All the News that Matters

• Debian 11 libuev Critical Buffer Overrun Vulnerability DLA-4454-1
  An issue has been found in libuev, a lightweight event loop library for Linux. The issue is related to a possible buffer overrun in uev_run(). For Debian 11 bullseye, this problem has been fixed in version 2.3.1-1+deb11u1. We recommend that you upgrade your libuev packages.

• Debian OpenJDK DSA-6110-1 Critical Cert Validation Man-in-the-Middle Attack
  Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in incorrect certificate validation, CRLF injection or man-in-the-middle attacks. For the oldstable distribution (bookworm), these problems have been fixed in version 17.0.18+8-1~deb12u1.

• openSUSE Leap 16.0 Chromium Moderate Race Condition CVE-2026-1220
  An update that solves one vulnerability and has 2 bug fixes can now be installed.

• openSUSE Leap 16.0 coredns Important Fix 2026-20099-1 CVE-2024-51744
  An update that solves 4 vulnerabilities and has 5 bug fixes can now be installed.

• openSUSE Leap 15.5 libxml2 Security Notice openSUSE-SU-2026:30016-2
  An update that solves one vulnerability and has one bug fix can now be installed.

• Linux 22.10 MariaDB Server Update Build 2043:11234-2 CVE-2026-27820
  An update that solves one vulnerability and has one bug fix can now be installed.

• Linux 6.19-rc7 Released With Kernel Continuity Plan, A Few Important Fixes
  The Linux 6.19 kernel remains on track for its official release two weeks from today, with the extra RC being baked in due to the end of year holidays. Out today is Linux 6.19-rc7 with a few changes worth highlighting for the week...

• CachyOS January 2026 Release Brings Installer Rework and Wayland by Default
  Arch-based CachyOS's January 2026 update lands with a reworked installer, Wayland Live ISO, Plasma Login Manager, and gaming and hardware improvements.

• LACT 0.8.4 Brings Improved Overclocking UI For GPUs On Linux
  In the absence of any official GUI control panel from AMD or Intel for their graphics cards on Linux, LACT remains a popular choice particularly for AMD Radeon Linux gamers/enthusiasts to manage various aspects of their GPU from a convenient UI. LACT also supports Intel GPUs and some features on NVIDIA GPUs too. Out today is LACT 0.8.4 for further enhancing this third-party GPU driver user interface...

• Stress test Deepin 25.010 via build CachyOS Kernel 6.18.7 (VENV)
  Because Deepin is Debian-based, we would use the linux-cachyos-deb tool provided by the community to generate compatible .deb files. See for instance https://itsfoss.com/news/cachyos-kernel-builder/ . Notice also that current Deepin's modules names and dependencies appear to be the same as on Debian 13.3 at least during attempt to setup KVM Hypervisor, Libvirtd service and related tools as virt-manager.

• Bottles 61 Turns Into an Analysis Tool With the New Eagle Feature
  Bottles 61 introduces Eagle, a new analysis tool that deeply inspects Windows executables to improve Wine and Proton compatibility on Linux.

• Focusrite Forte USB Audio Interface To Be Supported By Linux 7.0
  The Focusrite Forte 2-in, 4-out USB audio interface as a portable audio recording solution will be supported by the mainline Linux 7.0 kernel. The patches are queued in the Linux kernel's sound subsystem development tree. While a convenient little device, the Focusrite Forte is no longer manufactured but can still be found used online...

• GIMP 3.0.8 Image Editor Released with Wayland and Font Handling Improvements
  The GIMP project released GIMP 3.0.8 today as the latest stable update in the GIMP 3.0 series of this widely used open-source, cross-platform, and free image manipulation program.

• Servo 0.0.4 Browser Engine Released & Finally Supporting Multiple Windows
  Servo 0.0.4 is out today as the newest monthly update to this open-source, Rust-based web browser engine. Building off recent Servo embedding API additions, Servo 0.0.4 introduces support for multiple browser windows...

• How an experienced developer teamed up with Claude to create Elo programming language
  Bernand Lambeau, the human half of a pair programming team, explains how he's using AIfeature Bernard Lambeau, a Belgium-based software developer and founder of several technology companies, created a programming language called Elo with the help of Anthropic's Claude Code.…

• Incus 6.21 Container & Virtual Machine Manager Released
  With Incus 6.21, users get a new incus wait command, smarter SR-IOV NIC handling, and stronger access controls.

• KDE's 'Plasma Login Manager' Stops Supporting FreeBSD - Because Systemd
  KDE's "Plasma Login Manager" is apparently dropping support for FreeBSD, the Unix-like operating system, reports the blog It's FOSS. They cite a recently-accepted merge request from a KDE engineer to drop the code supporting FreeBSD, since the login manager relies on systemd/logind:systemd and logind look like hard dependencies of the login manager, which means the software is built to work exclusively with these components and cannot function without them... logind is a component of systemd that is responsible for user session management... This doesn't mean that KDE has abandoned the operating system altogether. FreeBSD users can still run the KDE Plasma desktop environment and continue using SDDM, the current login manager that works just fine on such systems. The article argues FreeBSD users "won't really care much for missing out on this as they have plenty of login manager options available."
  
  
  Read more of this story at Slashdot.
  

• Washington State May Mandate 'Firearm Blueprint Detection Algorithms' For 3D Printers
  Adafruit managing director Phillip Torrone (also long-time Slashdot reader ptorrone ) writes: Washington State lawmakers are proposing bills (HB 2320 and HB 2321) that would require 3D printers and CNC machines to block certain designs using software-based "firearms blueprint detection algorithms." In practice, this means scanning every print file, comparing it against a government-maintained database, and preventing "skilled users" from bypassing the system. Supporters frame this as a response to untraceable "ghost guns," but even federal prosecutors admit the tools involved are ordinary manufacturing equipment. Critics warn the language is overbroad, technically unworkable, hostile to open source, and likely to push printing toward cloud-locked, subscription-based systems—while doing little to stop criminals.
  
  
  Read more of this story at Slashdot.
  

• Google Discover Replaces News Headlines With Sometimes Inaccurate AI-Generated Alternatives
  An anonymous reader shared this report from The Verge:In early December, I brought you the news that Google has begun replacing Verge headlines, and those of our competitors, with AI clickbait nonsense in its content feed [which appears on the leftmost homescreen page of many Android phones and the Google app's homepage]. Google appeared to be backing away from the experiment, but now tells The Verge that its AI headlines in Google Discover are a feature, one that "performs well for user satisfaction." I once again see lots of misleading claims every time I check my phone... For example, Google's AI claimed last week that "US reverses foreign drone ban," citing and linking to this PCMag story for the news. That's not just false — PCMag took pains to explain that it's false in the story that Google links to...! What does the author of that PCMag story think? "It makes me feel icky," Jim Fisher tells me over the phone. "I'd encourage people to click on stories and read them, and not trust what Google is spoon-feeding them." He says Google should be using the headline that humans wrote, and if Google needs a summary, it can use the ones that publications already submit to help search engines parse our work. Google claims it's not rewriting headlines. It characterizes these new offerings as "trending topics," even though each "trending topic" presents itself as one of our stories, links to our stories, and uses our images, all without competent fact-checking to ensure the AI is getting them right... The AI is also no longer restricted to roughly four words per headline, so I no longer see nonsense headlines like "Microsoft developers using AI" or "AI tag debate heats." (Instead, I occasionally see tripe like "Fares: Need AAA & AA Games" or "Dispatch sold millions; few avoided romance.") But Google's AI has no clue what parts of these stories are new, relevant, significant, or true, and it can easily confuse one story for another. On December 26th, Google told me that "Steam Machine price & HDMI details emerge." They hadn't. On January 11th, Google proclaimed that "ASUS ROG Ally X arrives." (It arrived in 2024; the new Xbox Ally arrived months ago.) On January 20th, it wrote that "Glasses-free 3D tech wows," introducing readers to "New 3D tech called Immensity from Leia" — but linking to this TechRadar story about an entirely different company called Visual Semiconductor... Google declined our request for an interview to more fully explain the idea. The site Android Police spotted more inaccurate headlines in December:A story from 9to5Google, which was actually titled 'Don't buy a Qi2 25W wireless charger hoping for faster speeds — just get the 'slower' one instead' was retitled as 'Qi2 slows older Pixels.' Similarly, Ars Technica's 'Valve's Steam Machine looks like a console, but don't expect it to be priced like one' was changed to 'Steam Machine price revealed.' At the time, we believed that the inaccuracies were due to the feature being unstable and in early testing.... Now, Google has stopped calling Discover replacing human-written headlines as an "experiment." "Google buries a 'Generated with AI, which can make mistakes' message under the 'See more' button in the summary," reports 9to5Google, "making it look like this is the publisher's intended headline."While it is obvious that Google has refined this feature over the past couple of months, it doesn't take long to still find plenty of misleading headlines throughout Discover... Another article from NotebookCheck about an Anker power bank with a retractable cable was given a headline that's about another product entirely. A pair of headlines from Tom's Hardware and PCMag, meanwhile, show the two sides of using AI for this purpose. The Tom's Hardware headline, "Free GPU & Amazon Scams," isn't representative of the actual article, which is about someone who bought a GPU from Amazon, canceled their order, and the retailer shipped it anyway. There's nothing about "Amazon Scams" in the article.
  
  
  Read more of this story at Slashdot.
  

• Gasoline Out of Thin Air? It's a Reality!
  Can Aircela's machine "create gasoline using little more than electricity and the air that we breathe"? Jalopnik reports...The Aircela machine works through a three-step process. It captures carbon dioxide directly from the air... The machine also traps water vapor, and uses electrolysis to break water down into hydrogen and oxygen... The oxygen is released, leaving hydrogen and carbon dioxide, the building blocks of hydrocarbons. This mixture then undergoes a process known as direct hydrogenation of carbon dioxide to methanol, as documented in scientific papers. Methanol is a useful, though dangerous, racing fuel, but the engine under your hood won't run on it, so it must be converted to gasoline. ExxonMobil has been studying the process of doing exactly that since at least the 1970s. It's another well-established process, and the final step the Aircela machine performs before dispensing it through a built-in ordinary gas pump. So while creating gasoline out of thin air sounds like something only a wizard alchemist in Dungeons & Dragons can do, each step of this process is grounded in science, and combining the steps in this manner means it can, and does, really work. Aircela does not, however, promise free gasoline for all. There are some limitations to this process. A machine the size of Aircela's produces just one gallon of gas per day... The machine can store up to 17 gallons, according to Popular Science, so if you don't drive very much, you can fill up your tank, eventually... While the Aircela website does not list a price for the machine, The Autopian reports it's targeting a price between $15,000 and $20,000, with hopes of dropping the price once mass production begins. While certainly less expensive than a traditional gas station, it's still a bit of an investment to begin producing your own fuel. If you live or work out in the middle of nowhere, however, it could be close to or less than the cost of bringing gas to you, or driving all your vehicles into a distant town to fill up. You're also not limited to buying just one machine, as the system is designed to scale up to produce as much fuel as you need. The main reason why this process isn't "something for nothing" is that it takes twice as much electrical energy to produce energy in the form of gasoline. As Aircela told The Autopian " Aircela is targeting >50% end to end power efficiency. Since there is about 37kWh of energy in a gallon of gasoline we will require about 75kWh to make it. When we power our machines with standalone, off-grid, photovoltaic panels this will correspond to less than $1.50/gallon in energy cost." Thanks to long-time Slashdot reader Quasar1999 for sharing the news.
  
  
  Read more of this story at Slashdot.
  

• Richard Stallman Critiques AI, Connected Cars, Smartphones, and DRM
  Richard Stallman spoke Friday at Atlanta's Georgia Institute of Technology, continuing his activism for free software while also addressing today's new technologies. Speaking about AI, Stallman warned that "nowadays, people often use the term artificial intelligence for things that aren't intelligent at all..." He makes a point of calling large language models "generators" because "They generate text and they don't understand really what that text means." (And they also make mistakes "without batting a virtual eyelash. So you can't trust anything that they generate.") Stallman says "Every time you call them AI, you are endorsing the claim that they are intelligent and they're not. So let's let's refuse to do that." "So I've come up with the term Pretend Intelligence. We could call it PI. And if we start saying this more often, we might help overcome this marketing hype campaign that wants people to trust those systems, and trust their lives and all their activities to the control of those systems and the big companies that develop and control them." "By the way, as far as I can tell, none of them is free software." When it comes to today's cars, Stallman says they contain "malicious functionalities... Cars should not be connected. They should not upload anything." (He adds that "I am hoping to find a skilled mechanic to work with me in a project to make disconnected cars.") And later Stallman calls the smartphone "an Orwellian tracking and surveillance device," saying he refuses to own one. (An advantage of free software is that it allows the removal of malicious functionalities.) Stallman spoke for about 53 minutes — but then answered questions for nearly 90 minutes longer. Here's some of the highlights...
  
  
  Read more of this story at Slashdot.
  

• US Congress Fails to Repeal 'Kill Switch' for Cars Mandate
  Newsweek reports on how the U.S. Congress is debating "kill switch" technology for vehicles, "which would be able to monitor diver behavior, detect impairment such as intoxication and intervene..." "While the technology is not yet a legal requirement in cars, Congress passed a law with the Infrastructure Investment and Jobs Act in 2021 that requires the Department of Transportation to create the mandate."Republican Representative Thomas Massie of Kentucky introduced an amendment to a federal spending bill that would reverse the mandating of the technology. On Thursday, 160 Republicans voted in favor, but the legislation failed 164-268, according to the House Clerk's official roll call — with 57 Republicans joining 211 Democrats in voting against it... The House vote signals substantial Republican support for curbing any move toward mandated impaired-driving prevention systems, but not enough to pass such legislation. Critics of the kill switch technology see it as government overreach, while those in favor argue that it could prove to be lifesaving. Thanks to long-time Slashdot reader SonicSpike for sharing the article.
  
  
  Read more of this story at Slashdot.
  

• The Android 'NexPhone': Linux on Demand, Dual-Boots Into Windows 11 - and Transforms Into a Workstation
  The "NexDock" (from Nex Computer) already turns your phone into a laptop workstation. Purism chose it as the docking station for their Librem 5 phones. But now Nex is offering its own smartphone "that runs Android 16, launches Debian, and dual-boots into Windows 11," according to the blog It's FOSS:Fourteen years after the first concept video was teased, the NexPhone is here, powered by a Qualcomm QCM6490, which, the keen-eyed among you will remember from the now-discontinued Fairphone 5. By 2026 standards, it's dated hardware, but Nex Computer doesn't seem to be overselling it, as they expect the NexPhone to be a secondary or backup phone, not a flagship contender. The phone includes an Adreno 643 GPU, 12GB of RAM, and 256GB of internal storage that can be expanded up to 512GB via a microSD card. In terms of software, the NexPhone boots into NexOS, a bloatware-free and minimal Android 16 system, with Debian running as an app with GPU acceleration, and Windows 11 being the dual-boot option that requires a restart to access. ["And because the default Windows interface isn't designed for a handheld screen, we built our own Mobile UI from the ground up to make Windows far easier to navigate on a phone," notes a blog post from Nex founder/CEO Emre Kosmaz]. And, before I forget, you can plug the NexPhone into a USB-C or HDMI display, add a keyboard and mouse to transform it into a desktop workstation. There's a camera plus "a comprehensive suite of sensors," according to the article, "that includes a fingerprint scanner, accelerometer, magnetometer, gyroscope, ambient light sensor, and proximity sensor.... "NexPhone is slated for a Q3 2026 release (July-September)..." Back in 2012, explains Nex founder/CEO Emre Kosmaz, "most investors weren't excited about funding new hardware. One VC even told us, 'I don't understand why anyone buys anything other than Apple'..."Over the last decade, we kept building and shipping — six generations of NexDock — helping customers turn phones into laptop-like setups (display + keyboard + trackpad). And now the industry is catching up faster than ever. With Android 16, desktop-style experiences are becoming more native and more mainstream. That momentum is exactly why NexPhone makes sense today... Thank you for being part of this journey. With your support, I hope NexPhone can help move us toward a world where phones truly replace laptops and PCs — more often, more naturally, and for more people.
  
  
  Read more of this story at Slashdot.
  

• The Case Against Small Modular Nuclear Reactors
  Small modular nuclear reactors (or SMRs) are touted as "cheaper, safer, faster to build and easier to finance" than conventional nuclear reactors, reports CNN. Amazon has invested in X-Energy, and earlier this month, Meta announced a deal with Oklo, and in Michigan last month, Holtec began the long formal licensing process for two SMRs with America's Nuclear Regulatory Commission next to a nuclear plant it hopes to reactive. (And in 2024, California-based Kairos Power broke ground in Tennessee on a SMR "demo" reactor.) But "The reality, as ever, is likely to be messier and experts are sounding notes of caution..."All the arguments in favor of SMRs overlook a fundamental issue, said Edwin Lyman, director of nuclear power safety at the Union of Concerned Scientists: They are too expensive. Despite all the money swilling around the sector, "it's still not enough," he told CNN. Nuclear power cannot compete on cost with alternatives, both fossil fuels and increasingly renewable energy, he said." Some SMRs also have an issue with fuel. The more unconventional designs, those cooled by salt or gas, often require a special type of fuel called high-assay low-enriched uranium, known as HALEU (pronounced hay-loo). The amounts available are limited and the supply chain has been dominated by Russia, despite efforts to build up a domestic supply. It's a major risk, said Nick Touran [a nuclear engineer and independent consultant]. The biggest challenge nuclear has is competing with natural gas, he said, a "luxury, super expensive fuel may not be the best way." There is still stigma around nuclear waste, too. SMR companies say smaller reactors mean less nuclear waste, but 2022 research from Stanford University suggested some SMRs could actually generate more waste, in part because they are less fuel efficient... As companies race to prove SMRs can meet the hype, experts appear to be divided in their thinking. For some, SMRs are an expensive — and potentially dangerous — distraction, with timelines that stretch so far into the future they cannot be a genuine answer to soaring needs for clean power right now. Nuclear engineering/consultant Touran told CNN the small reactors are "a technological solution to a financial problem. No venture capitalists can say, like, 'oh, sure, we'll build a $30 billion plant.' But, if you're down into hundreds of millions, maybe they can do it."
  
  
  Read more of this story at Slashdot.
  

• The Risks of AI in Schools Outweigh the Benefits, Report Says
  This month saw results from a yearlong global study of "potential negative risks that generative AI poses to student". The study (by the Brookings Institution's Center for Universal Education) also suggests how to prevent risks and maximize benefits:After interviews, focus groups, and consultations with over 500 students, teachers, parents, education leaders, and technologists across 50 countries, a close review of over 400 studies, and a Delphi panel, we find that at this point in its trajectory, the risks of utilizing generative AI in children's education overshadow its benefits. "At the top of Brookings' list of risks is the negative effect AI can have on children's cognitive growth," reports NPR — "how they learn new skills and perceive and solve problems."The report describes a kind of doom loop of AI dependence, where students increasingly off-load their own thinking onto the technology, leading to the kind of cognitive decline or atrophy more commonly associated with aging brains... As one student told the researchers, "It's easy. You don't need to (use) your brain." The report offers a surfeit of evidence to suggest that students who use generative AI are already seeing declines in content knowledge, critical thinking and even creativity. And this could have enormous consequences if these young people grow into adults without learning to think critically... Survey responses revealed deep concern that use of AI, particularly chatbots, "is undermining students' emotional well-being, including their ability to form relationships, recover from setbacks, and maintain mental health," the report says. One of the many problems with kids' overuse of AI is that the technology is inherently sycophantic — it has been designed to reinforce users' beliefs... Winthrop offers an example of a child interacting with a chatbot, "complaining about your parents and saying, 'They want me to wash the dishes — this is so annoying. I hate my parents.' The chatbot will likely say, 'You're right. You're misunderstood. I'm so sorry. I understand you.' Versus a friend who would say, 'Dude, I wash the dishes all the time in my house. I don't know what you're complaining about. That's normal.' That right there is the problem." AI did have some advantages, the article points out:The report says another benefit of AI is that it allows teachers to automate some tasks: "generating parent emails ... translating materials, creating worksheets, rubrics, quizzes, and lesson plans" — and more. The report cites multiple research studies that found important time-saving benefits for teachers, including one U.S. study that found that teachers who use AI save an average of nearly six hours a week and about six weeks over the course of a full school year... AI can also help make classrooms more accessible for students with a wide range of learning disabilities, including dyslexia. But "AI can massively increase existing divides" too, [warns Rebecca Winthrop, one of the report's authors and a senior fellow at Brookings]. That's because the free AI tools that are most accessible to students and schools can also be the least reliable and least factually accurate... "[T]his is the first time in ed-tech history that schools will have to pay more for more accurate information. And that really hurts schools without a lot of resources." The report calls for more research — and make several recommendations (including "holistic" learning and "AI tools that teach, not tell.") But this may be their most important recommendation. "Provide a clear vision for ethical AI use that centers human agency..." "We find that AI has the potential to benefit or hinder students, depending on how it is used."
  
  
  Read more of this story at Slashdot.
  

• Former Canonical Developer Advocate Warns Snap Store Isn't Safe After Slow Responses to Malware Reports
  An anonymous reader shared this article from the blog LinuxiacIn a blog post, Alan Pope, a longtime Ubuntu community figure and former Canonical employee who remains an active Snap publisher... [warns of] a persistent campaign of malicious snaps impersonating cryptocurrency wallet applications. These fake apps typically mimic well-known projects such as Exodus, Ledger Live, or Trust Wallet, prompting users to enter wallet recovery phrases, which are then transmitted to attackers, resulting in drained funds. The perpetrators had originally used similar-looking characters from other alphabets to mimic other app listings, then began uploading "revisions" to other innocuous-seeming (approved) apps that would transform their original listing into that of a fake crypto wallet app. But now they're re-registering expired domains to take over existing Snap Store accounts, which Pope calls "a significant escalation..."I worked for Canonical between 2011 and 2021 as an Engineering Manager, Community Manager, and Developer Advocate. I was a strong advocate for snap packages and the Snap Store. While I left the company nearly five years ago, I still maintain nearly 50 packages in the Snap Store, with thousands of users... Personally, I want the Snap Store to be successful, and for users to be confident that the packages they install are trustworthy and safe. Currently, that confidence isn't warranted, which is a problem for desktop Linux users who install snap packages. I report every bad snap I encounter, and I know other security professionals do the same — even though doing so results in no action for days sometimes... To be clear: none of this should be seen as an attack on the Snap Store, Canonical, or the engineers working on these problems. I'm raising awareness of an issue that exists, because I want it fixed... But pretending there isn't a problem helps nobody.
  
  
  Read more of this story at Slashdot.
  

• Build the skills you need for 2026
  Mix, match, and save 35% on learning that scales—now through January 27. *Offer ends Jan 27th SAVE NOW
  
  The post Build the skills you need for 2026 appeared first on Linux.com.
  

• Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship
  Sustaining a Core Part of the Linux Ecosystem The Linux Foundation has announced a second year of sponsorship for the ongoing maintenance of the Linux manual pages (man-pages) project, led by Alejandro (Alex) Colomar. This critical initiative is made possible through the continued support of Google, Hudson River Trading, and Meta, who have renewed their [0]
  
  The post Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two
  In Part One of this series, we examined how the SONiC control plane and the VPP data plane form a cohesive, software-defined routing stack through the Switch Abstraction Interface.` We outlined how SONiC’s Redis-based orchestration and VPP’s user-space packet engine come together to create a high-performance, open router architecture. In this second part, we’ll turn [0]
  
  The post Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One
  The networking industry is undergoing a fundamental architectural transformation, driven by the relentless demands of cloud-scale data centers and the rise of software-defined infrastructure. At the heart of this evolution is the principle of disaggregation: the systematic unbundling of components that were once tightly integrated within proprietary, monolithic systems.` This movement began with the separation [0]
  
  The post Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One appeared first on Linux.com.
  

• Kubernetes on Bare Metal for Maximum Performance
  When teams consider deploying Kubernetes, one of the first questions that arises is: where should it run? The default answer is often the public cloud, thanks to its flexibility and ease of use. However, a growing number of organizations are revisiting the advantages of running Kubernetes directly on bare metal servers. For workloads that demand [0]
  
  The post Kubernetes on Bare Metal for Maximum Performance appeared first on Linux.com.
  

• How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM
  This article was contributed by Vedrana Vidulin, Head of Responsible AI Unit at Intellias (LinkedIn). As AI becomes central to smart devices, embedded systems, and edge computing, the ability to run language models locally — without relying on the cloud — is essential. Whether its for reducing latency, improving data privacy, or enabling offline functionality, local AI [0]
  
  The post How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM appeared first on Linux.com.
  

• Automating Compliance Management with UTMStacks Open Source SIEM 8 XDR
  Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth. Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions [0]
  
  The post Automating Compliance Management with UTMStacks Open Source SIEM & XDR appeared first on Linux.com.
  

• A Simple Way to Install Talos Linux on Any Machine, with Any Provider
  Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence [0]
  
  The post A Simple Way to Install Talos Linux on Any Machine, with Any Provider appeared first on Linux.com.
  

• Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
  OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
  
  The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
  

• Project Tazama, A Project Hosted by LF Charities With Support From the Gates Foundation, Receives Digital Public Good Designation.
  Exciting news! The Tazama project is officially a Digital Public Good having met the criteria to be accepted to the Digital Public Goods Alliance ! Tazama is a groundbreaking open source software solution for real-time fraud prevention, and offers the first-ever open source platform dedicated to enhancing fraud management in digital payments. Historically, the financial [0]
  
  The post Project Tazama, A Project Hosted by LF Charities With Support From the Gates Foundation, Receives Digital Public Good Designation. appeared first on Linux.com.
  

Engadget"Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics"

• Outside Parties is the creepiest Playdate game yet, and I'm kind of obsessed
  Never underestimate the chilling powers of grainy grayscale imagery and ethereal whooshing sounds. target lookup page, which provides hints with varying degrees of specificity.) 
  
  All the while as you9re hunched over your Playdate, laser-focused on the screen to find targets that are buried in a sea of fuzz, unsettling audio transmissions are cutting in and out, disturbing images are flashing on-screen at random and a constant atmospheric whooshing is playing in your ear. The sound design of this game is seriously brilliant — it9s worth playing for that alone, not to mention all the other cool stuff. From the startup page to the menus where you9ll find bits of a background story, to the creepy clips of people wailing and ominously reciting numbers, the sounds of Outside Parties make for a truly immersive, disconcerting experience that I previously wouldn9t have thought possible on a Playdate. It9s really something special. 
  
  Outside Parties also comes with a screensaver that once again makes me yearn for the Playdate Stereo Dock. Pop on the Void Monitor, sit back, and enjoy the horrifying sights and sounds of the Outside. 
  
  
  
  
  This article originally appeared on Engadget at https://www.engadget.com/gaming/outside-parties-is-the-creepiest-playdate-game-yet-and-im-kind-of-obsessed-213142541.html?src=rss

• Microsoft releases second emergency Windows 11 update to fix Outlook crashes
  Microsoft issued another out-of-band update to fix a bug that caused Outlook to crash for Windows 11 users. This second emergency patch addresses issues seen with Outlook and files stored in the cloud following Microsoft9s January 2026 Windows security update.
  
  According to Microsoft, this update fixes a bug where some apps that "open or save files stored in cloud-backed locations" became unresponsive or displayed error messages. Some users also experienced Outlook crashing or not opening when PST files are stored in cloud-based options like OneDrive.
  
  This is the second time this year that Microsoft had to issue a last-minute fix for bugs related to its January security update. Last week, some Windows 11 devices couldn9t shut down or hibernate, while other devices running Windows 10 or 11 couldn9t log in through remote connections. For more context, Microsoft only issues out-of-band updates when there9s a serious issue that can9t wait until its regular update cycle. Fortunately, the latest out-of-band update is cumulative, so you only need to download and install this one to fix the issues seen with the January update.
  This article originally appeared on Engadget at https://www.engadget.com/computing/microsoft-releases-second-emergency-windows-11-update-to-fix-outlook-crashes-192012812.html?src=rss

• Apple reportedly plans to reveal its Gemini-powered Siri in February
  A new and improved Siri may finally make an appearance, but this time, it could be with a Google Gemini glow up. According to partnership with Google and offer demonstrations of the Gemini-powered capabilities.
  
  After this reveal, Gurman reported that the new Siri will make its way to iOS 26.4, which is also slated to enter beta testing in February before its public release in March or early April. Apple has been meaning to launch its next-gen Siri ever since its announcement at WWDC 2024, but now we know that this Gemini-powered Siri will behave more like an AI chatbot, similar to OpenAI9s ChatGPT, thanks to another Bloomberg report from last week. 
  
  Following the reported demo that9s scheduled for late February, Gurman said Apple will have a grand reveal of the new Siri, which is currently codenamed Campos, at its annual developer conference in the summer. After that, the latest Siri and the accompanying Gemini-powered Apple Intelligence features are expected to arrive with iOS 27, iPadOS 27 and macOS 27, which are expected to be available as beta releases in the summer.
  This article originally appeared on Engadget at https://www.engadget.com/ai/apple-reportedly-plans-to-reveal-its-gemini-powered-siri-in-february-174356923.html?src=rss

• Yoshi and Birdo arrive in new trailer for The Super Mario Galaxy Movie, along with an earlier release date
  
  There9s a new trailer for the upcoming Super Mario movie, The Super Mario Galaxy Movie, and it confirms some beloved characters are joining the crew for its latest adventure. The trailer provides our first official look at Yoshi in the new movie, whose appearance was leaked back in the fall by a Pillsbury cookie box design. And, just as exciting, we also see Birdo in the mix. The trailer was released during Nintendo9s The Super Mario Galaxy Movie Direct.
  
  The short event also confirmed that the movie is now in post-production. While a previous trailer set the release date at April 3, the movie is now scheduled to come out two days earlier, on April 1. The Super Mario Galaxy Movie stars Chris Pratt voicing Mario, Anya Taylor-Joy as Peach and Charlie Day as Luigi, along with Jack Black (Bowser), Keegan-Michael Key (Toad), Benny Safdie (Bowser Jr.), Kevin Michael Richardson (Kamek) and Brie Larson (Rosalina).
  
  
  This article originally appeared on Engadget at https://www.engadget.com/entertainment/tv-movies/yoshi-and-birdo-arrive-in-new-trailer-for-the-super-mario-galaxy-movie-along-with-an-earlier-release-date-154455021.html?src=rss

• Google says it's fixed the Gmail issue that led to flooded inboxes and increased spam warnings
  Your Gmail inbox should now be back to normal after Saturday’s hiccups. Google said in an update on X on Saturday night that the issue, which affected the automatic filters that keep Gmail users’ inboxes free from the clutter of promotional emails, non-urgent updates and spam, “is now fully resolved for all users.” On its Workspace status dashboard, it added that an investigation is underway, and an analysis will be published once complete.
  
  Gmail users on Saturday reported that their inboxes were flooded with promotional emails that had not been properly sorted out of the main tab, and some said they were seeing notices that emails had not been scanned for spam. On social media and DownDetector, some Gmail users also reported delays in receiving messages, leading to issues with two-factor authentication logins. After confirming the issue, Google noted in an update on its Workspace dashboard that the problem resulted in the "misclassification of emails in their inbox and additional spam warnings," including a banner that says, “Be careful with this message. Gmail hasn9t scanned this message for spam, unverified senders, or harmful software.”
  
  In a statement to Engadget, a Google spokesperson echoed the message from its dashboard, saying, "We are actively working to resolve the issue. As always, we encourage users to follow standard best practices when engaging with messages from unknown senders."
  
  Update, January 25 2026, 9:53AM ET: This story has been updated to reflect that the issue has been resolved.
  
  
  
  
  
  
  
  
  
  
  
  
  This article originally appeared on Engadget at https://www.engadget.com/apps/google-says-its-working-to-fix-gmail-issue-thats-led-to-flooded-inboxes-and-increased-spam-warnings-183358654.html?src=rss

• Report reveals that OpenAI's GPT-5.2 model cites Grokipedia
  OpenAI may have called GPT-5.2 its "most advanced frontier model for professional work," but tests conducted by the Grokipedia, the online encyclopedia powered by xAI, when it came to specific, but controversial topics related to Iran or the Holocaust.
  
  As seen in the Guardian9s report, ChatGPT used Grokipedia as a source for claims about the Iranian government being tied to telecommunications company MTN-Irancell and questions related to Richard Evans, a British historian who served as an expert witness during a libel trial for Holocaust denier David Irving. However, the Guardian noted ChatGPT didn9t use Grokipedia when it came to a prompt asking about media bias against Donald Trump and other controversial topics.
  
  OpenAI released the GPT-5.2 model in December to better perform at professional use, like creating spreadsheets or handling complex tasks. Grokipedia preceded GPT-5.29s release, but ran into some controversy when it was seen including citations to neo-Nazi forums. A study done by US researchers also showed that the AI-generated encyclopedia cited "questionable" and "problematic" sources.
  
  In response to the Guardian report, OpenAI told the outlet that its GPT-5.2 model searches the web for a "broad range of publicly available sources and viewpoints," but applies "safety filters to reduce the risk of surfacing links associated with high-severity harms."
  This article originally appeared on Engadget at https://www.engadget.com/ai/report-reveals-that-openais-gpt-52-model-cites-grokipedia-192532977.html?src=rss

• US Congress members call for 'thorough review' of EA's $55 billion sale
  Before Electronic Arts goes private in a groundbreaking sale, some US lawmakers are pleading for some federal oversight. Democratic members of the US Congress, as part of the Congressional Labor Caucus, penned a letter asking the Federal Trade Commission to "thoroughly review" the $55 billion acquisition of EA.
  
  EA confirmed the sale to the Public Investment Fund, or the sovereign wealth fund of Saudi Arabia, Silver Lake and Affinity Partners in September, but the deal is expected to close in the first quarter of 2027. Before the official change of ownership, the 46 House Democrats who signed the letter to the FTC are calling for more scrutiny into the impacts of the deal. 
  
  The letter noted some of the most consequential effects, including the worsening of an unstable industry, the potential for more layoffs and increased market dominance for EA. "We respectfully urge the Commission to conduct a thorough investigation into the labor market consequences of this proposed acquisition, including EA’s existing wage-setting power, the likelihood of post-transaction layoffs, the degree of labor-market concentration in relevant geographic and occupational markets, and the role of cross-ownership in shaping labor outcomes," the letter read.
  
  The letter already earned support from the Communications Workers of America union, who also supported a petition from the United Video Games union. As spotted by Eurogamer, the petition calls on regulators and elected officials to "scrutinize this deal and ensure that any path forward protects jobs and preserves creative freedom."
  This article originally appeared on Engadget at https://www.engadget.com/gaming/us-congress-members-call-for-thorough-review-of-eas-55-billion-sale-175851429.html?src=rss

• NTSB will investigate why Waymo's robotaxis are illegally passing school buses
  Waymo has caught the attention of the National Transportation Safety Board as the federal agency launched an official investigation into the company for its robotaxis improperly passing school buses in Austin, Texas. The NTSB said on X that it would "examine the interaction between Waymo vehicles and school buses stopped for loading and unloading students."
  
  The latest federal probe stems from a preliminary evaluation by the National Highway Traffic Safety Administration that looked into how Waymo reacts to stopped school buses in the Texas city. That report led to Waymo9s voluntary software recall in December. However, the school district said in a memo that the robotaxis were seen repeating the same offense days after the software update.
  
  As for the NTSB investigation, an agency spokesperson told the multiple news outlets that "there have been no collisions in the events in question, and we are confident that our safety performance around school buses is superior to human drivers," adding that the investigation will be "an opportunity to provide the NTSB with transparent insights into our safety-first approach."
  This article originally appeared on Engadget at https://www.engadget.com/transportation/ntsb-will-investigate-why-waymos-robotaxis-are-illegally-passing-school-buses-160943613.html?src=rss

• How to use Google Photos' new Me Meme feature
  Google has started rolling out a new feature for its Photos app that can turn your images into memes. The feature, called Me Meme, uses Google Gemini to take meme templates and recreate them with the photo you use from within the app. It’s still in its experimental stages and will only be available for users in the US in the English language. In addition, it seems to be rolling out for Android users only at the moment, and Google warns that the generated images may not match the original photo at times. If you do get access to the feature soon, check out the instructions below on how to use it.
  
  Open your Photos app. Go to the Create tab at the bottom and find the Me Meme option. If it’s not showing up even though you’re an Android user in the US, you’ll have to wait for it as it continues rolling out. Google told https://t.co/7P2JgJhoBk https://t.co/E60prcqcie pic.twitter.com/sFICxzVIPU
  — AssembleDebug (Shiv) (@AssembleDebug) January 23, 2026
  
  This article originally appeared on Engadget at https://www.engadget.com/ai/how-to-use-google-photos-new-me-meme-feature-140000157.html?src=rss

• How to use Workout Buddy with Apple Watch and iOS 26
  Apple’s iOS 26 and watchOS 26 introduced a new fitness companion called Workout Buddy. This feature uses Apple Intelligence to provide spoken feedback during workouts and give motivation based on your activity history. Workout Buddy analyzes your pace, heart rate, distance and other metrics to deliver real-time encouragement and performance insights directly through connected Bluetooth headphones. It works in conjunction with the Workout app on Apple Watch and is partially controlled through the Fitness app on iPhone. This guide walks you through everything needed to set up and use Workout Buddy effectively during workouts.
  What Workout Buddy does
  It’s important to note that Workout Buddy is not a full coaching program. Instead, it adds to your workout with spoken cues that reflect how your session is going. Workout Buddy can remind you of your weekly activity totals, alert you to personal bests or performance milestones and provide an overview when you’re finished. It is designed to feel like a supportive training partner rather than a strict coach.
  
  The feature operates in English by default and uses a text-to-speech model trained on voices from Apple Fitness+ trainers. It is available for a subset of workout types, including running, walking, cycling, high-intensity interval training (HIIT) and strength training. It requires on-device Apple Intelligence, which means you’ll need to keep one of the latest iPhones running updated software nearby during workouts. 
  
  Supported models include iPhone 15 Pro, iPhone 15 Pro Max and any iPhone 16 model. You’ll also need an Apple Watch running watchOS 26.  
  Requirements before you begin
  Before Workout Buddy appears in your Fitness app or Workout app you must ensure a few things are in place. First, your Apple Watch must be running watchOS 26 or later and paired to an iPhone with iOS 26 installed. Second, your iPhone must be capable of on-device Apple Intelligence, meaning you must own one of the supported iPhone models we mentioned above and have Apple Intelligence enabled in the phone’s settings.
  
  You’ll also need Bluetooth headphones paired with either your iPhone or your Apple Watch. Workout Buddy’s audio feedback cannot play through the watch speaker so headphones are essential. Lastly, your device language must be set to English, at least initially. If any of these things are missing, the option to enable Workout Buddy may not appear.
  How to turn on Workout Buddy from iPhone
  While much of the interaction with Workout Buddy happens on Apple Watch during workouts, you can enable it and choose voice options from the Fitness app on iPhone.
  
  Open the Fitness app on your iPhone and tap the Workout tab at the bottom. Scroll through the list of workout types until you find one you plan to use with Workout Buddy. Tap the waveform bubble icon associated with that workout. This will bring up settings where you can turn on Workout Buddy. Flip the toggle to enable it and choose a voice from the available options. Once you have selected a voice, close that screen and your choice is saved. When you start this workout type on Apple Watch, Workout Buddy will activate.
  
  Enabling Workout Buddy for a workout type on iPhone means you do not need to toggle it on separately on Apple Watch each time for that specific workout. However, you may still adjust it from the watch interface for more granular control.
  How to turn on Workout Buddy on Apple Watch
  To use Workout Buddy during a session, open the Workout app on your Apple Watch. Turn the Digital Crown to scroll through and select the workout you want to do, such as Outdoor Run, Outdoor Walk, Outdoor Cycle, HIIT or Strength Training. If you want to see all available workouts, tap the Add button at the bottom.
  
  Once the workout type is selected, look for the Alerts button on screen. Tap Alerts then scroll until you see Workout Buddy. Tap Workout Buddy and flip the switch to on. You will then be asked to choose a voice if one is not already selected on your iPhone. After selecting the voice, return to the previous screen and tap Start. Workout Buddy will begin working as soon as the workout does.
  Using Workout Buddy during a workout
  Once you start an exercise on your Watch or iPhone, Workout Buddy will speak to you through your connected headphones. The feedback is designed to be encouraging and relevant to your pace, performance or milestones. It may mention your current progress toward activity goals, pace, splits, personal bests or other highlights from your fitness data. At the end of your session Workout Buddy will offer a summary of key metrics like duration distance and calorie burn.
  
  While a workout is active, you can temporarily mute the audio if you need silence. On Apple Watch during the session, swipe right to reveal controls then tap Mute. This pauses Workout Buddy’s spoken commentary without disabling the feature entirely.
  Customizing and managing Workout Buddy settings
  Workout Buddy is enabled on a per-workout-type basis. If you prefer voice feedback for running but silence for strength training, you can enable it for one and leave it off for the other. The Fitness app on iPhone allows you to set a default voice preference for each workout type. On Apple Watch you can quickly toggle the feature on or off before starting a session.
  
  If Workout Buddy does not appear as an option for a particular workout type, you may need to check compatibility. Apple’s documentation indicates that only certain types* are supported initially and that the option will not appear for unsupported workouts.
  *Apple Watch SE (2nd generation), Apple Watch SE 3, Apple Watch Series 6, Apple Watch Series 7, Apple Watch Series 8, Apple Watch Series 9, Apple Watch Series 10, Apple Watch Series 11, Apple Watch Ultra, Apple Watch Ultra 2, Apple Watch Ultra 3
  Troubleshooting common issues
  If Workout Buddy fails to activate make sure your devices meet the requirements outlined above. Confirm that your iPhone with Apple Intelligence is nearby and that Bluetooth headphones are connected. If audio feedback is missing, ensure headphones are paired correctly and that the language is set to English. Some users have reported that if the headphones are paired only to the Watch rather than the iPhone, it can interfere with feedback. Switching to the iPhone often resolves that issue.
  
  For workout types where Workout Buddy previously worked but suddenly does not appear, you may try toggling the feature off and on again in the Fitness app or rebooting both devices. In rare cases removing and re-adding the workout type on Apple Watch can refresh the settings.
  This article originally appeared on Engadget at https://www.engadget.com/wearables/how-to-use-workout-buddy-with-apple-watch-and-ios-26-130000922.html?src=rss

• EU OS: A Bold Step Toward Digital Sovereignty for Europe
  Image
  A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
  What Is EU OS?
  EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
  
  Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
  The Vision Behind EU OS
  The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
  
  Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
  
  However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
  Conclusion
  EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
  
  Source: It's FOSS
  European Union

• Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
  
  In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
  
  On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
  
  Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
  
  The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
  
  Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
  
  You can download the latest kernel here.
  Linus Torvalds kernel

• AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
  Image
  AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
  
  This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
  
  Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
  
  Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
  
  Source: 9to5Linux
  AerynOS

• Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
  Image
  Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
  
  Here’s a quick overview of what’s new in Xojo 2025r1:
  1. Linux ARM IDE Support
  Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
  2. Web Drag and Drop
  One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
  3. Direct App Store Publishing
  Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
  4. New Desktop and Mobile Features
  This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
  5. Performance and IDE Enhancements
  Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
  What Does This Mean for Developers?
  Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
  How to Get Started
  Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
  
  Download Xojo 2025r1 today at xojo.com.
  Final Thoughts
  With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
  Xojo ARM

• New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
  
  Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
  
  Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
  
  Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest. 
  
  Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
  
  Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
  
  Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
  
  By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
  Windows

• Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
  
  The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally. 
  
  As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
  
  In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions. 
  
  After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
  
  The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
  
  At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
  
  The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
  Security

• Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
  
  The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
  
  A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
  
  This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem. 
  
  The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
  
  On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
  
  In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
  kernel

• Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
  
  Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
  
  The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
  
  Here is what Linus Torvalds had to say in today's announcement:
  Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds

• Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
  
  Want to interact with ChatGPT from your Linux desktop without using a web browser?
  
  Bavarder, a new app, allows you to do just that.
  
  Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
  
  With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
  
  During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
  
  At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
  
  As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
  
  Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
  ChatGPT AI

• LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
  
  Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
  
  Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
  
  LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
  
  You can download LibreOffice 7.5.3 directly from the LibreOffice website��or from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
  
  All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
  
  In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
  
  Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
  
  The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
  LibreOffice