All the News that Matters

• Ubuntu 24.04 USN-7889-7: Linux Kernel Critical Update for Multiple Issues
  Several security issues were fixed in the Linux kernel.

• Debian 11: glib2.0 Important Denial of Service Fix DLA-4412-1 CVE-2025-4373
  Multiple issues were found in GLib, a general-purpose, portable utility library, that could lead to denial of service, memory corruption or potentially arbitrary code execution if maliciously crafted data is processed. For Debian 11 bullseye, these problems have been fixed in version

• Debian 11: libgd2 Important DoS Issues CVE-2021-38115 DLA-4411-1
  Vulnerabilities were found in libgd2, the GD Graphics Library, which could lead to Denial of Service via crafted input files. CVE-2021-38115 Maryam Ebrahimzadeh discovered an out-of-bounds read vulnerability in read_header_tga(), which may lead to Denial of Service via a

• SUSE: xkbcomp Moderate Update CVE-2018-15853 Crash Risk 2025:4407-1
  An update that solves four vulnerabilities can now be installed.

• SUSE Releases Moderate Security Update for libssh CVE-2025-8114
  An update that solves one vulnerability can now be installed.

• Debian: Paramiko Important Info Disclosure CVE-2022-24302 DLA-4409-1
  A race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. For Debian 11 bullseye, this problem has been fixed in version 2.7.2-1+deb11u1. We recommend that you upgrade your paramiko packages.

• KDE Ni! OS Is a Playful Take on Immutable Linux Built on NixOS
  A KDE developer introduces KDE Ni! OS, a light-hearted but practical experiment that brings immutable Linux concepts to KDE using NixOS.

• Torvalds On Linux Security Modules: "I Already Think We Have Too Many Of Those Pointless Things"
  Stemming from a security researcher and his team proposing a new Linux Security Module (LSM) three years ago and it not being accepted to the mainline kernel, he raised issue over the lack of review/action to Linus Torvalds and the mailing lists. In particular, seeking more guidance for how new LSMs should be introduced and raised the possibility of taking the issue to the Linux Foundation Technical Advisory Board (TAB)...

• DietPi 9.20 Brings RustDesk Server and Broad SBC Improvements
  DietPi 9.20 is out with RustDesk Server support, USB improvements for Orange Pi boards, kernel updates, and multiple stability and bug fixes.

• Emmabuntüs Debian Edition 6 Released With Strong Focus on Accessibility
  Emmabuntüs DE 6 launches with a Debian 13.2 base with accessibility improvements, new speech tools, and enhanced support for visually impaired users.

• Fedora 44 Could Work Nicely "Out Of The Box" On Snapdragon-Powered Windows ARM Laptops
  Longtime Red Hat engineer Hans de Goede who worked on many Intel/AMD laptop enhancements over the years left Red Hat and ended up joining Qualcomm. Now it turns out one of his projects at Qualcomm is enhancing the Fedora Linux support for running nicely out-of-the-box on Snapdragon-powered Windows on ARM laptops...

• Scribus 1.6.5 Open-Source Desktop Publishing App Released with Various Changes
  The development team behind Scribus, an open-source and cross-platform desktop publishing app, released version 1.6.5 today as yet another minor update to the Scribus 1.6 stable series.

• Beginners Guide for Type Command in Linux
  In this article, you will learn everything about the type command, including its different options (with practical examples).

• Toradex Luna SL1680 SBC Features Synaptics SL1680 SoC with 8 TOPS NPU, Starts at $105
  Toradex has announced the Luna SL1680, a SBC that introduces the company’s new “Pro Consumer” product tier. Positioned between consumer development boards and fully industrial hardware, the platform targets applications such as smart kiosks, light industrial systems, and advanced maker projects. The Luna SL1680 is built around the Synaptics SL1680 system-on-chip, which integrates a quad-core […]

• Fedora Games Lab Looks To Be Revitalized As Modern Linux Gaming Showcase
  One of the lesser known Fedora spins under the "Fedora Labs" initiative is the Fedora Games Lab that showcases some open-source games and can serve as an easy demonstrator for Linux gaming. Looking forward to 2026 with Fedora 44, there is a proposal to revitalize Fedora Games Lab to become a better showcase for the modern potential of Linux gaming...

• Creating Data Analysis Pipelines using DuckDB and RStudio
  This data project details the shift to an In-Situ ELT workflow showcases a hybrid RStudio/Python environment essential for transforming today’s analysts into "Data Ops."

• McKinsey Plots Thousands of Job Cuts in Slowdown for Consulting Industry
  McKinsey, the consulting giant that has spent a century advising companies on how to cut costs and restructure operations, is now turning that advice inward as it plans to eliminate thousands of jobs across its non-client-facing departments over the next 18 to 24 months. The firm's leadership has discussed a roughly 10% headcount reduction in support functions, according to Bloomberg. McKinsey's revenue has hovered around $15 billion to $16 billion for the past five years after a decade of rapid expansion that saw employee count climb from 17,000 in 2012 to 45,000 by 2022. The headcount has since slid to about 40,000. The cuts come as consulting firms face cost-conscious clients, Trump administration pressure on government consulting spending, and reduced payments from Saudi Arabia, which had been paying McKinsey at least $500 million annually in the decade up to 2024. McKinsey cut about 1,400 jobs in 2023 under a plan internally labeled Project Magnolia, and axed 200 global tech positions last month. The firm still plans to hire consultants even as it shrinks support staff.
  
  
  Read more of this story at Slashdot.
  

• High-Speed Traders Are Feuding Over a Way To Save 3.2 Billionths of a Second
  A millisecond used to be a big deal for the world's quickest traders. A dispute over huge trading profits at one of the world's largest futures exchanges shows they now think a million times faster [non-paywalled source]. From a report: The controversy is about an arcane technical maneuver in which high-speed traders bombard Frankfurt-based Eurex with useless data. The idea is to keep their connections to the exchange warm so they can react fractionally faster to market-moving information. The battle is the latest chapter in a decadeslong contest among secretive ultrafast trading firms, which have pursued a relentless quest for minuscule speed advantages. A group of high-frequency trading firms has exploited the practice to rake in hundreds of millions of dollars, says Mosaic Finance, a French firm that has complained to Eurex and European regulators. "An arms race is OK, but you must use legal weapons," said Hugues Morin, founder of Mosaic. Eurex says Mosaic's claims are baseless. [...] High-speed traders often seek to capture fleeting differences between prices of related assets, making quick response times critical. If benchmark Euro Stoxx 50 index futures rise, for example, contracts tied to Germany's DAX will usually follow. A first mover will be able to buy DAX futures before they tick higher, then sell out at a higher price -- a strategy that can add up to big profits over time. The maneuver that prompted Mosaic's spat with Eurex can improve reaction times by about 3.2 nanoseconds, according to the French firm, which calls it "corrupted speculative triggering," or CST for short.
  
  
  Read more of this story at Slashdot.
  

• Tech Giants Can't Agree On What To Call Their AI-Powered Glasses
  The glasses-shaped face computers that tech companies have been building for years now face an identity crisis, and their makers can't agree on what to call them. Meta has asked a journalist to refer to its Ray-Ban glasses as "AI glasses" to distinguish them from Google Glass. Google, whose Project Aura is a collaboration with Xreal, calls the product "wired XR glasses" because the company views it as more aligned with headsets in a glasses form factor. Xreal's CEO Chi Xu laughed when asked about Aura's category and said the company will call all its products "AR glasses." Research firms aren't aligned either. Gartner defines smart glasses as camera- and display-free devices with Bluetooth and AI. Counterpoint Research said smart glasses without see-through displays drive volumes in the smart eyewear category. IDC uses a broader definition that includes anything glasses-shaped.
  
  
  Read more of this story at Slashdot.
  

• The Entry-Level Hiring Process Is Breaking Down
  The traditional signals that employers used to evaluate entry-level job candidates -- college GPAs, cover letters, and interview performance -- have lost much of their value as grade inflation and widespread AI use render these metrics nearly meaningless, writes The Atlantic. The recent-graduate unemployment rate now sits slightly higher than the overall workforce's, a reversal from historical norms where new college graduates were more likely to be employed than the average worker. Job postings on Handshake, a career-services platform for students and recent graduates, have fallen by more than 16 percent in the past year. At Harvard, 60% of undergraduate grades are now A's, up from fewer than a quarter two decades ago. Seven years ago, 70% of new graduates' resumes were screened by GPA; that figure has dropped to 40%. Two working papers examining Freelancer.com found that cover-letter quality once strongly predicted who would get hired and how well they would perform -- until ChatGPT became available. "We basically find the collapse of this entire signaling mechanism," researcher Jesse Silbert said. The average number of applications per open job has increased by 26% in the past year. Students at UC Berkeley are now applying to 150 internships just to land one or two interviews.
  
  
  Read more of this story at Slashdot.
  

• Mozilla's New CEO Bets Firefox's Future on AI
  Mozilla has named Anthony Enzor-DeMeo as its new chief executive, promoting the executive who has spent the past year leading the Firefox browser team and who now plans to make AI central to the company's future. Enzor-DeMeo announced on Tuesday that an "AI Mode" is coming to Firefox next year. The feature will let users choose from multiple AI models rather than being locked into a single provider. Some options will be open-source models, others will be private "Mozilla-hosted cloud options," and the company also plans to integrate models from major AI companies. Mozilla itself will not train its own large language model. "We're not incentivized to push one model or the other," Enzor-DeMeo told The Verge. Firefox currently has about 200 million monthly users, a fraction of Chrome's roughly 4 billion, though Enzor-DeMeo insists mobile usage is growing at a decent clip. He takes over from interim CEO Laura Chambers, who led the company through a major antitrust case and what Mozilla describes as "double-digit mobile growth" in Firefox. Chambers is returning to the Mozilla board of directors. The new CEO has outlined three priorities: ensuring all products give users control over AI features including the ability to turn them off, building a business model around transparent monetization, and expanding Firefox into a broader ecosystem of trusted software. Mozilla VPN integration is planned for the browser next year.
  
  
  Read more of this story at Slashdot.
  

• Google's Real Estate Listings 'Experiment' Sends Zillow Shares Down More Than 8%
  Google's data partner HouseCanary has begun displaying home listings directly in search results in select markets, sending Zillow's shares tumbling more than 8% yesterday as investors weighed whether the search giant might eventually cut into the portal business that Zillow dominates. The experiment places property details, prices, images and a "Request a tour" button at the top of mobile search results. HouseCanary, a full-service brokerage licensed in all 50 states and Washington D.C., said it contacted every MLS in the test regions before launching. Analysts are largely downplaying immediate concerns. Goldman Sachs noted that most of Zillow's traffic comes directly through its apps and websites rather than Google searches, though the firm views the development as a long-term risk. Piper Sandler called the fears "overblown," and Wells Fargo suggested portals like Zillow would likely end up bidding for ad units on Google rather than losing traffic outright.
  
  
  Read more of this story at Slashdot.
  

• SoundCloud Confirms Breach After Member Data Stolen, VPN Access Disrupted
  An anonymous reader quotes a report from BleepingComputer: Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database containing user information. The disclosure follows widespread reports over the past four days from users who were unable to access SoundCloud when connecting via VPN, with attempts resulting in the site displaying 403 "forbidden" errors. In a statement shared with BleepingComputer, SoundCloud said it recently detected unauthorized activity involving an ancillary service dashboard and activated its incident response procedures. SoundCloud acknowledged that a threat actor accessed some of its data but said the exposure was limited in scope. [...] BleepingComputer has learned that the breach affects 20% of SoundCloud's users, which, based on publicly reported user figures, could impact roughly 28 million accounts. The company said it is confident that all unauthorized access to SoundCloud systems has been blocked and that there is no ongoing risk to the platform. "We understand that a purported threat actor group accessed certain limited data that we hold," SoundCloud told BleepingComputer. "We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles."
  
  
  Read more of this story at Slashdot.
  

• PayPal Applies To Become a Bank As US Loosens Regulatory Reins
  PayPal has applied to become a US bank by forming a Utah-chartered industrial loan company, signaling a push to deepen its financial services "as companies rush to capitalize on a friendly regulatory environment under the Trump administration," reports Reuters. From the report: If approved, the move will help PayPal to strengthen its lending offerings to small businesses in the U.S. as well as reduce its reliance on third parties. "Securing capital remains a significant hurdle for small businesses striving to grow and scale," said PayPal CEO Alex Chriss. "Establishing PayPal Bank will strengthen our business and improve our efficiency, enabling us to better support small business growth and economic opportunities across the U.S." PayPal also plans to offer interest-bearing savings accounts to customers. The company has provided over $30 billion in loans and capital since 2013, it said. [...] PayPal has selected Mara McNeill to serve as PayPal Bank's president. She comes with over two decades of experience in banking and commercial lending, and has previously served as the CEO of Toyota Financial Savings Bank.
  
  
  Read more of this story at Slashdot.
  

• Glaciers To Reach Peak Rate of Extinction In the Alps In Eight Years
  A new study warns that glaciers in the European Alps will hit their peak extinction rate within eight years, with global glacier loss accelerating toward thousands per year unless emissions are rapidly cut. "Glaciers in the western US and Canada are forecast to reach their peak year of loss less than a decade later, with more than 800 disappearing each year by then," adds the Guardian. From the report: About 200,000 glaciers remain worldwide, with about 750 disappearing each year. However, the research indicates this pace will accelerate rapidly as emissions from burning fossil fuels continue to be released into the atmosphere. Current climate action plans from governments are forecast to push global temperatures to about 2.7C above preindustrial levels, supercharging extreme weather. Under this scenario, glacier losses would peak at about 3,000 a year in 2040 and plateau at that rate until 2060. By the end of the century, 80% of today's glaciers will have gone. By contrast, rapid cuts to carbon emissions to keep global temperature rise to 1.5C would cap annual losses at about 2,000 a year in 2040, after which the rate would decline. [...] The new study, published in Nature Climate Change, analyzed more than 200,000 glaciers from a database of outlines derived from satellite images. The researchers used three global glacier models to assess their fate under different heating scenarios. Regions with the smallest and fastest-melting glaciers were found to be the most vulnerable. The study estimates the 3,200 glaciers in central Europe would shrink by 87% by 2100 -- even if global temperature rise is limited to 1.5C, rising to 97% under 2.7C of heating. In the western US and Canada, including Alaska, about 70% of today's 45,000 glaciers are projected to vanish under 1.5C of heating, and more than 90% under 2.7C. The Caucasus and southern Andes are also expected to face devastating losses. Larger glaciers take longer to melt, with those in Greenland reaching their peak extinction rate in about 2063 -- losing 40% by 2100 under 1.5C of heating and 59% under 2.7C. However, the melting is forecast to continue beyond 2100. The researchers said the peak loss dates represent more than a numerical milestone. "They mark turning points with profound implications for ecosystems, water resources and cultural heritage," they wrote. "[It is] a human story of vanishing landscapes, fading traditions and disrupted daily routines."
  
  
  Read more of this story at Slashdot.
  

• Microsoft Will Finally Kill Obsolete Cipher That Has Wreaked Decades of Havoc
  An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...] Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions. To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."
  
  
  Read more of this story at Slashdot.
  

• Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two
  In Part One of this series, we examined how the SONiC control plane and the VPP data plane form a cohesive, software-defined routing stack through the Switch Abstraction Interface.` We outlined how SONiC’s Redis-based orchestration and VPP’s user-space packet engine come together to create a high-performance, open router architecture. In this second part, we’ll turn [0]
  
  The post Disaggregated Routing with SONiC and VPP: Lab Demo and Performance Insights  Part Two appeared first on Linux.com.
  

• Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One
  The networking industry is undergoing a fundamental architectural transformation, driven by the relentless demands of cloud-scale data centers and the rise of software-defined infrastructure. At the heart of this evolution is the principle of disaggregation: the systematic unbundling of components that were once tightly integrated within proprietary, monolithic systems.` This movement began with the separation [0]
  
  The post Disaggregated Routing with SONiC and VPP: Architecture and Integration  Part One appeared first on Linux.com.
  

• Kubernetes on Bare Metal for Maximum Performance
  When teams consider deploying Kubernetes, one of the first questions that arises is: where should it run? The default answer is often the public cloud, thanks to its flexibility and ease of use. However, a growing number of organizations are revisiting the advantages of running Kubernetes directly on bare metal servers. For workloads that demand [0]
  
  The post Kubernetes on Bare Metal for Maximum Performance appeared first on Linux.com.
  

• How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM
  This article was contributed by Vedrana Vidulin, Head of Responsible AI Unit at Intellias (LinkedIn). As AI becomes central to smart devices, embedded systems, and edge computing, the ability to run language models locally — without relying on the cloud — is essential. Whether its for reducing latency, improving data privacy, or enabling offline functionality, local AI [0]
  
  The post How to Deploy Lightweight Language Models on Embedded Linux with LiteLLM appeared first on Linux.com.
  

• Automating Compliance Management with UTMStacks Open Source SIEM 8 XDR
  Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth. Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions [0]
  
  The post Automating Compliance Management with UTMStacks Open Source SIEM & XDR appeared first on Linux.com.
  

• A Simple Way to Install Talos Linux on Any Machine, with Any Provider
  Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence [0]
  
  The post A Simple Way to Install Talos Linux on Any Machine, with Any Provider appeared first on Linux.com.
  

• Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
  OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
  
  The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
  

• Project Tazama, A Project Hosted by LF Charities With Support From the Gates Foundation, Receives Digital Public Good Designation.
  Exciting news! The Tazama project is officially a Digital Public Good having met the criteria to be accepted to the Digital Public Goods Alliance ! Tazama is a groundbreaking open source software solution for real-time fraud prevention, and offers the first-ever open source platform dedicated to enhancing fraud management in digital payments. Historically, the financial [0]
  
  The post Project Tazama, A Project Hosted by LF Charities With Support From the Gates Foundation, Receives Digital Public Good Designation. appeared first on Linux.com.
  

• Xen 4.19 is released
  Xen Project 4.19 has been officially out since July 31st, 2024, and it brings significant updates. With enhancements in performance, security, and versatility across various architectures like Arm, PPC, RISC-V, and x86, this release is an important milestone for the Xen community. Read more at XCP-ng Blog
  
  The post Xen 4.19 is released appeared first on Linux.com.
  

• Advancing Xen on RISC-V: key updates
  At Vates, we are heavily invested in the advancement of Xen and the RISC-V architecture. RISC-V, a rapidly emerging open-source hardware architecture, is gaining traction due to its flexibility, scalability and openness, which align perfectly with our ethos of fostering open development ecosystems. Although the upstream version of Xen for RISC-V is not yet fully [0]
  
  The post Advancing Xen on RISC-V: key updates appeared first on Linux.com.
  

Engadget"Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics"

• Rainbow Six Mobile will finally be available in February after years of testing
  The long-awaited Rainbow Six Mobile comes out on February 23 for iOS and Android devices. This is a global release and follows years of testing and some significant delays.
  
  This is basically a smartphone version of the popular tactical shooter Rainbow Six Siege. It was "developed exclusively" for mobile devices and features a trio of 5v5 multiplayer modes. There9s a team deathmatch, of course, and a pair of bomb-defusing games that are riffs on a pre-existing mode from Siege.
  
  Rainbow Six Mobile offers access to a bunch of maps, including some that will be familiar to fans of the franchise. There are more than 20 operators to choose from and Ubisoft promises it9ll be adding more content with each new season.
  
  The company is rolling the game out early in some parts of the world. It9s already playable in Poland, France, Canada and parts of Latin America. Everyone else has to wait until February.
  This article originally appeared on Engadget at https://www.engadget.com/gaming/rainbow-six-mobile-will-finally-be-available-in-february-after-years-of-testing-174001081.html?src=rss

• What happened to iRobot can happen to anyone
  The company which popularized robot vacuum cleaners around the world has filed for Chapter 11 bankruptcy. iRobot, makers of the Roomba, has been synonymous with the category since its inception, but its star had dulled in recent years. The company plans to sell its assets to its primary supplier, China’s Picea Robotics, in the hope of maintaining its business.
  
  Everyone’s got a strident opinion as to why iRobot fell from grace. The rugged individualists blame limp regulators on both sides of the pond (and their hatred for big tech) for blocking Amazon’s attempted purchase in 2023. Those on the hardware side of the fence say iRobot’s refusal to embrace LiDAR for navigation until this year left it behind rivals.
  
  Then there’s the geopolitical experts, who can point at China’s industrial policy, subsidies and favorable regulatory environment compared to the US approach. After all, iRobot’s US gear is made in Vietnam, which is now subject to a 46 percent import levy. As how hard Apple fought in court to prevent it.
  
  Even before this year’s tariffs, iRobot struggled to compete on price in a manner we’ve seen in other fields. Remember Fitbit before Google purchased it, happily selling $80 fitness trackers for years until Xiaomi swiped the low-end part of its business for itself. Even if the early MiBands weren’t very good, you could buy three for the price of a single Fitbit Charge. Yes, the argument around quality and reliability is important, but it’s often not as loud or compelling as a competing product sold for a fraction of the price.
  
  iRobot should have either made more of an effort to offer a dirt-cheap model to undercut its rivals, or more likely pull out of the low end altogether. Earlier today, I checked out local retail listings for Roombas and its nearest competitors. Next to one another were the Roomba 405 Combo with Dock and the Roborock Q7 L5+ — both capable of vacuuming and mopping your floor. The former is currently on sale for $400 direct from iRobot, while the latter is currently selling for $220. I’m sure plenty of buyers would have seen the price difference and opted for the cheaper model.
  
  I’m not going to throw too many Told You So’s over iRobot’s fence for not embracing LiDAR sooner. Its omission was a mistake, but you could see why it was shy about abandoning its existing setup. But the company had forgotten one key mantra about the tech world, Andy Grove’s maxim that “only the paranoid survive.” Even the fanciest, highest-end Roombas of the last five years felt a generation behind rival products.
  
  And, at the risk of sounding like a marketing guru, it was never clear what iRobot, or Roomba, stood for. When companies flooded the market with cheaper models, iRobot needed to make it clear what it meant when you bought a Roomba over a generic model. What did, and could, it offer beyond the name and history that made it stand out against cheaper competitors? Companies like Apple and Dyson command a premium, but you almost always know what you’re getting for your money.
  
  All I can say is that it’s good that there isn’t another American company presently in a similar position. I certainly can’t think of a controversial US company that builds things with wheels that has historically rejected LiDAR for its autonomous services. One that has a brand that doesn’t stand for much, or has its identity tied too closely to the identity of its CEO. One that is staring down the barrel at a raft of better equipped and often cheaper Chinese alternatives. Because that company could surely be looking at a similar fate a decade or so down the road.
  
  
  
  
  
  
  This article originally appeared on Engadget at https://www.engadget.com/home/what-happened-to-irobot-can-happen-to-anyone-164500625.html?src=rss

• Dead Island 3 is in development and will reportedly come out in 2028
  The zombie-decapitating sim Dead Island 3 is still being developed, according to financial documents from Dambuster Studios that were pic.twitter.com/FOHOitH3nD
  — Timur222 (@bogorad222) December 16, 2025
  The paperwork says the development is "moving at pace" and that "parts of the game are now in early production." These parts reportedly include feature design, world design, narrative and character design.
  
  We already knew this game was in development, as Dambuster posted on Steam earlier this year that "the outbreak is far from over." The idea of Dead Island 3 makes a whole lot of sense, given the success of the second one. The company has sold over 4 million copies of the game since 2023.
  
  It9s also worth noting that a 2028 release date would put five years between the two sequels. That9s a long time for something like Assassin9s Creed, but nothing for the Dead Island franchise. Dead Island 2 was first announced in 2014, so development took nearly a decade.
  This article originally appeared on Engadget at https://www.engadget.com/gaming/dead-island-3-is-in-development-and-will-reportedly-come-out-in-2028-162522680.html?src=rss

• The best board games to gift and play with the family for the 2025 holiday season
  Once upon a time, a "board game" meant Monopoly or Risk. Then several brave souls dared to ask the question: "What if this was fun?" Thirty years later, we9re blessed with tabletop games that challenge our minds, immerse us in other worlds and conjure good times with those we love — sometimes all three at once. For your gift-buying needs, we9ve put together a list of new favorites and returning classics that run the gamuts of genre and weight. If you9re ready to push beyond Pictionary, read on.
  Best board games to gift (and play) this holiday season
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  Check out the rest of our gift ideas here.
  This article originally appeared on Engadget at https://www.engadget.com/the-best-board-games-to-gift-and-play-with-the-family-for-the-2025-holiday-season-125529223.html?src=rss

• Instagram launches a Fire TV app for Reels
  Have you ever just wished you could watch Instagram Reels right on a TV? Maybe? Well, if so, you9re in luck. Meta has launched an Instagram app exclusively on Fire TV. It will be solely for "short-form video content," so Reels. TikTok launched an app on Fire TV in 2020 before rolling it out to other platforms. 
  
  Instagram and Fire TV users can download the former through Amazon9s App Store. It can either link to an existing account or have a separate account just for TV. The app can hold up to five different Instagram accounts — and time spent factors into any limits on teen accounts. 
  
  "Our mission is to get you to the world’s best content fast, and we’re thrilled to welcome Instagram to Fire TV," Fire TV vice president, Aidan Marcuss, said in a statement. "We’re committed to keep pushing the boundaries of entertainment on customers9 biggest screens — the Instagram team has built an awesome experience, and we’re excited to be the first place to offer it. We can’t wait to see what customers think."
  
  For now, Reels are separated into different channels, such as sports highlights or hidden travel gems. Reels also play automatically, so you don9t have to swipe between content on the screen. According to Meta, the app is still being tested, so these formats might change in the future. 
  
  Instagram users in the US can now get the TV app on Amazon9s Fire TV Stick HD, 4K Plus and 4K Max (first and second generation). It9s also available on the Fire RV 2-Series, 4-Series, and Omni QLED Series. However, Meta says that the Instagram App for TV should be available on more devices and in other countries after this initial testing round.
  This article originally appeared on Engadget at https://www.engadget.com/social-media/instagram-launches-a-fire-tv-app-for-reels-160003710.html?src=rss

• Amazon is set to lay off 370 workers at its European HQ
  Amazon is set to fire 370 people at its European headquarters in Luxembourg in the coming weeks, as Bloomberg reports. That accounts for about 8.5 percent of the workforce. Amazon initially planned to reduce its headcount there by 470, but under European Union law, companies have to negotiate layoffs with employee reps and, in some cases, governments.
  
  Amazon reportedly told employees at the European HQ in a memo the layoffs are "adjustments that reflect business needs and local strategies." The company claims to be going "well beyond industry benchmarks" in Luxembourg with regards to the severance packages it9s offering.
  
  An Amazon employee said it would be difficult for hundreds of people who are all going into the job market at the same time to find employment elsewhere in the country. Affected employees who moved from other countries to work for Amazon will have to leave if they don9t land another job in Luxembourg within three months. After the layoffs, Amazon is still expected to be the fifth-largest employer in Luxembourg, which has a population of 680,000. 
  
  One employee told Bloomberg that the cuts would primarily affect software developers amid a push in the tech industry for AI to take on more coding tasks. Amazon said in October it would cut 14,000 jobs from its global workforce amid its deepening embrace of AI. It was reported that same month that the company9s plans to ramp up its robotics operations could put around half a million jobs in the US at risk.
  
  
  
  
  
  
  This article originally appeared on Engadget at https://www.engadget.com/big-tech/amazon-is-set-to-lay-off-370-workers-at-its-european-hq-154037845.html?src=rss

• Apple's Mac mini M4 is back on sale for a record-low price
  If you9re still debating what gifts to get the important people in your life, sales can be a good starting point. Take Apple9s 2024 Mac mini M4, which is down to $479, from $599. The 20 percent discount brings the device back down to its all-time low price seen over Black Friday. 
  
  Apple released the Mac mini M4 in late 2024 and we were impressed with how something so small could be so powerful. We gave it a 90 in our review, thanks to features like its speed and standard 16GB of RAM. The — currently — $479 base model also comes with 256GB of SSD. We were also happy to see it had front-facing USB-C and headphone ports. 
  
  
  
  If you really want to go all out for someone9s gift (or for yourself) then you can buy one of the Mac mini M49s higher memory or storage options. You can pick up the Mac Mini M4 with 16GB of RAM and 512GB of SSD for $690, down from $799 — a 14 percent discount. Meanwhile, the 24GB of RAM and 512GB of SSD model is 11 percent off, dropping to $890 from $999.
  
  Check out our coverage of the best Apple deals for more discounts, and follow @EngadgetDeals on X for the latest tech deals and buying advice.
  This article originally appeared on Engadget at https://www.engadget.com/deals/apples-mac-mini-m4-is-back-on-sale-for-a-record-low-price-150041509.html?src=rss

• The best subscription box gifts for 2025
  Subscription boxes are the rare gift that keeps its charm long after the wrapping paper is gone. You make the choice once, but the surprises keep landing on their doorstep for months after that. For anyone who loves the buzz of a delivery, these are gifts that extend the season well past December. Each box on this list combines a bit of discovery with something tangible, such as gadgets, books, collectibles, snacks or clever projects. Some appeal to hardcore hobbyists, others to the curious or the comfort seekers, but all offer that same spark of delight that comes from unboxing something unexpected. These are the subscription boxes that make the best gifts to last all year.
  Best subscription box gifts
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  Check out the rest of our gift ideas here.
  This article originally appeared on Engadget at https://www.engadget.com/the-best-subscription-box-gifts-for-2025-130037236.html?src=rss

• PayPal applies to become a bank under Trump's looser financial rules
  PayPal is the latest company looking to become a bank in the US. On Monday, the company announced it had submitted applications for PayPal Bank to the Federal Deposit Insurance Corporation (FDIC) and the Utah Department of Financial Institutions (UDFI). PayPal is already a bank in Europe, based in Luxembourg. 
  
  According to PayPal, it has provided "over $30 billion in loans and working capital" for more than 420,000 business accounts globally. PayPal puts its focus on small businesses in pitching the need for a US bank. "Securing capital remains a significant hurdle for small businesses striving to grow and scale," Alex Chriss, president and CEO of PayPal, said in a release. "Establishing PayPal Bank will strengthen our business and improve our efficiency, enabling us to better support small business growth and economic opportunities across the US." 
  
  PayPal also plans to provide "interest-bearing saving accounts" as a bank. If approved, it would be chartered in Utah. 
  
  Applications to become a bank have popped up left and right this year, with approval odds increasing under the Trump administration. On Friday, the Office of the Comptroller of the Currency (OCC) announced that five cryptocurrency companies, including BitGo, Circle and Ripple, received conditional approval to become federally charted trust banks.  
  
  "New entrants into the federal banking sector are good for consumers, the banking industry and the economy," the OCC9s comptroller Jonathan V. Gould stated in the announcement. "They provide access to new products, services and sources of credit to consumers, and ensure a dynamic, competitive and diverse banking system."
  
  Other companies such as Nissan and Sony have also submitted applications to form a bank. 
  This article originally appeared on Engadget at https://www.engadget.com/big-tech/paypal-applies-to-become-a-bank-under-trumps-looser-financial-rules-143025772.html?src=rss

• Avatar Fire and Ash review: Maybe it's time to sunset Pandora
  No matter what you think of James Cameron9s Avatar movies, their technical ambitions are undeniable. Cameron developed his own camera system to shoot the first Avatar in 3D, but since most of the actors were digitally captured, he also had the freedom to construct scenes with a virtual camera after they were physically shot. For Edie Falco suited up in a wicked exoskeleton in the last film, though).
  
  Instead, Avatar: Fire and Ash is just another Avatar film — it doesn9t push any boundaries, narratively or technically. And without any technical achievements to lean on, the narrative issues inherent with Avatar become all the more glaring. 
  
  It9s still basically a story that places a clueless white dude in the middle of a fight between indigenous and colonialist powers. (Improbably, he9s crowned one of the Na9vi9s best warriors!). The script from Cameron and his co-writers (Rick Jaffa and Amanda Silver, continuing their work from The Way of Water) often hits identical beats to a low-rent CW show. And perhaps worst of all, the stakes of the story haven9t really changed much. Jake Sully (Sam Worthington) and his family are still fighting off the militarized Resource Development Association (RDA), Col. Quaritch still holds a grudge from being killed (twice now!) and from the Sullies raising his Tarzan-like son, Spider (Jack Champion).
  
  There’s an attempt to cast the Na’vi in a new light with the villainous Ash People, who spend their days attacking and stealing from other tribes. While most Na’vi people work cooperatively with other clans and share their reverence for Eywa, the collective consciousness of Pandora, the Ash People resent it for not saving their villages from natural disasters. Despite a deliciously evil performance by Oona Chaplin (Charlie Chaplin9s grandaughter!) as Varang, the Ash People don9t amount to much more than "evil Na9vi." When they inevitably work together with humans to attack other Na’vi, it doesn’t feel surprising in the least. Honestly, it’s a tad insulting.
  Avatar: Fire and Ash20th. Century Studios
  Perhaps we9ve been spoiled by Cameron9s last few films, but Avatar: Fire and Ash ultimately feels like more of the same. Even its massive final battle feels like a retread, since it’s set in the same ocean environment as The Way of Water and is once again focused on protecting psychic alien whales from humans. Cameron does let his action chops shine throughout the film, but after a certain point, trying to enjoy those sequences is like trying to eat a family-sized carton of ice cream by yourself. You’ll enjoy it for a little while, but eventually you’re  left with a massive headache and sugar hangover.
  
  It’s clear that James Cameron has built the Avatar franchise to explore everything he loves: Stories about protecting the environment, fighting against capitalist excess and kicking tons of ass. Parts of Avatar 4 have already been shot, and that film is expected to arrive in 2029. But I’m hoping the 71-year-old filmmaker eventually finds his way out of Pandora. He’s co-directing the Billie Eilish concert film, Hit Me Hard and Soft: The Tour, so that’s a start. But I’m eager to see what other new worlds he can dream up.
  
  
  This article originally appeared on Engadget at https://www.engadget.com/entertainment/tv-movies/avatar-fire-and-ash-review-maybe-its-time-to-sunset-pandora-140000997.html?src=rss

• EU OS: A Bold Step Toward Digital Sovereignty for Europe
  Image
  A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
  What Is EU OS?
  EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
  
  Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
  The Vision Behind EU OS
  The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
  
  Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
  
  However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
  Conclusion
  EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
  
  Source: It's FOSS
  European Union

• Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
  
  Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
  
  In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
  
  On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
  
  Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
  
  The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
  
  Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
  
  You can download the latest kernel here.
  Linus Torvalds kernel

• AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
  Image
  AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
  
  This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
  
  Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
  
  Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
  
  Source: 9to5Linux
  AerynOS

• Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
  Image
  Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
  
  Here’s a quick overview of what’s new in Xojo 2025r1:
  1. Linux ARM IDE Support
  Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
  2. Web Drag and Drop
  One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
  3. Direct App Store Publishing
  Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
  4. New Desktop and Mobile Features
  This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
  5. Performance and IDE Enhancements
  Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
  What Does This Mean for Developers?
  Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
  How to Get Started
  Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
  
  Download Xojo 2025r1 today at xojo.com.
  Final Thoughts
  With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
  Xojo ARM

• New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
  
  Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
  
  Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
  
  Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest. 
  
  Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
  
  Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
  
  Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
  
  By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
  Windows

• Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
  
  The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally. 
  
  As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
  
  In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions. 
  
  After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
  
  The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
  
  At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
  
  The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
  Security

• Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
  
  The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
  
  A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
  
  This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem. 
  
  The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
  
  On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
  
  In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
  kernel

• Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
  
  Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
  
  The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
  
  Here is what Linus Torvalds had to say in today's announcement:
  Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds

• Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
  
  Want to interact with ChatGPT from your Linux desktop without using a web browser?
  
  Bavarder, a new app, allows you to do just that.
  
  Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
  
  With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
  
  During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
  
  At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
  
  As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
  
  Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
  ChatGPT AI

• LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
  
  Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
  
  Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
  
  LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
  
  You can download LibreOffice 7.5.3 directly from the LibreOffice website��or from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
  
  All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
  
  In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
  
  Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
  
  The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
  LibreOffice