All the News that Matters

• Rocky Linux emacs Moderate Command Execution Vulnerabilities RLSA-2023-7083
  Moderate: emacs security update

• Rocky Linux 8 Samba Important Fixes for CVE-2022-2127 CVE-2023-34966
  Moderate: samba security, bug fix, and enhancement update

• Rocky Linux 8 freerdp Moderate RDP Issues RLSA-2023-2851
  Moderate: freerdp security update

• Rocky Linux 8 ctags Moderate Security Fix RLSA-2023-2863 CVE-2022-4515
  Moderate: ctags security update

• Rocky Linux wireshark Moderate Security Fix RLSA-2023-7015 CVE-2023-0666
  Moderate: wireshark security update

• Rocky Linux qt5 Moderate Buffer Over-read Remote Attack RLSA-2023-6369
  Moderate: qt5 security and bug fix update

• Rocky Linux flac Important Remote Code Execution Vuln RLSA-2023-5048
  Important: flac security update

• Rocky Linux gmp Low Integer Overflow Security Issue RLSA-2023-6661
  Low: gmp security and enhancement update

• Rocky Linux Nginx Important Code Exec Denial of Service RLSA-2026-29151
  Important: nginx:1.26 security update

• Rocky Linux libfastjson Addresses Moderate Integer Overflow Security Issue
  Moderate: libfastjson security update

• Podman 6.0 Lands with Breaking Changes, AMD GPUs Support
  Podman 6.0 drops CNI, cgroups v1, iptables, slirp4netns, Windows 10, and Intel Mac support while adding new machine and Quadlet features.

• Linux 7.2 Staging Still Working To Tame The Realtek RTL8723BS "Beast Of A Driver"
  Way back in 2017 for the Linux 4.12 kernel the Realtek rtl8723bs WiFi driver was added to the kernel's staging area. Nearly a decade later, it's still being cleaned-up to suit the more rigorous non-staging area of the kernel in the formal networking subsystem. For Linux 7.2, the staging pull request is once again dominated by clean-ups to this Realtek WiFi driver...

• Fooyin 0.11 Adds Internet Radio Browsing to the Qt Music Player
  Fooyin 0.11 music player adds remote stream playback, a new Radio Browser plugin, spectrum visualization, and playlist improvements.

• Latest Steam Client Update Improves PipeWire Session Logic on Linux
  Valve released a new stable Steam Client update today that further improves the PipeWire session logic on Linux, as well as Steam Input, Remote Play, In-Game Overlay, and Friends & Chat features.

• QuadRF uses Raspberry Pi 5 for 4×4 MIMO SDR, RF visualization, and scalable phased-array support
  Crowd Supply recently featured QuadRF, a 4×4 MIMO software-defined radio platform designed for spatial RF visualization, beamforming, and phased-array experimentation. The platform includes four coherent transmit/receive channels, swappable dual-polarization antennas, an integrated Raspberry Pi 5, and a browser-based interface for viewing nearby wireless activity. QuadRF uses four coherent antennas to measure differences in signal arrival […]

• QSOE v0.1 Released As A QNX-Inspired RISC-V OS
  QSOE 0.1 has made its debut as a QNX-inspired, dual kernel architecture open-source operating system just targeting RISC-V...

• KaOS Linux 2026.06 Launches Officially as First Release with Dinit
  The KaOS Linux team has officially released KaOS Linux 2026.06 today as the first ISO snapshot of this independent distribution using Dinit as the default init system instead of systemd.

• MGLRU Improvement Yielding Nice Gains On Linux 7.2: MongoDB 30~100% Higher Throughput
  The many memory management "MM" related improvements were recently merged to Git for the Linux 7.2 kernel. As typical most kernel cycles, some of the low-level improvements can yield nice efficiency wins and better performance in different areas...

• Fish Shell 4.8 Improves History Search, Scripting, and Completions
  Fish 4.8 command-line shell is out now with fixes for history search, completions, vi mode, and cd behavior.

• DietPi v10.5 Updates Raspberry Pi Display and Camera Options
  The June 2026 release of DietPi v10.5 updates the dietpi-config display options, with several Raspberry Pi-specific changes related to graphics drivers, camera support, and display configuration. The release also adds ARMv7 support for the RustDesk Client package and includes several bug fixes affecting NanoPi K2, RTC configuration, and ownCloud Infinite Scale installations. DietPi: DietPi is […]

• Linux Foundation Launches Akrites To Coordinate AI-Driven Open Source Security
  BrianFagioli writes: The Linux Foundation has announced Akrites, a new initiative to coordinate vulnerability disclosure and remediation for critical open source software as AI dramatically speeds up vulnerability discovery. Founding members include AWS, Google, Microsoft, OpenAI, Red Hat, NVIDIA, IBM, Cisco, JPMorganChase, and others. Akrites will provide a shared Security Incident Response Team (SIRT), a standardized coordinated vulnerability disclosure process, and act as a "maintainer of last resort" for abandoned but widely used packages. The goal is to reduce duplicate reports, avoid conflicting patches, and help upstream maintainers address vulnerabilities before they can be exploited. As AI makes it easier to find security flaws, can a coordinated industry effort help protect open source, or does it risk giving large corporations too much influence over the ecosystem? "Akrites is the largest coordinated effort in history to create systems and deploy tooling that leverages the collective power of the community to make everyone safer," the Linux Foundation said in an open letter. "Akrites participants will contribute engineering resources; work to build and ship fixes; or fund the engineers who do. Some companies have contributed mightily already. The reality is, collectively, we need to contribute more."
  
  
  Read more of this story at Slashdot.
  

• Apple Raises Prices On Macs, iPads, and More By Hundreds of Dollars
  Apple has sharply raised prices across its Mac, iPad, HomePod, and Apple TV lineups as surging AI-driven demand creates a global memory and storage shortage. Increases range from $30 for the HomePod mini to $1,300 for the M3 Ultra Mac Studio, with Apple CEO Tim Cook saying efforts to shield customers from higher costs had become "unsustainable." The Verge reports: On Thursday, the company adjusted the price of its new MacBook Neo, which will now start at $699 instead of $599, while the base MacBook Air will jump to $1,299 from $1,099, as reported earlier by Bloomberg. The 14-inch MacBook Pro is getting an increase as well, going from $1,699 to $1,999. Meanwhile, the iPad Air will now start at $749 instead of $599, while the iPad Pro is increasing to $1,199 from $999. As spotted by MacRumors, the M4 Max Mac Studio will now cost $2,499, a big jump from $1,999. The M3 Ultra Mac Studio is now priced at $5,299, up from $3,999. Apple is even raising the prices of its HomePod, which now costs $349 instead of $299, as well as bumping the price of the HomePod mini to $129 instead of $99. The Apple TV also now costs $199 instead of $129.
  
  
  Read more of this story at Slashdot.
  

• LastPass Says Hackers Stole Customer Support Case Data During Klue Breach
  LastPass says hackers stole customers' personal information, support case records, and sales data by breaching market research partner Klue. The password manager told TechCrunch that its own systems and password vaults were unaffected. However, the hackers used their access to obtain "reams of data about LastPass customers," the report says. From the report: In a blog post that shared information about the incident, LastPass said the hackers took customers' names, phone numbers, email addresses, and physical addresses, as well as customer support case data and sales-related data. It's not yet known what was in the contents of customer support tickets, although they likely contain fragments of potentially private or sensitive information. Customers typically contact customer service when they are having a billing issue or need assistance in gaining access to their accounts. Past incidents involving customer support tickets have included credentials and government-issued identity documents. The last data breach LastPass reported was in 2022, when hackers stole the company's entire store of customer password vaults.
  
  
  Read more of this story at Slashdot.
  

• Anthropic Says Alibaba Must Be Punished For Largest Claude Cloning Attack
  An anonymous reader quotes a report from Ars Technica: Anthropic has accused the Chinese firm Alibaba of launching the largest attack yet attempting to clone Claude, as China races to match the capabilities of Anthropic's leading model following Mythos' release and subsequent restriction from foreign markets. Ars obtained a June 10 letter sent to Senators Tim Scott (R-S.C.) and Elizabeth Warren (D-Mass.) one day ahead of a Senate committee hearing on "AI and the American Dream." In the letter, Anthropic shared "new, confidential evidence of the largest campaign to illicitly extract Claude's capabilities we have ever measured." The attacks occurred between April 22 and June 5, when "operators afliated with Alibaba and Alibaba Qwen, Alibaba's AI lab" allegedly generated "more than 28.8 million exchanges with Claude through almost 25,000 fraudulent accounts," Anthropic said. Violating Claude's terms of service and access restrictions, this campaign "targeted some of Claude's most valuable capabilities, such as agentic reasoning, software engineering, and long-horizon tasks." According to Anthropic, Alibaba evaded detection by "using obfuscation techniques and proxy networks." As Chinese demand for reliable obfuscation techniques increases, Anthropic warned there's already "a growing circumvention economy" to fuel an ever-expanding web of future distillation attacks. [...] "Alibaba is governed by an independent board, none of whom has any military affiliation," Alibaba said. "Its products and services are built for retail, logistics, and enterprise information technology -- not weapons, defense, or intelligence." Anthropic appears unconvinced, however, that Alibaba isn't working with the Chinese government. In the letter, Anthropic warned that without stronger interventions, these distillation attacks will "help China reach Mythos Preview-level capabilities sooner." To keep the US ahead of China, Anthropic recommended that Congress pass legislation with three objectives. First, antitrust laws must be updated to allow AI firms to share information about evolving Chinese tactics to deter more threats. Second, the US needs more export controls on chips to hamstring Chinese access to advanced compute so that they simply can't train on US model outputs. That could make conducting distillation attacks pointless, Anthropic suggested. Finally, Congress should pass laws penalizing Chinese labs' "bad behavior" so that it's "more difficult and costly" to rely on distillation attacks to advance Chinese models. Penalties could include limiting Chinese firms from accessing US models or advanced US chips or from relying on data centers outside of China, Anthropic suggested.
  
  
  Read more of this story at Slashdot.
  

• Ford Rehires 350 Engineers After AI Fails To Preserve Expertise or Train Juniors
  After Ford's automated quality-control systems and AI tools fell short, the automaker hired 350 veteran engineers over the past three years to mentor younger staff and reprogram the underperforming technology. "Artificial intelligence is a fantastic tool, but it's only as good as the information you use to train it," Charles Poon, Ford's vice president of vehicle hardware engineering, told reporters on a call Wednesday. "Over prior years, we didn't pay as much attention as we should have to the experience of our most knowledgeable engineers that have been with us through many product cycles." Bloomberg reports: Those engineers were "at the heart" of Ford's efforts to turn around quality problems, said Kumar Galhotra, chief operating officer. They now run mandatory meetings that rigorously troubleshoot quality problems and they have reprogrammed AI tools to head off glitches before they happen. "We had been relying more and more on automated quality systems" and not getting the desired results, Galhotra said. "We brought back technical specialists" and "they hunt for failure points before a part ever reaches the plant floor." The return of the veteran engineers at Ford cuts against the prevailing wisdom -- and fear -- that AI will replace all kinds of knowledge workers. But Ford found the machines couldn't replace experience. "Mistakenly we thought that by just introducing artificial intelligence and ingesting the design requirements that we had, that that would produce a high-quality product," Poon said. But "we recognized that for us to enhance some of our automation and machine learning and artificial intelligence tools we needed to ensure that they were trained by the most experienced individuals." As a result of the efforts of the old hands, Ford vaulted above quality stalwarts such as Toyota and Honda on JD Power's bellwether survey that measures the quality of a car during the first three months of ownership. Only luxury brands Porsche and Genesis topped Ford this year.
  
  
  Read more of this story at Slashdot.
  

• Micron Locks In Historically High Memory Prices For Five Years
  Micron has signed 16 "strategic customer agreements" (SCAs) that include a floor price the company says comes with "a very robust gross margin for Micron, well above our peak quarterly margins in any past cycle." Most of the deals run through 2030 and cover about 40% of Micron's revenue. The Register reports: Micron CEO, president and chairman Sanjay Mehrotra explained the SCAs in prepared remarks delivered during the company's Q3 earnings call. He explained that Micron has signed 16 SCAs, most of them covering 2026 to 2030, and that they involve a commitment to buy a certain quantity of product and pay for it in a pricing band that has a floor and a ceiling price. The floor price covers the historically high gross margins mentioned above, and the ceiling price means those who commit to an SCA are insulated if memory prices go even higher. The CEO said 16 customers have signed SCAs and then explained why it's worth locking into the deals even though they bake in such high margins. "Our customers are recognizing that supply shortages in memory and storage will take considerable time to improve," he said. "Even as we expect industry supply to improve gradually in 2028, we currently do not have line of sight as to when memory supply will be able to catch up with increasing demand." Even massive efforts to build new chip fabs aren't much help, he said, because the increasing complexity of new memory types means it takes longer to build factories -- and when they come online there still won't be enough capacity to build both the high-bandwidth memory needed for AI and other types of NAND and DRAM. "Supply is structurally constrained in its growth and ability to meet industry demand, despite our comprehensive efforts to increase supply," he said. Don't assume that SCAs mean your suppliers get price certainty, because Mehrotra said the deals will account for 40 percent of Micron revenue -- meaning the company is reserving most of its inventory to sell at prices it can negotiate. The CEO did have a little good news in the form of predictions that Micron's DRAM output in 2026 will "grow in the low- to mid-20s percentage range, slightly above our prior outlook." He also revealed that the SCAs see customers pay up front, which helps Micron to fund its fab expansions.
  
  
  Read more of this story at Slashdot.
  

• Google Starts Lowering Play Store Fees, Making Good On Epic Games Settlement
  An anonymous reader quotes a report from Ars Technica: Google spent the last few years locked in a legal grudge match with Epic Games, which claimed that Google's stewardship of the Play Store was anticompetitive. Now, the companies are thick as thieves, and Google is beginning to implement app store changes as agreed in its settlement with Epic. The lower developer fees and new payment options that Google promised are rolling out in select markets this month before expanding. [...] Starting on June 30, developers in Europe, the UK, and the US will have access to the new fee structure. This system will split the commission into two components: billing and service fees. The biggest win for small developers is the new flat 10 percent service fee for the first $1 million in earnings every year. Above that, the rate for various transaction types may reach 25 percent on existing installs. Apps installed after June 30 will top out at 20 percent. Developers will finally be allowed to send users outside the Play Store to complete a transaction, too. Google says they can design a choice screen "in accordance with our UX guidelines" to direct users to these external options. Devs pay the standard service fee on these purchases, but they'll avoid the billing fee. All transactions that run through Google's Play Store platform add a 5 percent billing fee -- even the base rate for publishers earning less than $1 million. Google notes that the billing fee is set at 5 percent in the initial markets, but it could be different in other regions. Google will expand the new fee structure globally through September 2027, while also offering reduced fees through updated developer programs. Although the changes may let developers retain more revenue, Google will continue controlling Android distribution and collecting a share of sales as it works toward allowing certified third-party app stores to operate more like the Play Store.
  
  
  Read more of this story at Slashdot.
  

• New Study Shows That Tall Vehicle Hoods Cause Hundreds More Deaths Per Year
  joshuark shares a report from Car and Driver: A new study conducted by the New York Times shows that the increase in vehicle hood height seen over the last two and a half decades, mainly due to the rise in popularity of large SUVs and trucks, has resulted in several thousand deaths that otherwise may not have happened. The study shows that while automakers and regulators have focused on occupant safety, they have turned a blind eye to pedestrian safety, which has fallen since around 2009. Researchers looked at four main datasets in their investigation: crash test data from the National Highway Traffic Safety Administration's (NHTSA) Crash Report Sampling System (CRSS) from 2016 to 2024; NHTSA's Fatality Analysis Reporting System (FARS); vehicle measurement data from Expert AutoStats; and vehicle registration data from S&P Global from 2002 to 2024. The researchers concluded that the increased danger to pedestrians is caused by two main culprits. First, large SUVs and trucks have taller hoods, raising the point of impact above most people's center of gravity and pushing them to the ground, typically hard asphalt, rather than up and onto the hood, which is designed to absorb impacts. Second, with larger A-pillars designed to protect occupants in rollover crashes, modern cars tend to have larger blind spots than cars sold at the turn of the century (presuming the 21st century). The shift toward vehicles with taller hoods led to roughly 3000 deaths between 2016 and 2024. This number is conservative because it does not include crashes that take place in parking lots, driveways, or private roads, which aren't part of the federal database. The data also showed an estimated 2.8 percent increase in the odds of a pedestrian fatality for every one-inch increase in vehicle hood height. Between two different scenarios, one decreasing the hood height of every vehicle in the dataset by 3 inches, and the second using a random sampling of hood heights from 2002 across 10,000 simulated crashes, between 2624 (for scenario two) and 3077 (for scenario one) lives could have been saved from 2016 to 2024.
  
  
  Read more of this story at Slashdot.
  

• NASA Rover Detects Potential Signatures of Ancient Microbial Life On Mars
  NASA's Perseverance rover has detected complex organic carbon in ancient Martian mudstones. The measurements were taken by the rover's Sherloc instrument and the organic carbon that was identified was from the Bright Angel outcrop, "a dried-up river that carried water into the planet's Jezero crater billions of years ago," notes The Guardian. From the report: The form of carbon detected, known as macromolecular carbon or MMC, can originate from living organisms. Geological processes can also produce the material, meaning its detection does not amount to proof of past Martian life. Dr Ashley Murphy at the Planetary Science Institute in Arizona said MMC can be found in different settings and types of rocks. "It may originate from biological sources such as fossilized organic matter found in microbial mats and coal," she said, but could also form in reactions between rocks and water or arrive on impacting meteorites. The mudstone rocks from the Bright Angel outcrop caused a stir in 2024 when the Perseverance rover discovered intriguing surface spots and nodules that resemble features produced by fossilized microbes on Earth. When the scientific details were published last year, Sean Duffy, the former acting head of Nasa, said: "This very well could be the clearest sign of life that we've ever found on Mars." [...] The discovery means Nasa rovers have now found organic-bearing mudstones more than 2,000 miles apart on Mars. The others were reported by the Curiosity rover which is exploring the planet's Gale crater. It "indicates that the habitability of Mars, and the availability of organics, may have been widespread across the planet billions of years ago," the authors write in Science Advances.
  
  
  Read more of this story at Slashdot.
  

• Stripe, Anthropic, and OpenAI Are Backing Effort To Stop Respiratory Infections
  An anonymous reader quotes a report from MIT Technology Review: [T]he payment company Stripe, founded by brothers Patrick and John Collison, says it will fund a new $500 million nonprofit whose goal is preventing both the common cold and the flu. Its eventual aim is to get rid of respiratory viruses altogether. The new organization, called Intercept, will use grants and investments to back prevention approaches, including vaccines, as well as large-scale air-cleaning systems for schools, offices, and other public spaces. In addition to Stripe, other funders include Anthropic, Flu Lab, and the OpenAI Foundation, as well as Bill Gates and several traders at the quantitative investing fund Jane Street Capital, according to an Intercept spokesperson. "I think we treat respiratory infections as a minor nuisance, but have really underweighted the burden that they impose on society," says Nan Ransohoff, the Stripe executive leading the initiative along with Charlie Petty, a venture capitalist who joined Stripe this year. On average, people spend 5% of their lifetime fighting a cold or the flu, according to Ransohoff. Despite that, drug companies put relatively little effort into preventing colds. Part of the problem is that the sniffles are caused by more than 200 different viruses, according to the American Lung Association, with rhinoviruses being the most common culprits. There are so many that it typically doesn't pay to try to stop any one of them with a vaccine. "When pharma companies look at it, it's not as attractive as other things they could work on," says Ransohoff. "So it hasn't attracted the resources." [...] The project takes inspiration from efforts to fight the covid-19 virus, where Veesler's group was among those involved in the speedy development of vaccines, antiviral drugs, and antibodies. According to Ransohoff, Intercept's advisors will include Peter Marks, a former top FDA official, as well as Moncef Slaoui, the pharmaceutical executive who led the US coronavirus vaccine effort, Operation Warp Speed. A key challenge for Intercept will be coming up with ways to counter many viruses at one time. That accounts for the interest in air-cleaning technology, such as using strong ultraviolet light to inactivate viruses. The idea, the group says, is to remove them from the air in the same way municipalities remove impurities from the water supply before it's piped to people's homes.
  
  
  Read more of this story at Slashdot.
  

• % Prime Day Savings Are Live! Save up to 75% on training, certifications, bundles, and THRIVE-ONE Annual. Ends June 26.
  The biggest learning deals of the season have arrived. Save up to 75% on training, certifications, bundles, and more through June 26, and take the next step toward your professional goals. SAVE NOW
  
  The post % Prime Day Savings Are Live! Save up to 75% on training, certifications, bundles, and THRIVE-ONE Annual. Ends June 26. appeared first on Linux.com.
  

• Implementing Secure Zero-Touch Provisioning in AI and Edge Infrastructure
  By Juha Holkkola, FusionLayer Group How DHCP Changed Connectivity In the late 1990s, the DHCP (Dynamic Host Configuration Protocol) quietly catalyzed a revolution in digital connectivity. Before DHCP was introduced, connecting devices to a network involved manual entry of IP addresses, DNS servers, subnet masks, and gateways. Networks were fragile, prone to errors, and severely [0]
  
  The post Implementing Secure Zero-Touch Provisioning in AI and Edge Infrastructure appeared first on Linux.com.
  

• From DHCP to SZTP – The Trust Revolution
  By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
  
  The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
  

• Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship
  Sustaining a Core Part of the Linux Ecosystem The Linux Foundation has announced a second year of sponsorship for the ongoing maintenance of the Linux manual pages (man-pages) project, led by Alejandro (Alex) Colomar. This critical initiative is made possible through the continued support of Google, Hudson River Trading, and Meta, who have renewed their [0]
  
  The post Celebrating the Second Year of Linux Man-Pages Maintenance Sponsorship appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two
  In Part One of this series, we examined how the SONiC control plane and the VPP data plane form a cohesive, software-defined routing stack through the Switch Abstraction Interface.` We outlined how SONiC’s Redis-based orchestration and VPP’s user-space packet engine come together to create a high-performance, open router architecture. In this second part, we’ll turn [0]
  
  The post Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One
  The networking industry is undergoing a fundamental architectural transformation, driven by the relentless demands of cloud-scale data centers and the rise of software-defined infrastructure. At the heart of this evolution is the principle of disaggregation: the systematic unbundling of components that were once tightly integrated within proprietary, monolithic systems.` This movement began with the separation [0]
  
  The post Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One appeared first on Linux.com.
  

• Kubernetes on Bare Metal for Maximum Performance
  When teams consider deploying Kubernetes, one of the first questions that arises is: where should it run? The default answer is often the public cloud, thanks to its flexibility and ease of use. However, a growing number of organizations are revisiting the advantages of running Kubernetes directly on bare metal servers. For workloads that demand [0]
  
  The post Kubernetes on Bare Metal for Maximum Performance appeared first on Linux.com.
  

• How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM
  This article was contributed by Vedrana Vidulin, Head of Responsible AI Unit at Intellias (LinkedIn). As AI becomes central to smart devices, embedded systems, and edge computing, the ability to run language models locally — without relying on the cloud — is essential. Whether its for reducing latency, improving data privacy, or enabling offline functionality, local AI [0]
  
  The post How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM appeared first on Linux.com.
  

• Automating Compliance Management with UTMStacks Open Source SIEM 8 XDR
  Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth. Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions [0]
  
  The post Automating Compliance Management with UTMStacks Open Source SIEM & XDR appeared first on Linux.com.
  

• A Simple Way to Install Talos Linux on Any Machine, with Any Provider
  Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence [0]
  
  The post A Simple Way to Install Talos Linux on Any Machine, with Any Provider appeared first on Linux.com.
  

Engadget"Engadget - Technology News & Expert Reviews"

• The most popular Grok feature is, apparently, exactly what you think
  NSFW uses account for 4well over half4 of traffic, a new report says.

• Commodore has dropped the price of its retro phone by $100 ahead of preorders
  A refreshing direction for a price change.

• Notion Mail is shutting down
  So long, Notion Mail.

• Spain will require carriers to keep mobile networks live during power outages
  Spain9s mobile networks will need to stay live for at least four hours during power outages, per new rules.

• Polestar won't be able to sell its cars in the US next year
  Polestar moved some of its production to the US, but it may be locked out from selling its cars here soon.

• Retroid's Pocket Nova is a very capable 4:3 handheld that costs $229
  Retroid9s Pocket Nova seems capable of handling games up to the GameCube and PS2 era.

• As everything gets more expensive, it's time to make do and mend
  The skyrocketing cost of computer components needs to foster a new mindset.

• You may be plugging your Fire TV Stick into the wrong HDMI port
  It9s not so much about using a wrong port, and more so about freeing up the more capable ones for needier devices.

• Apple will reportedly skip the M6 Pro and Max and jump straight to M7
  Apple may skip the M6 Pro and Max chips.

• Xbox prices are rising again after Microsoft helped drive up component costs
  We9re all trying to find the guy who did this.

• EU OS: A Bold Step Toward Digital Sovereignty for Europe
  Image
  A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
  What Is EU OS?
  EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
  
  Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
  The Vision Behind EU OS
  The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
  
  Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
  
  However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
  Conclusion
  EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
  
  Source: It's FOSS
  European Union

• Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
  
  In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
  
  On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
  
  Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
  
  The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
  
  Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
  
  You can download the latest kernel here.
  Linus Torvalds kernel

• AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
  Image
  AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
  
  This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
  
  Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
  
  Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
  
  Source: 9to5Linux
  AerynOS

• Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
  Image
  Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
  
  Here’s a quick overview of what’s new in Xojo 2025r1:
  1. Linux ARM IDE Support
  Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
  2. Web Drag and Drop
  One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
  3. Direct App Store Publishing
  Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
  4. New Desktop and Mobile Features
  This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
  5. Performance and IDE Enhancements
  Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
  What Does This Mean for Developers?
  Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
  How to Get Started
  Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
  
  Download Xojo 2025r1 today at xojo.com.
  Final Thoughts
  With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
  Xojo ARM

• New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
  
  Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
  
  Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
  
  Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest. 
  
  Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
  
  Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
  
  Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
  
  By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
  Windows

• Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
  
  The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally. 
  
  As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
  
  In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions. 
  
  After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
  
  The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
  
  At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
  
  The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
  Security

• Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
  
  The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
  
  A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
  
  This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem. 
  
  The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
  
  On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
  
  In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
  kernel

• Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
  
  Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
  
  The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
  
  Here is what Linus Torvalds had to say in today's announcement:
  Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds

• Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
  
  Want to interact with ChatGPT from your Linux desktop without using a web browser?
  
  Bavarder, a new app, allows you to do just that.
  
  Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
  
  With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
  
  During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
  
  At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
  
  As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
  
  Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
  ChatGPT AI

• LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
  
  Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
  
  Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
  
  LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
  
  You can download LibreOffice 7.5.3 directly from the LibreOffice website��or from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
  
  All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
  
  In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
  
  Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
  
  The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
  LibreOffice