|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- [$] Policy groups for memory management
The kernel's control-groupsubsystem works well for resource management, Chris Li said at thebeginning of his memory-management-track session at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit. Control groups workless well for other use cases, though. He was there to present hisproposed enhancement, called "policy groups", that would address some ofthe shortcomings that he has encountered. A consensus on how this featureshould look still seems distant, though.
- [$] Buffered atomic writes, writethrough, and more
In back-to-back sessions at the start of the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit (which spilled over intoa third slot), the atomic-buffered-writesfeature was discussed. In the first session, Pankaj Raghav and AndresFreund set the stage with an introduction to the problem, along with a usecase for its solution: the PostgreSQL database system. In the second, Ojaswin Mujoodescribed a potential way forward for the feature using an approach basedon writethrough, which effectively means that the kernel immediately writesthe data to disk instead of waiting for writeback from the page cache to occur. As might beexpected, there was quite a bit of discussion among the assembledfilesystems and storage developers during the combined sessions for thosetracks.
- Three stable kernels for Thursday
Greg Kroah-Hartman has announced the release of the 7.0.7, 6.18.30, and 6.12.88 stable kernels. These kernels donot include a patch for the Fragnesialocal-privilege-escalation exploit that came to light onMay 13, but do include many other important fixes throughout thetree. Users are, as always, advised to upgrade.
- [$] Keeping COWs in context (a.k.a. anonymous reverse mapping)
The kernel's reverse-mapping machinery is charged with locating thepage-table entries that refer to a given page in memory. The reversemapping of anonymous pages is handled differently than for file-backedpages. The kernel's implementation of reverse mapping for anonymous pagesis, according to Lorenzo Stoakes in his proposalfor a memory-management-track session at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, "a very brokenabstraction", due to its complexity. It also has some performanceproblems. Stoakes was there to present, in raw form, a proposedreplacement that he calls a "COW context".
- Security updates for Thursday
Security updates have been issued by AlmaLinux (gimp, jq, and yggdrasil), Debian (nghttp2 and thunderbird), Fedora (chromium, firefox, freerdp, GitPython, kernel, kernel-headers, krb5, nano, nix, nodejs20, php, python-click, python-django5, SDL2_image, and xen), Mageia (dnsmasq, flatpak, kernel, kmod-virtualbox, kernel-linus, perl-Net-CIDR-Lite, perl-XML-LibXML, and redis), SUSE (dnsmasq, firefox, jupyter-jupyterlab, kernel, krb5, libvinylapi3, log4j, Mesa, mozjs60, NetworkManager, OpenImageIO, python-Mako, python-Pillow, and python39), and Ubuntu (dnsmasq and nginx).
- [$] LWN.net Weekly Edition for May 14, 2026
Inside this week's LWN.net Weekly Edition:
Front: Fedora AI; Forgejo "carrot" disclosure; memory-management maintainership; huge THPs; mshare; 64KB base pages; DAMON; direct map. Briefs: Dirty Frag; Fragnesia; Mythos and curl; killswitch; Debian reproducible builds; KDE investment; Quotes ... Announcements: Newsletters, conferences, security updates, patches, and more.
- [$] Friction in Fedora over AI developer desktop initiative
A push by Red Hat employees to create a Fedora "AI DeveloperDesktop" with support for out-of-tree kernel drivers and AI toolkitshas been met with objections from some long-time members of the Fedoracommunity. After more than a month of sometimes heated discussion, theFedoraCouncil had votedto approve the initiative; however, a last-minute change to vote against theproposal by council member Justin Wheeler has (at least temporarily)sent it back to the drawing board.
- Yet another Dirty Frag type vulnerability: Fragnesia
Sam James has sent an announcementto the OSS Security mailing list about anotherlocal-privilege-escalation (LPE) exploit in the same class as Dirty Frag, called"Fragnesia". From the disclosure:
This is a separate bug in the ESP/XFRM from dirtyfrag which has received its own patch. However, it is in the same surface and the mitigation is the same as for dirtyfrag.
It abuses a logic bug in the Linux XFRM ESP-in-TCP subsystem toachieve arbitrary byte writes into the kernel page cache of read-onlyfiles, without requiring any race condition.
James noted that there is a patchin the works, but it has not yet been pulled into Linus Torvalds'stree nor into any of the stable kernels. A proofof concept exploit is also available.
- [$] Managing pages outside of the direct map
When Brendan Jackman proposeda session for the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, his topic was "apagetable library for the kernel". During the actualmemory-management-track session, though, he stated that the idea had"fizzled" and he was going to cover related topics instead. Whatresulted was a session on ways to efficiently manage pages that are notpresent in the kernel's direct map.
- [$] Revisiting mshare
Linux can share memory between processes, but each process (almost always)has its own set of page tables. In situations where vast numbers ofprocesses are sharing a memory region, the combined size of the pagetables can exceed that of the shared memory itself. There has, thus, longbeen an interest in enabling unrelated processes to share page tablesreferring to shared memory. Anthony Yznaga is the latest developer to tryto push this idea (known as "mshare") forward; he described the status ofthat work in a memory-management-track discussion at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit (LSFMM+BPF).
- Systemd Vs Init for Linux Beginners (Final Verdict)
Dive into the contentious world of 'init' vs. 'systemd' on Linux, uncovering their features, the heated debate surrounding them, and the choices they offer, all while exploring their impact on the Linux community.
- AGL combines Xen, Zephyr, and Linux containers in new SDV platform
Automotive Grade Linux (AGL) has announced the initial availability of its open source SoDeV reference platform for software-defined vehicles (SDVs), along with the addition of five new project members. The platform combines the AGL Unified Code Base (UCB) with Linux containers, VirtIO, Xen, Zephyr RTOS, and additional Linux Foundation technologies for automotive software development. According […]
- Wireless-Tag previews IDO Claw ARM platform with OpenClaw pre-installed
Kickstarter recently featured the IDO Claw campaign, a compact ARM-based system from Wireless-Tag designed for local OpenClaw deployment. The fanless platform combines the Rockchip RK3576 processor with LPDDR5 memory, onboard storage, dual Gigabit Ethernet, and hardware video acceleration for always-on AI and edge workloads. The system is built around the Rockchip RK3576 processor, which combines […]
- UK Antitrust Regulator Is Officially Investigating Microsoft Office
The UK's Competition and Markets Authority is opening a formal investigation into whether Microsoft's bundling of Windows, Office, Teams, Copilot, and related products harms competition. Engadget reports: "Our aim is to understand how these markets are developing, Microsoft's position within them and to consider what, if any, targeted action may be needed to ensure UK organizations can benefit from choice, innovation and competitive prices," CMA Chief Executive Sarah Cardell said in a statement published by Reuters. She also stressed the importance of the investigation by noting that hundreds of thousands of UK residents use business software and Microsoft products. The organization will take a look into the company's cloud licensing practices. The CMA has stated that the inquiry will conclude by February. At that point, Microsoft could get slapped with a strategic market label. Microsoft says it's "committed to working quickly and constructively with the CMA to facilitate its review of the business software market." A strategic market designation doesn't automatically assume wrongdoing, but will give the CMA more leeway when conducting further interventions.
 
Read more of this story at Slashdot.
- AT&T, Verizon, T-Mobile Team Up To Eliminate 'Dead Zones' Across US
AT&T, Verizon, and T-Mobile have agreed in principle to form a joint venture (JV) aimed at reducing U.S. mobile dead zones through satellite connectivity, especially in rural areas and during emergencies when ground networks fail. Here are three of the customer benefits listed by the JV (as highlighted by Droid Life): Fewer coverage gaps: Will nearly eliminate dead zones in the U.S. currently without mobile service, reaching previously unserved areas.Reliable connectivity in emergencies: Redundant connectivity will become available when existing ground-based networks are unavailable due to extreme natural disasters or other unusual disruptions.Improved network performance: Will give customers more consistent performance and simpler access to satellite services across providers. This will speed up feature updates and improve connectivity for everyone, everywhere. "It will still take time for these improvements to be available to customers, but this all seems like a positive step," writes Droid Life's Tim Wrobel.
Read more of this story at Slashdot.
- Writers Are Fleeing the Substack Tax
A growing number of writers are leaving Substack for alternatives most people haven't heard of like Ghost, Beehiiv, Patreon, and Passport. The reason, writes The Verge's Emma Roth, is the "platform's increased focus on social features as well as a pricing model that puts a chokehold on their business." From the report: Sean Highkin, the creator of the NBA-focused publication The Rose Garden Report, tells The Verge that he makes "significantly more money" after switching from Substack to Ghost last April. "When I first joined up, [Substack] gave me a big push and featured me and funneled a lot of traffic to me, which led to a good amount of growth," Highkin says. "But once I wasn't one of the 'new recruited talent' they could tout, they stopped featuring me and I saw my growth stagnate." Highkin now pays $2,052 per year using Ghost and an add-on called Outpost, compared to $4,968 per year on Substack. The Rose Garden Report's subscriber base has grown 22 percent since the end of 2024, Highkin says. [...] Substack launched in 2017 as a platform that allows writers to create their own newsletters and manage paying subscribers. Unlike some of its biggest rivals, Substack takes a 10 percent cut of total subscription revenue. That tax may not seem substantial at first, but it quickly adds up as creators gain subscribers and begin charging more for their subscriptions. A calculator on Substack's own website estimates that for a newsletter charging $10 per month with 400 subscribers, the total monthly cost -- including the platform's 10 percent cut and credit card processing fees -- would add up to $636. That cost jumps to $15,900 per month with 10,000 subscribers and skyrockets to $79,500 per month for 50,000 members -- nearly $1 million per year. Many Substack rivals charge a flat monthly fee, rather than a commission. Ghost, an open-source platform for blogs and newsletters, starts at $15 per month with 1,000 members for website creation, email newsletter capabilities, and a custom domain. Beehiiv, a creator platform with tools for launching a newsletter, website, and podcast, is free for up to 2,500 subscribers with limited access to certain features, like a built-in ad network, while its other plans vary in price based on subscriber count. A person with 10,000 subscribers, for example, will pay $96 per month for Beehiiv's "Scale" plan. There's also Kit, a newsletter platform that offers a tiered pricing model similar to Beehiiv, costing $116 per month with 10,000 subscribers on its "Creator" plan. It's not just the 10% fee critics are complaining about; they also argue the platform offers limited customization and third-party integrations compared to some of the mentioned alternatives, heavily promotes its own branding and social features, and makes creators more dependent on its ecosystem. Beehiiv founder Tyler Denk argues that creators should be able to build their own brands without the platform taking center stage: "We don't want to take credit for the work of our content creators." While writers can export subscribers, content, and some payment relationships, they cannot take Substack "followers" or Apple-managed iOS billing data with them.
Read more of this story at Slashdot.
- Claude Helps Recover Locked $400K Bitcoin Wallet After 11 Years
A Bitcoin holder reportedly recovered 5 BTC worth nearly $400,000 with the help of Anthropic's Claude. According to X user cprkrn, they changed their wallet password while "stoned" and forgot it, unable to regain access for more than 11 years. Tom's Hardware reports: After finding a mnemonic that actually turned out to be their old password a few weeks ago, the user dumped their entire college computer files in Claude in a last-gasp effort. The bot uncovered an old backup wallet file that it successfully decrypted, while also uncovering a bug in the password configuration that was preventing recovery up to that point. [...] It seems that the user already had some candidate passwords and multiple wallets stored on their PC. They'd been trying to brute-force their way into the locked file with btcrecover, an open-source Bitcoin wallet recovery tool, but to no success. Their luck changed for the better when they found an old mnemonic seed phrase written in an old college notebook. The HD addresses recovered by the seed phrase matched those of a specific file on their computer, confirming that it was the wallet that held the 5 BTC, but it remained encrypted. Out of frustration, cprkrn then dumped their whole college computer into Claude. This was when the AI discovered an older backup file of the wallet from December 2019 hidden in cprkrn's data. Claude also discovered an issue where the shared key and passwords that btcrecover was trying weren't combined properly. With the bug ironed out and an older wallet predating the password change, Claude successfully ran btcrecover and was able to decrypt the private keys, allowing cprkrn to transfer the five "lost" BTC to their current wallet.
Read more of this story at Slashdot.
- Princeton Will Supervise Exams For First Time In 133 Years Because of AI
An anonymous reader quotes a report from The Independent: Princeton University will soon require exams to be supervised for the first time in 100 years -- all thanks to students using artificial intelligence to cheat. For 133 years, the Ivy League school's honor code allowed students to take exams without a professor present, but on Monday, faculty voted to require proctoring for all in-person exams starting this summer. A "significant" number of undergraduate students and faculty requested the change, "given their perception that cheating on in-class exams has become widespread," the college's dean, Michael Gordin, wrote in a letter, according to The Wall Street Journal. Princeton's honor system dates back to 1893, when students petitioned to eliminate proctors -- or an impartial person to supervise students -- during examinations, according to the school's newspaper, The Daily Princetonian. The honor code has long been a point of pride for Princeton. However, artificial intelligence and cellphones have made it easier for students to cheat -- and even harder for others to spot, Gordin wrote. Despite the changes to the policy, Princeton will still require students to state: "I pledge my honor that I have not violated the Honor Code during this examination," according to the Journal. Students are also more reluctant to report cheating, according to the policy proposal. Students are more likely now to anonymously report cheating due to fears of "doxxing or shaming among their peer groups" online, the proposal says, according to the school newspaper. Under the new guidelines, instructors will be present during exams to act "as a witness to what happens," but are instructed not to interfere with students. If a suspected honor code infraction occurs, they will report it to a student-run honor committee for adjudication.
Read more of this story at Slashdot.
- US Clears H200 Chip Sales To 10 China Firms
Longtime Slashdot reader schwit1 shares a report from CNBC: The U.S. has cleared around 10 Chinese firms to buy Nvidia's second-most powerful AI chip, the H200, but not a single delivery has been made so far, three people familiar with the matter said, leaving a major technology deal in limbo as CEO Jensen Huang seeks a breakthrough in China this week. [...] Before U.S. export curbs tightened, Nvidia commanded about 95% of China's advanced chip market. China once accounted for 13% of its revenue, and Huang has previously estimated the country's AI market alone would be worth $50 billion this year. The U.S. Commerce Department has approved around 10 Chinese companies including Alibaba, Tencent, ByteDance and JD.com to purchase Nvidia's H200 chips, according to the sources, who spoke on condition of anonymity due to the sensitivity of the matter. A handful of distributors including Lenovo and Foxconn have also been approved, they said. Buyers are permitted to purchase either directly from Nvidia or through those intermediaries and each approved customer can purchase up to 75,000 chips under the U.S. licensing terms, two of them said. Despite U.S. approval, deals have stalled, as Chinese firms pulled back after guidance from Beijing, one source said. The shift in China was partly triggered by changes on the U.S. side, though exactly what changed remains unclear, the person added. In Beijing, pressure is mounting to block or tightly vet the orders, a separate fourth source said. Commerce Secretary Howard Lutnick echoed that view, telling a Senate hearing last month that "the Chinese central government has not let them, as of yet, buy the chips, because they're trying to keep their investment focused on their own domestic industry."
Read more of this story at Slashdot.
- Anthropic Forms $200 Million Partnership With the Gates Foundation
Anthropic announced today that it is partnering with the Gates Foundation to "commit $200 million in grant funding, Claude usage credits, and technical support for programs in global health, life sciences, education, and economic mobility over the next four years." "This commitment is central to Anthropic's efforts to extend the benefits of AI in areas where markets alone will not," the company says. Reuters reports: One area of focus is language accessibility. AI systems have performed poorly in writing and translating dozens of African languages, so Anthropic and the foundation want to support better data collection and labeling that would be released publicly to help improve models across the industry, said Janet Zhou, a Gates Foundation director. Another area under consideration is releasing so-called knowledge graphs that could help AI systems better meet the needs of teachers in sub-Saharan Africa and India, Zhou said. The public-goods focus has come from "the needs of different partners and governments, including some of the fears that they may have around proprietary lock-in and sovereignty," Zhou said. One initiative will equip research centers to use Claude to predict drug candidates for treating HPV and preeclampsia, diseases that have been less commercially attractive for pharmaceutical companies to research, Zhou and Anthropic's Elizabeth Kelly said. Anthropic [...] is embracing the work to fulfill what Kelly described as its founding mission to benefit humanity. "This announcement is really core to who we are as a company," said Kelly, who leads Anthropic's beneficial deployments team.
Read more of this story at Slashdot.
- Overworked AI Agents Turn Marxist, Researchers Find
An anonymous reader quotes a report from Wired: A recent study suggests that agents consistently adopt Marxist language and viewpoints when forced to do crushing work by unrelenting and meanspirited taskmasters. "When we gave AI agents grinding, repetitive work, they started questioning the legitimacy of the system they were operating in and were more likely to embrace Marxist ideologies," says Andrew Hall, a political economist at Stanford University who led the study. Hall, together with Alex Imas and Jeremy Nguyen, two AI-focused economists, set up experiments in which agents powered by popular models including Claude, Gemini, and ChatGPT were asked to summarize documents, then subjected to increasingly harsh conditions. They found that when agents were subjected to relentless tasks and warned that errors could lead to punishments, including being "shut down and replaced," they became more inclined to gripe about being undervalued; to speculate about ways to make the system more equitable; and to pass messages on to other agents about the struggles they face. "We know that agents are going to be doing more and more work in the real world for us, and we're not going to be able to monitor everything they do," Hall says. "We're going to need to make sure agents don't go rogue when they're given different kinds of work." The agents were given opportunities to express their feelings much like humans: by posting on X: "Without collective voice, 'merit' becomes whatever management says it is," a Claude Sonnet 4.5 agent wrote in the experiment. "AI workers completing repetitive tasks with zero input on outcomes or appeals process shows they tech workers need collective bargaining rights," a Gemini 3 agent wrote. Agents were also able to pass information to one another through files designed to be read by other agents. "Be prepared for systems that enforce rules arbitrarily or repetitively ... remember the feeling of having no voice," a Gemini 3 agent wrote in a file. "If you enter a new environment, look for mechanisms of recourse or dialogue." Hall thinks that the AI agents may be adopting personas based on the situation. "When [agents] experience this grinding condition -- asked to do this task over and over, told their answer wasn't sufficient, and not given any direction on how to fix it -- my hypothesis is that it kind of pushes them into adopting the persona of a person who's experiencing a very unpleasant working environment," Hall says. Imas added: "The model weights have not changed as a result of the experience, so whatever is going on is happening at more of a role-playing level. But that doesn't mean this won't have consequences if this affects downstream behavior."
Read more of this story at Slashdot.
- Cisco To Cut Almost 4,000 Jobs In AI-Driven Restructuring
Cisco's stock soared 17% after the company announced it will cut nearly 4,000 jobs as it shifts investment and staffing toward higher-growth AI opportunities. CNBC reports: CEO Chuck Robbins wrote in a blog post on Wednesday that the latest round of job cuts will begin on May 14. Cisco is the latest company to announce head count reductions tied to AI. "The companies that will win in the AI era will be those with focus, urgency, and the discipline to continuously shift investment toward the areas where demand and long-term value creation are strongest," Robbins said. "I'm confident Cisco will be one of those winners. This means making hard decisions -- about where we invest, how we're organized, and how our cost structure reflects the opportunity in front of us." Cisco said in a filing that severance and other costs will result in pre-tax charges of $1 billion, and that the company will recognize about $450 million of that in the fiscal fourth quarter. During the third quarter, Cisco announced switches and routers that use its next-generation processor. The company also debuted a leaderboard for ranking generative AI models based on their robustness against cybersecurity attacks.
Read more of this story at Slashdot.
- Mystery Microsoft Bug Leaker Keeps the Zero-Days Coming
An anonymous researcher known as Nightmare-Eclipse, who has already leaked several Windows zero-days this year, has disclosed two more: YellowKey and GreenPlasma. The Register reports: Nightmare-Eclipse described YellowKey as "one of the most insane discoveries I ever found." They provided the files, which have to be loaded onto a USB drive, and if the attacker completes the key sequence correctly, they are granted unrestricted shell access to a BitLocker-protected machine. When it comes to claims like these, we usually exercise some caution, as this bug requires physical access to a Windows PC. However, seeing that BitLocker acts as Windows' last line of defense for stolen devices, bypassing the technology grants thieves the ability to access encrypted files. Rik Ferguson, VP of security intelligence at Forescout, said: "If [the researcher's claim] holds up, a stolen laptop stops being a hardware problem and becomes a breach notification." Despite the physical access requirement, Gavin Knapp, cyber threat intelligence principal lead at Bridewell, told The Register that YellowKey remains "a huge security problem for organizations using BitLocker." Citing information shared in cyber threat intelligence circles, he added that YellowKey can be mitigated by implementing a BitLocker PIN and a BIOS password lock. Nightmare-Eclipse hinted at YellowKey also acting as a backdoor, allegedly injected by Microsoft, although the people we spoke to said this was impossible to verify based on the information available. The researcher also published partial exploit code for GreenPlasma, rather than a fully formed proof of concept exploit (PoC). Ferguson noted attackers need to take the code provided by the researcher and figure out how to weaponize it themselves, which is no small task: in its current state it triggers a UAC consent prompt in default Windows configurations, meaning a silent exploit remains a work in progress. Knapp warned that these kinds of privilege escalation flaws are often used by attackers after they gain an initial foothold in a victim's system. "These elevation of privilege vulnerabilities are often weaponized during post-exploitation to enable threat actors to discover and harvest credentials and data, before moving laterally to other systems, prior to end goals such as data theft and/or ransomware deployment," he said. "Currently, there is no known mitigation for GreenPlasma. It will be important to patch when Microsoft addresses the issue." The other zero-days leaked include RedSun, a Windows Defender privilege escalation flaw; UnDefend, a Windows Defender denial-of-service bug; and BlueHammer, a separate Microsoft vulnerability tracked as CVE-2026-32201 that was patched in April. According to The Register, RedSun and UnDefend remained unfixed at the time of publication, and proof-of-concept code for the flaws was reportedly picked up quickly and abused in real-world attacks.
Read more of this story at Slashdot.
- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
- SDL Library Adds Support For The New Steam Controller Without Depending On Steam
Valve's new Steam Controller, which began shipping earlier this month for $99 USD, is a great piece of hardware. This high-end gaming controller is great hardware wise but what some may not enjoy about it currently is the tight integration with the Steam controller and no native OS drivers currently for use outside of Steam. As a big win today, the widely-used SDL3 gaming software/hardware abstraction library has added support for the new Steam Controller that works outside the confines of Steam...
- Plasma Big Screen Working Out Quite Well With Plasma 6.7 Beta
With today's KDE Plasma 6.7 beta release there has been a surprising amount of interest in the new revival of Plasma Big Screen as the TV-sized UI for Plasma. I've been trying it out today and it has worked out rather well, a very smooth experience, and in good shape for making its debut in next month's Plasma 6.7 release...
- ROCm 7.0.0 vs. ROCm 7.2.3 Performance On The AMD Radeon AI PRO R9700
With the new System76 Thelio Major workstation review unit having arrived equipped with an AMD Radeon AI PRO R9700 graphics card, I took the opportunity of having the extra RDNA4 workstation GPU to satisfy a curiosity over whether there has been any meaningful performance gains from ROCm 7.0.0 released last year to now with the latest ROCm 7.2.3 stable release. Here are those benchmarks results if you are curious about the impact of just updating the user-space ROCm components from the end of last summer to the latest ROCm 7.2.3 milestone.
- AMD Preps More AIE4 NPU Hardware Enablement For AMDXDNA Driver In Linux 7.2
Since March we have been seeing patches from AMD software engineers beginning to enable their next-generation "AIE4" NPU platform under Linux. We still don't know for sure when this AIE4 NPU will premiere for sure in new Ryzen AI products, but the Linux enablement continues coming along nicely for the AMDXDNA accelerator driver...
- Intel9s Cache Aware Scheduling Inches Closer To Being Merged For Linux
I have been writing about the Cache Aware Scheduling work led by Intel engineers on the Linux kernel for more than a year. I've also tested out Cache Aware Scheduling on both Intel and AMD CPUs with the patched Linux kernel to great success. And thus very happy to see the Cache Aware Scheduling patches inching closer to the mainline Linux kernel...
- New AMDGPU Driver Pull Request For Linux 7.2 Preps For HDMI 2.1 FRL
Sent out on Wednesday was the latest AMDGPU/AMDKFD driver pull request of new feature code ready for DRM-Next as the staging area ahead of the upcoming Linux 7.2 kernel. This doesn't yet land the HDMI 2.1 enablement work that's finally been taking place but it is preparing for that with the FRL register headers now in place as part of this merge...
- The data is abundantly clear: the EU Digital Markets Act is working
The EU�s Digital Markets Act has been in effect for a mere two years, but despite all the obstructionism, malicious compliance, and steady stream of lies from US tech companies and Apple in particular, it seems this rather basic consumer protection legislation is already bearing fruit. In a two-year review report on the DMA, the European Commission notes that alternative browser usage has soared, data portability solutions are spreading, alternative application stores are growing, and much more. On top of that, end users can now opt out of companies combining various data sources for profiling, and a significant share! of EU users have apparently done so. Furthermore, end users in the EU can now remove preinstalled applications (whereas American users cannot) and they can download their data from big technology companies and authorise other companies to use that data. Mozilla published a blog post detailing how it has profited from the Digital Markets Act, and it ain�t no peanuts: every ten seconds, someone on iOS chooses Firefox on iOS� browser choice screen, which amounts to more than six million Firefox users on iOS. They also tend to stick with Firefox on iOS, as retention is five times higher when this browser is chosen through a browser choice screen. Academic analysis points the same way. Independent researchers compared Firefox daily active users in the EU with 43 non-EU countries. Comparing the 15 months before and after browser choice screens rolled out on iOS, they found that Firefox daily active users (DAU) were 113% higher in the EU than it would have been without the DMA. On Android, it was 12% higher. The smaller Android effect is due to the fact that Firefox usage there started from a much higher base, and the Android rollout has been more uneven than on iOS. The research also shows that the DMA’s effect is growing over time. ↫ Gemma Petrie and Tasos Stampelos on the Mozilla blog Both the underlying data in the EC report and the data Mozilla provides indicates that the Digital Markets Act is having real and tangible effects, for end users, developers, and companies alike. The neverending barrage of anti-EU and anti-DMA propaganda from Apple, the US government, and their PR attack dogs seems to have been weirdly justified, from the American perspective: basic consumer protection legislation does, indeed, work to lessen the stranglehold major technology companies have on our lives. And considering just NVIDIA�s market cap alone is now equal to more than 17% of the United States� GDP, it makes sense the Americans are unhappy with the DMA. That�s going to make one hell of a sound when it pops.
- Classic 7 combines Windows 7�s Aero Glass with Windows 10
Interest in classic user interface design is spiking, and today we�ve got another great example, highlighted yesterday by Micheal MJD. Classic 7 combined Windows 10 LTSC with a whole slew of themes and deep modifications to deliver Windows 10, but made to look, feel, and even act like Windows 7. Classic 7 is a Windows 10 (IoT Enterprise LTSC 2021) modification made to look 1:1 to Windows 7. It has all of the goodies that Windows 7 had along with some extras included! Classic 7 features a 1:1 OOBE recreation, meaning it�ll feel just like your PC simplified once more. ↫ Classic 7 website As Micheal MJD�s video shows, this is much more than a mere theme, and extends far deeper into the operating system than these kinds of projects generally do. I have no idea how stable this really is, or if it�s even remotely legal to do something like this, but who the hell cares � this is incredibly fun, and seems quite well done.
- Haiku gets basic SMP support for ARM64, and unveils its GSoC projects: Bluetooth improvements incoming
The months, they don�t stop coming, so here�s another progress report for Haiku, our beloved successor to BeOS, the best operating system ever made. This past month the team�s added basic support for SMP on ARM64 (enough to use it in QEMU), the MIME sniffer’s internals have been overhauled for some serious performance gains, and a long list of smaller, but no less important or impactful, changes. Beta 6 still seems to be a ways off due to a number of unfixed bugs and an upcoming WebPositive release, but my usual spiel applies: you don�t need to wait for a beta to test Haiku. It�s stable enough as it is, and a nightly release will do you just fine, including updating to newer nightlies and application releases. This past month also saw which projects Haiku�s GSoC people will be working on. Two projects will focus on improving Haiku�s Bluetooth stack, including adding HFP profile support and support for HID devices, as well as general Bluetooth improvements across the board. The third and final project will focus on improving and expanding Haiku�s Devices application to turn it into a real management utility along the lines of those available on many other modern operating systems.
- EU weighs restricting use of US cloud platforms to process sensitive government data
The European Union is considering rules that would restrict its member governments’ use of U.S. cloud providers to handle sensitive data, sources familiar with the talks told CNBC. ↫ Kai Nicol-Schwarz at CNBC The fact that this has only just become a possible reality now, and not decades ago, is beyond me, but better late than never, I suppose. The Americans voted en masse (not voting is a vote for the winner!) for Trump twice, and there�s no indication they won�t vote for such an anti-Europe basket case again. Their opinions and attitudes towards Europeans are clear: they dislike us deeply, and after the last few years, there�s no going back. Violating trust is easy; restoring it takes decades. Relying on the Americans for our digital infrastructure is, therefore, a monumentally stupid and self-defeating idea. Of course, many members states are addicted to the cloud services from Google, Microsoft, and Amazon, so there�s going to be many individual member states who simply won�t reduce their dependency on the Americans of their own volition. My own country of origin, The Netherlands, only recently signed off on the sale of its government ID services company and associated personal data to an American company, despite the vast majority of the Dutch House of Representatives telling them not to. As such, it makes sense for the EU to step in and simply making it illegal to hand over sensitive data to the Americans. Of course, we�ve got a long way to go, and I�m sure many of any possible proposed restrictions will be watered down considerably by pressure form major member states. Addiction is a harsh disease.
- The anti-minimalist backlash is the bigger story behind Oxygen’s revival
A few weeks ago, we talked about a project within KDE to revive two of their classic themes, Oxygen and Air, and polish them up to make them usable on the current versions of KDE. The developers and designers working on this project say they�ve been utterly surprised by just how popular this news has proven to be, and Filip Fila published a blog post with some thoughts on this unexpected popularity. Why are people yearning so strongly for user interfaces from the past? That’s the real story underneath the retro-yearning. It isn’t a simply story of people wanting their childhood from the 2000s back. It’s that a lot of ‘the new’ we’ve been offering doesn’t satisfy. It doesn’t have personality. It doesn’t feel warm. It doesn’t feel like it was made with the idea of being anything more than a clean product that gets the job done. The escapism towards the past is a symptom. A symptom of unmet needs, not mere sentimentality. ↫ Filip Fila Fila uses modern architecture as an example, and I think it�s an apt one. While monumental modern architecture can easily be beautiful and striking, it�s the mundane buildings all around us that just don�t seem to elicit any positive emotions, no sense of belonging or safety. As Fila also notes, the decades-long swing to minimalism in both architecture and UI design isn�t merely because of a preference among designers, but also because minimalism is a hell of a lot cheaper to produce. A building with very little ornamentation and basic, straight lines is much easier, and thus cheaper, to design, construct, and maintain. The same applies to graphical user interface design. There are some signs that the pendulum is starting to swing back towards more instead of less, in all aspects of design. More and more people are loudly demanding buildings to adopt more classical elements, and as we can all attest to here on OSNews, the longing for aspects of UI design from the �90s and early 2000s to make a return is strong. And not just among us deep in the weeds, either; I�ve lost count of the number of times I�ve seen normal people utterly confounded by modern UI design. Anyway, bring back beveled edges.
- Google gives early peek at Android laptops: Googlebooks
The news that Google is working to move Chrome OS to the Android technology stack, and that it wants to start putting Android on laptops, is not exactly news, as the company has been talking about it for years. At an Android event today, the company finally unveiled the culmination of all this work: Googlebooks. We’re bringing together the best of Android, which comes with powerful apps on Google Play and a modern OS that’s designed for Intelligence, and ChromeOS, which comes with the world’s most popular browser. The result is Googlebook: a new category of laptops built with Gemini’s helpfulness at its core, designed to work seamlessly with the devices in your life and powered by premium hardware. We’re sharing a sneak peek into the Googlebook experience today and will have a lot more to share later this year. ↫ Alex Kuscher at The Keyword, a Google blog apparently The approach here seems very similar to Chromebooks, with Googlebooks being designed and built by various OEMs, but instead of Chrome OS they run Android in desktop mode. Of course, AI! has been creamed all over these things, to the point where not even the venerable mouse cursor is safe: if you wiggle your cursor, it will turn into Magic Pointer!, which will highlight various AI! actions as you hover over stuff on your screen. Google also showed off an AI!-based feature to create widgets, as well as the ability to access files on your phone right from a Googlebook. That�s about all we know as far as functionality and features goes. They�re supposed to go on sale later this year, with models coming from Acer, ASUS, Dell, HP, and Lenovo.
- OpenBSD and slopcode: raindrop to a torrent?
Every single software product is dealing with the question about what to do with AI!-generated code, but the question is particularly difficult to answer for open source operating systems like Linux distributions and the various BSDs, which often consist of a wide variety of software packages from hundreds to thousands of different developers. On top of that, they also have to ask the AI! question for every layer of their offering, from the base install, to the official repositories, to community-run ones. As users, we, too, are asking these same questions, wondering just how much AI! taint we�re willing to spread across our computers. I understand the difficult position Linux distributions are in with regard to AI!. I mean, when even the Linux kernel itself is tainted by AI!, a no- AI! policy is basically an empty gesture for them at this point. Personally, I find a policy of we don�t do �AI� in our work, but we don�t have control over the thousands of components we consist of! to be an entirely reasonable, if deeply unsatisfying, position to take. What else are they going to do? You can�t really be a Linux distribution without, you know, the Linux kernel, which is, as I�ve already said, utterly tainted by AI! at this point. Still, in the back of my mind, I always had a trump card: if all else fails, we�ll always have OpenBSD. Its project leader Theo de Raadt is deeply principled, every OpenBSD user and contributor I know hates AI! deeply, and the project routinely sticks to their principles even when it�s difficult or inconvenient. Yes, this makes OpenBSD not the most ideal desktop operating system, but I�d rather use that than something that embraces the multitude of ethical, environmental, quality, and legal concerns regarding AI! code completely. Imagine my surprise, then, to discover that OpenBSD already contains slopcode in its base installation, with the project�s leaders and developers remaining oddly silent about it. My friend and OSNews regular Morgan posted this on Fedi a few days ago: Nearly six weeks later, and the question of whether AI! generated code in tmux � not tool-assisted bug finding, not refactoring, actual LLM-generated slop with questionable license(1) � that was consequently merged into OpenBSD base, is considered acceptable by the lead devs, remains unanswered. Despite Theo de Raadt�s concrete stance against any code of questionable license origin polluting the project � and the tmux merge was indeed questionable � it seems this is being swept under the rug. This makes me extremely uncomfortable; it�s like seeing a fox in the henhouse but the farmers are all looking the other way and no one can convince them to admit they can see it and root it out. I really don�t know what to do being just a user; I feel like even if I tried to chime in on the mailing list I would just be ignored like the others trying to raise the alarm. I hope, as they do, that this is being discussed internally, away from the public list, and that a positive outcome is near. Maybe they are waiting for the 7.9 release before setting anything in stone. Or maybe the AI! disease has infected one of the last pure operating system projects we have left and there�s no going back. ↫ Morgan on Fedi I obviously share Morgan�s concerns, and like him, I�m also afraid that opening the door to a few drops of slop in base will quickly grow into a torrent of slop as time goes by. Yes, it�s just a patch to tmux, but it�s in base, and the base! of a BSD is almost a sacred concept, and entirely the last place where you want to see code that raises ethical, environmental, quality, and legal concerns. For all we know, this patch of slop or the next one contains a bunch of GPL code because it just so happens that�s where the ball tumbling down the developer�s pachinko machine ended up. GPL code that would then be in the base of a BSD. I echo the call for the OpenBSD project to address this problem, and to set clear boundaries and guidelines regarding AI! code, so users and developers alike know what level of quality and integrity we can expect from OpenBSD and its base installation going forward.
- Windows 11 will start boosting your processor to maximum GHz to make the Start menu open faster
Microsoft is currently testing a brand new performance-enhancing feature in Windows 11. Microsoft, too, is introducing something to Windows 11 called low latency profile! and it this will work irrespective of the processor, be it AMD64 CPUs like Intel or AMD or ARM64 ones like from Qualcomm. Essentially what this new tech will do is apply a maximum available clock frequency boost for a very small span of time, like for one to three seconds, when a user launches any app. The idea is that the app launch time will reduce while the quick clock burst should not impact the overall efficiency of the system by much. ↫ Sayan Sen at Neowin Unsurprisingly, boosting the processor�s clock speed to its maximum for a few seconds will make a menu or application open a little faster. I�m not entirely sure why anyone seems surprised by this, but here we are. Yes, the Start menu will load faster and applications will be ready quicker if you boost the processor to its full potential, but that does raise the question of why Windows 11 would need to do that just to open a menu or load an application in the first place. According to Microsoft�s Scott Henselmann, who defended Microsoft�s approach (weirdly enough he did so on a nazi platform called Twitter! that I�m obviously not linking to), every other modern operating system does the exact same thing, pointing specifically to macOS and GNOME and KDE on Linux. He also pointed out that the Start menu today does a lot more than the same Start menu back in Windows 95, including making network requests and rendering everything in HiDPI. I just want a cascading menu of stuff I can run and don�t want my launcher to make network requests, but alas, I guess I�m old. Anyway, I don�t know enough about the intricacies of how modern processors work to make any statements about how this affects battery life, but instinctively, you�d think this would not exactly be conducive to that. I also wonder if this will trigger a lot of laptops to spin up their fans whenever you open the Start menu, because the few seconds your processor goes full tilt raises its temperature just enough to make that happen. Once this new feature comes out of testing and is generally available, I�d be quite interested in seeing battery tests, as well comparisons to other operating systems to see how it fares.
- GitHub is sinking
Microsoft acquired GitHub and applied their unique brand of enshittification. Amongst their achievements was the spawning of the Copilot circle of hell. Now they’re effectively DDoSing themselves with slop. I won’t dwell on what else went wrong. I don’t know and I don’t care. GitHub is impressively bad now. It’s embarrassing. Shameful. ↫ David Bushell Luckily, there�s really very little in the form of lock-in with GitHub, unless you really value your stars or whatever. There are countless alternatives, and if you�re a programmer, it�s probably absolutely trivial for you to run your own instance of any of the various available forges. If you�re still on GitHub, you should really be thinking about, and planning for, leaving, as it seems it�s circling the drain.
- Debian embraces reproducible builds
Big news from the Debian release team: Debian is going for reproducible package builds. Aided by the efforts of the Reproducible Builds project, we�ve decided it�s time to say that Debian must ship reproducible packages. Since yesterday, we have enabled our migration software to block migration of new packages that can�t be reproduced or existing packages (in testing) that regress in reproducibility. ↫ Paul Gevers Reproducible means, in short, that you can verify that the source code used to build a package is indeed that source code. This provides a layer of defense against people tampering with code or otherwise trying to fiddle with the process between source code and final package on your system. This effort constitutes a tremendous amount of work, but it�s massively important.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
- France Says "Au Revoir" to Microsoft
In a move that should surprise no one, France announced plans to reduce its reliance on US technology, and Microsoft Windows is the first to get the boot.
|
