All the News that Matters

• Fedora 42: Chromium High CVE-2025-14765 Out of Bounds Security Risks
  Update to 143.0.7499.146 * High CVE-2025-14765: Use after free in WebGPU * High CVE-2025-14766: Out of bounds read and write in V8 * Force dark mode when auto dark mode web content is on

• Fedora 42: mqttcli Update 0.2.8 Critical Integer Overflow Issues
  Update to 0.2.8

• Fedora 42: gosec Security Update 2.22.11 CVE-2025-47910 Cross Origin Issues
  Update to 2.22.11

• Critical Vulnerability in Fedora 42: python-unicodedata2 Arbitrary RCE
  Update to 17.0.0 version (#2412270) Update fonttools 4.61.0

• Ubuntu 24: glyphutils Severe RCE Unrestricted File Access 2025-abcd1234ef
  Update to 17.0.0 version (#2412270) Update fonttools 4.61.0

• Fedora 43: Chromium High CVE-2025-14765/14766 Heap Corruption Advisory
  Update to 143.0.7499.146 * High CVE-2025-14765: Use after free in WebGPU * High CVE-2025-14766: Out of bounds read and write in V8 * Force dark mode when auto dark mode web content is on

• LoongArch Promoted To Being An Official Architecture For Debian 14
  Two years and a few months after LoongArch 64-bit "Loong64" was added to Debian Ports, it's now been promoted to being an official architecture for Debian Linux...

• Debian Gets Its Own PPA-Like System as Debusine Repositories Launch
  Debian introduces Debusine repositories, allowing developers to publish PPA-like add-on packages with integrated builds, testing, signing, and snapshots.

• Wine 11.0-rc3 Released With Another Week Of Bug Fixing
  In working toward the Wine 11.0 stable release in January, Wine 11.0-rc3 is out today as the latest weekly release candidate...

• OpenZFS 2.4 Extends Linux Kernel Support to 6.18 and Supports FreeBSD 14–16
  OpenZFS 2.4 extends Linux kernel compatibility up to 6.18 while supporting FreeBSD 14, 15, and 16, bringing major performance, quota, and storage improvements.

• 2025 Brought "Transformative Changes" For FreeBSD On Laptops
  As we have been covering over the past year, major investments have been made to better the outlook for running FreeBSD on laptop hardware. From WiFi driver improvements to enhancing suspend/resume, power management, graphics drivers, and other features, it's been a big undertaking to make FreeBSD work better on laptops. The FreeBSD Foundation calls 2025 as having brought "transformative changes" for the FreeBSD laptop experience...

• Fwupd 2.0.19 Linux Firmware Updater Supports Lenovo Sapphire Folio Keyboard
  Fwupd developer Richard Hughes released fwupd 2.0.19 today as the nineteenth maintenance update to the fwupd 2.0 series of this open-source Linux firmware update utility.

• Mageia 10 Planning For April Release While Still Maintaining 32-bit Support
  The Mageia development team recently met to solidify their plans for releasing Mageia 10 as the next major release of this LInux distribution with its roots that trace back to the days of Mandrake Linux...

• Microsoft, Over 120 Billion Dollars in Debt, Prepares Next Round of Mass Layoffs (After Christmas)
  Based on the online "rumour mill", Microsoft is already planning the next "megacull"; some workers hope that joining a union will protect them, as we showed some days ago, but in reality those Microsoft employees are a liability to such unions.

• 5 Ways to Follow (or Find All) Symbolic Links in Linux
  In this article, you will learn five ways to follow symbolic (or soft) links to find the original file to which the symbolic link points.

• Mageia Linux 10 Enters Alpha Phase With April 2026 Release Target
  The Mageia team has outlined the Mageia 10 release schedule, including alpha, beta, RC milestones, and a final release planned for April 2026.

• Trump Dismantling National Center For Atmospheric Research In Colorado
  echo123 shares a report from PBS: The Trump administration is dismantling the National Center for Atmospheric Research in Colorado, moving to dissolve a research lab that a top White House official described as "one of the largest sources of climate alarmism in the country." White House budget director Russ Vought criticized the lab in a social media post Tuesday night and said a comprehensive review of the lab is underway. "Vital activities such as weather research will be moved to another entity or location, Vought said. The research lab, which houses the largest federal research program on climate change, supports research to predict, prepare for and respond to severe weather and other natural disasters. The research lab is managed by a nonprofit consortium of more than 130 colleges and universities on behalf of the National Science Foundation. A senior White House official cited two instances of the lab's "woke direction" that wastes taxpayer funds on what the official called frivolous pursuits and ideologies. One funded an Indigenous and Earth Sciences center that aimed to "make the sciences more welcoming, inclusive, and justice-centered," while another experiment traced air pollution to "demonize motor vehicles, oil and gas operations." The lab "is quite literally our global mothership," said Katharine Hayhoe, a climate scientist and Distinguished Professor at Texas Tech University, in a post on X. "Nearly everyone who researches climate and weather -- not only in the U.S., but around the world -- has passed through its doors and benefited from its incredible resources." She continued: "NCAR supports the scientists who fly into hurricanes, the meteorologists who develop new radar technology, the physicists who envision and code new weather models, and yes -- the largest community climate model in the world. That too. Dismantling NCAR is like taking a sledgehammer to the keystone holding up our scientific understanding of the planet."
  
  
  Read more of this story at Slashdot.
  

• James Webb Space Telescope Confirms 1st 'Runaway' Supermassive Black Hole
  Longtime Slashdot reader schwit1 shares a report from Space.com: Astronomers have made a truly mind-boggling discovery using the James Webb Space Telescope (JWST): a runaway black hole 10 million times larger than the sun, rocketing through space at a staggering 2.2 million miles per hour (1,000 kilometers per second). That not only makes this the first confirmed runaway supermassive black hole, but this object is also one of the fastest-moving bodies ever detected, rocketing through its home, a pair of galaxies named the "Cosmic Owl," at 3,000 times the speed of sound at sea level here on Earth. If that isn't astounding enough, the black hole is pushing forward a literal galaxy-sized "bow-shock" of matter in front of it, while simultaneously dragging a 200,000 light-year-long tail behind it, within which gas is accumulating and triggering star formation. "It boggles the mind!" discovery team leader Pieter van Dokkum of Yale University told Space.com. "The forces that are needed to dislodge such a massive black hole from its home are enormous. And yet, it was predicted that such escapes should occur!" "This is the only black hole that has been found far away from its former home," van Dokkum said. "That made it the best candidate [for a] runaway supermassive black hole, but what was missing was confirmation. All we really had was a streak that was difficult to explain in any other way. With the JWST, we have now confirmed that there is indeed a black hole at the tip of the streak, and that it is speeding away from its former host." The research is currently available as a pre-peer-reviewed paper on arXiv.
  
  
  Read more of this story at Slashdot.
  

• Google Sues SerpApi Over Scraping and Reselling Search Data
  An anonymous reader quotes a report from Search Engine Land: Google said today that it is suing SerpApi, accusing the company of bypassing security protections to scrape, harvest, and resell copyrighted content from Google Search results. The allegations: Google said SerpApi: -Circumvented Google's security measures and industry-standard crawling controls.-Ignored website directives that specify whether content can be accessed.-Used cloaking, rotating bot identities, and large bot networks to scrape content at scale.-Took licensed content from Search features, including images and real-time data, and resold it for profit. What Google is saying. "Stealthy scrapers like SerpApi override [crawling] directives and give sites no choice at all," Google wrote, calling the alleged scraping "brazen" and "unlawful." Google said SerpApi's activity "increased dramatically over the past year." [...] If Google wins, reliable SERP data could become harder to get, more expensive, or both -- especially for teams that rely on tools powered by services like SerpApi. As AI already reduces clicks and transparency, Google now appears intent on making it even harder for brands to understand how Search works, how they appear in results, and how to measure success.
  
  
  Read more of this story at Slashdot.
  

• Airbus Moving Critical Systems Away From AWS, Google, and Microsoft Citing Data Sovereignty Concerns
  Airbus is preparing to tender a major contract to move mission-critical systems like ERP, manufacturing, and aircraft design data onto a digitally sovereign European cloud, citing national security concerns and fears around U.S. extraterritorial laws like the CLOUD Act. "I need a sovereign cloud because part of the information is extremely sensitive from a national and European perspective," Catherine Jestin, Airbus's executive vice president of digital, told The Register. "We want to ensure this information remains under European control." The Register reports: The driver is access to new software. Vendors like SAP are developing innovations exclusively in the cloud, pushing customers toward platforms like S/4HANA. The request for proposals launches in early January, with a decision expected before summer. The contract -- understood to be worth more than 50 million euros -- will be long term (up to ten years), with price predictability over the period. [...] Jestin is waiting for European regulators to clarify whether Airbus would truly be "immune to extraterritorial laws" -- and whether services could be interrupted. The concern isn't theoretical. Chief Prosecutor of the International Criminal Court (ICC) Karim Khan reportedly lost access to his Microsoft email after Trump sanctioned him for criticizing Israeli PM Benjamin Netanyahu, though Microsoft denies suspending ICC services. Beyond US complications, Jestin questions whether European cloud providers have sufficient scale. "If you asked me today if we'll find a solution, I'd say 80/20."
  
  
  Read more of this story at Slashdot.
  

• Stanford Computer Science Grads Find Their Degrees No Longer Guarantee Jobs
  Elite computer science degrees are no longer a guaranteed on-ramp to tech jobs, as AI-driven coding tools slash demand for entry-level engineers and concentrate hiring around a small pool of already "elite" or AI-savvy developers. The Los Angeles Times reports: "Stanford computer science graduates are struggling to find entry-level jobs" with the most prominent tech brands, said Jan Liphardt, associate professor of bioengineering at Stanford University. "I think that's crazy." While the rapidly advancing coding capabilities of generative AI have made experienced engineers more productive, they have also hobbled the job prospects of early-career software engineers. Stanford students describe a suddenly skewed job market, where just a small slice of graduates -- those considered "cracked engineers" who already have thick resumes building products and doing research -- are getting the few good jobs, leaving everyone else to fight for scraps. "There's definitely a very dreary mood on campus," said a recent computer science graduate who asked not to be named so they could speak freely. "People [who are] job hunting are very stressed out, and it's very hard for them to actually secure jobs." The shake-up is being felt across California colleges, including UC Berkeley, USC and others. The job search has been even tougher for those with less prestigious degrees. [...] Data suggests that even though AI startups like OpenAI and Anthropic are hiring many people, it is not offsetting the decline in hiring elsewhere. Employment for specific groups, such as early-career software developers between the ages of 22 and 25 has declined by nearly 20% from its peak in late 2022, according to a Stanford study. [...] A common sentiment from hiring managers is that where they previously needed ten engineers, they now only need "two skilled engineers and one of these LLM-based agents," which can be just as productive, said Nenad Medvidovic, a computer science professor at the University of Southern California. "We don't need the junior developers anymore," said Amr Awadallah, CEO of Vectara, a Palo Alto-based AI startup. "The AI now can code better than the average junior developer that comes out of the best schools out there." [...] Stanford students say they are arriving at the job market and finding a split in the road; capable AI engineers can find jobs, but basic, old-school computer science jobs are disappearing. As they hit this surprise speed bump, some students are lowering their standards and joining companies they wouldn't have considered before. Some are creating their own startups. A large group of frustrated grads are deciding to continue their studies to beef up their resumes and add more skills needed to compete with AI.
  
  
  Read more of this story at Slashdot.
  

• Ten Mistakes Marred Firewall Upgrade At Australian Telco, Contributing To Two Deaths
  An independent review found that at least ten technical and process failures during a routine firewall upgrade at Australia's Optus prevented emergency calls from reaching Triple Zero for 14 hours, during which 455 calls failed and two callers died. The Register reports: On Thursday, Optus published an independent report (PDF) on the matter written by Dr Kerry Schott, an Australian executive who has held senior management roles at many of the country's most significant businesses. The report found that Optus planned 18 firewall upgrades and had executed 15 without incident. But on the 16th upgrade, Optus issued incorrect instructions to its outsourced provider Nokia. [...] Schott summarized the incident as follows: "Three issues are clear during this incident. The first is the very poor management and performance within [Optus] Networks and their contractor, Nokia. Process was not followed, and incorrect procedures were selected. Checks were inadequate, controls avoided and alerts given insufficient attention. There appeared to be reticence in seeking more experienced advice within Networks and a focus on speed and getting the task done, rather than an emphasis on doing things properly." The review also found that Optus' call center didn't appreciate it could be "the first alert channel for Triple Zero difficulties." The document also notes that Australian telcos try to route 000 calls during outages, but that doing so is not easy and is made harder by the fact that different smartphones behave in different ways. Optus does warn customers if their devices have not been tested for their ability to connect to 000, and maintains a list of known bad devices. But the report notes Optus's process "does not capture so-called 'grey' devices that have been bought online or overseas and may not be compliant." "To have a standard firewall upgrade go so badly is inexcusable," the document states. "Execution was poor and seemed more focussed on getting things done than on being right. Supervision of both network staff and Nokia must be more disciplined to get things right."
  
  
  Read more of this story at Slashdot.
  

• Strava Puts Popular 'Year In Sport' Recap Behind an $80 Paywall
  An anonymous reader quotes a report from Ars Technica: Earlier this month, Strava, the popular fitness-tracking app, released its annual "Year in Sport" wrap-up -- a cutesy, animated series of graphics summarizing each user's athletic achievements. But this year, for the first time, Strava made this feature available only to users with subscriptions ($80 per year), rather than making it free to everyone, as it had been historically since the review's debut in 2016. This decision has roiled numerous Strava users, particularly those who have relished the app's social encouragement features. One Strava user in India, Shobhit Srivastava, "begged" Strava to "let the plebs see their Year in Sport too, please." He later explained to Ars that having this little animated video is more than just a collection of raw numbers. "When someone makes a video of you and your achievements and tells you that these are the people who stood right behind you, motivated you, cheered for you -- that feeling is of great significance to me!" he said by email. "Our goal was to give our users ample notice before the personalized Year In Sport was released," said Strava spokesperson Chris Morris. "With the relaunch of our subscription this year, we wanted to clarify the core benefits of Strava -- uploading activities, finding your community, sharing and giving kudos -- remain as accessible as possible."
  
  
  Read more of this story at Slashdot.
  

• TikTok Owner Signs Deal To Avoid US Ban
  TikTok's owner ByteDance has signed a deal creating a U.S.-focused joint venture majority-owned by American and global investors, allowing the app to avoid a U.S. ban while ByteDance retains a minority stake. The BBC reports: Half of the joint venture will be owned by a group of investors including Oracle, Silver Lake and the Emirati investment firm MGX, according to a memo sent by chief executive Shou Zi Chew. The deal, which is set to close on January 22, would end years of efforts by Washington to force ByteDance to sell its US operations over national security concerns. It is in-line with a deal unveiled in September, when US President Donald Trump delayed the enforcement of a law that would ban the app unless it was sold. TikTok said in the memo that the deal would enable "over 170 million Americans to continue discovering a world of endless possibilities as part of a vital global community." Under the agreement, ByteDance will retain 19.9% of the business, while Oracle, Silver Lake and Abu Dhabi-based MGX will hold 15% each. Another 30.1% will be held by affiliates of existing ByteDance investors, according to the memo.
  
  
  Read more of this story at Slashdot.
  

• YouTuber's Livestream Appears On White House Website
  The White House says it's investigating how a personal-finance YouTuber's livestream briefly appeared on the White House's official live video page. The creator says he has no idea how his video ended up there. The Associated Press reports: The livestream appeared for at least eight minutes late Thursday on whitehouse.gov/live, where the White House usually streams live video of the president speaking. It's unclear if the website was breached or the video was linked accidentally by someone in the government. The White House said in a statement that it was "aware and looking into what happened." The video that appeared on the government-run website featured some of a more than two-hour livestream from Matt Farley, who posts as @RealMattMoney, as he answered financial questions. Farley told The Associated Press on Friday that he had no idea what happened and learned about it after the fact. He said he had not been contacted by the government and didn't have any theories about how his livestream ended up on the website. He joked that he hoped President Donald Trump and his youngest son, Barron Trump, "are watching my streams and taking advice." "Had I known it would have been on the White House website, I probably would have had other things to talk about than personal finance," Farley said. When asked what other things he would discuss, Farley responded with a laugh and said: "What would you talk about with the world for eight minutes if you had an opportunity? I'm just some guy making YouTube videos about stocks."
  
  
  Read more of this story at Slashdot.
  

• Riot Games Is Making an Anti-Cheat Change That Could Be Rough On Older PCs
  An anonymous reader quotes a report from Ars Technica: At this point, most competitive online multiplayer games on the PC come with some kind of kernel-level anti-cheat software. As we've written before, this is software that runs with more elevated privileges than most other apps and games you run on your PC, allowing it to load in earlier and detect advanced methods of cheating. More recently, anti-cheat software has started to require more Windows security features like Secure Boot, a TPM 2.0 module, and virtualization-based memory integrity protection. Riot Games, best known for titles like Valorant and League of Legends and the Vanguard anti-cheat software, has often been one of the earliest to implement new anti-cheat requirements. There's already a long list of checks that systems need to clear before they'll be allowed to play Riot's games online, and now the studio is announcing a new one: a BIOS update requirement that will be imposed on "certain players" following Riot's discovery of a UEFI bug that could allow especially dedicated and motivated cheaters to circumvent certain memory protections. In short, the bug affects the input-output memory management unit (IOMMU) "on some UEFI-based motherboards from multiple vendors." One feature of the IOMMU is to protect system memory from direct access during boot by external hardware devices, which otherwise might manipulate the contents of your PC's memory in ways that could enable cheating. The patch for these security vulnerabilities (CVE-2025-11901, CVE-202514302, CVE-2025-14303, and CVE-2025-14304) fixes a problem where this pre-boot direct memory access (DMA) protection could be disabled even if it was marked as enabled in the BIOS, creating a small window during the boot process where DMA devices could gain access to RAM. The relative obscurity and complexity of this hardware exploit means that Vanguard isn't going to be enforcing these BIOS requirements on every single player of its games. For now, it will just apply to "restricted" players of Valorant whose systems, for one reason or another, are "too similar to cheaters who get around security features in order to become undetectable to Vanguard." But Riot says it's considering rolling the BIOS requirement out to all players in Valorant's highest competitive ranking tiers (Ascendant, Immortal, and Radiant), where there's more to be gained from working around the anti-cheat software. And Riot anti-cheat analyst Mohamed Al-Sharifi says the same restrictions could be turned on for League of Legends, though they aren't currently. If users are blocked from playing by Vanguard, they'll need to download and install the latest BIOS update for their motherboard before they'll be allowed to launch the game. Riot's new anti-cheat change could create problems for older PCs if the new anti-cheat change is expanded, notes Ars. The update relies on a BIOS patch to fix a UEFI flaw, and many older motherboards, especially Intel 300-series and AMD AM4 boards, may never receive that update. If Riot flags a system and the manufacturer doesn't provide a patched BIOS, players could be locked out of games despite having otherwise capable hardware.
  
  
  Read more of this story at Slashdot.
  

• Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two
  In Part One of this series, we examined how the SONiC control plane and the VPP data plane form a cohesive, software-defined routing stack through the Switch Abstraction Interface.` We outlined how SONiC’s Redis-based orchestration and VPP’s user-space packet engine come together to create a high-performance, open router architecture. In this second part, we’ll turn [0]
  
  The post Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One
  The networking industry is undergoing a fundamental architectural transformation, driven by the relentless demands of cloud-scale data centers and the rise of software-defined infrastructure. At the heart of this evolution is the principle of disaggregation: the systematic unbundling of components that were once tightly integrated within proprietary, monolithic systems.` This movement began with the separation [0]
  
  The post Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One appeared first on Linux.com.
  

• Kubernetes on Bare Metal for Maximum Performance
  When teams consider deploying Kubernetes, one of the first questions that arises is: where should it run? The default answer is often the public cloud, thanks to its flexibility and ease of use. However, a growing number of organizations are revisiting the advantages of running Kubernetes directly on bare metal servers. For workloads that demand [0]
  
  The post Kubernetes on Bare Metal for Maximum Performance appeared first on Linux.com.
  

• How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM
  This article was contributed by Vedrana Vidulin, Head of Responsible AI Unit at Intellias (LinkedIn). As AI becomes central to smart devices, embedded systems, and edge computing, the ability to run language models locally — without relying on the cloud — is essential. Whether its for reducing latency, improving data privacy, or enabling offline functionality, local AI [0]
  
  The post How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM appeared first on Linux.com.
  

• Automating Compliance Management with UTMStacks Open Source SIEM 8 XDR
  Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth. Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions [0]
  
  The post Automating Compliance Management with UTMStacks Open Source SIEM & XDR appeared first on Linux.com.
  

• A Simple Way to Install Talos Linux on Any Machine, with Any Provider
  Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence [0]
  
  The post A Simple Way to Install Talos Linux on Any Machine, with Any Provider appeared first on Linux.com.
  

• Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
  OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
  
  The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
  

• Project Tazama, A Project Hosted by LF Charities With Support From the Gates Foundation, Receives Digital Public Good Designation.
  Exciting news! The Tazama project is officially a Digital Public Good having met the criteria to be accepted to the Digital Public Goods Alliance ! Tazama is a groundbreaking open source software solution for real-time fraud prevention, and offers the first-ever open source platform dedicated to enhancing fraud management in digital payments. Historically, the financial [0]
  
  The post Project Tazama, A Project Hosted by LF Charities With Support From the Gates Foundation, Receives Digital Public Good Designation. appeared first on Linux.com.
  

• Xen 4.19 is released
  Xen Project 4.19 has been officially out since July 31st, 2024, and it brings significant updates. With enhancements in performance, security, and versatility across various architectures like Arm, PPC, RISC-V, and x86, this release is an important milestone for the Xen community. Read more at XCP-ng Blog
  
  The post Xen 4.19 is released appeared first on Linux.com.
  

• Advancing Xen on RISC-V: key updates
  At Vates, we are heavily invested in the advancement of Xen and the RISC-V architecture. RISC-V, a rapidly emerging open-source hardware architecture, is gaining traction due to its flexibility, scalability and openness, which align perfectly with our ethos of fostering open development ecosystems. Although the upstream version of Xen for RISC-V is not yet fully [0]
  
  The post Advancing Xen on RISC-V: key updates appeared first on Linux.com.
  

Engadget"Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics"

• The best Christmas gift ideas everyone on your 2025 holiday shopping list will love
  This time of year has a lot of merry and bright things to be excited about, but it can be stressful if you’re stumped on what to get your mom, dad, best friend, coworker or kids’ teacher as a holiday gift. Whether you enjoy or dread buying gifts for people, it’s safe to say we all want to give our loved ones things they will enjoy and appreciate. But there’s a lot of noise, junk and bad deals disguised as good deals to sift through as we get closer and closer to the holidays.
  
  Allow us at Engadget to help you through it. Here, you’ll find all of our holiday gift guides collected in one place, so you can more easily find the best Christmas gifts you need this year. Are you looking for white elephant gift ideas? Are you struggling to come up with a good gift for the father figure in your life? Are you just looking for a good board game to pick up for your own family? We’ve got you covered with gift ideas for all of those scenarios and more.
  Best white elephant gift ideas
  
  
  According to legend, the King of Siam would give a white elephant to courtiers who had upset them. The recipient had no choice but to simply thank the king for such an opulent gift, knowing that they likely could not afford the upkeep for such an animal. It would inevitably lead them to financial ruin. This story is almost certainly untrue, but it has led to a modern holiday staple: the white elephant gift exchange. These gift ideas will not only get you a few chuckles, but will also make your recipient feel (slightly) burdened.
  
  Read more: the best Nintendo Switch 2 accessories for even more ideas.
  
  Read more: The best Nintendo gifts for the holiday season
  Best retro gaming gifts
  
  
  The stream of new video games never ends, but for some of us, nothing beats the classics. If you don’t feel like hunting through eBay and local game shops for old cartridges to add to your loved one’s collection, we’ve picked out a few other gift ideas for the nostalgic gamer in your life — from video upscalers for old consoles to retro-themed books and artwork.
  
  Read more: The best retro gaming gifts for the holidays
  Best gifts for gamers
  
  
  The year may not be over, but 2025 is all but guaranteed to go down as one of the best 12 months in gaming history. Between releases like Hades 2, Hollow Knight: Silksong and Ghost of Yotei, to name just a few, there was truly something for everyone in 2025. Of course, that abundance also means it can be tricky to find a gift for the gamers in your life, especially if you9re not one yourself. Worry not — Engadget is here to help. We guarantee our guide will help you find the perfect gift for your friend or loved one.
  
  Read more: The best gifts for gamers
  Best gifts for moms
  
  
  Some moms really do mean it when they say they don’t need any gifts. But those same moms will probably appreciate getting something thoughtful and personal — a gift that shows you put in a bit of consideration. It’s tough to pin-point what that ideal gift is for any given mom, but we’ve got ideas to get you started. Since we spend our days testing and otherwise thinking about tech, most of the presents here have a gadget spin, but all of them are a heck of a lot more unique than a candle and a bath bomb.
  
  Read more: The best gifts for mom
  Best gifts for dads
  
  
  It9s not always easy to find gifts for dads, especially for those who are often quick to snap up whatever they need on their own. But even the geekiest and most well-informed dads have blind spots — the trick is to find something they9ve never heard of, but could actually make their lives useful. We9ve collected some of our favorite dadcore gift ideas, which would suit everyone from a complete gadgetphobe to a total techie.
  
  Read more: The best gifts for dads
  Best subscription box gifts
  
  
  Subscription boxes are the rare gift that keeps its charm long after the wrapping paper is gone. You make the choice once, but the surprises keep landing on their doorstep for months after that. For anyone who loves the buzz of a delivery, these are gifts that extend the season well past December. Each box on this list combines a bit of discovery with something tangible, such as gadgets, books, collectibles, snacks or clever projects. Some appeal to hardcore hobbyists, others to the curious or the comfort seekers, but all offer that same spark of delight that comes from unboxing something unexpected.
  
  Read more: The best subscription box gifts
  Best gifts for home cooks
  
  
  For home cooks, kitchen tools are the equipment that make all your favorite dishes and meals possible. And while having the fanciest gear certainly isn9t a requirement, it is really nice, which makes products like the ones here such great gifts. These are the kind of things that people want but might not be able to justify buying for themselves, or essential pieces that would be handy additions to any kitchen or pantry. So if you9re looking for present ideas for the chef in your life, check out our guide of tried and tested cooking tools and gadgets.
  
  Read more: The best cooking gifts
  Best gifts for coffee lovers
  
  
  When it comes to making coffee at home, us coffee nerds are constantly evolving. Whether the person you’re shopping for is newly indoctrinated into the world of small-batch roasters or obsessive over every possible aspect of every brewing process, we’ve compiled a list of the best coffee gear for any coffee geek this holiday season. For brewing, grinding and drinking, we’ve got multiple options at a range of prices to help expand any java geek’s horizons. And if you think the coffee aficionado on your list already has everything they need, we’ve got a recommendation for them too.
  
  Read more: The best gifts for coffee lovers
  Best gadgets for your pets
  
  
  We9re a pet-loving staff here at Engadget, with diverse distribution of cat people, dog people, other-small-fuzzy-creature people, bird feeder enjoyers and so on (at press time, I9m unsure if we have a rat person, but I9d be surprised if we didn9t). And, of course, we love getting new gadgets of all sorts for our pets as much as for ourselves. Our list, with gifts as low-tech as a blanket and as high-tech as the best $30 two-way camera you9ll ever use, is for the pet lover in your life — whether that9s you or another favorite human.
  
  Read more: The best gadgets for your pets
  
  Check out the rest of our gift ideas here.
  This article originally appeared on Engadget at https://www.engadget.com/the-best-christmas-gift-ideas-everyone-on-your-2025-holiday-shopping-list-will-love-170018978.html?src=rss

• AirTags are back on sale for $65 for a four-pack
  Most Apple products are pretty expensive, but some of the most affordable (and useful) ones are AirTags. The Bluetooth trackers are priced pretty reasonably even when not on sale, but they can be a steal if you can get them on a discount — like right now. A four pack of AirTags is on sale for $65 at Amazon, which is only a few dollars more than the record-low price we saw during Black Friday this year.
  
  
  
  If you place an order quickly, the AirTags should arrive in time for Christmas, making this a solid choice as a gift for someone with a tendency to misplace stuff. AirTags can also be useful for people who travel frequently, helping you to keep track of essentials like your passport as well as a way to keep tabs on luggage while you9re on the go.
  
  If you do purchase some AirTags, we have some recommendations for useful accessories to go along with them, such as different styles of cases to best attach the trackers to different types of items. These are worth looking over and adding to your shopping cart in order to make the most of the product. 
  
  AirTags have an IP67 rating for water and dust resistance and their replaceable batteries should last for about a year. They can also support Precision Finding, which gives more exact directions to a lost item, when paired with most models after the iPhone 11. Up to five people can share an AirTag9s location, which is helpful for families or large travel groups. 
  
  Follow @EngadgetDeals on X for the latest tech deals and buying advice.
  This article originally appeared on Engadget at https://www.engadget.com/deals/airtags-are-back-on-sale-for-65-for-a-four-pack-202333618.html?src=rss

• AirPods Pro 3 drop to a record low of $199
  If you haven9t yet upgraded to Apple9s AirPods Pro 3, you can pick up the company9s latest model at a discount through a deal on Amazon right now. The AirPods Pro 3, which came out in September, are currently down to $199. That9s $50 off and the best price we9ve seen. With the new AirPods Pro, Apple made some big improvements, including better battery life and sound quality, and introduced useful new features, such as Live Translation.
  
  
  
  The AirPods Pro 3 are the best AirPods available today, with Apple9s H2 chip, and earned a score of 90 out of 100 in Engadget9s review this fall. Active noise cancellation (ANC) is one of the biggest selling points of the AirPods Pro, and Apple has made the experience even better with the AirPods Pro 3. They sport new foam-infused ear tips that create a better seal to improve passive noise isolation, and as Engadget9s Billy Steele wrote in his review, "Ultra-low-noise microphones combine with advanced computational audio to silence even more background noise." In testing, they had no problem blocking out the chatter of people nearby or otherwise noisy environments.
  
  With the AirPods Pro 3, Apple introduced heart-rate sensing, so you9ll be able to see your heart rate data from the earbuds in the Fitness app and other workout apps. The AirPods Pro 3 also boast Live Translation, which you can activate via controls on the earbuds themselves. As long as you have an Apple Intelligence-capable device, you9ll be able to translate in-person conversations in English, French, German, Italian, Japanese, Korean, Portuguese, Spanish and Chinese (Mandarin).
  
  Follow @EngadgetDeals on X for the latest tech deals and buying advice.
  This article originally appeared on Engadget at https://www.engadget.com/deals/airpods-pro-3-drop-to-a-record-low-of-199-222806196.html?src=rss

• Google Assistant will stick around a bit longer than expected for some Android users
  Google wanted to remove Assistant from most Android phones by the end of 2025 and replace it with Gemini. But now the company has announced that it needs a bit more time to make its AI assistant the new default digital helper for most of its users. Google said that it9s adjusting its previously announced timeline to "make sure [it delivers] a seamless transition" and that updates to convert Assistant to Gemini on Android devices will continue into the next year. The company also said that it9s sharing more details in the "coming months," so it9s possible that the transition will go past early 2026.
  
  Assistant9s retirement was pretty much expected the moment Google launched Gemini and started giving it Assistant9s capabilities, such as the ability to control smart devices connected to your phone. It launched the Pixel 9 Series with Gemini as the default assistant back in 2024. The company has also been putting Gemini in all of its products and previously said that it plans to upgrade all "tablets, cars and devices that connect to your phone, such as headphones and watches" with the AI-powered chatbot. Devices do have to meet a few minimum requirements to get the upgrade, however, and must be running Android 10 and come with 2GB of RAM at the very least.
  This article originally appeared on Engadget at https://www.engadget.com/ai/google-assistant-will-stick-around-a-bit-longer-than-expected-for-some-android-users-130000178.html?src=rss

• Claude's Chrome plugin is now available to all paid users
  Anthropic is finally letting more people use Claude in Google Chrome. The company9s AI browser plugin is expanding beyond $200-per-month Max subscribers and is now available to anyone who pays for a Claude subscription. 
  
  The Claude Chrome plugin allows for easy access to Anthropic9s AI regardless of where you are on the web, but its real draw is how it lets Claude navigate and use websites on your behalf. Anthropic says that Claude can fill out forms, manage your calendar and email and complete multi-step workflows based on a prompt. The latest version of the plugin also features integration with Claude Code, Anthropic9s AI coding tool, and allows users to record a workflow and "teach" Claude how to do what they want it to do.
  Claude in Chrome is now available to all paid plans.
  
  We’ve also shipped an integration with Claude Code. pic.twitter.com/VLpB1qCntT
  — Claude (@claudeai) December 18, 2025
  Before agents were the buzzword du jour, "computer use," the ability for AI models to understand and interact with computer interfaces, was a major focus at Anthropic and other AI companies. Now computer use is just one tool in the larger tool bag for agents, but that understanding of what digital buttons to click and how to click them is what makes Claude9s Chrome plugin possible.
  
  OpenAI and Perplexity offer similar agentic capabilities in their respective ChatGPT Atlas and Comet browsers. At this point the only AI company not fully setting its AI models loose on a browser is Google. You can access Gemini in Google Chrome and ask questions about a webpage, but Google hasn9t yet let its AI model navigate or use the web on a user9s behalf. Those features, first demoed in Project Mariner, are presumably on the way.
  This article originally appeared on Engadget at https://www.engadget.com/ai/claudes-chrome-plugin-is-now-available-to-all-paid-users-221024295.html?src=rss

• Mark Zuckerberg's nonprofit cuts ties with the immigration advocacy group he co-founded
  Behold Mark Zuckerberg: man of principle. Witness the Meta CEO's dedication to the most high-minded of causes: "currying favor with whoever's in charge." In 2013, when Barack Obama was president, Zuckerberg co-founded reported on the Chan Zuckerberg Initiative (CZI) severing its ties with reacts to brown-skinned humans being sent to foreign gulags the way my dog responds to a juicy steak. Among other topics during the exchange, Miller reportedly questioned Zuckerberg's ties to Meta unleashed an overhaul that reads like a Miller wishlist. The company ended its diversity, equity and inclusion (DEI) programs. That same month, it ditched third-party fact-checkers, calling them "too politically biased." It also changed its policies to allow for "insulting language" on topics of immigration and LGBTQ+ issues. The company even added Trump backer Dana White to its board.
  
  It fits a broader pattern of Big Tech bending the knee to Trump.
  
  "We're in the middle of a pretty rapidly changing policy and regulatory landscape that views any policy that might advantage any one group of people over another as something that is unlawful," Zuckerberg told the New York Times in January. "Because of that, we and every other institution out there are going to need to adjust."
  
  "We now have a US administration that is proud of our leading companies, prioritizes American technology winning and that will defend our values and interests abroad," Zuckerberg said in a January investor call. "I am optimistic about the progress and innovation that this can unlock, so this is going to be a big year."
  
  What a big year indeed.
  US Chief Border Patrol Agent, Gregory Bovino and masked ICE agents in New OrleansRyan Murphy via Getty Images
  Now witness the contrasting words of one of Zuckerberg's chief rivals in Silicon Valley. "When you meet these [immigrant] children who are really talented, and they've grown up in America, and they really don't know any other country besides that, but they don't have the opportunities that we all enjoy, it's really heartbreaking, right?" the tech executive said. "That seems like it's one of the biggest civil rights issues of our time."
  
  That "rival," of course, was Obama-era Mark Zuckerberg in 2013.
  
  Despite the funding setback, thanks to our principled hero, FWD.us will press forward. "We're thankful to our donors, past and present, and so grateful to the many new donors who have stepped up in the past few years — and particularly the influx of new supporters we have seen this year," FWD.us President Todd Schulte said in a statement. "This allows us to fight for immigrants under attack today and to build a better approach to immigration and criminal justice reform for many, many years to come."
  
  Update, December 19, 2025, 1:19PM PT: This story was updated to include a statement from a spokesperson for the Chan Zuckerberg Initiative.
  This article originally appeared on Engadget at https://www.engadget.com/big-tech/mark-zuckerbergs-nonprofit-cuts-ties-with-the-immigration-advocacy-group-he-co-founded-183447900.html?src=rss

• Netflix is acquiring game avatar maker Ready Player Me
  Netflix is acquiring Estonian startup Ready Player Me, a company creating "cross-game avatar tech" that allows players to bring their digital personas with them to different games, the company9s CEO Timmu Tõke shared in a LinkedIn post. The acquisition is part of Netflix9s new games strategy, which puts an emphasis on approachable multiplayer titles and adaptations of the streaming service9s IP.
  
  Ready Player Me9s team of around 20 employees will be incorporated into Netflix9s staff, retreated from AAA development and its more ambitious projects. Other than the premiere of its take on HQ Trivia, Netflix9s last few game announcements of 2025 were focused on a collection of streamable party games, and a partnership with FIFA to release a new soccer sim in 2026. All of those projects could support avatars in one form or another, now Netflix just needs to decide how.
  This article originally appeared on Engadget at https://www.engadget.com/gaming/netflix-is-acquiring-game-avatar-maker-ready-player-me-204443001.html?src=rss

• Get up to 78 percent off ExpressVPN two-year plans for the holidays
  It looks like the holidays aren't a bad time to shop for a VPN subscription. ExpressVPN, Engadget's pick for the best premium provider, currently has a less premium price. This deal gives you two years of the Advanced plan (with a bonus of four free months) for only $101. When it isn't on sale, the same subscription would cost $392.
  
  Engadget's VPN guru, Sam Chapman, praised ExpressVPN's service. He described it as "high-performing" and having "very few flaws." The service received high marks for its speeds, easy-to-use interface and global network availability. The only significant mark against it was its relatively high standard pricing. But with this holiday sale, that criticism is (temporarily) null and void.
  
  
  
  ExpressVPN recently switched to a multi-tier pricing structure. (That previously mentioned Advanced plan is the mid-range one.) There's a cheaper Basic plan that allows 10 simultaneous devices (compared to the Advanced plan's 12) and doesn't include perks like a password manager. You can also choose the highest-priced Pro plan. It allows for 14 simultaneous devices and adds several extras. You can compare plans on ExpressVPN's website.
  
  When buying a two-year plan, the Basic tier is available for $2.79 per month (78 percent off). The Advanced plan is $3.59 per month (74 percent off). And the Pro plan is $5.99 per month (70 percent off). All three include the bonus of four additional months, giving you 28 total.
  
  Follow @EngadgetDeals on X for the latest tech deals and buying advice.
  This article originally appeared on Engadget at https://www.engadget.com/deals/get-up-to-78-percent-off-expressvpn-two-year-plans-for-the-holidays-194912043.html?src=rss

• The best iPad deals this week include the iPad mini for $100 off
  The iPad, of course, isn9t the only tablet computer out there — it wasn9t even the first — but Apple9s version redefined the category. In our opinion, it9s the best tablet you can buy and these slates consistently earn high scores in our reviews. That doesn9t mean you should have to pay full price for your next iPad. We are continually on the hunt for good deals on iPads (and other Apple gear while we9re at it) and each week, we round them up right there.
  
  Current discounts include the iPad miniand the 11-inch iPad Pro, each for $100 off the list price. Beyond iPads, are a few other Apple deals are going around, such as the latest AirPods Pro 3 for the lowest price yet at $199 and certain colors of the Apple Watch Series 11 for $299. Here are the best Apple deals we found this week.
  Best iPad deals
  
  
  the best iPads. Yes, it’s pricier than theentry-level iPad (A16), but its faster chip, extra RAM, laminated and more color-rich display, better speakers and superior accessory support add up to a more pleasant experience in day-to-day use. This isn9t the lowest price we9ve tracked — the price went as low as $450 just after Black Friday, but this is still $100 cheaper than buying directly from Apple.
  
  Best Buy and B&H.
  
  score of 85 in our review. Also at B&H.
  Best Apple deals
  
  
  best Bluetooth trackers for iPhone users thanks to their vast finding network and accurate ultra-wideband features for locating your things when they’re close by. Just attach them to your keys, wallet or bag with the right AirTag holder and keep track of everything in the Find My app.
  
  Best Buy for $85 if that runs out of stock. 
  
  
  
  score of 90 in our review last month: The big upgrade is an always-on display, which makes it so you no longer have to wake the watch to check the time or notifications. It still includes most of the essential health and fitness features beyond that, plus it now runs on the same chipset as the higher-end Apple Watch Series 11. Also at Walmart.
  
  USB-C model (which isn’t significantly discounted). Just note that it’s not compatible with the entry-level iPad and other older models. While this discount is only $5 below the device’s usual street price, it’s still the largest discount we’ve seen this year. Also at Walmart.
  
  
  
  score of 90 in our review. This deal on the base model with an M4 chip, 16GB of RAM and 256GB of storage is $10 more than the best deal we9ve seen but $20 less than the config9s typical street price. 
  
  The best AirPods
  
  The best Apple Watches
  
  The best MacBooks
  
  The best iPhones
  
  The best iPads
  
  Follow @EngadgetDeals on X for the latest tech deals and buying advice.
  This article originally appeared on Engadget at https://www.engadget.com/deals/the-best-ipad-deals-this-week-include-the-ipad-mini-for-100-off-150020342.html?src=rss

• Apple's USB-C Magic Mouse is back on sale for $68
  Amazon is selling Apple9s USB-C Magic Mouse for $68, which is a discount of 14 percent. This isn9t a record-low price, but it9s darned close. The mouse typically sells for $79, though today9s sale only applies to the white model.
  
  It9s rare for official Apple accessories to go on sale, and the USB-C Magic Mouse is pretty much a must-have for those working on desktop computers. It9s also fairly handy when combined with a laptop, letting folks avoid the trackpad.
  
  
  
  As the name suggests, this mouse charges via USB-C. Apple stuck with replaceable AA batteries for way too long, so this change was much appreciated. A charge should power the mouse for around a month, a metric I find to be more-or-less accurate depending on usage.
  
  This is a good mouse, and a great option for Apple devotees, but it9s not without its flaws. The biggest one is port placement. The USB-C port is underneath the mouse, rendering it unusable while charging. Bloomberg recently reported that a major redesign is coming for Apple9s wireless mouse that should address that issue.
  
  Follow @EngadgetDeals on X for the latest tech deals and buying advice.
  This article originally appeared on Engadget at https://www.engadget.com/deals/apples-usb-c-magic-mouse-is-back-on-sale-for-68-175424709.html?src=rss

• EU OS: A Bold Step Toward Digital Sovereignty for Europe
  Image
  A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
  What Is EU OS?
  EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
  
  Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
  The Vision Behind EU OS
  The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
  
  Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
  
  However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
  Conclusion
  EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
  
  Source: It's FOSS
  European Union

• Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
  
  In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
  
  On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
  
  Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
  
  The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
  
  Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
  
  You can download the latest kernel here.
  Linus Torvalds kernel

• AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
  Image
  AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
  
  This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
  
  Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
  
  Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
  
  Source: 9to5Linux
  AerynOS

• Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
  Image
  Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
  
  Here’s a quick overview of what’s new in Xojo 2025r1:
  1. Linux ARM IDE Support
  Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
  2. Web Drag and Drop
  One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
  3. Direct App Store Publishing
  Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
  4. New Desktop and Mobile Features
  This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
  5. Performance and IDE Enhancements
  Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
  What Does This Mean for Developers?
  Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
  How to Get Started
  Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
  
  Download Xojo 2025r1 today at xojo.com.
  Final Thoughts
  With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
  Xojo ARM

• New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
  
  Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
  
  Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
  
  Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest. 
  
  Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
  
  Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
  
  Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
  
  By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
  Windows

• Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
  
  The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally. 
  
  As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
  
  In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions. 
  
  After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
  
  The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
  
  At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
  
  The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
  Security

• Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
  
  The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
  
  A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
  
  This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem. 
  
  The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
  
  On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
  
  In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
  kernel

• Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
  
  Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
  
  The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
  
  Here is what Linus Torvalds had to say in today's announcement:
  Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds

• Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
  
  Want to interact with ChatGPT from your Linux desktop without using a web browser?
  
  Bavarder, a new app, allows you to do just that.
  
  Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
  
  With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
  
  During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
  
  At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
  
  As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
  
  Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
  ChatGPT AI

• LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
  
  Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
  
  Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
  
  LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
  
  You can download LibreOffice 7.5.3 directly from the LibreOffice website��or from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
  
  All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
  
  In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
  
  Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
  
  The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
  LibreOffice