All the News that Matters

• Oracle Linux 8 Thunderbird Significant Security Notice ELSA-2026-22643
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 9 Kernel Significant Security Update ELSA-2026-50293
  The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 8 PHP Essential Update ELSA-2026-22305 Release Notice
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• Important Security Advisory ELSA-2026-50299 for Oracle Linux 7 Kernel
  The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

• Oracle ELSA-2026-50293 Kernel Important Security Advisory Update
  The following updated rpms for have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 9 Kernel Important Security Advisory ELSA-2026-50294
  The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 8 ELSA-2026-50294 Important Kernel Security Update
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 8 ELSA-2026-50299 Kernel Important DoS Issues
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• Oracle Linux 8 ELSA-2026-22721 expat Important Buffer Overflow
  The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

• openSUSE Multi-Linux Manager Moderate Update 2026-2265-1 Fixes 14 Issues
  An update that solves 14 vulnerabilities and contains one feature can now be installed.

• SUSE 2026-2267-1 Golang Prometheus Critical Security Patch Released
  An update that solves five vulnerabilities and contains two features can now be installed.

• SUSE Important Security Update 5.0.8 Multiple Fixes Denial of Service
  An update that solves three vulnerabilities and has 12 fixes can now be installed.

• Mageia 9 lxc CVE-2026-39402 Important Insufficient Validation 2026-0172
  Security update

• Mageia 9 ceph Security Advisory Bug Fix for MGAA-2026-0032 Review
  Security update

• Fedora 44 Xwayland Critical Update Security Fixes ZDI-CAN-30136 to 30168
  Update to xwayland 24.1.12, security fixes for ZDI-CAN-30136, ZDI-CAN-30159, ZDI-CAN-30160, ZDI-CAN-30161, ZDI-CAN-30163, ZDI-CAN-30164, ZDI-CAN-30165, ZDI-CAN-30168

• Fedora 44 PIE Vulnerability in Sudo Might Allow Code Execution Risks
  Version 1.4.5 This release contains vulnerability fixes for the following security advisories: GHSA-h842-vjwg-pxxx - Sudo-elevated arbitrary file deletion via extra.pie- installed-binary metadata in UninstallUsingUnlink GHSA-pm6p-666q-hvj5 - Sudo-elevated root code execution via TOCTOU between self-

• Fedora 43 pie 1.4.5 Important Sudo Code Execution Threats
  Version 1.4.5 This release contains vulnerability fixes for the following security advisories: GHSA-h842-vjwg-pxxx - Sudo-elevated arbitrary file deletion via extra.pie- installed-binary metadata in UninstallUsingUnlink GHSA-pm6p-666q-hvj5 - Sudo-elevated root code execution via TOCTOU between self-

• Fedora 43 Roundcube Webmail Important XSS SQL Issues 2026-07ee097ffe
  Release 1.6.16 Fix potential too long value in IMAP ID command (#10136) Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog Security: Fix CSS injection bypass in HTML sanitizer via SVG

• Fedora 43 libsoup3 Critical Information Disclosure CVE-2026-5119
  Patch for CVE-2026-5119

• Slackware 15.0 tigervnc Critical Buffer Overflow Vuln 2026-154-05
  New tigervnc packages are available for Slackware 15.0 and -current to fix security issues.

• Slackware 15.0 xorg-server Critical Buffer Overflow Issues Fix 2026-154-04
  New xorg-server packages are available for Slackware 15.0 and -current to fix security issues.

• Slackware advises on ProFTPD - SSA-2026-154-03 SQL Vulnerability issue
  New proftpd packages are available for Slackware 15.0 and -current to fix a security issue.

• Slackware 15.0 httpd Important DoS Fix for CVE-2026-49975 2026-154-01
  New httpd packages are available for Slackware 15.0 and -current to fix a security issue.

• Slackware 15.0 Net-tools Urgent Buffer Overflow Resolution 2026-154-02
  New net-tools packages are available for Slackware 15.0 and -current to fix a security issue.

• Ubuntu Exim Security Advisory 8382-1 CVE-2023-51766 CVE-2026-40685
  Several security issues were fixed in Exim.

• Debian Ceph Critical Privilege Escalation DoS Info Disclosure DSA-6321-1
  Multiple vulnerabilities were discovered in Ceph, a distributed storage and file system, which may result in privilege escalation, denial of service or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 16.2.15+ds-0+deb12u2.

• SUSE Multi-Linux Manager Significant Security Update 2026-2242-1
  An update that solves three vulnerabilities, contains one feature and has six security fixes can now be installed.

• SUSE Linux 12 Multi-Linux Manager Vital DoS Security Patch 2026-2241-1
  An update that solves one vulnerability, contains one feature and has seven security fixes can now be installed.

• SUSE Multi-Linux Manager Important Denial of Service SUSE-SU-202604-15329-1
  An update that solves three vulnerabilities, contains one feature and has six security fixes can now be installed.

• SUSE Multi-Linux Manager Client Tools Important Security Update 2026-2243-1
  An update that solves 17 vulnerabilities, contains two features and has eight security fixes can now be installed.

• openSUSE Multi-Linux Manager Important Denial of Service Patch 2026-2244-1
  An update that solves three vulnerabilities, contains one feature and has six security fixes can now be installed.

• SUSE Multi-Linux Manager Important Salt Bundle Update CVE-2026-27448 DoS
  An update that solves three vulnerabilities, contains one feature and has six security fixes can now be installed.

• SUSE Multi-Linux Manager Severe Buffer Overflow and DoS CVE-202604-15331-1
  An update that solves three vulnerabilities, contains one feature and has six security fixes can now be installed.

• openSUSE Salt Important DoS Fix Advisory SUSE-2026-2252-1
  An update that solves one vulnerability, contains one feature and has five security fixes can now be installed.

• SUSE Multi Linux Manager Security Update for Denial of Service 2026-2254-1
  An update that solves three vulnerabilities, contains five features and has seven security fixes can now be installed.

• SUSE Multi-Linux Manager Salt Bundle Significant Update 2026-2255-1
  An update that solves three vulnerabilities, contains one feature and has six security fixes can now be installed.

• openSUSE Salt Important DoS Vulnerability Update 2026-2256-1
  An update that solves one vulnerability, contains one feature and has five security fixes can now be installed.

• SUSE Salt Important DoS Security Update 2026-2257-1 CVE-2026-31958
  An update that solves one vulnerability, contains one feature and has five security fixes can now be installed.

• SUSE Grafana Medium Code Execution Denial of Service Fix 2026-2258-1
  An update that solves 12 vulnerabilities and contains one feature can now be installed.

• SUSE Python3-PyOpenSSL Moderate Input Handling Threat SUSE-SU-2026-2259-1
  An update that solves one vulnerability can now be installed.

• OpenSUSE Leap 12 SP5 reports a moderate threat in python-pyOpenSSL
  An update that solves one vulnerability can now be installed.

• openSUSE python-pyOpenSSL Moderate Security Update 2026-2261-1
  An update that solves one vulnerability can now be installed.

• openSUSE Salt Important Denial of Service Vuln 2026-2252-1
  An update that solves one vulnerability, contains one feature and has five security fixes can now be installed.

• openSUSE Salt Important Denial of Service Fix 2026-2256-1
  An update that solves one vulnerability, contains one feature and has five security fixes can now be installed.

• openSUSE python3-pyOpenSSL Input Processing Vulnerability 2026-2259-1
  An update that solves one vulnerability can now be installed.

• openSUSE python-pyOpenSSL Moderate Security Update CVE-2026-40475
  An update that solves one vulnerability can now be installed.

• SUSE Kernel Significant Security Update 2026-2238-1 Released Today
  An update that solves 203 vulnerabilities, contains six features and has 41 security fixes can now be installed.

• SUSE Linux Micro Critical libsoup UAF Vulnerability CVE-2026-21951-1
  An update that solves one vulnerability can now be installed.

• SUSE Linux Micro 6.2 Helm Important Security Update 2026-21952-1
  An update that solves two vulnerabilities and contains one feature can now be installed.

• SUSE Linux Kernel RT Important Security Fix CVE-2025-54518 2026-21953-1
  An update that solves five vulnerabilities can now be installed.

• Tails 7.8.1 Is Out as an Emergency Release to Fix Serious Security Vulnerabilities
  Tails 7.8.1 has been released as the latest version of this Debian-based distribution designed to protect you against surveillance and censorship by leveraging the Tor anonymous network.

• AMD's GAIA Finally Has A Nice Multi-Device Experience For AI
  AMD's GAIA open-source project geared for building AI agents that run locally on your PC is out with a significant new feature release for Windows and Linux systems...

• Blender 5.2 LTS Promises New Fill Tool and Thin Wall Mode, Beta Out Now
  The Blender Foundation released today the beta version of the upcoming Blender 5.2 LTS series of this open-source, free, and cross-platform 3D computer graphics software suite.

• Arch Linux 2026 Leadership Election Keeps Polyak in Charge
  Levente “anthraxx” Polyak has been re-elected as Arch Linux Project Lead for another two-year term after the 2026 leadership election.

• Steam Survey For May 2026 After Delay: Linux Just Under 4%
  Back in March Steam on Linux skyrocketed to 5.33% with more than double the Steam gaming marketshare of macOS. Then for April Steam on Linux pulled back to a still-great 4.52%, well above the times when Steam on Linux was at 2% or less for many years. Now the May 2026 figures have been published overnight by Valve...

• Aleksandra Fedorova on Community, Flock, and the Human Side of Fedora
  Flock to Fedora is more than a conference — it’s where the Fedora community comes alive. As part of the #In the CommitHistory campaign, we sat down with confirmed Flock 2026 speakers to hear their stories: what brought them to Fedora, what Flock means to them personally, and what they’re hoping for in Prague this […]

• Rsync 3.4.3 Regressions Trigger Debate Over AI-Assisted Code
  Rsync 3.4.3 is under scrutiny after backup regressions surfaced alongside wider debate over recent AI-assisted development work.

• COSMIC Desktop 1.0.15 Fixes Gaming, Tray Icons, and Bluetooth Issues
  COSMIC Desktop 1.0.15 brings fixes for tray icons, Bluetooth status, Steam Big Picture Mode, gaming cursor behavior, and more.

• COSMIC 1.0.15 Adds Support for Multiple Full-Screen Windows per Workspace
  Linux hardware vendor System76 released COSMIC 1.0.15 today as the latest stable update to this Rust-based desktop environment used by default on the Pop!_OS Linux distribution.

• Ubuntu To Ship Newer AMD ROCm Updates Via SRUs
  As noted back in April, with Ubuntu 26.04 LTS it's now possible to simply "apt install rocm" on Ubuntu Linux for installing AMD's open-source GPU compute stack. But as prominently noted there, what's shipped right now in Ubuntu 26.04 LTS is already months out of date compared to upstream ROCm. Fortunately, Canonical shared today that moving forward they plan to ship newer ROCm versions as stable release updates (SRUs)...

• Clonezilla Live 3.3.2 Released with Linux Kernel 7.0, Improved MDRAID Support
  Clonezilla Live maintainer Steven Shiau released today Clonezilla Live 3.3.2 as the latest stable version of this partition and disk imaging/cloning live Linux system based on Debian GNU/Linux.

• AMD EPYC 8635P "Sorano" Benchmarks: Significant Upgrade Opportunity For EPYC 8004 Servers
  After announcing the AMD EPYC 8005 "Sorano" series back in February, AMD recently began shipping these Zen 5 successors to the EPYC 8004 "Siena" line-up. With the EPYC 8005 product stack ranging from 8 to 84 cores and being drop-in upgrades for EPYC 8004 servers after a BIOS update, these are quite some interesting processors for those after a single socket, performant server. Up today are benchmarks of the EPYC 8635P as the flagship 84 core Sorano CPU.

• Dragon Q8B SBC combines Snapdragon 8cx Gen 3 with dual 2.5GbE
  Radxa has introduced the Dragon Q8B, a compact single-board computer built around the Qualcomm Snapdragon 8cx Gen 3 Compute Platform. The board combines an 8-core processor, up to 29 TOPS of AI performance, dual 2.5GbE networking, and multiple PCIe expansion options in a 100 × 75 mm form factor for edge computing, robotics, industrial automation, […]

• WriterAgent Week 8-9: Adding NumPy and Pandas to LibreOffice
  This update adds a feature LibreOffice should have probably added many years ago: real scientific Python.LibreOffice has lagged behind Excel in data science workflows. With my recent work in WriterAgent, you can now leverage the full Python ecosystem: Run NumPy in Calc, generate pandas DataFrames from Writer, or let AI agents create scripts and insert results into your documents.

• Communicating With Freedom - Part I - Developing “Quibble” and Improving GNU LibreJS in the Process
  In the 'Free World', people identify problems and pursue fixes, which they can do provided willpower and perseverance; the code is, after all, fully available and the licence permits improvements.

• Fedora 43 Upgrade revealed 20 years old Outlook Security Bug
  Yes, the Fedora 43 upgrade brought an interesting revelation for all Outlook users—one that Microsoft is unlikely to be thrilled about. Outlook was not encrypting email connections, even though SSL/TLS was clearly enabled in the account settings. It looks like, that bug dates back to at least Outlook 2007, which is the oldest Outlook version […]

• Fastfetch 2.64 System Information Tool Adds Hardware Video Codec Detection
  Fastfetch 2.64 introduces a new Codec module for detecting hardware-accelerated video codec support across major platforms.

• Giada 1.4.2 Open-Source Loop Machine Makes Working with Scenes Smoother
  Giada 1.4.2 has been released today as a new stable version of this open-source, minimalistic, and hardcore loop machine and music production software designed for DJs, live performers, and electronic musicians.

• (Updated) Orange Pi Unveils AI Station with Ascend 310 and 176 TOPS Compute
  Orange Pi closes the year by unveiling new details about the Orange Pi AI Station, a compact board-level edge computing platform built around the Ascend 310 series processor. The system targets high-density inference workloads with large memory options, NVMe storage support, and extensive I/O in a small footprint. The AI Station is powered by an […]

• Transmission 4.1.2 Open-Source BitTorrent Client Released with Important Fixes
  Transmission 4.1.2 has been released today as the second maintenance update to the latest Transmission 4.1 series for this popular open-source BitTorrent client, addressing various bugs and also adding a couple of improvements.

• Companies Are Using Reddit To Manipulate ChatGPT and Google AI Search
  An anonymous reader quotes a report from 404 Media: The moderators of the biohacking subreddit say that peptide and hormone replacement therapy companies have been surreptitiously spamming Reddit in an attempt to get their posts scraped by AI chatbots. The strategy is an effort to systematically manipulate the answers provided by chatbots by manipulating the underlying source material that those chatbots will scrape -- in this case, a popular Reddit community. In a post last week, the moderators of r/biohackers said they would be banning new posts about peptides and hormone replacement therapy (HRT) because of attempted manipulation by the companies that make, market, and sell them. [...] "As AI search engines increasingly pull answers from Reddit, companies are using us for AEO. On top of that, there's been an explosion of peptide interest and AI usage flooding the sub. Together, this has put serious pressure on content quality," a post by the moderators read. [...] It has become incredibly difficult to stop Reddit manipulation, because the firms doing it are getting more sophisticated. The moderator said that there are really standard and long-running strategies where brands will hop in the comments and suggest their products: "That type of marketing has always existed and if people want to try something new because the brand resonated with them, cool. That's the way marketing should flow in my mind," they said. "But what I'm seeing that is way scarier to me is that there are companies that will reverse-engineer the actual prompt patterns that are prioritized by LLMs, and so you'll see someone post a super clickbait, high-traction, vague question like 'Is all the hype around Vitamin D actually worth it?" they added. "And that thread will do really well because everyone on biohackers actually has an opinion, so it gets engagement and prioritized by LLMs, and then brands will sneak in and they'll embed their brand mentions in those threads in the exact right places in a seemingly organic way. But none of it is organic, the entire thing is a strategy by an agency to prioritize brand mentions or a narrative within an LLM." The Reddit accounts that are doing this are "warmed up" or are made to seem human, meaning they have a posting history that is not just promotional. This makes them much harder to detect and moderate against. Some of the agencies doing this are paying real people to post promotional content, or have built communities where people are incentivized to post promotional content. The moderator said that Reddit's automated moderation tools have been helpful, but that the type of promotion happening has become so sophisticated that it has become more of a you-know-it-if-you-see it kind of thing. "A lot of it has become pattern recognition," they said. "You literally just sort of know what to look for. But the problem is you don't want to become punitive to the people who aren't doing this maliciously, and so I think the over-moderation risk is very real."
  
  
  Read more of this story at Slashdot.
  

• Meta Keeps Delaying the Release of Its New AI Model to Developers
  Meta has reportedly delayed the developer release of its Muse Spark AI model API multiple times, and as of Tuesday, had no scheduled launch date, according to the Wall Street Journal (paywalled). Reuters reports: A Meta spokesperson told Reuters on Wednesday that the company is already testing the Application Programming Interface (API) with some early partners and is looking forward to releasing it this month. "The muse spark API will be coming soon," Meta AI Chief Alexandr Wang announced in a post on X in April. Meta unveiled Muse Spark in April as the first model built to close the gap with rivals. Muse Spark is the first in a new series of models created by the company's Superintelligence Labs. Earlier on Wednesday, Meta unveiled an AI agent aimed at helping businesses carry out day-to-day operations, hinting at the company's ambitions to compete with rivals such as OpenAI, Anthropic and Alphabet's Google.
  
  
  Read more of this story at Slashdot.
  

• LinkedIn China Spying Threat Prompts Warning From US, Allies
  The U.S. and its Five Eyes intelligence partners issued a joint warning (PDF) that Chinese military intelligence services are using LinkedIn and other professional networking sites to recruit people with access to government, military, foreign policy, or sensitive economic information. "These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks or human resources firms, and place online job advertisements for foreign policy and defense analysts," the agencies said Wednesday. "China's military intelligence services ultimately seek to acquire privileged military, political and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes." Bloomberg reports: China was targeting Five Eyes nationals with security clearance, particularly those working in foreign affairs, security and intelligence, and military personnel including people stationed in the Asia-Pacific region, it said. People with more peripheral access to government information, such as academics, journalists and think tank employees, were also being approached. The Chinese embassy in the UK strongly condemned the accusations, calling the allegation of Chinese espionage threats "entirely fabricated" and "malicious slander." The "Five Eyes" members have "engaged in unscrupulous espionage and intelligence-gathering activities around the globe. Their activities are the real threat to peace-loving countries," the embassy said in a statement Thursday. [...] According to the agencies, Chinese spies have commissioned reports to be written by those they've approached, paying them anywhere from a few hundred to several thousand dollars, with payments sometimes made in cryptocurrency. "Military members may be asked about their roles and unit activities, home base or naval vessel," the notice said. "Five Eyes agencies have identified individuals who have undertaken these activities, leading to criminal prosecutions, job losses, and security-clearance revocation," it warned.
  
  
  Read more of this story at Slashdot.
  

• Supreme Court Sides With Trump Administration On Federal Regulation of Telecom Companies
  An anonymous reader quotes a report from the Associated Press: The Supreme Court sided with the Trump administration Thursday in upholding the power of federal regulators to enforce data privacy laws on telecommunications companies. The 8-1 decision (PDF) preserved one of the Federal Communications Commission's key tools, though the companies also won a concession from the Republican administration that could shift the regulatory landscape. The appeal from telecommunications giants Verizon and AT&T challenged a combined $100 million in penalties imposed after the agency determined that the companies had failed to safeguard customer location data. The companies argued that the FCC's process was unconstitutional because it gave them little opportunity to tell their side of the story in front of a jury. The administration defended the fines are an essential regulatory tool. But the government also said companies did not have to pay the penalties right away, a regulatory shift in the companies' favor. The Supreme Court agreed, affirming the FCC's power to order fines when challenges are still available. "The orders at issue did not settle the carriers' legal obligations because, stated simply, they did not create an obligation to pay," Chief Justice John Roberts wrote for the majority. [...] Other agencies use similar enforcement methods, so a sweeping victory for AT&T and Verizon could have had widespread effects, advocates said.
  
  
  Read more of this story at Slashdot.
  

• Samsung Ditches New Jersey For Texas, Costing Garden State 1,000 Jobs
  schwit1 shares a report from NJ.com: Samsung is pulling up stakes in New Jersey and heading to Texas, a move that could leave roughly 1,000 Garden State workers facing a stark choice: relocate or risk losing their jobs. The South Korean tech giant confirmed this week that it will move its US headquarters from Englewood Cliffs, NJ, to its existing campus in Plano, Texas, marking a stunning reversal less than a year after it celebrated the opening of a new headquarters in Bergen County. The relocation is expected to be completed by the end of the year, according to company statements. "Samsung Electronics America Inc. is undergoing a business transformation designed to better position our organization for long-term growth and future success. As part of this effort, we are relocating our U.S. headquarters from New Jersey to our existing campus in Plano, Texas, building on our 30-year presence in the state," said Samsung in a statement emailed to NJ.com on Tuesday. "As part of this strategy, we will be optimizing parts of the organization to ensure our roles and functions align to key business priorities. We recognize such adjustments will have an impact on our people and we will be providing support to those affected," it continued.
  
  
  Read more of this story at Slashdot.
  

• Apple Is Bringing Age Verification To Texas This Week
  joshuark shares a report from The Verge: Apple will introduce age verification in the App Store for users in Texas starting on Thursday, June 4th. The move, as spotted by MacRumors, comes just days after a federal appeals court allowed Texas' App Store Accountability Act to go into effect while a lawsuit against it proceeds. People in Texas who are creating a new Apple account will need to verify they're over 18 using a credit card or government ID. Apple may also automatically verify users' age using the age of their account and whether they have a credit card on file. Despite Apple's attempts to push back on app store-level age verification, the company has announced plans to implement age checks to comply with laws in places like Utah, Louisiana, Brazil, Australia, Singapore, and the UK. Google is required to make similar changes to the Play Store and is also introducing age-checking tools for developers. Last December, a judge blocked the App Store Accountability Act (SB 2420) from taking effect, but an appeals court has now reversed this decision -- at least while the court figures out whether the law is constitutional. Even if this law gets struck down in Texas, a federal version with the same name is still making its way through Congress and could impose age verification at the app store nationwide.
  
  
  Read more of this story at Slashdot.
  

• Google Ordered To Put Clearer Links In AI Search, Let UK Publishers Opt Out
  An anonymous reader quotes a report from Ars Technica: UK regulators today ordered (PDF) Google to put clearer attributions and links to publishers' content in its AI-generated search features. The UK's Competition and Markets Authority (CMA) also said Google must give publishers a way to opt out of AI features in search. "In a world first, publishers will now have effective tools to prevent their content being used to power AI features in search, such as AI Overviews," the CMA said today. "This will put publishers, like news organizations, in a stronger position to negotiate content deals with Google. To boost consumer trust, Google is also now required to make sure that publisher content is properly attributed, using clear links, in AI-generated search results." The CMA ruled that Google may not penalize publishers for opting out of AI, meaning that Google can't downrank opted-out publishers in general search results. The CMA said Google will have nine months to comply with all requirements but that the agency "expects important parts of the controls to become available to publishers well before that deadline. Google will also be required to submit and publish compliance reports, supported by key data and metrics, explaining changes it has made and how it has complied." [...] The CMA applied the rules to Google after determining that it has "strategic market status" in general search services, and has ongoing investigations into Apple and Microsoft. Google today said it will comply with the CMA decision. The News Media Association, a trade group in the UK, said that "the legally enforceable Conduct Requirements for Google Search published today are a significant step towards leveling the playing field and building a fair, transparent digital economy where premium content is properly respected and fairly compensated." The group called on the UK to implement "robust enforcement."
  
  
  Read more of this story at Slashdot.
  

• NASA Says Goodbye to Its Longtime Mars MAVEN Mission
  NASA has officially ended the MAVEN mission after the Mars orbiter stopped responding in December, apparently after an unexpected spin drained its batteries and knocked out communications. Launched in 2013 and orbiting Mars since 2014, MAVEN spent more than a decade studying how the planet lost its atmosphere and helped explain how Mars transformed from a potentially habitable world into the cold, dry planet seen today. The New York Times reports: The NASA spacecraft MAVEN, short for Mars Atmosphere and Volatile Evolution, had been orbiting around the Red Planet since 2014. NASA last received a signal from MAVEN on Dec. 6, shortly before the spacecraft passed behind Mars. Then the spacecraft stopped responding. A review board found that MAVEN began unexpectedly rotating, causing its batteries to drain too quickly and resulting in a loss of power to the communications system. "The team is certainly broken up about this," said Shannon Curry, the principal investigator of the mission and a scientist at the University of Colorado Boulder, at a news conference on Wednesday. "But at the same time, we are incredibly proud of the science we've accomplished over the last decade." NASA officials declined to speculate on the root cause of the mishap. A final report is expected to be released later this year.
  
  
  Read more of this story at Slashdot.
  

• Amazon's New Stargate Series Is Officially Dead
  Amazon has reportedly killed its planned new Stargate series despite giving it a series order in 2025. According to Variety, studio executives were worried it would only appeal to longtime fans. ScreenRant reports: Reports of what became Gero's Stargate series started in 2022, after Amazon acquired MGM Studios. Dean Devlin, who co-wrote the 1994 Stargate movie with Emmerich, was another executive producer for the Amazon show, as were Joby Harold and Tory Tunnell via Safehouse Pictures. The project also had Brad Wright and Joe Mallozzi as consulting producers, with both having had extensive history working within the Stargate franchise. On X, Michael Shanks, who played Daniel Jackson in Stargate SG-1, posted in response to the news that: "Yep. They did that." Mallozzi was resistant to the idea that the series was being geared toward diehard fans: "Nope. No. Sorry. Gonna have to push back on this. We were ever mindful of creating a show that would have broad appeal." In an additional post, Mallozzi went into further detail about why the cancellation is so disappointing: Before the new series was canceled by Amazon, Stargate began with Emmerich and Devlin's movie starring Kurt Russell and James Spader. This paved the way for 10 seasons of Stargate SG-1, followed by five seasons of Stargate Atlantis. There has also been the two-season Stargate Universe, the one-season animated show Stargate Infinity, the web miniseries Stargate Origins, and the 2008 direct-to-video movies Stargate: The Ark of Truth and Stargate Continuum, along with numerous games.
  
  
  Read more of this story at Slashdot.
  

• Demand Is Booming For New No Tech, Repairable Tractor
  An anonymous reader quotes a report from 404 Media: The secondary market for decades old, low-tech John Deere tractors has been booming for years as farmers have sought reliable tractors that they can actually fix without having to deal with John Deere's repair monopoly. A Canadian company has seen that demand and came up with a radical thought: What if they made a new, repairable, "no-tech" tractor to solve what has become a gigantic pain point for farmers? Alberta's Ursa Ag says that it has been inundated with demand after announcing its tractor, which costs roughly half as much as a Deere and has the benefit of not being a repair nightmare. [...] Ursa Ag markets its tractors as "no frills" and "built to last." Ursa Ag's Doug Wilson told me that the company designed the tractor because of a need in the marketplace for a new machine that isn't loaded with tech and is easy to maintain. The company follows in the footsteps of consumer electronics companies like Fairphone, which makes a repairable smartphone and Framework, which makes modular, repairable laptops. The demand Ursa Ag has seen is part of the backlash to manufacturer repair monopolies and the injection of technology and internet-connected sensors and terms of use into even the most basic of gadgets. "I talk to farmers every day and I hear from farmers every day about how they went out and bought machinery from 1987 so that it wouldn't have a computer on it," Wilson said. "All of this came from a simple discussion with a customer who wanted to be able to turn [the tractor] on at the start of the day, to use it, and shut it off at the end of the day. It needed to work, so that's what we built." Ursa Ag's tractor has been hyped in agriculture circles after Wilson showed the tractor off at a Canadian farm show and it was featured by Farms.com. Wilson said more than a thousand farmers have contacted him after that show, from roughly 30 countries. "I got a handwritten letter from a farmer in France who doesn't own a computer and wanted us to mail him information about the tractors," he said. He said the company has thus far made a couple fewer than 100 tractors but is working on tripling its production capacity and has seen a lot of demand over the last few months. "Given the number of my customers that carry flip phones, I would say there is consumer pressure to back away from some of the technology that is unnecessary to perform everyday tasks," Wilson said. "So that is definitely transferable to dishwashers and washing machines, refrigerators. Refrigerators that have screens on them that'll tell you what's inside. It's a little crazy." "That high-tech stuff, the million-dollar John Deere tractor has a place. It has technology that is well worth the money," Wilson said. "But that technology is needed for 5 percent of what a farm does. There are so many applications for tractors on farms that don't require technology. The technology that goes into even a calculator is not required for most farming applications."
  
  
  Read more of this story at Slashdot.
  

• Fedora Linux 43 Exposes 20-Year-Old Microsoft Outlook Security Failure
  BrianFagioli writes: Fedora Linux 43 users upgrading to the latest Dovecot mail server discovered something rather unsettling: some older Microsoft Outlook configurations may have been silently ignoring SSL/TLS settings for POP3 email connections for years. According to a Fedora community blog post, affected Outlook clients reportedly continued using insecure port 110 connections even when encryption was enabled in the application settings. The issue surfaced after Dovecot 2.4 disabled plaintext authentication on non secure connections by default, causing Outlook users to suddenly lose mailbox access after the Fedora 43 upgrade. The report suggests the behavior may date back as far as Outlook 2007, although modern Outlook builds were not fully tested. Fedora admins stress that the problem could be limited to legacy account configurations rather than current versions of Outlook itself. Still, the discovery has sparked discussion among Linux admins and security folks because many users likely assumed their email traffic was encrypted simply because Outlook claimed SSL/TLS was enabled. The incident also highlights how stricter defaults in modern open source infrastructure can expose ancient assumptions and questionable behaviors that quietly survived for decades.
  
  
  Read more of this story at Slashdot.
  

• EU Plots To Abandon US Tech
  Ancient Slashdot reader whitroth shares a report from Politico, with the caption: "shutting down Microsoft Office for the International Criminal Court (ICC) was clearly a wake-up call." From the report: The EU is moving to counter American dominance in technology by reaching for one of the oldest tools in its arsenal: industrial strategy. As the European Commission unveiled a plan Wednesday to reduce Europe's reliance on the foreign technology providers that underpin the modern economy, it was careful to stress that it was not picking a fight with U.S. digital giants. Instead, the tech sovereignty package -- motivated in no small part by U.S. President Donald Trump's weaponization of Europe's dependence on American firms -- takes a longer-term view: boost the continent's players so they can eventually challenge their U.S. rivals. [...] If adopted, the package will direct public money toward products that contribute to Europe's economy and independence from foreign firms; cut red tape for data centers; beef up research and innovation through "leadership initiatives"; incentivize countries to share digital capacities in a new "Eurocloud" forum; and require EU governments to come up with national strategies to boost the adoption of cutting-edge tech, including AI. The package will also seek to ramp up the bloc's demand for advanced chips -- a response to criticism by the industry -- with a series of industrial initiatives to revise a 2023 chips law. [...] As part of its proposal to keep a list of trustworthy countries, the Commission would require EU governments to run a so-called "sovereignty risk assessment" for every digital service they rely on, measuring foreign control, potential access to sensitive data and the risk of operational disruption. Within a year, they would have to determine the appropriate level of protection for each public sector and procure digital services accordingly -- unless they can prove doing so would come at a "disproportionate cost," the proposal reads. However, the Commission reserves the right to overrule their assessment in future legislation if it believes they downplayed the risks. The Commission estimated that just one percent of Europe's public services are so sensitive that they would be required under the proposed certification scheme to rely on the strict level that totally excludes foreign technology. "We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable and our services secure," Commission President Ursula von der Leyen said in a statement. "This is about protecting our citizens, defending our interests and making our own choices."
  
  
  Read more of this story at Slashdot.
  

• MacBook Neo is So Popular That Apple Reportedly Doubled Production
  According to supply chain analyst Ming-Chi Kuo, Apple has reportedly doubled 2026 MacBook Neo production from 5 million to 10 million units after stronger-than-expected demand for its $599 budget laptop. MacRumors reports: On an earnings call in late April, Apple's CEO Tim Cook said that customer response to the MacBook Neo was "off the charts," and the popularity of the laptop has reportedly led the company to significantly boost production. [...] Apple was very optimistic about the MacBook Neo before announcing it, but the company still "undercalled" the level of enthusiasm that the laptop would generate, according to Cook. He said that MacBook Neo demand exceeded Apple's expectations and helped to drive a record number of first-time Mac buyers last quarter. New figures from market research firm IDC support Apple's claim that the MacBook Neo is selling well, and the Windows PC industry has taken notice. For example, Dell recently introduced a redesigned XPS 13 laptop from $699 and said it has features "you won't find on a MacBook Neo," such as a touch screen and a backlit keyboard. "Apple's MacBook Neo is a capable machine, and its arrival confirms that there's real appetite for premium quality at accessible prices," admitted Dell.
  
  
  Read more of this story at Slashdot.
  

• Google Launches 'Gemma 4 12B' AI Model That Can Run On Your Laptop
  Google has launched Gemma 4 12B, a 12-billion-parameter open AI model designed to run locally on your laptop without depending entirely on cloud infrastructure. WION reports: According to Google, the new model delivers performance close to much larger AI systems while requiring significantly less memory. The company says Gemma 4 12B can run locally on devices equipped with just 16GB of VRAM, making advanced AI more accessible to developers, researchers and businesses. The launch highlights a growing trend across the AI industry: bringing powerful AI models directly to personal computers instead of relying solely on remote data centers. Gemma is Google's family of open AI models built using technology and research from its Gemini program. The new Gemma 4 12B model contains 12 billion parameters and has been designed to handle multiple types of information, including text, images and audio. Unlike traditional AI systems that focus only on text, Gemma 4 12B can understand visual content, process audio inputs and perform advanced reasoning tasks. This makes it suitable for a wider range of applications, from software development and content creation to research and automation. Google says the model is available under the Apache 2.0 licence, allowing developers and organizations to use, modify and deploy it with relatively few restrictions. [...] One of the most significant technical changes in Gemma 4 12B is its new unified architecture. Traditionally, multimodal AI systems use separate components known as encoders to process images, audio and text before combining the information. Google says Gemma 4 12B removes the need for separate multimodal encoders. Instead, the model processes different types of information through a unified architecture. According to the company, this helps improve efficiency while reducing memory requirements and computational overhead. The result is a model that can deliver advanced multimodal capabilities while remaining small enough to run locally on modern hardware.
  
  
  Read more of this story at Slashdot.
  

• Google Shares Fitbit Air Blueprints So Anyone Can 3D-Print Accessories
  Google has released (PDF) technical specs and 2D CAD drawings for the Fitbit Air to encourage users to make their own accessories. "These CAD drawings include crucial mating dimensions, tolerances, and mating force specifications -- including attach and detach force -- to help you build a high-quality accessory band," Google says on a store page listing. 9to5Google reports: Noting how the "community has already come up with innovative and creative new ideas to make the Fitbit Air [their] own" since launch last month, Google is "officially releasing the hardware specifications and accessory design guidelines for the Fitbit Air tracker to the public." For example, owners have already found their own bicep band solutions. This information would typically just be available for third-party accessory companies, but Google wants to open things up to "independent designers and artisan makers." The Google Store page also lists other things developers should keep in mind, such as sensor clearance, sensor pressure, secure retention, and skin-friendly materials.
  
  
  Read more of this story at Slashdot.
  

• Implementing Secure Zero-Touch Provisioning in AI and Edge Infrastructure
  By Juha Holkkola, FusionLayer Group How DHCP Changed Connectivity In the late 1990s, the DHCP (Dynamic Host Configuration Protocol) quietly catalyzed a revolution in digital connectivity. Before DHCP was introduced, connecting devices to a network involved manual entry of IP addresses, DNS servers, subnet masks, and gateways. Networks were fragile, prone to errors, and severely [0]
  
  The post Implementing Secure Zero-Touch Provisioning in AI and Edge Infrastructure appeared first on Linux.com.
  

• From DHCP to SZTP – The Trust Revolution
  By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
  
  The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
  

• Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship
  Sustaining a Core Part of the Linux Ecosystem The Linux Foundation has announced a second year of sponsorship for the ongoing maintenance of the Linux manual pages (man-pages) project, led by Alejandro (Alex) Colomar. This critical initiative is made possible through the continued support of Google, Hudson River Trading, and Meta, who have renewed their [0]
  
  The post Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two
  In Part One of this series, we examined how the SONiC control plane and the VPP data plane form a cohesive, software-defined routing stack through the Switch Abstraction Interface.` We outlined how SONiC’s Redis-based orchestration and VPP’s user-space packet engine come together to create a high-performance, open router architecture. In this second part, we’ll turn [0]
  
  The post Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One
  The networking industry is undergoing a fundamental architectural transformation, driven by the relentless demands of cloud-scale data centers and the rise of software-defined infrastructure. At the heart of this evolution is the principle of disaggregation: the systematic unbundling of components that were once tightly integrated within proprietary, monolithic systems.` This movement began with the separation [0]
  
  The post Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One appeared first on Linux.com.
  

• Kubernetes on Bare Metal for Maximum Performance
  When teams consider deploying Kubernetes, one of the first questions that arises is: where should it run? The default answer is often the public cloud, thanks to its flexibility and ease of use. However, a growing number of organizations are revisiting the advantages of running Kubernetes directly on bare metal servers. For workloads that demand [0]
  
  The post Kubernetes on Bare Metal for Maximum Performance appeared first on Linux.com.
  

• How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM
  This article was contributed by Vedrana Vidulin, Head of Responsible AI Unit at Intellias (LinkedIn). As AI becomes central to smart devices, embedded systems, and edge computing, the ability to run language models locally — without relying on the cloud — is essential. Whether its for reducing latency, improving data privacy, or enabling offline functionality, local AI [0]
  
  The post How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM appeared first on Linux.com.
  

• Automating Compliance Management with UTMStacks Open Source SIEM 8 XDR
  Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth. Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions [0]
  
  The post Automating Compliance Management with UTMStacks Open Source SIEM & XDR appeared first on Linux.com.
  

• A Simple Way to Install Talos Linux on Any Machine, with Any Provider
  Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence [0]
  
  The post A Simple Way to Install Talos Linux on Any Machine, with Any Provider appeared first on Linux.com.
  

• Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
  OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
  
  The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
  

Engadget"Engadget - Technology News & Expert Reviews"

• The Instagram Plus subscription has officially launched
  Paying users will have tools for reaching either wider or more-specific audiences.

• Wired found code for an unreleased facial recognition feature in Meta's AI app
  Meta was previously reported to be exploring facial recognition for its smart glasses.

• ChatGPT's memory is getting better, especially if you're on the free tier
  OpenAI has significantly improved the chatbot9s 4dreaming4 architecture.

• Canada Prime Minister Mark Carney announces questionable national AI strategy
  Canada9s 4AI for All4 plan prioritizes strengthening data protections and increasing AI adoption.

• Police have yet to catch a thief who used a Waymo to steal yoga clothes
  Believe it or not, this is not the first robotaxi-assisted theft.

• Netflix will release its FIFA World Cup: Launch Edition game on June 11
  Netflix and EA are both going to capitalize on the World Cup craze.

• Meta's latest AI tool gives creators a 'brainstorming partner'
  Meta9s Creator Assistant AI can analyze your past posts to help with future content plans.

• Marshall Milton ANC review: Making the rare case for premium on-ear headphones
  Marshall9s latest headphones are like its Major and Monitor models had a baby.

• Belkin made a charging grip for the Switch 2
  Belkin9s new Switch 2 charging grip lets you game longer and be more comfortable doing it.

• Elden Ring finally launches for Switch 2 on August 28
  Elden Ring for the Switch 2 includes the Shadow of the Erdtree expansion and other goodies.

• Ferrari and HP made a vivid red laptop with a transparent 'engine bay'
  Only 4,999 units of the HP Scuderia Ferrari AI PC will be available.

• Here's what you should and shouldn't plug into a TV USB port
  A TV9s USB port is often forgotten, but can still be useful.

• Amazon's new Proteus warehouse robot is fully autonomous
  Amazon9s AI-upgraded Proteus robot can now be controlled using plain language.

• How to watch Apple's WWDC 2026 keynote
  Apple CEO Tim Cook will take part in his last WWDC presentation on June 8.

• How to watch the Summer Game Fest showcase
  Summer Game Fest9s main showcase is streaming live on June 5 at 2PM PT.

• NASA's Mars MAVEN probe is dead
  NASA has declared that the MAVEN mission has ended after losing contact with its probe six months ago.

• Samsung's updated Health app unsurprisingly comes with new AI-powered features
  Samsung will roll out an update for its Health app before launching its new Galaxy Watches.

• Even Meta's Oversight Board thinks its rules for banning accounts are baffling
  The group has 4due process concerns4 over how the company handles account bans.

• SpaceX expects its IPO to raise $74.4 billion
  SpaceX expects to become a trillion-dollar company when it goes public.

• Google Wallet ID passes will be available in select EU states this summer
  The company is also introducing a new age verification process in partnership with a European bank.

• EU OS: A Bold Step Toward Digital Sovereignty for Europe
  Image
  A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
  What Is EU OS?
  EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
  
  Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
  The Vision Behind EU OS
  The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
  
  Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
  
  However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
  Conclusion
  EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
  
  Source: It's FOSS
  European Union

• Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
  
  In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
  
  On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
  
  Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
  
  The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
  
  Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
  
  You can download the latest kernel here.
  Linus Torvalds kernel

• AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
  Image
  AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
  
  This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
  
  Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
  
  Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
  
  Source: 9to5Linux
  AerynOS

• Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
  Image
  Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
  
  Here’s a quick overview of what’s new in Xojo 2025r1:
  1. Linux ARM IDE Support
  Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
  2. Web Drag and Drop
  One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
  3. Direct App Store Publishing
  Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
  4. New Desktop and Mobile Features
  This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
  5. Performance and IDE Enhancements
  Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
  What Does This Mean for Developers?
  Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
  How to Get Started
  Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
  
  Download Xojo 2025r1 today at xojo.com.
  Final Thoughts
  With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
  Xojo ARM

• New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
  
  Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
  
  Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
  
  Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest. 
  
  Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
  
  Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
  
  Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
  
  By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
  Windows

• Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
  
  The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally. 
  
  As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
  
  In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions. 
  
  After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
  
  The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
  
  At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
  
  The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
  Security

• Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
  
  The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
  
  A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
  
  This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem. 
  
  The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
  
  On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
  
  In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
  kernel

• Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
  
  Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
  
  The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
  
  Here is what Linus Torvalds had to say in today's announcement:
  Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds

• Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
  
  Want to interact with ChatGPT from your Linux desktop without using a web browser?
  
  Bavarder, a new app, allows you to do just that.
  
  Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
  
  With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
  
  During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
  
  At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
  
  As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
  
  Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
  ChatGPT AI

• LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
  
  Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
  
  Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
  
  LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
  
  You can download LibreOffice 7.5.3 directly from the LibreOffice website��or from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
  
  All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
  
  In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
  
  Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
  
  The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
  LibreOffice