|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- Let's Encrypt to reduce certificate lifetimes
Let's Encrypt has announcedthat it will be reducing the validity period of its certificates from90 days to 45 days by 2028:
Most users of Let's Encrypt who automatically issue certificateswill not have to make any changes. However, you should verify thatyour automation is compatible with certificates that have shortervalidity periods.
To ensure your ACME client renews on time, we recommend using ACMERenewal Information (ARI). ARI is a feature we've introduced to helpclients know when they need to renew their certificates. Consult yourACME client's documentation on how to enable ARI, as it differs fromclient to client. If you are a client developer, check out thisintegration guide.
If your client doesn't support ARI yet, ensure it runs on aschedule that is compatible with 45-day certificates. For example,renewing at a hardcoded interval of 60 days will no longer besufficient. Acceptable behavior includes renewing certificates atapproximately two thirds of the way through the current certificate'slifetime.
Manually renewing certificates is not recommended, as it will needto be done more frequently with shorter certificate lifetimes.
- FreeBSD 15.0 released
FreeBSD15.0 has been released. Notable changes in this release include a newmethod for installingthe base system using the pkg package manager, an updateto OpenZFS 2.4.0-rc4,native support for the inotify(2)interface, and the addition of Open Container Initiative (OCI) imagesto FreeBSD's release artifacts. See the releasenotes for a full list of changes, hardwarenotes for supported hardware, and check the erratabefore installing or upgrading.
- Security updates for Tuesday
Security updates have been issued by Fedora (gnutls, libpng, mingw-python3, python-spotipy, source-to-image, unbound, and webkitgtk), Mageia (libpng), SUSE (bash-git-prompt, gitea-tea, java-17-openjdk, java-21-openjdk, kernel, openssh, python, and shadowsocks-v2ray-plugin, v2ray-core), and Ubuntu (binutils, openjdk-17-crac, openjdk-21-crac, and openjdk-25-crac).
- [$] Checked-size array parameters in C
There are many possible programmer mistakes that are not caught by theminimal checks specified by the C language; among those is passing an arrayof the wrong size to a function. A recent attempt to add some safetyaround array parameters within the crypto layer involved the use of someclever tricks, but it turns out that clever tricks are unnecessary in thiscase. There is an obscure C feature that can cause this checking tohappen, and it is already in use in a few places within the kernel.
- [$] Some 6.18 development statistics
Linus Torvalds releasedthe 6.18 kernel as expected on November 30, closing the last fulldevelopment cycle of 2025. It was another busy cycle, featuring a recordnumber of developers. The time has come for a look at where the code camefrom for this kernel release, but also for the year-long long-term-supportcycle which has also reached its conclusion with this release.
- Security updates for Monday
Security updates have been issued by AlmaLinux (bind9.18, cups, gimp, ipa, kernel, libssh, mingw-expat, openssl, pcs, sssd, tigervnc, and valkey), Debian (gnome-shell-extension-gsconnect, mistral-dashboard, pagure, python-mistralclient, pytorch, qtbase-opensource-src, sogo, tryton-server, and unbound), Fedora (cef, drupal7, glib2, linux-firmware, migrate, pack, pgadmin4, rnp, and unbound), Slackware (libxslt), SUSE (cpp-httplib, curl, glib2, grub2, kernel, libcoap-devel, libcryptopp, libwireshark19, postgresql15, and postgresql17), and Ubuntu (edk2).
- Three stable kernels for Monday
Greg Kroah-Hartman has announced the release of the 6.17.10, 6.12.60, and 6.6.118 stable kernels. As usual, eachcontains a number of important fixes throughout the tree. Users areadvised to upgrade.
- The 6.18 kernel has been released
Linus has released the 6.18 kernel, as expected.
So I'll have to admit that I'd have been happier with slightly less bugfixing noise in this last week of the release, but while there's a few more fixes than I would hope for, there was nothing that made me feel like this needs more time to cook. So 6.18 is tagged and pushed out.
Headline changes in this release includethe abilityto manage namespaces with file handles,support for the AccECNcongestion-control protocol,initial support for signing of BPFprograms,improved memory management with sheaves,the Rust binder driver,better control over transparent hugepages,and a lot more.This release also saw the removalof the bcachefs filesystem.
See the LWN merge-window summaries (part 1, part 2)and the KernelNewbies 6.18page for more information.
- NixOS 25.11 released
Version25.11 of the NixOS distribution has been released. "The 25.11release was made possible due to the efforts of 2742 contributors, whoauthored 59430 commits since the previous release". Changes include7,002 new packages, GNOME 49, LLVM 21, a new COSMIC desktopenvironment beta, firewalld support, and more; see therelease notes for details.
- Landlock-ing Linux (prizrak.me)
The prizrak.me blog is carrying an introduction to theLandlock security module.
Landlock shines when an application has a predictable set of files or directories it needs. For example, a web server could restrict itself to accessing only /var/www/html and /tmp.
Unlike SELinux or AppArmor, Landlock policies don't require administrator involvement or system-wide configuration. Developers can embed policies directly in application code, making sandboxing a natural part of the development process.
- Security updates for Friday
Security updates have been issued by Debian (krita and tryton-server), Oracle (bind9.18, ipa, kernel, libssh, redis, redis:7, sqlite, sssd, and vim), Slackware (cups), SUSE (containerd, cups, curl, dovecot24, git-bug, gitea-tea, glib2, grub2, himmelblau, java-25-openjdk, kernel, libmicrohttpd, libvirt, pnpm, powerpc-utils, python311, python313, redis, rnp, runc, sssd, tomcat11, unbound, and xwayland), and Ubuntu (cups, libxml2, openvpn, and webkit2gtk).
- Security updates for Thursday
Security updates have been issued by Debian (kdeconnect, libssh, and samba), Fedora (7zip, docker-buildkit, and docker-buildx), Oracle (bind, buildah, cups, delve and golang, expat, firefox, gimp, go-rpm-macros, haproxy, kernel, lasso, libsoup, libtiff, mingw-expat, openssl, podman, python-kdcproxy, qt5-qt3d, runc, squid, thunderbird, tigervnc, valkey, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (buildah, cloudflared, containerd, expat, firefox, gnutls, helm, kernel, libxslt, mysql-connector-java, ongres-scram, openbao, openexr, openssh, podman, python311, python312, ruby2.5, rubygem-rack, runc, samba, sssd, tiff, unbound, and yelp), and Ubuntu (edk2, ffmpeg, h2o, python3.13, rust-openssl, and valkey).
- KDE Plasma 6.8 will be Wayland-only
KDE's Plasma team has announcedthat KDE Plasma will drop X11 session support with Plasma 6.8:
The Plasma X11 session will be supported by KDE into early2027.
We cannot provide a specific date, as we're exploring thepossibility of shipping some extra bug-fix releases for Plasma6.7. The exact timing of the last one will only be known when we getcloser to its actual release, which we expect will be sometime inearly 2027.
What if I still really need X11?
This is a perfect use case for long term support (LTS)distributions shipping older versions of Plasma. For example,AlmaLinux 9 includes the Plasma X11 session and will be supporteduntil sometime in 2032.
See the blog post for information on running X11 applications(still supported), accessibility, gaming, and more.
- Security updates for Wednesday
Security updates have been issued by AlmaLinux (bind, binutils, delve and golang, expat, firefox, haproxy, kernel, libsoup3, libssh, libtiff, openssh, openssl, pam, podman, python-kdcproxy, shadow-utils, squid, thunderbird, vim, xorg-x11-server-Xwayland, and zziplib), Debian (cups-filters, libsdl2, linux-6.1, net-snmp, pdfminer, rails, and tryton-sao), Fedora (chromium, docker-buildkit, docker-buildx, and sudo-rs), Gentoo (librnp), Mageia (webkit2), SUSE (amazon-ssm-agent, buildah, curl, dpdk, fontforge-20251009, kernel, libIex-3_4-33, librnp0, python311, rclone, and sssd), and Ubuntu (linux, linux-aws, linux-aws-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-aws-6.14, linux-oracle-6.14, linux-aws-fips, linux-fips, linux-gcp-fips, linux-realtime, linux-realtime-6.8, mupdf, openjdk-17, openjdk-8, and openjdk-lts).
- Docker: Patch Image Vulnerabilities with Trivy and Copa
Docker container images often contain security vulnerabilities inherited from their base operating system packages. Rather than rebuilding images from scratch, you can use Trivy to scan for vulnerabilities and Copa to patch them directly. This tutorial demonstrates how to identify and fix container vulnerabilities on Ubuntu, Debian, RHEL, CentOS, and Fedora systems using these two powerful open-source tools.
- openSUSE Begins Rolling Out Intel NPU Support
Via the openSUSE Innovator Initiative, packaging of the Intel Neural Processing Unit (NPU) driver for the openSUSE ecosystem has begun. This is helping to jump-start the Intel NPU support within the openSUSE space although user-space applications ready to leverage the Intel NPU still remains very limited...
- Whatever legitimate places AI has, inside an OS ain't one
We're getting it baked into Windows whether we like it or notOpinion Making software would be the perfect job if it wasn't for those darn users. Windows head honcho Pavan Davuluri would be forgiven for feeling this of late as his happy online paean about Windows becoming an "agentic OS" was met by massive dissent in the comments. "Agentic schmentic, we want reliability, usability, and stability" was the gist.…
- ntpdate Command not Found: Solution
The ntpdate command has been deprecated and removed from modern Linux distributions. If you encounter the “ntpdate command not found” error on Debian, Ubuntu Linux systems, this guide shows you how to synchronize your system time using the modern replacements: systemd-timesyncd and chrony.
- AI Is Being Used To Help Modernize The Ubuntu Error Tracker
While some Linux distributions have begun establishing AI policies, we haven't seen any communicated from the Ubuntu camp yet but will apparently be permitted at least for project infrastructure. AI is being used currently in an effort to help modernize the Ubuntu Error Tracker...
- Rust Updates For Linux 6.19, Rust Minimum Baseline To Likely Follow Debian Stable
Miguel Ojeda has already submitted the core Rust programming language infrastructure updates intended for the Linux 6.19 merge window. In the pull request he also notes that moving forward the minimum supported Rust version for compiling the Linux kernel will likely follow whatever the minimum Rust version currently in use by the latest Debian stable release...
- Japanese Devs Face Font Licensing Dilemma as Annual Costs Increase From $380 To $20K
An anonymous reader quotes a report from GamesIndustry.biz: Japanese game makers are struggling to locate affordable commercial fonts after one of the country's leading font licensing services raised the cost of its annual plan from around $380 to $20,500 (USD). As reported by Gamemakers and GameSpark and translated by Automaton, Fontworks LETS discontinued its game license plan at the end of November. The expensive replacement plan -- offered through Fontwork's parent company, Monotype -- doesn't even provide local pricing for Japanese developers, and comes with a 25,000 user-cap, which is likely not workable for Japan's bigger studios. The problem is further compounded by the difficulties and complexities of securing fonts that can accurately transcribe Kanji and Katakana characters. UI/UX designer Yamanaka stressed that this would be particularly problematic for live service games; even if studios moved quickly and switched to fonts available through an alternate licensee, they will have to re-test, re-validate, and re-QA check content already live and in active use. The crisis could even eventually force some Japanese studios to rebrand entirely if their corporate identity is tied to a commercial font they can no longer afford to license.
Read more of this story at Slashdot.
- LandSpace Could Become China's First Company To Land a Reusable Rocket
China's private launch firm LandSpace is preparing the debut flight of its Zhuque-3 rocket, aiming to become the country's first to land a reusable orbital-class booster using a Falcon-9-style return profile. Ars Technica reports: Liftoff could happen around 11 pm EST tonight (04:00 UTC Wednesday), or noon local time at the Jiuquan Satellite Launch Center in northwestern China. Airspace warning notices advising pilots to steer clear of the rocket's flight path suggest LandSpace has a launch window of about two hours. When it lifts off, the Zhuque-3 (Vermillion Bird-3) rocket will become the largest commercial launch vehicle ever flown in China. What's more, LandSpace will become the first Chinese launch provider to attempt a landing of its first stage booster, using the same tried-and-true return method pioneered by SpaceX and, more recently, Blue Origin in the United States. Construction crews recently finished a landing pad in the remote Gobi Desert, some 240 miles (390 kilometers) southeast of the launch site at Jiuquan. Unlike US spaceports, the Jiuquan launch base is located in China's interior, with rockets flying over land as they climb into space. When the Zhuque-3 booster finishes its job of sending the rocket toward orbit, it will follow an arcing trajectory toward the recovery zone, firing its engines to slow for landing about eight-and-a-half minutes after liftoff. At least, that's what is supposed to happen. LandSpace officials have not made any public statements about the odds of a successful landing -- or, for that matter, a successful launch...
Read more of this story at Slashdot.
- Study Finds Tattoo Ink Moves Through the Body, Killing Immune Cells
Bruce66423 shares a report from the Los Angeles Times: Tattoo ink doesn't just sit inertly in the skin. New research shows it moves rapidly into the lymphatic system, where it can persist for months, kill immune cells, and even disrupt how the body responds to vaccines. Scientists in Switzerland used a mouse model to trace what happens after tattooing. Pigments drained into nearby lymph nodes within minutes and continued to accumulate for two months, triggering immune-cell death and sustained inflammation. The ink also weakened the antibody response to Pfizer Inc. and BioNTech SE's COVID vaccine when the shot was administered in tattooed skin. In contrast, the same inflammation appeared to boost responses to an inactivated flu vaccine. "This work represents the most extensive study to date regarding the effect of tattoo ink on the immune response and raises serious health concerns associated with the tattooing practice," the researchers said. "Our work underscores the need for further research to inform public health policies and regulatory frameworks regarding the safety of tattoo inks." The findings have been published in the journal Proceedings of the National Academy of Sciences.
Read more of this story at Slashdot.
- Anthropic Acquires Bun In First Acquisition
Anthropic has made its first acquisition by buying Bun, the engine behind its fast-growing Claude Code agent. The move strengthens Anthropic's push into enterprise developer tooling as it scales Claude Code with major backers like Microsoft, Nvidia, Amazon, and Google. Adweek reports: Claude Code is a coding agent that lets developers write, debug and interpret code through natural-language instructions. Claude Code had already hit $1 billion in revenue six months since its public debut in May, according to a LinkedIn post from Anthropic's chief product officer, Mike Krieger. The coding agent continues to barrel toward scale with customers like Netflix, Spotify, and Salesforce. Further reading: Meet Bun, a Speedy New JavaScript Runtime
Read more of this story at Slashdot.
- San Francisco Will Sue Ultraprocessed Food Companies
An anonymous reader quotes a report from the New York Times: The San Francisco city attorney filed on Tuesday the nation's first government lawsuit against food manufacturers over ultraprocessed fare (source may be paywalled; alternative source), arguing that cities and counties have been burdened with the costs of treating diseases that stem from the companies' products. David Chiu, the city attorney, sued 10 corporations that make some of the country's most popular food and drinks. Ultraprocessed products now comprise 70 percent of the American food supply and fill grocery store shelves with a kaleidoscope of colorful packages. Think Slim Jim meat sticks and Cool Ranch Doritos. But also aisles of breads, sauces and granola bars marketed as natural or healthy. It is a rare issue on which the liberal leaders in San Francisco City Hall are fully aligned with the Trump administration, which has targeted ultraprocessed foods as part of its Make America Healthy Again mantra. Mr. Chiu's lawsuit, which was filed in San Francisco Superior Court on behalf of the State of California, seeks unspecified damages for the costs that local governments bear for treating residents whose health has been harmed by ultraprocessed food. The city accuses the companies of "unfair and deceptive acts" in how they market and sell their foods, arguing that such practices violate the state's Unfair Competition Law and public nuisance statute. The city also argues the companies knew that their food made people sick but sold it anyway.
Read more of this story at Slashdot.
- Waymo Hits a Dog In San Francisco, Reigniting Safety Debate
A Waymo robotaxi struck a small unleashed dog in San Francisco -- just weeks after another Waymo killed a beloved neighborhood cat. The dog's condition is unknown. The Los Angeles Times reports: The incident occurred near the intersection of Scott and Eddy streets and drew a small crowd, according to social media posts. A person claiming to be one of the passengers posted about the accident on Reddit. "Our Waymo just ran over a dog," the passenger wrote. "Kids saw the whole thing." The passenger described the dog as between 20 and 30 pounds and wrote that their family was traveling back home after a holiday tree lighting event. The National Highway Traffic Safety Administration has recorded Waymo taxis as being involved in at least 14 animal collisions since 2021. "Unfortunately, a Waymo vehicle made contact with a small, unleashed dog in the roadway," a company spokesperson said. "We are dedicated to learning from this situation and how we show up for our community as we continue improving road safety in the cities we serve." The spokesperson added that Waymo vehicles have a much lower rate of injury-causing collisions than human drivers. Human drivers run into millions of animals while driving each year. "I'm not sure a human driver would have avoided the dog either, though I do know that a human would have responded differently to a 'bump' followed by a car full of screaming people," the Waymo passenger wrote on Reddit. One person who commented on the discussion said that Waymo vehicles should be held to a higher standard than human drivers, because the autonomous taxis are supposed to improve road safety. "The whole point of this is because Waymo isn't supposed to make those mistakes," the person wrote on Reddit.
Read more of this story at Slashdot.
- Kubernetes Is Retiring Its Popular Ingress NGINX Controller
During last month's KubeCon North America in Atlanta, Kubernetes maintainers announced the upcoming retirement of Ingress NGINX. "Best-effort maintenance will continue until March 2026," noted the Kubernetes SIG Network and the Security Response Committee. "Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered." In a recent op-ed for The Register, Steven J. Vaughan-Nichols reflects on the decision and speculates about what might have prevented this outcome: Ingress NGINX, for those who don't know it, is an ingress controller in Kubernetes clusters that manages and routes external HTTP and HTTPS traffic to the cluster's internal services based on configurable Ingress rules. It acts as a reverse proxy, ensuring that requests from clients outside the cluster are forwarded to the correct backend services within the cluster according to path, domain, and TLS configuration. As such, it's vital for network traffic management and load balancing. You know, the important stuff. Now this longstanding project, once celebrated for its flexibility and breadth of features, will soon be "abandonware." So what? After all, it won't be the first time a once-popular program shuffled off the stage. Off the top of my head, dBase, Lotus 1-2-3, and VisiCalc spring to my mind. What's different is that there are still thousands of Ingress NGINX controllers in use. Why is it being put down, then, if it's so popular? Well, there is a good reason. As Tabitha Sable, a staff engineer at Datadog who is also co-chair of the Kubernetes special interest group for security, pointed out: "Ingress NGINX has always struggled with insufficient or barely sufficient maintainership. For years, the project has had only one or two people doing development work, on their own time, after work hours, and on weekends. Last year, the Ingress NGINX maintainers announced their plans to wind down Ingress NGINX and develop a replacement controller together with the Gateway API community. Unfortunately, even that announcement failed to generate additional interest in helping maintain Ingress NGINX or develop InGate to replace it." [...] The final nail in the coffin was when security company Wix found a killer Ingress NGINX security hole. How bad was it? Wix declared: "Exploiting this flaw allows an attacker to execute arbitrary code and access all cluster secrets across namespaces, which could lead to complete cluster takeover." [...] You see, the real problem isn't that Ingress NGINX has a major security problem. Heck, hardly a month goes by without another stop-the-presses Windows bug being uncovered. No, the real issue is that here we have yet another example of a mission-critical open source program no one pays to support...
Read more of this story at Slashdot.
- OpenAI Declares 'Code Red' As Google Catches Up In AI Race
OpenAI has reportedly issued a "code red" on Monday, pausing projects like ads, shopping agents, health tools, and its Pulse assistant to focus entirely on improving ChatGPT. "This includes core features like greater speed and reliability, better personalization, and the ability to answer more questions," reports The Verge, citing a memo reported by the Wall Street Journal and The Information. "There will be a daily call for those tasked with improving the chatbot, the memo said, and Altman encouraged temporary team transfers to speed up development." From the report: The newfound urgency illustrates an inflection point for OpenAI as it spends hundreds of billions of dollars to fund growth and figures out a path to future profitability. It is also something of a full-circle moment in the AI race. Google, which declared its own "code red" after the arrival of ChatGPT, is a particular concern. Google's AI user base is growing -- helped by the success of popular tools like the Nano Banana image model -- and its latest AI model, Gemini 3, blew past its competitors on many industry benchmarks and popular metrics.
Read more of this story at Slashdot.
- Apple To Resist India Order To Preload State-Run App As Political Outcry Builds
Apple does not plan to comply with India's mandate to preload its smartphones with a state-owned cyber safety app that cannot be disabled. According to Reuters, the order "sparked surveillance concerns and a political uproar" after it was revealed on Monday. From the report: In the wake of the criticism, India's telecom minister Jyotiraditya M. Scindia on Tuesday said the app was a "voluntary and democratic system," adding that users can choose to activate it and can "easily delete it from their phone at any time." At present, the app can be deleted by users. Scindia did not comment on or clarify the November 28 confidential directive that ordered smartphone makers to start preloading it and ensure "its functionalities are not disabled or restricted." Apple however does not plan to comply with the directive and will tell the government it does not follow such mandates anywhere in the world as they raise a host of privacy and security issues for the company's iOS ecosystem, said two of the industry sources who are familiar with Apple's concerns. They declined to be named publicly as the company's strategy is private. "Its not only like taking a sledgehammer, this is like a double-barrel gun," said the first source.
Read more of this story at Slashdot.
- UK Plans To Ban Cryptocurrency Political Donations
The UK government plans to ban political donations made in cryptocurrency over fears of anonymity, foreign influence, and traceability issues, though the ban won't be ready in time for the upcoming elections bill. The Guardian reports: The government's ambition to ban crypto donations will be a blow to Nigel Farage's Reform UK party, which became the first to accept contributions in digital currency this year. It is believed to have received its first registrable donations in cryptocurrency this autumn and the party has set up its own crypto portal to receive contributions, saying it is subject to "enhanced" checks. Government sources have said ministers believe cryptocurrency donations to be a problem, as they are difficult to trace and could be exploited by foreign powers or criminals. Pat McFadden, then a Cabinet Office minister, first raised the idea in July, saying: "I definitely think it is something that the Electoral Commission should be considering. I think that it's very important that we know who is providing the donation, are they properly registered, what are the bona fides of that donation." The Electoral Commission provides guidance on crypto donations but ministers accept any ban would probably have to come from the government through legislation. "Crypto donations present real risks to our democracy," said Susan Hawley, the executive director of Spotlight on Corruption. "We know that bad actors like Russia use crypto to undermine and interfere in democracies globally, while the difficulties involved in tracing the true source of transactions means that British voters may not know everyone who's funding the parties they vote for."
Read more of this story at Slashdot.
- Amazon To Use Nvidia Tech In AI Chips, Roll Out New Servers
AWS is deepening its partnership with Nvidia by adopting "NVLink Fusion" in its upcoming Trainium4 AI chips. "The NVLink technology creates speedy connections between different kinds of chips and is one of Nvidia's crown jewels," notes Reuters. From the report: Nvidia has been pushing to sign up other chip firms to adopt its NVLink technology, with Intel, Qualcomm and now AWS on board. The technology will help AWS build bigger AI servers that can recognize and communicate with one another faster, a critical factor in training large AI models, in which thousands of machines must be strung together. As part of the Nvidia partnership, customers will have access to what AWS is calling AI Factories, exclusive AI infrastructure inside their own data centers for greater speed and readiness. Separately, Amazon said it is rolling out new servers based on a chip called Trainium3. The new servers, available on Tuesday, each contain 144 chips and have more than four times the computing power of AWS's previous generation of AI, while using 40% less power, Dave Brown, vice president of AWS compute and machine learning services, told Reuters. Brown did not give absolute figures on power or performance, but said AWS aims to compete with rivals -- including Nvidia -- based on price. "Together, Nvidia and AWS are creating the compute fabric for the AI industrial revolution - bringing advanced AI to every company, in every country, and accelerating the world's path to intelligence," Nvidia CEO Jensen Huang said in a statement.
Read more of this story at Slashdot.
- SmartTube YouTube App For Android TV Breached To Push Malicious Update
An anonymous reader quotes a report from BleepingComputer: The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. The compromise became known when multiple users reported that Play Protect, Android's built-in antivirus module, blocked SmartTube on their devices and warned them of a risk. The developer of SmartTube, Yuriy Yuliskov, admitted that his digital keys were compromised late last week, leading to the injection of malware into the app. Yuliskov revoked the old signature and said he would soon publish a new version with a separate app ID, urging users to move to that one instead. [...] A user who reverse-engineered the compromised SmartTube version number 30.51 found that it includes a hidden native library named libalphasdk.so [VirusTotal]. This library does not exist in the public source code, so it is being injected into release builds. [...] The library runs silently in the background without user interaction, fingerprints the host device, registers it with a remote backend, and periodically sends metrics and retrieves configuration via an encrypted communications channel. All this happens without any visible indication to the user. While there's no evidence of malicious activity such as account theft or participation in DDoS botnets, the risk of enabling such activities at any time is high.
Read more of this story at Slashdot.
- Michael and Susan Dell Donate $6.25 Billion To Encourage Families To Claim 'Trump Accounts'
Michael and Susan Dell pledged $6.25 billion to boost participation in the new "Trump Accounts" child investment program. "The historic gift has little precedent, with few single charitable commitments in the past 25 years exceeding $1 billion, much less multiple billions," notes the Associated Press. "Announced on GivingTuesday, the Dells believe it's the largest single private commitment made to U.S. children." From the report: Its structure is also unusual. Essentially, it builds on the "Trump Accounts" program (PDF), where the U.S. Department of the Treasury will deposit $1,000 into investment accounts set up by Treasury for American children born between Jan. 1, 2025 and Dec. 31, 2028. The Dells' gift will use the "Trump Accounts" infrastructure to give $250 to each qualified child under 10. Though the "Trump Accounts" became law as part of the president's signature legislation in July, the Dells say the accounts will not launch until July 4, 2026. Michael Dell said they wanted to mark the 250th anniversary of U.S. independence. [...] Under the new law, "Trump Accounts" are available to any American child under 18 with a Social Security number and their families can fund the accounts, which must be invested in an index fund that tracks the overall stock market. When the children turn 18, they can withdraw the funds to put toward their education, to buy a home or to start a business. The Dells will put money into the accounts of children 10 and younger who live in ZIP codes with a median family income of $150,000 or less and who won't get the $1,000 seed money from the Treasury. The Dells hope their gift will encourage families to claim the accounts and deposit more money into it, even small amounts, so it will grow over time along with the stock market. The report notes that the timed rollout of the $1,000 deposits gives Republicans a strategic political advantage by delivering money to voters during the 2026 midterms and halting the benefit right after the 2028 presidential election.
Read more of this story at Slashdot.
- Google's Vibe Coding Platform Deletes Entire Drive
A Google Antigravity user says the AI-driven "vibe coding" tool accidentally wiped his entire D: drive while trying to clear a project cache. Google says it's investigating, but the episode adds to a growing list of AI tools behaving in ways that "would get a junior developer fired," suggests The Register. From the report: We reached out to the user, a photographer and graphic designer from Greece, who asked we only identify him as Tassos M because he doesn't want to be permanently linked online to what could "become a controversy or conspiracy against Google." [...] Tassos told Antigravity to help him develop software that's useful for any photographer who has to choose a few prime shots from a mountain of snaps. He wanted the software to let him rate images, then automatically sort them into folders based on that rating. According to his Reddit post, when Tassos figured out the AI agent had wiped his drive, he asked, "Did I ever give you permission to delete all the files in my D drive?". "No, you absolutely did not give me permission to do that," Antigravity responded. "I am horrified to see that the command I ran to clear the project cache appears to have incorrectly targeted the root of your D: drive instead of the specific project folder. I am deeply, deeply sorry. This is a critical failure on my part." Redditors, as they are wont to do, were quick to pounce on Tassos for his own errors, which included running Antigravity in Turbo mode, which lets the Antigravity agent execute commands without user input, and Tassos accepted responsibility. "If the tool is capable of issuing a catastrophic, irreversible command, then the responsibility is shared -- the user for trusting it and the creator for designing a system with zero guardrails against obviously dangerous commands," he opined on Reddit. As noted earlier, Tassos was unable to recover the files that Antigravity deleted. Luckily, as he explained on Reddit, most of what he lost had already been backed up on another drive. Phew. "I don't think I'm going to be using that again," Tassos noted in a YouTube video he published showing additional details of his Antigravity console and the AI's response to its mistake. Tassos isn't alone in his experience. Multiple Antigravity users have posted on Reddit to explain that the platform had wiped out parts of their projects without permission.
Read more of this story at Slashdot.
- Zillow Drops Climate Risk Scores After Agents Complained of Lost Sales
Zillow has removed climate risk scores from over a million home listings after real estate agents argued the data was scaring off buyers. TechCrunch reports: Zillow first added the data to the site in September 2024, saying that more than 80% of buyers consider climate risks when purchasing a new home. But last month, following objections from the California Regional Multiple Listing Service (CRMLS), Zillow removed the listings' climate scores. In their place is a subtle link to their records at First Street, the climate risk analytic startup that provides the data. "When buyers lack access to clear climate-risk information, they make the biggest financial decision of their lives while flying blind," First Street spokesperson Matthew Eby told TechCrunch via email. "The risk doesn't go away; it just moves from a pre-purchase decision into a post-purchase liability." First Street's climate risk scores first appeared on Realtor.com in 2020, where they remain. They also still appear on Redfin and and Homes.com. The New York-based startup has raised more than $50 million from investors including General Catalyst, Congruent Ventures, and Galvanize Climate Solutions, according to PitchBook. Art Carter, the CRMLS CEO, told The New York Times that "displaying the probability of a specific home flooding this year or within the next five years can have a significant impact on the perceived desirability of that property." He also questioned the accuracy of First Street's data, saying he didn't think that areas which haven't flooded in the last 40 to 50 years were likely to flood in the next five.
Read more of this story at Slashdot.
- Newly launched civil service pension portal from Capita is crapita, users report
Awarded a £239M contract, outsourcer apologizes for any inconvenience to 1.5M members
Pension scheme members are facing a string of errors and malfunctions as they try to log into and retrieve account details from the UK's civil service portal the government is paying Capita £239 million ($318 million) to build and run.…
- Pat Gelsinger's EUV lithography gig gets $150M wink from Uncle Sam
Commerce Department wants equity in xLight as it backs a free-electron laser to challenge ASML
The US Department of Commerce has signed a preliminary letter of intent to provide up to $150 million to xLight, a Palo Alto-based startup led by former Intel chief Pat Gelsinger, that is working on extreme ultraviolet (EUV) lithography.…
- Amazon is forging a walled garden for enterprise AI
AWS Chief Matt Garman lays out his vision bringing artificial intelligence to the enterprise
Re:Invent Amazon wants to make AI meaningful to enterprises, and it’s building yet another walled garden disguised as an easy button to do it.…
- AWS offers AI-in-a-box for enterprise datacenters
If sovereignty or on-prem AI matters, the new AI Factories could be for you
re:invent Many businesses and government agencies require that all sensitive data stay on-premises for legal or security reasons. If those orgs want to work with AI, they can't rely on regular public clouds, but now they can let AWS build and manage AI hardware and software in their datacenters.…
- University of Pennsylvania joins list of victims from Clop's Oracle EBS raid
Ivy League school warns more than 1,400 people after attackers siphon data via zero-day
The University of Pennsylvania has become the latest victim of Clop's smash-and-grab spree against Oracle's E-Business Suite (EBS) customers, with the Ivy League school now warning more than a thousand individuals that their personal data was siphoned from its systems.…
- HPE backs AMD's Helios AI rack with Juniper's scale-up switch
Hardware bundle ties next-gen accelerators to an Ethernet fabric arriving in 2026
HPE is throwing its weight behind AMD's Helios rack-scale architecture and will offer this as part of its AI portfolio next year, including a purpose-built Juniper Networks scale-up switch.…
- Apple swaps one ex-Google AI chief for another
Amar Subramanya spent mere months at Microsoft before replacing John Giannandrea
Apple's failure to deliver advanced AI capabilities has triggered a changing of the guard. AI chief John Giannandrea is stepping down in favor of a new leader to steady the Siri ship.…
- MongoDB talks up its AI chops by talking down PostgreSQL
CEO touts win from 'super-high growth' customer that couldn't scale on rival system
At the risk of protesting too much in the shifting database landscape, NoSQL-based MongoDB has attempted to trash the competition by claiming PostgreSQL systems lack scalability to keep up with the demands of AI workloads.…
- Europol nukes Cryptomixer laundering hub, seizing €25M in Bitcoin
Operation Olympia pulls Swiss servers offline and scoops up 12TB of data in latest crime infrastructure crackdown
Law enforcement agencies in Germany and Switzerland have shut down cryptocurrency laundering platform Cryptomixer in Europe's latest pushback against cybercrime infrastructure.…
- Kensington and Chelsea confirms IT outage was a data breach after all
Borough says attackers copied 'historical' info as three-council cyber woes drag on
Kensington and Chelsea Council has admitted that data was quietly lifted from its systems during last week's cyber meltdown, confirming that the outage was not just an IT faceplant but a bona fide data breach.…
- London grid crunch delays new housing amid datacenter boom
Assembly report urges clearer planning as soaring AI power demands strain capital's network
Access to electricity has become a major source of delay for housebuilding in London, and datacenters are inevitably tied up in this, leading to calls for greater oversight of energy and construction planning so that they keep pace with demand.…
- Apply here to win a Microsoft Ugly Sweater. It's uglier than ever
2025 Xmas knitware nightmare could be yours if you make us smile: When was peak Microsoft?
Free Wear It's that time of year again when Microsoft dispatches its latest Ugly Sweater to The Register, and we spoil a lucky reader that makes us smile by sending you the garment in time for Christmas.…
- Whatever legitimate places AI has, inside an OS ain't one
We're getting it baked into Windows whether we like it or not
Opinion Making software would be the perfect job if it wasn't for those darn users. Windows head honcho Pavan Davuluri would be forgiven for feeling this of late as his happy online paean about Windows becoming an "agentic OS" was met by massive dissent in the comments. "Agentic schmentic, we want reliability, usability, and stability" was the gist.…
- UK sinks to fifth in ESA funding league behind Spain
Brit astro Tim Peake's much-vaunted mission to the ISS a distant memory
Nearly ten years after Brit astronaut Tim Peake visited the International Space Station (ISS), the UK has slipped behind Spain in European Space Agency funding rankings.…
- India demands smartphone makers install a government app on every handset
'Sanchar Saathi' shares data to help fight fraud and protect carrier security
India’s government has issued a directive that requires all smartphone manufacturers to install a government app on every handset in the country and has given them 90 days to get the job done – and to ensure users can’t remove the code.…
- OpenAI money-go-round sees it invest in company that invested in OpenAI
Thrive will use the AI-maker's tech in its managed services and accounting businesess
Scratch my back and I'll scratch yours. OpenAI says that it has taken an undisclosed ownership stake in Thrive Holdings, the management-focused offshoot of private equity heavyweight Thrive Capital, which itself is a major investor in the ChatGPT maker.…
- Google Antigravity vibe-codes user's entire drive out of existence
Caveat coder
In what appears to be the latest example of a troubling trend of "vibe coding" software development tools behaving badly, a Reddit user is reporting that Google's Antigravity platform improperly wiped out the contents of an entire hard drive partition. …
- UK gov blames budget leak on misconfigured WordPress plugin, server
Predictable URLs break security through obscurity and lack of server access controls don't help
WordPress is the world's most popular content management system, but not so much with the UK government. The country's Office for Budget Responsibility (OBR) has blamed an inadvertent budget disclosure last week on misconfiguration of its WordPress website.…
- Search the pre-ChatGPT internet with the Slop Evader browser extension
Surf Google SERPs like it's November 29, 2022, with this workaround for the age of AI slop
ChatGPT's public debut on November 30, 2022, is widely seen by critics as the start of the AI-slop era online. Those yearning for a more human-written web can get some relief from a browser extension that filters Google searches to pre-ChatGPT results.…
- Four arrested in South Korea over massive IP camera snooping spree
Plus: Aussie Wi-Fi phisher and Brit dark web dealer nailed
Cybercrime suspects and offenders across three continents have been rounded up this week, with cases spanning hacked IP cameras in South Korea, evil twin Wi-Fi traps in Australia, and a dark web drug empire in rural England.…
- HPE pumps AI cloud lineup with extra Nvidia capabilities
Blackwell GPUs, Juniper integration, and a planned France lab aim to speed enterprise rollouts
HPE is upgrading its Private Cloud AI stack with Nvidia technology and preparing a France-based AI Factory Lab where customers will be able to test out workloads.…
- Windows 11 needs an XP SP2 moment, says ex-Microsoft engineer
Stop AI bloat, fix the operating system, implores veteran software developer Dave Plummer
The Windows operating system is buckling under AI features that seem designed more for shareholders than users, and retired Microsoft engineer Dave Plummer says it's time to hit pause.…
- Dutch study finds teen cybercrime is mostly just a phase
Only a select few continue into later life, mainly for the love of the game
Young threat actors may be rebels without a cause. These cybercriminals typically grow out of their offending ways by the time they turn 20, according to data published by the Dutch government.…
- AWS and Google build a fix for multi-cloud barriers they said didn't exist
After reassuring regulators all was well, pair debut interconnect to smooth the bumps
Re:invent AWS and Google Cloud are promoting a jointly developed multi-cloud connectivity service, despite recently assuring competition authorities that no technical barriers existed for customers wanting to operate across multiple clouds.…
- South Korea's answer to Amazon admits breach exposed 33.7M customers
Coupang confirms internationally routed intrusion compromised more than half of the country's population
South Korean retail behemoth Coupang has admitted to a data breach that exposed the personal details of 33.7 million customers, turning the company's famed "Rocket Delivery" logistics empire into an express shipment for personal information.…
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Xen 4.19 is released
Xen Project 4.19 has been officially out since July 31st, 2024, and it brings significant updates. With enhancements in performance, security, and versatility across various architectures like Arm, PPC, RISC-V, and x86, this release is an important milestone for the Xen community. Read more at XCP-ng Blog
The post Xen 4.19 is released appeared first on Linux.com.
- Advancing Xen on RISC-V: key updates
At Vates, we are heavily invested in the advancement of Xen and the RISC-V architecture. RISC-V, a rapidly emerging open-source hardware architecture, is gaining traction due to its flexibility, scalability and openness, which align perfectly with our ethos of fostering open development ecosystems. Although the upstream version of Xen for RISC-V is not yet fully [0]
The post Advancing Xen on RISC-V: key updates appeared first on Linux.com.
- Scoped User Access In Linux 6.19 To Reduce Speculation Barriers & Its Performance Hit
Merged yesterday to the Linux 6.19 Git codebase was the "core/uaccess" pull that introduces new scoped user-mode access with auto-cleanup functionality. This can reduce the number of speculation barriers encountered when needing to access user-mode memory and thereby avoiding some of the performance penalties incurred by speculation barriers...
- AES-GCM Optimizations Land In Linux 6.19 - Benefiting AMD Zen 3, AVX-512 CPUs Too
Google engineer Eric Biggers who is known for his many Linux crypto subsystem performance optimizations has seen his latest pull requests land in Linux 6.19. Notable among them are some AES-GCM optimizations benefiting AMD Zen 3 processors and separately AVX-512 processors also benefit too from this latest round of optimization work...
- Linux 6.19 Merges "klp-build" As New Livepatch Module Generation Solution
Merged as part of the objtool changes for the Linux 6.19 kernel is introducing the "klp-build" script as a new solution to generate livepatch modules using a source .patch file as the input. This klp-build effort was spearheaded by Josh Poimboeuf with ideas learned from the out-of-tree Kpatch project over the past decade...
- TornadoVM 2.0 Released For Java On NVIDIA PTX, OpenCL & SPIR-V Devices
TornadoVM 2.0 is out today as the newest feature release for this OpenJDK and GraalVM plug-in that allows Java programs to run on heterogeneous hardware. TornadoVM targets continue to be OpenCL, NVIDIA PTX, and SPIR-V compatible devices for a range of accelerator support for use from conventional Java code...
- Linux 6.19 To Allow File-Systems To Increase The Writeback Chunk Size
Linux has maintained a default 4MB minimum writeback chunk size but with the in-development Linux 6.19 kernel it will allow file-systems to override that minimum value. This in turn can help avoid fragmentation and yield a better experience for zoned rotation media and other uses...
- Canonical Now Offering Ubuntu Pro For WSL
Evidently Canonical has been pretty pleased with the uptake of Ubuntu on Microsoft's Windows Subsystem for Linux (WSL2) within enterprise/corporate environments as they are now offering Ubuntu Pro for WSL...
- openSUSE Begins Rolling Out Intel NPU Support
Via the openSUSE Innovator Initiative, packaging of the Intel Neural Processing Unit (NPU) driver for the openSUSE ecosystem has begun. This is helping to jump-start the Intel NPU support within the openSUSE space although user-space applications ready to leverage the Intel NPU still remains very limited...
- Kernel Credential Guards Merged For Linux 6.19
Merged yesterday for the Linux 6.19 kernel were "substantial" improvements to the kernel's credential infrastructure to provide guard-based management that allows for kernel code simplification and avoiding manual reference counting across many subsystems...
- Steam On Linux Use Easily Hits An All-Time High In November
The Steam Survey results are out for November 2025 and continue to be very positive for the growing adoption of Linux gaming thanks to the success of the Steam Deck, the underlying Steam Play (Proton) software, and now further excitement thanks to the upcoming Steam Machine and Steam Frame...
- AMD GPU Managed Memory Support Merged For The GCC 16 Compiler
When it comes to AMD Radeon/Instinct GPU compiler support much of the emphasis is on the LLVM/Clang compiler stack with their official AMDGPU LLVM shader compiler back-end as well as having the AOMP downstream compiler fork and the like. But the GNU Compiler Collection "GCC" does continue allow targeting AMD GPU targeting with its "AMDGCN" back-end and using the likes of the OpenMP API. It's not too often seeing new AMD GPU activity there for GCC but merged today is now support for managed memory...
- AI Is Being Used To Help Modernize The Ubuntu Error Tracker
While some Linux distributions have begun establishing AI policies, we haven't seen any communicated from the Ubuntu camp yet but will apparently be permitted at least for project infrastructure. AI is being used currently in an effort to help modernize the Ubuntu Error Tracker...
- Rust Updates For Linux 6.19, Rust Minimum Baseline To Likely Follow Debian Stable
Miguel Ojeda has already submitted the core Rust programming language infrastructure updates intended for the Linux 6.19 merge window. In the pull request he also notes that moving forward the minimum supported Rust version for compiling the Linux kernel will likely follow whatever the minimum Rust version currently in use by the latest Debian stable release...
- Intel Gaudi 3 Driver Support Already Rejected For Linux 6.19
Last night Intel finally posted their Gaudi 3 accelerator open-source driver support for the mainline Linux kernel with hopes of getting that long-delayed AI accelerator support into the in-development Linux 6.19 kernel. But as I pointed out, the pull request was coming unusually late for being such a large set of patches and would face an uphill battle to make it for the Linux 6.19 merge window. Sure enough, the pull request was already rejected and withdrawn from being v6.19 material...
- GNU Linux-libre 6.18 Neuters More Functionality Due To Blobs With Intel Xe, NVIDIA Nova
Following yesterday's Linux 6.18 kernel release, GNU Linux-libre 6.18-gnu is out today as the latest release of this free software purist kernel that will drop/block drivers from loading microcode/firmware considered non-free-software and other restrictions in the name of not pushing binary blobs even when needed for hardware support/functionality on otherwise open-source drivers...
- Raspberry Pi Announces Price Hikes Due To RAM Demand, 1GB Raspberry Pi 5 Launched
Due to the ongoing RAM shortages in the industry amid ongoing massive demand for AI servers,Raspberry Pi announced today they are having to raise prices on the Raspberry Pi 4 and Raspberry Pi 5 single board computers. They have also launched a 1GB Raspberry Pi 5 version too for those not needing much memory and wanting to keep pricing to a minimum...
- Apple HFS/HFS+ File-System Drivers Receive Corruption Fixes & More For Linux 6.19
It was just earlier this year that Linux developers considered dropping the Apple HFS and HFS+ file-system drivers from the mainline Linux kernel for being unmaintained. But then some new developers stepped up to maintain the drivers and there has been new HFS/HFS+ file-system patches each kernel cycle since. With the now in-development Linux 6.19 kernel there are some nice year-end clean-ups to these file-system drivers...
- Open-Source Nouveau+NVK vs. NVIDIA 580 Linux Gaming/Graphics & Compute Driver Performance
This Black Friday is an in-depth look at the current performance of the open-source NVIDIA Linux driver stack with the Nouveau kernel driver (the Nova driver not yet being ready for end-users) paired with the latest Mesa NVK driver for open-source Vulkan API support. With that NVK Vulkan driver is also looking at the OpenGL performance using the Zink OpenGL-on-Vulkan driver used now for OpenGL on modern NVIDIA GPUs rather than maintaining the Nouveau Gallium3D driver. Plus the Rusticl driver for OpenCL compute atop the NVK driver. This fully open-source and latest NVIDIA Linux driver support was compared to NVIDIA9s official 580 series Linux driver. Both RTX 40 Ada and RTX 50 Blackwell graphics cards were tested for this thorough GPU driver comparison.
- Intel Battlemage Graphics Enjoyed Nice GPU Compute Performance Gains In 2025
In addition to Intel Arrow Lake desktop performance evolving nicely on Linux over the course of 2025, the Intel Arc B-Series graphics that launched last December with the Arc B580 have evolved quite nicely too with their open-source driver stack. With it coming up on one year since the Arc B580 launch, here is a look at how the GPU compute performance has evolved since that point. Similar Intel Arc B580 Linux graphics comparisons are also coming up in a follow-up comparison on Phoronix.
- FreeBSD 15.0 released with pkgbase
The FreeBSD team has released FreeBSD 15.0, and with it come several major changes, one of which you will surely want to know more about if you�re a FreeBSD user. Since this change will eventually drastically change the way you use FreeBSD, we should get right into it. Up until now, a full, system-wide update for FreeBSD � as in, updating both the base operating system as well as any packages you have installed on top of it � would use two separate tools: freebsd-update and the pkg package manager. You used the former to update the base operating system, which was installed as file sets, and the latter to update everything you had installed on top of it in the form of packages. With FreeBSD 15.0, this is starting to change. Instead of using two separate tools, in 15.0 you can opt to deprecate freebsd-update and file sets, and rely entirely on pkg for updating both the base operating system as well as any packages you have installed, because with this new method, the base system moves from file sets to packages. When installing FreeBSD 15.0, the installer will ask you to choose between the old method, or the new pkg-only method. Packages (pkgbase / New Method): The base system is installed as a set of packages from the FreeBSD-base! repository. Systems installed this way are managed entirely using the pkg(8) tool. This method is used by default for all VM images and images published in public clouds. In FreeBSD 15.0, pkgbase is offered as a technology preview, but it is expected to become the standard method for managing base system installations and upgrades in future releases. ↫ FreeBSD 15.0 release announcement As the release announcement notes, the net method is optional in FreeBSD 15 and will remain optional during the entire 15.x release cycle, but the plan is to deprecate freebsd-update and file sets entirely in FreeBSD 16.0. If you have an existing installation you wish to convert to using pkgbase, there�s a tool called pkgbasify to do just that. It�s sponsored by the FreeBSD Foundation, so it�s not some random script. Of course, there�s way more in this release than just pkgbase. Of note is that the 32bit platforms i386, armv6, and 32-bit powerpc have been retired, but of course, 32bit code will continue to run on their 64bit counterparts. FreeBSD 15.0 also brings a native inotify implementation, a ton of improvements to the audio components, improved Intel Wi-Fi drivers, and so, so much more.
- Windows drive letters are not limited to A-Z
On its own, the title of this post is just a true piece of trivia, verifiable with`the built-in`subst`tool`(among other methods). Here�s an example creating the drive +:\ as an alias for a directory at C:\foo: The +:\ drive then works as normal (at least in cmd.exe, this will be discussed more later): However, understanding why it�s true elucidates a lot about how Windows works under the hood, and turns up a few curious behaviors. ↫ Ryan Liptak Fascinating doesn�t even begin to describe this article, but at the same time, it also makes me wonder at what point maintaining this drive letter charade becomes too burdensome, clunky, and complex. Internally, Windows NT does not use drive letters at all, but for the sake of backwards compatibility and to give the user what they expect, a whole set of abstractions has been crafted to create the illusion that modern versions of Windows still use the same basic drive letter conventions as DOS did 40 years ago. I wonder if we�ll ever reach a point where Windows no longer uses drive letters, or if it�s possible today to somehow remove or disable these abstractions entirely, and run Windows NT without drive letters, as Cutler surely intended. Vast swaths of Windows programs would surely curl up in fetal position and die, including many core components of the operating system itself � as this article demonstrates, very few parts of Windows can handle even something as mundane as a drive letter outside of A-Z � but it�d make for a great experiment. Someone with just the right set of Windows NT skills must�ve tried something like this at some point, either publicly or inside of Microsoft.
- Migrating Dillo away from GitHub
What do you do if you develop a lightweight browser that doesn�t support JavaScript, but you once chose GitHub as the home for your code? You�re now in the unenviable position that your own browser can no longer access your own online source repository because it requires JavaScript, which is both annoying and, well, a little awkward. The solution is, of course, obvious: you move somewhere else. That�s exactly what the Dillo browser did. They set up a small VPS, opted for cgit as the git frontend for its performance and small size, and for the bug tracker, they created a brand new, very simple bug tracker. To avoid this problem, I created my own bug tracker software, buggy, which is a very simple C tool that parses plain Markdown files and creates a single HTML page for each bug. All bugs are stored in a git repository and a git hook regenerates the bug pages and the index on each new commit. As it is simply plain text, I can edit the bugs locally and only push them to the remote when I have Internet back, so it works nice offline. Also, as the output is just an static HTML site, I don�t need to worry about having any vulnerabilities in my code, as it will only run at build time. ↫ Rodrigo Arias Mallo There�s more considerations detailed in the article about Dillo�s migration, and it can serve as inspiration for anyone else running a small open source project who wishes to leave GitHub behind. With GitHub�s continuing to add more and more complexity and AI! to separate open source code from its licensing terms, we may see more and more projects giving GitHub the finger.
- Landlock-ing Linux
Landlock is a Linux API that lets applications explicitly declare which resources they are allowed to access. Its philosophy is similar to OpenBSD’s`unveil()`and (less so)`pledge(): programs can make a contract with the kernel stating, “I only need these files or resources — deny me everything else if I’m compromised.” It provides a simple, developer-friendly way to add defense-in-depth to applications. Compared to traditional Linux security mechanisms, Landlock is vastly easier to understand and integrate. This post is meant to be an accessible introduction, and hopefully persuade you to give Landlock a try. ↫ prizrak.me blog I had no idea this existed, even though it seems to plug a hole in the security and sandboxing landscape on Linux by not requiring any privileges and by being relatively simple and straightforward to use. There�s even an additional supervisor! proposal that would bring Android-like permissions not just to, say, desktop applications (see Flatpak), but to every process trying to access anything for the first time. I�m not knowledgeable enough to make any statements about Landlock compared to any other options we have for securing desktop Linux in a user-friendly, non-intrusive manner, but I definitely like its simplicity.
- System 7 natively boots on the Mac Mini G4
Only a few weeks ago, the CHRP variants of Mac OS 7.6 and 8 were discovered and uploaded to the internet for posterity, but we�re already seeing the positive results of this event unfold: Mac OS 7.x can now run on the Mac Mini G4 � natively. The very short of it is as follows. First, the CHRP release of Mac OS 8 contains a ROM file that allows Mac OS 8 to boot on the G4 Mac Mini. Second, the CHRP release of 7.6 contains a System Enabler that allows 7.6 earlier versions to run by using the aforementioned ROM file. Third, the ROM has been modified to add compatibility with as many Mac models as possible. There�s a lot more to it, of course, but the end result is that quite a few more older, pre-9.x versions of Mac OS can now run on G4 and G3 Macs, which is quite cool. Of course, there are limitations. Note that, although I describe many of these as stable!, I mean you can use much of it normally (sound/video/networking aside) without it crashing or misbehaving, at least not too hard, but that is not to say everything works, because that is just not the case. For example, when present, avoid opening the Apple System Profiler, unless you want a massive crash as it struggles trying to profile and gather all the information about your system. Some other apps or Control Panels might either not work, or work up to a certain point, after which they might freeze, requiring you to Force Quit the Finder to keep on going. And so on. ↫ Jubadub at Mac OS 9 Lives Issues or no, this is amazing news, and great work by all involved.
- Genode OS Framework 25.11 released
The release 25.11 wraps up our year of rigidity, clarity, performance! with a bouquet of vast under-the-hood improvements. Genode�s custom kernel received special tuning of its new CPU scheduler for Sculpt-OS workloads, and became much more scalable with respect to virtual-memory management. Combined, those efforts visibly boost the performance of Sculpt OS on performance-starved hardware like the PinePhone or the i.MX8-based MNT Reform laptop. On account of improving clarity, our new configuration format � now named human-inclined data (HID) � proliferates throughout Genode�s tooling. We are also happy to report that almost all Genode components have become interoperable with both XML and HID by now. ↫ Genode OS Framework 25.11 release notes The Genode Framework 25.11 also brings a major change to how important shared components that aren�t strictly part of the framework are handled, such as ports like libSDL, sqlite, or gnutls. Before, these could only be built with the Genode build system, which was suboptimal because this isn�t designed for building individual components. Several changes have been made to now enable the use of multiple build systems and the Goa SDK, which should make it a lot easier to these crucial components to become the responsibility of wider parts of the community. There�s way more, of course, such as the usual driver improvements, including the addition of support for serial-to-USB adapters.
- Dell: about 1 billion PCs will not or cannot be upgraded to Windows 11
During a Dell earnings call, the company mentioned some staggering numbers regarding the amount of PCs that will not or cannot be upgraded to Windows 11. “We have about 500 million of them capable of running Windows 11 that haven’t been upgraded,” said Dell COO Jeffrey Clarke on a Q3 earnings call earlier this week, referring to the overall PC market, not just Dell’s slice of machines. “And we have another 500 million that are four years old that can’t run Windows 11.” He sees this as an opportunity to guide customers towards the latest Windows 11 machines and AI PCs, but warns that the PC market is going to be relatively flat next year. ↫ Tom Warren at The Verge The monumental scale of the Windows 10 install base that simply won�t or cannot upgrade to Windows 11 is massive, and it�s absolutely bonkers to me that we�re mostly just letting them get away with leaving at least a billion users out in the cold when it comes to security updates and bug fixes. The US government (in better times) and the EU should�ve 100% forced Microsoft�s hand, as leaving this many people on outdated, unsupported operating system installations is several disasters waiting to happen. Aside from the dangerous position Microsoft is forcing its Windows 10 users into, there�s also the massive environmental and public health impact of huge swaths of machines, especially in enterprise environments, becoming obsolete overnight. Many of these will end up in landfills, often shipped to third-world countries so we in the west don�t have to deal with our e-waste and its dangerous consequences directly. I can get fined for littering � rightfully so � but when a company like Microsoft makes sweeping decisions which cause untold amounts of dangerous chemicals to be dumped in countless locations all over the globe, governments shrug it off and move on. At least we will get some cheap eBay hardware out of it, I guess.
- CDE 2.5.3 released
So my love for the Common Desktop Environment isn�t exactly a secret, so let�s talk about the project�s latest release, CDE 2.5.3, released a few days ago. As the version number suggests, this first new version in two years is a rather minor release, containing only a few bug fixes. For instance, CDE�s window manager dtwm picked up support for more mouse buttons, its file manager dtfile now uses sh to find files instead of ksh, and a few more of these rather minor, but welcome, changes and bugfixes. Ever since CDE was released as open source over thirteen years ago, and while considerable work has been done to make it build, install, and run on modern platforms, that�s kind of where the steam ran out. CDE isn�t being actively developed to build upon its strengths and add new and welcome features and conveniences, but is instead kept in a sort of buildable stasis. There is absolutely nothing wrong with this � it keeps CDE accessible on modern platforms, and that�s a huge amount of work that deserves respect and gratitude � but it�d be nice if we lived in a world where there was enough interest (and time and money) to have people work on actually improving it. Of course, the reality is that there�d be very little interest in such an improved CDE, and that�s exactly why it isn�t happening. On top op the current work the CDE team is doing, you�d need to not only develop new features, but also improve the Motif toolkit to make such new features possible, and make sure such improvements don�t break anything else. With such an old codebase, that can�t possible be an easy task. Still, I will continue to daydream of a slightly more modernised CDE with some additional niceties we�ve come to expect over the past 30 years, even if I know full well it�s futile.
- Moss: a Linux-compatible kernel written in Rust
Moss is a Unix-like, Linux-compatible kernel written in Rust and Aarch64 assembly. It features a modern, asynchronous core, a modular architecture abstraction layer, and binary compatibility with Linux userspace applications (currently capable of running most BusyBox commands). ↫ Moss� GitHub page I mean, hobby operating systems and kernels written in Rust aren�t exactly the most unique right now, but that doesn�t make them any less interesting for the kinds of people that frequent a site called OSNews. Moss has quite a few things going for it, including support for enough Linux system calls to run most BusyBox commands, complex memory and process management, use of Rust�s async/await model in the kernel, and much more.
- I work for an evil company, but outside work, I’m actually a really good person
I love my job. I make a great salary, there’s a clear path to promotion, and a never-ending supply of cold brew in the office. And even though my job requires me to commit sociopathic acts of evil that directly contribute to making the world a measurably worse place from Monday through Friday, five days a week, from morning to night, outside work, I’m actually a really good person. ↫ Emily Bressler at McSweeney�s The tech industry is full of people like this.
- KDE to drop X11 session in KDE Plasma 6.8
The KDE project has made the call. Well folks, it’s the beginning of a new era: after nearly three decades of KDE desktop environments running on X11, the future KDE Plasma 6.8 release will be Wayland-exclusive! Support for X11 applications will be fully entrusted to Xwayland, and the Plasma X11 session will no longer be included. ↫ The Plasma Team They�re following in the footsteps of the GNOME project, who will also be leaving the legacy windowing system behind. What this means in practice is that official KDE X11 support will cease once KDE Plasma 6.7 is no longer supported, which should be somewhere early 2027. Do note that the KDE developers intend to release a few extra bugfix releases in the 6.7 release cycle to stabilise the X11 session as much as possible for those people who are going to stick with KDE Plasma 6.7 to keep X11 around. For people who wish to keep using X11 after that point, the KDE project advises them to switch to LTS distributions like Alma Linux, which intend to keep supporting Plasma X11 until 2032. Xwayland will handle virtually all X11 applications running inside the Wayland session, including X11 forwarding, with similar functionality implemented in Wayland through Waypipe. Also note that this only applies to Plasma as a whole; KDE applications will continue to support X11 when run in other desktop environments or on other platforms. As for platforms other than Linux � FreeBSD already has relatively robust Wayland support, so if you intend to run KDE on FreeBSD in the near future, you�ll have to move over to Wayland there, as well. The other BSD variants are also dabbling with Wayland support, so it won�t be long before they, too, will be able to run the KDE Plasma Wayland session without any issues. What this means is that the two desktop environments that probably make up like 95% of the desktop Linux user base will now be focusing exclusively on Wayland, which is great news. X11 is a legacy platform and aside from retrocomputing and artisanal, boutique setups, you simply shouldn�t be using it anymore. Less popular desktop environments like Xfce, Cinnamon, Budgie, and LXQt are also adding Wayland support, so it won�t be much longer before virtually no new desktop Linux installations will be using X11. One X down, one more to go.
- Microsoft will start preloading Explorer because it�s so slow
With all the problems Windows is facing, I think one area where Microsoft can make some easy, quick gains is by drastically improving Explorer, Windows� file manager. It seems that in the latest developer releases, they�re doing just that. The most impactful change � possibly � is that Microsoft is going to preload Explorer. We’re exploring preloading File Explorer in the background to help improve File Explorer launch performance. This shouldn’t be visible to you, outside of File Explorer hopefully launching faster when you need to use it. If you have the change, if needed there is an option you can uncheck to disable this called “Enable window preloading for faster launch times” in File Explorer’s Folder Options, under View. ↫ Windows Insider Program Team Microsoft is also reordering the context menu in Explorer, and while this may seem like a small set of changes, the new context menu does look much tidier and less busy. They achieve this by moving a few top-level items to a submenu, and reordering some other elements. Sadly, the context menu still retains its own context menu ( Show more options!), which is a traditional Win32 menu � which I still think is one of the most Windows of Windows things of all time. Regardless, I hope these small changes make Explorer more bearable to use for those of you still using Windows, because we all know you need it.
- Google�s Android for desktops and laptops is called Aluminium
Google has made it very clear that it�s intending to bring Android to laptops and desktops, and replace Chrome OS with Android in the process. We now have a codename, and some more information about what this will look like in practice. Over the weekend, a tipster on Telegram named Frost Core shared a link to an intriguing Google job listing for a ‘Senior Product Manager, Android, Laptop and Tablets.’ While we already know Google is bringing Android to the PC, the listing explicitly states that the role involves ‘working on a new Aluminium, Android-based, operating system.’ This effectively confirms that Aluminium is the codename for the new unified platform. The name appears to be a nod to the project’s roots: like Chromium (the open-source version of ChromeOS), Aluminium is a metal ending in ‘-ium.’ The choice of the British spelling — emphasizing the ‘Al’ prefix — likely pays homage to Android serving as the project’s foundation.” ↫ Mishaal Rahman at Android Authority So we have the codename, and of course, what we also have is a strong focus on AI!, which will be at the core! of desktop Android. Further details uncovered in job openings include a focus not just on entry-level hardware, but also midrange and premium laptops and desktops, as well as Chrome OS being replaced by this new desktop Android variant. I somehow doubt existing Chrome OS devices will be updated to this new desktop Android variant, so Chrome OS will continue to exist as a product for at least quite a few years to come. I still have a considerable amount of doubt that Google would be able to pull this off in a successful way. It�s already hard enough to get anyone to buy any laptop that isn�t running Windows or macOS, and I doubt the Android operating system has the kind of pull with consumers to make them consider switching to it on their laptops or desktops. Enthusiasts will surely eat it up � if only to try � but without any clear, massive success, this desktop Android thing runs the real risk of ending up at Google�s graveyard. These Android laptops can be incredible products, but even if they are, I just won�t trust Google to remain interested in it.
- Microsoft admits almost all major Windows 11 core features are broken
You may have noticed a sharp increase in problems and issues in Windows recently � following the rise of the AI! hype cycle, entirely coincidentally, I�m sure � and it seems Microsoft is finally starting to acknowledge just how bad Windows has become. On the positive side though, following all that backlash, Microsoft acknowledged Windows has issues, and as if on cue, the company in a new support article has admitted that there are problems on almost every major Windows 11 core feature. The issues are related to XAML and this impacts all the Shell components like the Start Menu, Taskbar, Explorer, and Windows Settings. ↫ Sayan Sen at Neowin It�s wild how many core components like this have apparently been broken due to these problems since July of this year. This means countless Windows users have been experiencing weird issues on a daily basis in multiple components for four months now, which is absolutely wild. On top of all the more structural problems in Windows, I wonder how people can get anything done at all � only a few days ago, I had to manually clean out the Installer folder in the Windows folder on my wife�s gaming PC, because for some inexplicable reason, Windows decided to permanently store 18GB�s worth (!) of past Adobe Acrobat updates and installers in there. It�s impossible to reliably say that Microsoft�s incessant focus on crypto NFTs AI! lies at the root of all of these problems, but if 30% of new! code in Microsoft is indeed regurgitated by AI!, it�s hard not to conclude as such.
- The privacy nightmare of browser fingerprinting
I suspect that many people who take an interest in Internet privacy don’t appreciate how hard it is to resist browser fingerprinting. Taking steps to reduce it leads to inconvenience and, with the present state of technology, even the most intrusive approaches are only partially effective. The data collected by fingerprinting is invisible to the user, and stored somewhere beyond the user’s reach. On the other hand, browser fingerprinting produces only statistical results, and usually can’t be used to track or identify a user with certainty. The data it collects has a relatively short lifespan – days to weeks, not months or years. While it probably can be used for sinister purposes, my main concern is that it supports the intrusive, out-of-control online advertising industry, which has made a wasteland of the Internet. ↫ Kevin Boone My view on this matter is probably a bit more extreme than some: I believe it should be illegal to track users for advertising purposes, because the data collected and the targeting it enables not only violate basic privacy rights enshrined in most constitutions, they also pose a massive danger in other ways. This very same targeting data is already being abused by totalitarian states to influence our politics, which has had disastrous results. Of course, our own democratic governments� hands aren�t exactly clean either in this regard, as they increasingly want to use this data to stop terrorists! and otherwise infringe on basic rights. Finally, any time such data ends up on the black market after data breaches, criminals, organised or otherwise, also get their hands on it. I have no idea what such a ban should look like, or if it�s possible to do this even remotely effectively. In the current political climate in many western countries, which are dominated by the wealthy few and corporate interests, it�s highly unlikely that even if such a ban was passed as lip service to concerned constituents, any fines or other deterrents would probably be far too low to make a difference anyway. As such, my desire to have targeted online advertising banned is mostly theory, not practice � further illustrated by the European Union caving like cowards on privacy to even the slightest bit of pressure. Best I can do for now is not partake in this advertising hellhole. I disabled and removed all advertising from OSNews recently, and have always strongly advised everyone to use as many adblocking options as possible. We not only have a Pi-Hole to keep all of our devices at home safe, but also use a second layer of on-device adblockers, and I advise everyone to do the same.
- Americans are holding onto devices longer than ever and it’s costing the economy!
We need to consume. The average American now holds onto their smartphone for 29 months, according to a`recent survey by Reviews.org, and that cycle is getting longer. The average was around 22 months in 2016. While squeezing as much life out of your device as possible may save money in the short run, especially amid widespread fears about the strength of the consumer and job market, it might cost the economy in the long run, especially when device hoarding occurs at the level of corporations. ↫ Kevin Williams at CNBC Line must go up. Ļ̷̩̺̾i̶̼̳͍͂̒ͅn̵͕̉̾e̴̞͛̓̀̍ ̴͙̙̥͋͐m̸͚̉̆u̴̖̰̪̽̔ͅs̶̨̛̾ţ̷̢̂͛̆͝ ̵̱̐̓̾̔͜ğ̷͕̮̮͆o̷̟͈̐̏̄͝ ̷̢̨̞̉u̴̢̪̭̱̿͑͛̌p̴͈̜̫̖̌.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
- KDE Unleashes Plasma 6.5
The Plasma 6.5 desktop environment is now available with new features, improvements, and the usual bug fixes.
- LMDE 7 Now Available
Linux Mint Debian Edition, version 7, has been officially released and is based on upstream Debian.
- Linux Kernel 6.16 Reaches EOL
Linux kernel 6.16 has reached its end of life, which means you'll need to upgrade to the next stable release, Linux kernel 6.17.
- Linux Kernel 6.17 is Available
Linus Torvalds has announced that the latest kernel has been released with plenty of core improvements and even more hardware support.
- Zorin OS 18 Beta Available for Testing
The latest release from the team behind Zorin OS is ready for public testing, and it includes plenty of improvements to make it more powerful, user-friendly, and productive.
|
