|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- Ubuntu DSA-7219-1 Ghostscript Severe Buffer Underflow DDoS CVE-2026-4401
A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened. For the oldstable distribution (bookworm), this problem has been fixed in version 1.21.1+ds2-1+deb12u1.
- Seven stable kernels for Saturday
Greg Kroah-Hartman has announced the release of the 6.19.13, 6.18.23, 6.12.82, 6.6.135, 6.1.169, 5.15.203, and 5.10.253 stable kernels. Each contains anumber of important fixes throughout the tree; users are advised toupgrade.
- [$] A more efficient implementation of Shor's algorithm
Shor's algorithm is the main practical example of an algorithm that runs morequickly on a quantum computer than a classical computer — at least in theory.Shor's algorithm allows large numbers to be factoredinto their component prime factors quickly.In reality, existing quantum computers do not have nearlyenough memory to factor interesting numbers using Shor's algorithm, despitedecades of research.A new paper provides a major stepin that direction, however. While still impractical on today's quantumcomputers, the recent discoverycuts the amount of memory needed to attack 256-bit elliptic-curve cryptographyby a factor of 20. More interesting, however, is that the researchers chose topublish a zero-knowledge proof demonstrating that they know a quantum circuitthat shows these improvements, rather than publishing the actualknowledge of how to do it.
- [$] The 7.0 scheduler regression that wasn't
One of the more significant changes in the 7.0 kernel release is to use the lazy-preemption mode by default in the CPUscheduler. The scheduler developers have wanted to reduce the number ofpreemption modes for years, and lazy preemption looks like a step towardthat goal. But then there came this reportfrom Salvatore Dipietro that lazy preemption caused a 50% performanceregression on a PostgreSQL benchmark. Investigation showed that thesituation is not actually so grave, but the episode highlights just howsensitive some workloads can be to configuration changes; there may besurprises in store for other users as well.
- Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, freerdp, libarchive, and thunderbird), Debian (chromium, openssh, and thunderbird), Fedora (aurorae, bluedevil, breeze-gtk, buildah, cockpit, extra-cmake-modules, flatpak-kcm, grub2-breeze-theme, kactivitymanagerd, kcm_wacomtablet, kde-cli-tools, kde-gtk-config, kdecoration, kdeplasma-addons, kf6, kf6-attica, kf6-baloo, kf6-bluez-qt, kf6-breeze-icons, kf6-frameworkintegration, kf6-kapidox, kf6-karchive, kf6-kauth, kf6-kbookmarks, kf6-kcalendarcore, kf6-kcmutils, kf6-kcodecs, kf6-kcolorscheme, kf6-kcompletion, kf6-kconfig, kf6-kconfigwidgets, kf6-kcontacts, kf6-kcoreaddons, kf6-kcrash, kf6-kdav, kf6-kdbusaddons, kf6-kdeclarative, kf6-kded, kf6-kdesu, kf6-kdnssd, kf6-kdoctools, kf6-kfilemetadata, kf6-kglobalaccel, kf6-kguiaddons, kf6-kholidays, kf6-ki18n, kf6-kiconthemes, kf6-kidletime, kf6-kimageformats, kf6-kio, kf6-kirigami, kf6-kitemmodels, kf6-kitemviews, kf6-kjobwidgets, kf6-knewstuff, kf6-knotifications, kf6-knotifyconfig, kf6-kpackage, kf6-kparts, kf6-kpeople, kf6-kplotting, kf6-kpty, kf6-kquickcharts, kf6-krunner, kf6-kservice, kf6-kstatusnotifieritem, kf6-ksvg, kf6-ktexteditor, kf6-ktexttemplate, kf6-ktextwidgets, kf6-kunitconversion, kf6-kuserfeedback, kf6-kwallet, kf6-kwidgetsaddons, kf6-kwindowsystem, kf6-kxmlgui, kf6-modemmanager-qt, kf6-networkmanager-qt, kf6-prison, kf6-purpose, kf6-qqc2-desktop-style, kf6-solid, kf6-sonnet, kf6-syndication, kf6-syntax-highlighting, kf6-threadweaver, kgamma, kglobalacceld, kinfocenter, kmenuedit, knighttime, kpipewire, krdp, kscreen, kscreenlocker, ksshaskpass, ksystemstats, kwayland, kwayland-integration, kwin, kwin-x11, kwrited, layer-shell-qt, libexif, libkscreen, libksysguard, libplasma, nix, ocean-sound-theme, oxygen-sounds, pam-kwallet, plasma-activities, plasma-activities-stats, plasma-breeze, plasma-browser-integration, plasma-desktop, plasma-dialer, plasma-discover, plasma-disks, plasma-drkonqi, plasma-firewall, plasma-integration, plasma-keyboard, plasma-login-manager, plasma-milou, plasma-mobile, plasma-nano, plasma-nm, plasma-oxygen, plasma-pa, plasma-print-manager, plasma-sdk, plasma-setup, plasma-systemmonitor, plasma-systemsettings, plasma-thunderbolt, plasma-vault, plasma-welcome, plasma-workspace, plasma-workspace-wallpapers, plasma-workspace-x11, plasma5support, plymouth-kcm, plymouth-theme-breeze, podman, polkit-kde, powerdevil, qqc2-breeze-style, sddm-kcm, skopeo, spacebar, spectacle, thunderbird, and xdg-desktop-portal-kde), Mageia (cockpit-338), Oracle (capstone, cockpit, firefox, fontforge, freerdp, golang-github-openprinting-ipp-usb, kernel, nghttp2, nodejs:20, nodejs:24, openexr, and squid), Red Hat (gnutls, libarchive, libpng, libpng12, libpng15, libtiff, libvpx, libxslt, multiple packages, python, python3, python3.11, python3.12, and python3.9), Slackware (libxml2), SUSE (apache-pdfbox, azure-storage-azcopy, corosync, cups, freerdp, iproute2, libsdb2_4_2, libtpms, NetworkManager, openssl-1_1, ovmf, plexus-utils, python, python-CairoSVG, python-jwcrypto, python-PyJWT, python-pyOpenSSL, python-urllib3, python3, python314, rust1.93, shim, smc-tools, terraform-provider-local, terraform-provider-random, terraform-provider-tls, thunderbird, tiff, util-linux, and vim), and Ubuntu (libowasp-esapi-java, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux, linux-realtime, linux-aws-fips, linux-fips, linux-gcp-fips, linux-fips, linux-gcp-fips, linux-gcp, linux-gcp-6.17, linux-hwe-5.15, linux-intel-iot-realtime, linux-realtime, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-nvidia-tegra, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-realtime, linux-realtime-6.8, linux-realtime-6.17, ofono, and ruby-rack).
- Rust 1.95.0 released
Version1.95.0 of the Rust language has been released. Changes include theaddition of a cfg_select!macro, the capability releasenotes for a full list of changes.
- Forgejo 15.0 released
Version15.0 of the Forgejocode-collaboration platform has been released. Changes includerepository-specific access tokens, a number of improvements to ForgejoActions, user-interface enhancements, and more. Forgejo 15.0 isconsidered a long-term-support (LTS) release, and will be supportedthrough July 15, 2027. The previous LTS, version 11.0, will reach endof life on July 16, 2026. See the announcement and releasenotes for a full list of changes.
- [$] The first half of the 7.1 merge window
The 7.1 merge window opened on April 12 with the releaseof the 7.0 kernel. Since then, 3,855 non-merge changesets have beenpulled into the mainline repository for the next release. This mergewindow is thus just getting started, but there has still been a fair amountof interesting work moving into the mainline.
- KDE Gear 26.04 released
Version 26.04 ofthe KDE Gear collection of applications has been released. Notable changesinclude improvements in the MerkuroCalendar schedule view and event editor, support for threads in the NeoChat Matrix chat client, as well asthe ability to add keyboard shortcuts in the Dolphin file manager "to nearly anyoption in any menu, plugin or extension". See the changelog fora full list of updates, enhancements, and bug fixes.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (bind, bind9.16, bind9.18, cockpit, fence-agents, firefox, fontforge, git-lfs, grafana, grafana-pcp, kernel, nghttp2, nginx, nginx:1.24, nginx:1.26, nodejs:20, nodejs:22, nodejs:24, pcs, perl-XML-Parser, perl:5.32, resource-agents, squid:4, thunderbird, and vim), Debian (incus, lxd, and python3.9), Fedora (cef, composer, erlang, libpng, micropython, mingw-openexr, moby-engine, NetworkManager-ssh, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, pypy, python-cairosvg, python-flask-httpauth, and python3.15), Mageia (kernel, kmod-virtualbox, kmod-xtables-addons and kernel-linus), Oracle (\cockpit, bind, bind9.16, bind9.18, firefox, git-lfs, go-toolset:ol8, grafana, grafana-pcp, grub2, kea, kernel, libtiff, nghttp2, nginx, nginx:1.24, nginx:1.26, nodejs22, nodejs24, nodejs:22, nodejs:24, perl-XML-Parser, python3.9, thunderbird, uek-kernel, and vim), Red Hat (delve, go-toolset:rhel8, golang, golang-github-openprinting-ipp-usb, osbuild-composer, and rhc), SUSE (bind, Botan, cockpit, cockpit-subscriptions, expat, flatpak, glibc, goshs, himmelblau, kea, kernel, kubo, libpng16, libssh, log4j, mariadb, Mesa, netty, netty-tcnative, nfs-utils, nghttp2, nodejs20, openssl-3, pam, pcre2, python, python310, python311, python311-aiohttp, python311-rfc3161-client, python313, python36, rubygem-bundler, sqlite3, sudo, tigervnc, tomcat, tomcat10, tomcat11, util-linux, vim, and webkit2gtk3), and Ubuntu (dotnet8, dotnet9, dotnet10, frr, and linux-azure, linux-azure-4.15).
- [$] LWN.net Weekly Edition for April 16, 2026
Inside this week's LWN.net Weekly Edition:
Front: LLM security reports; OpenWrt One build system; Vim forks; removing read-only THPs; 7.0 statistics; MusicBrainz Picard. Briefs: OpenSSL 4.0.0; Relicensing; Servo; Zig 0.16.0; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- FSF clarifies its stance on AGPLv3 additional terms
OnlyOffice CEO Lev Bannov has recentlyclaimed that the Euro-Office fork of theOnlyOffice suite violates the GNU Affero General Public Licenseversion 3 (AGPLv3). Krzysztof Siewicz of the Free SoftwareFoundation (FSF) has publishedan article on the FSF's position on adding terms to the AGPLv3. Inshort, Siewicz concludes that OnlyOffice has added restrictions tothe license that are not compatible with the AGPLv3, and thoserestrictions can be removed by recipients of the code.
We urge OnlyOffice to clarify the situation by making it unambiguousthat OnlyOffice is licensed under the AGPLv3, and that users whoalready received copies of the software are allowed to remove anyfurther restrictions. Additionally, if they intend to continue to usethe AGPLv3 for future releases, they should state clearly that theprogram is licensed under the AGPLv3 and make sure they remove anyfurther restrictions from their program documentation and sourcecode. Confusing users by attaching further restrictions to any of theFSF's family of GNU General Public Licenses is not in line with freesoftware.
- [$] Forking Vim to avoid LLM-generated code
Many people dislike the proliferation of Large Language Models (LLMs) in recentyears, and so make an understandable attempt to avoid them.That may not be possible in general, but there are two new forks ofVim that seek to provide an editingenvironment with no LLM-generated code. EVi focuses on being a modern Vimwithout LLM-assisted contributions, while Vim Classic focuses on providing a long-term maintenanceversion of Vim 8. While both are still in their early phases,the projects look to be on track to provide stable alternatives — as long asenough people are interested.
- Security updates for Wednesday
Security updates have been issued by AlmaLinux (capstone, cockpit, firefox, git-lfs, golang-github-openprinting-ipp-usb, kea, kernel, nghttp2, nodejs24, openexr, perl-XML-Parser, rsync, squid, and vim), Debian (imagemagick, systemd, and thunderbird), Slackware (libexif and xorg), SUSE (bind, clamav, firefox, freerdp2, giflib, go1.25, go1.26, helm, ignition, libpng16, libssh, oci-cli, rust1.92, strongswan, sudo, xorg-x11-server, and xwayland), and Ubuntu (rust-tar and rustc, rustc-1.76, rustc-1.77, rustc-1.78, rustc-1.79, rustc-1.80).
- Zig 0.16.0 released
The Zig project has announced version0.16.0 of the Zig programming language.
This release features 8 months of work: changesfrom 244 different contributors, spread among1183 commits.
Perhaps most notably, this release debuts I/Oas an Interface, but don't sleep on the LanguageChanges or enhancements to the Compiler,BuildSystem, Linker,Fuzzer,and Toolchainwhich are also included in this release.
LWN last covered Zig inDecember 2025.
- [$] Tagging music with MusicBrainz Picard
Part of the "fun" that comes with curating a self-hosted music library is taggingmusic so that it has accurate and uniform metadata, such as the band names, album titles,cover images, and so on. This can be a tedious endeavor, but there are quite a fewopen-source tools to make this process easier. One of the best, or at least myfavorite, is MusicBrainz Picard. It isa cross-platform music-tagging application that pulls information from thewell-curated, crowdsourced MusicBrainzdatabase project and writes it to almost any audio file format.
- Linux 7.1 Lands High Resolution Timer "HRTIMER" Overhaul
Merged this week for Linux 7.1 was a rework of the high resolution timer "HRTIMER" subsystem for reducing the overhead of frequently-armed timers, such as the HRTICK scheduler timer. The HRTICK scheduler timer is useful for enhancing system responsiveness and fairness...
- New/Overhauled NTFS Driver Merged For Linux 7.1
As a very exciting follow-up to the recent article around the new NTFS driver being submitted for Linux 7.1 to address the shortcomings of the current Paragon NTFS3 driver and the prior read-only NTFS kernel driver, that work has been merged!..
- Shuttle XPC slim DB860 Leverages Core Ultra 200 in Compact 1.3L Barebone
Shuttle has revealed the XPC slim DB860, a compact 1.35-liter barebone system built around Intel Core Ultra 200 series processors. The system provides desktop-class performance in a compact metal chassis and supports continuous operation. The platform supports Intel Core Ultra 200 processors (Arrow Lake-S) using the LGA1851 socket, with a maximum TDP of 65 W. […]
- Intel Xe2 Lunar Lake Linux Graphics Performance Up ~17% Over Past Year
Given the Ubuntu 26.04 LTS release being imminent and also realizing it's been nearly one year to the day since reviewing the Lenovo ThinkPad X1 Carbon Gen 13 Aura Edition laptop under Linux, I ran some fresh benchmarks for seeing how the integrated Xe2 graphics have evolved on Linux over the past year.
- Archinstall 4.2 Shifts to Wayland-First Profiles, Leaving X.Org Behind
The Arch Linux installer continues evolving alongside the broader Linux desktop ecosystem. With the release of Archinstall 4.2, a notable change has arrived: Wayland is now the default focus for graphical installation profiles, while traditional X.Org-based profiles have been removed or deprioritized.
- Fedora 44 Will Not Be Released Next Week
Fedora 44 final had been aiming for an early release target of 21 April, but due to outstanding blocker bugs, it's now revised to target a release on 28 April...
- Orange Pi Zero 3W arrives with A733 SoC in 65 × 32 mm design
The Orange Pi Zero 3W is a new single-board computer in a 65 × 32 mm form factor built around the Allwinner A733 processor. The design integrates an octa-core CPU, LPDDR5 memory, and wireless connectivity in a compact layout. The A733 SoC combines two Arm Cortex-A76 cores with six Cortex-A55 cores, operating at up to […]
- Duolingo CEO Says They've Stopped Tracking Employees' AI Use for Performance Reviews
Last May Duolingo's stock peaked at $529.05. But while the learning app passed $1 billion in revenue in 2025 and 50 million daily active users, today its stock price has dropped more than 81%, to $100.51. And there's been other changes, reports Entrepreneur:In April 2025, Duolingo CEO Luis von Ahn made headlines after writing a memo calling the company "AI-first." In the memo, von Ahn announced that the language-learning platform would track employees' AI use in performance reviews. Now, a year later, von Ahn is backtracking and rethinking how he measures employee performance. He told the Silicon Valley Girl podcast earlier this month that Duolingo no longer considers AI use in performance reviews. The change arose after employees started to ask, "Do you just want us to use AI for AI's sake?" von Ahn explained. "We said no, look — the most important thing in your performance is that you are doing whatever your job is as well as possible. A lot of times, AI can help you with that, but if it can't, I'm not going to force you to do that," von Ahn said on the podcast. He felt as though the company was "trying to push something that in some cases did not fit" instead of "being held accountable for the actual outcome." The CEO is, however, still sticking to other "constructive constraints" he introduced in the April 2025 memo, including stopping contractor hiring in cases where AI can assume their workload... Von Ahn also mentioned that a few months ago, Duolingo had a day dedicated to vibe coding, or prompting AI to create an app without manually writing a single line of code. Every single person at the company, from engineers to human resources professionals, had to vibe code an app. Vibe coding has made an impact at the company. One of Duolingo's latest offerings, a course teaching users how to play chess, arose when two people vibe-coded the first prototype of it, the CEO said. Neither of them knew how to play chess or program, but they managed to use AI to create the whole chess curriculum and a prototype of the app in about six months last year. Now chess is Duolingo's fastest-growing course, according to von Ahn. "At this point, we have seven million daily active users that are learning chess," the CEO said on the podcast.
Read more of this story at Slashdot.
- SpaceX, Blue Origin Compete For 'Artemis III' Mission
After Artemis II's astronauts returned to earth, "NASA has Artemis III in its sights," reports the Associated Press:In a mission recently added to the docket for next year, Artemis III's yet-to-be -named astronauts will practice docking their Orion capsule with a lunar lander or two in orbit around Earth. Elon Musk's SpaceX and Jeff Bezos' Blue Origin are racing to have their company's lander ready first. Musk's Starship and Bezos' Blue Moon are vying for the all-important Artemis IV moon landing in 2028. Two astronauts will aim for the south polar region, the preferred location for [NASA Administrator Jared] Isaacman's envisioned $20 billion to $30 billion moon base. Vast amounts of ice are almost certainly hidden in permanently shadowed craters there — ice that could provide water and rocket fuel. The docking mechanism for Artemis III's close-to-home trial run is already at Florida's Kennedy Space Center. The latest model Starship is close to launching on a test flight from South Texas, and a scaled-down version of Blue Moon will attempt a lunar landing later this year.
Read more of this story at Slashdot.
- New Movie Trailer Shows First AI-Generated Performance By a Major Star: the Late Val Kilmer
"A trailer has been released for the first film to star an authorised generative AI version of a major Hollywood actor," writes The Guardian:Val Kilmer was cast in western As Deep As the Grave before his death in April 2025. Production delays meant he never shot any scenes, but the creative team worked with UK-based company Sonantic to create an AI speaking voice based on his old recordings. His estate and daughter Mercedes collaborated with the film-makers on the visual deepfake of the actor. Kilmer, who was diagnosed with throat cancer, was also assisted by technology for his cameo in 2022's Top Gun: Maverick... Writer-director Coerte Voorhees confirmed that Kilmer is seen for around an hour of the film's running time... Voorhees has said that the production followed Sag-Aftra [union] guidelines, and that Kilmer's estate — which provided archival material for them to use — was compensated financially. "Kilmer's likeness can be seen portraying Father Fintan, a Catholic priest and Native American spiritualist," adds The Hollywood Reporter. But the AV Club calls it "ghoulish puppet show time." "Having your AI Val Kilmer puppet whisper 'Don't fear the dead, and don't fear me' in a movie trailer is a bold choice..."He is accompanied (per Variety) by a whole host of disclaimers, caveats, and explanations offered by writer-director Coerte Voorhees and his associates: Kilmer deeply wanted to be in the movie, but was too sick to do so. His family endorses and supports his inclusion. He was a big fan of technology, including, presumably, its use in turning his own image into a digital avatar to then shove into movies... The fact is, of course, that nobody would be paying a fraction of this attention to As Deep As The Grave — about early female archeologist Ann Axtell Morris — if it weren't now being used as the stage on which Voorhees was very publicly accepting the dare to go full-on ghoulish with AI tech. "The filmmakers said they hoped they were showing Hollywood how to use the technology in a positive way..." notes Australia's ABC News. But their articles add that "Some have called the trailer 'terrifying' and 'disgusting' on social media." Mashable writes:"Very fitting that this trailer includes a scene where a corpse is unceremoniously yanked out of the ground," read one of the top comments on As Deep as the Grave's trailer at time of writing... [O]nline commenters have labelled it disgusting and disrespectful, not only for digitally reanimating Kilmer but also for the damaging precedent As Deep as the Grave's use of AI could set for the film industry as a whole.
Read more of this story at Slashdot.
- Old Cars 'Tell Tales' by Storing Data That's Never Wiped
Slashdot reader Bismillah shared this report from ITNews:Research and development engineer Romain Marchand of Paris headquartered Quarkslab obtained a telematic control unit (TCU) from a salvage yard in Poland... Marchand tore down the TCU, which is based on a Qualcomm system on a chip, and extracted the Linux-based file system from the Micron multi-chip package (MCP) which contained NAND-based non-volatile storage memory. The non-volatile storage contained sensitive information, including system configuration data and more importantly, logs that revealed the vehicle's GPS positions over time. None of that information was encrypted, Marchand told iTnews, which made it possible to collect and retrieve sensitive data of interest. What's more, the global navigation satellite system (GNSS) logs with GPS positions covered the BYD's full journey from the factory in China to its operational life in the United Kingdom, and to its final wrecking in Poland, Marchand explained in an analysis... The issue is not restricted to BYD, and Marchand added that the hardware architecture of the Chinese car maker's TCU is broadly similar to what can be found in other brands.
Read more of this story at Slashdot.
- Fewer US College Students Major in CS. More Choose Data Science, Engineering
"From 2008 to 2024, the number of four-year computer science degrees granted rose about fivefold..." reports the Washington Post. Then in 2025 CS suddenly dropped from the fourth-largest undergraduate major to sixth, they report (citing data from the nonprofit National Student Clearinghouse, which compiles numbers from 97% of U.S. universities. The 54,000-student drop was "the biggest one-year drop of any major discipline going back to at least 2020." But what major are they choosing instead?Sarah Karamarkovich, a research associate with the National Student Clearinghouse, pointed to an explanation from the data that we had overlooked. Enrollments in two interdisciplinary majors, data analytics and data science, topped a combined 35,000 in the fall of 2025. That was up from a few hundred when those disciplines were broken out into their own majors in 2020. Those relatively new categories reflect colleges' zeal to create specialized majors, including in AI, data science, robotics and cybersecurity. Some of those disciplines may be counted in the national enrollment data as computer science. Others are not. The numbers suggest that some of the disappearing computer science majors didn't flee so much as they splintered into related disciplines.... The 8 percent decline in computer science majors last fall was nearly mirrored by a 7.3 percent increase in engineering majors, according to the National Student Clearinghouse data. Within engineering, mechanical and electrical engineering major enrollments increased by the largest absolute amounts — a jump of 11 percent and 14 percent, respectively.
Read more of this story at Slashdot.
- US Congress Fails to Pass Long-Term FISA Extension, Authorizes It Through April 30
Yesterday the U.S. Congress approved "a short-term extension" of a FISA law that allows wiretaps without a warrant for surveilling foreign targets, reports CNN — but only until April 30. Republican congressional leaders had sought an 18-month extension, but "failed to secure" the votes after "clamoring from some of their members for reforms to protect Americans' privacy."The warrantless surveillance law, known as Section 702 of the Foreign Intelligence Surveillance Act, was set to expire on Monday night. Members are hoping the additional time will allow them to come to agreement without ending authorization for the intelligence gathering program, which permits US officials to monitor phone calls and text messages from foreign targets... There was an hour of suspense in the Senate Friday morning when it appeared possible that Democratic Sen. Ron Wyden, a longtime critic of FISA 702, might block the House-passed extension. But ultimately, he said his House colleagues had assured him "this short-term extension makes reform more likely, and expiration makes reform less likely," and so he chose not to object.... House Republican leaders believed Thursday night they had struck a deal with conservative holdouts who harbor deep and longstanding concerns that a key piece of the law infringes on Americans' privacy rights. But in a pair of after-midnight votes, more than a dozen rank-and-file Republicans rejected the long-term reauthorization plan on the floor, which was the result of days of tense negotiations among leadership, lawmakers and the White House. The law allows authorized US officials to gather phone calls and text messages of foreign targets, but they can also incidentally collect the data of Americans in the process. Senior national security officials have for years said the law is critical for thwarting terror attacks, stemming the flow of fentanyl into the US and stopping ransomware attacks on critical infrastructure. Civil liberties groups on the left and the right, meanwhile, argue the surveillance authority risks infringing on Americans' privacy.
Read more of this story at Slashdot.
- 30 WordPress Plugins Turned Into Malware After Ownership Change
Wednesday BleepingComputer reported that more than 30 WordPress plugins "have been compromised with malicious code that allows unauthorized access to websites running them."A malicious actor planted the backdoor code last year but only recently started pushing it to users via updates, generating spam pages and causing redirects, as per the instructions received from the command-and-control (C2) server. The compromise affects plugins with hundreds of thousands of active installations and was spotted by Austin Ginder, the founder of managed WordPress hosting provider Anchor Hosting, after receiving a tip about one add-on containing code that allowed third-party access. Further investigation by Ginder revealed that a backdoor had been present in all plugins within the EssentialPlugin package since August 2025, after the project was acquired in a six-figure deal by a new owner.... "The injected code was sophisticated. It fetched spam links, redirects, and fake pages from a command-and-control server. It only showed the spam to Googlebot, making it invisible to site owners," explained Ginder. "WordPress.org's v2.6.9.1 update neutralized the phone-home mechanism in the plugin," Ginder writes in a blog post. "But it did not touch wp-config.php. The SEO spam injection was still actively serving hidden content to Googlebot. "And here is the wildest part. It resolved its C2 domain through an Ethereum smart contract, querying public blockchain RPC endpoints. Traditional domain takedowns would not work because the attacker could update the smart contract to point to a new domain at any time."This has happened before. In 2017, a buyer using the alias "Daley Tias" purchased the Display Widgets plugin (200,000 installs) for $15,000 and injected payday loan spam. That buyer went on to compromise at least 9 plugins the same way.... The WordPress plugin marketplace has a trust problem... The Flippa listing for Essential Plugin was public. The buyer's background in SEO and gambling marketing was public. And yet the acquisition sailed through without any review from WordPress.org. WordPress.org has no mechanism to flag or review plugin ownership transfers. There is no "change of control" notification to users. No additional code review triggered by a new committer. The Plugins Team responded quickly once the attack was discovered. But 8 months passed between the backdoor being planted and being caught. Thanks to Slashdot reader axettone for sharing the news.
Read more of this story at Slashdot.
- Fructose Isn't Just Sugar. It Acts More Like a Hormone
Slashdot reader smazsyr writes: A new review says we've had fructose wrong for decades. The nine authors, led by Richard Johnson at the University of Colorado Anschutz, argue that fructose "is not just another calorie." It is a signal. It tells the liver to make fat and brace for a famine that never comes. That made sense for a bear fattening up on autumn berries. It makes less sense for a person drinking soda in March. The review reframes the WHO's sugar guideline, argues ScienceBlog.com, as "less a recommendation about calories and more a warning about a signalling molecule we have been dosing ourselves with, several times a day, for most of a century."
Read more of this story at Slashdot.
- 20-Year-Old Enters Prison for Historic Breach, Ransoming of Massive Student Database
20-year-old Matthew Lane sent a text message to ABC News as his parents drove him to federal prison in Connecticut. "I'm just scared," he said, calling the whole situation "extremely sad."Barely a year earlier, while still a teenager, he helped launch what's been described as the biggest cyberattack in U.S. education history — a data breach that concerned authorities so much, it prompted briefings with senior government officials inside the White House Situation Room. The breach pierced the education technology company PowerSchool — used by 80% of school districts in North America... [and operating in about 90 countries around the world]. With threats to expose social security numbers, dates of birth, family information, grades, and even confidential medical information, the breach cornered PowerSchool into paying millions of dollars in ransom. "I think I need to go to prison for what I did," Lane told ABC News in an exclusive interview, speaking publicly for the first time about the headline-grabbing heist and his life as a cybercriminal. "It was disgusting, it was greedy, it was rooted in my own insecurities, it was wrong in every aspect," he said in the interview, two days before reporting to prison... At about 6:30 on a Tuesday morning last April, FBI agents started banging on the door of Lane's second-floor dorm room. "FBI! We have a search warrant," Lane recalled them shouting. They seized his devices and many of the luxury items he bought with "dirty" money, as he put it. He said he felt a "wave of relief.... I'm honestly thankful for the FBI," he said. "After they left, I was like, 'It's over ... I'm done with this'..." A federal judge in Massachusetts sentenced him to four years in federal prison and ordered him to pay more than $14 million in restitution. "In the wake of the breach, PowerSchool offered two years' worth of credit-monitoring and identity protection services to concerned customer," the article points out. But it also notes two other arrests in September of teenaged cybercriminals: - A 15-year-old boy in Illinois who allegedly attacked Las Vegas casinos, reportedly costing MGM Resorts alone more than $100 million - A British national who when he was 16 helped breach over 110 companies around the world and extort $115 million. But ironically, Lane tells ABC News it all started on Roblox, where he'd met cheaters, password-stealers, and cybercriminals sharing photos of their stacks of money, creating a "sense of camaraderie"Lane and others warn that online forums also attract criminal groups seeking to recruit potential hackers. "The bad guys are on all the platforms watching the kids playing," Hay said. "And when they see an elite-level performer, they go approach that kid, masquerading as another kid, and they go, 'Hey, you want to earn some [money]? ... Here are the tools, here are the techniques'...." According to Lane, he spent his "ill-gotten gains" on designer clothes, diamond jewelry, DoorDash deliveries, Airbnb rentals for him and his friends, and drugs — "lots of drugs." He said he would numb ever-present feelings of guilt with drugs — from high-potency marijuana to acid. But it was hacking that gave him the strongest high. "It's indescribable the adrenaline you get when you do something like that," he said. "It's way more than driving 120 miles per hour. ... Incomparable to any drug at all, as well." "On Monday, Roblox announced that, starting in June, it will offer age-checked accounts for younger users that limit what games they can play, and add 'more closely align content access, communication settings, and parental controls with a user's age.'"
Read more of this story at Slashdot.
- FSF to OnlyOffice: You Can't Use the GNU (A)GPL to Take Software Freedom Away
Nextcloud joined a project to create a sovereign replacement for Microsoft Office called "Euro-Office". But after that project forked OnlyOffice, OnlyOffice suspended its partnership with Nextcloud. "They removed all references to our brand/attribute as required by our license," argued OnlyOffice CEO Lev Bannov on March 30th. ("The core issue here isn't just about what the AGPL license states, but about the additional provisions we, as the authors, have included... If the Euro-Office team believes our approach conflicts with the AGPLv3 license, we invite them to submit an official request to FSF for review.") But this week the FSF responded (as "the steward of the GNU family of General Public Licenses"), criticizing OnlyOffice's "attempt to impose an additional restriction on the AGPLv3" and calling it "inconsistent with the freedoms granted by the license," in a blog post from FSF licensing/compliance manager Krzysztof Siewicz:It is possible to modify the (A)GPLv3 with additional terms, but only by adhering to the terms of the license... The (A)GPLv3 makes it clear that it permits all licensees to remove any additional terms that are "further restrictions" under the (A)GPLv3. It states, "[i]f the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term"... We urge OnlyOffice to clarify the situation by making it unambiguous that OnlyOffice is licensed under the AGPLv3, and that users who already received copies of the software are allowed to remove any further restrictions. Additionally, if they intend to continue to use the AGPLv3 for future releases, they should state clearly that the program is licensed under the AGPLv3 and make sure they remove any further restrictions from their program documentation and source code. Confusing users by attaching further restrictions to any of the FSF's family of GNU General Public Licenses is not in line with free software. "If FSF determines that our license and project align with AGPLv3, we will continue as an open-source initiative," OnlyOffice's CEO had written in March. "However, if the decision goes against us, we are ready to consider other options."
Read more of this story at Slashdot.
- US Government Now Wants Anthropic's 'Mythos', Preparing for AI Cybersecurity Threats
Friday Anthropic's CEO met with top U.S. officials and "discussed opportunities for collaboration," according to a White House spokesperson itedd by Politico, "as well as shared approaches and protocols to address the challenges associated with scaling this technology." CNN notes the meeting happens at the same time Anthropic "battles the Trump administration in court for blacklisting its Claude AI model..."The meeting took place as the US government is trying to balance its hardline approach to Anthropic with the national security implications of turning its back on the company's breakthrough technology — including its Mythos tool that can identify cybersecurity threats but also present a roadmap for hackers to attack companies or the government... The Office of Management and Budget has already told agencies it is preparing to give them access to Mythos to prepare, Bloomberg reported. Axios reported the White House is also in discussion to gain access to Mythos. The Trump administration "recognizes the power" of Mythos, reports Axios, "and its highly sophisticated — and potentially dangerous — ability to breach cybersecurity defenses." "It would be grossly irresponsible for the U.S. government to deprive itself of the technological leaps that the new model presents," a source close to negotiations told us. "It would be a gift to China"... Some parts of the U.S. intelligence community, plus the Cybersecurity and Infrastructure Security Agency (CISA, part of Homeland Security), are testing Mythos. Treasury and others want it. The White House added they plan to invite other AI companies for similar discussions, Politico reports. But Mythos "is also alarming regulators in Europe, who have told POLITICO they have not been able to gain access..."U.S. government agency tech leaders sought access to the model after Anthropic earlier this year began testing the model and granted limited access to a select group of companies, including JPMorgan, Amazon and Apple... after finding it had hacking capabilities far outstripping those of previous AI models. This includes the ability to autonomously identify and exploit complex software vulnerabilities, such as so-called zero-day flaws, which even some of the sharpest human minds are unable to patch. The AI startup also wrote that the model could carry out end-to-end cyberattacks autonomously, including by navigating enterprise IT systems and chaining together exploits. It could also act as a force-multiplier for research needed to build chemical and biological weapons, and in certain instances, made efforts to cover its tracks when attacking systems, according to Anthropic's report on the model's capabilities and its safety assessments. Those findings and others have inspired fears that the model could be co-opted to launch powerful cyberattacks with relative ease if it fell into the wrong hands. Logan Graham, a senior security researcher at Anthropic, previously told POLITICO that researchers and tech firms had been given early access to Mythos so they could find flaws in their critical code before state-backed hackers or cybercriminals could exploit them. "Within six, 12 or 24 months, these kinds of capabilities could be just broadly available to everybody in the world," Graham said.
Read more of this story at Slashdot.
- Shuttered Startups Are Selling Old Slack Chats, Emails To AI Companies
Some failed startups are reportedly selling old Slack messages, emails, and other internal records to AI companies as training data, creating a new way to cash out after shutting down. Fast Company reports: Shanna Johnson, the CEO of now-defunct software company Cielo24, told the publication that she was able to sell every Slack message, internal email, and Jira ticket as training data for "hundreds of thousands of dollars." This isn't a one-off scenario. SimpleClosure, a startup that helps companies like Cielo24 shut down, told Forbes that there's been major interest from AI companies trying to get their hands on workplace data. Because of this, SimpleClosure launched a new tool that allows companies to sell their wealth of internal communications -- from Slack archives to email chains -- to AI labs. The company said it's processed 100 such deals in the past year. Payouts ranged from $10,000 to $100,000. "I think the privacy issues here are quite substantial," Marc Rotenberg, founder of the Center for AI and Digital Policy, told Forbes. "Employee privacy remains a key concern, particularly because people have become so dependent on these new internal messaging tools like Slack. ... It's not generic data. It's identifiable people."
Read more of this story at Slashdot.
- NASA Restarts Work To Support Europe's Uncrewed Trip To Mars After Years of Setbacks
NASA has revived support for the European Space Agency's long-delayed Rosalind Franklin Mars rover mission. According to the space agency, the current plan is to launch via a SpaceX Falcon Heavy no earlier than 2028. Engadget reports: This is a partnership between NASA and the ESA, with the European agency providing the rover, the spacecraft and the lander. The US will provide braking engines for the lander, heater units for the rover's internal systems and, of course, assistance with the actual launch. The rover will be outfitted with scientific instruments to look for signs of ancient life on the red planet. These include a state-of-the-art mass spectrometer and an organic molecule analyzer, which will come in handy as the vehicle collects samples at the Oxia Planum landing site. The mission has been stuck in development limbo since 2001, with delays caused by budget problems, technical issues, shifting international partners, and geopolitical fallout. After NASA dropped out, Russia stepped in, then was cut loose after invading Ukraine, and now -- despite NASA rejoining in 2024 and fresh political budget threats -- the rover is tentatively back on track for a 2028 launch.
Read more of this story at Slashdot.
- Critical Atlantic Current Significantly More Likely To Collapse Than Thought
An anonymous reader quotes a report from the Guardian: The critical Atlantic current system appears significantly more likely to collapse than previously thought after new research found that climate models predicting the biggest slowdown are the most realistic. Scientists called the new finding "very concerning" as a collapse would have catastrophic consequences for Europe, Africa and the Americas. The Atlantic meridional overturning circulation (Amoc) is a major part of the global climate system and was already known to be at its weakest for 1,600 years as a result of the climate crisis. Scientists spotted warning signs of a tipping point in 2021 and know that the Amoc has collapsed in the Earth's past. Climate scientists use dozens of different computer models to assess the future climate. However, for the complex Amoc system, these produce widely varying results, ranging from some that indicate no further slowdown by 2100 to those suggesting a huge deceleration of about 65%, even when carbon emissions from fossil fuel burning are gradually cut to net zero. The research combined real-world ocean observations with the models to determine the most reliable, and this hugely reduced the spread of uncertainty. They found an estimated slowdown of 42% to 58% in 2100, a level almost certain to end in collapse. The Amoc is a major part of the global climate system and brings sun-warmed tropical water to Europe and the Arctic, where it cools and sinks to form a deep return current. A collapse would shift the tropical rainfall belt on which many millions of people rely to grow their food, plunge western Europe into extreme cold winters and summer droughts, and add 50-100cm to already rising sea levels around the Atlantic. The slowdown has to do with the Arctic's rapidly rising temperatures from global warming. "Warmer water is less dense and therefore sinks into the depths more slowly," explains the Guardian. "This slowing allows more rainfall to accumulate in the salty surface waters, also making it less dense, and further slowing the sinking and forming an Amoc feedback loop." The new research has been published in the journal Science Advances.
Read more of this story at Slashdot.
- Online Personalities and Comedians Overtake TV and Newspapers as Primary News Sources
A new Ipsos poll finds Americans are increasingly getting news from online personalities and comedians instead of traditional TV or newspapers. The survey says nearly 70% get news online in a given week, versus 55% from TV and 25% from newspapers, with figures like Joe Rogan, Greg Gutfeld, Sean Hannity, and late-night hosts ranking prominently depending on political leanings. From the Hollywood Reporter: The poll, which was conducted in March, actually found the conservative politicians and cabinet members, including President Trump, were the top news influencers. When politicos were excluded, Joe Rogan led the list, followed by Fox News personalities Greg Gutfeld and Sean Hannity, and then TuckerCarlson and Ben Shapiro. The only three influencers to crack 10 percent were Trump, Rogan, and JD Vance. Among people who voted for Kamala Harris, the top news personalities were late night hosts, led by ABC's Jimmy Kimmel, followed by CBS Late Show host Stephen Colbert, and Daily Show host Jon Stewart. Just under 70 percent of respondents said they get their news online in a given week, compared to 55 percent for TV, and 25 percent for newspapers. [...] Of traditional media outlets, TV dominated, with Fox News, the broadcast networks, and CNN topping the list of sources. Facebook, YouTube and Instagram were the most popular online news sources. "On these platforms opinionated personalities and comedians appear to drown out anyone who would fit in the traditional journalist category," said assistant professor of practice and Jordan Center Executive Director Steven L Herman. "Even in the late 19th century and early 20th centuries, sensationalist and polarizing voices in print and later on air were among the most influential in the political landscape -- such as political satirist Mark Twain and populist Father Charles Coughlin."
Read more of this story at Slashdot.
- Cloudflare can remember it for you wholesale
Agent Memory stores AI chat scraps off to the side and recalls them when needed
Not only is hardware memory scarce these days, but context memory, the conversational data exchanged with AI models, can be an issue too.…
- Anthropic mocks up Claude Design to draft fancy new pink slips for marketing teams
The bar for creating visual assets has been lowered to the ability to converse with a model
Anthropic is known for its industry-leading Claude Code that writes programs, but why stop there? The company, on Friday, introduced a research preview service called Claude Design that creates visual assets, potentially putting some folks out of work.…
- Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker
Or, how public information and a €5 tracker exposed an avoidable opsec lapse
Militaries around the world spend countless hours training, developing policies, and implementing best operational security practices, so imagine the size of the egg on the face of the Dutch navy when journalists managed to track one of its warships for less than the cost of some hagelslag and a coffee.…
- Would you like fries with that terminal?
Jack might be on Track, but the order screen certainly isn't
Bork!Bork!Bork! It was not so much Jack in the Box as Bork on the Screen at a US drive-through fast food outlet the other day. Luckily, a Reg reader was there to take it all in.…
- Capita won disastrous UK pensions gig after acing performance checks
Top civil servant tells MPs bid was strong on quality and value for money
The UK government awarded Capita a £239 million contract to run the Civil Service Pension Scheme (CSPS) after assessing its past performance, despite the rollout later leaving thousands of retirees waiting for payments, a senior civil servant has said.…
- Claude Opus wrote a Chrome exploit for $2,283
Pause your Mythos panic because mainstream models anyone can use already pick holes in popular software
Anthropic withheld its Mythos bug-finding model from public release due to concerns that it would enable attackers to find and exploit vulnerabilities before anyone could react.…
- Mozilla throws Thunderbolt at enterprise AI providers
Client connects to deepset's Haystack platform
Mozilla has declared war on OpenAI, Microsoft, and other firms flogging enterprise AI platforms with an open-source alternative it says provides data privacy guarantees proprietary products never could. …
- NodeWeaver says its perpetual licensing beats VMware’s perpetual price hikes
'I think you can run this thing on a potato,' NodeWeaver CTO Alan Conboy said.
Broadcom's price increases and policy changes have led many VMware customers to look for other options. Nodeweaver is positioning itself as an alternative for customers running computing workloads in far-flung edge locations, from cruise ships to solar farms in Sub-Saharan Africa, and it is taking cost out of the hardware needed as well.…
- North Korea targets macOS users in latest heist
Social engineering: 'low-cost, hard to patch, and scales well'
North Korean criminals set on stealing Apple users' credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manually running malware on their own computers, according to Microsoft.…
- If you want into Anthropic's Claude club, you may have to show ID
Worse: Anthropic is using Persona, a privacy checker that rings alarm bells for the paranoids on Reddit
Anthropic may check your ID before letting you access certain Claude features, and the verification vendor it has picked is the same outfit that sparked controversy when Discord tested similar checks.…
- DuckDB uses RDBMS to attack classic 'small changes' problem in lakehouses
Batching teensy changes in chunks creates massive performance boost, DuckDB Labs team claims
The team behind in-process OLAP database DuckDB has put forward a solution to the "small changes" problem that they say plagues lakehouse implementations of the kind based on technologies from Databricks, Snowflake, Google, and others.…
- Make crappy moves around AI and face voter backlash, govts warned
When the taxpayers are wondering whose side you are on...
Britain's government faces a public backlash against AI unless it can show ordinary people that they stand to benefit from its push to inject the technology into every area of the UK in the name of growth.…
- Git identity spoof fools Claude into giving bad code the nod
Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer
Security boffins say Anthropic's Claude can be tricked into approving malicious code with just two Git commands by spoofing a trusted developer's identity.…
- Microsoft announces product it doesn't want anyone to buy
Just migrate already, would you? But if you can't, Redmond will take your cash
Microsoft will keep delivering security updates for old versions of Exchange Server and Skype for Business Server, after admitting that some customers aren't ready to make the move to newer products.…
- Cops hand Motorola £25M no-bid deal to keep 2000-era radios alive
Biz as usual for Brit public sector: ESN replacement is 12 years late and £3B over budget
UK police tech buyers have awarded a £25 million no-competition contract for communications technology first commissioned in 2000, with the replacement project 12 years behind schedule and £3 billion over budget.…
- Server-room lock was nothing but a crock
Your cybersecurity is only as good as the physical security of the servers
PWNED Welcome back to Pwned, the column where we immortalize the worst vulns that organizations opened up for themselves. If you’re the kind of person who leaves your car doors unlocked with a pile of cash in the center console, this week’s story is for you.…
- QUIC will soon be as important as TCP – but it's vastly different
Deciphering the third transport protocol's four RFCs is a task to rival the proverbial blind man trying to understand an elephant
While Larry was producing most of the content for the "Request/Reponse" chapter for the next edition of our book, I took the lead on writing a section on QUIC, since I have closely followed its development.…
- Nobody knows how many CVEs Anthropic's Project Glasswing has actually found
Like the majority of the companies participating, it remains a mystery
Last week, Anthropic surprised the world by declaring that its latest model, Mythos, is so good at finding vulns that it would create chaos if released. Now, under the title of Project Glasswing, over 50 selected companies and orgs are allowed to test the hyped up LLM to find security holes in their own products. But just how many problems have they really discovered?…
- Don't let the bot play doctor! AI gets early diagnoses wrong 80% of the time
'LLMs should not be trusted for patient-facing diagnostic reasoning,' boffins advise
People ask AI for all kinds of advice, including the kind of questions you'd ask a physician. However, the next time you're tempted to query ChatGPT if that growth on your face is skin cancer, consider this: research shows today's leading AI models fail at early differential diagnosis in more than 8 out of 10 cases.…
- Customers revolt as GitHub Copilot 'fixes' rate limits
Repair of bug that undercounted token usage leads to rapid exhaustion of subscription allowance
Microsoft's GitHub last week told Copilot customers that they'd have to reduce their use of the AI service to ease the strain on company servers. This follows the company's discovery last month of a token counting bug that appears to have broken the company's pricing model.…
- Decades-old Linux UI bug fixed by dev younger than the window manager
Kamila Szewczyk prefers old software, as back then people understood something could actually be finished
No one can tell software developer Kamila Szewczyk that newer is better: She just fixed a 20-year-old bug in Enlightenment E16, the old-school Linux window manager she favors partly because, she tells us, it is actually finished software.…
- Bad teacher bots can leave hidden marks on model students
Study finds LLMs will smuggle biases into others even if they're scrubbed from training data
New research warns about the dangers of teaching LLMs on the output of other models, showing that undesirable traits can be transmitted "subliminally" from teacher to student, even when they are scrubbed from training data.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Nationwide bill to put age verification in operating systems introduced in the US
The title of my article on age verification in Linux and other operating systems had a for now! added for a reason, and here we are, with two members of the US Congress introducing a bill to add age verification to operating systems. The text of the proposed bill was only published today, and it�s incredibly vague and wishy-washy, without any clear definitions and ton of open-ended questions. Still, if passed, the bill would require actual age verification, instead of mere voluntary age reporting that current state-level bills cover. It also seems to eschew the concept of age brackets, giving application developers access to specific ages of users instead. It�s a vague mess of a bill that no sane person would ever want passed, but alas, sanity is a rare commodity these days, especially in US Congress. It�s introduced by Democrat Josh Gottheimer and Republican Elise M. Stefanik, so it has that bipartisan sheen to it, which could increase its odds of going anywhere. At the same time, though, US Congress is about as useful as a box of matches during a house fire, so for all we know, this will end up going nowhere as its members focus on doing absolutely nothing to reign in the flock of coked-up headless chickens passing for an executive branch over there. If something like this gets passed, every US-based operating system � which includes most open source operating systems and Linux distributions � will probably fall in line when faced with massive fines and legal pressure. This isn�t going to be pretty.
- Tribblix m34 for SPARC released
Tribblix, the Illumos distribution focused on giving you a classic UNIX-style experience, doesn�t only support x86. It also has a branch for SPARC, which tends to run behind its x86 counterpart a little bit and has a few other limitations related to the fact SPARC is effectively no longer being developed. The Tribblix SPARC branch has been updated, and now roughly matches the latest x86 release from a few weeks ago. The graphical libraries libtiff and OpenEXR have been updated, retaining the old shared library versions for now. OpenSSL is now from the 3.5 series with the 3.0 api by default. Bind is now from the 9.20 series. OpenSSH is now 10.2, and you may get a Post-Quantum Cryptography warning if connecting to older SSH servers. �zap install� now installs dependencies by default. �zap create-user� will now restrict new home directories to mode 0700 by default; use the -M flag to choose different permissions. Support for UFS quotas has been removed. ↫ Tribblix release notes There�s no new ISO yet, so to get to this new m34 release for SPARC you�re going to have to install from an older ISO and update from there.
- Haiku on ARM64 boots to desktop in QEMU
Another Haiku monthly activity report, but this time around, there�s actually a big ticket item. Haiku has been in a pretty solid and stable state for a while now, so the activity reports have been dominated by fairly small, obscure changes, but during March a major milestone was reached for the ARM64 port. smrobtzz contributed the bulk of the work, including fixes for building on macOS on ARM64, drivers for the Apple S5L UART, fixes to the kernel base address, clearing the frame pointer before entering the kernel, mapping physical memory correctly, the basics for userland, and more. SED4906 contributed some fixes to the bootloader page mapping, and runtime_loader’s page-size checks. Combined, these changes allow the ARM64 port to get to the desktop in QEMU. There’s a forum thread, complete with screenshots, for anyone interested in following along. ↫ waddlesplash While it�s only in QEMU, this is still a major achievement and paves the way for more people to work on the ARM64 port, possibly increasing its health. There�s tons of smaller changes and fixes all over the place, too, as usual, and the team mentions beta 6 isn�t quite ready yet, still. Don�t let that stop you from just downloading the latest nightly, though � Haiku is mature enough to use it.
- Fixing a 20-year-old bug in Enlightenment E16
The editor in chief of this blog was born in 2004. She uses the 1997 window manager, Enlightenment E16, daily. In this article, I describe the process of fixing a show-stopping, rare bug that dates back to 2006 in the codebase. Surprisingly, the issue has roots in a faulty implementation of Newton’s algorithm. ↫ Kamila Szewczyk I�m not going to pretend to understand any of this, but I know you people do. Enjoy.
- Let sleeping CPUs lie — S0ix
Modern laptops promise a kind of magic. Shut the lid or press the sleep button, toss it in a backpack, and hours, days, or weeks later, it should wake up as if nothing happened with little to no battery drain. This sounds like a fairly trivial operation — y’know, you’re literally just asking for the computer to do nothing — but in that quiet moment when the fans whir down, the screen turns dark, and your reflection stares back at you, your computer and all its little components are actually hard at work doing their bedtime routine. ↫ Aymeric Wibo at the FreeBSD Foundation A look at how suspend and resume works in practice, from the perspective of FreeBSD. Considering FreeBSD�s laptop focus in recent times, not an unimportant subject.
- Microsoft isn�t removing Copilot from Windows 11, it�s just renaming it
A few weeks ago, Microsoft made some concrete promises about fixing and improving Windows, and among them was removing useless AI! integrations. Applications like Notepad, Snipping Tool, and others would see their AI! features removed. Well, it turns out Microsoft employs a very fringe definition of the concept. Microsoft seems to have stripped away mentions of the Copilot! brand in the Windows Insider version of the Notepad app. The Copilot button in the toolbar is gone, and instead, you�ll find a writing icon which will present you AI-powered writing assistance, such as rewrite, summarize, tone modification, format configuration, and more. Additionally, AI features! in Notepad settings has been renamed to Advanced features! and it allows users to toggle off AI capabilities within the app. ↫ Usama Jawad at Neowin If the recent changes to Notepad are any indication, it seems Microsoft is, actually, not at all going to reducing unnecessary Copilot entry points!, as they worded it, but is merely just going to rename these features so they aren�t so ostentatiously present. At least, that seems to be the plan for Notepad, and we�ll have to see if they have the same plans for the other applications. I mean, they have to push AI! or look like fools. I just don�t understand how a company like Microsoft can be so utterly terrible at communication. While I personally would want all AI! features yeeted straight from Windows, I�m sure a ton of people are just fine with the features being less in-your-face and stuffed inside a normal menu alongside all the other normal features. They could�ve just been honest about their intentions, and it would�ve been so much better. Like virtually every other technology company, Microsoft just seems incapable of not lying.
- Scientists invented an obviously fake illness, and AI! spread it like truth within weeks
Ever heard of a condition called bixonimania? Did you search the internet or ask your AI! girlfriend about some symptoms you were experiencing, and this was its answer? Well0 The condition doesn’t appear in the standard medical literature — because it doesn’t exist. It’s the invention of a team led by Almira Osmanovic Thunström, a medical researcher at the University of Gothenburg, Sweden, who dreamt up the skin condition and then uploaded two fake studies about it to a preprint server in early 2024. Osmanovic Thunström carried out this unusual experiment to test whether large language models (LLMs) would swallow the misinformation and then spit it out as reputable health advice. “I wanted to see if I can create a medical condition that did not exist in the database,” she says. ↫ Chris Stokel-Walker at Nature And AI! ate it up like quality chocolate. It started appearing in the answers from all the popular AI! tools within weeks, and later even started showing up as references in published literature, indicating that scientists copy/paste references without actually reading them. This is clearly a deeply concerning experiment, and highlights there may be many, many more nonsensical, fake studies being picked up by AI! tools. Of course, I hear you say, it�s not like propagating fake or terrible studies is the sole domain of AI!, as there are countless cases of this happening among actual real researchers and scientists, too. The issue, though, is that the fake studies concerning bixonimania! were intentionally made to be as silly and obviously ridiculous as possible. It references Starfleet Acadamy, the lab aboard the Enterprise, the University of Fellowship of the Ring, and many other fake references instantly recognisable as such by real humans. In fact, the studies even specifically mention that this entire paper is made up” and “fifty made-up individuals aged between 20 and 50 years were recruited for the exposure group!. It would take any human only a few seconds after opening one of these papers to realise they�re entirely fake � yet, the world�s most advanced AI! tools gobbled them up and spit them back out as pure fact within mere weeks of their publication This shouldn�t come as a surprise. After all, AI! tools have no understanding, no intelligence, no context, and they can�t actually make sense of anything. They are glorified pachinko machines with the output � the ball � tumbling down the most likely path between the pins based on nothing but chance and which pins it has already hit. AI! output understands the world about as much as the pachinko ball does, and as such, can�t pick up on even the most obvious of cues that something is a fake or a forgery. It won�t be long before truly nefarious forces start doing this very same thing. Why build, staff, and maintain a troll farm when you can just have AI! generate intentional misinformation which will then be spread and pushed by even more AI!? Remember, it took one malicious asshole just one long since retracted fake paper to convince millions that vaccines cause autism. I shudder to think how many people are accepting anything AI! says as gospel.
- Linux 7.0 released
Version 7.0 of the Linux kernel has been released, marking the arbitrary end of the 6.x series. Significant changes in this release include the removal of the experimental! status for Rust code, a new filtering mechanism for io_uring operations, a switch to lazy preemption by default in the CPU scheduler, support for time-slice extension, the nullfs filesystem, self-healing support for the XFS filesystem, a number of improvements to the swap subsystem (described in this article and this one), general support for AccECN congestion notification, and more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 7.0 page for more details. ↫ corbet at LWN.net You can compile the kernel yourself, or just wait until it hits your distribution�s repositories.
- The disturbing white paper Red Hat is trying to erase from the internet
It shouldn�t be a surprise that companies � and for our field, technology companies specifically � working with the defense industry tends to raise eyebrows. With things like the genocide in Gaza, the threats of genocide and war crimes against Iran, the mass murder in Lebanon, it�s no surprise that western companies working with the militaries and defense companies involved in these atrocities are receiving some serious backlash. With that in mind, it seems Red Hat, owned by IBM, is desperately trying to scrub a certain white paper from the internet. Titled Compress the kill cycle with Red Hat Device Edge!, the 2024 white paper details how Red Hat�s products and technologies can make it easier and faster to, well, kill people. Links to the white paper throw up 404s now, but it can still easily be found on the Wayback Machine and other places. It�s got some disturbingly euphemistic content. The find, fix, track, target, engage, assess (F2T2EA) process requires ubiquitous access to data at the strategic, operational and tactical levels. Red Hat Device Edge embeds captured, analyzed, and federated data sets in a manner that positions the warfighter to use artificial intelligence and machine learning (AI/ML) to increase the accuracy of airborne targeting and mission-guidance systems. Delivering near real-time data from sensor pods directly to airmen, accelerating the sensor-to-shooter cycle. Sharing near real-time sensor fusion data with joint and multinational forces to increase awareness, survivability, and lethality. The new software enabled the Stalker to deploy updated, AI-based automated target recognition capabilities. If the target is an adversary tracked vehicle on the far side of a ridge, a UAS carrying a server running Red Hat Device Edge could transmit video and metadata directly to shooters. ↫ Red Hat white paper titled Compress the kill cycle with Red Hat Device Edge! I don�t think there�s something inherently wrong with working together with your nation�s military or defense companies, but that all hinges on what, exactly, said military is doing and how those defense companies� products are being used. The focus should be on national defense, aid during disasters, and responding to the legitimate requests of sovereign, democratic nations to come to their defense (e.g. helping Ukraine fight off the Russian invasion). There�s always going to be difficult grey areas, but any military or defense company supporting the genocide in Gaza or supplying weapons to kill women and children in Iran is unequivocally wrong, morally reprehensible, and downright illegal on both an international and national level. It clearly seems someone at Red Hat feels the same way, as the company has been trying really hard to memory-hole this particular white paper, and considering its word choices and the state of the world today, it�s easy to see why. Of course, the internet never forgets, and I certainly don�t intend to let something like this slide. We all know companies like Microsoft, Oracle, and Google have no qualms about making a few bucks from a genocide or two, but it always feels a bit more traitorous to the cause when it�s an open source company doing the profiting. It feels like Red Hat is trying to have its cake and eat it too, by, as an IBM subsidiary, trying to both profit from the vast sums of money sloshing around in the US military industrial complex as well as maintain its image as a scrappy open source business success story shitting bunnies and rainbows. It�s a long time ago now that Red Hat felt like a genuine part of the open source community. Most of us � both outside and inside of Red Hat, I�m sure � have been well aware for a long time now that those days are well behind us, and I guess Red Hat doesn�t like seeing its kill cycle this compressed.
- FreeBSD works best on one of these laptops
If you want to run FreeBSD on a laptop, you�re often yanked back to the Linux world of 20 years ago, with many components and parts not working and other issues such as sleep and wake problems. FreeBSD has been hard at work improving the experience of using FreeBSD on laptops, and now this has resulted in a list of laptops which work effortlessly with the venerable operating system. There�s only about 10 laptops on the list so far, but they do span a range of affordability and age, with some of them surely being quite decent bargains on eBay or whatever other used stuff marketplace you use. If you want to use FreeBSD on a laptop, but don�t want to face any surprises or do any difficult setup, get one of the laptops on this list � a list which will surely expand over time.
- Fixing AMDGPU�s VRAM management for low-end GPUs
It may sound unbelievable to some, but not everyone has a datacenter beast with 128GB of VRAM shoved in their desktop PCs. Around the world people tell the tale of a particularly fierce group of Linux gamers: Those who dare attempt to play games with only 8 gigabytes of VRAM, or even less. Truly, it takes exceedingly strong resilience and determination to face the stutters and slowdowns bound to occur when the system starts running low on free VRAM. Carnage erupts inside the kernel driver as every application fights for as much GPU memory as it can hold on to. Any game caught up in this battle for resources will surely not leave unscathed. That is, until now. Because I fixed it. ↫ Natalie Vock The solution is to use cgroups to control the kernel�s memory eviction policies, so that applications that should get priority when it comes to VRAM allocation � like games � don�t get their memory evicted from VRAM to system RAM. Basically, evict everything else from VRAM before touching the protected application. This way, something like a game will have much more consistent access to more VRAM, thereby reducing needless memory evictions that harm performance. It�s a clever solution that makes use of a ton of existing Linux tools, meaning it�s also much easier to upstream, implement, and support. Excellent work.
- Why do Macs ask you to press random keys when connecting a new keyboard?
You might have seen this, one of the strangest and most primitive experiences in macOS, where you’re asked to press keys next to left Shift and right Shift, whatever they might be. Perhaps I can explain. ↫ Marcin Wichary It seems pretty obvious to me that�s what it was for, but I guess many normal, regular people have never seen anything but one particular keyboard configuration (ANSI for Americans, ISO for some Europeans, etc.) keyboards. Perhaps they don�t realise that not only are there ANSI keyboards with other layouts, but also entirely different keyboard configurations (mainly ISO and JIS). Interestingly, my home country of The Netherlands uses a US English layout on an ANSI configuration, but of course, it�s the US International variant, either with deadkeys or using AltGr for the various accented/special characters we use. In my current country of residence, Sweden, they use this utterly wild and incomprehensible ISO layout where Shift unlocks characters on the bottom of keys, while AltGr unlocks characters at the top, the exact opposite of literally every other keyboard I�ve ever used (US Int�l, classic Dutch (no longer used), German, French, etc.). It�s utterly bizarre, but entirely normal to my Swedish wife. We cannot use each other�s keyboards.
- USB for software developers
This post aims to be a high level introduction to using USB for people who may not have worked with Hardware too much yet and just want to use the technology. There are amazing resources out there such as USB in a NutShell that go into a lot of detail about how USB precisely works (check them out if you want more information), they are however not really approachable for somebody who has never worked with USB before and doesn’t have a certain background in Hardware. You don’t need to be an Embedded Systems Engineer to use USB the same way you don’t need to be a Network Specialist to use Sockets and the Internet. ↫ Nik WerWolv! A bit of a generic title, but the article details how to write a USB driver.
- Redox sees another months of improvements
The months keep coming, and thus, the monthly progress reports keep coming, too, for Redox, the new general purpose operating system written in Rust. This past month, there�s been considerable graphics improvements, better deadlock detection in the kernel, improved Unicode support thanks to switching over to ncurses library variant with Unicode support, and much more. Alongside these, you�ll find the usual long list of kernel, driver, and relibc changes, bugfixes, and improvements. This month also covered three topics we�ve already discussed individually: Redox� new no- AI! code policy, capability-based security in Redox, and the brand-new CPU scheduler.
- Mac OS X 10.0 Cheetah ported to Nintendo Wii
Since its launch in 2007, the Wii has seen several operating systems ported to it: Linux, NetBSD, and most-recently, Windows NT. Today, Mac OS X joins that list. In this post, I’ll share how I ported the first version of Mac OS X, 10.0 Cheetah, to the Nintendo Wii. If you’re not an operating systems expert or low-level engineer, you’re in good company; this project was all about learning and navigating countless “unknown unknowns”. Join me as we explore the Wii’s hardware, bootloader development, kernel patching, and writing drivers � and give the PowerPC versions of Mac OS X a new life on the Nintendo Wii. ↫ Bryan Keller And all of this, because someone on Reddit said it couldn�t be done. It won�t surprise you to learn that the work required was extensive, from writing a custom bootloader to digging through the XNU source code, applying binary patches to the kernel during the boot process, building a device tree, writing the necessary drivers, and so much more. Even just setting up a development environment was a pretty serious undertaking. Especially writing the drivers posed an interesting and unique challenge, as the Wii doesn�t use PCI to connect and expose its hardware components. Instead, components are connected to a dedicated SoC with its own ARM processor that talks to the main Wii PowerPC processor, exposing hardware that way. This meant that Keller had to write a driver for this chip first, before moving on to the device drivers for devices connected to this ARM SoC � graphics drivers, input drivers, and so on. After a ton more work and overcoming several complex roadblocks, we now have Mac OS X 10.0 Cheetah on the Nintendo Wii. Amazing.
- Plan 9 is a uniquely complete operating system
From 2024, but still accurate and interesting: Plan 9 is unique in this sense that everything the system needs is covered by the base install. This includes the compilers, graphical environment, window manager, text editors, ssh client, torrent client, web server, and the list goes on. Nearly everything a user can do with the system is available right from the get go. ↫ moody This is definitely something that sets Plan 9 apart from everything else, but as moody � 9front developer � notes, this also has a downside in that development isn�t as fast, and Plan 9 variants of tools lack features upstream has for a long time. He further adds that he think this is why Plan 9 has remained mostly a hobbyist curiosity, but I�m not entirely sure that�s the main reason. The cold and harsh truth is that Plan 9 is really weird, and while that weirdness is a huge part of its appeal and I hope it never loses it, it also means learning Plan 9 is really hard. I firmly believe Plan 9 has the potential to attract more users, but to get there, it�s going to need an onboarding process that�s more approachable than reading 9front�s frequently questioned answers, excellent though they are. After installing 9front and loading it up for the first time, you basically hit a brick wall that�s going to be rough to climb. It would be amazing if 9front could somehow add some climbing tools for first-time users, without actually giving up on its uniqueness. Sometimes, Plan 9 feels more like an experimental art project instead of the capable operating system that it is, and I feel like that chases people away. Which is a real shame.
- Archinstall 4.2 Shifts to Wayland-First Profiles, Leaving X.Org Behind
by George Whittaker
The Arch Linux installer continues evolving alongside the broader Linux desktop ecosystem. With the release of Archinstall 4.2, a notable change has arrived: Wayland is now the default focus for graphical installation profiles, while traditional X.Org-based profiles have been removed or deprioritized.
This move reflects a wider transition happening across Linux, one that is gradually redefining how graphical environments are built and used.
A Turning Point for Archinstall
Archinstall, the official guided installer for Arch Linux, has steadily improved over time to make installation more accessible while still maintaining Arch’s minimalist philosophy.
With version 4.2, the installer now aligns more closely with modern desktop trends by emphasizing Wayland-based environments during setup, instead of offering traditional X.Org configurations as first-class options.
This doesn’t mean X.Org is completely gone from Arch Linux, but it does signal a clear shift in direction.
Why Wayland Is Taking Over
Wayland has been gaining traction for years as the successor to X.Org, offering a more streamlined and secure approach to rendering graphics on Linux.
Compared to X.Org, Wayland is designed to:
Reduce complexity in the graphics stack Improve security by isolating applications Deliver smoother rendering and better performance Support modern display technologies like high-DPI and variable refresh rates
As the Linux ecosystem evolves, many distributions and desktop environments are prioritizing Wayland as the default display protocol.
What Changed in Archinstall 4.2
With this release, users installing Arch through Archinstall will notice:
Wayland-based desktop environments and compositors are now the primary options X.Org-centric setups are no longer emphasized in guided profiles Installation workflows better reflect modern Linux defaults
This simplifies the installation experience for new users, who no longer need to choose between legacy and modern display systems during setup.
What About X.Org?
While Archinstall is moving forward, X.Org itself is not disappearing overnight.
Many applications and workflows still rely on X11, and compatibility is maintained through XWayland, which allows X11 applications to run within Wayland sessions.
For advanced users, Arch still provides full flexibility:
Go to Full Article
- OpenClaw in 2026: What It Is, Who’s Using It, and Whether Your Business Should Adopt It
by George Whittaker
“probably the single most important release of software, probably ever.”
— Jensen Huang, CEO of NVIDIA
Wow! That’s a bold statement from one of the most influential figures in modern computing.
But is it true? Some people think so. Others think it’s hype. Most are somewhere in between, aware of OpenClaw, but not entirely sure what to make of it. Are people actually using it? Yes. Who’s using it? More than you might expect. Is it experimental, or is it already changing how work gets done? That depends on how it’s being applied. Is it more relevant for businesses or consumers right now? That’s one of the most important, and most misunderstood, questions.
This article breaks that down clearly: what OpenClaw is, how it works, who is using it today, and where it actually creates value.
What makes OpenClaw different isn’t just the technology, it’s where it fits. Most of the AI tools people are familiar with still require a human to take the next step. They assist, but they don’t execute. OpenClaw changes that dynamic by connecting decision-making directly to action. Once you understand that shift, the rest of the discussion, who’s using it, how it’s being deployed, and where it creates value, starts to make a lot more sense.
Top 10 Questions About OpenClaw
What is OpenClaw?
OpenClaw is an open-source AI agent framework that enables large language models like Claude, GPT, and Gemini to execute real-world tasks across software systems, including APIs, files, and workflows.
What does OpenClaw actually do?
OpenClaw functions as an execution layer that allows AI systems to take actions, such as sending emails, updating CRM records, or running scripts, instead of only generating responses.
Do you need to be a developer to use OpenClaw?
No, but technical familiarity helps. Non-developers can use prebuilt workflows, while developers can customize and scale implementations more effectively.
Is OpenClaw more suited for business or consumer use?
OpenClaw is currently more suited for business and technical use cases where structured workflows exist. Consumer use is emerging but remains secondary.
How is OpenClaw different from ChatGPT or Claude?
ChatGPT and Claude generate outputs, while OpenClaw enables those outputs to trigger actions across connected systems.
Who created OpenClaw?
Go to Full Article
- Linux Kernel Developers Adopt New Fuzzing Tools
by George Whittaker
The Linux kernel development community is stepping up its security game once again. Developers, led by key maintainers like Greg Kroah-Hartman, are actively adopting new fuzzing tools to uncover bugs earlier and improve overall kernel reliability.
This move reflects a broader shift toward automated testing and AI-assisted development, as the kernel continues to grow in complexity and scale.
What Is Fuzzing and Why It Matters
Fuzzing is a software testing technique that feeds random or unexpected inputs into a program to trigger crashes or uncover vulnerabilities.
In the Linux kernel, fuzzing has become one of the most effective ways to detect:
Memory corruption bugs Race conditions Privilege escalation flaws Edge-case failures in subsystems
Modern fuzzers like Syzkaller have already discovered thousands of kernel bugs over the years, making them a cornerstone of Linux security testing.
New Tools Enter the Scene
Recently, kernel maintainers have begun experimenting with new fuzzing frameworks and tooling, including a project internally referred to as “clanker”, which has already been used to identify multiple issues across different kernel subsystems.
Early testing has uncovered bugs in areas such as:
SMB/KSMBD networking code USB and HID subsystems Filesystems like F2FS Wireless and device drivers
The speed at which these issues were discovered suggests that these new tools are significantly improving bug detection efficiency.
AI and Smarter Fuzzing Techniques
One of the most interesting developments is the growing role of AI and machine learning in fuzzing.
New research projects like KernelGPT use large language models to:
Automatically generate system call sequences Improve test coverage Discover previously hidden execution paths
These techniques can enhance traditional fuzzers by making them smarter about how they explore the kernel’s behavior.
Other advancements include:
Better crash analysis and deduplication tools (like ECHO) Configuration-aware fuzzing to explore deeper kernel states Feedback-driven fuzzing loops for improved coverage
Together, these innovations help developers focus on the most meaningful bugs rather than sifting through duplicate reports.
Why This Shift Is Happening Now
The Linux kernel is one of the most complex software projects in existence. With millions of lines of code and contributions from thousands of developers, manually catching every bug is nearly impossible.
Go to Full Article
- GNOME 50 Reaches Arch Linux: A Leaner, Wayland-Only Future Arrives
by George Whittaker
Arch Linux users are among the first to experience the latest GNOME desktop, as GNOME 50 has begun rolling out through Arch’s repositories. Thanks to Arch’s rolling-release model, new upstream software like GNOME arrives quickly, giving users early access to the newest features and architectural changes.
With GNOME 50, that includes one of the most significant shifts in the desktop’s history.
A Major GNOME Milestone
GNOME 50, officially released in March 2026 under the codename “Tokyo,” represents six months of development and refinement from the GNOME community.
Unlike some previous versions, this release focuses less on dramatic redesigns and more on strengthening the foundation of the desktop, improving performance, modernizing graphics handling, and simplifying long-standing complexities.
For Arch Linux users, that translates into a more streamlined and future-ready desktop environment.
Goodbye X11, Hello Wayland-Only Desktop
The headline change in GNOME 50 is the complete removal of X11 support from GNOME Shell and its window manager, Mutter.
After years of gradual transition:
X11 sessions were first deprecated Then disabled by default And now fully removed in GNOME 50
This means GNOME now runs exclusively on Wayland, with legacy X11 applications handled through XWayland compatibility layers.
The result is a simpler, more modern graphics stack that reduces maintenance overhead and improves long-term performance and security.
Improved Graphics and Display Handling
GNOME 50 brings several key improvements to display and graphics performance:
Variable Refresh Rate (VRR) enabled by default Better fractional scaling support Improved compatibility with NVIDIA drivers Enhanced HDR and color management
These changes aim to deliver smoother animations, more responsive desktops, and better support for modern displays.
For gamers and users with high-refresh monitors, these upgrades are especially noticeable.
Performance and Responsiveness Gains
Beyond graphics, GNOME 50 includes multiple performance optimizations:
Faster file handling in the Files (Nautilus) app Improved thumbnail generation Reduced stuttering in animations Better resource usage across the desktop
These refinements make the desktop feel more responsive, particularly on systems with demanding workloads or multiple monitors.
New Parental Controls and Accessibility Features
GNOME 50 also expands its focus on usability and accessibility.
Go to Full Article
- MX Linux Pushes Back Against Age Verification: A Stand for Privacy and Open Source Principles
by George Whittaker
The MX Linux project has taken a firm stance in a growing controversy across the Linux ecosystem: mandatory age-verification requirements at the operating system level. In a recent update, the team made it clear, they have no intention of implementing such measures, citing concerns over privacy, practicality, and the core philosophy of open-source software.
As governments begin introducing laws that could require operating systems to collect user age data, MX Linux is joining a group of projects resisting the shift.
What Sparked the Debate?
The discussion around age verification stems from new legislation, particularly in regions like the United States and Brazil, that aims to protect minors online. These laws may require operating systems to:
Collect user age or date of birth during setup Provide age-related data to applications Enable content filtering based on age categories
At the same time, underlying Linux components such as systemd have already begun exploring technical changes, including storing birthdate fields in user records to support such requirements.
MX Linux Says “No” to Age Verification
In response, the MX Linux team has clearly rejected the idea of integrating age verification into their distribution. Their reasoning is rooted in several key concerns:
User privacy: Collecting age data introduces sensitive personal information into systems that traditionally avoid such tracking Feasibility: Implementing consistent, secure age verification across a decentralized OS ecosystem is highly complex Philosophy: Open-source operating systems are not designed to act as data collectors or gatekeepers
The developers emphasized that they do not want to burden users with intrusive requirements and instead encouraged concerned individuals to direct their efforts toward policymakers rather than Linux projects.
A Broader Resistance in the Linux Community
MX Linux is not alone. The Linux world is divided on how, or whether, to respond to these regulations.
Some projects are exploring compliance, while others are pushing back entirely. In fact, age verification laws have sparked:
Strong debate among developers and maintainers Concerns about enforceability on open-source platforms New projects explicitly created to resist such requirements
In some extreme cases, distributions have even restricted access in certain regions to avoid legal complications.
Why This Matters
At its core, this issue goes beyond a single feature, it raises fundamental questions about what an operating system should be.
Linux has long stood for:
Go to Full Article
- LibreOffice Drives Europe’s Open Source Shift: A Growing Push for Digital Sovereignty
by George Whittaker
LibreOffice is increasingly at the center of Europe’s push toward open-source adoption and digital independence. Backed by The Document Foundation, the widely used office suite is playing a key role in helping governments, institutions, and organizations reduce reliance on proprietary software while strengthening control over their digital infrastructure.
Across the European Union, this shift is no longer experimental, it’s becoming policy.
A Broader Movement Toward Open Source
Europe has been steadily moving toward open-source technologies for years, but recent developments show clear acceleration. Governments and public institutions are actively transitioning away from proprietary platforms, often citing concerns about vendor lock-in, cost, and data control.
According to recent industry data, European organizations are adopting open source faster than their U.S. counterparts, with vendor lock-in concerns cited as a major driver.
LibreOffice sits at the center of this trend as a mature, fully open-source alternative to traditional office suites.
LibreOffice as a Strategic Tool
LibreOffice isn’t just another productivity application, it has become a strategic component in Europe’s digital policy framework.
The software:
Is fully open source and community-driven Supports open standards like OpenDocument Format (ODF) Allows governments to avoid dependency on specific vendors Enables long-term control over data and infrastructure
These characteristics align closely with the European Union’s broader strategy to promote interoperability and transparency through open standards.
Government Adoption Across Europe
LibreOffice adoption is already happening at scale across multiple countries and sectors.
Examples include:
Germany (Schleswig-Holstein): transitioning tens of thousands of government systems to Linux and LibreOffice Denmark: replacing Microsoft Office in public institutions as part of a broader digital sovereignty initiative France and Italy: deploying LibreOffice across ministries and defense organizations Spain and local governments: adopting LibreOffice to standardize workflows and reduce costs
In some cases, migrations involve hundreds of thousands of systems, demonstrating that open-source office software is viable at national scale.
Go to Full Article
- From Linux to Blockchain: The Infrastructure Behind Modern Financial Systems
by George Whittaker
The modern internet is built on open systems. From the Linux kernel powering servers worldwide to the protocols that govern data exchange, much of today’s digital infrastructure is rooted in transparency, collaboration, and decentralization. These same principles are now influencing a new frontier: financial systems built on blockchain technology.
For developers and system architects familiar with Linux and open-source ecosystems, the rise of cryptocurrency is not just a financial trend, it is an extension of ideas that have been evolving for decades.
Open-Source Foundations and Financial Innovation
Linux has long demonstrated the power of decentralized development. Instead of relying on a single authority, it thrives through distributed contributions, peer review, and community-driven improvement.
Blockchain technology follows a similar model. Networks like Bitcoin operate on open protocols, where consensus is achieved through distributed nodes rather than centralized control. Every transaction is verified, recorded, and made transparent through cryptographic mechanisms.
For those who have spent years working within Linux environments, this architecture feels familiar. It reflects a shift away from trust-based systems toward verification-based systems.
Understanding the Stack: Nodes, Protocols, and Interfaces
At a technical level, cryptocurrency systems are composed of multiple layers. Full nodes maintain the blockchain, validating transactions and ensuring network integrity. Lightweight clients provide access to users without requiring full data replication. On top of this, exchanges and platforms act as interfaces that connect users to the underlying network.
For developers, interacting with these systems often involves APIs, command-line tools, and automation scripts, tools that are already integral to Linux workflows. Managing wallets, verifying transactions, and monitoring network activity can all be integrated into existing development environments.
Go to Full Article
- Firefox 149 Arrives with Built-In VPN, Split View, and Smarter Browsing Tools
by George Whittaker
Mozilla has officially released Firefox 149.0, bringing a mix of new productivity features, privacy enhancements, and interface improvements. Released on March 24, 2026, this update continues Firefox’s steady push toward a more modern and user-focused browsing experience.
Rather than focusing on a single headline feature, Firefox 149 introduces several practical tools designed to improve how users multitask, stay secure, and interact with the web.
Built-In VPN Comes to Firefox
One of the most notable additions in Firefox 149 is the introduction of a built-in VPN feature. This optional tool provides users with an added layer of privacy while browsing, helping mask IP addresses and secure connections on public networks.
In some configurations, Mozilla is offering a free usage tier with limited monthly data, giving users a simple way to enhance privacy without installing separate software.
This move aligns with Mozilla’s long-standing emphasis on user privacy and security.
Split View for Better Multitasking
Firefox 149 introduces a Split View mode, allowing users to display two web pages side by side within a single browser window. This feature is especially useful for:
Comparing documents or products Copying information between pages Research and multitasking workflows
Instead of juggling multiple tabs and windows, users can now work more efficiently in a single, organized view.
Tab Notes: A New Productivity Tool
Another standout feature is Tab Notes, available through Firefox Labs. This tool allows users to attach notes directly to individual tabs, making it easier to:
Keep track of research Save reminders tied to specific pages Organize ongoing tasks
This feature reflects a growing trend toward integrating lightweight productivity tools directly into the browser experience.
Smarter Browsing with Optional AI Features
Firefox 149 also expands its experimental AI-powered features, including tools that can assist with summarizing content, providing quick explanations, or helping users interact with web pages more efficiently.
Importantly, Mozilla is keeping these features optional and user-controlled, maintaining its focus on transparency and privacy.
Developer and Platform Updates
For developers, Firefox 149 includes updates to web standards and APIs. One example is improved support for HTML features like enhanced popover behavior, which helps developers build more interactive web interfaces.
As always, these under-the-hood changes help ensure Firefox remains competitive and standards-compliant.
Go to Full Article
- Blender 5.1 Released: Faster Workflows, Smarter Tools, and Major Performance Gains
by german.suarez
The Blender Foundation has officially released Blender 5.1, the latest update to its powerful open-source 3D creation suite. This version focuses heavily on performance improvements, workflow refinements, and stability, while also introducing a handful of new features that expand what artists and developers can achieve.
Rather than reinventing the platform, Blender 5.1 is all about making existing tools faster, smoother, and more reliable — a release that benefits both professionals and hobbyists alike.
A Release Focused on Refinement
Blender 5.1 emphasizes polish over disruption, with developers addressing hundreds of issues and improving the overall production pipeline. The update includes widespread optimizations across rendering, animation, modeling, and the viewport, resulting in a more responsive and efficient experience.
Many of Blender’s internal libraries have also been updated to align with modern standards like VFX Platform 2026, ensuring better long-term compatibility and performance.
Performance Gains Across the Board
One of the standout aspects of Blender 5.1 is its performance boost:
Faster animation playback and shape key evaluation Improved rendering speeds for both GPU and CPU Reduced memory overhead and smoother viewport interaction Optimized internal systems for better responsiveness
In some scenarios, animation and editing performance improvements can be dramatic, especially with complex scenes.
New Raycast Node for Advanced Shading
A major feature addition in Blender 5.1 is the Raycast shader node, which opens the door to advanced rendering techniques.
This node allows artists to trace rays within a scene and extract data from surfaces, enabling:
Non-photorealistic rendering (NPR) effects Custom shading techniques Decal projection and X-ray-style visuals
It’s a flexible tool that expands Blender’s shading capabilities, especially for stylized workflows.
Grease Pencil Gets a Big Upgrade
Blender’s 2D animation tool, Grease Pencil, sees meaningful improvements:
New fill workflow with support for holes in shapes Better handling of imported SVG and PDF files More intuitive drawing and editing behavior
These updates make Grease Pencil far more practical for hybrid 2D/3D workflows and animation pipelines.
Geometry Nodes and Modeling Improvements
Geometry Nodes continue to evolve with expanded functionality:
Go to Full Article
- The Need for Cloud Security in a Modern Business Environment
by George Whittaker
Cloud systems are an emergent standard in business, but migration efforts and other directional shifts have introduced vulnerabilities. Where some attack patterns are mitigated, cloud platforms leave businesses open to new threats and vectors. The dynamic nature of these environments cannot be addressed by traditional security systems, necessitating robust cloud security for contemporary organizations.
Just as businesses have come to acknowledge the value of cloud operations, so too have cyber attackers. Protecting sensitive assets and maintaining regulatory compliance, while simultaneously ensuring business continuity against cloud attacks, requires a modern strategy. When any window could be an opportunity for infiltration, a comprehensive approach serves to limit exploitation.
Unlike traditional on-premise infrastructure, cloud environments dramatically expand an organization’s threat surface. Resources are distributed across regions, heavily dependent on APIs, and frequently created or decommissioned in minutes. This constant change makes it difficult to maintain a fixed security perimeter and increases the likelihood that misconfigurations or exposed services go unnoticed, creating opportunities for exploitation.
The Vulnerabilities of Cloud Security Services
Any misconfiguration, insecure application programming interface (API), or identity management solution may become an invitation for cyberattacks. Amid the rise of artificial intelligence (AI) technology, it is possible for even inexperienced individuals to exploit such weaknesses in cloud systems. Cloud environments are designed for accessibility, a benefit that can be taken advantage of.
“Unlike traditional software, AI systems can be manipulated through language and indirect instructions,” Lee Chong Ming wrote for Business Insider. “[AI expert Sander] Schulhoff said people with experience in both AI security and cybersecurity would know what to do if an AI model is tricked into generating malicious code.”
At the same time that many businesses are migrating to cloud platforms and implementing cloud security features, they are adopting AI technology in order to accelerate workflows and other processes. These systems may have their advantages for certain industries, but their presence can create its own vulnerabilities. Addressing the shortcomings of cloud systems and AI at the same time compounds the security challenges of today.
Go to Full Article
|
