|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- Creative Commons founders' fireside chat (Creative Commons blog)
Dee Harris has published a summaryof the recent "fireside chat" featuring Creative Commons founders HalAbelson, Lawrence (Larry) Lessig, Molly Van Houweling, and Glenn OtisBrown. The chat was to mark the 25th anniversaryof Creative Commons and included a look back at its history aswell as a look at the landscape today:
Twenty-five years ago, a small group of people made a bet. Theybelieved that if you gave creators a simple set of tools and licensesin language that a lawyer, a machine, and a human could all read,millions of people might choose to share their work with the worldinstead of locking it down.
The videoof the chat is available on YouTube.
- [$] Flexible metaprogramming with Rhombus
Lisp-like languages have historically led the world in metaprogramming andflexibility. While many modern languages have adopted the idea of macros,Lisp-like languages such asRacket have continued pushing the envelope,attempting to make macros as easy as possible to incorporate into everydayprograms. On the other hand, Lisp's minimal, parenthesis-based syntax can be hardto adapt to — to the point that Lisp is sometimes said to standfor "Lots of Irritating Silly Parentheses".Rhombus is a new programminglanguage that aims to have the best of both worlds, marrying Racket'smetaprogramming capabilities to a simple Python-like syntax and reasonablestandard-library defaults.
- Security updates for Tuesday
Security updates have been issued by AlmaLinux (git-lfs, perl-Archive-Tar, perl-IO-Compress, python3.12-urllib3, and runc), Debian (sogo), Fedora (perl-DBI and perl-Socket), Oracle (firefox, freerdp, git-lfs, libsoup, libxml2, mod_md, mysql, perl-Archive-Tar, perl-IO-Compress, python, python3.12-urllib3, rsync, thunderbird, tomcat, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (389-ds, 7zip, alsa, amazon-ecs-init, amazon-ssm-agent, ansible-core, apache2, atril, avahi, bind, bitcoin, capnproto, chromedriver, chromium, cosign, distribution, dnsdist, docker, dovecot24, dracut, firefox, firewalld, freeipmi, freerdp, giflib, gimp, gleam, glib-networking, glibc, glycin-loaders, golang-github-prometheus-alertmanager, google-cloud-sap-agent, google-guest-agent, graphite2, gsasl, hamlib, helm, himmelblau, ignition, imagemagick, istioctl, jackson-databind, jq, jupyter-jupyterlab-templates, keylime, krb5, ldns, libaom, libcaca, libgcrypt, libheif, libinput, libjxl, libnfs, libslirp-devel, libsolv, libzypp, zypper, libssh2_org, libvncserver, libyang, lldpd, logback, loupe, mbedtls, mbedtls-2, mcphost, mozjs128, mutt, nano, nginx, ocaml, ofono, openCryptoki, opencryptoki, opensc, openssh, openssl-3, papers, perl-compress-raw-zlib, perl-config-inifiles, perl-cpanel-json-xs, perl-crypt-passwdmd5, perl-DBI, perl-dbi, perl-html-parser, perl-http-daemon, perl-libwww-perl, perl-protocol-http2, postfix, postgresql14, postgresql15, postgresql16, python-aiohttp, python-biopython, python-click, python-ecdsa, python-idna, python-markdown, python-joblib,, python-paramiko, python-pdm, python-pip, python-py7zr, python-pydata-sphinx-theme, python-pyjwt, python-python-multipart, python-starlette, python-tornado6, python311-jupyter-ydoc, rpcbind, sed, sg3_utils, sqlite3, strongswan, tar, thunderbird, tomcat, tomcat10, tomcat11, trivy, unbound, util-linux, warewulf4, webkit2gtk3, xar, xwayland, yt-dlp, and zypper, libzypp, libsolv), and Ubuntu (libheif, nss, qemu, roundcube, and sqlite3).
- Git 2.55.0 released
Git maintainer Junio Hamano has announcedGit 2.55.0, which has non-merge commits from 100 people; 33 ofthose are first-time contributors to the project. LWN recently covered some ofthe noteworthy changes in 2.55, including new features for theexperimental "git history" command, addition of the Git fsmonitordaemon for Linux systems, and more.
- [$] The rest of the 7.2 merge window
Linus Torvalds released 7.2-rc1and closed the 7.2 merge window on June 28; by that time, 13,412non-merge commits had found their way into the mainline. That makes thisthe busiest merge window since the 6.7 development cycle in 2024 (15,418commits, including 2,800 for the entire bcachefs development history).Just under half of those commits arrived after LWN's summary of the first half of the mergewindow was written. As usual, the commits in the latter part of themerge window were more heavily focused on fixes, but there were still a lotof new features and significant changes merged as well.
- [$] Xsnow "protestware" in Debian
The xsnowapplication, which generates an animated snowfall effect (and otherpleasant diversions) for X11 desktops, does not seem like an obviouschannel for political statements. Nevertheless, xsnow's maintainerseems to have included a political protest in the program: anEaster egg that is triggered when the program's language is set to Russia("ru"). One user has complained that this functionality should beremoved from the Debian xsnowpackage, but Debian does not seem to have any rules that forbidsuch a feature outright.
- Open source maintainership in the age of AI (Kubernetes blog)
The Kubernetes project has published a blogpost explaining its AIpolicy:
The main problem is that AI has made generating code fast but therehas been very little improvement in maintaining code bases. In thispost, we will highlight the ways the Kubernetes community is adaptingto the world of AI assisted coding.
The first step of this journey was to develop an AI policy. Thisseems mundane and bureaucratic but there were many PRs that derailedinto discussions around AI usage. The AI policy helps steer theconversation around the project's stance on AI and provides a clearsignal to contributors on how to use these tools responsibly.
Of note, the project requires disclosure when AI tools have beenused to assist in the creation of a contribution but forbids the useof listing AI as a co-author or including "assisted-by" or"co-developed" trailers to attribute work to an LLM tool.
- Mageia 10 released
Mageia 10 has beenreleased with the 6.18 Linux kernel, DNF 5.4.0, RPM 4.20.1,and an increase in hardware requirements for x86 32-bit systems; users nowneed a CPU with SSE2 features. See the releasenotes for a full list of updates, and the errata pagefor known problems.
- Security updates for Monday
Security updates have been issued by AlmaLinux (containernetworking-plugins, golang, kernel, libpng, libpng15, nginx, opencryptoki, perl-IO-Compress, thunderbird, and tigervnc), Debian (chromium, gdcm, incus, libhtml-parser-perl, lxd, openvpn, tor, and xorg-server), Fedora (chromium, docker-buildkit, docker-buildx, dotnet10.0, dotnet8.0, dotnet9.0, krita, ldns, libssh2, liferea, lighttpd, mariadb10.11, mariadb11.8, moby-engine, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-js-challenge, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, openbao, pacemaker, pgadmin4, podman-tui, prometheus-podman-exporter, python-jupyter-server, python-mistune, python-postorius, python-pydantic-settings, python3-docs, python3.14, thunderbird, tigervnc, tinyproxy, and util-linux), Mageia (krb5), Oracle (.NET 10.0, .NET 8.0, .NET 9.0, bind, dracut, fence-agents, firefox, frr, frr10, glib2, glibc, gnutls, golang, kernel, libpng, libpng15, libreoffice, libxml2, libxslt, mod_http2, mysql:8.4, nginx:1.26, openssl, php:8.3, podman, postgresql-jdbc, python3.14, redis, rsync, thunderbird, tomcat, valkey, and vim), Red Hat (osbuild-composer), and SUSE (agama-web-ui, asn1c, assimp, assimp-devel, aws-iam-authenticator, calibre, clamav, corepack24, dovecot22, exiv2, frr, giflib, glances-common, google-osconfig-agent, GraphicsMagick, gvim, haproxy, hydra, ImageMagick, jupyter-nbclassic, kernel, libsoup, libsoup2, libssh2-1, nano, NetworkManager-applet-openvpn, nodejs22, openbabel, opensc, openssl-3, pacemaker, python, python-base, python-doc, python311-pdm, python311-py7zr, python311-pypdf, python36, tar, trivy, util-linux, xen, and xtrabackup).
- Kernel prepatch 7.2-rc1
The 7.2-rc1 kernel prepatch is out fortesting. Linus said: "So two weeks have passed, and the merge window isclosed. Things look reasonably normal for this release (knock wood)."
- Apple iPhone 18 Details Leaked In Tata Data Breach
"Another breach at Tata has leaked details about Apple's iPhone 18, along with documents belonging to several other Tata clients," writes Longtime Slashdot reader Ritz_Just_Ritz. "It's becoming a recurring theme for the company." Reuters reports: Reuters has previously reported the Tata Electronics leak of more than 200,000 files on the dark web by World Leaks had files with purported component design papers of older iPhones and some parts of Tesla -- both Tata clients. They also included documents of Taiwan Semiconductor Manufacturing Co and Qualcomm, both of which make parts used in iPhones. New documents reviewed by Reuters show there are at least six files that map many components in the iPhone 18 Pro models to the specific company that supplies them. These include details of chips on its main circuit board and parts of the battery and cameras. Apple considers this detail sensitive and is concerned about the documents being shared on the dark web as they relate to unreleased models, according to the person familiar with the matter. The data maps suppliers to iPhone parts, which Apple does not disclose in its public database of suppliers, the person added. In all, the documents detail hundreds of parts to be on the upcoming iPhone 18 Pro models. The records also show where Apple draws a part from several suppliers and where it relies on just a few, laying bare both its bargaining leverage and its vulnerabilities. More broadly, the leak threatens Apple's trust in Tata just as Tata is becoming central to its effort to shift iPhone production away from China. With India expected to produce roughly a quarter of the world's iPhones in 2026, any deterioration in that relationship could complicate Apple's diversification strategy and force tighter security controls across its suppliers.
 
Read more of this story at Slashdot.
- Claude Science is Here, Antibiotics Designed by Text Prompt Among Applications
Anthropic has launched Claude Science, an AI workbench that connects more than 60 scientific databases and tools through a single interface. Through the platform, Basecamp Research is making its EDEN models available for tasks such as designing antibiotic peptides and predicting vaccine targets from simple text prompts, though the results still require laboratory testing before clinical use. Genetic Engineering and Biotechnology News reports: In a Claude Science demo, Oliver Vince, PhD, co-founder at Basecamp, uploaded a sample patient microbiology report. When given a simple natural language prompt, the platform designed peptides, predicted their efficacy, and provided a shortlist of candidates most likely to succeed in experiments in minutes. While generating human-ready antibiotics at the click of a button is still a step away, Vince said democratizing these tools is a powerful first step, particularly for researchers in regions where accelerated computing infrastructure is not readily accessible. "Most models require you to be a computational scientist," Vince told GEN Edge. "Now, potentially any clinician in the world can chat with Claude and design an antibiotic that may work."
Read more of this story at Slashdot.
- Microsoft Previews Linux Containers That Run In Windows
Microsoft has released a public preview of Windows Subsystem for Linux (WSL) containers, adding a built-in command-line tool and API for running Linux containers directly inside Windows applications without third-party software. The update also introduces faster file access, improved networking and memory management, plus integration with Defender, Intune, and VS Code. The Register reports: WSL has always been a handy way to run Linux workloads from Windows, and is particularly convenient for Linux developers who must comply with corporate edicts to use a Windows device. The CLI for end-to-end container workflows furthers this. Microsoft stated, "WSL containers make it easier for developers and organizations to build, test, and run containerized workloads while benefiting from the security, manageability, and integration of the Windows platform." Alternatively, you could run your preferred Linux distribution natively, but that might not be an option, particularly if an organization is keen on the "security, manageability, and integration of the Windows platform." And this is an important point. WSL's existing Microsoft Defender for Endpoint (MDE) has been updated (in private preview) to be aware of Linux container events, and there are settings in Intune for managing WSL containers. Support is also in a pre-release version of VS Code, where the Docker path in the dev container settings can be changed to wslc. There is also a new default file system for WSL container that Microsoft claims makes Windows file access twice the speed. So, going from terribly slow to just slow? We'll wait until general availability is reached before passing judgment. There's a new default networking mode to improve compatibility and better memory reclaim techniques. However, none of these tweaks will be enabled by default in WSL. Microsoft wrote, "Since these changes touch mission critical paths like file system access and network, for now they are enabled just in WSL container."
Read more of this story at Slashdot.
- County With 37 Data Centers Asks Schools To 'Conserve Electricity'
An anonymous reader quotes a report from 404 Media: On June 26, the County Manager of Henrico County, Virginia, John Vithoulkas, sent an email to thousands of county employees asking them to help the local government conserve electricity. "Beginning July 1st, the rate we pay for electricity used in all Henrico County government and school facilities will increase dramatically -- by 25%, increasing costs by an estimated $5 million next fiscal year. We anticipate more rate increases for electricity in the years ahead," a copy of the email obtained by 404 Media said (emphasis his). Henrico County is a community of more than 350,000 people in eastern Virginia just outside of Richmond. It also hosts 37 data centers and there are plans to build 17 more, including plans to convert hundreds of acres of Civil War battlefields into data centers. Thanks to its proximity to DC and vast amounts of land, Henrico County became a data center hub seemingly overnight and its services clients big and small. Meta built a data center there in 2017. "To mitigate the impact of higher electric costs, I am asking that we, collectively, make slight adjustments to conserve electricity across our individual workspaces," Vithoulkas wrote in the email. "Turn off your lights when leaving your workspace, including when you leave for the day. Turn off your computers/laptops at the end of each workday. If your workspace has windows, adjust the blinds to manage heat from sunlight. Unplug any appliances, chargers, or other electrical items when they are not in use. Please limit use of (or refrain altogether from using) space heaters. A typical space heater alone can cost the county from $150 to $300 per year in electricity costs." "Each dollar we can save by conserving electricity is another dollar the county can reinvest into staff and the services we provide our residents," Vithoulkas email said.
Read more of this story at Slashdot.
- South Korea To Spend $1 Trillion On More Memory Chip Production, Humanoid Robots
An anonymous reader quotes a report from Ars Technica: South Korea's government and top tech companies are committing $1 trillion to several flagship megaprojects that could bolster global memory chip supply, build new AI data centers and spur commercial deployment of humanoid robots by 2028. [...] "We must secure the core elements of AI faster than any other country," said South Korean President Lee Jae Myung in a televised speech on June 29, as reported by BBC News and other media outlets. "Semiconductors, physical AI, and AI data centers are the triple axis for a great leap forward." [...] The most costly of the megaprojects involves Samsung and SK Hynix committing $585 billion to building new chip fabrication plants in the southwest provinces of South Korea, along with boosting semiconductor fab construction in the Seoul capital region, according to Reuters. The government's goal is to double South Korea's production of dynamic random-access memory (DRAM) within five years. [...] The second flagship megaproject involves a $357 billion investment by the South Korean tech companies SK Group, GS Group, and Naver into building large-scale AI data centers in more outlying provinces, including South Chungcheong Province in the west, Gangwon Province in the east, and the North and South Jeolla Provinces in the southwest corner of South Korea. The third flagship megaproject revolves around the South Korean government assigning a "national strategic industry" designation to physical AI -- the AI systems that enable robots and self-driving vehicles to interact more autonomously with the real world. The government aims to develop a Korean "general-purpose foundation model" based on a world model to support robots within three years, according to The Chosun Daily. Hyundai Motor Company has also committed $5.8 billion to build a robot manufacturing facility and AI data center in the Saemangeum region of North Jeolla Province in the southwest, The Chosun Daily reported. The South Korean automaker has already been helping Boston Dynamics -- the US robotics company it acquired in 2021 -- use the South Korean supply chain in scaling up manufacturing to produce 30,000 Atlas humanoid robots each year by 2028. Similarly, the South Korean government announced it would aim to commercialize humanoid robots in 10 major industries by 2028, along with training 10,000 human workers as "AI robotics specialists" over the next five years, Reuters reported.
Read more of this story at Slashdot.
- US Supreme Court Rules Geofence Warrants Require Constitutional Privacy Protections
The U.S. Supreme Court ruled 6-3 (PDF) in Chatrie v United States (No. 25-112) that geofence warrants sweeping up smartphone location data constitute searches under the Fourth Amendment. The Court found that individuals have a "reasonable expectation of privacy" in such data, even when the tracking covers only a brief period or records movements in public. "An individual has a reasonable expectation of privacy in records about his cell phone's location, and police intrude on that constitutionally protected interest when they demand the information -- even though for only a limited time, and from a third-party tech company," wrote Justice Elena Kagan. Longtime Slashdot reader schwit1 submitted the story. The Guardian reports: The use of geofence warrants is widespread, and gives law enforcement agencies the power to compel tech companies to hand over sensitive cell phone data from people at or near crime scenes. The warrants allow police and the FBI to collect this information from individuals within the radius of a virtual "fence" during a particular timeframe. But they are not restricted to requesting data for precise targets. The Chatrie case focuses on local police's pursuit of an armed bank robber in Richmond, Virginia. He fled with $195,000. Law enforcement tracked Okello Chatrie down through their use of geofence warrants. Chatrie had opted in to an optional Google "location history" feature that documented his location every few minutes. He was eventually sentenced to 12 years in prison, after pleading guilty. Chatrie's lawyers argued that this search was overly broad and violated his fourth amendment rights, which protects individuals from "unreasonable search and seizure." Lawyers said that police's use of geofence warrants amounted to an official "search" under the fourth amendment, and didn't meet the constitution's requirements for one. The government had argued that accessing only a short amount of cellphone location information means this tactic does not count as a fourth amendment search and accordingly, should not be afforded the same privacy protections. But the judges in the majority disagreed. The judges in the majority opinion also wrote that the government's characterization of generating location history as a voluntary choice is "meritless." They suggested that people aren't choosing to share private information with third parties and the government "just by doing the ordinary thing cellphone users do." "The point of carrying smartphones is to use what is on them," including the apps and services they provide -- many of which use location data to customize a user's experience, they said. [...] While the majority opinion noted that police conducted a fourth amendment search by accessing Chatrie's location history data, they noted that the court of appeals will weigh in on whether the "search was reasonable, meaning that each of its steps was properly described with particularity and found to be supported by probable cause." Law enforcement has said they need geofence warrants to find suspects and witnesses -- after reaching dead ends. The US government, for its part, has argued that people can't have a "reasonable expectation of privacy" when they are in public and have allowed a third party company, such as Google, to collect and analyze phone location data.
Read more of this story at Slashdot.
- Remembering How Microsoft's Fake Windows Error Ended In a $280 Million Secret Settlement
Slashdot reader joshuark summarizes this walk down memory lane from the tech site MakeUseOf:Facing real competition from Digital Research's DR DOS, Microsoft secretly embedded a sabotaging mechanism known as "AARD code" into beta versions of Windows 3.1 to prevent it from running on Digital Research's competing DR DOS operating system.This code triggered fake, alarming error messages to convince developers that DR DOS was unstable... Although Microsoft disabled the feature in the final retail release, the California-based firm Caldera, Inc., which had acquired DR DOS assets, sued Microsoft for anti-competitive practices.Microsoft settled the lawsuit out of court in 2000 for $280 million, a figure that remained sealed until it was unsealed in 2009.
Read more of this story at Slashdot.
- Ford Rehires 'Gray Beard' Engineers After AI Falls Short
Ford executives said they've hired 350 veteran engineers — some of them former employees — after AI and automated systems failed to deliver the desired quality, reports TechCrunch:Bloomberg reports the company's chief operating officer Kumar Galhotra told journalists that Ford had been "relying more and more on automated quality systems" with disappointing results. So the company "brought back technical specialists," and those specialists "hunt for failure points before a part ever reaches the plant floor." Charles Poon, Ford's vice president of vehicle hardware engineering, added, "Mistakenly we thought that by just introducing artificial intelligence and ingesting the design requirements that we had, that that would produce a high-quality product." The article points out that Ford is using the rehired gray beard engineers to train younger staff — and, to reprogram its AI tools.
Read more of this story at Slashdot.
- South Korea Plans To Train Entire Military As 'Drone Warriors'
"South Korea plans to train every single member of its nearly half-million-strong military to operate drones as easily as they handle personal firearms," reports Ars Technica:The goal is to make drones a "universal combat tool" for all troops by training them to use drones like a "second personal weapon," said Ahn Gyu-back, South Korea's Minister of National Defense, in a June 26 briefing reported by Reuters and other media outlets. The announcement coincides with broader plans to equip individual military units with more cheap and expendable drones for surveillance and strike missions, along with deploying more counter-drone lasers and microwave weapons. Meanwhile, South Korea's former drone operations command headquarters that used to have direct command authority over combat units will be reorganized to focus on collaborating with South Korean industry on developing and procuring commercial drone technology, according to The Korea Times. The South Korean defense minister specifically cited the conflicts in Ukraine and the Middle East as inspiring such military reforms with a focus on drone technologies... Ukraine's use of drones and military robots as a force multiplier to offset its numerical disadvantage on the battlefield versus Russia's larger military may carry special resonance for South Korea, given that the South Korean military's current active-duty strength of 450,000 personnel faces a numerical disadvantage against North Korea's active-duty military consisting of more than 1.2 million soldiers... The defense ministry is starting out by providing 11,000 "training drones" to military personnel this year, with the goal of eventually deploying 60,000 drones across the military by 2029. An additional complication comes from the South Korean military looking to procure drones with 100 percent domestically produced components and no Chinese components due to security concerns, according to the defense minister's comments reported by Reuters... South Korean companies are building new military attack drones, but the defense ministry may struggle to find enough commercial drones made without Chinese components to train hundreds of thousands of military conscripts, said Min-Cheol Jung, a cofounder of the Team Retriever counter-drone red team based in South Korea, in a War on the Rocks article.
Read more of this story at Slashdot.
- Ex-Governors, Big Tech Launch Coalition To Help Workers 'Navigate the AI Economy'
"Amid growing public anger over A.I. and a debate over how to regulate it, a group of employers, state governors and foundations has raised $500 million to try to answer some of those questions themselves," reports the New York Times. "Just how many jobs will AI upend?" asks the Wall Street Journal, reporting that the new coalition says it's time to ready the U.S. workforce for a "major" disruption — no matter how large it turns out to be. The coalition "has so far raised more than $500 million — about half of its multiyear goal — from companies and nonprofit groups. It will initially work with state governments in Arkansas, Maryland, Utah and Connecticut. OpenAI and Anthropic are also involved, and academics including MIT economist David Autor sit on an advisory board."[The new "RAISE US" coalition] will be led by former Commerce Secretary Gina Raimondo, who served under former President Joe Biden, and former Indiana Gov. Eric Holcomb, a Republican. Its mandate, they said, isn't just to build retraining programs but also to reconsider decades-old policies such as unemployment insurance and act as a working lab for testing the most effective ways to transition workers to new fields. The group will explore corporate incentives for employers to hold on to workers whose jobs are disrupted by AI and prep them for new roles... The mission of the group is to "pull all the levers at once," Raimondo said. That means teaming up with employers to find ways to help workers gain skills or new roles and joining with educators to roll out different types of training. It also plans to propose policy changes such as tweaking unemployment benefits to let displaced workers continue to get them while they, for instance, start new businesses with AI... In Maryland, the group plans to expand a service-year option in the state to help people gain exposure to such growing fields as healthcare. An effort in Arkansas will focus on supporting "an AI-powered career navigation platform." More from New York Times:The organization will work primarily with governors... The theory: States generally control their community college systems, which can translate work force policy through course offerings and industry partnerships. The bulk of the budget will fund pilot programs overseen by about 15 staff members and consultants. For example, Maryland will expand a "service year" for recent high school graduates to provide experience in fields where there are shortages, such as health care. In other states, Raise Us hopes to offer "wage insurance" for workers who take lower-paying jobs rather than dropping out of the work force entirely. The group plans to furnish technical assistance for companies that want to retain workers as A.I. changes their roles, rather than eliminating them. Microsoft, one of the companies backing the organization, said it had already found a promising model: cross-training its entry-level lawyers in different parts of the organization and equipping them with A.I. skills in order for them to be repositioned as technology evolves. "You can think of doing that with almost any job we have," said Brad Smith, vice chair and president at Microsoft. "It creates an opportunity to transfer people from jobs that are being eliminated to jobs that are being created...." Ms. Raimondo and her colleagues are not fans of a universal basic income, an idea that has gained popularity in Silicon Valley as an answer to job disruption. They emphasize that work provides more than just wages, and plan to focus on helping people find pathways to new jobs. But it's unclear whether A.I. will create jobs at the rate that it will destroy them. Jack Malde studied work force policy for the Bipartisan Policy Center and is now going to work for the Windfall Trust, another A.I.-focused think tank. He said long-term income support might be necessary, even if better models for transitioning workers were found. "The truth is, there's still a lot of uncertainty," Mr. Malde said. "What we think is resilient now might not be resilient later. We're not going to get everything right, so we're going to need those strong safety-net programs." Long-time Slashdot reader theodp writes:If you think you've seen this movie before, prior to "partnering with governors, employers, and training partners to help the American workforce make a successful transition to an AI economy" with RAISE US, Raimondo and Holcomb partnered with governors, employers and training partners to help U.S. K-12 students make a successful transition to a CS economy with the Governors for Computer Science coalition.
Read more of this story at Slashdot.
- From DHCP to SZTP – The Trust Revolution
By Juha Holkkola, FusionLayer Group The Dawn of Effortless Connectivity In the transformative years of the late 1990s, a quiet revolution took place, fundamentally altering how we connect to networks. The introduction of DHCP answered a crucial question, Where are you on the network?!, by automating IP address assignment. This innovation eradicated the manual configuration [0]
The post From DHCP to SZTP – The Trust Revolution appeared first on Linux.com.
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- GraalVM CE 25.1.3 Gets Native Image "Hello World" Program Down To Just 6.5MB
GraalVM, the advanced JDK focused on ahead-of-time (AOT) Native Image compilation and since last year began shifting focus to more non-Java languages like Python and JavaScript, is out with its newest community feature release. GraalVM Community Edition 25.1.3 is now available with some interesting changes in tow...
- Fedora 45 Looks To Finally Offer Install Support For Stratis Storage
Ever since RHEL deprecated their short-lived Btrfs plans, Red Hat engineers over the past decade have been developing Stratis Storage as their storage management solution leveraging XFS, LUKS, DM, and their Rust-based daemon. While Stratis Storage has been available in Fedora Linux going all the way back to Fedora 28, until now there hasn't been the option of using it for the root file-system on new Fedora installations. Finally with Fedora 45 that may change...
- New Linux Driver Posted To Enable Keyboard Support On M3 MacBooks
While Linux 7.2 introduces the ability to boot on Apple M3 Macs, it's not yet remotely useful for end-users wanting to use an Apple Mac/MacBook as their daily system. As it stands now, the M3 Macs boot to a simple console and that's about it with the lack of proper GPU acceleration and functionality like the keyboard on MacBooks not working either. Posted to the kernel mailing list today was the new driver patches for enabling the internal keyboard on more recent Apple MacBooks...
- Servo Browser Engine Continues Making Much Progress On Less Than $8k Monthly
Released last week was the Servo 0.3 browser engine release along with their latest Servoshell demo browser. Today the project has published their monthly development recap to highlight all of the interesting changes made. Here's a look at what they accomplished over the past month while doing so on less than $8k in monthly donations...
- Microsoft now says 8GB RAM is fine for Windows 11, after years of pushing for 16GB
There�s something poetic about the World Cup taking place in North America while Microsoft keeps scoring own goals like this. Microsoft updated its Surface buying guide to describe 8GB RAM as “great for everyday use like browsing, streaming, schoolwork, and productivity apps.” A companion FAQ adds that 16GB or more is what unlocks Copilot+ PC features. No acknowledgment that, for two years, Microsoft was the loudest voice telling everyone that 16GB was non-negotiable for a good Windows 11 experience. What makes this infuriating is that Microsoft is one of the biggest reasons why the RAM situation got so bad in the first place. ↫ Abhijith M B at Windows Latest This industry is a joke.
- Astral is a hobby operating system with X.org, Minecraft, and now Wine
Astral is a hobby operating system written in C for 64bit architectures, with a collection of ported software like X.org, fvwm, the xbps package manager, and tons more. I think it�s quite a neat system � the code�s on GitHub � made even neater by the fact it can run not only Minecraft, but now also has a working port of Wine that can run a few games. A few months ago, I posted about Astral, a hobby OS I have been working on over the years, running Minecraft. Since then, others have gotten modern versions of Minecraft to run as well as Factorio (using a glibc compatible libc). However, while these games are made or packaged in a way that makes it easier to get them to run under a new OS, most games are not. A lot of games are closed source and compiled for Windows, which makes something like Wine a necessity for playing them. One of my favorite games, Cogmind, falls under that umbrella. It is a 32-bit Windows only roguelike, and it became my goal to run it under Astral. While there was already an existing Wine port, it was extremely incomplete, as not even notepad.exe worked properly. To run Cogmind, the Wine port had to be finished, which also meant adding the ability to run 32-bit code on an otherwise 64-bit-only OS. ↫ Blog post on the Astral website This process obviously is quite involved, but in the end, they managed to get it working. Quite impressive.
- The ‘papers, please’ era of the internet will decimate your privacy
Imagine your favorite team just scored an incredible, last-second goal at the World Cup. So you log online to celebrate with other fans. But, using data it’s already collected on you, the social media platform you like to post on wrongly guesses that you’re under 16 so it forces you to go to a third-party verification app and provide images of your face or your government-issued ID. You don’t really know much about the verification app, what country it’s based out of, what happens with your information, and whether you’re protected from hackers or data breaches. You’re not happy about it, but you hand over a photo of your passport and hope it doesn’t come back to haunt you. Now imagine that instead of posting about sports, you’re criticizing a powerful politician, or talking about your experiences with abuse or addiction, or discussing embarrassing medical issues you’re facing. Suddenly this “papers, please” approach to the internet sounds even more invasive, right? Unfortunately, that’s the direction we’re all headed — even here in the United States — and we have good reason to be wary of the global rush to sacrifice user privacy on the altar of age verification. ↫ Sarah McLaughlin at Expression The insane push for age verification on the internet is the biggest threat to whatever�s left of the free internet. I have two young children � 3 and 5, currently � and I�m diametrically opposed to any kind of creepy verification processes that they claim are designed to keep kids like mine safe!. Not only is their safety not predicated on giving up their privacy, my children are also not my or anyone else�s property; they have rights, and the right to privacy is one of them. Nobody mentioned in the Epstein files has been charged, by the way.
- Microsoft capitulates again, extends Windows 10 support by another year
It�s been quiet for a few days since I�ve been sick, but I�m feeling a bit better since today marks the official end of my one month of using Windows 11 that you people donated for. An article about my experience is definitely upcoming, including whether or not I�ll actually stick with Windows 11 on my laptop or go back to Linux, but before we get there, let�s talk about Microsoft once again capitulating to the reality that a lot of people really don�t want to let go of Windows 10. In a surprising move, Microsoft has quietly confirmed that it’s extending Windows 10 support until October 12, 2027, which is one full year beyond the October 2026 cutoff that home users had been planning around. ↫ Abhijith M B at Windows Latest Hundreds of millions of people are still using Windows 10, and with the AI! techbros buying up all the RAM and other chips for their pachinko machines � making this whole thing a bit of an own goal for prime AI! booster Microsoft � buying new PCs that are actually compatible with Windows 11 isn�t exactly a fun prospect for the vast majority of us normal folk dealing with the cost-of-living crisis. As such, Microsoft really doesn�t have any other choice but to keep extending support for Windows 10. It ain�t much, but I�ll take any morsel of justice I can get. While everyone else has to pay for getting access to these Windows 10 updates, users in the European Union get them entirely for free thanks to the Digital Markets Act. This additional year, too, can be partially attributed to the DMA, as the very same consumer rights organisations who pressured Microsoft into giving EU users truly free access to the Extended Security Updates also put pressure on the company to offer these for more than just one year. Basic consumer protection legislation works.
- In memory of the man who put red and green squiggles under words
Every little thing in a graphical user interface that we take for granted today, no matter how small, was thought up by someone, at some point. Case in point: the little red squiggly lines underneath misspelled words. In one form or another, these are everywhere now, and have just become a regular staple of every single text editing field we encounter every single day and don�t stop to think about. Still, they were invented by someone, and we happen to know exactly who that was: Tony Krueger. In early versions of Word, the Spell Check feature was something that you explicitly invoked, and then you had to sit and wait while the program looked for all your potentially-misspelled words, and then showed them to you one at a time for a decision on what to do for each one. Word did introduce an Auto Spell Check feature to run spell check when the user was idle, so that when you hit the Spell Check button, the results were ready to go. However, the Auto Spell Check was still a blocking operation. As a result, a lot of users turned it off because it always seemed to decide “Now would be a good time to spell-check the document” just as you wanted to do something, forcing you to wait for the spell check pass to complete before you could, say, save and exit. Tony made the spell checker much more unobtrusive so that it didn’t interfere with your foreground work. And when it found a problem, instead of waiting for you to trigger a spell check, it immediately drew red squiggles under potentially-misspelled words (and later green squiggles under potential grammatical errors). ↫ Raymond Chen at The Old New Thing Tony Krueger passed away recently, after, among other things, having worked on an dizzying number of Microsoft Word releases. Imagine coming up with something that seems to basic and elementary to us now, and seeing it spread pretty much everywhere. I wonder what it must feel like to have invented something that seems so simple, most people don�t even realise they use it every single day.
- KDE is going to fix network shares
I�ve had my share of issues with network shares on any operating system, but since I mostly use KDE these days I found this deep dive into how, exactly, network shares work in KDE quite interesting. It turns out that while network shares in KDE�s Dolphin mostly work, it does involves a few layers that sometimes don�t interact well with each other, leading to really curious and annoying problems with mounted shares not appearing, permission issues, and so on. The biggest cause of problems is when using a non-KDE application in KDE that also happens to use a non-KDE save/open dialog. Such a non-KDE save/open dialog won�t be able to see any network shared mounted by KDE, and sadly, quite a few applications you�re likely to use on a KDE installation use non-KDE open/save dialogs, like Blender, GIMP, LibreOffice, OnlyOffice, Inkscape, Audacity, DaVinci Resolve, and more. That�s one hell of a list of applications to offer inconsistent or outright broken access to network shares you�ve set up and mounted in KDE. Luckily, this issue seems to be getting a ton of attention soon. All is not lost. Happily, KDE just received an investment of over €1.2 million from the Sovereign Tech Fund, and it includes funding for improvements to KDE’s network share handling! ↫ Nate Graham The project is in the planning phases at the moment, but they�re considering a whole slew of possible changes, fixes, and workarounds to make this stupid and annoying problem just go away. In 2026, nobody should be dealing with manually editing /etc/fstab or getting frustrated over supposedly disappearing network shares.
- Xfce�s new Wayland compositor sees first alpha release
The developer working on Xfwl4, the Wayland compositor for Xfce, has published the new compositor�s very first alpha release. Considering it�s only been six months or so of work, it�s impressive to see the effort reach this state already. The end goal of xfwl4 is to behave as closely as possible to an Xfce desktop running on an X server. Ideally a user could switch between the two without even knowing there’s a difference. In reality, of course, it won’t be quite that seamless, and there’s still more work to be done to get as close as possible to that ideal. This is a first solid cut at it, at the very least. ↫ Brian Tarricone Being the very first alpha release, it won�t surprise you there�s a few things missing or broken at this point. Still, if you�re brave, you can download and build the release and try it out.
- Valve opens Steam Machine waitlist
Valve officially made the Steam Machine available (sort of but not really) today, and if you were hoping for the president of the Yacht Collectors� Club to have found a loophole through the RAM and storage crisis, I�ll be the bearer of bad news: the base Steam Machine model with 512GB of storage and no controller costs $1049 or €1039. It�s clear that this price is significantly higher than Valve had originally anticipated, as the company dedicates the first part of its press announcement to this sticker shock. Steam Machine,`like our other hardware products, is made up of many components that we source from manufacturers around the world. The price at which we sell our hardware is a direct result of the cost of these components. We felt like we had a good understanding of how those costs might change over time when we first started sourcing them for Steam Machine back in 2023. That understanding was born from the many years of data we all have about the evolution of PC hardware prices – primarily, that it tends to get cheaper over time as new technology arrives. Over the past year or so, that has changed quickly and significantly, most visibly for RAM and storage components. There are a variety of reasons, all of which are affecting hardware products everywhere. The overall effect is that our original goal for the price of Steam Machine is no longer viable. So the prices we�re sharing today reflect the state of the world for manufacturing; or, more accurately, it reflects the price of the components as we�ve secured them over the past 6 months. Price wasn�t the only thing impacted by all of this: availability was as well. There were periods where we found we couldn�t source some of our components at all, at any price. More than anything else, this has impacted the number of units we�ve been able to produce for launch. ↫ Valve press announcement As Valve mentions, availability is also going to be an issue, and thus they�ve had to settle on a complex reservation and lottery system. Between now and 25 June, you can sign up for a model, after which the entire pool of reservations will be randomised to determine a waitlist order. As machines become available, they will simply go down the list from first to last as determined by that randomisation. In other words, you can�t just go out and buy one right away. At this price and for the hardware the Steam Machine contains � an AMD Zen 4 CPU with 6c/12t up to 4.8 Ghz, a custom RDNA3 GPU, and 16GB of DDR5 RAM and 8GB of DDR6 video RAM � you�re probably better off sticking with what you already have. Until the AI! bubble pops and prices come down again, that is. Thanks, AI! techbros. Everybody despises you.
- A tale of two path separators
In macOS, you can apparently create files and directories in the Finder with names that include slashes. If you then go into the terminal and take a look with ls, you�ll see that the slashes are actually colons. I don’t understand all the nuances, but I know this is a side-effect of the fact that macOS has not one but`two`path separators: the slash (/) and the colon (:). The two separators are used in different contexts, and the system will translate between them as needed. These two separators reflect the two parent systems of modern macOS:`classic Mac OS`and the`Unix-like NeXTSTEP. When they were joined together, Apple’s engineers had to build a file system that was compatible with both the classic Mac’s file system (the Mac OS Extended File System, aka HFS+), and with NeXTSTEP’s file system (the Unix file system, aka UFS). Among other differences, these systems had different path separators: HFS+ used a colon, while UFS used a slash. ↫ Alex Chan (article from 2021) I had no idea macOS worked this way, but it makes sense considering the platform�s dual history. What�s interesting is that when Apple moved to APFS almost a decade ago, this duality in path separators remained, most likely for backwards compatibility reasons. In a sense, this is somewhat similar to Windows supporting both backward and forward slashes, with the former being a leftover from DOS, and the latter an addition (to Windows) from the UNIX world. None of that beats Windows when using the Japanese or Korean locale, though. Because Japanese and Korean Windows use different codepages than Windows in the Americas and Western Europe, these versions of Windows render the backslash as the yen sign (¥) and and won (₩) sign respectively. As such, something like the Program Files directory actually renders like C:¥Program Files¥ and C:₩Program Files₩. Similar issues occurred in other Windows locales as well, but the impact of this in Japan and South Korea were so widespread that people just expect it to be that way, even if it�s easily fixed today. I can�t find if Windows 11 still uses ¥/₩ in Japan/South Korea, since the last references of it I can quickly uncover all point to Windows 10.
- Apple internals: Swift in the kernel
Apple�s Swift has become the de-facto language for Apple�s own developers for a while now, and it seems that with the new operating system releases from the company unveiled during WWDC, Switch is now also being used in the kernel. Naturally I dropped what I was doing and went grepping through the iOS 27 kernelcache. Alas, nothing came of it. All is not lost though: I found the Embedded Swift runtime in macOS 27, sitting in`com.apple.kec.pthread`of all places. Then I went poking around the root filesystem and it turns out Apple gave the whole effort a name: KernelKit. Let�s dissect it. ↫ Josh Maine It�s still quite limited at this time, which makes sense � you don�t want to be too crazy with the core of the operating system that runs on god knows how many PCs, smartphones, and other devices. It�s also entirely contained within a few kexts as embedded runtimes, and the XNU kernel itself remains entirely C and C++.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
- Kubuntu Focus Goes Ultra
The Kubuntu Focus team has upped the performance ante of its M2 and Zr laptops with the latest, greatest CPUs from Intel.
- KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
|
