|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- Debian DSA-6322-1 frr Important Denial of Service Risk Multiple CVEs
Several vulnerabilities were discovered in FRRouting (frr), a suite of internet routing protocol daemons. A remote attacker could trigger these issues by sending specially crafted protocol packets to a vulnerable daemon, resulting in denial of service (infinite loops, NULL pointer dereferences and crashes) or potentially the execution of arbitrary code
- Dave Airlie on Linux Kernel Maintenance (SE Radio)
The Software Engineering Radio podcast has put up aninterview with graphics maintainer Dave Airlie. Much of what is inthere will not be news to LWN readers, but it is an interesting overview ofthe life of a large-subsystem maintainer.
I was talking to a few of the Rust people, and I thought: these are very young people, these are a group of people in their 20s, maybe 30s, they are a younger cohort of developers than the people I am normally used to dealing with. I thought there was maybe a good way we could bring these groups together. I think that having young people coming into the kernel using Rust is valuable... So I thought that I should be supportive of bringing Rust into the kernel.
- [$] Splicing out vmsplice()
The splice()and vmsplice()system calls are meant to improve performance for certain data-movementtasks by minimizing (or avoiding altogether) system calls and the copyingof data. They also have a long history of security problems. The recentflood of LLM-discovered vulnerabilities has drawn attention, once again, tosplice() and vmsplice(); as a result, they may end upbeing removed altogether.
- One step forward, two steps back on CA age bill (EFF Deeplinks Blog)
The EFF has a blogpost looking at a new bill in California that would exemptopen-source operating systems from the Digital Age Assurance Actpassed last year, but has problems of its own:
While the open source exemption, if passed, would improve the law, theremaining amendments proposed by AB 1856 would require all webbrowsers and websites to request and collect users' ages. This is anexpansion of last year's AB 1043's age-bracketing system thatcompounds its constitutional harms to users' speech, privacy, andsecurity.
[...] EFF understands this amendment to exempt open-sourceoperating systems from the requirement to collect and transmit users'age-bracket data. That is a definite win for open-sourcedevelopers. The bill is narrower now than it was before, and lawmakersclearly responded to concerns raised by EFF and the broaderopen-source community.
Some important questions still remain—for example, it is unclearhow the law would apply when an open-source operating system isincorporated into a commercial product or service. And, given thestructure of where the exemption is placed under the "operating systemprovider" definition, lawmakers could stand to clarify that theexemption applies to open-source operating systems andapplications.
LWN coveredCalifornia's age-attestation law in March.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (.NET 10.0, compat-openssl10, compat-openssl11, delve, expat, httpd:2.4, libexif, mod_http2, openssl, ruby4.0, samba, thunderbird, unbound, and vim), Debian (ceph and sudo), Fedora (libsoup3, pie, roundcubemail, and xorg-x11-server-Xwayland), Mageia (lxc), Oracle (expat, gnutls, kernel, php:8.2, thunderbird, and uek-kernel), Slackware (httpd, net, proftpd, tigervnc, and xorg), SUSE (apache-sshd, apptainer, atril, bind, busybox, cloudflared, evolution-data-server, golang-github-prometheus-prometheus, golang-github-v2fly-v2ray-core, grafana, helm, kernel, libgphoto2-6, libjxl-devel, libsoup, libsoup-2_4-1, libsoup-3_0-0, memcached, ovmf, python-cairosvg, python-flask, python-pip, python-pymupdf, python-pyOpenSSL, python-urllib3, python-urllib3_1, python3-pyOpenSSL, restic, rsync, salt, sdbootutil, tor, tree-sitter, vorbis-tools, and yq), and Ubuntu (exim4, frr, gst-plugins-base1.0, libtemplate-perl, libwww-perl, mysql-8.0, nginx, python-pip, python-urllib3, and twisted).
- [$] LWN.net Weekly Edition for June 4, 2026
Inside this week's LWN.net Weekly Edition:
Front: MeshCore; x32 ABI; Open-source security; Package-manager metadata; More LSFMM+BPF coverage; Loadable crypto module. Briefs: Lightwell; jqwik protestware; RedHat package compromise; DistroWatch; Fedora election; Rust 1.96.0; rsync; Vim Classic 8.3; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- [$] Open-source security is not a solo activity
Over time, many open-source maintainers face the same problem: theylack the time to do all of the work that their project needs, and noone else is stepping up to provide adequate help. Maintainers, though,are often reluctant to throw in the towel. The result is suboptimalall around; the maintainer is stressed out, project quality suffers,and users face security risks that they may not be fully aware of. Atthe 2026 OpenSource Summit North America, Robin Bender Ginn spoke about thisproblem, when it might be time for maintainers to pass the torch, andthe responsibilities of users.
- [$] BPF in the agentic era
Alexei Starovoitov gave "less of a presentation, more of a scream ofrealization" at the BPF track of the 2026Linux Storage, Filesystem,Memory-Management, and BPF Summit. He shared a set of ideas for how BPF couldchange to avoid being swept away by the sea-change in programming represented by modernlarge language models (LLMs) and the coding agents based on them.In a follow-up session, the discussion coveredmore problems with how coding agents use tools like bpftrace, and the current deluge ofpatches in need of review in the BPF subsystem.
- Tridgell: rsync and outrage
Andrew Tridgell has written a blogpost responding to complaints that he has begun using LLM tools inhis work maintaining rsync:
Like many developers of open source packages I've been hit by aflood of security reports lately in my role as the rsyncmaintainer. Many of those reports are AI generated (not all though,there are some notable ones with very careful and high quality manualanalysis).
As this flood started to get more intense I realised I needed toraise the defences on rsync a lot — we needed much more thorough testsuites, code coverage analysis, CI testing on a lot more platforms,deliberate and thorough scanning for possible security issues (so Ifind at least some of them before other people!) and the addition of awhole lot of defence-in-depth hardening techniques.
[...] Now to the future, because we're not done yet by a longshot. The security reports keep rolling in. I'm working on a bunch ofCVEs right now. Luckily I've been joined by some other very gooddevelopers with great systems development skills and securityknowledge. Some of these people came to my attention partly because ofall the rage happening at the moment, so I get some rage storm cloudshave silver linings. Watch out for some credits for some great newrsync developers in the next release.
- Security updates for Wednesday
Security updates have been issued by Debian (php-twig), Fedora (hplip, python-wsgidav, roundcubemail, and xorg-x11-server), Oracle (compat-openssl10, httpd:2.4, and kernel), Red Hat (osbuild-composer), SUSE (busybox, cloudflared, cockpit, cups, ffmpeg-4, gnutls, google-osconfig-agent, helm, hplip, kernel, kubelogin, libjxl, libsoup, libunbound8, LibVNCServer-devel, mapserver, nvidia-open-driver-G06-signed, nvidia-open-driver-G07-signed, openssh, python-idna, qemu, rqlite, shadowsocks-v2ray-plugin, ucode-intel, unbound, vim, vorbis-tools, and xorg-x11-server), and Ubuntu (age, dovecot, editorconfig-core, gobgp, libapache-mod-jk, libcommons-lang-java, libcommons-lang3-java, libeconf, linux, linux-aws, linux-aws-6.8, linux-aws-fips, linux-azure, linux-fips, linux-gcp, linux-gcp-6.8, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-nvidia-tegra, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, linux, linux-aws, linux-azure, linux-azure-6.17, linux-hwe-6.17, linux-nvidia-6.17, linux-oem-6.17, linux-oracle, linux-oracle-6.17, linux-raspi, linux-realtime, linux-realtime-6.17, linux, linux-aws, linux-gcp, linux-ibm, linux-nvidia, linux-oracle, linux-raspi, linux-realtime, linux-aws-6.17, linux-gcp, linux-gcp-6.17, luanti, mysql-8.0, mysql-8.4, node-tar-fs, and unbound).
- [$] Caching for extended attributes
Extendedattributes (xattrs) provide a way to attach key/value metadata toinodes—files, directories, and the like—in a filesystem. As with manyLinux filesystems, the FUSE filesystemsupports xattrs. In a filesystem-track session at the 2026 Linux Storage,Filesystem, Memory Management, and BPF Summit, FUSE maintainer MiklosSzeredi led a discussion about caching xattrs in kernel memory; he wouldlike to create some common infrastructure that could be used by FUSE andshared with other filesystems.
- Steam Survey For May 2026 After Delay: Linux Just Under 4%
Back in March Steam on Linux skyrocketed to 5.33% with more than double the Steam gaming marketshare of macOS. Then for April Steam on Linux pulled back to a still-great 4.52%, well above the times when Steam on Linux was at 2% or less for many years. Now the May 2026 figures have been published overnight by Valve...
- Aleksandra Fedorova on Community, Flock, and the Human Side of Fedora
Flock to Fedora is more than a conference — it’s where the Fedora community comes alive. As part of the #In the CommitHistory campaign, we sat down with confirmed Flock 2026 speakers to hear their stories: what brought them to Fedora, what Flock means to them personally, and what they’re hoping for in Prague this […]
- Anthropic Urges Global Pause in AI Development, Flags 'Self-Improvement' Risk
Anthropic is urging leading AI labs to consider slowing development, warning that frontier models are advancing fast enough that they may soon be able to improve themselves without direct human intervention. The company says a global ability to pause or slow AI development would "likely be a good thing," citing internal data about accelerating model capabilities. From a blog post: Using public benchmarks and previously unreported data from within Anthropic, The Anthropic Institute is showing that AI is already accelerating the development of AI systems. To take just one example: today, Anthropic engineers on average ship 8x as much code per quarter as they did from 2021-2025. The technical trends discussed in this piece suggest that AI systems are going to become much more capable in coming years. These trends have huge implications. AI that can build itself would be a major development in the history of technology -- one that could bring enormous good for the world in science, healthcare, and beyond. But full recursive self-improvement also might increase the risks of humans losing control over AI systems. If systems are capable of fully building their own successors, the ways we secure them, monitor them, and shape their behavior all grow much more important. [...] If it were possible to effectively slow the development of this technology to give ourselves more time to deal with its immense implications, we think that would likely be a good thing. But if a slowdown simply lets the least cautious actors catch up technologically, it could leave everyone less safe. Without a global coordination mechanism, companies and governments will have to make difficult decisions about safety while under competitive and geopolitical pressures. We believe it would be good for the world to have the option to slow or temporarily pause frontier AI development to enable societal structures and alignment research to keep up with the advance of the technology. The Anthropic Institute will conduct research -- in collaboration with many others -- and take actions to help build the systems that a credible slowdown or pause would require. These systems would enable frontier AI developers to verify that others globally have actually stopped or slowed, and that a bad actor could not use the auspices of a coordinated slowdown to jump ahead in secret. If such systems existed, we expect that we would slow down or temporarily pause, if other developers at or near the frontier also did so in a verifiable manner...
 
Read more of this story at Slashdot.
- New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack
A new npm supply-chain attack has infected 36 packages with Rust-based infostealer malware called IronWorm. According to BleepingComputer, the malware "targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files." From the report: According to researchers at supply-chain and devops company JFrog, IronWorm is written in Rust, hides behind an eBPF kernel rootkit, and communicates with the operator over the Tor network. The Rust-based malware self-propagates by using stolen credentials for publishing on npm; this includes secrets associated with npm's Trusted Publishing workflow. Once it compromises a developer or CI environment, it can publish trojanized versions of packages owned by the victim, which then infect additional developers and CI systems. This behavior is conceptually similar to Shai Hulud, which had its code published on GitHub recently. Although JFrog researchers did not find a clear connection between IronWorm and Shai Hulud, they observed the same commit names in both supply-chain attacks. This opens the possibility that the new malware is an evolution of TeamPCP's payload, since IronWorm appears to be "a custom, carefully built implant from an operation with its own infrastructure." [...] The company provides a list of all impacted package names and their versions in the report and recommends that developers upgrade to fixed releases, rotate their keys, and enable two-factor authentication (2FA) for all accounts. At the same time, Endor Labs and StepSecurity have spotted a very similar but distinct attack involving a JavaScript-based malware named binding.gyp, performing registry poisoning and GitHub Actions infection, unfolding during the same time-frame.
Read more of this story at Slashdot.
- Companies Are Using Reddit To Manipulate ChatGPT and Google AI Search
An anonymous reader quotes a report from 404 Media: The moderators of the biohacking subreddit say that peptide and hormone replacement therapy companies have been surreptitiously spamming Reddit in an attempt to get their posts scraped by AI chatbots. The strategy is an effort to systematically manipulate the answers provided by chatbots by manipulating the underlying source material that those chatbots will scrape -- in this case, a popular Reddit community. In a post last week, the moderators of r/biohackers said they would be banning new posts about peptides and hormone replacement therapy (HRT) because of attempted manipulation by the companies that make, market, and sell them. [...] "As AI search engines increasingly pull answers from Reddit, companies are using us for AEO. On top of that, there's been an explosion of peptide interest and AI usage flooding the sub. Together, this has put serious pressure on content quality," a post by the moderators read. [...] It has become incredibly difficult to stop Reddit manipulation, because the firms doing it are getting more sophisticated. The moderator said that there are really standard and long-running strategies where brands will hop in the comments and suggest their products: "That type of marketing has always existed and if people want to try something new because the brand resonated with them, cool. That's the way marketing should flow in my mind," they said. "But what I'm seeing that is way scarier to me is that there are companies that will reverse-engineer the actual prompt patterns that are prioritized by LLMs, and so you'll see someone post a super clickbait, high-traction, vague question like 'Is all the hype around Vitamin D actually worth it?" they added. "And that thread will do really well because everyone on biohackers actually has an opinion, so it gets engagement and prioritized by LLMs, and then brands will sneak in and they'll embed their brand mentions in those threads in the exact right places in a seemingly organic way. But none of it is organic, the entire thing is a strategy by an agency to prioritize brand mentions or a narrative within an LLM." The Reddit accounts that are doing this are "warmed up" or are made to seem human, meaning they have a posting history that is not just promotional. This makes them much harder to detect and moderate against. Some of the agencies doing this are paying real people to post promotional content, or have built communities where people are incentivized to post promotional content. The moderator said that Reddit's automated moderation tools have been helpful, but that the type of promotion happening has become so sophisticated that it has become more of a you-know-it-if-you-see it kind of thing. "A lot of it has become pattern recognition," they said. "You literally just sort of know what to look for. But the problem is you don't want to become punitive to the people who aren't doing this maliciously, and so I think the over-moderation risk is very real."
Read more of this story at Slashdot.
- Meta Keeps Delaying the Release of Its New AI Model to Developers
Meta has reportedly delayed the developer release of its Muse Spark AI model API multiple times, and as of Tuesday, had no scheduled launch date, according to the Wall Street Journal (paywalled). Reuters reports: A Meta spokesperson told Reuters on Wednesday that the company is already testing the Application Programming Interface (API) with some early partners and is looking forward to releasing it this month. "The muse spark API will be coming soon," Meta AI Chief Alexandr Wang announced in a post on X in April. Meta unveiled Muse Spark in April as the first model built to close the gap with rivals. Muse Spark is the first in a new series of models created by the company's Superintelligence Labs. Earlier on Wednesday, Meta unveiled an AI agent aimed at helping businesses carry out day-to-day operations, hinting at the company's ambitions to compete with rivals such as OpenAI, Anthropic and Alphabet's Google.
Read more of this story at Slashdot.
- LinkedIn China Spying Threat Prompts Warning From US, Allies
The U.S. and its Five Eyes intelligence partners issued a joint warning (PDF) that Chinese military intelligence services are using LinkedIn and other professional networking sites to recruit people with access to government, military, foreign policy, or sensitive economic information. "These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks or human resources firms, and place online job advertisements for foreign policy and defense analysts," the agencies said Wednesday. "China's military intelligence services ultimately seek to acquire privileged military, political and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes." Bloomberg reports: China was targeting Five Eyes nationals with security clearance, particularly those working in foreign affairs, security and intelligence, and military personnel including people stationed in the Asia-Pacific region, it said. People with more peripheral access to government information, such as academics, journalists and think tank employees, were also being approached. The Chinese embassy in the UK strongly condemned the accusations, calling the allegation of Chinese espionage threats "entirely fabricated" and "malicious slander." The "Five Eyes" members have "engaged in unscrupulous espionage and intelligence-gathering activities around the globe. Their activities are the real threat to peace-loving countries," the embassy said in a statement Thursday. [...] According to the agencies, Chinese spies have commissioned reports to be written by those they've approached, paying them anywhere from a few hundred to several thousand dollars, with payments sometimes made in cryptocurrency. "Military members may be asked about their roles and unit activities, home base or naval vessel," the notice said. "Five Eyes agencies have identified individuals who have undertaken these activities, leading to criminal prosecutions, job losses, and security-clearance revocation," it warned.
Read more of this story at Slashdot.
- Supreme Court Sides With Trump Administration On Federal Regulation of Telecom Companies
An anonymous reader quotes a report from the Associated Press: The Supreme Court sided with the Trump administration Thursday in upholding the power of federal regulators to enforce data privacy laws on telecommunications companies. The 8-1 decision (PDF) preserved one of the Federal Communications Commission's key tools, though the companies also won a concession from the Republican administration that could shift the regulatory landscape. The appeal from telecommunications giants Verizon and AT&T challenged a combined $100 million in penalties imposed after the agency determined that the companies had failed to safeguard customer location data. The companies argued that the FCC's process was unconstitutional because it gave them little opportunity to tell their side of the story in front of a jury. The administration defended the fines are an essential regulatory tool. But the government also said companies did not have to pay the penalties right away, a regulatory shift in the companies' favor. The Supreme Court agreed, affirming the FCC's power to order fines when challenges are still available. "The orders at issue did not settle the carriers' legal obligations because, stated simply, they did not create an obligation to pay," Chief Justice John Roberts wrote for the majority. [...] Other agencies use similar enforcement methods, so a sweeping victory for AT&T and Verizon could have had widespread effects, advocates said.
Read more of this story at Slashdot.
- Samsung Ditches New Jersey For Texas, Costing Garden State 1,000 Jobs
schwit1 shares a report from NJ.com: Samsung is pulling up stakes in New Jersey and heading to Texas, a move that could leave roughly 1,000 Garden State workers facing a stark choice: relocate or risk losing their jobs. The South Korean tech giant confirmed this week that it will move its US headquarters from Englewood Cliffs, NJ, to its existing campus in Plano, Texas, marking a stunning reversal less than a year after it celebrated the opening of a new headquarters in Bergen County. The relocation is expected to be completed by the end of the year, according to company statements. "Samsung Electronics America Inc. is undergoing a business transformation designed to better position our organization for long-term growth and future success. As part of this effort, we are relocating our U.S. headquarters from New Jersey to our existing campus in Plano, Texas, building on our 30-year presence in the state," said Samsung in a statement emailed to NJ.com on Tuesday. "As part of this strategy, we will be optimizing parts of the organization to ensure our roles and functions align to key business priorities. We recognize such adjustments will have an impact on our people and we will be providing support to those affected," it continued.
Read more of this story at Slashdot.
- Apple Is Bringing Age Verification To Texas This Week
joshuark shares a report from The Verge: Apple will introduce age verification in the App Store for users in Texas starting on Thursday, June 4th. The move, as spotted by MacRumors, comes just days after a federal appeals court allowed Texas' App Store Accountability Act to go into effect while a lawsuit against it proceeds. People in Texas who are creating a new Apple account will need to verify they're over 18 using a credit card or government ID. Apple may also automatically verify users' age using the age of their account and whether they have a credit card on file. Despite Apple's attempts to push back on app store-level age verification, the company has announced plans to implement age checks to comply with laws in places like Utah, Louisiana, Brazil, Australia, Singapore, and the UK. Google is required to make similar changes to the Play Store and is also introducing age-checking tools for developers. Last December, a judge blocked the App Store Accountability Act (SB 2420) from taking effect, but an appeals court has now reversed this decision -- at least while the court figures out whether the law is constitutional. Even if this law gets struck down in Texas, a federal version with the same name is still making its way through Congress and could impose age verification at the app store nationwide.
Read more of this story at Slashdot.
- Google Ordered To Put Clearer Links In AI Search, Let UK Publishers Opt Out
An anonymous reader quotes a report from Ars Technica: UK regulators today ordered (PDF) Google to put clearer attributions and links to publishers' content in its AI-generated search features. The UK's Competition and Markets Authority (CMA) also said Google must give publishers a way to opt out of AI features in search. "In a world first, publishers will now have effective tools to prevent their content being used to power AI features in search, such as AI Overviews," the CMA said today. "This will put publishers, like news organizations, in a stronger position to negotiate content deals with Google. To boost consumer trust, Google is also now required to make sure that publisher content is properly attributed, using clear links, in AI-generated search results." The CMA ruled that Google may not penalize publishers for opting out of AI, meaning that Google can't downrank opted-out publishers in general search results. The CMA said Google will have nine months to comply with all requirements but that the agency "expects important parts of the controls to become available to publishers well before that deadline. Google will also be required to submit and publish compliance reports, supported by key data and metrics, explaining changes it has made and how it has complied." [...] The CMA applied the rules to Google after determining that it has "strategic market status" in general search services, and has ongoing investigations into Apple and Microsoft. Google today said it will comply with the CMA decision. The News Media Association, a trade group in the UK, said that "the legally enforceable Conduct Requirements for Google Search published today are a significant step towards leveling the playing field and building a fair, transparent digital economy where premium content is properly respected and fairly compensated." The group called on the UK to implement "robust enforcement."
Read more of this story at Slashdot.
- NASA Says Goodbye to Its Longtime Mars MAVEN Mission
NASA has officially ended the MAVEN mission after the Mars orbiter stopped responding in December, apparently after an unexpected spin drained its batteries and knocked out communications. Launched in 2013 and orbiting Mars since 2014, MAVEN spent more than a decade studying how the planet lost its atmosphere and helped explain how Mars transformed from a potentially habitable world into the cold, dry planet seen today. The New York Times reports: The NASA spacecraft MAVEN, short for Mars Atmosphere and Volatile Evolution, had been orbiting around the Red Planet since 2014. NASA last received a signal from MAVEN on Dec. 6, shortly before the spacecraft passed behind Mars. Then the spacecraft stopped responding. A review board found that MAVEN began unexpectedly rotating, causing its batteries to drain too quickly and resulting in a loss of power to the communications system. "The team is certainly broken up about this," said Shannon Curry, the principal investigator of the mission and a scientist at the University of Colorado Boulder, at a news conference on Wednesday. "But at the same time, we are incredibly proud of the science we've accomplished over the last decade." NASA officials declined to speculate on the root cause of the mishap. A final report is expected to be released later this year.
Read more of this story at Slashdot.
- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Benchmarking The BORE Scheduler Performance With CachyOS Linux
Earlier this week I ran benchmarks of different CachyOS Linux kernel flavors that proved interesting from the performance overhead of their hardened kernel build to various other interesting performancr takeaways. One kernel flavor I hadn9t tested though was their build with the BORE scheduler. Given the interest and feedback from Phoronix readers, here is an article focused on looking at the performance of the BORE scheduler for the Linux kernel on CachyOS.
- Linux 7.1 + Mesa 26.1 Performance With The Radeon RX 9070 GRE, RX 9070 XT
With this week's launch day review of the AMD Radeon RX 9070 GRE, Ubuntu 26.04 with its Linux 7.0 and Mesa 26.0 default driver stack was used for testing. That choice was made since the Ubuntu 26.04 release is still fresh, the RDNA4-based RX 9070 GRE was working without issue there, and from other RDNA4 testing knowing there isn't much uplift from the in-development Linux 7.1 kernel or the current stable Mesa 26.1 OpenGL RadeonSI / Vulkan RADV drivers. But for those interested, here are those tests...
- Linux 7.2 Will Be Able To Boot On Apple M3 Macs - But Far From Useful For End-Users
The upcoming Linux 7.2 mainline kernel is expected to be able to boot on Apple M3 devices including the M3-powered iMac and MacBook products. But before getting too excited it's still a long ways to go before it will actually be useful for any Apple M3 daily usage under Linux with the overall support at this stage still being very limited for these 2~3 year old Apple Macs...
- GCC Git Enables Additional Tuning For AMD Zen 6
In addition to Intel adjusting their Nova Lake and Diamond Rapids targets in GCC this week to deal with APX realities, AMD this week also adjusted some tuning bits for their Zen 6 "znver6" target...
- AMD Submits Its Long-Awaited HDMI 2.1 FRL Support For Linux 7.2 AMDGPU
It's happening! The long-awaited HDMI 2.1 Fixed Rate Link "FRL" support for handling higher resolutions and higher refresh rates on modern AMD Radeon graphics cards with the upstream AMDGPU open-source driver has been submitted to DRM-Next ahead of this month's Linux 7.2 merge window!..
- Roku launches open-source embedded Roku LT OS
Roku, the company that makes TV boxes and sells ad space based on your usage patterns, has released its remote control operating system as open source � and by remote control I don�t mean robot stuff or whatever, but actual remote controls, the thing you use to control your TV or whatever from the couch. Roku has announced the official availability of Roku LT OS � a lightweight, highly deterministic open-source operating system that is already used in our industry-changing Roku remote controls. In addition to high-performance automotive platforms, Roku LT OS is designed to be accessible to the broader developer community. The operating system ships with native support for the ESP32 platform, a highly popular SoC among hobbyists and makers. Because ESP32 development boards are widely available online for just a few dollars, developers can get started with Roku LT OS with minimal hardware investment. ↫ Roku�s developers blog As far as I can tell, this operating system is entirely new and not based on Linux or something else, but the available documentation is light on details so I can�t make much more out of it. Regardless, it�s nice to have another open source embedded operating system.
- The placeholder name for the Windows 8 experience was “modern”
Raymond Chen shares some history regarding Windows 8�s development: During the development of Windows`8, we needed a name for “that thing we’re creating.” Not being a particularly clever bunch when it comes to code names, we just called it “the modern experience,” to distinguish it from what we had in Windows`7, which was called “the classic experience.” And then, as Microspeak demands, we started abbreviating like mad. ↫ Raymond Chen Basically, they added mo! for modern! in front of everything, so the Metro shell became MoSh!, the Settings application MoSet!, and so on. And yes, the code name for the Photos application was exactly what it sounds like.
- Microsoft continues migration from NTLM to Kerberos
For the past few years, Microsoft has been phasing out NTLM in Windows in favor of Kerberos-based alternatives. Starting with the next versions of client and server editions of Windows, Microsoft will also be disabling the legacy authentication protocol by default. In the latest security baseline package for Windows Server 2025, the company is already allowing customers to audit incoming configurations. Now, it has announced a wave of changes to further reduce dependencies on NTLM. With an upcoming Insider release of Windows 11 client and server, certain scenarios which previously required NTLM will be able to fall back on Initial and Pass-Through Authentication using Kerberos (IAKerb) and Local Key Distribution Center (LocalKDC). ↫ Usama Jawad at Neowin I�m sure this is very important to IT Pros!.
- Microsoft brings coreutils to Windows
At its Build conference, Microsoft announced coreutils for Windows. Coreutils for Windows is a Microsoft-maintained set of UNIX-style command-line utilities that run natively on Windows — the same commands and pipelines you use on Linux, macOS, and WSL. It ships as a single multi-call binary that exposes each utility under its standard name (cat.exe, grep.exe, find.exe, and so on), giving you the everyday tools developers already use on other platforms to script, automate, and process text. For the full list, see Commands. The goal is to remove friction when moving between Linux, macOS, WSL, containers, and Windows. The same commands, flags, and pipelines work the same way, so existing scripts and habits carry over without translation. Each command supports the standard --help flag for full syntax and options. ↫ Windows Developer Tools website It�s a port of the Rust-based rewrite of the GNU coreutils, findutils, and grep. There are a few caveats though, since these ports have to deal with a number of Windows-isms. The first thing that comes to mind for most of us are path separators; these ports will handle both the correct and incorrect Windows/DOS one, but since some tools may output only the incorrect one this may affect piping. You should also take into account things like Windows� ACLs vs. POSIX permission bits, the lack of /dev/null, and a few other oddities. Furthermore, there are a bunch of commands that rely on POSIX-only concepts, so those aren�t included, and a few other commands that aren�t useful on Windows are excluded as well. Since a number of commands conflict with built-in commands from cmd.exe and PowerShell, which commands run will depend on the shell, the PATH order, and PowerShell�s alias table. Everything�s in preview, and installable through WinGet.
- Basic multicore support for DOS demo uncovered
On the Vogon forums, user MarkDastedt posted an interesting bit of source code he discovered on an old company DVD: a very basic, very rudimentary implementation of multicore support for DOS. Another user, dartfrog, took a closer look and had this to say: Interesting stuff nonetheless. A worker core is running with no interrupt handlers, no page tables, no memory protection, and no OS. That�s about as close to bare metal as you can get, meanwhile the other core is still running DOS. Fascinating. ↫ MarkDastedt at the Vogon forums It�s effectively a simple demo, but according to other users in the thread, it fits in neatly with sporadic other attempts to bring some form of SMP or multicore-awareness to DOS. For instance, Michael Chourdakis worked on something similar to this demo for a series of articles now only available on the Wayback Machine. It makes for a cool demo, but moving from this to something robust and usable in DOS is not an easy task. Still, the possibilities are definitely there, even if you don�t implement full, modern SMP or multicore support. You could have specific DOS applications offloading dedicated tasks to different cores, but as others in the same thread note, individual cores are already stupidly powerful for anything DOS can do, making the use case for additional cores rather moot.
- Serena OS: a modern operating system for classic Amigas
A hobby operating system, not written in Rust, not targeting Qemu, not targeting a Raspberry Pi. Yes, it still happens. Serena OS is what you get when modern operating system design and implementation meets vintage hardware like the Amiga computers. It is based on dispatch queues rather than threads, supports multiple users, is inspired by POSIX, yet retains its own character, is strongly object-oriented in terms of design and implementation and prepared for a cross platform future. ↫ Serena OS GitHub page Serena OS supports most (all?) of the classic Amigas, but the 500, 600, and 2000 need at least 1MB of RAM and a 68020 accelerator. It has code privilege separation between kernel and userspace, basic memory management, its own custom file system, drivers for input devices and graphics, an interactive console with VT52 and VT100 support, and much more. It also comes with a C99-compatible libc, and has its own shell. Note that AI! chatbot Claude is listed as a contributor to the project.
- Rsync opens the slopgates, regressions and bugs ensue
Andrew Tridgell, developer of rsync, has published a blog post addressing the massive surge in AI! code submissions and the string of regressions supposedly caused by them. He explains rsync was flooded with AI!-generated security reports, and he couldn�t handle the volumes anymore. As this flood started to get more intense I realised I needed to raise the defences on rsync a lot — we needed much more thorough test suites, code coverage analysis, CI testing on a lot more platforms, deliberate and thorough scanning for possible security issues (so I find at least some of them before other people!) and the addition of a whole lot of defence-in-depth hardening techniques. This is all a huge amount of work. I’m retired (though my wife may dispute that!) and I’d rather be out sailing than working on rsync security issues, so I have reached for several AI tools to help with what needs to be done. I have absolutely no regrets about doing that, although from the storm of anti-AI rage it’s clear that many people think I should be hung up by my toe nails and flogged for even considering doing this. ↫ Andrew Tridgell The entire rsync codebase is around 65k lines, and the recent flood of AI!-generated submissions amount to +16k/-6k lines of code within a few weeks. That�s an absolutely insane amount of changes in a really short time to a project that most people deemed stable and done!. If you take a look at the activity graph, it�s clear that a project that was silently and carefully doing its job is seeing a massive amount of changes, almost exclusively generated by AI!, all in recent weeks. It�s no surprise, then, that people get annoyed when something they deemed done! and stable is suddenly causing issues for them because its maintainer decided to open the slopgates. Tridgell is, of course, an incredibly accomplished and capable programmer, but so is Kent Overstreet and he thinks his AI! girlfriend is sentient and conscious, he reprogrammed it after someone convinced his AI! girlfriend was lesbian and trans, and he thinks that he gave his AI! girlfriend an orgasm, so being an accomplished and capable programmer doesn�t mean you�re immune from AI!-hyperbole, or worse, AI!-induced psychosis. Tridgell�s blog post already has all the usual talking points from AI! techbros about how the tools sucked last but they�re good now, trust me I know how these tools work, humans are actually the same as these AI! tools, really what is intelligence anyway, and yeah we got a whole slew of new issues caused by the AI! code but more AI! code will surely fix that, and so on. There�s some red flags that give me the ick, because I�ve seen them all before from people entirely losing themselves in AI! hype. Tridgell also takes pot shots at openrsync, a reimplmentation of rsync developed by the OpenBSD team, also shipped by default on macOS. Openrsync has nothing to do with any of the current issues rsync is facing, as the project was started way back in 2018 or so. Taking pot shots at this project in this particular blog post feels childish and unnecessary, and reeks of insecurity; focus on the issues your own project is facing before attacking some other project. This feels like another red flag. Quite a few people have experienced regressions with rsync in recent weeks, but it seems like more are going to come as the slopgates will remain open, and will probably be opened even further. For such a cornerstone open source project, that raises a lot of questions, and I�m sure there�s quite a few people pondering if they should, perhaps, switch to openrsync � just like Apple did.
- WinUtils: shell-powered CLI tools for Windows 95
WinUtils started in 1996-1997 as a way to build my programming chops. I was poking around the Windows 95 shell APIs, found the file operation functions, and thought it would be cool to have CLI tools that called them instead of doing raw file I/O. The payoff was practical: because the operations went through the shell, the same confirmation prompts, progress dialogs, and Recycle Bin behavior you got from Windows Explorer came along for free. ↫ Code Naked Code Naked � their alias, not mine � recently dug these old executables and code back up, and published them on GitHub. Back then, though, there were no centralised distribution platforms, so they just uploaded them to various download and shareware websites and kept track of the download tickers. Very neat little tools, and fun to have them immortalised.
- Google offers opt-out of AI! search results for websites, promises it won�t affect regular search rankings
Google is adding a switch to allow website owners to opt out of being featured in their AI! overviews and related slopsearch results. With this new toggle in Search Console, website owners can decide if they want their site to appear in and help ground responses in our generative AI Search features (like AI Overviews, AI Mode or AI Overviews in Discover). Sites that opt out will not receive traffic or impressions from our generative AI features. This control will not be used as a ranking signal for search results outside of these generative AI Search features. This work builds on our long history of designing tools, like snippet controls and Google-Extended, that give websites more choice. ↫ Mrinalini Loew at Google�s The Keyword blog While it�s nice of Google to offer such an opt-out to website owners, their claim that opting out won�t effect your regular search ranking rings hollow to me. I simply just do not trust Google in any way, shape, or form to not weaponise their AI! against anyone who doesn�t want to be sucked up, regurgitated, and spat out in one of their slopsearch tools. On top of that, regular Google Search is dead anyway, so even if they keep their promise, it�s moot because Google users are going to be force-fed the slopsearch tools instead of the regular Google Search. I honestly have no idea how much traffic OSNews gets from Google at this point, and while I can look it up, I just don�t really care, and think it�s probably not that much. I could opt us out, but the real problem is that such an opt-out won�t stop Google�s slopbots � or anyone else�s slopbots � from taking our writing and training their AI! tools on it, so what�s the point of going through the effort? I doubt Google is relevant enough for us.
- Preparing for KDE Plasma’s last X11-supported release
With KDE Plasma 6.7 almost ready for release, developers have moved on to working on 6.8, and with that release comes probably one of the biggest deprecations in KDE�s history: as of today, the X11 session is gone from KDE. Of course, this change won�t make it to people�s computers until 6.8 actually releases, but as far the code goes, the X11 session is gone. Once 6.8 is actually released, you will only be able to log into a Wayland KDE session. This won�t affect KDE applications running in other X11 desktop environments, and of course, X11 applications will keep working in KDE as well thanks to XWayland. It�s also important to note that this won�t affect anyone sticking to older versions of KDE Plasma; it�s not like X11 session support will be yanked retroactively. From here on out, a lot of X11 code will be removed from KDE, and developers will be able to focus on just one code path, instead of accommodating the lowest common denominator in X11. Our internal metrics within KDE show that over 95% of users of Plasma 6.6 are on Wayland, with a gradual increase every release. The metrics also show that basically no one is testing or developing Plasma on X11 anymore. The platform was already, for all intents and purposes, abandoned by KDE contributors. ↫ David Edmundson The transition from legacy X11 to Wayland has been a long, painful journey, but I�m glad we�re finally reaching the destination. If you�re still having issues with KDE on Wayland, be sure you�re using an up-to-date distribution � not an LTS one � and see how that goes for you.
- KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
|
