All the News that Matters

• Eden: NHS goes to war against open source
  Terence Eden reportsthat the UK's NationalHealth Service (NHS) is preparing to close almost all of its open-source repositories as aresponse to LLM tools, such as Anthropic's Mythos, becoming moresophisticated at finding security vulnerabilities. He does not, to putit mildly, agree with the decision:
  
  The majority of code repospublished by the NHS are not meaningfully affected by any advancein security scanning. They're mostly data sets, internal tools,guidance, research tools, front-end design and the like. There isnothing in them which could realistically lead to a securityincident.
  
  When I was working at NHSX during the pandemic, we were soconfident of the safety and necessity of open source, we made sure theCovid Contact Tracing app was open sourced the minute it was availableto the public. That was a nationally mandated app, installed onmillions of phones, subject to intense scrutiny from hostile powers -and yet, despite publishing the code, architecture and documentation,the open source code caused zero securityincidents.
  
  Furthermore, this new guidance is in direct contradiction to theUK's TechCode of Practice point 3 "Be open and use open source" whichinsists on code being open.
  

• [$] Version-controlled databases using Prolly trees
  Modern database and filesystems make pervasive use ofB-trees, which are treestructures optimized for storing sorted lists of keys and values on blockdevices.Dolt is an Apache 2.0-licensed project that makes clever use of avariant of a B-tree to support efficient version control for an entire database.The data structure it uses could well be of interest to other projects.
  

• Security updates for Friday
  Security updates have been issued by AlmaLinux (fence-agents), Debian (chromium, dovecot, and kernel), Fedora (chromium, dotnet10.0, dotnet8.0, dotnet9.0, emacs, glow, jfrog-cli, openbao, pyp2spec, python3.6, rust-rustls-webpki, vhs, and xen), Oracle (grafana, grafana-pcp, PackageKit, sudo, vim, and xorg-x11-server), Red Hat (rhc), SUSE (avahi, bouncycastle, chromium, container-suseconnect, firewalld, gdk-pixbuf, grafana, java-25-openjdk, kernel, libixml11, libmozjs-140-0, libpng12-0, libsodium, libssh, mariadb, Mesa, ntfs-3g_ntfsprogs, openCryptoki, openexr, packagekit, prometheus-postgres_exporter, python-jwcrypto, python-mako, python-Pygments, python-pynacl, python311, python311-pyOpenSSL, python315, radare2, sed, and vim), and Ubuntu (kmod and zulucrypt).

• [$] Restartable sequences, TCMalloc, and Hyrum's Law
  Hyrum's Law states that anyobservable behavior of a system will eventually be depended upon bysomebody. The kernel community is currently contending with a cleardemonstration of that principle. The recent work to address some restartable-sequencesperformance problems in the 6.19 release maintained the documented APIin all respects, but that was not enough; Google's TCMalloclibrary, as it turns out, violates the documented API, prevents other codefrom using restartable features, and breaks with 6.19. But the kernel'sno-regressions rule is forcing developers to find a way to accommodateTCMalloc's behavior.

• GCC 16.1 released
  Version16.1 of the GNU Compiler Collection (GCC) has beenreleased.
  The C++ frontend now defaults to the GNU C++20 dialect and the correspondingparts of the standard library are no longer experimental. SeveralC++26 features receive experimental support, including Reflection(-freflection), Contracts, expansion statements and std::simd.
  Other changes include the introduction of an experimental compilerfrontend for the Algol68 language,ability to output GCC diagnostics in HTML form, and more.
  
  
  

• Seven new stable kernels for Thursday
  Greg Kroah-Hartman has released the 7.0.3, 6.18.26, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254 stable kernels. The 7.0.3 and6.18.26 kernels only contain fixes needed for Xen users; the others,though, have backported fixes for the recently disclosed AEAD socket vulnerability. Kroah-Hartman advisesthat all users of the other kernel series must upgrade.
  
  
  

• Security updates for Thursday
  Security updates have been issued by AlmaLinux (buildah, firefox, gdk-pixbuf2, giflib, grafana, java-1.8.0-openjdk, java-21-openjdk, LibRaw, OpenEXR, PackageKit, pcs, python3.11, python3.12, python3.9, sudo, tigervnc, vim, xorg-x11-server, xorg-x11-server-Xwayland, yggdrasil, and yggdrasil-worker-package-manager), Debian (calibre, firefox-esr, and openjdk-17), Fedora (asterisk, binaryen, buildah, dokuwiki, lemonldap-ng, libexif, libgcrypt, miniupnpd, openvpn, podman, python3.9, rust-rpm-sequoia, skopeo, and xdg-dbus-proxy), Red Hat (buildah, gdk-pixbuf2, and nodejs:20), SUSE (dnsdist, libheif, openCryptoki, polkit, sed, and xen), and Ubuntu (linux-bluefield, python-marshmallow, and roundcube).

• [$] LWN.net Weekly Edition for April 30, 2026
  Inside this week's LWN.net Weekly Edition:
  Front: Famfs; Python packaging council; Zig concurrency; pages and folios; Strawberry music manager; 7.1 merge window. Briefs: GnuPG 2.5.19; Copy Fail; Plasma security; Fedora 44; Ubuntu 26.04; Niri 26.04; pip 26.1; RIP Seth Nickell; RIP Tomáš Kalibera; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.

• A security bug in AEAD sockets
  Security analysis firm Xint has disclosed a security bug in the Linux kernelthat allows for arbitrary 4-byte writes to the page cache, and which has beenpresent since 2017.The vulnerability hasbeen fixed in mainline kernels. A proof-of-concept script demonstrates how to use the flaw to corrupt a setuidbinary, which works onmultiple distributions, by requesting an AEAD-encrypted socket from user spaceand splicing a particular payload into it.A supplemental blogpost gives more details about the discovery and remediation.
  A core primitive underlying this bug is splice(): it transfers data between filedescriptors and pipes without copying, passing page cache pages by reference.When a user splices a file into a pipe and then into an AF_ALG socket, thesocket's input scatterlist holds direct references to the kernel's cached pagesof that file. The pages are not duplicated; the scatterlist entries point at thesame physical pages that back every read(), mmap(), andexecve() of that file.

• [$] Python packaging council approved
  The Python packaging world now has a formalgovernance council, of the form described in PEP 772 ("PackagingCouncil governance process"), which was approvedby the steering council on April 16. It has been over a yearsince the PEP was first proposed in February 2025 and it has undergonelengthy discussions in multiple postings to the Python discussion forum. Thepackaging council will have "broad authority over packaging standards,tools, and implementations"; it will consist of five members who willbe elected in a vote that is likely to come in June—after PyCon US 2026 is held mid-May.

• Security review of Plasma Login Manager (SUSE Security Team Blog)
  SUSE's Security Team has published a detailedblog post on their recent review of the PlasmaLogin Manager version 6.6.2,which was forked from the SDDM displaymanager.
  
  While most of the code remains thesame, the new upstream added a privilegedD-Bus helper calledplasmaloginauthhelper, which suffers from defense-in-depthsecurity issues.
  
  [...] Based on the high severity of the defense-in-depth issuesshown in this report, our assessment is that there is effectively noseparation between root and the plasmalogin service user account.
  
  At this time there is no bugfix available by upstream, but asecurity fix is planned for the next Plasma release on May 12. We havenot been involved in upstream's bugfix process so far and have noknowledge about the approach that will be taken to address the issuesfrom this report.
  
  
  

• Security updates for Wednesday
  Security updates have been issued by AlmaLinux (firefox, gdk-pixbuf2, java-17-openjdk, libxml2, python3, python3.11, python3.12, sudo, and webkit2gtk3), Debian (dnsdist, node-tar, pdns, pdns-recursor, and policykit-1), Fedora (chromium, edk2, and vim), Oracle (firefox, gdk-pixbuf2, go-toolset:rhel8, libpng12, LibRaw, libxml2, python, python3, python3.11, python3.12, python3.12-wheel, vim, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, yggdrasil, and yggdrasil-worker-package-manager), Red Hat (container-tools:rhel8, delve, git-lfs, go-rpm-macros, grafana, grafana-pcp, osbuild-composer, and rhc), SUSE (bouncycastle, clamav, container-suseconnect, dovecot22, erlang, firefox, fontforge, freerdp2, ghostscript, giflib, gnome-remote-desktop, go1.25, go1.26, google-guest-agent, haproxy, ignition, ImageMagick, kernel, libcap, libpng16, libraw, librsvg, mariadb, openexr, pocketbase, protobuf, python-Pillow, python-requests, qemu, rust1.94, sudo, tomcat, tomcat10, tomcat11, webkit2gtk3, and xen), and Ubuntu (dotnet10, dovecot, linux-nvidia-lowlatency, node-follow-redirects, openssh, packagekit, python-cryptography, python-tornado, ruby-rack-session, ujson, and wheel).

• Remembering Seth Nickell
  LWN has received the sad news that Seth Nickell passed away, onApril 16, from his father, Eric Nickell:
  
  Many of you knew Seth from his work in the GNOME Usability Project, but hisroots in that community trace back to his high school years. As a father ofa high school junior, I remember being terrified when he flashed the harddrive of a computer he purchased for himself with this weird "Linux" thing.And I was a bit awed by the college application essay he wrote about opensource and Linus Torvalds.
  
  It was his interest in packet radio that drew him into working withthe Linux AX.25 HOWTOas a high schooler, and from there to his focus on making the Linuxdesktop work for everyone.
  
  The family plans to share news of a memorial at a later time. Hewill be deeply missed.
  

• Fedora Linux 44 has been released
  The Fedora Project has announcedthe release of Fedora Linux 44. There are "what's new"articles for FedoraWorkstation, FedoraKDE Plasma Desktop, and FedoraAtomic Desktops. The Fedora Asahi Remix for Apple Silicon Macs,based on Fedora 44, is alsoavailable. See the Fedora Spins page for a full list of alternative desktop options.
  
  Fedora Linux 44 Workstation ships with the latest GNOME release,GNOME 50. This comes with a long list of refinements to your desktop,including everything from accessibility to color management and remotedesktop. Many of the applications that are installed by default onFedora Workstation have also seen improvements, from Document Viewerto File Manager and Calendar. To learn more about these and otherchanges, you can read the GNOME 50 release notes.
  
  KDE Plasma Desktop: If you are a KDE user, you should also notice acouple of very obvious changes. Fedora KDE Plasma Desktop 44 is basedon the latest Plasma 6.6, which includes the new Plasma Login Managerand Plasma Setup to provide a more cohesive and integrated experiencefrom the moment the computer is powered on for the first time. Theinstallation process has been simplified, enabling you to easily setup Fedora KDE Plasma Desktop for a computer for a friend or a lovedone.
  
  The releasenotes include important changes between Fedora 43 andFedora 44 for desktop users, developers, and system administrators.
  
  
  

• [$] Strawberry is ripe for managing music collections
  There are dozens of music-player applications for Linux; the options rangefrom bare-bones programs that only play local files to full-blownmusic-management projects with a full suite of tools for managing (and playing)a music collection. Strawberryis in the latter category; it has a bumper crop of features, including smartplaylists, support for editing music metadata tags, the ability to organize musicfiles, and more.
  

Linux Insider"LinuxInsider"

• ClusterAPI Simplifies Provisioning but Leaves Ops Gaps
  ClusterAPI simplified Kubernetes provisioning, but operations remain complex. Teams still must correlate fragmented signals across systems, driving demand for AI-driven visibility and faster issue resolution. The post ClusterAPI Simplifies Provisioning but Leaves Ops Gaps appeared first on LinuxInsider.

• Percona, Chainguard Advance Secure-by-Default Open-Source Databases
  Percona and Chainguard aim to cut CVE patching and reduce overhead with secure-by-default images for open-source databases. The post Percona, Chainguard Advance Secure-by-Default Open-Source Databases appeared first on LinuxInsider.

• Rocky Linux Expands Into Enterprise AI Infrastructure
  CIQ is expanding Rocky Linux with enterprise and AI-focused versions designed to simplify deployments and improve GPU performance. The post Rocky Linux Expands Into Enterprise AI Infrastructure appeared first on LinuxInsider.

• The Patching Paradox Driving Most Breaches
  More than half of breaches occur after fixes are available, revealing an execution gap as delayed patching turns known vulnerabilities into ongoing enterprise risk. The post The Patching Paradox Driving Most Breaches appeared first on LinuxInsider.

• Lock Down Your Linux Laptop on Public Wi-Fi
  Public Wi-Fi exposes Linux systems to monitoring, spoofed networks, and data interception. This guide shows how to secure your device with VPNs, firewalls, and browser protections. The post Lock Down Your Linux Laptop on Public Wi-Fi appeared first on LinuxInsider.

• Percona Spins Off Everest DBaaS Into OpenEverest Project
  Percona is moving its Everest DBaaS platform into OpenEverest, a community-driven project focused on governance, vendor neutrality, and modern data infrastructure. The post Percona Spins Off Everest DBaaS Into OpenEverest Project appeared first on LinuxInsider.

• Oracle Declines Community Proposal for Neutral MySQL Foundation
  More than 500 developers are urging Oracle to consider a vendor-neutral foundation for MySQL, warning that limited community input could slow innovation and fragment the ecosystem. The post Oracle Declines Community Proposal for Neutral MySQL Foundation appeared first on LinuxInsider.

• How to Harden Firefox for Better Security on Linux
  This guide shows how to install the latest Firefox build on Linux and adjust key settings to reduce tracking, limit telemetry, and strengthen browser security. The post How to Harden Firefox for Better Security on Linux appeared first on LinuxInsider.

• Open-Source Vulnerabilities Double as AI Coding Grows
  As AI-assisted coding accelerates software development, security teams are facing a growing challenge managing expanding open-source dependencies and the vulnerabilities they introduce across enterprise environments. The post Open-Source Vulnerabilities Double as AI Coding Grows appeared first on LinuxInsider.

• How to Secure Cloud Storage on Linux With VeraCrypt
  This step-by-step guide shows Linux users how to secure cloud-stored files with VeraCrypt by encrypting data locally, keeping encryption keys out of cloud providers' hands. The post How to Secure Cloud Storage on Linux With VeraCrypt appeared first on LinuxInsider.

• Inference is giving AI chip startups a second chance to make their mark
  In a disaggregated AI world, Nvidia can be both a friend and an enemy
  AI adoption is reaching an inflection point as the focus shifts from training new models to serving them. For the AI startups vying for a slice of Nvidia's pie, it's now or never.…
  

• Royal Navy chief backs drones, autonomous weapons in ‘Hybrid Navy’
  Plan mixes crewed ships, robot escorts, and long-range strike to bolster a stretched fleet
  The leader of Britain’s Royal Navy has outlined a “Hybrid Navy” built on a mix of crewed, uncrewed, and autonomous platforms to ensure it can continue to defend the nation and operate overseas.…
  

• Job's a good 'un: Bank of England tech project wins watchdog praise
  PAC: Now why can't everybody else in public sector do it like this?
  Parliament's spending watchdog has held up a successful large-scale public sector tech transformation as a rare example worth emulating, in a striking departure from the usual diet of failure and overspend.…
  

• Usage-based pricing killing your vibe - here's how to roll your own local AI coding agents
  Take those token limits and shove them by vibe coding with a local LLM
  With model devs pushing more aggressive rate limits, raising prices, or even abandoning subscriptions for usage-based pricing, that vibe-coded hobby project is about to get a whole lot more expensive. Fortunately, you're not without cost-saving options.…
  

• UK drivers' agency shrugs off claims of week-long booking site smashes, blames browser configs
  Agency insists everything is working fine, even though users spend days failing to load it
  The DVSA's driving test booking system has spent the week offline, according to frustrated users.…
  

• Brace for the patch tsunami: AI is unearthing decades of buried code debt
  Britain's cyber agency says the bill for years of technical shortcuts is coming due, and it's arriving all at once
  Britain's cyber agency is warning that AI-fuelled bug hunting is about to flush out years of buried flaws, leaving defenders scrambling to keep up.…
  

• ServiceNow under siege as Atlassian adds to ITSM take-outs
  CEO Mike Cannon-Brookes touts 'largest ever quarter for competitive displacements'
  The chase is on. Atlassian reported its largest-ever quarter for taking share from a major IT service management provider, CEO Mike Cannon-Brookes said on the company's fiscal third-quarter earnings call Thursday, escalating its rivalry with ServiceNow.…
  

• Mythos complicates the breakup, says Pentagon CTO, but Anthropic is still barred
  Emil Michael says agencies are evaluating the cybersecurity model, not deploying it
  Pentagon CTO Emil Michael pushed back on reports of a thaw in the department’s relationship with Anthropic: The two are not getting back together, even as Mythos draws interest from government agencies.…
  

• Artemis III aims for 'late 2027' for Earth orbit demonstration
  SpaceX and Blue Origin will absolutely be ready in time. Definitely
  Amid the sensational NASA budget cut proposals taking place in the US at the moment, NASA Administrator Jared Isaacman has refined the Artemis III launch date to "late 2027."…
  

• Where to buy a non-Apple, non-Google smartphone
  Both Cupertino and Google are imposing ever stricter limits on their phones – but you have alternatives
  As both Apple and Google introduce unwelcome changes in their phone OSes, here's a quick reminder that you do have alternatives to the Gruesome Twosome.…
  

• CIOs ready for another role-change as AI becomes agent of chaos
  If software writes software the risk is “systematic failure at scale”. Someone needs to take charge, argues Forrester
  Forrester predicts that by decade's end, the rush toward agentic AI will grow so chaotic that CIOs will be forced into a new role as enforcer of order.…
  

• That old phone in the kitchen drawer could save an industry
  Users have less cash to burn and less patience for AI in new models... now where to get the used stock
  Secondhand phones sales are booming - relatively speaking - and the industry has rising inflation, AI bloat, and consumers' growing apathy toward overpriced new handsets to thank for it.…
  

• First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
  Exploitation was underway before patches landed, at least one victim reports ransomware demand
  CISA has added a critical cPanel bug to its known-exploited list, confirming that attackers are already poking holes in one of the internet's most widely used hosting stacks.…
  

• Microsoft releases first big update after Nadella's vow to 'win back fans'
  Lots of fixes, some performance tweaks. Fingers crossed there's no out-of-band patch to follow
  Microsoft is following through on its promise to prioritize Windows stability with its April 30 non-security update.…
  

• OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that
  Altman's crew now doing the same gatekeeping it recently mocked
  OpenAI is lining up a limited release of its new GPT-5.5-Cyber model to a handpicked circle of "cyber defenders," just weeks after taking a swipe at Anthropic for doing almost exactly the same thing.…
  

• SpaceX rocket set for unintentional Moon landing – well, a piece of it anyway
  But unlike most junkers, it'll be traveling faster than the speed of sound, claims astronomy software dev
  An astronomy software dev claims a Falcon 9 upper stage will hit the Moon in August, traveling at several times the speed of sound.…
  

• Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down
  313 Team tells Canonical: pay up or the packets keep coming
  Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant.…
  

• UK pensions dept goes shopping for spy-van tech with £2M surveillance tender
  Covert cameras, live-streaming systems, and in-vehicle recording kit sought to catch out fraudsters
  The Department for Work and Pensions has gone shopping for covert cameras, live-streaming kit, and vehicle-based recording gear as it lines up a £2 million upgrade to watch fraud suspects in real time.…
  

• Who needs ghost train scares when Windows is such a fright?
  Things that go bork in the night
  Bork!Bork!Bork! What frightens you? What, as an IT professional, would make you shriek like a small child? What tech horrors are lurking under your bed?…
  

• Passport to £££: Home Office adds £216M to travel doc contract before a single bid's been placed
  Start date pushed back a year, annual cost up a third, and UK's now handing out eight million passports a year
  The Home Office has increased the annual value and overall duration of its new passport production contract, increasing it to a total of £576 million as it starts a third round of engagement with suppliers.…
  

• DVLA's 14-week driving license fiasco – the tech, people and chatbot trying to clear it
  Medical license applicants still waiting months while agency insists it's 'putting things right'
  The Driver and Vehicle Licensing Agency (DVLA) has introduced new techto support driving license applications that require medical checks, after processing times exceeded 14 weeks in February.…
  

• User found the perfect formula to make Excel misbehave
  For once, Oracle ERP wasn’t the problem
  On Call Fridays can be a drag, but The Register has a formula to inject a little fun by delivering a new instalment of On Call – the reader-contributed column in which we share your tech support stories.…
  

• Qualcomm teases ‘dedicated CPU for agentic experiences’ and ‘agentic smartphones’
  Enters the custom AI silicon business with secret silicon for an un-named hyperscaler
  Qualcomm has quietly entered the market for custom hyperscale silicon, and datacenter CPUs…
  

• Fujitsu confirms mainframe biz to die in 2035, in time for quantum AI supercomputers to take over
  In talks with Japan, the UK, and Australia on defense tech that can ‘contribute to global stability’
  Japanese tech giant Fujitsu has confirmed the demise of its mainframe business in the year 2035 and hinted it’s working on significant defense projects.…
  

• ICANN opens applications for new generic top-level domains for the first time since 2012
  $227k gets you a hearing for your dot.vanity project, or strings in one of 27 scripts
  The Internet Corporation for Assigned Names and Numbers (ICANN) on Thursday kicked off a new application process for generic top-level domains (gTLDs), its first since 2012.…
  

• The never-ending supply chain attacks worm into SAP npm packages, other dev tools
  Mini Shai-Hulud caught spreading credential-stealing malware
  The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm packages, plus the lightning PyPI package.…
  

• Govern your bots carefully or chaos could ensue
  Stop the sprawl!
  With the average Global Fortune 500 enterprise expected to run more than 150,000 AI agents by 2028, up from fewer than 15 today, there’s plenty of room for chaos. Analyst firm Gartner says that, without proper governance, those agents will multiply and run amok.…
  

• Firefox maker torches Google for building Prompt API into browser
  Mozilla fears wiring an AI API into Chrome will make the web less open
  Updated Mozilla has reiterated its opposition to Google's decision to build AI plumbing into its Chrome browser, though rather belatedly now that the technology, known as the Prompt API, is already being tested in Chrome and Microsoft Edge.…
  

• Bot her emails: most modern phishing campaigns are AI-enabled
  KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start
  Give a man a phishing kit and he might get lucky a couple of times; teach an AI to phish and it'll change the landscape, if KnowBe4's latest phishing trends report is accurate.…
  

• FBI cyber boss: China's hacker-for-hire ecosystem 'out of control'
  One alleged cyber contractor was extradited to the US over the weekend
  China's "hacker-for-hire ecosystem has gotten out of control," according to Brett Leatherman, assistant director of the FBI's cyber division.…
  

• Phone users know when to hold ’em, delay upgrades amid inflation
  Analyst says handsets now stay in pockets for 4.2 years on average
  Remember the early days of the smartphone revolution when, even after six months, your phone felt outdated? Not anymore. Smartphone replacement cycles are getting longer as discretionary household budgets come under pressure from inflation, with demand for new devices expected to fall for the rest of this year.…
  

• Bandwidth hogs rejoice, Celestica's latest switch is bristling with 64 ports of 1.6 Tbps Ethernet
  Networking kit arrives just in time for Nvidia's 1.6 Tbps ConnectX-9 NICs
  If you thought 800 Gbps Ethernet was fast, just wait. Celestica's latest switches cram 64 1.6 Tbps ports into a single chassis.…
  

• Google's fix for critical Gemini CLI bug might break your CI/CD pipelines
  This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows
  If you use Gemini CLI, watch out: Google has patched a CVSS 10.0 vulnerability in its command-line AI tool and is warning anyone running it in headless mode, or through GitHub Actions, to review their workflows.…
  

• French prosecutors link 15-year-old to mega-breach at state’s secure document agency
  Two computer crime allegations follow up to 18M lines of data surfacing online
  French prosecutors say police detained a 15-year-old on April 25 over the alleged theft of millions of records from France Titres (ANTS), the agency handling secure documents.…
  

• Zed team releases version 1.0 of Rust-built editor: Traditional editor and AI tool
  Team wins praise for adding 'disable all AI features' setting for devs who want a code editor to be only a code editor
  The Rust-built Zed editor has reached version 1.0, released yesterday, with development led by former members of the Atom team at GitHub.…
  

• AWS says acute server memory shortage is driving customers to the cloud
  When you can't get 'em with a 'transformation plan,' supply chain pain will do the job
  The great memory shortage is having yet another effect, pushing enterprises into the waiting arms of the cloud operators as they can't secure enough on-prem compute themselves.…
  

• Survey says no, American workers are not keen on Microsoft's AI
  Lock-in worries threaten to dampen the E7 launch party
  The Coalition for Fair Software Licensing has published research showing that US workers reckon Microsoft is using its productivity tools to lock their employers into the company's AI services.…
  

• SAP user group slams 'uncertainty' in ERP giant's API policy
  Concerns over new rules might stop customers from adopting innovations – including AI – that connect to SAP systems
  An influential SAP user group has criticized the vendor's API policy update, saying it lacks clarity and potentially prevents users from starting new projects and innovating on their SAP platforms.…
  

• Microsoft boss tells investors the company is working to 'win back fans'
  But why did those fans go away in the first place, Satya?
  Microsoft boss Satya Nadella told investors during an earnings call last night that the company needs to "win back" its fans.…
  

• Fewer users, fatter wallets is why Anthropic tops OpenAI in LLM revenue stakes
  AI boom splits between companies hoarding eyeballs and those actually charging for them
  Anthropic is pulling in more LLM revenue than OpenAI, despite having a fraction of the users.…
  

• Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005
  Turns out the real problem is not AI but staff still clicking on dodgy emails from 'IT support'
  Nearly half of UK businesses are still getting breached, and in many cases, the attacker's big breakthrough is an employee clicking "sure, why not" on a fake login page.…
  

• What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
  Just in time for the Trump-Xi summit
  Exclusive A novel China-linked threat group infiltrated more than a dozen critical networks in Poland, Asian countries, and possibly beyond, beginning in December 2024 and with activity uncovered as recently as this month.…
  

• Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
  Emergency patches out now for those managing the millions of domains assumed to be affected
  Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed using it.…
  

• Met Police's Palantir deployment has its own officers watching their backs
  Federation warns members to ditch work devices off duty as force uses AI to probe 600+ cops
  London cops are being told by their staff association to be "extremely cautious" about carrying work devices off duty, after the Metropolitan Police Service (MPS) deployed Palantir's technology to investigate hundreds of its own officers.…
  

• Britain's £6B armoured sickener Ajax cleared for duty despite injuring troops
  Investigation finds no single cause for soldiers falling ill, just bad bolts, cold air, and apparently the soldiers themselves
  Britain's notorious Ajax armored vehicles are being accepted back from the manufacturer after investigations found no single cause for the symptoms plaguing crews, meaning soldiers will need to grin and bear it.…
  

• Finance company stores DB credentials in helpfully labeled spreadsheet
  Great idea, guys. Let's keep all of the data in an Excel file with weak password protection
  PWNED Welcome, once again, to PWNED, the weekly column where we recount the adventures of IT explorers who found their own pile of quicksand and then jumped right into it. This week's story involves keeping sensitive information in a very vulnerable place and then not protecting it adequately.…
  

• Microsoft levels up Azure Local to make it fit for large-scale sovereign clouds
  Can now use SANs for storage, and adds a local control plane and key management
  Microsoft has given its Azure Local on-prem cloud a major makeover to make it fit for duty powering large-scale sovereign infrastructure.…
  

• Google to sell its TPUs to some customers, who also fancy big-G GPUs
  AI is driving more searches and ads
  Google Cloud will start selling its custom tensor processing units to some customers, because they want them and the search giant wants to diversify its revenues.…
  

• Microsoft lifts 2026 AI spend by $25 billion to cover component price rises
  Will write checks for $190 billion and even those megabucks may not satisfy demand
  If you've felt the sting of surging hardware prices, Microsoft can sympathize because the company on Wednesday said it expects its 2026 capital expenditure will hit $190 billion, with $25 billion of that due to rising component costs.…
  

• Linux cryptographic code flaw offers fast route to root
  Patches land for authencesn flaw enabling local privilege escalation
  Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LPE) vulnerability arising from a logic flaw.…
  

• ReactOS Introduces Unified Live/Install Media, New Storage Driver
  ReactOS as the "open-source Windows" operating system project striving for binary compatibility with Microsoft Windows has seen some exciting improvements this week...

• Many Exciting Google Summer of Code 2026 Projects & A Lot Of AI
  This week Google announced the selected Google Summer of Code "GSoC" 2026 projects for providing stipends to student developers for engaging in different open-source projects. This year a lot of open-source projects involve AI/LLM adoption but there are also a number of other interesting student projects at large from GNOME Mutter GPU reset recovery to adding new features to FreeBSD...

• Turtle Beach WaveFront ISA Sound Cards Seeing Suspend/Resume Support On Linux In 2026
  It's been an interesting 2026 in Linux development with beginning to phase out i486 CPU support, dropping ISDN and amateur "ham" radio support, and other code cleaning in the name of a diminishing user base -- or perhaps even no users left -- for those running such vintage hardware with a modern, up-to-date kernel. Yet ISA sound card drivers have seen an uptick in activity...

• The GNOME-Aligned RustConn Connection Manager Continues Piling On More Features
  One of the interesting GNOME-aligned application developments in recent months has been RustConn as a modern GTK4-based connection manager. RustConn allows managing SSH, RDP, VNC, SPICE, and a variety of other connections from this Rust-written application. It's been steadily tacking on more features and that effort continued with more features landing...

• New NTFS Driver Sees More Fixes With Linux 7.1-rc2
  One of the most prominent changes with the upcoming Linux 7.1 kernel release is the introduction of the new NTFS driver in the Linux 7.1 kernel. This new driver provides more features and better performance than the Paragon NTFS3 driver that's been in the kernel the past few years and far better off than the original NTFS read-only driver that previously was in the kernel and for which this new driver is based. Needless to say it's also a big improvement over the NTFS-3G user-space FUSE driver too...

• Linux 7.1 Fixes Audio For The Steam Deck OLED After Being Broken 2 Years On The Upstream Kernel
  It turns out the Steam Deck OLED gaming handheld has not had working audio support with the mainline (upstream) Linux kernel since a change in late 2023 that was merged for Linux 6.8. There was an AMD ASoC audio change that inadvertently broke audio support for the Steam Deck OLED handheld but not affecting the original LCD model. Valve's downstream Steam OS kernel has compensated for this known breakage and other distributions targeting the Steam Deck OLED have carried the patch, but now there is a proper solution upstream ahead of Linux 7.1-rc2...

• FUSEX File-System Being Developed For Extended/Experimental Features
  Miklos Szeredi of Red Hat has been developing the FUSEX file-system as an extended/experimental area for File-System in User-Space "FUSE" development...

• AMD9s GAIA Defaults To Better Model, Continued Improvements For Local AI
  AMD software engineers on Friday released a new version of GAIA "Generative AI Is Awesome" as their open-source software for Windows and Linux leveraging the Lemonade SDK and aiming to make it easy to build AI agents on your PC with all local AI processing across AMD's CPUs, GPUs, and NPUs...

• Linux 7.1-rc2 Bringing Some More Improvements/Fixes For Older AMD GPUs
  Merged on Friday ahead of the Linux 7.1-rc2 kernel release due out tomorrow were this week's batch of Direct Rendering Manager (DRM) kernel graphics / display / accelerator driver fixes...

• KDE Linux Now Using KMSCON For A Better VT Console Experience
  KDE Linux continues making progress as the in-house Linux distribution to best showcase the latest KDE Plasma desktop innovations...

• VideoLAN Publishes Dav2d For Open-Source AV2 Decoder
  While the Alliance For Open Media had been aiming for the AV2 release by the end of 2025, as of right now the AV2 specification remains in a draft status. VideoLAN developers though for months have already been working on dav2d as an open-source AV2 decoder and that code was published this weekend...

• FreeBSD 15.1 Beta Released For Early Testing
  Following last year's release of FreeBSD 15.0, FreeBSD 15.1 is working its way toward release release in June. For kicking off the release dance, FreeBSD 15.1 Beta 1 is available today for testing...

• NVIDIA Ships Fixes For Descriptor Heaps, More Vulkan Performance Optimizations
  NVIDIA on Friday released the 595.44.06 beta driver build as their newest Vulkan developer beta for Linux. This was joined by the NVIDIA 595.46 Windows Vulkan beta and there are performance improvements in tow and more work on their descriptor heaps support...

• KDE Plasma 6.6.5 Fixes Some NVIDIA Performance Issues, More Features Land For Plasma 6.7
  We are now just one month out from the planned release of Plasma 6.7 in mid-June. Feature activity continues to be brisk for Plasma 6.7 while KDE developers also continue landing more fixes for the current Plasma 6.6 series...

• Steam On Linux In April Pulled Back From Its Record High Marketshare
  Steam on Linux use in March had skyrocketed to 5.33%, a 3.1% boost month-over-month and easily the highest level we've seen Steam on Linux at since its inception more than a decade ago. This record growth came amid the ongoing success of the Steam Deck handheld and Steam Play (Proton) for enabling more Windows games to run well on Linux. The April numbers are in and the Linux gaming marketshare pulled back somewhat but still remaining healthy...

• Wine 11.8 Improves VBScript Compatibility, Finally Fixes Microsoft Golf 1999
  Wine 11.8 delivers the latest and greatest support for running Windows applications and games under Linux and other platforms. This newest bi-weekly development release brings several more enhancements in working toward Wine 12.0 stable due out in early 2027...

• EndeavourOS "Triton" To Ship New Desktop/WM Options, Titan Neo Brings Various Updates
  In addition to today's monthly ISO refresh of Arch Linux that is now pulling in the Linux 7.0 kernel and other updates, the downstream EndeavourOS also happens to be out with a new ISO release for starting the month of May...

• Vulkan 1.4.350 Released With Three New Extensions
  Vulkan 1.4.350 released earlier today as the newest routine spec update. Beyond the usual minor fixes/clarifications, Vulkan 1.4.350 tacks on three more extensions...

• AMD Posts HDMI 2.1 FRL Patches For Their AMDGPU Linux Driver
  It's not complete HDMI 2.1 support but to much surprise hitting the mailing list today were official patches from AMD for implementing HDMI Fixed Rate Link "FRL" support for their kernel graphics driver. HDMI FRL as part of HDMI 2.1+ allows for higher bandwidth to support higher refresh rates and resolutions...

• Linux Support Coming For The ASUS ROG RAIKIRI II: A $160 High-End Gaming Controller
  The ASUS ROG RAIKIRI II is a recently-launched wireless gaming controller for both PC and Xbox gaming. This is a premium controller priced at $160 USD and has been receiving positive reviews under Windows while now it will soon be seeing mainline Linux support...

• Intel Making More GPU Driver Improvements For Crescent Island With Linux 7.2
  Intel's upcoming Crescent Island product as a reminder is a new inference-optimized Xe3P graphics card with 160GB of vRAM and targeting enterprise AI workloads. Intel's open-source Linux graphics driver engineers continue to be very busy enabling the driver support for Crescent Island as well as making broader Xe3P improvements...

• Mesa Developers Consider Branching Off Some Older GPU Drivers - Including AMD R300/R600
  Mike Blumenkrantz of Valve's Linux graphics team has ignited a discussion over potentially shifting some of Mesa's older GPU drivers into a new legacy Git branch in order to better support the more modern OpenGL and Vulkan drivers without having to worry about breaking the legacy drivers and to allow for better cleaning of the Mesa codebase. Among the drivers that could be impacted are the ATI/AMD R300 and R600 drivers and many smaller drivers...

• Linux 7.0 Release, Age Verification Laws, Ryzen 9 9950X3D2 & Other April Happenings
  A lot happened in the Linux and open-source world during the month of April. Ubuntu 26.04 LTS and Fedora 44 shipped, a lot of news around age attestation/verification laws, the Linux 7.0 kernel was released, Linux 7.1 is bringing many exciting changes as well as removing of old hardware drivers, the Ryzen 9 9950X3D2 Dual Edition CPU was released, we began testing the Intel Arc Pro B70 "BMG-G31", and much more software and hardware content that made the month interesting. Last month on Phoronix were 303 original news articles and 16 Linux hardware reviews / multi-page featured benchmark articles...

• Linux 7.2 To Set Default DRM Scheduler Priority To "Fair", New AIE4 Hardware In AMDXDNA
  Even while the Linux 7.1 merge window was still ongoing this month, the initial "drm-misc-next" pull request to DRM-Next was sent out for beginning to queue new feature material toward the Linux 7.2 kernel coming this summer...

• Shotcut 26.4 Released With Timeline Improvements, Vulkan Accelerated Speech-To-Text
  Shotcut 26.4.30 shipped today as the latest and greatest version of this open-source, cross-platform video editor...

• Linux Mint To Begin Publishing HWE ISOs For Better Hardware Support
  Due to Linux Mint moving to a longer development cycle with their next release not due until December, Linux Mint developers have decided to begin regularly publishing hardware enablement "HWE" ISOs with newer Linux kernel versions to provide better support for new hardware...

• CachyOS Linux Performance Leading Over Ubuntu 26.04 LTS, Fedora Workstation 44
  It9s not too entirely surprising given the aggressive stance that the CachyOS Linux distribution has taken on out-of-the-box performance, but for those curious, it continues largely leading over the newly-released Ubuntu 26.04 LTS and Fedora Workstation 44 distributions for the leading performance on modern hardware.

• AerynOS Updated With Linux 7.0, Gaming Optimized Kernel Flavor
  AerynOS, the Linux distribution formerly known as Serpent OS, is out with a new monthly ISO refresh and details on other recent improvements to this original, from-scratch Linux distribution...

• Linux 7.1-rc1 Showing Off Some Wins On AMD Ryzen Threadripper
  My initial testing of the Linux 7.1 development kernel on various systems in the lab continues going well. Aside from one main regression in a synthetic micro-benchmark appearing on multiple systems, not seeing much in the way of Linux 7.1 performance concerns thus far and seeing some nice performance gains in select workloads...

• GCC 16.1 Released With AMD Zen 6 Support, Algol 68 & Many C++ Improvements
  GCC 16.1 is now available as the first stable release of GCC 16 as this year's major open-source GNU compiler feature release...

• 3mdeb Gets More Bits Of AMD openSIL & Coreboot Working On Ryzen AM5 Motherboard
  There are two exciting initiatives taking place simultaneously by the 3mdeb consulting firm: the open-source developers are working on an open-source firmware stack for a Gigabyte EPYC server motherboard and they are also working on a similar Coreboot + AMD openSIL port to a Ryzen AM5 consumer motherboard, the MSI PRO B850-P WiFi. While not yet ready for end-users, 3mdeb published their latest blog post to highlight their latest milestone achieved with the openSIL + Coreboot bring-up on the MSI PRO B850-P motherboard...

• The Intel Lunar Lake CPU Performance Gains On Linux Over The Past Year
  Recently I ran benchmarks looking at the Xe2 graphics performance gains on Intel Lunar Lake over the past year with what9s shipped by Ubuntu and comparing against our original tests of the Lenovo ThinkPad X1 Carbon Gen 13 Aura Edition. With those Lunar Lake iGPU benchmarks out of the way, here is a look at how the Lunar Lake CPU performance has evolved on Linux since April 2025.

• Email is crazy
  Email is like those creaking old Terminators from the ’70s which continue to function without complaining. Designed for a world that doesn’t exist anymore, it has optional encryption, no built-in auth, three⁺ retrofitted security layers bolted on top, an unstandardized filtering layer and many more quirks. Yet billions of emails arrive correctly every single day. Email is not elegant but nonetheless it is Lindy. In the new age of agentic AI, we can only expect it to metamorphose into another dimension. ↫ Saurabh Sam! Khawase The fact that email is as complicated as it is bad enough, but having it be so dominantly controlled by only a few large gatekeepers like Google and Microsoft surely isnt helping either. I feel like email is no longer really a technology individuals can actively partake in at every level; it feels much more like WhatsApp or iMessage or whatever in that we just get to send messages, and thats it. Running your own mail sever isnt only a complex endeavour, its also a continuous cat-and-mouse game with companies like Google and Microsoft to ensure you dont end up on some shitlist and your emails stop arriving. I settled on Fastmail as my email service, and it works quite well. Still, I would love to be able to just run my own email server, or have some of my far more capable friends run one for a small group of us, but its such a daunting and unpleasant effort few people seem to have the stomach and perseverance for it.

• The day I logged 1 in every 2000 public IPv4: visualizing the AI scraper DDoS
  What if you run a few online services for you and your friends, like a small git instance and a grocery list service, but you get absolutely hammered by AI! scrapers? I cannot impress upon you, reader, that this is not only an attack that is coordinated, it is an attack that is distributed. I run a small set of services, basically only for me and my friends. I am not a hyperscaler, I am not a tech company, I am not even a small platform. I have a git forge where I put the shit I make, and a couple other services where me and my friends backup our files or write our grocery lists. I am not fucking Meta and I cannot scale the fuck up just because OpenAI or Anthropic or Meta or whoever is training a model that weeks wants to suck all the content out of my VPS ONCE MORE until it’s dry. ↫ lux at VulpineCitrus So how much traffic did the author of this piece, lux, get from AI! scraping bots? Within a time period of 24 hours, they were hammered by 2040670 unique IP addresses, 98% of which were IPv4 addresses, which means that 1 out of every 2000 publicly available IPv4 addresses were involved in the scraping. Together, they performed over 5 million requests. And just to reiterate: they were scraping a few very small, friends-only services run by some random person. This is absolutely insane. If, at this point in time, with everything that we know about just how deeply unethical every single aspect of AI! is, youre still using and promoting it, what is wrong with you? If youre so addicted to your AI! girlfriends unending stream of useless, forgettable sycophantic slop, despite being aware of the damage youre doing to those around you, theres something seriously wrong with you, and you desperately need professional help. You dont need any of this. The world doesnt need any of this. Nobody likes the slop AI! regurgitates, and nobody likes you for enabling it. Get help.

• Earliest 86-DOS and PC-DOS code released as open source
  Microsoft is continuing its efforts to release early versions of DOS as open source, and today weve got a special one. We’re stoked today to showcase some newly available source code materials that provide an even earlier look into the development of PC-DOS 1.00, the first release of DOS for the IBM PC. A dedicated team of historians and preservationists led by Yufeng Gao and Rich Cini has worked to locate, scan, and transcribe the stack of DOS-era source listings from Tim Paterson, the author of DOS. The listings include sources to the 86-DOS 1.00 kernel, several development snapshots of the PC-DOS 1.00 kernel, and some well-known utilities such as CHKDSK. Not only were these assembler listings, but there were also listings of the assembler itself! This work offers rare insight into how MS-DOS/PC-DOS came to be, and how operating system development was done at the time, not as it was later reconstructed. ↫ Stacey Haffner and Scott Hanselman Its wild that the source code had to be transcribed from paper, including notes and changes. You can find more information about the process on Gao’s website and Cini’s website.

• Apple gives up on Vision Pro, disbands Vision Pro team
  When Apple unveiled the Vision Pro, almost three (!) years ago, I concluded: If there’s one company that can convince people to spend $3500 to strap an isolating dystopian glowing robot mask onto their faces it’s Apple, but I still have a hard time believing this is what people want. ↫ Thom Holwerda at OSNews (quoting myself is weird) MacRumors Juli Clover, today: Apple has all but given up on the Vision Pro after the M5 model failed to revitalize interest in the device, MacRumors has learned. Apple updated the Vision Pro with a faster M5 chip and a more comfortable band in October 2025, but there were no other hardware changes, and consumers still werent interested. Apple has apparently stopped work on the Vision Pro and the Vision Pro team has been redistributed to other teams within Apple. Some former Vision Pro team members are working on Siri, which is not a surprise as Vision Pro chief Mike Rockwell has been leading the Siri team since March 2025. ↫ Juli Clover at MacRumors VR  what the Vision Pro is, whether Apples marketing likes to say it or not  has proven to be good for exactly two things: games and porn. The Vision Pro has neither. It was destined to be a flop from the start, as nobody wants to strap an uncomfortable computer to their face that does less than all of the other computers they already have, and what it does do, it does worse. I do wonder if this makes the Vision Pro the most expensive flop in human history. Has any company ever spent more on a product that failed this spectacularly?

• Apple wants to kill your Time Capsule, but they run NetBSD so they cant
  It seems like Apple is finally going to remove support for AFP from macOS, twelve years after first moving from AFP to SMB for its default network file-sharing technology. This change shouldnt impact most people, as its highly unlikely youre using AFP for anything in 2026. Still, there is one small group of people to whom this change has an actual impact: owners of Apples Time Capsule devices. Time Capsules only support AFP and SMB1, and with SMB1 being removed from macOS ages ago, and now AFP being on the chopping block as well, macOS 27 would render your Time Capsule more or less unusable. Its important to note that the last Time Capsule sold by Apple, the fifth generation, was released in 2013, and the product line as a whole was discontinued in 2018. If you bought a Time Capsule in the twilight years of the lines availability, I think you have a genuine reason to be perturbed by Apple cutting you off from your product if you upgrade to macOS 27, but at least you have the option of keeping an older version of macOS around so you can keep interacting with your time Capsule. It still feels like a bit of a shitty move though, as those fifth generation models came with up to 3TB of storage, which can still serve as a solid NAS solution. Thank your lucky stars, then, that open source can, as usual, come to the rescue when proprietary software vendors do what they always do and screw over their customers. Did you know every generation of Time Capsule actually runs NetBSD, and that its trivially easy to add support for Samba 4 and SMB3 authentication to your Time Capsule, thereby extending its life expectancy considerably? TimeCapsuleSMB does exactly that. If the setup completes successfully, your Time Capsule will run its own Samba 4 server, advertise itself over Bonjour (show up automatically in the Network! folder on macOS), and accept authenticated SMB3 connections from macOS. You should then be able to open Finder, choose Connect to Server, and use a normal SMB URL instead of relying on Apple’s legacy stack. You should also be able to use the disk for Time Machine backups. ↫ TimeCapsuleSMB Its compatible with both NetBSD 4 and NetBSD 6-based Time Capsules, although youll need to run a single SMB activation command every time a NetBSD 4-based Time Capsule reboots. This will also disable any AFP and SMB1 support, but that is kind of moot since those are exactly the technologies that dont and wont work anymore once macOS 27 is released. The installation is also entirely reversible if, for whatever reason, you want to undo the addition of Samba 4. This whole saga is such an excellent example of why open source software protects users rights, by design.

• Dillo 3.3.0 released
  Dillo is an amazing web browser for those of us who want their web browsing experience to be calmer and less flashing. Dillo also happens to be a very UNIX-y browser, and their latest release, 3.3.0, underlines that. A new dilloc program is now available to control Dillo from the command line or from a script. It searches for Dillo by the PID in the DILLO_PID environment variable or for a unique Dillo process if not set. ↫ Dillo 3.3.0 release notes You can use this program to control your Dillo instance, with basic commands like reloading the current URL, opening a new URL, and so on, but also things like dumping the current pages contents. I have a feeling more commands and features will be added in future releases, but for now, even the current set of commands can be helpful for scripting purposes. Im sure some of you who live and die in the terminal are already thinking of all the possibilities here. You can now also add page actions to the right-click context menu, so you can do things like reload a page with a Chrome curl impersonator to avoid certain JavaScript walls. This, too, is of course extensible. Dillo 3.3.0 also brings experimental support for building the browser with FLTK 1.4, and implemented a fix specifically to make OAuth work properly.

• Ubuntu is going to integrate AI!, but Canonical remains vague about the how and why
  Ubuntu, being one of the more commercial Linux distributions, was always going to jump on the AI! bandwagon, and Jon Seager, Canonicals VP Engineering, published a blog post with more details. Throughout 2026 we’ll be working on enabling access to frontier AI for Ubuntu users in a way that is deliberate, secure, and aligned with our open source values. By focusing on the combination of education for our engineers, our existing knowledge of building resilient systems and our strengthening silicon partnerships, we will deliver efficient local inference, powerful accessibility features, and a context-aware OS that makes Ubuntu meaningfully more capable for the people who rely on it Ubuntu is not becoming an AI product, but it can become stronger with thoughtful AI integration. ↫ Jon Seager at Ubuntu Discourse The problem with this entire post is that, much like all other corporate communications about AI!, its all deceptively vague, open-ended, and weasely. Adjectives like focused!, principled!, thoughtful!, and tasteful! dont really mean anything, and leave everything open for basically every type of slop AI! feature under the sun. Their claims about open weights and open source models are also weakened by words like favour! and where possible!, again leaving the door wide open for basically any shady AI! companys models and features to find their way into your default Ubuntu installation. Theres also very little in terms of concrete plans and proposed features, leaving Ubuntu users in the dark about what, exactly, is going to be added to their operating system of choice during the remainder of the year. Theres mentions of improved text-to-speech/speech-to-text and text regurgitators, but thats about it. None of it feels particularly inspired or ground-breaking, and the veneer of open source, ethical model creation, and so on, is particularly thin this time around, even for Canonical. I dont really feel like I know a lot more about Canonicals AI! intentions for Ubuntu after reading this post than I did before, other than Ubuntu users might be able to generate text in their email client or whatever later this year. Is that really something anybody wants?

• If 64bit Windows 11 contains a copy of 32bit explorer.exe, could you run it as its shell?
  Raymond Chen published a blog post about how a crappy uninstaller on Windows caused a mysterious spike in the number of Explorer (Windows graphical shell) crashes. It turns out the buggy uninstaller caused repeated crashes in the 32bit version of Explorer on 64bit systems, and  hold on a minute. The how many bits on the what now? The 32-bit version of Explorer exists for backward compatibility with 32-bit programs. This is not the copy of Explorer that is handling your taskbar or desktop or File Explorer windows. So if the 32-bit Explorer is running on a 64-bit system, it’s because some other program is using it to do some dirty work. ↫ Raymond Chen at The Old New Thing So I had no idea that 64bit Windows included a copy of the 32bit Explorer for backwards compatibility. It obviously makes sense, but I just never stopped to think about it. This made me wonder though if you could go nuts and do something really dumb: could you somehow trick 64bit Windows into running this 32bit copy of Explorer as its shell? Youd be running 32bit Explorer on 64bit Windows using the 32bit WoW64 binaries where you just pulled the 32bit Explorer binary from, which seems like a really nonsensical thing to do. Since theres no longer any 32bit builds of Windows 11, you also cant just copy over the 32bit Explorer from a 32bit Windows 11 build and achieve the same goal that way, so youd really have to go digging around in WoW64 to get 32bit versions. I guess the answer to this question depends on just how complete this copy of 32bit Explorer really is, and if Windows has any defenses or triggers in place to prevent someone from doing something this uselessly stupid. Of course, theres no practical reason to do any of this and it makes very little sense, but it might be a fun hacking project. Most likely the Windows experts among you are wondering what kind of utterly deranged new designer drug Im on, but I was always told that sometimes, the dumbest questions can lead to the most interesting answers, so here we are.

• 8087 emulation on 8086 systems
  Not too long ago I had a need and an opportunity to re-acquaint myself with the mechanism used for software emulation of the 8087 FPU on 8086/8088 machines. ↫ Michal Necasek Look, when a Michal Necasek article starts out like this, you know youre in for a learnin ol time. The 8087 was a floating-point coprocessor for the 8086 and 8088 processors, since back in those early days, processors did not include an integrated floating-point unit. It wouldnt be until the release of the 486DX, in 1989, that Intel would integrate an FPU inside the processor itself, negating the need for a separate chip and socket. Interestingly enough, Intel also released a cut-down version of the 486 with the FPU removed, the 486SX, for which an optional external FPU did exist.

• How hard is it to open a file?
  Sebastian Wick has a great explanation of why opening files  programmatically  is a lot more complex and fraught with dangers than you might think it is. This issue was relevant for Wick as he is one of the lead developers of Flatpak, for which a number of security issues have recently been discovered, and it just so happens that many of these issues dealt with this very topic. The biggest security issue found was a complete sandbox escape, originating from the fact that flatpak run, the command-line tool to start a Flatpak application, accepted path strings, since flatpak run is assumed to be run by a trusted user. The problem lay in a D-Bus service sandboxed applications could use to create subsandboxes, and this service was built around, you guessed it, flatpak run. The issues in question, including this complete sandbox escape, have been addressed and fixed, but they highlight exactly the dangers that can come from opening files. This subsandboxing approach in Flatpak is built on assumptions from fifteen years ago, and times have changed since then. If youre a programmer who deals with opening files, you might want to take a look at your own code to see if similar issues exist.

• AI as a fascist artifact
  In that reading „AI“ is a machine for the creation of epistemic injustice and the replacement of truth with what a tech elite wants it to be in order to control the population. This is a Fascist project that not so subtly aligns with Fascism’s totalitarian will to power and control as well as its reliance in replacing reasoning and debate with belief in power and the leader. ↫ Jürgen Geute The purpose of a system is what it does, and what AI! does is stunt users own abilities and development and concentrate power and wealth even further in the hands of a very small privileged few  a privileged few who consistently espouse fascist ideology and promote and implement fascist ideas. Jürgen Geute lays it out in much more detail backed by solid references and concrete examples, but the conclusion is clear. And uncomfortable to many, as such conclusions always are.

• Ubuntu 26.04 LTS Resolute Raccoon released
  Im not sure many OSNews readers still use Ubuntu as their operating system of choice, and from the release announcement of todays Ubuntu 26.04 its clear why thats the case. Resolute Raccoon builds on the resilience-focused improvements introduced in interim releases, with TPM-backed full-disk encryption, improved support for application permission prompting, Livepatch updates for Arm-based servers, and Rust-based utilities for enhanced memory safety. This release brings native support for industry-leading AI/ML toolkits like NVIDIA CUDA and AMD ROCm, making Ubuntu 26.04 LTS the ideal platform for AI development and production workloads.  ↫ Canonical press release Its obvious where Canonicals focus lies with Ubuntu, and us desktop people who dont like AI! arent it. On top of all the AI! nonsense, this new version comes with all the latest versions of the various open source components that make up a Linux distribution, as well as a slew of Rust-based replacements for core CLI tools, like sudo-rs, uutils coreutils, and more. All the derivative release of Ubuntu, like Kubuntu, Xubuntu, and others, will also be updated over the coming days. If youre already running any of these, updating wont be a surprise to you.

• Windows 9x Subsystem for Linux
  You can find beauty in the oddest of places. WSL9x runs a modern Linux kernel (6.19 at time of writing) cooperatively inside the Windows 9x kernel, enabling users to take advantage of the full suite of capabilities of both operating systems at the same time, including paging, memory protection, and pre-emptive scheduling. Run all your favourite applications side by side  no rebooting required! ↫ Hailey Somerville Yes, this is exactly what it sounds like. Hailey Somerville basically recreated the first version of WSL  or coLinux, for the old people among us  but instead of running on Windows NT, it runs on Windows 9x. A VxD driver loads a patched Linux kernel using DOS interrupts, and this Linux kernel calls Windows 9x kernel APIs instead of POSIX APIs. A small DOS client application then allows the Linux kernel to use MS-DOS prompts as TTYs. This is a great oversimplification, but it does get the general gist across. Anyway, the end result is that you can use a modern Linux kernel and Windows 9x at the same time, without virtualising or dual-booting. This might be one of the greatest hacks in recent times, and I find it oddly beautiful in its user-facing simplicity.

• Oracle Solaris 11.4 SRU92 released
  Despite years of apparent stagnation and reported mass layoffs, it seems the Solaris team at Oracle has found somewhat of a renewed stride recently. Both branches of Solaris  the one for paying customers (SRU) and the free one for enthusiasts (CBE)  are receiving regular updates again, and there seems to be a more concerted effort to let the outside world know, too. Weve got another update to the SRU branch this week which brings updates to a few important open source packages, like Django, Firefox, Thunderbird, Golang, and others, to address security issues. In addition, this update marks as a change in the release cadence for the commercial branch of Solaris. From here on out, there will be two Critical Patch Updates! per quarter to address security issues, followed by a Support Repository Update containing new features and larger changes.

• Some tech company to replace its CEO
  I need to post about this because if I dont, people will get mad. Cook will continue on as Apple CEO through the summer, with Ternus set to join Apples Board of Directors and take over as CEO on September 1, 2026. Cook is going to transition to chairman of the board at Apple, and he will assist with certain aspects of the company, including engaging with policymakers around the world.! ↫ Juli Clover at MacRumors This concludes OSNews coverage of Keeping Up With the Yacht Class, but rest assured, every other tech site will be milking this for weeks to come. You will still be worrying about how to pay for your next tank of gas.

• Google to punish back button hijacking
  Have you ever tried clicking the back button in your browser, only to realise the website youre on somehow doesnt allow that? Out of all the millions of annoyances on the web, Google has decided to finally address this one: theyre going to punish the search rankings of websites that use this back button hijacking. Pages that are engaging in back button hijacking may be subject to manual spam actions or automated demotions, which can impact the sites performance in Google Search results. To give site owners time to make any needed changes, were publishing this policy two months in advance of enforcement on June 15, 2026. ↫ Google Search Central Its always uncomfortable when Google unilaterally takes actions such as these, since rarely do Googles interests align with our own as users. This is in such rare case, though, and I cant wait to see this insipid practice relegated to the dustbin of history.

• Is AI Coming to Your Ubuntu Desktop?
  According to the VP of Engineering at Canonical, AI could soon be added to the Ubuntu desktop distribution.
  

• Framework Laptop 13 Pro Competes with the Best
  Framework has released what might be considered the MacBook of Linux devices.
  

• The Latest CachyOS Features Supercharged Kernel
  The latest release of CachyOS brings with it an enhanced version of the latest Linux kernel.
  

• Kernel 7.0 Is a Bit More Rusty
  Linux kernel 7.0 has been released for general availability, with Rust finally getting its due.
  

• France Says "Au Revoir" to Microsoft
  In a move that should surprise no one, France announced plans to reduce its reliance on US technology, and Microsoft Windows is the first to get the boot.
  

• CIQ Releases Compatibility Catalog for Rocky Linux
  The company behind Rocky Linux is making an open catalog available to developers, hobbyists, and other contributors, so they can verify and publish compatibility with the CIQ lineup.
  

• KDE Gets Some Resuscitation
  KDE is bringing back two themes that vanished a few years ago, putting a bit more air under its wings.
  

• Ubuntu 26.04 Beta Arrives with Some Surprises
  Ubuntu 26.04 is almost here, but the beta version has been released, and it might surprise some people.
  

• Ubuntu MATE Dev Leaving After 12 years
  Martin Wimpress, the maintainer of Ubuntu MATE, is now searching for his successor. Are you the next in line?
  

• Kali Linux Waxes Nostalgic with BackTrack Mode
  For those who've used Kali Linux since its inception, the changes with the new release are sure to put a smile on your face.
  

• Gnome 50 Smooths Out NVIDIA GPU Issues
  Gamers rejoice, your favorite pastime just got better with Gnome 50 and NVIDIA GPUs.
  

• System76 Retools Thelio Desktop
  The new Thelio Mira has landed with improved performance, repairability, and front-facing ports alongside a high-quality tempered glass facade.
  

• Some Linux Distros Skirt Age Verification Laws
  After California introduced an age verification law recently, open source operating system developers have had to get creative with how they deal with it.
  

• UN Creates Open Source Portal
  In a quest to strengthen open source collaboration, the United Nations Office of Information and Communications Technology has created a new portal.
  

• Latest Linux Kernel RC Contains Changes Galore
  Linux kernel 7.0-rc3 includes more changes than have been made in a single release in recent history.
  

• Nitrux 6.0 Now Ready to Rock Your World
  The latest iteration of the Debian-based distribution includes all kinds of newness.
  

• Linux Foundation Reports that Open Source Delivers Better ROI
  In a report that may surprise no one in the Linux community, the Linux Foundation found that businesses are finding a 5X return on investment with open source software.
  

• Keep Android Open
  Google has announced that, soon, anyone looking to develop Android apps will have to first register centrally with Google.
  

• Kernel 7.0 Now in Testing
  Linus Torvalds has announced the first Release Candidate (RC) for the 7.x kernel is available for those who want to test it.
  

• Introducing matrixOS, an Immutable Gentoo-Based Linux Distro
  It was only a matter of time before a developer decided one of the most challenging Linux distributions needed to be immutable.