|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- Racing karts on a Rust GPU kernel driver (Collabora blog)
In July, Collabora announcedthe Rust-based TyrGPU driver for Arm MaliGPUs. Daniel Almeida has posted an updateon progress with a prototype of the driver running on a Rock 5B boardwith the Rockchip RK3588 system-on-chip:
The Tyr prototype has progressed from basic GPU job execution torunning GNOME, Weston, and full-screen 3D games like SuperTuxKart,demonstrating a functional, high-performance Rust driver that matchesC-driver performance and paves the way for eventual upstreamintegration! [...]
Tyr is not ready to be used as a daily-driver, and it will stilltake time to replicate this upstream, although it is now clear that wewill surely get there. And as a mere prototype, it has a lot ofshortcuts that we would not have in an upstream version, even thoughit can run on top of an unmodified (i.e., upstream) version ofMesa.
That said, this prototype can serve as an experimental driver andas a testbed for all the Rust abstraction work taking placeupstream. It will let us experiment with different design decisionsand gather data on what truly contributes to the project'sobjective.
There is also a video onYouTube of the prototype in action.
- [$] BPF and io_uring, two different ways
BPF allows programs uploaded from user space to be run, safely, within thekernel. The io_uring subsystem, too, can be thought of as a way of loadingprograms in the kernel, though the programs in question are mostly asequence of I/O-related system calls. It has sometimes seemed inevitablethat io_uring would, like many other parts of the kernel, gain BPFcapabilities as a way of providing more flexibility to user space. Thathas not yet happened, but there are currently two patches sets underconsideration that take different approaches to the problem.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (bind, bind9.18, container-tools:rhel8, expat, grub2, haproxy, idm:DL1, kernel, kernel-rt, lasso, libsoup, libssh, libtiff, pcs, podman, python-kdcproxy, qt5-qt3d, redis, redis:7, runc, shadow-utils, sqlite, squid, vim, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), Debian (chromium), Oracle (lasso and postgresql), SUSE (erlang27, ghostscript, grub2, kernel, libIex-3_4-33, python312, and sbctl), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-aws-6.8, linux-fips, linux-aws-fips, linux-gcp-fips, linux-oracle, and mysql-8.0, mysql-8.4).
- [$] LWN.net Weekly Edition for November 20, 2025
Inside this week's LWN.net Weekly Edition:
Front: Hardware architectures; Fedora Flatpaks; Debian hardware support; sockaddr structure; NUMA nodes; Homebrew. Briefs: LightDM security; Debian Libre Live; Xubuntu postmortem; Blender 5.0; Git 2.52.0; Rust in Android; Thunderbird 145; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- Postmortem of the Xubuntu.org download site compromise
In mid-October, the Xubuntudownload site was compromised and had directed users to a maliciouszip file instead of the Torrent file that users expected. ElizabethK. Joseph has publisheda postmortem of the incident, along with plans to avoid such a breachin the future:
To be perfectly clear: this only impacted our website, and the torrentlinks provided there.
If you downloaded or opened a file named "Xubuntu-Safe-Download.zip"from the Xubuntu downloads page during this period, you should assumeit was malicious. We strongly recommend scanning your computer with atrusted antivirus or anti-malware solution and deleting the fileimmediately.
Nothing on cdimages.ubuntu.com or any of the other official Ubunturepositories was impacted, and our mirrors remained safe as long asthey were also mirroring from official resources.
None of the build systems, packages, or other components of Xubuntuitself were impacted.
- GStreamer Conference 2025 video recordings now available
Recordings from the GStreamerConference 2025, held in London in late October, are nowavailable on the GStreamer Conferences Archive site. Includes theGStreamerState of the Union talk by Tim-Philipp Müller, Stateof MPEG 2 Transport Stream (MPEG-TS) by Edward Hervey, and manyothers.
- Security updates for Wednesday
Security updates have been issued by Debian (pdfminer), Fedora (chromium and firefox), Mageia (bubblewrap, flatpak, cups-filters, and thunderbird), Oracle (container-tools:rhel8, kernel, and squid), Red Hat (kernel), Slackware (libarchive), SUSE (gimp, itextpdf, kernel, thunderbird, and unbound), and Ubuntu (lasso).
- Blender 5.0 released
Version5.0 of the Blender animation system has been released. Notableimprovements include improved color management, HDR capabilities, anda new storyboarding template. See the releasenotes for a lengthy list of new features and changes, and the bugfixespage for the 588 commits that fixed bugs in Blender 4.5 or older.
- [$] The current state of Linux architecture support
There have been several recent announcements about Linux distributions changingthe list of architectures they support, or adjusting how they build binaries forsome versions of those architectures.Ubuntu introduced architecture variants, Fedoraconsidered dropping support for i686 butreversed course after some pushback, and Debian developershave discussed raising its architecture baseline for the upcomingDebian 14("forky").Linux supports a large number of architectures, and it's not alwaysclear where or by whom they are used. With increasing concerns about diminishing support for legacyarchitectures, it's a good time to look at the overall state of architecturesupport on Linux.
- [$] Pouring packages with Homebrew
The Homebrew project is anopen-source package-management system that comes with a repository ofuseful packages for Linux and macOS. Even though Linux distributionshave their own package management and repositories, Homebrew is oftenused to obtain software that is not available in a distribution's repositoryor to install more current versions of projects than are availablefrom long-term-support (LTS) distributions. Homebrew 5.0.0,released on November 12, 2025, expanded Linux support to include64-bit Arm packages in addition to x86_64, and turned on concurrentdownloads by default to speed up package downloads.
- Security updates for Tuesday
Security updates have been issued by Debian (libwebsockets), Fedora (chromium and fvwm3), Mageia (apache, firefox, and postgresql13, postgresql15), Oracle (idm:DL1), Red Hat (bind, bind9.18, firefox, and openssl), SUSE (alloy, ghostscript, and openssl-1_0_0), and Ubuntu (ffmpeg and freeglut).
- Git 2.52.0 released
Version 2.52.0 of the Gitsource-code management system has been released. Changes include a newlast-modified command to find the closest ancestor commit thattouched one or more paths, a couple of git refs improvements, anew git repo command for obtaining information about therepository itself, and more. See the announcement and thisGitHub blog entry for more information.
- [$] Hot-page migration and specific-purpose NUMA nodes
For better or for worse, the NUMA node is the abstraction used by thekernel to keep track of different types of memory. How that abstraction isused, though, is still an active area of development. Two patch setsfocused on this problem are currently under review; one addresses theperennial problem of promoting heavily used folios from slower to fastermemory, while the other aims to improve the kernel's handling of nodescontaining special memory installed for a specific purpose.
- Josefsson: Introducing the Debian Libre Live Images
Debian developer Simon Josefsson has announcedthe DebianLibre Live Images project, to allow installing Debian without anynon-free software:
Since the 2022 decision on non-free firmware, the official imagesfor bookworm and trixie contains non-free software.
The Debian Libre Live Images project provides Live ISO images forIntel/AMD-compatible 64-bit x86 CPUs (amd64) built without anynon-free software, suitable for running and installing Debian. Theimages are similar to the Debian Live Images...
He does warn that this is a first public release, so there may beproblems. See the currentlist of known issues before trying the images out.
- OnLogic Refreshes Its CL Series With the New CL260 Edge Gateway
The CL260 is presented as an ultra-compact industrial edge gateway built around Intel N-Series processors. It is intended for deployments that require a small, durable, and headless controller operating within cabinet-mounted or space-restricted environments. The system offers configuration options for storage, wireless connectivity, and operating systems. The system uses either the Intel N150 or Intel […]
- Canonical Gets Flutter Up And Running On RISC-V For Ubuntu
Canonical has been bullish on RISC-V with Ubuntu being one of the most common Linux distributions endorsed by RISC-V board vendors. Canonical also has been bullish on the Flutter toolkit for crafting their desktop installer UI and other modern UI/app interfaces. But these two together haven't panned out with Flutter not currently supporting RISC-V. Canonical has submitted pull requests now for enabling RISC-V support with Flutter...
- Firefox 147 Will Support The XDG Base Directory Specification
A 21 year old bug report requesting support of the XDG Base Directory specification is finally being addressed by Firefox. The Firefox 147 release should respect this XDG specification around where files should be positioned within Linux users' home directory...
- Qualcomm Upstreaming Initial GPU Support For Snapdragon X2 Elite In Linux 6.19
Back in September the Qualcomm X2 Elite SoCs were announced for next-gen Windows 11 on Arm laptops. Since then some initial X2 Elite enablement patches for the Linux kernel have arrived and for the upcoming Linux 6.19 kernel more of that work will reach mainline. Excitingly, Linux 6.19 is now bringing GPU and display support for the Adreno X2-85 found within the Snapdragon X2 Elite SoC...
- Firefox 145: A Major Release with 32-Bit Linux Support Dropped
bMozilla has rolled out Firefox 145, a significant update that brings a range of usability, security and privacy enhancements, while marking a clear turning point by discontinuing official support for 32-bit Linux systems. For users on older hardware or legacy distros, this change means it’s time to consider moving to a 64-bit environment or opting for a supported version. Here’s a detailed look at what’s new, what’s changed, and what you need to know.
- AMD Threadripper 7980X Performance On Linux Two Years After Release
This week marks two years since the debut of the Ryzen Threadripper 7000 series processors. Given the occasion, I decided to revisit the Linux performance of the Threadripper 7980X compared to original benchmarks from November 2023 to see how the latest Linux software stack performs for these Zen 4 HEDT processors.
- Moss Spores Survive 9 Months Outside ISS
alternative_right shares a report from Phys.org: Inspired by moss's resilience, researchers sent moss sporophytes -- reproductive structures that encase spores -- to the most extreme environment yet: space. Their results, published in the journal iScience on November 20, show that more than 80% of the spores survived nine months outside of the International Space Station (ISS) and made it back to Earth still capable of reproducing, demonstrating for the first time that an early land plant can survive long-term exposure to the elements of space. [Lead author Tomomichi Fujita of Hokkaido University and his team] subjected Physcomitrium patens, a well-studied moss commonly known as spreading earthmoss, to a simulated a space environment, including high levels of UV radiation, extreme high and low temperatures, and vacuum conditions. They tested three different structures from the moss -- protenemata, or juvenile moss; brood cells, or specialized stem cells that emerge under stress conditions; and sporophytes, or encapsulated spores -- to find out which had the best chance of surviving in space. The researchers found that UV radiation was the toughest element to survive, and the sporophytes were by far the most resilient of the three moss parts. None of the juvenile moss survived high UV levels or extreme temperatures. The brood cells had a higher rate of survival, but the encased spores exhibited ~1,000x more tolerance to UV radiation. The spores were also able to survive and germinate after being exposed to 196C for over a week, as well as after living in 55C heat for a month.
Read more of this story at Slashdot.
- Advocacy Groups Urge Parents To Avoid AI Toys This Holiday Season
An anonymous reader quotes a report from the Associated Press: They're cute, even cuddly, and promise learning and companionship -- but artificial intelligence toys are not safe for kids, according to children's and consumer advocacy groups urging parents not to buy them during the holiday season. These toys, marketed to kids as young as 2 years old, are generally powered by AI models that have already been shown to harm children and teenagers, such as OpenAI's ChatGPT, according to an advisory published Thursday by the children's advocacy group Fairplay and signed by more than 150 organizations and individual experts such as child psychiatrists and educators. "The serious harms that AI chatbots have inflicted on children are well-documented, including fostering obsessive use, having explicit sexual conversations, and encouraging unsafe behaviors, violence against others, and self-harm," Fairplay said. AI toys, made by companies including Curio Interactive and Keyi Technologies, are often marketed as educational, but Fairplay says they can displace important creative and learning activities. They promise friendship but disrupt children's relationships and resilience, the group said. "What's different about young children is that their brains are being wired for the first time and developmentally it is natural for them to be trustful, for them to seek relationships with kind and friendly characters," said Rachel Franz, director of Fairplay's Young Children Thrive Offline Program. Because of this, she added, the trust young children are placing in these toys can exacerbate the types of harms older children are already experiencing with AI chatbots. A separate report Thursday by Common Sense Media and psychiatrists at Stanford University's medical school warned teenagers against using popular AI chatbots as therapists. Fairplay, a 25-year-old organization formerly known as the Campaign for a Commercial-Free Childhood, has been warning about AI toys for years. They just weren't as advanced as they are today. A decade ago, during an emerging fad of internet-connected toys and AI speech recognition, the group helped lead a backlash against Mattel's talking Hello Barbie doll that it said was recording and analyzing children's conversations. This time, though AI toys are mostly sold online and more popular in Asia than elsewhere, Franz said some have started to appear on store shelves in the U.S. and more could be on the way. "Everything has been released with no regulation and no research, so it gives us extra pause when all of a sudden we see more and more manufacturers, including Mattel, who recently partnered with OpenAI, potentially putting out these products," Franz said. Last week, consumer advocates at U.S. PIRG called out the trend of buying AI toys in its annual "Trouble in Toyland" report. This year, the organization tested four toys that use AI chatbots. "We found some of these toys will talk in-depth about sexually explicit topics, will offer advice on where a child can find matches or knives, act dismayed when you say you have to leave, and have limited or no parental controls," the report said.
Read more of this story at Slashdot.
- Fired Techie Admits Sabotaging Ex-Employer, Causing $862K In Damage
An Ohio IT contractor pleaded guilty to breaking into his former employer's network after being fired, impersonating another worker and using a PowerShell script to reset 2,500 passwords -- an act that locked out thousands of employees and caused more than $862,000 in damage. He faces up to 10 years in prison. The Register reports: Maxwell Schultz, 35, impersonated another contractor to gain access to the company's network after his credentials were revoked. Announcing the news, US attorney Nicholas J. Ganjei did not specify the company in question, which is typical in these malicious insider cases, although local media reported it to be Houston-based Waste Management. The attack took place on May 14, 2021, and saw Schultz use the credentials to reset approximately 2,500 passwords at the affected organization. This meant thousands of employees and contractors across the US were unable to access the company network. Schultz admitted to running a PowerShell script to reset the passwords, searching for ways to delete system logs to cover his tracks -- in some cases succeeding -- and clearing PowerShell window events, according to the Department of Justice. Prosecutors said the attack caused more than $862,000 worth of damage related to employee downtime, a disrupted customer service function, and costs related to the remediation of the intrusion. Schultz is set to be sentenced on Jan 30, 2026, and faces up to ten years in prison and a potential maximum fine of $250,000.
Read more of this story at Slashdot.
- IBM, Cisco Outline Plans For Networks of Quantum Computers By Early 2030s
IBM and Cisco plan to link quantum computers over long distances by the early 2030s, "with the goal of demonstrating the concept is workable by the end of 2030," reports Reuters. "The move could pave the way for a quantum internet, though executives at the two companies cautioned that the networks would require technologies that do not currently exist and will have to be developed with the help of universities and federal laboratories." From the report: The challenge begins with a problem: Quantum computers like IBM's sit in massive cryogenic tanks that get so cold that atoms barely move. To get information out of them, IBM has to figure out how to transform information in stationary "qubits" -- the fundamental unit of information in a quantum computer -- into what Jay Gambetta, director of IBM Research and an IBM fellow, told Reuters are "flying" qubits that travel as microwaves. But those flying microwave qubits will have to be turned into optical signals that can travel between Cisco switches on fiber-optic cables. The technology for that transformation -- called a microwave-optical transducer -- will have to be developed with the help of groups like the Superconducting Quantum Materials and Systems Center, led by the Fermi National Accelerator Laboratory near Chicago, among others. Along the way, Cisco and IBM will also publish open-source software to weave all the parts together.
Read more of this story at Slashdot.
- Mozilla Says It's Finally Done With Two-Faced Onerep
Mozilla is officially ending its partnership with Onerep after more than a year of controversy over the company's founder secretly running people-search and data-broker sites. Monitor Plus will be discontinued by December 2025, existing subscribers will receive prorated refunds, and Mozilla says it will focus on privacy tools it fully controls. KrebsOnSecurity reports: In a statement published Tuesday, Mozilla said it will soon discontinue Monitor Plus, which offered data broker site scans and automated personal data removal from Onerep. "We will continue to offer our free Monitor data breach service, which is integrated into Firefox's credential manager, and we are focused on integrating more of our privacy and security experiences in Firefox, including our VPN, for free," the advisory reads. Mozilla said current Monitor Plus subscribers will retain full access through the wind-down period, which ends on Dec. 17, 2025. After that, those subscribers will automatically receive a prorated refund for the unused portion of their subscription. "We explored several options to keep Monitor Plus going, but our high standards for vendors, and the realities of the data broker ecosystem made it challenging to consistently deliver the level of value and reliability we expect for our users," Mozilla statement reads.
Read more of this story at Slashdot.
- Major Music Labels Strike Deals With New AI Streaming Service
An anonymous reader quotes a report from Bloomberg: The world's largest music companies have licensed their works to a music startup called Klay, which is building a streaming service that will allow users to remake songs using artificial intelligence tools. Klay is the first music AI service to reach a deal with all three major record labels, Universal Music Group NV, Sony Music and Warner Music Group Corp., according to people familiar with the deals. Klay plans to announce its agreements in the coming days, said the people, who asked not to be identified discussing confidential plans. Klay is building a product that will offer the features of a streaming service like Spotify, amplified by AI technology that will let users remake songs in different styles. Klay has licensed the rights to thousands of hit songs so that it can train its large language model. The company has positioned itself as a friend of the industry, offering assurances that the artists and labels will have some control over how their work is used. Klay is led by music producer Ary Attie and also employs former executives from Sony Music and Google's DeepMind, an AI laboratory.
Read more of this story at Slashdot.
- Roblox Blocks Children From Chatting To Adult Strangers
Roblox is rolling out mandatory facial age-verification for chat features to prevent children from communicating with adult strangers. The platform will restrict chat to verified age groups, expand parental controls, and become the first major gaming platform to require facial age checks for messaging. The BBC reports: Mandatory age checks will be introduced for accounts using chat features, starting in December for Australia, New Zealand and the Netherlands, then the rest of the globe from January. [...] Rani Govender, policy manager for child safety online at the NSPCC, said action had been needed because young people had been exposed to "unacceptable risks" on Roblox, "leaving many vulnerable to harm and online abuse." The charity welcomed the platform's latest announcement but called on Roblox to "ensure they deliver change for children in practice and prevent adult perpetrators from targeting and manipulating young users." The platform averaged more than 80 million daily players in 2024, about 40% of them under the age of 13. [...] Matt Kaufman, chief safety officer for Roblox, told a press briefing the age estimation technology is "pretty accurate." He claimed the system can make close estimates of "within one to two years" bracket for users aged between five and 25. Currently it can be used voluntarily by anyone in the world.
Read more of this story at Slashdot.
- US Employee Well-Being Hit New Low In 2024, Survey Reveals
alternative_right shares a report from Phys.org: New research from the Human Capital Development Lab at the Johns Hopkins Carey Business School analyzes the state of the American workforce in 2024 and shows an overall decline in employee well-being compared to years prior. [...] The latest research confirms a decline in general employee well-being since 2020. In 2024, employees reported the lowest well-being scores on record, as opposed to 2020, when employees reported the highest well-being scores. "In some cases, the lower scores represent a reduction in employee flexibility for either flexible hours or remote work," the latest research states. "In other cases, these scores could be related to challenges associated with greater economic shifts related to inflation or productivity needs." In prior years, well-being scores for managers and employees were comparable to one another, and during the pandemic, managers and top leaders often reported lower scores due to the extra burden of that time period. However, one of the most noteworthy shifts the current data shows is a rise in well-being scores for managers and senior leaders, while well-being for employees and individual contributors decreased in 2024. Rick Smith, director of the Human Capital Development Lab and author of the study, says that the increase in well-being scores for managers could reflect the return to regular operating conditions since the pandemic, which may be indicative of the distance between leadership and workers. "What we're seeing is a growing gap between how leaders and their teams experience the workplace," said Smith. "Managers may feel a return to normalcy, but that doesn't mean their employees do. Leaders must be cautious not to assume their own well-being reflects the broader workforce at their organization. The data shows a potential disconnect, and that's a signal for action."
Read more of this story at Slashdot.
- Google's New Nano Banana Pro Uses Gemini 3 Power To Generate More Realistic AI Images
An anonymous reader quotes a report from Ars Technica: Google's meme-friendly Nano Banana image-generation model is getting an upgrade. The new Nano Banana Pro is rolling out with improved reasoning and instruction following, giving users the ability to create more accurate images with legible text and make precise edits to existing images. It's available to everyone in the Gemini app, but free users will find themselves up against the usage limits pretty quickly. Nano Banana Pro is part of the newly launched Gemini 3 Pro -- it's actually called Gemini 3 Pro Image in the same way the original is Gemini 2.5 Flash Image, but Google is sticking with the meme-y name. You can access it by selecting Gemini 3 Pro and then turning on the "Create images" option. Google says the new model can follow complex prompts to create more accurate images. The model is apparently so capable that it can generate an entire usable infographic in a single shot with no weird AI squiggles in place of words. Nano Banana Pro is also better at maintaining consistency in images. You can blend up to 14 images with this tool, and it can maintain the appearance of up to five people in outputs. Google also promises better editing. You can refine your AI images or provide Nano Banana Pro with a photo and make localized edits without as many AI glitches. It can even change core elements of the image like camera angles, color grading, and lighting without altering other elements. Google is pushing the professional use angle with its new model, which has much-improved resolution options. Your creations in Nano Banana Pro can be rendered at up to 4K.
Read more of this story at Slashdot.
- Future Google TV Devices Might Come With a Solar-powered Remote
An anonymous reader shares a report: Epishine, a company that makes solar cells optimized for indoor lighting, has announced its technology is being used in a new remote control for Google TV devices, as spotted by 9to5Google. The remote will rely on rechargeable batteries instead of disposable ones, and thanks to the use of solar cells on both sides it may only run out of power when it gets buried and forgotten in the dark abyss of your couch cushions.
Read more of this story at Slashdot.
- Microsoft Open-Sources Classic Text Adventure Zork Trilogy
Microsoft has released the source code for Zork I, II, and III under the MIT License through a collaboration with Team Xbox and Activision that involved submitting pull requests to historical source repositories maintained by digital archivist Jason Scott. Each repository now includes the original source code and accompanying documentation. The games arrived on early home computers in the 1980s as text-based adventures built on the Z-Machine, a virtual machine that allowed the same story files to run across different platforms. Infocom created the Z-Machine after discovering the original mainframe version was too large for home computers. The team split the game into three titles that all ran on the same underlying system. The code release covers only the source files and does not include commercial packaging or trademark rights. The games remain available commercially through The Zork Anthology on Good Old Games and can be compiled locally using ZILF, a modern Z-Machine interpreter.
Read more of this story at Slashdot.
- Nvidia Brings Ad-free Cloud Gaming To New Chromebooks
Nvidia and Google announced today a new cloud gaming plan called GeForce Now Fast Pass that is exclusive to Chromebooks. Anyone who purchases a new Chromebook will receive a year of the service included with their device at no additional charge. Fast Pass allows Chromebook owners to stream more than 2,000 games from their existing Steam, Epic or Xbox libraries. The service removes ads and lets users skip the queue that typically adds two minutes or more of wait time on GeForce Now's free tier. Users get 10 hours of cloud gaming each month. Up to five unused hours can roll over to the following month. Nvidia offers other paid plans starting at $9.99 per month that support higher resolutions, faster frame rates, RTX ray-tracing, and access to a larger game library that includes thousands of additional titles. The companies did not announce pricing for Fast Pass after the first year ends.
Read more of this story at Slashdot.
- CDC Changes Webpage To Say Vaccines May Cause Autism, Revising Prior Language
A Centers for Disease Control and Prevention webpage that previously made the case that vaccines don't cause autism now says they might. WSJ: The contents of the webpage came up during Health Secretary Robert F. Kennedy Jr. Senate confirmation process. Sen. Bill Cassidy (R., La.) in February said Kennedy had assured him that, if he was confirmed, the CDC would "not remove statements on their website pointing out that vaccines do not cause autism." The revised webpage says: "The claim 'vaccines do not cause autism' is not an evidence-based claim because studies have not ruled out the possibility that infant vaccines cause autism. Studies supporting a link have been ignored by health authorities." The new text posted Wednesday also notes that the Department of Health and Human Services has launched "a comprehensive assessment" to probe the causes of autism.
Read more of this story at Slashdot.
- As Windows Turns 40, Microsoft Faces an AI Backlash
Microsoft's push to transform Windows into an "agentic OS" that allows AI agents to control PCs is drawing user backlash similar to the Windows 8 controversy, as the company marks the operating system's 40th anniversary this week, writes Tom Warren, a reporter at The Verge who has been covering Microsoft for nearly two decades. Windows chief Pavan Davuluri announced the agentic OS plans in a post on X last week and faced immediate criticism in hundreds of replies before they were locked days later. "It's evolving into a product that's driving people to Mac and Linux," one person wrote, while another asked for a return to Windows 7's "clean UI, clean icon, a unified control panel, no bloat apps, no ads, just a pure performant OS." Davuluri later responded to software engineer Gergely Orosz, saying "we care deeply about developers" and acknowledging Microsoft has "work to do on the experience, both on the everyday usability, from inconsistent dialogs to power user experiences." Microsoft CEO Satya Nadella told the Dwarkesh Podcast that the company's business "which today is an end user tools business, will become, essentially an infrastructure business in support of agents doing work." The Recall feature already spooked users when it was initially turned on by default before Microsoft reworked it to be opt-in. Navjot Virk, corporate vice president of Windows experiences, told The Verge that "every user can use [AI agents] when they're ready. It's their choice, they decide."
Read more of this story at Slashdot.
- Monarch Tractor Preps For Layoffs and Warns Employees It May 'Shut Down'
Autonomous electric tractor startup Monarch Tractor -- which we covered in 2022 -- warned staff Thursday it may need to lay off more than 100 employees, or possibly even "shut down," according to a company-wide memo obtained by TechCrunch. The report adds: The memo comes after Monarch Tractor was already cutting some positions over the last few weeks at its California corporate facilities and remote teams in India and Singapore, according to multiple former employees who spoke with TechCrunch on the condition of anonymity. Monarch Tractor was founded in 2018 by a team that included a former top executive at Tesla's first gigafactory and Carlo Mondavi, a scion of the famous winemaking family. The company raised at least $220 million, including $133 million in 2024, as it pursued a goal of making "driver optional" autonomous tractors that could perform tasks at places like wineries and other fruit farms.
Read more of this story at Slashdot.
- SC25 gets heavy with mega power and cooling solutions
Hydrogen-powered turbines, megawatt-scale coolant loops, and 800V power take center stage at annual supercomputing conference
SC25 Hydrogen-fueled gas turbines, backup generators, and air handlers probably aren't the kinds of equipment you'd expect on the show floor of a supercomputing conference. But your expectations would be wrong.…
- Trump, Republicans try again to stop states from regulating AI
If at first you don’t succeed, swing again - Big Tech certainly isn’t complaining
The Trump administration and congressional Republicans are trying again to eliminate state-level AI regulations in favor of a federal standard. The plan faces opposition from many state governments and civil-society organizations, while AI vendors have welcomed it.…
- Thunderbird 145 finally adds ‘native’ Exchange support
EWS-powered email only for now, with calendars and contacts still on the to-do list
It's easy to forget in the FOSS world, but Exchange still runs most corporate email – and the new version of Thunderbird can talk to it directly.…
- AWS under pressure as big three battle to eat the cloud market
Google and Microsoft are catching up, while Oracle and neoclouds are growing from a small base
The big three cloud companies are all growing thanks to an expanding market, but Amazon is under increasing pressure from Microsoft and Google, while newcomers are on the rise.…
- TP-Link accuses rival Netgear of 'smear campaign' over alleged China ties
Networking vendor claims rival helped portray it as a national-security risk in the US
TP-Link is suing rival networking vendor Netgear, alleging that the rival and its CEO carried out a smear campaign by falsely suggesting, it says, that the biz had been infiltrated by the Chinese government.…
- Google and Westinghouse lean on AI to speed US nuclear plant builds
Pair say digital twin-powered scheduling will cut costs, shrink timelines for 10 planned reactors
Google and atomic power biz Westinghouse Electric claim that AI will speed construction and cut the cost of building the new US power plants it is planning in response to rising demands for energy to fuel AI.…
- Manchester hits snooze again on joining Palantir-run NHS data platform
Care board still waiting for evidence that it will be in the best interests of the population
Greater Manchester Integrated Care Board (ICB) has again put off its adoption of an NHS data platform prescribed by the UK government and run by Palantir until there is more evidence that it will be in the "best interests" of the city's population.…
- Palo Alto CEO tips nation-states to weaponize quantum computing by 2029
Company thinks you’ll contemplate replacing most security kit in the next few years to stay safe
Palo Alto Networks CEO Nikesh Arora has suggested hostile nation-states will possess quantum computers in 2029, or even a little earlier, at which point most security appliances will need to be replaced.…
- US, UK, Australia sanction Lockbit gang’s hosting provider
‘Bulletproof’ hosts partly dodged the last attack of this sort
Cybercrime fighters in the US, UK, and Australia have imposed sanctions on several Russia-linked entities they claim provide hosting services to ransomware gangs Lockbit, BlackSuit, and Play.…
- Fortinet 'fesses up to second 0-day within a week
Attackers may be joining the dots to enable unauthenticated RCE
Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that attackers had found and abused a month earlier.…
- DARPA making low-hanging satellites that use air to move
Skim the atmosphere and air-breathing VLEO sats can theoretically maintain orbit
DARPA is on the verge of reaching a new low - an orbital one - as the Defense Department's research arm moves its Very Low Earth Orbit (VLEO) Otter satellite program into the production phase. …
- Canada ups its European Space Agency bet 10x with $376M
Massive jump in spending shows the Great White North isn’t betting everything on NASA
Canada will boost its investment in European Space Agency (ESA) programs by CA$528.5 million ($376 million USD), a tenfold increase, according to the Canadian Space Agency.…
- San Jose's 'warrantless' license plate queries land cops in court
Digital rights groups argue cameras used to unconstitutionally surveil locals
The Electronic Frontier Foundation (EFF) and American Civil Liberties Union of Northern California (ACLU-NC) are suing the City of San Jose and its police department over alleged abuses of automatic license plate recognition (ALPR) technology.…
- Mastodon CEO steps down with €1M payout and a deep sigh
Burnout and slowing growth push Eugen Rochko into an advisory role after nearly a decade in charge
Eugen Rochko, CEO and founder of decentralized social network Mastodon, is stepping down after nearly a decade at the helm and walking away with a sizable exit payment.…
- Commodity memory prices set to double as fabs pivot to AI market
Analysts warn LPDDR4 supply is tightening fast with shift to higher-end components
Updated Memory prices could soon be double what they were earlier this year as chipmakers switch to advanced products to target the AI market, leaving a shortfall of more mature chips such as those meeting the LPDDR4 standard.…
- Whatever your job, mentoring is your job – and the one that matters most
Nobody succeeds alone, and no community thrives without generosity
Opinion When I started coding for a living 43 years ago, I didn't know shit from Shinola. I'd written a lot of BASIC, some Z80 assembler, and knew my way around floppy drives and a disk operating system. I knew nothing at all about how to operate as a junior engineer in a professional environment.…
- Cloudflare broke itself – and a big chunk of the Internet – with a bad database query
Thought it was the victim of a ‘hyper-scale DDoS attack’ before finding the fix
Cloudflare CEO Matthew Prince has admitted that the cause of its massive Tuesday outage was a change to database permissions, and that the company initially thought the symptoms of that adjustment indicated it was the target of a “hyper-scale DDoS attack,” before figuring out the real problem.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Fixing! the broken Solaris Management Console Oracle won�t fix
In my detailed article about the Sun Microsystems ecosystem of the late 2000s, I mentioned an issue I ran into with the latest (leaked) patchset for Solaris 10, the one from 2020, available on Archive.org. Sun does not make Solaris 10 patches and patchsets from 2014 and later freely available online, restricting them to big enterprise customers with expensive support contracts. The same restrictions apply to mere support documents for Solaris 10, so that issues documented by Oracle, including causes and possible solutions, are only accessible to those with support contracts. The specific issue I ran into is that after installing the 2020 patchset, the Solaris Management Console, a GUI application written in Java with which you can manage certain aspects of your system, would no longer work. It would start up, but any settings panel you tried to load would throw up an RMI_ERR: error unmarshalling return, rendering the SMC effectively non-functional. This problem is documented in Oracle Doc ID 1559490.1, but of course, the Cause and Solution sections are hidden. I like weird commercial UNIX configuration GUIs, so even though you can do all of the SMC�s tasks with command-line tools, I still want it to work. Judging by the error and the countless references to Java updates, it�s easy to figure out that the root cause is an updated version of Java installed by the patchset that the SMC doesn�t like. You�d think uninstalling any relevant patches would solve the problem, but I tried that and it didn�t make a difference, so I was hoping Oracle perhaps had a later patch to fix the issue, or perhaps a proper workaround to get the SMC working again. Well, a screenshot of the remainder of that Oracle Doc ID mysteriously materialised on my Ultra 45 this morning, and it turns out that Oracle just0 Doesn�t care. Honestly, I can�t blame them. Solaris 10 is old, outdated, pure legacy, and the very small number of organisations still using it are probably using it in Solaris Zones on servers anyway, and definitely not as a workstation/desktop operating system. There is zero incentive for Oracle to waste any time trying to fix this issue that, let�s be honest, really only affects one person in the entire world: me. Still, I wanted it fixed, and so I brute-forced a solution. It�s pretty straightforward: just change your default Java version back to one that the Solaris Management Console can work with. While I have Java 1.6.0 and 1.8.0 installed on the Ultra 45, with 1.6.0 being the default, the SMC will only work when 1.5.0 is set as your default Java version. There�s a wide variety of ways to do this, ranging from hatchets to scalpels, but considering nothing else on Solaris 10/SPARC on the Ultra 45 relies on 1.6.0 or later (as far as I can tell, at least), I took a hatchet approach and just changed the /usr/java symlink so that it pointed to 1.5.0 again. It�s that simple. Like I said, there are far more elegant ways of doing this, down to various scripts and other things to force only the SMC to use this specific Java version, but it�s not worth the effort to figure that out, and this works just as well. So, just in case there�s ever going to be a second person looking to fix this problem, here you are. You weird, weird person.
- Microsoft warns its new AI! agents in Windows can install malware
Microsoft has just announced a whole slew of new AI! features for Windows, and this time, they�ll be living in your taskbar. Microsoft is trying to transform Windows into a “canvas for AI,” with new AI agents integrated into the Windows 11 taskbar. These new taskbar capabilities are designed to make AI agents feel like an assistant in Windows that can go off and control your PC and do tasks for you at the click of a button. It’s part of a broader overhaul of Windows to turn the operating system into an “agentic OS.” Microsoft is integrating a variety of AI agents directly into the Windows 11 taskbar, including its own Microsoft 365 Copilot and third-party options. “This integration isn’t just about adding agents; it’s about making them part of the OS experience,” says Windows chief Pavan Davuluri. ↫ Tom Warren at The Verge These AI! agents will control your computer, applications, and files for you, which may make some of you a little apprehensive, and for good reason. AI! tools don�t have a great track record when it comes to privacy � Windows Recall comes to mind � and as such, Microsoft claims this time, it�ll be different. These new AI! agents will run in what are essentially dedicated Windows accounts acting as sandboxes, to ensure they can only access certain resources. While I find the addition of these AI! tools to Windows insufferable and dumb, I�m at least glad Microsoft is taking privacy and security seriously this time, and I doubt Microsoft would repeat the same mistakes they made with the entirely botched rollout of Windows Recall. in addition, after the Cloudstrike fiasco, Microsoft made clear commitments to improve its security practices, which further adds to the confidence we should all have these new AI! tools are safe, secure, and private. But wait, what�s this? Additionally, agentic AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation. ↫ Microsoft support document about the new AI! features Microsoft�s new AI! features can go out and install malware without your consent, because these features possess the access and privileges to do so. The mere idea that some application � which is essentially what these AI! features really are � can go out onto the web and download and install whatever it wants, including malware, on your behalf!, in the background, is so utterly dystopian to me I just can�t imagine any serious developer looking at this and thinking yeah, ship it!. I�m living in an insane asylum.
- Run old versions of UNIX for PDP-11 and x86 on modern hardware
The contents of this repository allow older versions of UNIX (ancient UNIX) to run easily on modern Unix-like systems (Linux, FreeBSD, macOS, among others). ↫ Run ancient UNIX GitHub page With the guides in this repository, you can easily run Versions 1/5/7 UNIX and 2.11BSD UNIX for the PDP-11 and Version 7 UNIX for x86 (ported to x86 by Robert Nordier in 1999, with patches in 2006-2007). That�s it.
- Living my best Sun Microsystems ecosystem life in 2025
In my lifetime, there�s been one ecosystem I deeply regret having missed out on: the Sun Microsystems ecosystem of the late 2000s. At that time, the company offered a variety of products that, when used together, formed a comprehensive ecosystem that was a fascinating, albeit expensive alternative to Microsoft and Apple. While not really intended for home use, I�ve always believed that Sun�s approach to computing would�ve made for an excellent computing environment in the home. Since I was but a wee university student in the late 2000s living in a small apartment, I did not have the financial means nor the space to really test this hypothesis. Now, though, Sun�s products from that era are decidedly retro, and a lot more approachable � especially if you have incredibly generous readers. So sit down and buckle up, because we�ve got a long one today. If you wish to support OSNews and longform content like this, consider becoming a Patreon or donating to our Ko-Fi. Note that absolutely zero generative AI! was used in the writing of this article. No AI! writing aids, no AI! summaries, no ChatGPT, no Gemini search nonsense, nothing. I take pride in doing research and writing properly, without the aid! of digital parrots with brain damage, and if there�s any errors, they�re mine and mine alone. Take pride in your work and reject AI!. The Ultra 45: the central hub In the early 2000s, it had already become obvious that the future of workstations lied not with custom architectures, bespoke processors, and commercial UNIX variants, but with standard x86, off-the-shelf Intel and AMD processors, and Windows and Linux. The writing was on the wall, everyone knew it, and the ensuing consolidation on x86 turned into a veritable bloodbath. In the �80s and �90s, many of these ISAs were touted as vastly superior x86 killers, but fast-forward a decade or two, and x86 had bested them all in both price and performance, leaving behind a trail of dead ISAs. Never bet against x86. Virtually none of the commercial UNIX variants survived the one-two punch of losing the ISA they were married to and the rising popularity of Linux in the workstation space. HP-UX was tied to HP�s PA-RISC, and both died. SGI�s IRIX was tied to MIPS, and both died. Tru64 was tied to Alpha, and both died. The two exceptions are IBM�s AIX and Sun�s Solaris. AIX workstations were phased out, but AIX is still nominally in development for POWER servers, but wholly inaccessible to anyone who doesn�t wear a suit and has a massive corporate spending budget. Solaris, meanwhile, which had long been available on x86, saw its own! ISA SPARC live on in the server space until roughly 2017 or so, and was even briefly available as open source until Oracle did its thing. As a result, Solaris and its derivative Illumos are still nominally in active development, but in the grand scheme of things they�re barely even a blip on the radar in 2025. Never bet against Linux. During these tumultuous times, the various commercial UNIX vendors all pushed out systems that would become the final hurrahs of their respective UNIX workstation lines. DEC, then owned by HP, released its AlphaStation ES47 in 2003, marking the end of the road for Alpha and Tru64 UNIX. HP�s own PA-RISC architecture and HP-UX met their end with the HP c8000 (which I own), an all-out PA-RISC monster with two dual-core processors running at 1.1GHz. SGI gave its MIPS line of machines running IRIX a massive send-off with the enigmatic and rare Tezro in 2003. In 2005, IBM tried one last time with the IntelliStation POWER 285, followed a few months later by the heavily cut-down 185, the final AIX workstation. And Sun unveiled the Ultra 45, its final SPARC workstation, in 2006. Sun was already in the middle of its transition to x86 with machines like the Sun Java Desktop System and its successors, the Ultra 20 and 40, and then surprised everyone by reviving their UltraSPARC workstation line with the Ultra 25 and 45, which shared most � all? � of their enclosures with their x86 brethren. They were beautiful, all-aluminium machines with gorgeous interior layouts, and a striking full-grill front, somewhat inspired by the PowerMac G5 of that era. And ever since the Ultra 45 was rumoured in late 2005 and then became available in early 2006, I�ve been utterly obsessed with it. It�s taken almost two decades, but thanks to an unfathomably generous donation from KDE e.V. board member and FreeBSD contributor Adriaan de Groot, a very unique and storied Sun Ultra 45 and a whole slew of accessories showed up at my doorstep only a few weeks ago. Let�s look back upon this piece of history that is but a footnote to most, but a whole book to me � and experience Sun�s ecosystem from around 2006, today. First and foremost, I want to express my deep gratitude to Adriaan de Groot. Without him, none of this would have been possible, and I can�t put into words how grateful I am. He donated this Ultra 45 to me at no cost � not even the cost of shipping � and he also shipped another box to me containing a few Sun Ray thin clients, completing the late 2000s Sun ecosystem I now own. Since the Ultra 45 was technically owned by KDE e.V. � more on that below � I�d also like to thank the KDE e.V. Board for giving Adriaan permission for the donation. I�d also like to thank Volker A. Brandt, who sent me a Sun Ray 3, a few Ultra 45 hard drive brackets, and some other Sun goodies. The Sun Ultra 45 De Groot sent me was a base model with an upgraded GPU. It had a single UltraSPARC IIIi 1.6Ghz processor, 1GB of RAM, and the most powerful GPU Sun ever released for its SPARC workstation line, the Sun XVR-2500, a rebadged 3Dlabs Wildcat Realizm with
- Using Rust in Android speeds up development considerably
Google has been using Rust in Android more and more for its memory safety characteristics, and the results on that front were quite positive. It turns out, however, that not only does using Rust reduce the number memory safety issues, it�s also apparently a lot faster to code in Rust than C or C++. We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust�s impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one. ↫ Jeff Vander Stoep at the Google Security Blog When you think about it, it actually makes sense. If you have fewer errors of a certain type, you�ll spend less time fixing those issues, time which you can then spend developing new code. Of course, it�s not that simple and there�s a ton more factors to consider, but on a base level, it definitely makes sense. Spellcheck in word processors means you have to spend less time detecting and fixing spelling errors, so you have more time to spend on actually writing. I�m sure we�ll all be very civil about this, and nobody will be weird about Rust at all.
- Haiku gets new guarded heap for the kernel
Another month, another Haiku activity report, and this time we�ve got a major change under the hood: a brand new guarded heap. The old guarded heap was suboptimal and had started to lag behind, so the new one attempts to rectify some of these shortcomings. So, to rectify these limitations, I rewrote the kernel guarded heap more or less from scratch, taking the old code into account where it made sense but otherwise creating entirely new bookkeeping structures, interacting directly with the page table and virtual memory systems, and more. This new guarded heap implementation frees physical pages when not in use, meaning that the “virtual memory reuse disabled” mode now runs for quite long periods of time (indeed, I could successfully boot to the desktop and run compile jobs.) It also prints more diagnostics when kernel panics due to memory faults inside the heap happen, which the old kernel guarded heap didn’t (but the userland one has always done). ↫ Haiku�s activity report for October The new guarded heap is optional for now, but Haiku is planning on releasing some pre-built test builds so users can start testing it out. Of course, this isn�t the only change or improvement from this past month � the list of changes is long, but there�s no real tentpole features here. Haiku�s development pace is still very much on track.
- Google cancels plans to require Android application certification outside of the Play Store
Only a few months ago, Google announced it was going to require that all Android applications � even those installed outside of the Play Store � had to be verified. This led to a massive backlash, and it seems our protests and complaints have had effect: the company announced a change in plans today, and will, in fact, not require certification for installing applications outside of the Play Store. Based on this feedback and our ongoing conversations with the community, we are building a new advanced flow that allows experienced users to accept the risks of installing software that isn�t verified. We are designing this flow specifically to resist coercion, ensuring that users aren�t tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands. We are gathering early feedback on the design of this feature now and will share more details in the coming months. ↫ Matthew Forsythe Director at the Android Developers Blog While this is great news, I�m still concerned this is only temporary. Companies like Google have a tendency to announce some draconian measure to test the waters, walk it back in response to backlash, only to then reintroduce it through some sneaky backdoor a year later when nobody�s looking. Installing whatever we want on the devices we own should be a protected right, not something graciously afforded to us by our corporate overlords. If you think this is the end of this story, you�re a fool.
- Big news for small OpenBSD /usr partitions
Ever ran into issues using sysupgrade on OpenBSD because /usr ran out of space? OpenBSD developers are trying to address this issue. Firstly, Stuart Henderson (sthen@) modified the installer to increase free space prior to installing. Theo de Raadt (deraadt@) modified sysupgrade(8) so that, if space is too tight, it will fail gracefully rather than risk leaving the administrator with a broken system. ↫ OpenBSD Journal These are very welcome additions.
- Valve brings x86 gaming to ARM Linux with FEX
Valve announced a few new devices yesterday. There�s a new Steam console, which is essentially just a tiny PC with SteamOS installed � think of it as a Steam Deck without a display. Second, Valve finally released a new Steam Controller to go with the Steam console, which has taken them long enough. Lastly, there�s a brand new Steam VR headset, the Steam Frame. Other websites with actual access to these new devices will do a better job of covering them than I ever could, but I do want to highlight something crucially important about the Steam Frame: it contains a Snapdragon ARM processor, but can still run Steam and all of its games. How does this work? Well, after developing Proton to allow Windows games to run on Linux, Valve introduced! FEX, which will allow you to run x86 Windows games on ARM Linux. I put the quotation marks there because FEX was an existing project Valve invested heavily into in recent times, and it�s now at the point where Valve seems confident enough it will be capable of running enough x86 games on ARM Linux. As such, the Steam Frame runs full SteamOS with KDE Plasma, you can run x86 Steam games, and as an additional bonus, you can install Android APKs as well. I�ve yet to even try VR, because I�m not particularly interested in buying into any locked-down platform. The Steam Frame may be the first VR device I�ll buy � depending on price, of course � and the Steam console definitely looks like a great addition to the living room, too. My wife and I have little to no interesting in buying an Xbox or PS5, but having easy, no-hassle access to our massive Steam libraries on our TV will be awesome.
- VMS/XDE: an OpenVMS x86 development environment for Linux and Windows/WSL
VMS/XDE is an OpenVMS x86 development environment for Linux and WIndows (via WSL). It provides a familiar user experience for OpenVMS developers working in Linux and Windows yet offers 100% binary and file system compatilibilty with OpenVMS. VMS/XDE includes OpenVMS V9.2-3 user, supervisor and executive mode operating system environments and a set of x86 native compilers and layered products geared towards OpenVMS software development and testing. ↫ VMS/XDE website VMS/XDE is a beta version, and comes with the usual annoying OpenVMS x86 time bombs, this time exploding on 3 January 2026. If you intend to use the finalised commercial version after the beta period ends, you�ll have to employ the same licenses as regular OpenVMS. It�s a bit of a mess, but that�s the OpenVMS way, sadly � and I don�t blame them, either, as I�m sure they�re hamstrung by a ton of agreements and restrictions imposed upon them by HP. Regardless, VMS/XDE brings a zero setup OpenVMS environment to the operating system you�re already using, making it easier to develop and cross-compile for the platform. I still have absolutely no clue just how many people OpenVMS is still relevant for, but I absolutely adore the fact VMS Software Inc. is working on this. In a world where so many of its former competitors are being held hostage by corporate indifference, it�s refreshing to see VMS still moving forward.
- Plasma Mobile 6.5 keeps improving
As part of the KDE Plasma 6.5 release, we also got a new release of Plasma Mobile. As there�s a lot of changes, improvements, and new features in Plasma Mobile 6.5, the Plasma Mobile Team published a blog post to highlight them all. The biggest improvement is probably the further integration of Waydroid, a necessary evil to run Android applications until the Plasma Mobile ecosystem manages to become a bit more well-rounded. Waydroid can now be managed straight from the settings application and the quick settings dropdown. Furthermore, the lockscreen has been improved considerably, there�s been a ton of polish for the home screen and the user interface in general, the quick settings panel can now be customised to make it fit better on different form factors, the first early test version of the new Plasma mobile keyboard is included, and so much more. This is definitely a release I would want to try out, but since I don�t have any of the supported devices, I�m a bit stuck. This is, of course, one of the two major problems facing proper mobile Linux: the lack of device support. It�s improving due to the tireless work of countless volunteers, but they�re always going to be swimming upstream. The other major problem is, of course, application availability, but at least Waydroid can bridge the gap for the adventurous among us.
- Tribblix m38 released
Tribblix, the Illumos distribution focused on giving you a classic UNIX-style experience, has released a new version. Milestone 38 isn�t the most consequential release of all time, but it does bring a few small changes accompanied by the usual long list of updated open source packages. The zap install command now installs dependencies by default, while zap create-user will now restrict new home directories to mode 0700 by default. Meanwhile, int16h at Cryogenix published an article about using a Bhyve VM running FreeBSD to act as a Wi-Fi bridge for laptops with 802.11xx chips that Tribblix doesn�t support. This is a great, albeit somewhat convoluted option if your hardware uses any Wi-Fi chips Tribblix doesn�t support. There�s honestly a solution for everything, isn�t there?
- Setting up a combined 68k/PA-RISC HP-UX 9 cluster
Jonathan Pallant got lucky and managed to score a massive haul of �90s UNIX workstations, one of which was an HP 9000 Model 340, a HP-UX workstation built around a Motorola 68030 processor at 16.7 MHz. It doesn�t come with a hard drive or even a floppy controller, though, so he decided to borrow a PA-RISC-based HP 9000 Model 705 to set up an HP-UX 9 cluster. But wait, how does that work, when we�re dealing with two entirely different architectures? What�s more fun though, is putting it into a cluster with the Model 705 and network booting it. Yes, that a 68030 machine network booting from a PA-RISC machine 0 and`sharing the same root filesystem. But aren�t PA-RISC binaries and 68K binaries quite different? Oh yes, they really are. So, how does that work? ↫ Jonathan Pallant HP-UX is far more interesting and fascinating than a lot of people give it credit for, and while my interest lies with HP-UX 11i, I find what Pallant is doing here with HP-UX 9 just as fascinating. You first need to install HP-UX 9 for PA-RISC on the 700 series machine, convert it to a cluster server, and then install HP-UX 9 for 68k on top of that PA-RISC installation. After this is done, you effectively end up with a single root file system that contains both PA-RISC and 68k binaries, and you can network boot the 68k-based Model 340 right from it � using the same root filesystem on both machines. Absolutely wild. No, these are not universal binaries or some other trick you might know of from more modern system. In fact, installing the 68k version of HP-UX 9 into! the PA-RISC HP-UX 9 cluster server, you end up with something called a Context Dependent Filesystem. To get a better idea of what this means and how this works, you should really head on over to Pallant�s excellent article for all the details.
- Ironclad 0.7.0 and 0.8.0 released, adds RISC-V support
We�ve talked about Ironclad a few times, but there�s been two new releases since the 0.6.0 release we covered last, so let�s see what the project�s been up to. As a refresher, Ironclad is a formally verified, hard real-time capable kernel written in SPARK and Ada. Versions 0.7.0 and 0.8.0 improved support for block device caching, added a basic NVMe driver, added support for x86’s SMAP, switched from KVM to NVMM for Ironclad’s virtualization interface, and much, much more. In the meantime, Ironclad also added support for RISC-V, making it usable on any 64 bit RISC-V target that supports a Limine-protocol compatible bootloader. The easiest way to try out Ironclad is to download Gloire, a distribution that uses Ironclad and the GNU tools. It can be installed in both a virtual machine and on real hardware.
- Mac OS 7.6 and 8 for CHRP releases discovered
For those of us unaware � unlikely on OSNews, but still � for a hot minute in the second half of the �90s, Apple licensed its Mac OS to OEMs, resulting in officially sanctioned Mac clones from a variety of companies. While intended to grow the Mac�s market share, what ended up happening instead is that the clone makers outcompeted Apple on performance, price, and features, with clones offering several features and capabilities before Apple did � for far lower prices. When Steve Jobs returned to Apple, he killed the clone program almost instantly. The rather abrupt end of the clone program means there�s a number of variants of the Mac OS that never made their way into the market, most notable variants intended for the Common Reference Hardware Platform, or CHRP, a standard defined by IBM and Apple for PowerPC-based PCs. Thanks to the popular classic Mac YouTuber Mac84, we now have a few of these releases out in the wild. These CDs contain release candidates for Mac OS 7.6 and Mac OS 8 for CHRP (Common Hardware Reference Platform) systems. They were created to support CHRP computers, but were never released, likely due to Steve Jobs returning to Apple in September 1997 and eliminating the Mac Clone program and any CHRP efforts. ↫ Mac OS 7.6/8 CHRP releases page Mac84 has an accompanying video diving into more detail about these individual releases by booting and running them in an emulator, so we can get a better idea of what they contain. While most clone makers only got access to Mac OS 7.x, some of them did, in fact, gain access to Mac OS 8, namely UMAX and Power Computing (the latter of which was acquired by Apple). It�s not the clone nature of these releases that make them special, but the fact they�re CHRP releases is. This reference platform was a failure in the market, and only a few of IBM�s own machines and some of Motorola�s PowerStack machines properly supported it. Apple, meanwhile, only aid minor lip service to CHRP in its New World Power Macintosch machines.
- FreeBSD now builds reproducibly and without root privilege
The FreeBSD Foundation is pleased to announce that it has completed work to build FreeBSD without requiring root privilege. We have implemented support for all source release builds to use no-root infrastructure, eliminating the need for root privileges across the FreeBSD release pipeline. This work was completed as part of the`program commissioned by the Sovereign Tech Agency. ↫ FreeBSD Foundation blog This is great news in and of itself, but there�s more: FreeBSD has also improved build reproducability. This means that given the same source input, you should end up with the same binary output, which is an important part of building a verifiable chain of trust. These two improvements combined further add to making FreeBSD a trustworthy, secure option � something it already is anyway. In case you haven�t noticed, the FreeBSD project and its countless contributors are making a ton of tangible progress lately on a wide variety of topics, from improving desktop use, to solidifying Wi-Fi support, to improving the chain of trust. I think the time is quite right for FreeBSD to make some inroads in the desktop UNIX-y space, especially for people to whom desktop Linux has strayed too far from the traditional UNIX philosphy (whatever that means).
- Wine 10.19 Released: Game Changing Support for Windows Reparse Points on Linux
by George Whittaker Introduction
If you use Linux and occasionally run Windows applications, whether via native Wine or through gaming layers like Proton, you’ll appreciate what just dropped in Wine 10.19. Released November 14 2025, this version brings a major enhancement: official support for Windows reparse points, a filesystem feature many Windows apps rely on, and a host of other compatibility upgrades.
In simpler terms: Wine now understands more of the Windows filesystem semantics, which means fewer workarounds, better application compatibility, and smoother experiences for many games and tools previously finicky under Linux.
What Are Reparse Points & Why They MatterUnderstanding Reparse Points
On Windows, a reparse point is a filesystem object (file or directory) that carries additional data, often used for symbolic links, junctions, mount points, or other redirection features. When an application opens or queries a file, the OS may check the reparse tag to determine special behavior (for example “redirect this file open to this other path”).
Because many Windows apps, installers, games, DRM systems, file-managers, use reparse points for features like directory redirection, path abstractions, or filesystem overlays, lacking full support for them in Wine means those apps often misbehave.
What Wine 10.19 Adds
With Wine 10.19, support for these reparse point mechanisms has been implemented in key filesystem APIs: for example NtQueryDirectoryFile, GetFileInfo, file attribute tags, and DeleteFile/RemoveDirectory for reparse objects.
This means that in Wine 10.19:
Windows apps that create or manage symbolic links, directory junctions or mount-point style re-parsing will now function correctly in many more cases.
Installers or frameworks that rely on “when opening path X, redirect to path Y” will work with less tinkering.
Games or utilities that check for reparse tags or use directory redirections will have fewer “stuck” behaviors or missing files.
In effect, this is a step toward closer to native behavior for Windows file-system semantics under Linux.
Other Key Highlights in Wine 10.19
Beyond reparse points, the release brings several notable improvements:
Expanded support for WinRT exceptions (Windows Runtime error handling) meaning better compatibility for Universal Windows Platform (UWP) apps and newer Windows-based frameworks.
Refactoring of “Common Controls” (COMCTL32) following the version 5 vs version 6 split, which helps GUI applications that rely on older controls or expect mixed versions.
Go to Full Article
- Firefox 145: A Major Release with 32-Bit Linux Support Dropped
by George Whittaker Introduction
Mozilla has rolled out Firefox 145, a significant update that brings a range of usability, security and privacy enhancements, while marking a clear turning point by discontinuing official support for 32-bit Linux systems. For users on older hardware or legacy distros, this change means it’s time to consider moving to a 64-bit environment or opting for a supported version.
Here’s a detailed look at what’s new, what’s changed, and what you need to know.
Major Changes in Firefox 145End of 32-Bit Linux Builds
One of the headline items in this release is Mozilla’s decision to stop building and distributing Firefox for 32-bit x86 Linux. As per their announcement:
“32-bit Linux (on x86) is no longer widely supported by the vast majority of Linux distributions, and maintaining Firefox on this platform has become increasingly difficult and unreliable.”
From Firefox 145 onward, only 64-bit (x86_64) and relevant 64-bit architectures (such as ARM64) will be officially supported. For those still running 32-bit Linux builds, Mozilla recommends migrating to 64-bit or switching to the Extended Support Release (ESR) branch (Firefox 140 ESR) which still supports 32-bit for a limited period.
Usability & Interface Enhancements
Firefox 145 brings several improvements designed to make everyday web browsing smoother and more flexible:
PDF viewer enhancements: You can now add, edit, and delete comments in PDFs, and a comments sidebar helps you easily navigate your annotations.
Tab-group preview: When you hover over the name of a collapsed tab group, a thumbnail preview of the tabs inside appears, helpful for reorganizing or returning to work.
Access saved passwords from the sidebar, without needing to open a new tab or window.
“Open links from apps next to your active tab” setting: When enabled, links opened from external applications insert next to your current tab instead of at the end of the tab bar.
Slight UI refinements: Buttons, input fields, tabs and other elements get more rounded edges, horizontal tabs are redesigned to align with vertical-tab aesthetics.
Privacy, Security & Under-the-Hood Upgrades
Mozilla has also doubled down on privacy and risk reduction:
Fingerprinting defenses: Firefox 145 introduces new anti-fingerprinting techniques that Mozilla estimates reduce the number of users identified as unique by nearly half when Private Browsing mode or Enhanced Tracking Protection (strict) is used.
Go to Full Article
- MX Linux 25 ‘Infinity’ Arrives: Debian 13 ‘Trixie’ Base, Modern Tools & A Fresh Installer
by George Whittaker Introduction
The team behind MX Linux has just released version 25, carrying the codename “Infinity”, and it brings a significant upgrade by building upon the stable base of Debian 13 “Trixie”. Released on November 9, 2025, this edition doesn’t just refresh the desktop, it introduces modernized tooling, updated kernels, dual init-options, and installer enhancements aimed at both newcomers and long-time users.
In the sections that follow, we’ll walk through the key new features of MX Linux 25, what’s changed for each desktop edition, recommended upgrade or fresh-install paths, and why this release matters in the wider Linux-distribution ecosystem.
What’s New in MX Linux 25 “Infinity”
Here are the headline changes and improvements that define this release:
Debian 13 “Trixie” Base
By moving to Debian 13, Infinity inherits all the stability, security updates, and broader hardware support of the latest Debian stable release. The base system now aligns with Trixie’s libraries, kernels, and architecture support.
Kernel Choices & Hardware Support
The standard editions ship with the Linux 6.12 LTS kernel series, offering a solid baseline for most hardware.
For newer hardware or advanced users, the “AHS” (Advanced Hardware Support) variants and the KDE Plasma edition adopt a Liquorix-flavored Linux 6.16 (or 6.15 in some variants) kernel, maximizing performance and compatibility with cutting-edge setups.
Dual Init Option: systemd and SysVinit
Traditionally associated with lighter-weight init options, MX Linux now offers both systemd by default and SysVinit editions (particularly for Xfce and Fluxbox variants). This gives users the freedom to choose their init system preference without losing new features.
Updated Desktop Environments
Xfce edition: Ships with Xfce 4.20. Improvements include a revamped Whisker Menu, updated archive management tools (Engrampa replacing File Roller in some editions).
KDE Plasma edition: Uses KDE Plasma 6.3.6, defaults to Wayland for a modern session experience (with X11 still optionally available), adds root-actions and service menus to Dolphin, and switches TLP out for power-profiles-daemon to resolve power widget issues.
Fluxbox edition: Offers a more minimal, highly customizable environment: new panel layouts, updated “appfinder” configs for Rofi, toolbar changes and themes refined. Defaults the audio player to Audacious (instead of the older DeaDBeeF).
Go to Full Article
- Arch Linux November 2025 ISO: Fresh Snapshot, Smarter Installer (Archinstall 3.0.12) & Pacman 7.1
by George Whittaker
Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:
Archinstall 3.0.12 – a more polished, smarter TUI installer
Pacman 7.1 – a package manager update with stricter security and better tooling
If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.
Why Arch Still Ships Monthly ISOs in a Rolling World
Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:
sudo pacman -Syu
…but in practice, that’s painful:
Huge initial update downloads
Possible breakage jumping across many months of changes
Outdated installer tooling
That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:
Start with a current kernel and userland
Spend less time updating right after install
Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)
The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.
What’s Inside the November 2025 ISO (2025.11.01)
The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:
Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.
Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.
The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.
You can download it from the official Arch Linux download page or via BitTorrent mirrors.
One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.
Archinstall 3.0.12: What’s Actually New?
Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.
Go to Full Article
- AMD Confirms Zen 5 RNG Flaw: When ‘Random’ Isn’t Random Enough
by George Whittaker
AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.
Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.
What AMD Just Confirmed
AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:
Return the value 0 from RDSEED far more often than true randomness would allow
Still signal “success” (carry flag CF=1), so software thinks it got a good random value
The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.
Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.
AMD classifies the impact as:
Loss of confidentiality and integrity (High severity).
How the Vulnerability Works (In Plain English)What RDSEED Is Supposed to Do
Modern CPUs expose hardware instructions like RDRAND and RDSEED:
RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.
RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).
Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.
What’s Going Wrong on Zen 5
On affected Zen 5 CPUs:
The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.
Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.
In cryptographic terms, this means:
Entropy can be dramatically reduced (many key bits become predictable or even fixed).
Keys or nonces derived from those values can become partially or fully guessable.
Go to Full Article
- The Most Critical Linux Kernel Breaches of 2025 So Far
by George Whittaker
The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.
CVE-2025-21756 – Use-After-Free in the vsock Subsystem
One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.
How the exploit works:A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.
Why it matters:Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.
Mitigation:Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.
CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets
Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.
Attack scenario:A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.
Why it matters:This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.
Mitigation:Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.
CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers
In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Go to Full Article
- Steam Deck 2 Rumors Ignite a New Era for Linux Gaming
by George Whittaker
The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.
What the Rumours Suggest
Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:
Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.
A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.
One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.
Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.
In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.
Why This Matters for Linux Gaming
The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:
Validation of SteamOS & Linux Gaming
The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.
Handheld PC Ecosystem Momentum
Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.
Go to Full Article
- Kali Linux 2025.3 Lands: Enhanced Wireless Capabilities, Ten New Tools & Infrastructure Refresh
by George Whittaker Introduction
The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.
In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.
What’s New in Kali Linux 2025.3
This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.
Tooling Additions: Ten Fresh Packages
One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:
Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).
Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.
Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.
krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.
ligolo-mp – a multiplayer pivoting solution for network-lateral movement.
llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).
mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.
patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).
vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.
Go to Full Article
- VMScape: Cracking VM-Host Isolation in the Speculative Execution Age & How Linux Patches Respond
by George Whittaker Introduction
In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.
Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.
In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).
What VMScape Is & Why It MattersThe Basics of Speculative Side-Channels
Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.
One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.
VMScape: Guest to Host via Branch Predictor
VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”
Here are the key elements making VMScape significant:
The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).
Go to Full Article
- Self-Tuning Linux Kernels: How LLM-Driven Agents Are Reinventing Scheduler Policies
by George Whittaker Introduction
Modern computing systems rely heavily on operating-system schedulers to allocate CPU time fairly and efficiently. Yet many of these schedulers operate blindly with respect to the meaning of workloads: they cannot distinguish, for example, whether a task is latency-sensitive or batch-oriented. This mismatch, between application semantics and scheduler heuristics, is often referred to as the semantic gap.
A recent research framework called SchedCP aims to close that gap. By using autonomous LLM‐based agents, the system analyzes workload characteristics, selects or synthesizes custom scheduling policies, and safely deploys them into the kernel, without human intervention. This represents a meaningful step toward self-optimizing, application-aware kernels.
In this article we will explore what SchedCP is, how it works under the hood, the evidence of its effectiveness, real-world implications, and what caveats remain.
Why the Problem Matters
At the heart of the issue is that general-purpose schedulers (for example the Linux kernel’s default policy) assume broad fairness, rather than tailoring scheduling to what your application cares about. For instance:
A video-streaming service may care most about minimal tail latency.
A CI/CD build system may care most about throughput and job completion time.
A cloud analytics job may prefer maximum utilisation of cores with less concern for interactive responsiveness.
Traditional schedulers treat all tasks mostly the same, tuning knobs generically. As a result, systems often sacrifice optimisation opportunities. Some prior efforts have used reinforcement-learning techniques to tune scheduler parameters, but these approaches have limitations: slow convergence, limited generalisation, and weak reasoning about why a workload behaves as it does.
SchedCP starts from the observation that large language models can reason semantically about workloads (expressed in plain language or structured summaries), propose new scheduling strategies, and generate code via eBPF that is loaded into the kernel via the sched_ext interface. Thus, a custom scheduler (or modified policy) can be developed specifically for a given workload scenario, and in a self-service, automated way.
Architecture & Key Components
SchedCP comprises two primary subsystems: a control-plane framework and an agent loop that interacts with it. The framework decouples “what to optimise” (reasoning) from “how to act” (execution) in order to preserve kernel stability while enabling powerful optimisations.
Here are the major components:
Go to Full Article
|
