|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- Debian 11 Apache2 Critical DoS Advisory DLA-4620-1 CVE-2026-49975
It was discovered that incorrect cookie header accounting in the HTTP/2 implementation of the Apache HTTP server may result in denial of service (excessive resources consumption). For Debian 11 bullseye, this problem has been fixed in version 2.4.67-1~deb11u2.
- Debian Tomcat9 Critical Auth Bypass DoS Advisory DLA-4619-1
Multiple security vulnerabilities have been discovered in Tomcat 9, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. In order to address certain vulnerabilities and restore the compatibility with Tomcat 9, an upgrade of the Tomcat native library, libtcnative-1, was required
- [$] Moving beyond fork() + exec()
Since the earliest days of Unix, two of the core process-oriented systemcalls have been fork(), which creates a child process as a copy ofthe parent, and exec(), which runs a new program in the place ofthe current one. In Linux kernels, those system calls are better known asclone()and execve(),but the core functionality remains the same. While there is elegance tothis process-creation model, there are shortcomings as well. A recent proposal fromLi Chen to add "spawn templates" to the kernel will not be accepted in itscurrent form, but it may point the way toward a new process-creationprimitive in the future.
- Ruby's Bundler adds a cooldown feature
Version4.0.13 of Ruby's Bundlerpackage-manager has addeddependency cooldowns in order to help mitigate the effect ofsupply-chain attacks:
Most supply-chain attacks against RubyGems exploit a narrow window:an account is compromised, a malicious version ships, and anybundle install in the minutes that follow resolvesstraight to it. Bundler 4.0.13 introduces cooldown, a time-basedfilter that refuses to resolve to a version until it has been publicfor at least N days. Releases too new to have been scrutinized arepassed over in favor of ones that have aged past the window.
The feature was designed inthe open, drawing on howother ecosystems approach the same problem. It is opt-in, andcomplements rather than replaces existing defenses like mandatory 2FAand trusted publishing.
LWN covereddependency cooldowns in April, and the takeover of RubyGems andBundler in October 2025.
- Security updates for Friday
Security updates have been issued by AlmaLinux (kernel), Debian (dovecot, exim4, frr, and haveged), Fedora (cockpit, freeipa, jpegxl, libre, nextcloud, perl-Cpanel-JSON-XS, perl-Crypt-Argon2, perl-Dist-Build, perl-ExtUtils-Builder, perl-ExtUtils-Builder-Compiler, perl-HTTP-Tiny, perl-libwww-perl, python-starlette, rubygem-yard, rust-sequoia-cert-store, rust-sequoia-chameleon-gnupg, rust-sequoia-octopus-librnp, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-wot, samba, and transmission), Red Hat (image-builder), Slackware (dnsmasq and libinput), SUSE (evince, glibc, google-guest-agent, hplip, ignition, LibVNCServer, libzypp, libsolv, python-Pillow, salt, thunderbird, and vim), and Ubuntu (apache2, linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-fips, linux-gcp, linux-gcp-5.15, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-kvm, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux-realtime, linux, linux-aws, linux-aws-fips, linux-azure, linux-azure-5.4, linux-azure-fips, linux-bluefield, linux-fips, linux-gcp, linux-gcp-5.4, linux-gcp-fips, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-azure, linux-azure-4.15, linux-azure-fips, linux-fips, linux-gcp-4.15, linux-gcp-fips, linux-kvm, linux-oracle, linux-aws-5.4, linux-hwe-5.4, linux-azure-fips, linux-fips, linux-raspi, linux-raspi-5.4, nano, postfix, robocode, tomcat6, tomcat7, and yard).
- Dave Airlie on Linux Kernel Maintenance (SE Radio)
The Software Engineering Radio podcast has put up aninterview with graphics maintainer Dave Airlie. Much of what is inthere will not be news to LWN readers, but it is an interesting overview ofthe life of a large-subsystem maintainer.
I was talking to a few of the Rust people, and I thought: these are very young people, these are a group of people in their 20s, maybe 30s, they are a younger cohort of developers than the people I am normally used to dealing with. I thought there was maybe a good way we could bring these groups together. I think that having young people coming into the kernel using Rust is valuable... So I thought that I should be supportive of bringing Rust into the kernel.
- [$] Splicing out vmsplice()
The splice()and vmsplice()system calls are meant to improve performance for certain data-movementtasks by minimizing (or avoiding altogether) system calls and the copyingof data. They also have a long history of security problems. The recentflood of LLM-discovered vulnerabilities has drawn attention, once again, tosplice() and vmsplice(); as a result, they may end upbeing removed altogether.
- One step forward, two steps back on CA age bill (EFF Deeplinks Blog)
The EFF has a blogpost looking at a new bill in California that would exemptopen-source operating systems from the Digital Age Assurance Actpassed last year, but has problems of its own:
While the open source exemption, if passed, would improve the law, theremaining amendments proposed by AB 1856 would require all webbrowsers and websites to request and collect users' ages. This is anexpansion of last year's AB 1043's age-bracketing system thatcompounds its constitutional harms to users' speech, privacy, andsecurity.
[...] EFF understands this amendment to exempt open-sourceoperating systems from the requirement to collect and transmit users'age-bracket data. That is a definite win for open-sourcedevelopers. The bill is narrower now than it was before, and lawmakersclearly responded to concerns raised by EFF and the broaderopen-source community.
Some important questions still remain—for example, it is unclearhow the law would apply when an open-source operating system isincorporated into a commercial product or service. And, given thestructure of where the exemption is placed under the "operating systemprovider" definition, lawmakers could stand to clarify that theexemption applies to open-source operating systems andapplications.
LWN coveredCalifornia's age-attestation law in March.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (.NET 10.0, compat-openssl10, compat-openssl11, delve, expat, httpd:2.4, libexif, mod_http2, openssl, ruby4.0, samba, thunderbird, unbound, and vim), Debian (ceph and sudo), Fedora (libsoup3, pie, roundcubemail, and xorg-x11-server-Xwayland), Mageia (lxc), Oracle (expat, gnutls, kernel, php:8.2, thunderbird, and uek-kernel), Slackware (httpd, net, proftpd, tigervnc, and xorg), SUSE (apache-sshd, apptainer, atril, bind, busybox, cloudflared, evolution-data-server, golang-github-prometheus-prometheus, golang-github-v2fly-v2ray-core, grafana, helm, kernel, libgphoto2-6, libjxl-devel, libsoup, libsoup-2_4-1, libsoup-3_0-0, memcached, ovmf, python-cairosvg, python-flask, python-pip, python-pymupdf, python-pyOpenSSL, python-urllib3, python-urllib3_1, python3-pyOpenSSL, restic, rsync, salt, sdbootutil, tor, tree-sitter, vorbis-tools, and yq), and Ubuntu (exim4, frr, gst-plugins-base1.0, libtemplate-perl, libwww-perl, mysql-8.0, nginx, python-pip, python-urllib3, and twisted).
- [$] LWN.net Weekly Edition for June 4, 2026
Inside this week's LWN.net Weekly Edition:
Front: MeshCore; x32 ABI; Open-source security; Package-manager metadata; More LSFMM+BPF coverage; Loadable crypto module. Briefs: Lightwell; jqwik protestware; RedHat package compromise; DistroWatch; Fedora election; Rust 1.96.0; rsync; Vim Classic 8.3; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- [$] Open-source security is not a solo activity
Over time, many open-source maintainers face the same problem: theylack the time to do all of the work that their project needs, and noone else is stepping up to provide adequate help. Maintainers, though,are often reluctant to throw in the towel. The result is suboptimalall around; the maintainer is stressed out, project quality suffers,and users face security risks that they may not be fully aware of. Atthe 2026 OpenSource Summit North America, Robin Bender Ginn spoke about thisproblem, when it might be time for maintainers to pass the torch, andthe responsibilities of users.
- [$] BPF in the agentic era
Alexei Starovoitov gave "less of a presentation, more of a scream ofrealization" at the BPF track of the 2026Linux Storage, Filesystem,Memory-Management, and BPF Summit. He shared a set of ideas for how BPF couldchange to avoid being swept away by the sea-change in programming represented by modernlarge language models (LLMs) and the coding agents based on them.In a follow-up session, the discussion coveredmore problems with how coding agents use tools like bpftrace, and the current deluge ofpatches in need of review in the BPF subsystem.
- Black Market Tinkerers on Facebook Marketplace Offer to Hide 'Recording Lights' on Meta Smartglasses
People are disabling the "recording light" on Meta's Ray-Ban smartglasses — "by my count, thousands of people," says tech journalist Joanna Stern in a new video report:STERN: "They're hiring people on Facebook Marketplace to drill out the light for as much as $100. According to our reporting, folks are offering this service in at least 30 states — despite Meta's attempts to stop it... In most states, we found multiple listings. In the New York and New Jersey area alone there were 23 listings." Stern watched a man in New Jersey disable and then conceal the light with a drill and dental probe in a New Jersey garage (a skill he learned watching YouTube and TikTok videos). He said the same day he'd already been contacted by eight more interested customers, and Stern also found at least 10 other people willing to do the same thing, just in New Jersey. "But what we found is they're all over the country." Meta sold 7 million smartglasses in 2025, but a Meta spokesperson insisted to the videomaker that a "majority" of their smartglasses owners aren't blocking the recording light. And furthermore, they added "We aggressively target anyone advertising tampering tools, have removed thousands of violating ads and Marketplace listings for these services, and pursue legal action when appropriate." (The reporter acknowledges "many" of the Marketplace ads disappeared after they brought them to Meta's attention — and Meta also said they were working with other retailers and sellers to take down listings for smartglasses-tampering parts.) The reporter also heard from one journalist who said they'd used it so they could record the activities of federal immigration agents without being targeted. "Others told me they just don't want people asking questions when they're recording." (There's video of one young man saying "It's already difficult enough to film in public. I don't want to have a blinking light on my face.") Tampering with smartglasses isn't illegal — though it is against Meta's Terms of Service, and could void your warranty. But a lawyer in the report says recording others without consent may be illegal, depending on a wide range of "jurisdictional nuances" like whether you live in an all-party consent state or a one-party consent state. "This seems to be our new reality," the report concludes: "more cameras, more microphones everywhere, and less certainty about who and what is recording." (Tech blogger John Gruber offered this assessment. "Using a Meta platform to find people to hack a Meta device so you can surreptitiously record strangers. So perfectly Meta.") Stern's report points out that "People are trying to fight back. Apps have popped up that use Bluetooth to scan for nearby camera glasses." (In the video one app-maker wonders why Meta isn't offering the same service themselves. "There are technical solutions to these problems.") Ironically, when I watched the report on YouTube, it was preceded by... an ad for Meta's Ray-Ban AI smartglasses.
 
Read more of this story at Slashdot.
- New Fortune 500 Rankings: Texas Overtakes California, But Amazon is #1, Beating Walmart
"Texas has dethroned California as the state with the most Fortune 500 companies," reports the Los Angeles Times:The Fortune 500 list ranks the largest U.S. companies by revenue. This year, 57 of the top companies are headquartered in Texas, compared with California's 56. It's a reversal from two years ago when the Golden State had the pole position... California's corporate haters say they try to avoid the state's high costs, income taxes and strict regulations, but the western state is still a top money maker. "California dominates on nearly every other measure: its Fortune 500 companies are the most profitable ($647 billion), most valuable ($20 trillion), and employ more people than any other state (2.8 million workers)," Fortune said in a news release. Indeed, despite the naysayers, Californian companies have been leading the world in developing artificial intelligence technology as well as the latest in space and defense tech. The state is home to nearly 400 "unicorns," or billion-dollar startups — more than any other state, according to CB Insights. It also gobbled up nearly two-thirds of U.S. venture capital last year, with San Francisco Bay Area startups such as OpenAI leading the way, according to the business information platform Crunchbase. Texas and California have been in a tug-of-war for the crown. In 2024, after a decade, California bagged the top spot with 57 companies on the list, while Texas and New York tied in second with 52 companies each... The fourth spot was tied between Illinois and Ohio, with 29 companies each. Amazon was the top company on the list, ending Walmart's 13-year reign at the top of the annual Fortune 500 companies list. Amazon's 2025 revenue was $716.9 billion, compared with Walmart's $713.2 billion. Seattle-headquartered Amazon joined Exxon Mobil, General Motors, and Walmart as the only four companies to have ever held the top position since Fortune began publishing the data in 1955.
Read more of this story at Slashdot.
- The Gamer-Rights Group Fighting to Make the Industry Stop Killing Games (Servers)
"Can a company take away something you've already paid for?" asks the BBC. "In the world of online video games, some already do."Publishers can decide to switch off a game's servers, often leaving it effectively unplayable. Stop Killing Games, a growing consumer rights campaign started by American YouTuber Ross Scott in 2024, is challenging that practice. In January, the group submitted a petition featuring nearly 1.3 million signatures to the European Commission, triggering a public hearing in the European Parliament in April. What began as an online campaign is now awaiting a decision from one of the EU's most powerful institutions... Scott's campaign began following an announcement from the major studio Ubisoft, saying it would shut down the online-only racing game The Crew in 2024... Ubisoft has already defended its position in court. Responding to a proposed class-action lawsuit brought by two The Crew players in California, the studio argued that customers had purchased a licence to use the game, not unlimited ownership rights, and that players had been warned online services would not be available forever. The lawsuit was dismissed without prejudice in June 2025, after the plaintiffs voluntarily withdrew the case. The wider games industry has also pushed back against the campaign. Video Games Europe, which represents many of the industry's largest publishers, said shutting down online services "must be an option" when games are no longer commercially viable. It also warned that some of the campaign's proposals could make online-only games significantly more expensive to develop. "In no way are we asking companies to keep servers running or services going, they can end it any time they want," said Scott. Instead, he and his fellow campaigners argue that when a game is shut down it should be done "responsibly", with publishers considering "end-of-life plans" such as updating the game to work offline or releasing software that allows players to continue running it. Two key points from the article:"In March, French consumer group UFC-Que Choisir launched legal action against Ubisoft over the shutdown of The Crew, arguing that players were misled about the permanence of their purchase and that some of the company's contract terms were unfair.""The European Commission must respond to the European Citizens' Initiative — the petition brought by the group — by 27 July."Thanks to Alain Williams — Slashdot reader #2,972 — for sharing the article.
Read more of this story at Slashdot.
- Winners Announced in 2026's 'International Obfuscated C Code Competition'
Yesterday 2026's International Obfuscated C Code Contest concluded, with 22 new winners announced in a special three-hour livestreamed ceremony! Started 42 years ago, it's been described as the internet's longest-running contest, with entrants concocting convoluted programs glorying in the C programming language's subtleties, all while having some fun. And "For IOCCC29, the volume and quality of submissions were at near-historic heights," explains its home page. There's a "Tetris-optimized" GameBoy emulator with source code that looks like a GameBoy, as well as a quasi-Rogue-like game voted "most likely to teleport." Awards were also given for the best imaginary emulator (a virtual machine in 366 bytes of C) and the best fractional emulator (a maze generator for the Commodore 64). But every one of the 22 winning programs seems wildly creative... Quine Pong. "Running the program produces the source code to generate the next frame, formatted to display the current frame. By repeatedly compiling and running each successive frame, you can play the game. To move, pass either "w" (up) or "e" (down) as an argument..." A winning Taiwanese programmer formatted their source code in the shape of a Tardis from Doctor Who — code that displays an intricate ASCII animation of Doctor Who's 1963 opening title sequence. One winning entry emulates an IBM 7040 mainframe, first converting a program (encoded in whitespace) into ASCII-character drawings of punchcards for a FORTRAN program — and then executing that program to calculate the light visible to an observer looking at black hole, ultimately creating an image. It's all recreating what astrophysicist Jean-Pierre Luminet had to do in 1978 to generate the first-ever simulated photograph of a black hole (on an IBM 7040 mainframe). "The entry can also run other FORTRAN programs — but "they must be provided as a deck of punch cards... Tools have been provided to convert to/from decks and to interpret...""We have added fun challenges to this year's winning entries competition..." the web site notes. "After you figure out what a given winning entry does, we encourage you to attempt the fun challenge!" Thanks to long-time Slashdot reader achowe for bringing the news (who has submitted winning entries in four different decades, starting in 1991 and continuing through 2025) — and who won again this year for a program simulating the Space Invaders-like game from Casio's 1980 MG-880 calculator. Follow the IOCCC on Mastodon.
Read more of this story at Slashdot.
- James Bond Videogame '007 First Light' Sells 3M Copies, Earns $150M
The new James Bond-themed videogame 007 First Light had a budget of 1.3 billion Danish krone — a little more than USD $202 million, reports IGN, citing a report from Denmark's public service broadcaster. "Denmark's TV 2 said that makes 007 First Light the most expensive entertainment product in the country's history" — and the game "still has some way to go before breaking even." 007 First Light is estimated to have sold 2.2 million copies, generating $150 million in revenue... [Saturday IGM reported sales had jumped to 3 million copies.] The only official sales data we have comes from developer IO Interactive, which said that 007 First Light had become the fastest-selling game in the company's history, shifting 1.5 million copies in its first 24 hours... The impressive sales milestone was achieved without the aid of the Nintendo Switch 2 version, which is due out this summer. The James Bond adventure is also the highest rated IOI game ever, with an 87 on Metacritic... The developer has said it wants to make a trilogy of James Bond games. Game-tracking company Alinea Analytics tweeted their estimates that 55.1% of sales were on PS5, 33.1% on Steam, and 11.8% on Xbox (Xbox console, Windows, and cloud combined). And Polygon reports that new downloadable game content was announced Friday.
Read more of this story at Slashdot.
- After Empty Promises, Will String Theory Find New Uses?
Science magazine reports:For decades, string theory promised a "theory of everything" that described all particles and forces as tiny vibrating strings. Physicists hoped it could also solve one of the field's deepest problems: reconciling quantum mechanics with gravity. But as string theory grew increasingly elaborate — and experimentally unreachable — many physicists lost hope. Now, some researchers are revisiting the theory from first principles. In a paper in press at Physical Review Letters, Clifford Cheung, a physicist at the California Institute of Technology, and colleagues lay out a small set of assumptions about the universe and show that they inevitably give rise to string theory.... Cheung's study, along with another one posted to arXiv in January, starts with two reasonably conservative assumptions: that the probabilities of all possible outcomes of an event add up to 100%, and that the laws of physics are consistent for observers moving at different speeds. Each group then posits additional assumptions that have not been borne out by observations. Cheung's analysis invokes "ultrasoftness," the idea that the probability of certain particle interactions drops off at a particular rate at high energies. The second study, led by University of Michigan physicist Henriette Elvang, instead assumes "supersymmetry," a maximal coupling between matter and forces. Both groups conclude the only theory that can satisfy their assumptions is one that looks like string theory... Cheung and Elvang stress that their aim is not to prove the inevitability of string theory. "I don't have a dog in the fight; I just work here," Cheung says. Rather, the goal is to explore the space of possible theories under rigid constraints — regardless of whether they reflect reality... The one thing the researchers all agree on is that the field would benefit from more alternative models to string theory. Cheung sees the agnostic, bottom-up exploration as a step in that direction. "You can either give up on the problem because it's too culturally toxic, or you can ask: If you want to find an alternative, what do you need?" he says. "Now, we know exactly what to do." Thanks to Slashdot reader sciencehabit for sharing the article.
Read more of this story at Slashdot.
- Reddit Ads Impersonate BBC and The Guardian to Push Fake AI Investment Schemes
A "growing wave" of Reddit's "promoted posts" are sending U.S. and European audiences to money-stealing scams that impersonate major news organizations including the BBC, the Financial Times, and The Guardian, according to new findings from Bitdefender Labs. "Domains are short-lived and rapidly rotated to evade detection," they write, noting that the impersonating sites apparently even use language "to falsely imply that the investment platform had been reviewed, approved, or vetted" by the legitimate site they're impersonating:The campaign promotes fake AI-powered investment platforms such as Wencoin STX, Warrior Coin AI, and Nevo Coin, using fabricated celebrity endorsements, cloned news websites, fake interviews, and invented financial success stories to lure victims into depositing money. Researchers Andrea Olariu and Emanuel Puscasu have identified multiple promoted Reddit posts masquerading as legitimate financial or breaking news stories. Some ads claimed that: — NVIDIA and OpenAI were "creating the future" — Heathrow police discovered hundreds of thousands of pounds in cash — Governments and banks were allegedly trying to "hide" a revolutionary AI investment platform — European regulators were "silencing" articles about AI trading systems Some Reddit ads delivered in video format, including what appeared to be a deepfake BBC news segment featuring a news anchor presenting fabricated financial headlines... Examples observed by researchers included: — Fake BBC pages discussing "$20 billion conversations" tied to AI investments — Fraudulent Financial Times articles about Heathrow airport cash seizures — Fake Guardian stories claiming governments were trying to suppress coverage of Wencoin STX or Nevo Coin The pages featured fabricated interviews, fake profit screenshots, manipulated banking documents, false testimonials, and even fictional journalists or business editors designed to make the scam look legitimate. In many cases, the content sought to create a sense of exclusivity or conspiracy, suggesting that banks, regulators, or governments were trying to suppress public access to the investment platform... Our researchers found that after users clicked links embedded within the fake Guardian articles, they were redirected to a registration form allegedly used to create a "Nevo Coin" investment account. The form requested personal contact information, including the victim's name, email address, and phone number. To increase pressure and encourage immediate action, the page warned that registration availability was limited, claiming that once all spots were filled, new user registrations would be suspended. And in the final stage, they're asked to deposit money...
Read more of this story at Slashdot.
- Donald Trump, Bernie Sanders And Sam Altman Are All Talking About Public Ownership In AI
U.S. Senator Bernie Sanders announced a plan for the public to take a 50% ownership stake in AI companies, remembers the Associated Press. And then OpenAI's Sam Altman "told Sanders that he, too, wants the public to have equity in AI companies." Though the CEO said he couldn't support Sanders' threshold of 50%, he nonetheless wanted to work with him to advocate for the general idea, according to people with knowledge of the conversation. The nearly hourlong meeting in Sanders' Senate office this week, held at Altman's request, highlighted the inherent tension between AI powerhouses and policymakers as Americans are increasingly asked to accept the costs of the AI boom even as they remain unconvinced of its direct benefits. Yet it's also creating odd political bedfellows fueled by populism as politicians from Sanders to President Donald Trump embrace giving the public a stake in AI's growth. Speaking to reporters on Air Force One on Friday, Trump described a potential partnership "where the American people can benefit from the success of AI" and said executives from leading AI companies will visit the White House, "probably next week," to discuss the idea. The article points out that Altman also met with congressional leaders from both of America's political parties.
Read more of this story at Slashdot.
- 'Steve Jobs In Exile' Remembers the Birth of the Web and 'Making Unix Taste Sweet'
Ars Technica shares some anecdotes from Steve Jobs in Exile, a new book released last month:[Author Geoffrey] Cain reminds us, in stunning detail, that Jobs' "exile" era at NeXT was not only critical to his evolution as a man and an entrepreneur, but that it mattered for the rest of us, too. The technological innovations that came out of NeXT — notably, the NeXTSTEP OS — continue to live on in what we now call both macOS and iOS. As Cain puts it, "NeXTSTEP was Steve's attempt to make Unix taste sweet...." [W]hile many tech nerds know that Tim Berners-Lee created the first World Wide Web server on a NeXT machine while working in Switzerland in 1990, few know that NeXT employees were wary of bringing the news to Jobs. Why? They feared his wrath "and that he would dismiss [the web] as 'shit.'" (In another timeline, NeXT might itself have capitalized on this world-changing innovation....) Perhaps one of the wildest anecdotes that Cain uncovered was how one voicemail changed computer history forever. In 1996, when Apple was solidly in its mediocre Performa era — and considering buying BeOS as the basis for its new operating system — a mid-level NeXT product manager asked aloud, "Why don't we just frickin' call Apple?" (NeXT was also struggling during this period.) And so someone did. As Cain writes: Garrett left the group of managers, walked back to his office, and took a risk. He picked up his designer phone and called the head of software at Apple. He left what he described as "one of my more inspired sales pitches" on the man's voicemail, explaining why Apple should be looking at NeXT instead of Be... In any other universe, Garrett's call might have gotten him fired. But in this timeline, it worked out. And thanks to him, Steve [Jobs] was about to enter Apple's airspace once again. Thanks to long-time Slashdot reader destinyland for sharing the article.
Read more of this story at Slashdot.
- Scientists Edited Human Embryo Genes. But Questions Remain
"A DNA-editing feat involving editing the genes of early stage embryos was announced this week," reports the Wall Street Journal. They describe the feat as "a far cry from designer babies, but nevertheless a step in that direction."Dieter Egli, an associate professor of developmental cell biology at Columbia University and his co-authors, including Nathan Treff of Nucleus Genomics, a New York-based DNA-testing startup, say the technology could help fix disease-causing mutations in embryos. "We're not throwing the final 'OK, you will have gene-edited babies tomorrow' at the public," said Egli. "That is a process that can occur through discussion matched with scientific progress...." Previous gene-editing efforts have often used Crispr, which can cut out parts of the DNA sequence, but the technology can also cause damage if the wrong DNA is targeted or cut out. In 2018, Chinese scientist He Jianku said he used Crispr to tweak DNA in human embryos and was imprisoned for the work. The technology Egli's group used, called base editing, allows them to target individual DNA letters in sequences more precisely with fewer adverse effects... Egli's group focused on altering two genes, one that can raise the risk of heart disease and one that is tied to blood disorders like sickle cell disease, and the research showed they were sometimes able to do so successfully, in the same embryo, without damage. "I am generally supportive of the concept of embryo editing to prevent genetic disease," said Dr. Paula Amato, a fertility expert at Oregon Health & Science University who wasn't involved in the research... Base editing has been used in human embryos before, according to peer-reviewed studies. The technology was used to correct a disease-causing mutation and an Alzheimer's disease-risk gene variant, said Alexis Komor, associate professor of biochemistry and molecular biophysics at the University of California, San Diego, who wasn't involved in the work. "There really is not any unmet medical or clinical need for this, especially from an in vitro fertilization perspective," Komor said. "Usually what you'll hear is that they're doing it just so that you know we can prevent genetic diseases, but there are so many other better ways to do that." Using embryo editing to create babies is illegal in the U.S. and many other countries. Scientists have long worried that it is a slippery slope and that the technology could ultimately be used to promote eugenics. Her worry is that "they're basically building a blueprint" for more ethically problematic forms of embryo editing."In my opinion, I think this is a huge no-no," Komor said. "There's just no ethical way to use this...." Nucleus Genomics Chief Executive Kian Sadeghi said his company plans to fund Egli's further research, building on the new findings. His company sells a polygenic embryo-screening product, which screens prospective parents' embryos and produces risk scores for their likelihood of developing disease, as well as factors like height, IQ and eye color. The company has said the IQ predictions are limited in accuracy. The research was published online Monday on a preprint server.
Read more of this story at Slashdot.
- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Mesa 26.2 Lands VK_GOOGLE_display_timing Support For Direct Display Mode
The VK_GOOGLE_display_timing extension for obtaining display timing information that can be useful for frame-pacing and eliminating micro-stuttering in games now has direct display mode support with KHR_display for the Mesa Vulkan drivers. This now merged addition immediately benefits the Intel ANV and Radeon RADV drivers as well as the PowerVR, Turnip, and V3DV drivers too...
- Linux 7.1-rc7 Adding More AMD Zen 6 CPU Models
Ahead of the Linux 7.1-rc7 test kernel release due out later today, a pull request has been submitted of some "x86 fixes" for this kernel release. Most notable with this pull request is acknowledging some additional AMD Zen 6 CPU models...
- Some Broadcom V3D Graphics Support On Path For Removed Over Lack Of Testing
Broadcom V3D 3.3 and V3D 4.1 graphics IP is set to be deprecated and removed from the V3D kernel graphics/display driver after the Mesa driver support was removed two years ago already. The situation in both cases amount to lack of hardware by developers for testing and with that likely no other known users of these particular Broadcom graphics in selects SoCs...
- Using Fedora Silverblue for compositor development
I’ve been using Fedora Silverblue on my desktop and laptop for the past, what, five years? Silverblue is Fedora’s main atomic variant, a spiritual counterpart to Fedora Workstation. I also make niri, a scrollable-tiling Wayland compositor. In other words, a core system component that you cannot properly test from inside a container or VM—you really want it directly on the host. So, why would I choose an… immutable distro? How does that even work? ↫ Ivan Molodetskikh That�s a great question, and as immutable or immutable-like Linux distributions become more popular and widespread � and eventually the default download option for many distributions, I�m sure � articles like these are quite important. I�m sure quite a few developers discarded the idea of using something like Silverblue because they assumed it wouldn�t be fit for purpose, but if the developer of Niri makes it work, I�m fairly sure anybody can.
- x86CSS: a working CSS-only x86 CPU/emulator/computer
x86CSS is a working CSS-only x86 CPU/emulator/computer. Yes, the Cascading Style Sheets CSS. No JavaScript required. What you�re seeing above is a C program that was compiled using GCC into native 8086 machine code being executed fully within CSS. ↫ Lyra Rebane Hand-written CSS, no JavaScript, and effectively no HTML. Wizardry.
- This mini PC with the latest RISC-V SoC might actually be worth it
RISC-V has been in the promising! phase for a long time now, especially for general purpose computing, never really breaking through into the mainstream in any measurable way. While I think that breakthrough is still relatively far away, we now do have newer RISC-V SoCs on the market supporting the RVA23 baseline RISC-V profile. One of them is the SpacemiT Key Stone KЗ, which promises to deliver a massive performance increase over previous RISC-V offerings. It�s exactly this chip that�s finding its way into complete, turnkey mini PC solutions, like this one from a company called Firefly. The base model comes with 8GB of LDDPR5 RAM and 128GB of storage, at a price of about €300 or so (there�s also a 32GB/128GB model at well over €600). This is the first time I�m looking at a complete RISC-V solution where I feel like it might actually make for a good moment to jump in for us enthusiasts. No, the performance won�t rival anything Intel or AMD has to offer, but it seems capable enough for a lot of day-to-day tasks, and I�m curious to see just how far along the Linux world is when it comes to RISC-V support. It�s not part of our current set of fundraiser incentives, but if you�d like to see this RISC-V mini PC reviewed here on OSNews, you can always donate and add a note that you specifically want to see such a review (so I can gauge interest not just from our few commenters, but also from the more than 99% of our readers who only lurk). As always, you can donate through Ko-Fi, or, if you�re European, via a SEPA direct bank transfer (Name: Thom Holwerda – IBAN: SE08 8000 0820 1684 4657 8414 – BIC: SWEDSESS).
- When su replaced login for becoming another UNIX login
I�ve mentioned it before, but Chris Siebenmann is basically the Raymond Chen of the UNIX world, and today he�s filling that role perfectly once again. I recently read Simon Tatham�s Nitpicking the shell history scene in Tron: Legacy, where one thing that surprised Tatham was the film using �login -n root� to become root instead of �su�. This surprised me because I found that perfectly ordinary, and this turns up both a bit of Unix history and a difference between modern Unixes. Plain �su� can let you become another user, including root, but what it explicitly doesn�t do by default is create a new login shell for that user. If you do �su root�, the new root shell normally inherits most of your environment, your current directory, and so on. Sometimes this is what you want and sometimes you really want a new login environment, and originally in Unix how you got the latter was to run �login� from your existing shell session (and this meant that login was setuid root, like su). ↫ Chris Siebenmann Unsurprisingly, this distinction has persisted to this day in various UNIX-like operating systems, but in different ways. Some maintain the explicit distinction, while others have more or less standardised on using su for both use cases. It�s an interesting bit of UNIX archeology.
- Roku launches open-source embedded Roku LT OS
Roku, the company that makes TV boxes and sells ad space based on your usage patterns, has released its remote control operating system as open source � and by remote control I don�t mean robot stuff or whatever, but actual remote controls, the thing you use to control your TV or whatever from the couch. Roku has announced the official availability of Roku LT OS � a lightweight, highly deterministic open-source operating system that is already used in our industry-changing Roku remote controls. In addition to high-performance automotive platforms, Roku LT OS is designed to be accessible to the broader developer community. The operating system ships with native support for the ESP32 platform, a highly popular SoC among hobbyists and makers. Because ESP32 development boards are widely available online for just a few dollars, developers can get started with Roku LT OS with minimal hardware investment. ↫ Roku�s developers blog As far as I can tell, this operating system is entirely new and not based on Linux or something else, but the available documentation is light on details so I can�t make much more out of it. Regardless, it�s nice to have another open source embedded operating system.
- The placeholder name for the Windows 8 experience was “modern”
Raymond Chen shares some history regarding Windows 8�s development: During the development of Windows`8, we needed a name for “that thing we’re creating.” Not being a particularly clever bunch when it comes to code names, we just called it “the modern experience,” to distinguish it from what we had in Windows`7, which was called “the classic experience.” And then, as Microspeak demands, we started abbreviating like mad. ↫ Raymond Chen Basically, they added mo! for modern! in front of everything, so the Metro shell became MoSh!, the Settings application MoSet!, and so on. And yes, the code name for the Photos application was exactly what it sounds like.
- Microsoft continues migration from NTLM to Kerberos
For the past few years, Microsoft has been phasing out NTLM in Windows in favor of Kerberos-based alternatives. Starting with the next versions of client and server editions of Windows, Microsoft will also be disabling the legacy authentication protocol by default. In the latest security baseline package for Windows Server 2025, the company is already allowing customers to audit incoming configurations. Now, it has announced a wave of changes to further reduce dependencies on NTLM. With an upcoming Insider release of Windows 11 client and server, certain scenarios which previously required NTLM will be able to fall back on Initial and Pass-Through Authentication using Kerberos (IAKerb) and Local Key Distribution Center (LocalKDC). ↫ Usama Jawad at Neowin I�m sure this is very important to IT Pros!.
- Microsoft brings coreutils to Windows
At its Build conference, Microsoft announced coreutils for Windows. Coreutils for Windows is a Microsoft-maintained set of UNIX-style command-line utilities that run natively on Windows — the same commands and pipelines you use on Linux, macOS, and WSL. It ships as a single multi-call binary that exposes each utility under its standard name (cat.exe, grep.exe, find.exe, and so on), giving you the everyday tools developers already use on other platforms to script, automate, and process text. For the full list, see Commands. The goal is to remove friction when moving between Linux, macOS, WSL, containers, and Windows. The same commands, flags, and pipelines work the same way, so existing scripts and habits carry over without translation. Each command supports the standard --help flag for full syntax and options. ↫ Windows Developer Tools website It�s a port of the Rust-based rewrite of the GNU coreutils, findutils, and grep. There are a few caveats though, since these ports have to deal with a number of Windows-isms. The first thing that comes to mind for most of us are path separators; these ports will handle both the correct and incorrect Windows/DOS one, but since some tools may output only the incorrect one this may affect piping. You should also take into account things like Windows� ACLs vs. POSIX permission bits, the lack of /dev/null, and a few other oddities. Furthermore, there are a bunch of commands that rely on POSIX-only concepts, so those aren�t included, and a few other commands that aren�t useful on Windows are excluded as well. Since a number of commands conflict with built-in commands from cmd.exe and PowerShell, which commands run will depend on the shell, the PATH order, and PowerShell�s alias table. Everything�s in preview, and installable through WinGet.
- Basic multicore support for DOS demo uncovered
On the Vogon forums, user MarkDastedt posted an interesting bit of source code he discovered on an old company DVD: a very basic, very rudimentary implementation of multicore support for DOS. Another user, dartfrog, took a closer look and had this to say: Interesting stuff nonetheless. A worker core is running with no interrupt handlers, no page tables, no memory protection, and no OS. That�s about as close to bare metal as you can get, meanwhile the other core is still running DOS. Fascinating. ↫ MarkDastedt at the Vogon forums It�s effectively a simple demo, but according to other users in the thread, it fits in neatly with sporadic other attempts to bring some form of SMP or multicore-awareness to DOS. For instance, Michael Chourdakis worked on something similar to this demo for a series of articles now only available on the Wayback Machine. It makes for a cool demo, but moving from this to something robust and usable in DOS is not an easy task. Still, the possibilities are definitely there, even if you don�t implement full, modern SMP or multicore support. You could have specific DOS applications offloading dedicated tasks to different cores, but as others in the same thread note, individual cores are already stupidly powerful for anything DOS can do, making the use case for additional cores rather moot.
- Serena OS: a modern operating system for classic Amigas
A hobby operating system, not written in Rust, not targeting Qemu, not targeting a Raspberry Pi. Yes, it still happens. Serena OS is what you get when modern operating system design and implementation meets vintage hardware like the Amiga computers. It is based on dispatch queues rather than threads, supports multiple users, is inspired by POSIX, yet retains its own character, is strongly object-oriented in terms of design and implementation and prepared for a cross platform future. ↫ Serena OS GitHub page Serena OS supports most (all?) of the classic Amigas, but the 500, 600, and 2000 need at least 1MB of RAM and a 68020 accelerator. It has code privilege separation between kernel and userspace, basic memory management, its own custom file system, drivers for input devices and graphics, an interactive console with VT52 and VT100 support, and much more. It also comes with a C99-compatible libc, and has its own shell. Note that AI! chatbot Claude is listed as a contributor to the project.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
- KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
|
