|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- Debian's Request Tracker 5 SQL Injection Vulnerability Leads to DSA-6324-1
Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result privilege escalation, information disclosure, SQL injections, LDAP authentication bypass, cross-site scripting or spreadsheet (CSV/formula) injection. For the oldstable distribution (bookworm), these problems have been fixed
- [$] Moving beyond fork() + exec()
Since the earliest days of Unix, two of the core process-oriented systemcalls have been fork(), which creates a child process as a copy ofthe parent, and exec(), which runs a new program in the place ofthe current one. In Linux kernels, those system calls are better known asclone()and execve(),but the core functionality remains the same. While there is elegance tothis process-creation model, there are shortcomings as well. A recent proposal fromLi Chen to add "spawn templates" to the kernel will not be accepted in itscurrent form, but it may point the way toward a new process-creationprimitive in the future.
- Ruby's Bundler adds a cooldown feature
Version4.0.13 of Ruby's Bundlerpackage-manager has addeddependency cooldowns in order to help mitigate the effect ofsupply-chain attacks:
Most supply-chain attacks against RubyGems exploit a narrow window:an account is compromised, a malicious version ships, and anybundle install in the minutes that follow resolvesstraight to it. Bundler 4.0.13 introduces cooldown, a time-basedfilter that refuses to resolve to a version until it has been publicfor at least N days. Releases too new to have been scrutinized arepassed over in favor of ones that have aged past the window.
The feature was designed inthe open, drawing on howother ecosystems approach the same problem. It is opt-in, andcomplements rather than replaces existing defenses like mandatory 2FAand trusted publishing.
LWN covereddependency cooldowns in April, and the takeover of RubyGems andBundler in October 2025.
- Security updates for Friday
Security updates have been issued by AlmaLinux (kernel), Debian (dovecot, exim4, frr, and haveged), Fedora (cockpit, freeipa, jpegxl, libre, nextcloud, perl-Cpanel-JSON-XS, perl-Crypt-Argon2, perl-Dist-Build, perl-ExtUtils-Builder, perl-ExtUtils-Builder-Compiler, perl-HTTP-Tiny, perl-libwww-perl, python-starlette, rubygem-yard, rust-sequoia-cert-store, rust-sequoia-chameleon-gnupg, rust-sequoia-octopus-librnp, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-wot, samba, and transmission), Red Hat (image-builder), Slackware (dnsmasq and libinput), SUSE (evince, glibc, google-guest-agent, hplip, ignition, LibVNCServer, libzypp, libsolv, python-Pillow, salt, thunderbird, and vim), and Ubuntu (apache2, linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-fips, linux-gcp, linux-gcp-5.15, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-kvm, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux-realtime, linux, linux-aws, linux-aws-fips, linux-azure, linux-azure-5.4, linux-azure-fips, linux-bluefield, linux-fips, linux-gcp, linux-gcp-5.4, linux-gcp-fips, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-azure, linux-azure-4.15, linux-azure-fips, linux-fips, linux-gcp-4.15, linux-gcp-fips, linux-kvm, linux-oracle, linux-aws-5.4, linux-hwe-5.4, linux-azure-fips, linux-fips, linux-raspi, linux-raspi-5.4, nano, postfix, robocode, tomcat6, tomcat7, and yard).
- Dave Airlie on Linux Kernel Maintenance (SE Radio)
The Software Engineering Radio podcast has put up aninterview with graphics maintainer Dave Airlie. Much of what is inthere will not be news to LWN readers, but it is an interesting overview ofthe life of a large-subsystem maintainer.
I was talking to a few of the Rust people, and I thought: these are very young people, these are a group of people in their 20s, maybe 30s, they are a younger cohort of developers than the people I am normally used to dealing with. I thought there was maybe a good way we could bring these groups together. I think that having young people coming into the kernel using Rust is valuable... So I thought that I should be supportive of bringing Rust into the kernel.
- [$] Splicing out vmsplice()
The splice()and vmsplice()system calls are meant to improve performance for certain data-movementtasks by minimizing (or avoiding altogether) system calls and the copyingof data. They also have a long history of security problems. The recentflood of LLM-discovered vulnerabilities has drawn attention, once again, tosplice() and vmsplice(); as a result, they may end upbeing removed altogether.
- One step forward, two steps back on CA age bill (EFF Deeplinks Blog)
The EFF has a blogpost looking at a new bill in California that would exemptopen-source operating systems from the Digital Age Assurance Actpassed last year, but has problems of its own:
While the open source exemption, if passed, would improve the law, theremaining amendments proposed by AB 1856 would require all webbrowsers and websites to request and collect users' ages. This is anexpansion of last year's AB 1043's age-bracketing system thatcompounds its constitutional harms to users' speech, privacy, andsecurity.
[...] EFF understands this amendment to exempt open-sourceoperating systems from the requirement to collect and transmit users'age-bracket data. That is a definite win for open-sourcedevelopers. The bill is narrower now than it was before, and lawmakersclearly responded to concerns raised by EFF and the broaderopen-source community.
Some important questions still remain—for example, it is unclearhow the law would apply when an open-source operating system isincorporated into a commercial product or service. And, given thestructure of where the exemption is placed under the "operating systemprovider" definition, lawmakers could stand to clarify that theexemption applies to open-source operating systems andapplications.
LWN coveredCalifornia's age-attestation law in March.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (.NET 10.0, compat-openssl10, compat-openssl11, delve, expat, httpd:2.4, libexif, mod_http2, openssl, ruby4.0, samba, thunderbird, unbound, and vim), Debian (ceph and sudo), Fedora (libsoup3, pie, roundcubemail, and xorg-x11-server-Xwayland), Mageia (lxc), Oracle (expat, gnutls, kernel, php:8.2, thunderbird, and uek-kernel), Slackware (httpd, net, proftpd, tigervnc, and xorg), SUSE (apache-sshd, apptainer, atril, bind, busybox, cloudflared, evolution-data-server, golang-github-prometheus-prometheus, golang-github-v2fly-v2ray-core, grafana, helm, kernel, libgphoto2-6, libjxl-devel, libsoup, libsoup-2_4-1, libsoup-3_0-0, memcached, ovmf, python-cairosvg, python-flask, python-pip, python-pymupdf, python-pyOpenSSL, python-urllib3, python-urllib3_1, python3-pyOpenSSL, restic, rsync, salt, sdbootutil, tor, tree-sitter, vorbis-tools, and yq), and Ubuntu (exim4, frr, gst-plugins-base1.0, libtemplate-perl, libwww-perl, mysql-8.0, nginx, python-pip, python-urllib3, and twisted).
- [$] LWN.net Weekly Edition for June 4, 2026
Inside this week's LWN.net Weekly Edition:
Front: MeshCore; x32 ABI; Open-source security; Package-manager metadata; More LSFMM+BPF coverage; Loadable crypto module. Briefs: Lightwell; jqwik protestware; RedHat package compromise; DistroWatch; Fedora election; Rust 1.96.0; rsync; Vim Classic 8.3; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- [$] Open-source security is not a solo activity
Over time, many open-source maintainers face the same problem: theylack the time to do all of the work that their project needs, and noone else is stepping up to provide adequate help. Maintainers, though,are often reluctant to throw in the towel. The result is suboptimalall around; the maintainer is stressed out, project quality suffers,and users face security risks that they may not be fully aware of. Atthe 2026 OpenSource Summit North America, Robin Bender Ginn spoke about thisproblem, when it might be time for maintainers to pass the torch, andthe responsibilities of users.
- [$] BPF in the agentic era
Alexei Starovoitov gave "less of a presentation, more of a scream ofrealization" at the BPF track of the 2026Linux Storage, Filesystem,Memory-Management, and BPF Summit. He shared a set of ideas for how BPF couldchange to avoid being swept away by the sea-change in programming represented by modernlarge language models (LLMs) and the coding agents based on them.In a follow-up session, the discussion coveredmore problems with how coding agents use tools like bpftrace, and the current deluge ofpatches in need of review in the BPF subsystem.
- Sparrow Hawk runs Linux on Renesas R-Car V4H SoC
The Sparrow Hawk from Retronix Technology is a single-board computer built around the Renesas R-Car V4H processor. Originally developed for automotive applications, the R-Car V4H combines Arm Cortex-A76 and Cortex-R52 CPU cores with integrated graphics and AI acceleration. Retronix cites robotics, smart manufacturing, computer vision, and industrial edge systems as example use cases. The board […]
- ARM Linux Server Performance Up More Than 7x Geo Mean In 8 Years, As Much As 15x With NVIDIA Vera CPU
NVIDIA's Vera CPU is delivering the fastest ARM performance I have ever seen. For putting it into perspective how far the ARM server CPU hardware has come in just the last decade and for some "fun" benchmarks as part of Phoronix marking 22 years of Linux hardware reviews and benchmarking, here are some benchmarks showing the Ampere eMAG from September 2018 to the performance now with NVIDIA Vera. Not even factoring in the many software optimizations across the stack over the period, from simply the hardware side the ARM server CPU performance has advanced by more than 7x in eight years and in some workloads nearly 15x faster.
- All-flash and hybrid NAS systems feature multi-gigabit networking and Fygo OS
Radxa has announced two upcoming NAS systems, the DragonStation and DragonBay. Powered by a Qualcomm Snapdragon platform and shipping with Fygo OS pre-installed, the systems combine high-speed storage, multi-gigabit networking, media management, and private cloud functionality in aluminum enclosures. While Radxa has not disclosed the specific Snapdragon processor used, both products are designed to provide […]
- Ubuntu 26.10 To Begin Laying Foundation For Context-Aware Desktop, Other New Features
Jean Baptiste Lallement of the Canonical Desktop Team today posted a roadmap of many development items they are hoping to tackle for Ubuntu 26.10 due out in October. Some of these desktop plans are more ambitious and will take multiple release cycles to fully realize, but it goes to show their continued investment into the Ubuntu desktop...
- EU's Tech Sovereignty Package Includes 29 Pages on Open Source, Says Open Source Initiative
Friday the Open Source Initiative welcomed the EU's new tech sovereignty package, noting that "over a third of the 29-page document is devoted to Open Source." The nonprofit OSI — maintainers of the Open Source definition — submitted their official feedback in February, and notes that "many" of their key requests were addressed, "as well as some exciting new announcements!"One of the biggest barriers to Open Source adoption has been public procurement. Too often, tenders have been designed around proprietary solutions, ignoring the benefits of Open Source and locking public institutions into closed ecosystems. The OSI called for procurement rules that prioritize interoperability, reusability, and vendor independence. The package takes a major step forward in this area. The EU pledges to make the public sector an anchor consumer for Open Source solutions. The Commission plans to reform procurement rules to remove barriers for Open Source, provide better guidance to EU countries on procurement criteria to avoid excluding Open Source, and uphold the "public money, public code" principle when procuring software development. Both proposals align with the OSI's feedback. The next critical step is the EU's public procurement law reform. The OSI will continue advocating to ensure these pledges translate into action. Beyond procurement, the OSI highlighted challenges faced by Open Source communities in Europe, particularly difficulties accessing investment and expertise to commercialize and scale projects. The Commission has responded by committing to ensure Open Source companies are considered for funding under the European Competitiveness Fund (ECF). It also plans to create "Open Source business accelerators" that will offer mentorship, training, legal and licensing consulting, and business development support, including marketing. Additionally, the Commission will work to raise industry awareness of Open Source solutions by leveraging the EU's existing business support networks. These measures directly address the OSI's concerns and could significantly boost the Open Source ecosystem in Europe... [I]n our feedback, we called for the continuation of the Next Generation Internet (NGI) initiative that has funded many Open Source projects, and for the creation of a European Sovereign Tech Fund to fund ongoing maintenance and features development to meet the EU's needs. We also highlighted the need to mainstream Open Source in other funding opportunities (like the €100bn+ Horizon Europe programme). The Commission's strategy addresses these requests. The NGI will be scaled up under the new name "Open Internet Stack." A new Open Source Maintenance Instrument will fund the "maintenance and security upkeep of essential components." The Commission will also create a list of critical and security-relevant Open Source dependencies to inform funding decisions and promote Open Source solutions as the default approach in Horizon Europe funding. Friday's announcement from the Open Source Initiative notes that the EU is already leading by example in Open Source adoption. It applauds the EU for "deploying a Matrix-based communications system and the openDesk collaboration environment internally, trialing an alternative operating system to replace Windows, which is currently widely used in EU institutions, and expanding its presence on the Fediverse, with Commissioners and key departments already joining the EU's Mastodon server.'
 
Read more of this story at Slashdot.
- Hospital Ordered to Pay $13M Over 2022 Death of Star Trek's Nichelle Nichols
The Root reports:A New Mexico jury has found the Gila Regional Medical Center negligent in the death of Nichelle Nichols, who famously played Lieutenant Nyota Uhura on the hit television series "Star Trek." According to KRQE News 13, Nichols' family filed a lawsuit against the hospital last year following her 2022 admission for shortness of breath. Nichols' family claimed that she should have received a full cardiac examination, but the medical personnel sent her to the observation unit, and she was discharged the next day. After being transported to her assisted living home, the 89-year-old passed away just seven hours later. In response to Nichol's tragic passing, the lawsuit alleged that Gila Medical Center "hired, credentialed, and inappropriately supervised unqualified medical providers" who treated the actress. The lawsuit also alleged that the hospital failed to secure a bed for Nichols or transfer her to a facility that had one. Furthermore, the attorney argued that the staff should have known that the assisted living center was not equipped to handle a patient with her medical needs. On Thursday (June 4), a jury found the hospital negligent and awarded Nichols' estate $13 million. KRQE got this quote from the estate's attorney about the death of the 89-year-old acctress. "At the end of the day, Nichelle Nichols had a heart attack that was missed. Thatâ(TM)s why she died." The jury deliberated for "just two hours."
Read more of this story at Slashdot.
- Ladybird Browser Stops Accepting Public Pull Requests
The Ladybird browser isn't opposed to AI coding tools, but it's just brought a new change to their code-contributing policies. February 23: "Ladybird adopts Rust, with help from AI."Our first target was LibJS , Ladybirdâ(TM)s JavaScript engine... I used Claude Code and Codex for the translation. This was human-directed, not autonomous code generation. I decided what to port, in what order, and what the Rust code should look like. It was hundreds of small prompts, steering the agents where things needed to go... The requirement from the start was byte-for-byte identical output from both pipelines. The result was about 25,000 lines of Rust, and the entire port took about two weeks. The same work would have taken me multiple months to do by hand. June 5 (Friday):We will no longer accept public pull requests... A pull request no longer tells us as much as it used to about the person submitting it. A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds.... We have already seen patient, well-resourced campaigns in open source to earn maintainer trust and abuse it. What has changed is how much faster and cheaper it has become to produce work that looks like a serious contribution... Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users. The people introducing changes to it must be the people who decide those changes belong in the project, and who will answer for the consequences. As part of this change, we will close all currently open public pull requests. We are grateful for the work people put into them, but keeping the existing queue open would keep that contribution path open in practice. There is no perfect time to make this change, so we are making it now. Going forward, pull requests will only be available to project maintainers. There will not be a separate process for submitting patches by other means. We do not want to create a shadow contribution system through issues, comments, email, or forks... Outside involvement still matters: clear bug reports, reductions, website testing, standards discussion, design discussion, security reports, and technical feedback all help move the project forward. This is the right change for Ladybird now. We are preparing to ship a browser to real users, and our development process has to match that responsibility.
Read more of this story at Slashdot.
- New Power Banks Released By BMX With Safer Semi-Solid-State Batteries
From Android Authority:Singapore-based BMX has announced that its SolidSafe magnetic power bank lineup, first showcased at CES 2026, is now available for purchase through its website and Amazon US, with prices starting at $59. What sets these power banks apart is their use of semi-solid-state batteries. Traditional lithium-ion and lithium-polymer batteries rely on liquid electrolytes to move energy between electrodes. Semi-solid-state batteries significantly reduce the amount of flammable liquid inside the cell, improving thermal stability and lowering the risk of overheating, swelling, or fire... BMX says the power banks are designed to remain stable under extreme conditions and show greater resistance to physical damage and thermal stress than conventional battery packs. The company has also launched the SolidSafe Air, a 5,000mAh magnetic power bank that it claims is the world's thinnest semi-solid-state Qi2 power bank... BMX is positioning the device as a travel-friendly alternative for users who want added safety and the convenience of a magnetic battery pack without the bulk. Thanks to long-time Slashdot reader destinyland for sharing the article.
Read more of this story at Slashdot.
- Teen Social Media Bans Risk Strengthening Big Tech's Dominance, Warns Bluesky Exec
Bluesky's chief operating officer believes teen social media bans "risk entrenching Big Tech's dominance," reports CNBC:Rose Wang, Bluesky's chief operating officer, told CNBC on the sidelines of SXSW in London on Wednesday that the smaller open-source platform isn't opposed to regulation but that smaller players in the industry should be protected. "I support the protection and the safety of youth... The question that we have then is at what cost? Because essentially what I'm scared of is in the long term, we're headed to a world where there's about three to five platforms, and extreme heavy regulation of those platforms... "Basically the whole compliance teams of these platforms are 10 times the size of our entire team," Wang said. "So, basically, we're living in a world where it's almost impossible for smaller entrants to come in and build healthier spaces." The article notes Bluesky had grown to 43 million users as of March, "which is still only around 10% of X's estimated 450 million users. Bluesky has struggled to maintain popularity, and by the end of October last year, it had reportedly seen a 40% drop in daily mobile active users over the past 12 months."
Read more of this story at Slashdot.
- Early Research Suggests a Path to Predict and Prevent Lung Cancer
Scientists "have made a discovery that may help prevent some people from developing lung cancer," reports the New York Times, noting that lung cancer "kills more people worldwide than any other cancer."A team of more than 80 researchers working across four continents have identified a set of proteins in the blood that accurately predict lung cancers more than five years before diagnosis. The scientists also found early evidence that an existing anti-inflammatory drug could significantly reduce lung cancer risk in people with elevated concentrations of these proteins, which they linked to inflammation. More research is needed before a test based on these proteins could be ready for use in patients. And scientists would still need to run a randomized trial to determine whether the drug prevents lung cancers. Still, outside experts said the findings, which were published on Thursday in the journal Cell, offer a promising starting point toward a long-held public health goal... Led by Dr. Swanton, Dr. Tej Pandya, a Ph.D. student, and other researchers took a set of 48,000 blood samples from the UK Biobank and used machine learning to identify 14 proteins associated with the development of lung cancer. When the researchers looked at the presence of those proteins and also took into account a patient's age, smoking status and history of lung disease, they were able to predict who would develop lung cancer more accurately than the best risk assessment models currently in use... Using mouse and cell models, the scientists showed that these proteins increased when a specific inflammatory pathway was activated. Smoking and air pollution can activate that pathway. This adds to the evidence that it isn't just genetic mutations caused by smoking, pollution or other factors that are driving lung cancers. Rather, Dr. Swanton said, the findings suggest that "smoke causes mutations and inflammation, which together cause cancer." They also found that the signature was increased in people who later developed chronic obstructive pulmonary disease and pulmonary fibrosis, pointing to a common inflammatory environment upstream of all three diseases.
Read more of this story at Slashdot.
- Criticisms Rise Before Vote on America's Cryptocurrency 'Clarity Act'
An upcoming vote in a few weeks on America's cryptocurrency "Clarity Act" is "rattling Wall Street and consumer advocates," reports CNN, with its proposal to regulate the bulk of crypto markets through America's Commodity Futures Trading Commission. "It allows crypto companies to operate, at long last, in compliance with U.S. rules, rather than what they have been doing — essentially running their businesses within a patchwork of state and federal legal gray areas."Even for Jamie Dimon, the banking titan who's not known to mince words, it was a surprising shot across the bow when he described a fellow financier as "full of sh*t." "No one's gonna bow down to this guy or that company," Dimon told Fox Business last week. "This guy" being Brian Armstrong, and "that company" being cryptocurrency exchange Coinbase. The Dimon-Armstrong tension isn't new, but it is boiling over publicly as the Senate inches closer to a floor vote on the crypto industry's No. 1 legislative priority, known as the Clarity Act. Dimon, a longtime crypto skeptic, broadly supports crypto regulation but takes issue with a provision in the Clarity Act that would allow companies like Coinbase to "effectively pay interest on deposits... without the protection they should have." The spicy comment about Armstrong came after Dimon rattled off other concerns about the Clarity Act, including what he sees as its insufficient anti-money-laundering and know-your-customer safeguards that banks have had in place for decades... "If (Armstrong) takes deposits like a bank, he should have bank rules," Dimon said in the Fox Business interview... The immediate concern from banks (and many consumer advocates) is that crypto exchanges like Coinbase would, in the grand tradition of Silicon Valley innovation, lure customers in with huge rewards and then phase those benefits out over time. Deposits in a crypto exchange are also not insured by the federal government the way bank deposits are, but that's the kind of fine print that customers tend to overlook until it's too late. JPMorgan Chase spokesperson Trish Wexler underscored that the bank wants the bill to pass, with some "fixes," like prohibiting rewards on stablecoin holdings and strengthening anti-money-laundering guardrails. Coinbase's CEO responded in an interview with Politico:Armstrong pointed to restrictions on rewards paid to idle cryptocurrency balances and disclosures on stablecoins as part of a handful of policies included in the bill to appease the banking industry's requests. "I think it'd be good for the banks," Armstrong said of the bill. "It would be great for crypto companies as well ... Hopefully we can get past the absolutisms and just see if we can get this bill over the finish line." But CNN notes concerns about weaving cryptocurrency — "a historically self-contained financial system prone to stomach-churning booms and busts" — more deeply into America's traditional finance infrastructure:"It's not just a crypto story, it's a broad deregulation of our securities markets story," Hilary Allen, a law professor at American University who specializes in banking and cryptocurrency, said in an interview. And that should concern everyone, Allen says, even if they have no investments at all, because "if we get a financial crisis in this space... no one comes out of that unscathed."
Read more of this story at Slashdot.
- 2027's 'Tomb Raider' Remake: Unreal Engine 5 and AI-Assisted Assets 'Refined' By Humans
An official trailer dropped this week for Tomb Raider: Legacy of Atlantis. It's "a full-blown remake of the original 1996 Tomb Raider game," reports Kotaku, "rebuilt from the ground up using Unreal Engine 5." Developed by Flying Wild Hog (with assistance/guidance from longtime Tomb Raider studio Crystal Dynamics), "it will also make some changes to puzzles, combat, platforming..." The game's Steam page acknowledges that AI-assisted tools were used during development "to support some early exploration and temporary development content," but that any AI-assisted assets were "either replaced or refined by humans in order to maintain the creative and artistic vision of the development team." In a statement to Eurogamer, Crystal Dynamics clarifies that they "leverage" AI tools "to help our teams iterate on ideas faster and more efficiently, while ensuring that all finished content in the final product is human-crafted." (But are they considering AI-assisted assets "refined" by humans as "human-crafted"?) Polygon reports that "The early response to the news has been mixed to negative on the Tomb Raider subreddit, ranging from vague hopes that the generative-AI craze will simply go away to grim resignation that this is the future of game development." Beyond labor concerns, art theft worries, and environmental issues, the most straightforward reason AI art has been unpopular is that many players find it hideous. We'll find out for sure whether Tomb Raider: Legacy of Atlantis' use of AI is particularly blatant when it comes out in February 2027. Its release date is February 12, 2027 on PS5, Xbox Series X/S, Switch 2, and PC.
Read more of this story at Slashdot.
- Utah Residents Sue Officials Over Kevin O'Leary Data Center Plan
Utah residents and a progressive nonprofit are suing officials over Kevin O'Leary's planned Stratos Project AI data center, arguing that the special authority overseeing it gives unelected officials too much control over land use, taxation, public health, and local governance. The lawsuit comes as O'Leary has agreed to shrink the proposed 40,000-acre project by 75% amid mounting political and community pushback. NBC News reports: The lawsuit was filed Wednesday in Utah's 3rd District Court by the Alliance for a Better Utah and the group of anonymous residents. The plaintiffs hope to challenge the constitutionality of the Military Installation Development Authority (MIDA) -- a special entity that oversees the data center's proposal -- and its approval of the project, a spokesperson for the nonprofit said. Attorney David Irvine, who is representing the plaintiffs, alleges that MIDA is exercising powers as an unelected body that "the Utah Constitution never authorized." "Under the Stratos plan, it would hold permanent, irrevocable control over public health, safety, taxation, and land use across tens of thousands of acres of Box Elder County, with no voter recourse," he said in a statement. The lawsuit alleges that allowing MIDA to oversee the data center's development "irrevocably" cuts off Box Elder County citizens' rights by not allowing sufficient public input in the project. "The Stratos Project Area Plan, and actions taken by MIDA and the Commission to enact the same, puts lawmaking power respecting questions of public health, safety, welfare, morals, taxation, zoning, land use, and the like, in relation to a significant swath of county territory in a non-elected MIDA Board," the complaint reads. In addition to MIDA and the Box Elder County Commission, the lawsuit names Utah Senate President J. Stuart Adams and state Sen. Jerry Stevenson, who also serve as MIDA board members. Irvine said Adams and Stevenson's presence on the MIDA board as active legislators "appears to violate the prohibition on holding more than one office of public trust simultaneously," and claimed this should render the data center's approval "null and void."
Read more of this story at Slashdot.
- Scientists Find Wind Blowing From Our Milky Way's Black Hole
After 50 years of searching, astronomers say they have finally found evidence of a long-sought "wind" blowing from Sagittarius A*, the supermassive black hole at the center of the Milky Way. "Unless a black hole exists in a perfect vacuum, it must blow a wind somehow. And there is no perfect vacuum in the universe," team co-leader and Northwestern University researcher Mark Gorski said in a statement. "With new observations, this is the first time we've had a clean enough view to see the wind's imprint. We looked at the data and said, 'There it is. There is the thing that everybody's been looking for for 50 years.'" Space.com reports: Scientists have been aware for some time that feeding black holes launch powerful outflows of material around them, including jets and winds. Winds are caused when matter falling to the black hole is accelerated to near light-speed, generating pressure that pushes infalling material away. That has been seen with ravenously feeding black holes before, but not the barely feeding Sgr A*. Its sparse consumption of material and the fact it is obscured by the plane of the Milky Way from our vantage point have made tracing this wind difficult. Gorski's Northwestern colleague and team co-leader Lena Murchikova pointed out that the scientists were the first to detect molecular gas very close to Sgr A* feeding the supermassive black hole. That makes Sgr A* reassuringly like other supermassive black holes. "The wind is not powerful, and its direction probably wanders with time. It shows that our black hole is not unique, and our place in the universe is not unique," Murchikova added. "To observe our own black hole, we have to look through the plane of our galaxy. That means we have to peer through gas, dust and ionized structures, and you can't really see through all of that easily." While the team's results confirm that Sgr A* is extremely quiet compared to the supermassive black holes that sit in bright, turbulent regions of other galaxies called active galactic nuclei (AGN), this black hole wind is no slouch. In fact, the scientists think that it has been raging for around 20,000 years. "The majority of other galaxies spend most of their lives in a state where they are not particularly active," Murchikova said. "But we can only see them when they are in a fireworks stage. It is very attractive to study black holes when they are in the fireworks stage, but that's not actually their dominant state. "Sgr A* finally gives us a window into the life of a black hole in this quiet state." The team's research was published in The Astrophysical Journal Letters.
Read more of this story at Slashdot.
- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Linux DRM Ioctl Developed By AMD Being Disabled Following Ongoing Security Issue
It's unfortunately another busy week in the Linux 7.1 kernel space with not everything slowing down so well, late in the cycle and leading to the upcoming 7.1 stable release. This week's DRM pull request of kernel graphics/accelerator drivers is again heavy on fixes and also ends up disabling an ioctl interface given ongoing security concerns from that code merged last year...
- Ubuntu 26.10 To Begin Laying Foundation For Context-Aware Desktop, Other New Features
Jean Baptiste Lallement of the Canonical Desktop Team today posted a roadmap of many development items they are hoping to tackle for Ubuntu 26.10 due out in October. Some of these desktop plans are more ambitious and will take multiple release cycles to fully realize, but it goes to show their continued investment into the Ubuntu desktop...
- CUDA-Oxide 0.2 Brings Early Improvements To Pure Rust CUDA Kernels
Last month CUDA-Oxide was introduced as an experimental Rust-to-CUDA compiler. From pure Rust programming language code, one can write CUDA GPU kernels in a "safe(ish)" manner with the CUDA-Oxide compiler emitting NVIDIA PTX output directly. Out today is the second update to CUDA-Oxide...
- This mini PC with the latest RISC-V SoC might actually be worth it
RISC-V has been in the promising! phase for a long time now, especially for general purpose computing, never really breaking through into the mainstream in any measurable way. While I think that breakthrough is still relatively far away, we now do have newer RISC-V SoCs on the market supporting the RVA23 baseline RISC-V profile. One of them is the SpacemiT Key Stone KЗ, which promises to deliver a massive performance increase over previous RISC-V offerings. It�s exactly this chip that�s finding its way into complete, turnkey mini PC solutions, like this one from a company called Firefly. The base model comes with 8GB of LDDPR5 RAM and 128GB of storage, at a price of about €300 or so (there�s also a 32GB/128GB model at well over €600). This is the first time I�m looking at a complete RISC-V solution where I feel like it might actually make for a good moment to jump in for us enthusiasts. No, the performance won�t rival anything Intel or AMD has to offer, but it seems capable enough for a lot of day-to-day tasks, and I�m curious to see just how far along the Linux world is when it comes to RISC-V support. It�s not part of our current set of fundraiser incentives, but if you�d like to see this RISC-V mini PC reviewed here on OSNews, you can always donate and add a note that you specifically want to see such a review (so I can gauge interest not just from our few commenters, but also from the more than 99% of our readers who only lurk). As always, you can donate through Ko-Fi, or, if you�re European, via a SEPA direct bank transfer (Name: Thom Holwerda – IBAN: SE08 8000 0820 1684 4657 8414 – BIC: SWEDSESS).
- When su replaced login for becoming another UNIX login
I�ve mentioned it before, but Chris Siebenmann is basically the Raymond Chen of the UNIX world, and today he�s filling that role perfectly once again. I recently read Simon Tatham�s Nitpicking the shell history scene in Tron: Legacy, where one thing that surprised Tatham was the film using �login -n root� to become root instead of �su�. This surprised me because I found that perfectly ordinary, and this turns up both a bit of Unix history and a difference between modern Unixes. Plain �su� can let you become another user, including root, but what it explicitly doesn�t do by default is create a new login shell for that user. If you do �su root�, the new root shell normally inherits most of your environment, your current directory, and so on. Sometimes this is what you want and sometimes you really want a new login environment, and originally in Unix how you got the latter was to run �login� from your existing shell session (and this meant that login was setuid root, like su). ↫ Chris Siebenmann Unsurprisingly, this distinction has persisted to this day in various UNIX-like operating systems, but in different ways. Some maintain the explicit distinction, while others have more or less standardised on using su for both use cases. It�s an interesting bit of UNIX archeology.
- Roku launches open-source embedded Roku LT OS
Roku, the company that makes TV boxes and sells ad space based on your usage patterns, has released its remote control operating system as open source � and by remote control I don�t mean robot stuff or whatever, but actual remote controls, the thing you use to control your TV or whatever from the couch. Roku has announced the official availability of Roku LT OS � a lightweight, highly deterministic open-source operating system that is already used in our industry-changing Roku remote controls. In addition to high-performance automotive platforms, Roku LT OS is designed to be accessible to the broader developer community. The operating system ships with native support for the ESP32 platform, a highly popular SoC among hobbyists and makers. Because ESP32 development boards are widely available online for just a few dollars, developers can get started with Roku LT OS with minimal hardware investment. ↫ Roku�s developers blog As far as I can tell, this operating system is entirely new and not based on Linux or something else, but the available documentation is light on details so I can�t make much more out of it. Regardless, it�s nice to have another open source embedded operating system.
- The placeholder name for the Windows 8 experience was “modern”
Raymond Chen shares some history regarding Windows 8�s development: During the development of Windows`8, we needed a name for “that thing we’re creating.” Not being a particularly clever bunch when it comes to code names, we just called it “the modern experience,” to distinguish it from what we had in Windows`7, which was called “the classic experience.” And then, as Microspeak demands, we started abbreviating like mad. ↫ Raymond Chen Basically, they added mo! for modern! in front of everything, so the Metro shell became MoSh!, the Settings application MoSet!, and so on. And yes, the code name for the Photos application was exactly what it sounds like.
- Microsoft continues migration from NTLM to Kerberos
For the past few years, Microsoft has been phasing out NTLM in Windows in favor of Kerberos-based alternatives. Starting with the next versions of client and server editions of Windows, Microsoft will also be disabling the legacy authentication protocol by default. In the latest security baseline package for Windows Server 2025, the company is already allowing customers to audit incoming configurations. Now, it has announced a wave of changes to further reduce dependencies on NTLM. With an upcoming Insider release of Windows 11 client and server, certain scenarios which previously required NTLM will be able to fall back on Initial and Pass-Through Authentication using Kerberos (IAKerb) and Local Key Distribution Center (LocalKDC). ↫ Usama Jawad at Neowin I�m sure this is very important to IT Pros!.
- Microsoft brings coreutils to Windows
At its Build conference, Microsoft announced coreutils for Windows. Coreutils for Windows is a Microsoft-maintained set of UNIX-style command-line utilities that run natively on Windows — the same commands and pipelines you use on Linux, macOS, and WSL. It ships as a single multi-call binary that exposes each utility under its standard name (cat.exe, grep.exe, find.exe, and so on), giving you the everyday tools developers already use on other platforms to script, automate, and process text. For the full list, see Commands. The goal is to remove friction when moving between Linux, macOS, WSL, containers, and Windows. The same commands, flags, and pipelines work the same way, so existing scripts and habits carry over without translation. Each command supports the standard --help flag for full syntax and options. ↫ Windows Developer Tools website It�s a port of the Rust-based rewrite of the GNU coreutils, findutils, and grep. There are a few caveats though, since these ports have to deal with a number of Windows-isms. The first thing that comes to mind for most of us are path separators; these ports will handle both the correct and incorrect Windows/DOS one, but since some tools may output only the incorrect one this may affect piping. You should also take into account things like Windows� ACLs vs. POSIX permission bits, the lack of /dev/null, and a few other oddities. Furthermore, there are a bunch of commands that rely on POSIX-only concepts, so those aren�t included, and a few other commands that aren�t useful on Windows are excluded as well. Since a number of commands conflict with built-in commands from cmd.exe and PowerShell, which commands run will depend on the shell, the PATH order, and PowerShell�s alias table. Everything�s in preview, and installable through WinGet.
- Basic multicore support for DOS demo uncovered
On the Vogon forums, user MarkDastedt posted an interesting bit of source code he discovered on an old company DVD: a very basic, very rudimentary implementation of multicore support for DOS. Another user, dartfrog, took a closer look and had this to say: Interesting stuff nonetheless. A worker core is running with no interrupt handlers, no page tables, no memory protection, and no OS. That�s about as close to bare metal as you can get, meanwhile the other core is still running DOS. Fascinating. ↫ MarkDastedt at the Vogon forums It�s effectively a simple demo, but according to other users in the thread, it fits in neatly with sporadic other attempts to bring some form of SMP or multicore-awareness to DOS. For instance, Michael Chourdakis worked on something similar to this demo for a series of articles now only available on the Wayback Machine. It makes for a cool demo, but moving from this to something robust and usable in DOS is not an easy task. Still, the possibilities are definitely there, even if you don�t implement full, modern SMP or multicore support. You could have specific DOS applications offloading dedicated tasks to different cores, but as others in the same thread note, individual cores are already stupidly powerful for anything DOS can do, making the use case for additional cores rather moot.
- Serena OS: a modern operating system for classic Amigas
A hobby operating system, not written in Rust, not targeting Qemu, not targeting a Raspberry Pi. Yes, it still happens. Serena OS is what you get when modern operating system design and implementation meets vintage hardware like the Amiga computers. It is based on dispatch queues rather than threads, supports multiple users, is inspired by POSIX, yet retains its own character, is strongly object-oriented in terms of design and implementation and prepared for a cross platform future. ↫ Serena OS GitHub page Serena OS supports most (all?) of the classic Amigas, but the 500, 600, and 2000 need at least 1MB of RAM and a 68020 accelerator. It has code privilege separation between kernel and userspace, basic memory management, its own custom file system, drivers for input devices and graphics, an interactive console with VT52 and VT100 support, and much more. It also comes with a C99-compatible libc, and has its own shell. Note that AI! chatbot Claude is listed as a contributor to the project.
- Rsync opens the slopgates, regressions and bugs ensue
Andrew Tridgell, developer of rsync, has published a blog post addressing the massive surge in AI! code submissions and the string of regressions supposedly caused by them. He explains rsync was flooded with AI!-generated security reports, and he couldn�t handle the volumes anymore. As this flood started to get more intense I realised I needed to raise the defences on rsync a lot — we needed much more thorough test suites, code coverage analysis, CI testing on a lot more platforms, deliberate and thorough scanning for possible security issues (so I find at least some of them before other people!) and the addition of a whole lot of defence-in-depth hardening techniques. This is all a huge amount of work. I’m retired (though my wife may dispute that!) and I’d rather be out sailing than working on rsync security issues, so I have reached for several AI tools to help with what needs to be done. I have absolutely no regrets about doing that, although from the storm of anti-AI rage it’s clear that many people think I should be hung up by my toe nails and flogged for even considering doing this. ↫ Andrew Tridgell The entire rsync codebase is around 65k lines, and the recent flood of AI!-generated submissions amount to +16k/-6k lines of code within a few weeks. That�s an absolutely insane amount of changes in a really short time to a project that most people deemed stable and done!. If you take a look at the activity graph, it�s clear that a project that was silently and carefully doing its job is seeing a massive amount of changes, almost exclusively generated by AI!, all in recent weeks. It�s no surprise, then, that people get annoyed when something they deemed done! and stable is suddenly causing issues for them because its maintainer decided to open the slopgates. Tridgell is, of course, an incredibly accomplished and capable programmer, but so is Kent Overstreet and he thinks his AI! girlfriend is sentient and conscious, he reprogrammed it after someone convinced his AI! girlfriend was lesbian and trans, and he thinks that he gave his AI! girlfriend an orgasm, so being an accomplished and capable programmer doesn�t mean you�re immune from AI!-hyperbole, or worse, AI!-induced psychosis. Tridgell�s blog post already has all the usual talking points from AI! techbros about how the tools sucked last but they�re good now, trust me I know how these tools work, humans are actually the same as these AI! tools, really what is intelligence anyway, and yeah we got a whole slew of new issues caused by the AI! code but more AI! code will surely fix that, and so on. There�s some red flags that give me the ick, because I�ve seen them all before from people entirely losing themselves in AI! hype. Tridgell also takes pot shots at openrsync, a reimplmentation of rsync developed by the OpenBSD team, also shipped by default on macOS. Openrsync has nothing to do with any of the current issues rsync is facing, as the project was started way back in 2018 or so. Taking pot shots at this project in this particular blog post feels childish and unnecessary, and reeks of insecurity; focus on the issues your own project is facing before attacking some other project. This feels like another red flag. Quite a few people have experienced regressions with rsync in recent weeks, but it seems like more are going to come as the slopgates will remain open, and will probably be opened even further. For such a cornerstone open source project, that raises a lot of questions, and I�m sure there�s quite a few people pondering if they should, perhaps, switch to openrsync � just like Apple did.
- WinUtils: shell-powered CLI tools for Windows 95
WinUtils started in 1996-1997 as a way to build my programming chops. I was poking around the Windows 95 shell APIs, found the file operation functions, and thought it would be cool to have CLI tools that called them instead of doing raw file I/O. The payoff was practical: because the operations went through the shell, the same confirmation prompts, progress dialogs, and Recycle Bin behavior you got from Windows Explorer came along for free. ↫ Code Naked Code Naked � their alias, not mine � recently dug these old executables and code back up, and published them on GitHub. Back then, though, there were no centralised distribution platforms, so they just uploaded them to various download and shareware websites and kept track of the download tickers. Very neat little tools, and fun to have them immortalised.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
- KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
|
