings x86 gaming to ARM Linux with FEX
Valve announced a few new devices yesterday. Theres a new Steam console, which is essentially just a tiny PC with SteamOS installed think of it as a Steam Deck without a display. Second, Valve finally released a new Steam Controller to go with the Steam console, which has taken them long enough. Lastly, theres a brand new Steam VR headset, the Steam Frame. Other websites with actual access to these new devices will do a better job of covering them than I ever could, but I do want to highlight something crucially important about the Steam Frame: it contains a Snapdragon ARM processor, but can still run Steam and all of its games. How does this work? Well, after developing Proton to allow Windows games to run on Linux, Valve introduced! FEX, which will allow you to run x86 Windows games on ARM Linux. I put the quotation marks there because FEX was an existing project Valve invested heavily into in recent times, and its now at the point where Valve seems confident enough it will be capable of running enough x86 games on ARM Linux. As such, the Steam Frame runs full SteamOS with KDE Plasma, you can run x86 Steam games, and as an additional bonus, you can install Android APKs as well. Ive yet to even try VR, because Im not particularly interested in buying into any locked-down platform. The Steam Frame may be the first VR device Ill buy depending on price, of course and the Steam console definitely looks like a great addition to the living room, too. My wife and I have little to no interesting in buying an Xbox or PS5, but having easy, no-hassle access to our massive Steam libraries on our TV will be awesome.

VMS/XDE: an OpenVMS x86 development environment for Linux and Windows/WSL
VMS/XDE is an OpenVMS x86 development environment for Linux and WIndows (via WSL). It provides a familiar user experience for OpenVMS developers working in Linux and Windows yet offers 100% binary and file system compatilibilty with OpenVMS. VMS/XDE includes OpenVMS V9.2-3 user, supervisor and executive mode operating system environments and a set of x86 native compilers and layered products geared towards OpenVMS software development and testing. ↫ VMS/XDE website VMS/XDE is a beta version, and comes with the usual annoying OpenVMS x86 time bombs, this time exploding on 3 January 2026. If you intend to use the finalised commercial version after the beta period ends, youll have to employ the same licenses as regular OpenVMS. Its a bit of a mess, but thats the OpenVMS way, sadly and I dont blame them, either, as Im sure theyre hamstrung by a ton of agreements and restrictions imposed upon them by HP. Regardless, VMS/XDE brings a zero setup OpenVMS environment to the operating system youre already using, making it easier to develop and cross-compile for the platform. I still have absolutely no clue just how many people OpenVMS is still relevant for, but I absolutely adore the fact VMS Software Inc. is working on this. In a world where so many of its former competitors are being held hostage by corporate indifference, its refreshing to see VMS still moving forward.

Plasma Mobile 6.5 keeps improving
As part of the KDE Plasma 6.5 release, we also got a new release of Plasma Mobile. As theres a lot of changes, improvements, and new features in Plasma Mobile 6.5, the Plasma Mobile Team published a blog post to highlight them all. The biggest improvement is probably the further integration of Waydroid, a necessary evil to run Android applications until the Plasma Mobile ecosystem manages to become a bit more well-rounded. Waydroid can now be managed straight from the settings application and the quick settings dropdown. Furthermore, the lockscreen has been improved considerably, theres been a ton of polish for the home screen and the user interface in general, the quick settings panel can now be customised to make it fit better on different form factors, the first early test version of the new Plasma mobile keyboard is included, and so much more. This is definitely a release I would want to try out, but since I dont have any of the supported devices, Im a bit stuck. This is, of course, one of the two major problems facing proper mobile Linux: the lack of device support. Its improving due to the tireless work of countless volunteers, but theyre always going to be swimming upstream. The other major problem is, of course, application availability, but at least Waydroid can bridge the gap for the adventurous among us.

Tribblix m38 released
Tribblix, the Illumos distribution focused on giving you a classic UNIX-style experience, has released a new version. Milestone 38 isnt the most consequential release of all time, but it does bring a few small changes accompanied by the usual long list of updated open source packages. The zap install command now installs dependencies by default, while zap create-user will now restrict new home directories to mode 0700 by default. Meanwhile, int16h at Cryogenix published an article about using a Bhyve VM running FreeBSD to act as a Wi-Fi bridge for laptops with 802.11xx chips that Tribblix doesnt support. This is a great, albeit somewhat convoluted option if your hardware uses any Wi-Fi chips Tribblix doesnt support. Theres honestly a solution for everything, isnt there?

Setting up a combined 68k/PA-RISC HP-UX 9 cluster
Jonathan Pallant got lucky and managed to score a massive haul of 90s UNIX workstations, one of which was an HP 9000 Model 340, a HP-UX workstation built around a Motorola 68030 processor at 16.7 MHz. It doesnt come with a hard drive or even a floppy controller, though, so he decided to borrow a PA-RISC-based HP 9000 Model 705 to set up an HP-UX 9 cluster. But wait, how does that work, when were dealing with two entirely different architectures? Whats more fun though, is putting it into a cluster with the Model 705 and network booting it. Yes, that a 68030 machine network booting from a PA-RISC machine 0 and`sharing the same root filesystem. But arent PA-RISC binaries and 68K binaries quite different? Oh yes, they really are. So, how does that work? ↫ Jonathan Pallant HP-UX is far more interesting and fascinating than a lot of people give it credit for, and while my interest lies with HP-UX 11i, I find what Pallant is doing here with HP-UX 9 just as fascinating. You first need to install HP-UX 9 for PA-RISC on the 700 series machine, convert it to a cluster server, and then install HP-UX 9 for 68k on top of that PA-RISC installation. After this is done, you effectively end up with a single root file system that contains both PA-RISC and 68k binaries, and you can network boot the 68k-based Model 340 right from it using the same root filesystem on both machines. Absolutely wild. No, these are not universal binaries or some other trick you might know of from more modern system. In fact, installing the 68k version of HP-UX 9 into! the PA-RISC HP-UX 9 cluster server, you end up with something called a Context Dependent Filesystem. To get a better idea of what this means and how this works, you should really head on over to Pallants excellent article for all the details.

Ironclad 0.7.0 and 0.8.0 released, adds RISC-V support
Weve talked about Ironclad a few times, but theres been two new releases since the 0.6.0 release we covered last, so lets see what the projects been up to. As a refresher, Ironclad is a formally verified, hard real-time capable kernel written in SPARK and Ada. Versions 0.7.0 and 0.8.0 improved support for block device caching, added a basic NVMe driver, added support for x86’s SMAP, switched from KVM to NVMM for Ironclad’s virtualization interface, and much, much more. In the meantime, Ironclad also added support for RISC-V, making it usable on any 64 bit RISC-V target that supports a Limine-protocol compatible bootloader. The easiest way to try out Ironclad is to download Gloire, a distribution that uses Ironclad and the GNU tools. It can be installed in both a virtual machine and on real hardware.

Mac OS 7.6 and 8 for CHRP releases discovered
For those of us unaware unlikely on OSNews, but still for a hot minute in the second half of the 90s, Apple licensed its Mac OS to OEMs, resulting in officially sanctioned Mac clones from a variety of companies. While intended to grow the Macs market share, what ended up happening instead is that the clone makers outcompeted Apple on performance, price, and features, with clones offering several features and capabilities before Apple did for far lower prices. When Steve Jobs returned to Apple, he killed the clone program almost instantly. The rather abrupt end of the clone program means theres a number of variants of the Mac OS that never made their way into the market, most notable variants intended for the Common Reference Hardware Platform, or CHRP, a standard defined by IBM and Apple for PowerPC-based PCs. Thanks to the popular classic Mac YouTuber Mac84, we now have a few of these releases out in the wild. These CDs contain release candidates for Mac OS 7.6 and Mac OS 8 for CHRP (Common Hardware Reference Platform) systems. They were created to support CHRP computers, but were never released, likely due to Steve Jobs returning to Apple in September 1997 and eliminating the Mac Clone program and any CHRP efforts. ↫ Mac OS 7.6/8 CHRP releases page Mac84 has an accompanying video diving into more detail about these individual releases by booting and running them in an emulator, so we can get a better idea of what they contain. While most clone makers only got access to Mac OS 7.x, some of them did, in fact, gain access to Mac OS 8, namely UMAX and Power Computing (the latter of which was acquired by Apple). Its not the clone nature of these releases that make them special, but the fact theyre CHRP releases is. This reference platform was a failure in the market, and only a few of IBMs own machines and some of Motorolas PowerStack machines properly supported it. Apple, meanwhile, only aid minor lip service to CHRP in its New World Power Macintosch machines.

FreeBSD now builds reproducibly and without root privilege
The FreeBSD Foundation is pleased to announce that it has completed work to build FreeBSD without requiring root privilege. We have implemented support for all source release builds to use no-root infrastructure, eliminating the need for root privileges across the FreeBSD release pipeline. This work was completed as part of the`program commissioned by the Sovereign Tech Agency. ↫ FreeBSD Foundation blog This is great news in and of itself, but theres more: FreeBSD has also improved build reproducability. This means that given the same source input, you should end up with the same binary output, which is an important part of building a verifiable chain of trust. These two improvements combined further add to making FreeBSD a trustworthy, secure option something it already is anyway. In case you havent noticed, the FreeBSD project and its countless contributors are making a ton of tangible progress lately on a wide variety of topics, from improving desktop use, to solidifying Wi-Fi support, to improving the chain of trust. I think the time is quite right for FreeBSD to make some inroads in the desktop UNIX-y space, especially for people to whom desktop Linux has strayed too far from the traditional UNIX philosphy (whatever that means).

LXQt 2.3.0 released
LXQt, the other Qt desktop environment, released version 2.3.0. This new version comes roughly six months after 2.2.0, and continues the projects adoption of Wayland. The enhancement of Wayland support has been continued, especially in LXQt Panel, whose Desktop Switcher is now enabled for Labwc, Niri, …. It is also equipped with a backend specifically for Wayfire. In addition, the Custom Command plugin is made more flexible, regardless of Wayland and X11. ↫ LXQt 2.3.0 release announcement The screenshot utility has been improved as well, and lxqt-qdbus has been added to lxqt-wayland-session to make qdbus commands easier to use with all kinds of Wayland compositors.

WINE gaming in FreeBSD Jails with Bastille
FreeBSD offers a whole bunch of technologies and tools to make gaming on the platform a lot more capable than youd think, and this article by Pertho dives into the details. Running all your games inside a FreeBSD Jail with Wine installed into it is pretty neat. Initially, I thought this was going to be a pretty difficult and require a lot of trial and error but I was surprised at how easy it was to get this all working. I was really happy to get some of my favorite games working in a FreeBSD Jail, and having ZFS snapshots around was a great way to test things in case I needed to backtrack. ↫ Pertho at their blog No, this isnt as easy as gaming on Linux has become, and it certainly requires a ton more work and knowledge than just installing a major Linux distribution and Steam, but for those of us who prefer a more traditional UNIX-like experience, this is a great option.

Tape containing UNIX v4 found
A unique and very important find at the University of Utah: while cleaning out some storage rooms, the staff at the university discovered a tape containing a copy of UNIX v4 from Bell Labs. At this time, no complete copies are known to exist, and as such, this could be a crucial find for the archaeology of early UNIX. The tape in question will be sent to the Computer History Museum for further handling, where bitsavers.org will conduct the recovery process. I have the equipment. It is a 3M tape so it will probably be fine. It will be digitized on my analog recovery set up and Ill use Len Shusteks readtape program to recover the data. The only issue right now is my workflow isnt a while you wait! thing, so I need to pull all the pieces into one physical location and test everything before I tell Penny its OK to come out. ↫ bitsavers.org Its amazing how we still manage to find such treasures in nooks and crannies all over the world, and with everything looking good so far, it seems well soon be able to fill in more of UNIX early history.

EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.

Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.

Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.

However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.

Source: It's FOSS
European Union

Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight

Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight

Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.

In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.

On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.

Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.

The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.

Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.

You can download the latest kernel here.
Linus Torvalds kernel

AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.

This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.

Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.

Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.

Source: 9to5Linux
AerynOS

Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.

Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.

Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM

New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux

Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.

Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.

Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.

Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.

Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.

Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.

By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows

Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities

The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.

As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.

In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.

After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.

The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.

At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.

The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security

Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges

The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.

A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.

This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.

The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.

On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.

In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel

Linux Celebrates 32 Years with the Release of 6.6-rc2 Version

Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.

The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.

Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds

Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction

Want to interact with ChatGPT from your Linux desktop without using a web browser?

Bavarder, a new app, allows you to do just that.

Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.

With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.

During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.

At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.

As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!

Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI

LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite

Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.

Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.

LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.

You can download LibreOffice 7.5.3 directly from the LibreOffice website��or from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.

All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.

In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.

Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.

The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice

Another Linux Malware Discovered
Russian hackers use Hyper-V to hide malware within Linux virtual machines.

TUXEDO Computers Announces a New InfinityBook
TUXEDO Computers is at it again with a new InfinityBook that will meet your professional and gaming needs.

SUSE Dives into the Agentic AI Pool
SUSE becomes the first open source company to adopt agentic AI with SUSE Enterprise Linux 16.

Linux Now Runs Most Windows Games
The latest data shows that nearly 90 percent of Windows games can be played on Linux.

Fedora 43 Has Finally Landed
The Fedora Linux developers have announced their latest release, Fedora 43.

KDE Unleashes Plasma 6.5
The Plasma 6.5 desktop environment is now available with new features, improvements, and the usual bug fixes.

Xubuntu Site Possibly Hacked
It appears that the Xubuntu site was hacked and briefly served up a malicious ZIP file from its download page.

LMDE 7 Now Available
Linux Mint Debian Edition, version 7, has been officially released and is based on upstream Debian.

Linux Kernel 6.16 Reaches EOL
Linux kernel 6.16 has reached its end of life, which means you'll need to upgrade to the next stable release, Linux kernel 6.17.

Amazon Ditches Android for a Linux-Based OS
Amazon has migrated from Android to the Linux-based Vega OS for its Fire TV.

Cairo Dock 3.6 Now Available for More Compositors
If you're a fan of third-party desktop docks, then the latest release of Cairo Dock with Wayland support is for you.

System76 Unleashes Pop!_OS 24.04 Beta
System76's first beta of Pop!_OS 24.04 is an impressive feat.

Linux Kernel 6.17 is Available
Linus Torvalds has announced that the latest kernel has been released with plenty of core improvements and even more hardware support.

Kali Linux 2025.3 Released with New Hacking Tools
If you're a Kali Linux fan, you'll be glad to know that the third release of this famous pen-testing distribution is now available with updates for key components.

Zorin OS 18 Beta Available for Testing
The latest release from the team behind Zorin OS is ready for public testing, and it includes plenty of improvements to make it more powerful, user-friendly, and productive.

Fedora Linux 43 Beta Now Available for Testing
Fedora Linux 43 Beta ships with Gnome 49 and KDE Plasma 6.4 (and other goodies).

USB4 Maintainer Leaves Intel
Michael Jamet, one of the primary maintainers of USB4 and Thunderbolt drivers, has left Intel, leaving a gaping hole for the Linux community to deal with.

Budgie 10.9.3 Now Available
The latest version of this elegant and configurable Linux desktop aligns with changes in Gnome 49.

KDE Linux Alpha Available for Daring Users
It's official, KDE Linux has arrived, but it's not quite ready for prime time.

AMD Initiates Graphics Driver Updates for Linux Kernel 6.18
This new AMD update focuses on power management, display handling, and hardware support for Radeon GPUs.