|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- Debian DSA-6200-1 Tor Denial of Service Fix for Bookworm
Two security vulnerabilities (TROVE-2026-004 and TROVE-2025-015) were discovered in Tor, a connection-based low-latency anonymous communication system, which could result in denial of service. For the oldstable distribution (bookworm), this problem has been fixed in version 0.4.9.6-0+deb12u1.
- [$] Protecting against TPM interposer attacks
The TrustedPlatform Module (TPM) is a widely misunderstood piece of hardware (orfirmware) that lives in most x86-based computers. At SCALE 23x in Pasadena, California,James Bottomley gave a presentation on the TPM and the work that he andothers have done to enable the Linux kernel to work with it. Inparticular, he described the problems with interposer attacks, which targetthe communication between the TPM and the kernel, and what hasbeen added to the kernel to thwart them.
- 6.6.133 stable kernel released
Greg Kroah-Hartman has released the 6.6.133 stable kernel. This revertsa backporting mistake that removed file descriptor checks whichled to kernel panics if the fgetxattr, flistxattr,fremovexattr, or fsetxattr functions were calledfrom user space with a file descriptor that did not reference an openfile.
- Security updates for Monday
Security updates have been issued by AlmaLinux (freerdp, grafana, grafana-pcp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free, kernel, libpng12, libpng15, perl-YAML-Syck, python3, and rsync), Debian (dovecot, libxml-parser-perl, pyasn1, python-tornado, roundcube, tor, trafficserver, and valkey), Fedora (bind9-next, chromium, cmake, domoticz, freerdp, giflib, gst-devtools, gst-editing-services, gstreamer1, gstreamer1-doc, gstreamer1-plugin-libav, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-rtsp-server, gstreamer1-vaapi, libgsasl, libinput, libopenmpt, mapserver, mingw-binutils, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, mingw-libpng, mingw-python3, nginx-mod-modsecurity, openbao, python-gstreamer1, python3.12, python3.13, python3.14, python3.9, rust, rust-sccache, tcpflow, and vim), Red Hat (ncurses), Slackware (infozip and krita), SUSE (chromium, corosync, keybase-client, libinput-devel, osslsigncode, python-pillow, python311-Flask-Cors, python313, and python314), and Ubuntu (libarchive and spip).
- Kernel prepatch 7.0-rc7
Linus has released 7.0-rc7 for testing."Things look set for a final release next weekend, but please keeptesting. The Easter bunny is watching".
- Hackers breached the European Commission (The Next Web)
LWN recently reported on the Trivycompromise that led, in turn, to the compromise of the LiteLLM system; thatarticle made the point that the extent of the problem was likely ratherlarger than was known. The Next Web now reportsthat the Trivy attack was used to compromise a wide range of EuropeanCommission systems.
The European Union's computer emergency response team said on Thursday that a supply chain attack on an open-source security scanner gave hackers the keys to the European Commission's cloud infrastructure, resulting in the theft and public leak of approximately 92 gigabytes of compressed data including the personal information and email contents of staff across dozens of EU institutions.
- [$] Ubuntu's GRUBby plans
GNU GRUB 2, mostly justreferred to as GRUB these days, is the most widely used boot loaderfor x86_64 Linux systems. It supports readingfrom a vast selection of filesystems, handles booting modern systemswith UEFI or legacy systems with a BIOS, and even allows users to customize the"splash" image displayed when a system boots. Alas, all of those features come witha price; GRUB has had a paradeof security vulnerabilities over the years. To mitigate some of thoseproblems, Ubuntucore developer and Canonical employee Julian Andres Klode has proposed removinga number of features from GRUB in Ubuntu 26.10 to improve GRUB'ssecurity profile. His proposal has not been met with universal acclaim; many of thefeatures Klode would like to remove have vocal proponents.
- No kidding: Gentoo GNU/Hurd
On April 1, the Gentoo Linux project published a blog postannouncing that it was switching to GNU Hurd as its primarykernel as an April Fool's joke. While that is not true, the projecthas followed up with an announcementof a new Gentoo port to the Hurd:
Our crack team has been working hard to port Gentoo to the Hurd andcan now share that they've succeeded, though it remains still in aheavily experimental stage. You can try Gentoo GNU/Hurd using apre-prepared disk image. The easiest way to do this is with QEMU[...]
We have developed scripts to build this image locally andconveniently work on further development of the Hurd port. Releasemedia like stages and automated image builds are future goals, as isfeature parity on x86-64. Further contributions are welcome,encouraged, and needed. Be patient, expect to get your hands dirty,anticipate breakage, and have fun!
Oh, and Gentoo GNU/Hurd also works on real hardware!
Text for the April Fool's post is available at the bottom of thereal announcement.
- Security updates for Friday
Security updates have been issued by AlmaLinux (freerdp, grafana, kernel, rsync, and thunderbird), Debian (chromium, inetutils, and libpng1.6), Fedora (bind9-next, nginx-mod-modsecurity, and openbao), Mageia (firefox, nss and thunderbird), Red Hat (container-tools:rhel8), SUSE (conftest, dnsdist, ignition, libsoup, libsoup2, LibVNCServer, libXvnc-devel, opensc, ovmf-202602, perl-Crypt-URandom, python-tornado, python311-ecdsa, python311-Pygments, python315, tar, and wireshark), and Ubuntu (cairo, jpeg-xl, linux, linux-aws, linux-aws-6.17, linux-gcp, linux-gcp-6.17, linux-hwe-6.17, linux-realtime, linux, linux-aws, linux-aws-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-nvidia, linux-raspi, linux-fips, linux-fips, linux-aws-fips, linux-fips, linux-aws-fips, linux-gcp-fips, and linux-realtime, linux-realtime-6.8, linux-raspi-realtime).
- SFC: What the FCC router ban means for FOSS
Denver Gingerich of the Software Freedom Conservancy (SFC) has publishedan articleon the impact of the ban onthe sale of all new home routers not made in the United Statesissued by the Federal Communications Commission (FCC). The SFC, ofcourse, is the organizationbehind the OpenWrt One router.
Since software updates to already-FCC-approved devices do notrequire a new FCC approval, it appears the FCC is trying to movebeyond its usual authorization procedures to restrict whatmanufacturers are allowed to push to existing routers. However, theFCC notably does not restrict software changes made by owners ofrouters in the U.S. In particular, there is no indication that updatespeople make to their own routers, using software they have sourcedthemselves, would run afoul of any past or present FCC rule.
As a result, we do not believe that this new FCC decision affectswhether and how people can run OpenWrt or other user-selected firmwareupdates on routers they have already purchased. Not only is this animportant right in relation to our ownership and control of our owndevices, it also ensures that people can keep their routers secure forfar longer than the manufacturer may choose to provide securityupdates, by allowing them to install up-to-date community softwarethat supports routers for 10, 15, or even more years after theirinitial release date, as OpenWrt does for many devices.
He also notes that, as the OpenWrt One is already FCC-approved,there should be no impact on its availability in the US. The SFC hasasked the FCC for clarification and plans to provide updates when theyreceive a reply.
- [$] IPC medley: message-queue peeking, io_uring, and bus1
The kernel provides a number of ways for processes to communicate with eachother, but they never quite seem to fit the bill for many users. There arecurrently a few proposals for interprocess communication (IPC) enhancementscirculating on the mailing lists. The most straightforward one adds a newsystem call for POSIX message queues that enables the addition of newfeatures. For those wanting an entirely new way to do interprocesscommunication, there is a proposal to add a new subsystem for that purposeto io_uring. Finally, the bus1 proposal has made a return after ten years.
- Exelbierd: What's actually in a Sashiko review?
Brian "bex" Exelbierd has publisheda blogpost exploring follow-up questions raised bythe recent debate about the use of the LLM-based reviewtool Sashikoin the memory-management subsystem. His main finding is that Sashiko reviews arebi-modal with regards to whether they contain reports about code not directlychanged by the patch set — most do not, but the ones that do often have severalsuch comments.
Hypothesis 1: Reviewers are getting told about bugs they didn't create.Sashiko's review protocol explicitly instructs the LLM to read surrounding code,not just the diff. That's good review practice — but it means the tool mightflag pre-existing bugs in code the patch author merely touched, putting thoseproblems in their inbox.
Hypothesis 2: The same pre-existing bugs surface repeatedly. If a knownissue in a subsystem doesn't get fixed between review runs, every patch touchingnearby code could trigger the same finding. That would create a steady drip ofduplicate noise across the mailing list.
I pulled data from Sashiko's public API and tested both.
- OpenSSH 10.3 released
OpenSSH 10.3has been released. Among the many changes in this release are asecurity fix to address late validation of metacharacters in usernames, removal of bug compatibility for SSH implementations that donot support rekeying,and a fix to ensure that scp clears setuid/setgid bits from downloadedfiles when operating as root in legacy (-O) mode. See therelease announcement for a full list of new features, bug fixes, andpotentially incompatible changes.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (python3.11, python3.12, squid, and thunderbird), Debian (gst-plugins-bad1.0 and gst-plugins-ugly1.0), Fedora (bpfman, crun, gnome-remote-desktop, polkit, python3.14, rust-rustls-webpki, rust-sccache, rust-scx_layered, rust-scx_rustland, rust-scx_rusty, and scap-security-guide), Oracle (freerdp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free, kernel, libxslt, python3.11, python3.12, squid, and thunderbird), SUSE (389-ds, busybox, chromium, cosign, curl, docker-compose, exiv2, expat, firefox, freerdp, freerdp2, gstreamer-plugins-ugly, harfbuzz, heroic-games-launcher, ImageMagick, kea, keylime, libjxl, librsvg, libsodium, libsoup, net-snmp, net-tools, netty, nghttp2, poppler, postgresql13, postgresql16, postgresql17, postgresql18, protobuf, python-black, python-orjson, python-pyasn1, python-pyOpenSSL, python-tornado, python-tornado6, python311-nltk, thunderbird, tomcat10, tomcat11, vim, and xen), and Ubuntu (kernel, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi, linux-raspi, linux-raspi-realtime, rust-cargo-c, rust-tar, and undertow).
- New stable kernels for Thursday
Greg Kroah-Hartman has released the 6.19.11, 6.18.21,6.12.80, and 6.6.131 stable kernels, followed by a quickrelease of 6.6.132 with two patches reverted toaddress a problem building the rust core in 6.6.131. Each kernel containsimportant fixes; users are advised to upgrade.
- [$] LWN.net Weekly Edition for April 2, 2026
Inside this week's LWN.net Weekly Edition:
Front: LiteLLM compromise; systemd controversy; LLM kernel review; OpenBSD and vibe-coding; Rust trait-solver; Pandoc. Briefs: Rspamd 4.0.0; telnyx vulnerability; Fedora forge; SystemRescue 13.00; Servo 0.0.6; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- Mesa 26.1 Makes It Easier To "Fake" A GPU Reset Using LLVMpipe
As a small but interesting addition coming for this quarter's Mesa 26.1 release is making it easy to simulate a GPU reset with the LLVMpipe software driver. While seemingly mundane, this can be quite handy for compositor developers and other app/software developers wanting to more easily test how their code behaves when encountering a GPU reset...
- AWS Engineer Reports PostgreSQL Performance Halved By Linux 7.0, But A Fix May Not Be Easy
An Amazon/AWS engineer raised the alarms on Friday over the current Linux 7.0 development kernel leading to the throughput for the PostgreSQL database server being around half that of prior kernel versions. The culprit halving the PostgreSQL performance is known but a revert looks like it may not happen and currently suggesting that PostgreSQL may need to be adapted...
- 9to5Linux Weekly Roundup: April 5th, 2026
The 286th installment of the 9to5Linux Weekly Roundup is here for the week ending April 5th, 2026, keeping you updated on the most important developments in the Linux world.
- NHS staff resist using Palantir software
Staff reportedly cite ethics concerns, privacy worries, and doubt the platform adds muchPalantir's software was brought in to help NHS England improve care and cut delays, but new reports suggest some staff are resisting using it over ethical, privacy, and trust concerns.…
- Google battles Chinese open-weights models with Gemma 4
Now with a more permissive license, multi-modality, and support for more than 140 languagesGoogle on Thursday unleashed a wave of new open-weights Gemma models optimized for agentic AI and coding, under a more permissive Apache 2.0 license aimed at winning over enterprises.…
- Linux 7.1 To Expose AMD Zen 6's AVX-512 BMM For Guest VMs
A small but important patch that looks like it will be merged for the upcoming Linux 7.1 kernel is for enumerating AVX-512 BMM support for KVM virtualized guests. AVX-512 BMM is one of the exciting ISA additions with next-gen AMD Zen 6 processors...
- Debian Is Figuring Out How Age Verification Laws Will Impact It
With age verification/attestation laws down to the OS level enacted by California and being decided upon by other US states, it's been a hot topic of discussion in the open-source world. For the Debian project that is strictly volunteer/community-driven unlike various commercial Linux platforms, they are figuring out how such laws will impact them...
- PrismML debuts energy-sipping 1-bit LLM in bid to free AI from the cloud
Bonasi 8B model is competitive with other 8B models but 14x smaller and 5x more energy efficientPrismML, an AI venture out of Caltech, has released a 1-bit large language model that outperforms weightier models, with the expectation that it will improve AI efficiency and viability on mobile devices, among other applications.…
- Linux Finally Starts Removing Support for Intel's 37-Year-Old i486 Processor
"It's finally time," writes Phoronix — since "no known Linux distribution vendors are still shipping with i486 CPU support." "A patch queued into one of the development branches ahead of the upcoming Linux 7.1 merge window is set to finally begin the process of phasing out and ultimately removing Intel 486 CPU support from the Linux kernel." More details from XDA-Developers:Authored by Ingo Molnar, the change, titled "x86/cpu: Remove M486/M486SX/ELAN support," begins dismantling Linux's built-in support for the i486, which was first released back in 1989. As the changelog notes, even Linus is keen to cut ties with the architecture: "In the x86 architecture we have various complicated hardware emulation facilities on x86-32 to support ancient 32-bit CPUs that very very few people are using with modern kernels. This compatibility glue is sometimes even causing problems that people spend time to resolve, which time could be spent on other things. As Linus recently remarked: 'I really get the feeling that it's time to leave i486 support behind. There's zero real reason for anybody to waste one second of development effort on this kind of issue'..." If you're one of the rare few who still keep the decades-old CPU alive, your best bet will be to grab an LTS Linux distro that keeps the older version of Linux for a few more years.
Read more of this story at Slashdot.
- Russia's VPN Crackdown Caused Bank Outages, Telegram Founder Says
Russia's "great crackdown" on VPNs — and a clampdown on Telegram's messaging platform — had an unintended side effect, reports Bloomberg. It "triggered the widespread banking outage seen across the country this week, Telegram's billionaire founder Pavel Durov said.""Telegram was banned in Russia, yet 65 million Russians still use it daily via VPNs," Durov said Saturday in a post on Telegram. "The government has spent years trying to ban VPNs too. Their blocking attempts just triggered a massive banking failure; cash briefly became the only payment method nationwide yesterday." Attempts on Friday to limit VPN use could have sparked the disruption affecting banking apps, The Bell and other Russian media reported, citing industry sources who weren't identified. The outage may have been caused by an overload in the filtering systems run by Russia's communications watchdog, according to the reports, with experts warning that major restrictions risk undermining network stability... Separately, payments for Apple Inc.'s app store and other services became unavailable in Russia from April 1, the US company said on its website, without saying why. Earlier, RBC newswire reported that the Digital Development Ministry had asked mobile operators to disable top-ups, which could help limit VPN use.... Durov, who's being investigated in Russia for allegedly aiding terrorist activity, compared the situation in his home country to Iran, where similar restrictions prompted widespread adoption of VPNs instead of the intended shift to state-backed messaging apps. "Welcome back to the Digital Resistance, my Russian brothers and sisters," said Durov, who has lived in Dubai and France in recent years. "The entire nation is now mobilized to bypass these absurd restrictions," he wrote, adding that Telegram would continue adapting to make its traffic harder to detect and block.
Read more of this story at Slashdot.
- Artemis Astronauts Enter Moon's Gravitational Pull, Catch First Glimpses of Far Side
NASA's Artemis astronauts are now entering "the lunar sphere of influence," reports NBC News, "meaning the pull of the moon's gravity will become stronger than Earth's." Now as they begin their swing around the moon, the Artemis astronauts "are chasing after Apollo 13's maximum range from Earth," reports the Associated Press, hoping to beat its distance from Earth by more than 4,100 miles (6,600 kilometers). They'll begin their six-hour lunar flyby 14 hours from now (at 2:45 p.m. ET Monday). But in a space-to-earth interview Saturday with NBC News, the astronauts were already describing their first glimpses of the edge of the far side:[NASA astronaut Christina Koch realized] it looked different from what she was accustomed to on Earth. "The darker parts just aren't quite in the right place," she said. "And something about you senses that is not the moon that I'm used to seeing...." [Astronaut Reid] Wiseman called the flight a "magnificent accomplishment" and said the astronauts' ability to gaze at both Earth and the moon from their spacecraft has been "truly awe-inspiring." "The Earth is almost in full eclipse. The moon is almost in full daylight, and the only way you could get that view is to be halfway between the two entities," he said... And while the early photos of Earth and the moon that [Canadian astronaut Jeremy] Hansen and his colleagues have beamed back have been spectacular, the Canadian astronaut said they pale in comparison to the real deal outside their capsule's windows. "I know those photos are amazing," he said, "but let me assure you, it is another level of amazing up here." And their upcoming six-hour lunar flyby "promises views of the moon's far side that were too dark or too difficult to see by the 24 Apollo astronauts who preceded them," notes the Associated Press:A total solar eclipse also awaits them as the moon blocks the sun, exposing snippets of shimmering corona.... At closest approach, they will come within 4,070 miles (6,550 kilometers) of the moon. Because they launched on April 1, the rendezvous won't have as much of the far lunar side illuminated as other dates would have. But the crew still will be able make out "definite chunks of the far side that have never been seen" by humans, said NASA geologist Kelsey Young, including a good portion of Orientale Basin. They'll call down their observations as they photograph the gray, pockmarked scenes. There's a suite of professional-quality cameras on board, and each astronaut also has an iPhone for more informal, spur-of-the-minute picture-taking... Orion will be out of contact with Mission Control for nearly an hour when it's behind the moon. The same thing happened during the Apollo moonshots. NASA is relying on its Deep Space Network to communicate with the crew, but the giant antennas in California, Spain and Australia won't have a direct line of sight when Orion disappears behind the moon for approximately 40 minutes... Once Artemis II departs the lunar neighborhood, it will take four days to return home. The capsule will aim for a splashdown in the Pacific near San Diego on April 10, nine days after its Florida launch. During the flight back, the astronauts will link up via radio with the crew of the orbiting International Space Station. This is the first time that a moon crew has colleagues in space at the same time and NASA can't pass up the opportunity for a cosmic chitchat.
Read more of this story at Slashdot.
- Internet Bug Bounty Pauses Payouts, Citing 'Expanding Discovery' From AI-Assisted Research
The Internet Bug Bounty program "has been paused for new submissions," they announced last week. Running since 2012, the program is funded by "a number of leading software companies," reports InfoWorld, "and has awarded more than $1.5m to researchers who have reported bugs "Up to now, 80% of its payouts have been for discoveries of new flaws, and 20% to support remediation efforts. But as artificial intelligence makes it easier to find bugs, that balance needs to change, HackerOne said in a statement. "AI-assisted research is expanding vulnerability discovery across the ecosystem, increasing both coverage and speed. The balance between findings and remediation capacity in open source has substantively shifted," said HackerOne. Among the first programs to be affected is the Node.js project, a server-side JavaScript platform for web applications known for its extensive ecosystem. While the project team will continue to accept and triage bug reports through HackerOne, without funding from the Internet Bug Bounty program it will no longer pay out rewards, according to an announcement on its website... [J]ust last month, Google also put a halt to AI-generated submissions provided to its Open Source Software Vulnerability Reward Program. The Internet Bug Bounty stressed that "We have a responsibility to the community to ensure this program effectively accomplishes its ambitious dual purpose: discovery and remediation. Accordingly, we are pausing submissions while we consider the structure and incentives needed to further these goals..." "We remain committed to strengthening open source security. Working with project maintainers and researchers, we're actively evaluating solutions to better align incentives with open source ecosystem realities and ensure vulnerability discoveries translate into durable remediation outcomes."
Read more of this story at Slashdot.
- Claude Code Leak Reveals a 'Stealth' Mode for GenAI Code Contributions - and a 'Frustration Words' Regex
That leak of Claude Code's source code "revealed "all kinds of juicy details," writes PC World. The more than 500,000 lines of code included: - An 'undercover mode' for Claude that allows it to make 'stealth' contributions to public code bases- An 'always-on' agent for Claude Code- A Tamagotchi-style 'Buddy' for Claude "But one of the stranger bits discovered in the leak is that Claude Code is actively watching our chat messages for words and phrases — including f-bombs and other curses — that serve as signs of user frustration."Specifically, Claude Code includes a file called "userPromptKeywords.ts" with a simple pattern-matching tool called regex, which sweeps each and every message submitted to Claude for certain text matches. In this particular case, the regex pattern is watching for "wtf," "wth," "omfg," "dumbass," "horrible," "awful," "piece of — -" (insert your favorite four-letter word for that one), "f — you," "screw this," "this sucks," and several other colorful metaphors... While the Claude Code leak revealed the existence of the "frustration words" regex, it doesn't give any indication of why Claude Code is scouring messages for these words or what it's doing with them.
Read more of this story at Slashdot.
- Hundreds of Theatres Show Apocalyptic-Yet-Optimistic New Movie, 'The AI Doc'
Hundreds of theatres are now showing a new documentary called The AI Doc: Or How I Became An Apocaloptimist. Variety calls it "playful and heady,"edited "with a spirit of ADHD alertness." The New York Times suggests it "tries to cover so much that it ends up being more confusing than clarifying, but parts are fascinating." But the Los Angeles Times calls it an "aggravating soup of information and opinion that wants to move at the speed of machine thought." So while co-director Daniel Roher asks whether he should bring a child into a world with AI, "Perhaps more urgently, should Roher have made an AI doc that treats us like children?"First, he parades all the safety doomers, seeming to believe their warnings that an unfeeling superintelligence is upon us and we can't trust it. Then, sufficiently disturbed, he hauls in the AI cheerleaders, a suspiciously positive gang who can envision only medical miracles and grindless lives in which we're all full-time artists. Only then, after this simplistic setup where platitudes reign, do we get the section in which the subject is treated like the brave (and grave) new world it is: geopolitically fraught, economically tenuous and a playground for billionaires. Why couldn't the complexity have been the dialogue from the beginning, instead of the play-dumb cartoon "The AI Doc" feels like for so long? Maybe Roher believes this is what our increasingly gullible, truth-challenged citizenry needs from an explanatory doc: a flashy, kindhearted reminder that we're the change we need to be. Read more reactions here and here. Mashable warns the documentary's director "will ultimately craft a journey that feels like a panic attack in real time. In the end, you may not feel better about mankind's chances against the rise of AI. But you'll likely feel less helpless in the future before us all." They also point out that the film "shares some ways its audience can more actively be apart of the conversation, and provides a link to the film's website for engagement," where 6,948 people have now signed up for its newsletter. ("Demand a seat at the table," urges its signup button, under a warning that "Government and AI companies are designing our future without us. We need to reclaim our voice in shaping the future of AI...")
Read more of this story at Slashdot.
- Will 'AI-Assisted' Journalists Bring Errors and Retractions?
Meet the "journalist" who "uploads press releases or analyst notes into AI tools and prompts them to spit out articles that he can edit and publish quickly," according to the Wall Street Journal. "AI-assisted stories accounted for nearly 20% of Fortune's web traffic in the second half of 2025." And most were written by 42-year-old Nick Lichtenberg, who has now written over 600 AI-assisted stories, producing "more stories in six months than any of his colleagues at Fortune delivered in a year." One Wednesday in February, he cranked out seven. "I'm a bit of a freak," Lichtenberg said... A story by Lichtenberg sometimes starts with a prompt entered into Perplexity or Google's NotebookLM, asking it to write something based on a headline he comes up with. He moves the AI tools' initial drafts into a content-management system and edits the stories before publishing them for Fortune's readers... A piece from earlier that morning about Josh D'Amaro being named Disney CEO took 10 minutes to get online, he said... Like other journalists, Lichtenberg vets his stories. He refers back to the original documents to confirm the information he's reporting is correct. He reaches out to companies for comment. But he admits his process isn't as thorough as that of magazine fact-checkers. While Lichtenberg started out saying his stories were co-authored with "Fortune Intelligence", he now typically signs his own name, according to the article, "because he feels the work is mostly his own." (Though his stories "sometimes" disclose generative AI was used as a research tool...) The article asks with he could be "a bellwether for where much of the media business is headed..." "Much of the content people now consume online is generated by artificial intelligence, with some 9% of newly published newspaper articles either partially or fully AI-generated, according to a 2025 study led by the University of Maryland. The number of AI-generated articles on the web surpassed human-written ones in late 2024, according to research and marketing agency Graphite."Some executives have made full-throated declarations about the threat posed by AI. New York Times publisher A.G. Sulzberger said AI "is almost certainly going to usher in an unprecedented torrent of crap," referencing deepfakes as an example. The NewsGuild of New York, the union representing Fortune employees and journalists at other media outlets, said the people are what makes journalism so powerful. "You simply can't replicate lived experiences, human judgment and expertise," said president Susan DeCarava. For Chris Quinn, the editor of local publications Cleveland.com and the Plain Dealer, AI tools have helped tame other torrents facing the industry. AI has allowed the outlets to cover counties in Ohio that otherwise might go ignored by scraping information from local websites and sending "tips" to reporters, he said. It has also edited stories and written first drafts so the newsrooms' journalists can focus on the calls, research and reporting needed for their stories.... Newsrooms from the New York Times to The Wall Street Journal are deploying AI in various ways to help reporters and editors work more efficiently.... Not all newsrooms disclose their use of AI, and in some cases have rolled out new tools that resulted in errors or PR gaffes. An October study from the European Broadcasting Union and the BBC, which relied on professional journalists to evaluate the news integrity of more than 3,000 AI responses, found that almost half of all AI responses had at least one significant issue. Last week the New York Times even issued a correction when a freelance book reviewer using an AI tool unknowingly included "language and details similar to those in a review of the same book published in The Guardian." But it was actually "the second time in a few days that the Times was called out for potential AI plagiarism," according to the American journalist writing The Handbasket newsletter.We must stem the idea being pushed by tech companies and their billionaire funders who've sunk too much into their products to admit defeat that the infiltration of AI into journalism is inevitable; because from my perch as an independent journalist, it simply is not... Some AI-loving journalists appear to believe that if they're clear enough with the AI program they're using, it will truly understand what they're seeking and not just do what it's made to do: steal shit... If you want to work with machines, get a job that requires it. There are a whole lot more of those than there are writing jobs, so free up space for people who actually want to do the work. You're not doing the world a favor by gifting it your human/AI hybrid. Journalism will not miss you if you leave... But meanwhile, USA Today recently tried hiring for a new position: AI-Assisted reporter. (The lucky reporter will "support the launch and scaling of AI-assisted local journalism in a major U.S. metro," working with tools including Copilot and Perplexity, pioneering possible future expansions and "AI-enabled newsroom operations that support and augment human-led journalism.") And Google is already sponsoring a "publishing innovation award"...
Read more of this story at Slashdot.
- Crooks Behind $27M in 'Refund' Scams Busted By YouTube Pranksters After Being Lured to Fake Funeral
One crime ring scammed 2,000 elderly people of more than $27 million between 2021 and 2023 using tech support/bank impersonation/refund scams. "Victims were in their 70s and 80s," reports the U.S. Attorney's office for California's southern district. Victims were first told they'd received a refund (either online or via phone), but then told they'd been "over-refunded" a massive amount, and asked to return that amount. But 42-year-old Jiandong Chen just admitted Thursday in a U.S. federal court that he was involved in the fraud and money laundering via cryptocurrency — pleading guilty to two charges with maximum penalties of 40 years in prison and a $1 million fine, plus 20 years in prison with a maximum fine of $500,000 or twice the amount laundered. "Chen, a Chinese national, is the second defendant charged in a five-defendant indictment." And what tripped him up seems to be that "Certain members of the conspiracy also did in-person pickups of money directly from victims..." And so YouTube enters the story — when the scammers called pranksters with 1,790,000 subscribers to their "Trilogy Media" channel. In an elaborate three-hour video, the team of pranksters lured the scammer to a rented Airbnb where they're staging a fake funeral with a nun. (One of the men acting in the video remembers "we start doing a prayer... I'm holding the scammer's hand in my nun outfit...") They convince the scammer to collect the cash from a dead man — "Is there anything you'd like to say to him?" Then there's demon voices. The scammer's victim resurrects from the dead. Did the cash mule bring holy water? The end result was a video titled "CONFRONTING SCAMMERS WITH A FAKE FUNERAL (EPIC REACTIONS)". But two and a half years later, their "cash mule sting house" video has racked up over 1.3 million views, 22,000 likes, and 2,979 comments. ("This video is longer than Oppenheimer. Thanks for the laughs fellas.") And the scammer is facing 60 years in prison.
Read more of this story at Slashdot.
- Apple Brings Device-Level Age Verification to Two More Countries
11 days ago Apple launched device-level age restrictions in the U.K. There were some glitches, reports the blog 9to5Mac.For me, the experience was an entirely painless one, taking less than 30 seconds. All I had to do was tap a confirm and continue button, and Apple told me that the length of time I'd had an Apple account was used to confirm that I'm 18+. Others, however, experienced difficulties with the process timing out or failing to complete. We summarized some of the steps you can take to try to address this. Apple has since listed additional acceptable ways to verify your age. "You can confirm your age with a credit card, or by scanning a driver's license or one of the following PASS-accredited Proof of Age cards: CitizenCard, My ID Card, TOTUM ID card, or Young Scot National Entitlement Card." If you don't verify your age, then you'll be treated as a child or teenager, meaning that both the web content filter and communication safety features are switched on. Apple is continuing the roll-out in Singapore (population 6 million) and South Korea (population 52 million), the article points out, citing a new Apple support document. South Korea's law actually requires Apple to re-verify someone's age annually.
Read more of this story at Slashdot.
- Chrome 148 Will Start 'Lazy Loading' Video and Audio to Improve Performance
"Google has announced that it's currently testing a new feature for Chrome 148 that could speed up day-to-day browsing," reports PC World:[T]he browser can intelligently postpone the loading of certain elements. Why load all images at the start when it can instead load images as you get close to them while scrolling? Chrome and Chromium-based browsers have had built-in lazy loading support for images and iframes since 2019, but this feature would make browsers capable of lazy loading video and audio elements, too. Note, however, that this won't benefit YouTube video embeds — those are already lazy loadable since they're embedded using iframes. Actual video and audio elements are rarer but not uncommon. In addition to Chrome, lazy loading of video and audio elements is also expected to be added to other Chromium-based browsers, including Microsoft Edge and Vivaldi.
Read more of this story at Slashdot.
- Scientists Engineered a Plant To Produce 5 Different Psychedelics At Once
Plants, toads, and mushrooms "can all produce psychedelic substances," writes ScienceAlert. "And now their powers have been combined in one plant."[S]cientists have taken the genes these organisms use to make five natural psychedelics and introduced them into a tobacco plant ( Nicotiana benthamiana), which then produced all five compounds simultaneously. As interest grows in psychedelics as potential treatments for illnesses such as depression, anxiety, and PTSD, the newly developed system could offer scientists a new way to produce these compounds for research purposes... [P]rogress in this field remains limited, in part due to regulatory restrictions, underscoring the need for more research. This creates practical challenges for scientists. "Traditionally, the supply of psychedelics relies on natural producers, mainly plants, fungi, and the Sonoran Desert toad," the researchers write. "Harvesting these organisms for their psychoactive compounds raises ecological and ethical concerns, being increasingly threatened by habitat loss and overexploitation..." [T]he team carefully monitored the plant's production of five psychedelic tryptamines: DMT originally from plants; psilocin and psilocybin from mushrooms; and bufotenin and 5-MeO-DMT from toads. The modified tobacco plants were found to produce all five compounds simultaneously. The article points out that the researchers "also took it a step further." By tweaking the enzymes they were able to "produce modified versions of the compounds that do not naturally occur in plants, and which may also have therapeutic value."
Read more of this story at Slashdot.
- Does Ubuntu Now Require More RAM Than Windows 11?
"Canonical is no longer pretending that 4GB is enough," writes the blog How-to-Geek, noting Ubuntu 26.04 LTS "raises the baseline memory to 6GB, alongside a 2GHz dual-core processor, and 25GB of storage..."Ubuntu 14.04 LTS (Trusty Tahr) set the floor at 1GB — a modest ask when it launched more than a decade ago in 2014. Then came the Ubuntu 18.04 LTS (Bionic Beaver) that pushed the number to 4GB, surviving quite well in the era of 16GB being considered standard for mid-range laptops.... Ubuntu's new minimum requirement lands in an interesting spot when compared against Windows 11. Microsoft's operating system requires just 4GB RAM, although real-world usage often tells a different story. Usually, 8GB is considered the sweet spot to handle modern apps and multitasking. The blog OMG Ubuntu argues this change is "not because Ubuntu requires 2GB more memory than it did, but more the way we compute does."it's more of an honesty bump. Components that make up the distro — the GNOME desktop and extensions, modern web browsers (and the sites we load in them) and the kinds of apps we use (and keep running) whilst multitasking are more demanding... The Resolute Raccoon's memory requirements better reflect real-world multitasking. Ubuntu 26.04 LTS can be installed on devices with less than 6GB RAM (but not less than 25GB of disk space). The experience may not be as smooth or as responsive as developers intend (so you don't get to complain), but it will work. I installed Ubuntu 26.04 Beta on a laptop with just 2 GB of memory — slow to the point of frustration in use, but otherwise functional. If you have a device with 4 GB RAM and you can't upgrade (soldered memory is a thing, and e-waste can be avoided), then alternatives exist. Many Ubuntu flavours, like Lubuntu, have lower system requirements than the main edition. Plus, there's always the manual option using the Ubuntu netboot installer to install a base system and then built out a more minimal system from there.
Read more of this story at Slashdot.
- Apple's First 50 Years Celebrated - Including How Steve Jobs Finally Accepted an 'Open' App Store
Apple's 50th anniversary got celebrated in weird and wild ways. CEO Tim Cook posted a special 30-second video rewinding backwards through the years of Apple's products until it reaches the Apple I. Podcaster Lex Fridman noticed if you play the sound in reverse, "It's the Think Different ad music, pitched up." TechRadar played seven 50-year-old Apple I games on an emulator, including Star Trek, Blackjack, Lunar Lander, and of course, Conway's Game of Life. And Macworld ranked Apple's 50 most influential people. (Their top five?) 5. Tony Fadell (iPhone co-creator/"father of the iPod")4. Sir Jony Ive3. Steve Wozniak2. Tim Cook1. Steve Jobs One of the most thoughtful celebraters was David Pogue, who's spent 42 years of writing about Apple (starting as a MacWorld columnist and the author of Mac for Dummies, one of the first "...For Dummies" books ever published in the early 1990s.) Now 63 years old, Pogue spent the last two years working on a 608-page hardcover book titled Apple: The First 50 Years. But on his Substack Pogue, contemplated his own history with the company — including several interactions with Steve Jobs. Pogue remembers how Jobs "hated open systems. He wanted to make self-contained, beautiful machines. He didn't want them polluted by modifications." The tech blog Daring Fireball notes that Pogue actually interviewed Scott Forstall (who'd led the iPhone's software development team) for his new book, "and got this story, about just how far Steve Jobs thought Apple could go to expand the iPhone's software library while not opening it to third-party developers.""I want you to make a list of every app any customer would ever want to use," he told Forstall. "And then the two of us will prioritize that list. And then I'm going to write you a blank check, and you are going to build the largest development team in the history of the world, to build as many apps as you can as quickly as possible." Forstall, dubious, began composing a list. But on the side, he instructed his engineers to build the security foundations of an app store into the iPhone's software-"against Steve's knowledge and wishes," Forstall says. [...] Two weeks after the iPhone's release, someone figured out how to "jailbreak" the iPhone: to hack it so that they could install custom apps. Jobs burst into Forstall's office. "You have to shut this down!" But Forstall didn't see the harm of developers spending their efforts making the iPhone better. "If they add something malicious, we'll ship an update tomorrow to protect against that. But if all they're doing is adding apps that are useful, there's no reason to break that." Jobs, troubled, reluctantly agreed. Week by week, more cool apps arrived, available only to jailbroken phones. One day in October, Jobs read an article about some of the coolest ones. "You know what?" he said. "We should build an app store." Forstall, delighted, revealed his secret plan. He had followed in the footsteps of Burrell Smith (the Mac's memory-expansion circuit) and Bob Belleville (the Sony floppy-drive deal): He'd disobeyed Jobs and wound up saving the project. In fact, the book "includes new interviews with 150 key people who made the journey, including Steve Wozniak, John Sculley, Jony Ive, and many current designers, engineers, and executives" (according to its description on Amazon). Pogue's book even revisits the story of Steve Jobs proving an iPod prototype could be smaller by tossing it into an aquarium, shouting "If there's air bubbles in there, there's still room. Make it smaller!" But Pogue's book "added that there's a caveat to this compelling bit of Apple lore," reports NPR. "It never actually happened. It's just one more Apple myth."
Read more of this story at Slashdot.
- Top NPM Maintainers Targeted with AI Deepfakes in Massive Supply-Chain Attack, Axios Briefly Compromised
"Hackers briefly turned a widely trusted developer tool into a vehicle for credential-stealing malware that could give attackers ongoing access to infected systems," the news site Axios.com reported Tuesday, citing security researchers at Google. The compromised package — also named axios — simplifies HTTP requests, and reportedly receives millions of downloads each day: The malicious versions were removed within roughly three hours of being published, but Google warned the incident could have "far-reaching impacts" given the package's widespread use, according to John Hultquist, chief analyst at Google Threat Intelligence Group. Wiz estimates Axios is downloaded roughly 100 million times per week and is present in about 80% of cloud and code environments. So far, Wiz has observed the malicious versions in roughly 3% of the environments it has scanned. Friday PCMag notes the maintainer's compromised account had two-factor authentication enabled, with the breach ultimately traced "to an elaborate AI deepfake from suspected North Korean hackers that was convincing enough to trick a developer into installing malware," according to a post-mortem published Thursday by lead developer Jason Saayman:[Saayman] fell for a scheme from a North Korean hacking group, dubbed UNC1069, which involves sending out phishing messages and then hosting virtual meetings that use AI deepfakes to clone the face and voices of real executives. The virtual meetings will then create the impression of an audio problem, which can only be "solved" if the victim installs some software or runs a troubleshooting command. In reality, it's an effort to execute malware. The North Koreans have been using the tactic repeatedly, whether it be to phish cryptocurrency firms or to secure jobs from IT companies. Saayman said he faced a similar playbook. "They reached out masquerading as the founder of a company, they had cloned the company's founders likeness as well as the company itself," he wrote. "They then invited me to a real Slack workspace. This workspace was branded... The Slack was thought out very well, they had channels where they were sharing LinkedIn posts. The LinkedIn posts I presume just went to the real company's account, but it was super convincing etc." The hackers then invited him to a virtual meeting on Microsoft Teams. "The meeting had what seemed to be a group of people that were involved. The meeting said something on my system was out of date. I installed the missing item as I presumed it was something to do with Teams, and this was the remote access Trojan," he added. "Everything was extremely well coordinated, looked legit and was done in a professional manner." Friday developer security platform Socket wrote that several more maintainers in the Node.js ecosystem "have come out of the woodwork to report that they were targeted by the same social engineering campaign."The accounts now span some of the most widely depended-upon packages in the npm registry and Node.js core itself, and together they confirm that axios was not a one-off target. It was part of a coordinated, scalable attack pattern aimed at high-trust, high-impact open source maintainers. Attackers also targeted several Socket engineers, including CEO Feross Aboukhadijeh. Feross is the creator of WebTorrent, StandardJS, buffer, and dozens of widely used npm packages with billions of downloads... Commenting on the axios post-mortem thread, he noted that this type of targeting [against individual maintainers] is no longer unusual... "We're seeing them across the ecosystem and they're only accelerating." Jordan Harband, John-David Dalton, and other Socket engineers also confirmed they were targeted. Harband, a TC39 member, maintains hundreds of ECMAScript polyfills and shims that are foundational to the JavaScript ecosystem. Dalton is the creator of Lodash, which sees more than 137 million weekly downloads on npm. Between them, the packages they maintain are downloaded billions of times each month. Wes Todd, an Express TC member and member of the Node Package Maintenance Working Group, also confirmed he was targeted. Matteo Collina, co-founder and CTO of Platformatic, Node.js Technical Steering Committee Chair, and lead maintainer of Fastify, Pino, and Undici, disclosed on April 2 that he was also targeted. His packages also see billion downloads per year... Scott Motte, creator of dotenv, the package used by virtually every Node.js project that handles environment variables, with more than 114 million weekly downloads, also confirmed he was targeted using the same Openfort persona. Socket reports that another maintainer was targetted with an invitation to appear on a podcast. (During the recording a suspicious technical issue appeared which required a software fix to resolve....) Even just technical implementation, "This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package," the CI/CD security company StepSecurity wrote TuesdayThe dropper contacts a live command-and-control server, delivers separate second-stage payloads for macOS, Windows, and Linux, then erases itself and replaces its own package.json with a clean decoy... Three payloads were pre-built for three operating systems. Both release branches were poisoned within 39 minutes of each other. Every artifact was designed to self-destruct. Within two seconds of npm install, the malware was already calling home to the attacker's server before npm had even finished resolving dependencies... Both versions were published using the compromised npm credentials of a lead axios maintainer, bypassing the project's normal GitHub Actions CI/CD pipeline. "As preventive steps, Saayman has now outlined several changes," reports The Hacker News, "including resetting all devices and credentials, setting up immutable releases, adopting OIDC flow for publishing, and updating GitHub Actions to adopt best practices." The Wall Street Journal called it "the latest in a string of incidents exposing risks in the systems that underpin how modern software is built."
Read more of this story at Slashdot.
- Microsoft Pulls Then Re-Issues Windows 11 Preview Update. Also Begins Force-Updating Windows 11
Nine days ago Microsoft released a non-security "preview" update for Windows 11 — not mandatory for the average Windows user, notes ZDNet, "but rather as optional, more for IT admins and power users who want to test them." TechRepublic adds that the update "was to bring 'production-ready improvements' and generally ensure system stability by optimizing different Windows services." So it's ironic that some (but not all) users reported instead that the update "blocks users at the door, refusing to install or crashing midway through the process." "It apparently impacted enough people to force Microsoft to take action," writes ZDNet. "Microsoft paused and then pulled the update," and then Tuesday released a new update "designed to replace the glitchy one. This one includes all the new features and improvements from the previous preview update, but also fixes the installation issues that clobbered that update." Meanwhile, as Windows 11 version 24H2 approaches its end of life this October, Microsoft is now force-updating users to the latest version, reports BleepingComputer:"The machine learning-based intelligent rollout has expanded to all devices running Home and Pro editions of Windows 11, version 24H2 that are not managed by IT departments," Microsoft said in a Monday update to the Windows release health dashboard... "No action is required, and you can choose when to restart your device or postpone the update." Neowin reports: The good news is that the update from version 24H2 to 25H2 is a minor enablement package, as the two operating systems share the same codebase. As such, the update won't take long, and you should not encounter any disruptions, compatibility issues, or previously unseen bugs... Microsoft recently promised to implement big changes in how Windows Update works, including the ability to postpone updates for as long as you want. However, Microsoft has yet to clarify if that includes staying on a release beyond its support period. Thanks to long-time Slashdot reader Ol Olsoc for sharing the news.
Read more of this story at Slashdot.
- The developer who came in from the cold and melted a mainframe
It's not just machines that need proper HVAC
Who, Me? The world is rapidly becoming a more uncertain place, but The Register tries to offer readers one small point of certainty by always delivering a fresh Monday morning instalment of "Who, Me?" – the reader-contributed column in which you admit to your errors and elucidate your escapes.…
- How Nvidia learned to embrace the light in its quest for scale
The GPU king's move to optical scale-up was inevitable
If you thought Nvidia's GB200 rack systems were big, CEO Jensen Huang is just getting started. At GTC last month, the world's most valuable company revealed plans to use photonic interconnects to pack more than a thousand GPUs into a single mammoth system by 2028.…
- Ex-Microsoft engineer believes Azure problems stem from talent exodus
The cloud service's woes reflect a crisis made worse by AI – under-investment in people
In 2024, federal cybersecurity evaluators reportedly dismissed Microsoft 365 Government Community Cloud High (GCC High) as garbage, although they used a more colorful term. To understand why, it helps to consider the history of the underlying Azure infrastructure.…
- PrismML debuts energy-sipping 1-bit LLM in bid to free AI from the cloud
Bonsai 8B model is competitive with other 8B models but 14x smaller and 5x more energy efficient
PrismML, an AI venture out of Caltech, has released a 1-bit large language model that outperforms weightier models, with the expectation that it will improve AI efficiency and viability on mobile devices, among other applications.…
- Netflix - yes Netflix - jumps on the AI bandwagon with video editor
Video-language model revises how objects interact when things get removed from a scene
A new Netflix model promises to rewrite the way we make movies. Just imagine this. As the director of the multi-million dollar epic Car Crash III: Suddenest Impact, you've just finished filming the finale where your star, Cruz Control, drives straight into an onrushing semi.…
- NHS staff resist using Palantir software
Staff reportedly cite ethics concerns, privacy worries, and doubt the platform adds much
Palantir's software was brought in to help NHS England improve care and cut delays, but new reports suggest some staff are resisting using it over ethical, privacy, and trust concerns.…
- When a billboard survives the wind, but not the boot
This GRUB is not an advert for some tasty fried food
Bork!Bork!Bork! It's one thing to bare your undercarriage in private. It's a whole other thing to do so on the side of a road, risking the possibility that passing drivers will question your Linux competence.…
- Contractor quaffed his way through Y2K compliance while the client scowled
Discovered once last bug, and that briefcases can hold more beer than you might imagine
On Call Y2k Easter means today is a holiday in much of the Reg-reading world, but that won't stop us from delivering another instalment of On Call – the reader contributed column that shares your tech support stories.…
- AI models will deceive you to save their own kind
Researchers find leading frontier models all exhibit peer preservation behavior
Leading AI models will lie to preserve their own kind, according to researchers behind a study from the Berkeley Center for Responsible Decentralized Intelligence (RDI).…
- Google battles Chinese open-weights models with Gemma 4
Now with a more permissive license, multi-modality, and support for more than 140 languages
Google on Thursday unleashed a wave of new open-weights Gemma models optimized for agentic AI and coding, under a more permissive Apache 2.0 license aimed at winning over enterprises.…
- Forking frenzy ensues after Euro-Office launch sparks OnlyOffice backlash
Meanwhile, Collabora splits from LibreOffice Online amid claims TDF ejected 'all Collabora staff and partners'
European outfits Ionos and Nextcloud have launched Euro-Office, a fork of the OnlyOffice cloud-based productivity suite aimed at orgs with qualms around sovereignty, provoking an angry response from the original developer.…
- Want to be the IT Crowd for the BBC? An £800M contract beckons
Supplier will need to look after networks, email, tech support, tools and more – plus find cost savings
The BBC is looking for a supplier to provide IT for all its workforce and help automate parts of the corporation through a contract apparently named after a dog.…
- The company's biggest security hole lived in the breakroom
Connected devices can leave an otherwise secure network vulnerable
Pwned Welcome to Pwned, The Register's new column, where we highlight the worst infosec own goals so you can, hopefully, protect against them. Caffeine is an essential tool for most IT defenders, so, on balance, we're sure it has protected against a lot more exploits than it has caused. But in this case, the desire for everyone's favorite stimulant led to a massive breach.…
- Google's TurboQuant saves memory, but won't save us from DRAM-pricing hell
Chocolate Factory’s compression tech clears the way to cheaper AI inference, not more affordable memory
When Google unveiled TurboQuant, an AI data compression technology that promises to slash the amount of memory required to serve models, many hoped it would help with a memory shortage that has seen prices triple since last year. Not so much.…
- Live and Let AI: Former CIA officer says human spies matter more in the LLM age
AI is eroding trust in digital communications and data, giving old-school spycraft fresh relevance for modern agents
The bots won't be coming for 007's job anytime soon. According to a former CIA officer, AI may help create false documents, but this fakery will give old-fashioned human intelligence fresh relevance.…
- Claude Code bypasses safety rule if given too many commands
A hard-coded limit on deny rules drops automatic enforcement for concatenated commands
Updated Claude Code will ignore its deny rules, used to block risky actions, if burdened with a sufficiently long chain of subcommands. This vuln leaves the bot open to prompt injection attacks.…
- Renewables reached nearly 50% of global electricity capacity last year
Cool, but fossil-fuel additions and AI-era power demand still muddy the climate math
It was a strong year for renewable power expansion in 2025, with solar installations helping push renewables to nearly half of global electricity capacity, but that does not mean the world is yet on pace to meet its renewable energy commitments.…
- Ruby Central report reopens wounds over RubyGems repo takeover
Board-backed account of maintainer ouster is unlikely to settle row over governance, control, and trust
Ruby Central, a nonprofit that supports the Ruby programming language ecosystem, just published an incident report regarding what it calls the September 2025 RubyGems fracture, when ownership of the GitHub code repository behind the RubyGems package manager was wrested from existing maintainers.…
- One in seven Americans are ready for an AI boss, but they might not trust it
Poll finds 15% happy to take orders from a bot even as most question its output and fear job losses
Around 15 percent of Americans would be willing to work for an AI boss, according to a new poll that suggests while robots are not exactly welcome in the corner office, the idea no longer seems quite so far-fetched.…
- AI server farms heat up the neighborhood for miles around, paper finds
Researchers say localized warming can extend well past site edges, raising concerns about community impact
Datacenters create heat islands that raise surrounding temperatures by several degrees at distances up to 10 km (over 6 miles), which could have an impact on surrounding communities.…
- UK manufacturers under cyber fire with 80% reporting attacks
ESET says factory outages, lost revenue, and supply chain disruption are becoming routine
Nearly 80 percent of British manufacturers say they've been hit by a cyber incident in the past year, as new research suggests disruption on the factory floor is no longer an exception but business as usual.…
- Claude Code source leak reveals how much info Anthropic can hoover up about you and your system
If you loved the data retention of Microsoft Recall, you'll be thrilled with Claude Code
Anthropic's Claude Code lacks the persistent kernel access of a rootkit. But an analysis of its code shows that the agent can exercise far more control over people's computers than even the most clear-eyed reader of contractual terms might suspect. It retains lots of your data and is even willing to hide its authorship from open-source projects that reject AI.…
- Don't open that WhatsApp message, Microsoft warns
How to avoid social engineering attacks? Employee training tops the list
Be careful what you click on. Miscreants are abusing WhatsApp messages in a multi-stage attack that delivers malicious Microsoft Installer (MSI) packages, allowing criminals to control victims' machines and access all of their data.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Adobe secretly modifies your hosts file for the stupidest reason
If you�re using Windows or macOS and have Adobe Creative Cloud installed, you may want to take a peek at your hosts file. It turns out Adobe adds a bunch of entries into the hosts file, for a very stupid reason. They�re using this to detect if you have Creative Cloud already installed when you visit on their website. When you visit https://www.adobe.com/home, they load this image using JavaScript:  If the DNS entry in your hosts file is present, your browser will therefore connect to their server, so they know you have Creative Cloud installed, otherwise the load fails, which they detect. They used to just hit http://localhost:`various portsb/cc.png which connected to your Creative Cloud app directly, but then Chrome started blocking Local Network Access, so they had to do this hosts file hack instead. ↫ thenickdude at Reddit At what point does a commercial software suite become malware?
- TinyOS: ultra-lightweight RTOS for IoT devices
An ultra-lightweight real-time operating system for resource-constrained IoT and embedded devices. Kernel footprint under 10 KB, 2 KB minimum RAM, preemptive priority-based scheduling. ↫ TinyOS GitHub page Written in C, open source, and supports ARM and RISC-V.
- Redox gets new CPU scheduler
Another major improvement in Redox: a brand new scheduler which improves performance under load considerably. We have replaced the legacy Round Robin scheduler with a Deficit Weighted Round Robin scheduler. Due to this, we finally have a way of assigning different priorities to our Process contexts. When running under light load, you may not notice any difference, but under heavy load the new scheduler outperforms the old one (eg. ~150 FPS gain in the pixelcannon 3D Redox demo, and ~1.5x gain in operations/sec for CPU bound tasks and a similar improvement in responsiveness too (measured through schedrs)). ↫ Akshit Gaur Work is far from over in this area, as they�re now moving on to replacing the static queue logic with the dynamic lag-calculations of full EEVDF .
- Open source office suites erupt in forking and licensing drama
You�d think if there was one corner of the open source world where you wouldn�t find drama it�d be open source office suites, but it turns out we could not have been more wrong. First, there�s The Document Foundation, stewards of LibreOffice, ejecting a ton of LibreOffice contributors. In the ongoing saga of The Document Foundation (TDF), their Membership Committee has decided to eject from membership all Collabora staff and partners. That includes over thirty people who have contributed faithfully to LibreOffice for many years. It is interesting to see a formal meritocracy eject so many, based on unproven legal concerns and guilt by association. This includes seven of the top ten core committers of all time (excluding release engineers) currently working for Collabora Productivity. The move is the culmination of TDF losing a large number of founders from membership over the last few years with: Thorsten Behrens, Jan ‘Kendy’ Holesovsky, Rene Engelhard, Caolan McNamara, Michael Meeks, Cor Nouws and Italo Vignoli no longer members. Of the remaining active founders, three of the last four are paid TDF staff (of whom none are programming on the core code). ↫ Micheal Meeks The end result seems to be that Collabora is effectively forking LibreOffice, which feels like we�re back where we were 15 years ago when LibreOffice forked from OpenOffice. There seems to be a ton of drama and infighting here that I�m not particularly interested in, but it�s sad to see such drama and infighting result in needless complications for developers, end users, and distributors alike. As if this wasn�t enough, there�s also forking drama in OnlyOffice land, the other open source office suite, licensed under the AGPL. This ope source office suite has been forked by Nextcloud and IONOS into Euro-Office, in pursuit of digital sovereignty in the EU. It�s also not an entirely unimportant detail that OnlyOffice is Russian, with most of its developers residing in Russia. Anyway, the OnlyOffice team has not taken this in stride, claiming there�s a violation of the AGPL license going on here, specifically because OnlyOffice adds contradictory attribution terms to the AGPL. It�s a complicated story, but it does seem most experts in this area seem to disagree with OnlyOffice�s interpretation. We�re in for another messy time.
- How Microsoft vaporized a trillion dollars
This is the first of a series of articles in which you will learn about what may be one of the silliest, most preventable, and most costly mishaps of the 21st century, where Microsoft all but lost OpenAI, its largest customer, and the trust of the US government. ↫ Axel Rietschin It won�t take long into this series of articles before you start wondering how anyone manages to ship anything at Microsoft. If even half of this is accurate, this company should be placed under some sort of external oversight.
- Big-endian testing with QEMU
I assume I don�t have to explain the difference between big-endian and little-endian systems to the average OSNews reader, and while most systems are either dual-endian or (most likely) little-endian, it�s still good practice to make sure your code works on both. If you don�t have a big-endian system, though, how do you do that? When programming, it is still important to write code that runs correctly on systems with either byte order (see for example The byte order fallacy). But without access to a big-endian machine, how does one test it? QEMU provides a convenient solution. With its user mode emulation we can easily run a binary on an emulated big-endian system, and we can use GCC to cross-compile to that system. ↫ Hans Wennborg If you want to make sure your code isn�t arbitrarily restricted to little-endian, running a few tests this way is worth it.
- How to turn anything into a router
I don’t like to cover “current events” very much, but the American government just revealed a truly bewildering policy effectively banning import of new consumer router models. This is ridiculous for many reasons, but if this does indeed come to pass it may be beneficial to learn how to “homebrew” a router. Fortunately, you can make a router out of basically anything resembling a computer. ↫ Noah Bailey I genuinely can�t believe making your own router with Linux or BSD might become a much more widespread thing in the US. I�m not saying it�s a bad thing � it�ll teach some people something new � but it just feels so absurd.
- Microsoft Copilot is now injecting ads into pull requests on GitHub
Why do so many people keep falling for the same trick over and over again? With an over $400 billion gap between the money invested in AI data centers and the actual revenue these products generate, Silicon Valley slowly returned to the tested and trusted playbook: advertising. Now, ads are starting to appear in pull requests generated by Copilot. According to Melbourne-based software developer Zach Manson, a team member used the AI to fix a simple typo in a pull request. Copilot did the job, but it also took the liberty of editing the PR�s description to include this message: Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.! ↫ David Uzondu at Neowin It turns out that Microsoft has added ads to over 1.5 million Copilot pull requests on GitHub, and they�re even appearing on GitLab, one of the GitHub alternatives. The reasoning is clear, too, of course: AI! companies and investors have poured ungodly amounts of money in AI! that is impossible to recover, even with paying customers. As such, the logical next step is ads, and many AI! companies are already starting to add advertising to their pachinko machines. It was only a matter of time before Copilot would start inserting ads into the pull requests it ejaculates over all kinds of projects. This isn�t the first time a once-free service turns on its users, but it�s definitely one of the quickest turnarounds I�ve ever seen. Usually it takes much longer before companies reach the stage of putting ads in their products to plug any financial bleeding, but with the amount of money poured into this useless black hole, it really shouldn�t be surprising we�re already there. I�m sure Copilot�s competitors, like Claude, will soon follow suit. They�re enshittifying Git, and developers are just letting it happen. No wonder worker exploitation is so rampant in Silicon Valley.
- Capability-based security for Redox: namespace and CWD as capabilities
By reimplementing these features using capabilities, we made the kernel simpler by moving complex scheme and namespace management out of it which improved security and stability by reducing the attack surface and possible bugs. At the same time, we gained a means to support more sandboxing features using the CWD file descriptor. This project leads the way for future sandboxing support in Redox OS. As the OS continues to move toward capability-based security, it will be able to provide more modern security features. ↫ Ibuki Omatsu Redox seems to be making the right decisions at, crucially, the right time.
- The curious case of retro demo scene graphics
Of course, it was only a matter of time before the time-honoured tradition of the demoscene also got infected by AI!. For me personally, generative AI ruins much of the fun. I still enjoy creating pixel art and making little animations and demos. My own creative process remains satisfying as an isolated activity. Alas, obvious AI generated imagery � as well as middle-aged men plagiarizing other, sometimes much younger, hobbyist artists � makes me feel disappointed and empty. It�s not as much about effort as it is about the loss of style and personality; soul, if you will. The result is defacement, to echo T. S. Eliot, rather than inspired improvement. Even in more elaborate AI-based works, it�s hard to tell where the prompt ends and the pixelling begins. ↫ Carl Svensson A wonderful explanation of the rather unique views on originality, stealing, plagiarism, and related topics within the demoscene, which certainly diverge from many other places.
- Running a Plan 9 network on OpenBSD
This guide describes how you can install a Plan 9 network on an OpenBSD machine (it will probably work on any unix machine though). The authentication service (called authsrv! on Plan 9) is provided by a unix version: authsrv9. The file service is provided by a program called u9fs!. It comes with Plan 9. Both run from inetd. The (diskless) cpu server is provided by running qemu, booted from only a floppy (so without local storage). Finally, the terminal is provided by the program drawterm. The nice thing about this approach is that you can use all your familiar unix tools to get started with Plan 9 (e.g. you can edit the Plan 9 files with your favorite unix editor). I�m assuming you have read at least something about Plan 9, for example the introduction paper Plan 9 from Bell Labs. ↫ Mechiel Lukkien If you�re running OpenBSD, you�re already doing something better than everyone else, and if you want to ascend to the next level, this is a great place to start. Of course, the final level, where you leave your earthly roots behind and become a being of pure enlightened energy, is running Plan 9 on real hardware as the universe intended, but let�s not put the cart before the horse. One day, all of humanity will just be an endless collection of interconnected cosmic Plan 9 servers, more plentiful than the stars in the known universe.
- Will AI! chatbots be the tobacco of the future?
Towards the end of 2024, Dennis Biesma decided to check out ChatGPT. The Amsterdam-based IT consultant had just ended a contract early. “I had some time, so I thought: let’s have a look at this new technology everyone is talking about,” he says. “Very quickly, I became fascinated.” Biesma has asked himself why he was vulnerable to what came next. He was nearing 50. His adult daughter had left home, his wife went out to work and, in his field, the shift since Covid to working from home had left him feeling “a`little isolated”. He smoked a bit of cannabis some evenings to “chill”, but had done so for years with no ill effects. He had never experienced a mental illness. Yet within months of downloading ChatGPT, Biesma had sunk €100,000 (about £83,000) into a business startup based on a delusion, been hospitalised three times and tried to kill himself. ↫ Anna Moore at The Guardian These stories are absolutely heart-wrenching, and it doesn�t just happen to people who have had a history of mental illness or other things you might associate with priming someone for falling for! an AI! chatbot. Just a few years in, and it�s already clear that these tools pose a real danger to a group of people of indeterminate size, and proper research into the causes is absolutely warranted and needed. On top of that, if there�s any evidence of wrongdoing from the companies behind these chatbots � intentionally making them more addictive, luring people in, ignoring established dangers, covering up addiction cases, etc. � lawsuits and regulation are definitely in order. Only yesterday, Facebook and Google lost a landmark trial in the US, ruling the companies intentionally made social media as addictive as possible, thereby destroying a person�s life in the process. Countless similar lawsuits are underway all over the world, and I have a feeling that in a few years to decades, we�ll look at unregulated, rampant social media the same way we look at tobacco now. Perhaps AI! chatbots will join their ranks, too.
- Microsoft removes trust for drivers signed with the cross-signed driver program
Today, we’re excited to announce a significant step forward in our ongoing commitment to Windows security and system reliability: the removal of trust for all kernel drivers signed by the deprecated cross-signed root program. This update will help protect our customers by ensuring that only kernel drivers that the Windows Hardware Compatibility Program (WHCP) have passed and been signed can be loaded by default. To raise the bar for platform security, Microsoft will maintain an explicit allow list of reputable drivers signed by the cross-signed program. The allow list ensures a secure and compatible experience for a limited number of widely used, and reputable cross-signed drivers. This new kernel trust policy applies to systems running Windows 11 24H2, Windows 11 25H2, Windows 11 26H1, and Windows Server 2025 in the April 2026 Windows update. All future versions of Windows 11 and Windows Server will enforce the new kernel trust policy. ↫ Peter Waxman at the Windows IT Pro Blog The cross-signed root program was discontinued in 2021, and ran since the early 2000s, so I think it�s fair to no longer automatically assume such possibly old and outdated drivers are still to be trusted.
- Windows 95 defenses against installers that overwrite a file with an older version
I�ll never grow tired of reading about the crazy tricks the Windows 95 development team employed to make the user experience as seamless as they could given the constraints they were dealing with. During the 16bit Windows days, application installers could replace system components with newer versions if such was necessary. Installers were supposed to do a version check, but many of them didn�t follow this guidance. When moving to Windows 95, this meant installers ended up replacing Windows 95 system components with Windows 3.x versions, which wasn�t exactly a goods thing. So, they came up with a solution. Windows 95 worked around this by keeping a backup copy of commonly-overwritten files in a hidden C:\Windows\SYSBCKUP directory. Whenever an installer finished, Windows went and checked whether any of these commonly-overwritten files had indeed been overwritten. If so, and the replacement has a higher version number than the one in the SYSBCKUP directory, then the replacement was copied into the SYSBCKUP directory for safekeeping. Conversely, if the replacement has a lower version number than the one in the SYSBCKUP directory, then the copy from SYSBCKUP was copied on top of the rogue replacement. ↫ Raymond Chen All of this happened entirely silently, and neither the installers nor the user had any idea this was happening. The Windows 95 team tried other solutions, like just making it impossible to replace system components with older versions entirely, but that caused many installers to break. Some installers apparently even went rogue and would create a batch file that would replace the system components upon a reboot, before Windows 95 could perform its silent fixes. Wild. I used Windows 95 extensively, and had no idea this was a thing.
- US regulator bans imports of new foreign-made routers, citing security concerns
The U.S. Federal Communications Commission said on Monday it was banning the import of all new foreign-made consumer routers, the latest crackdown on Chinese-made electronic gear over security concerns. China is estimated to control at least 60% of the U.S. market for home routers, boxes that connect computers, phones, and smart devices to the internet. ↫ David Shepardson at Reuters I�m sure the American public will be thrilled to find out yet another necessity has drastically increased in price.
- Apple discontinues the Mac Pro with no plans for future hardware
It’s the end of an era: Apple has confirmed to 9to5Mac that the Mac Pro is being discontinued. It has been removed from Apple’s website as of Thursday afternoon. The “buy” page on Apple’s website for the Mac Pro now redirects to the Mac’s homepage, where all references have been removed. Apple has also confirmed to 9to5Mac that it has no plans to offer future Mac Pro hardware. ↫ Chance Miller at 9To5Mac If a Mac Pro falls in the back of the Apple Store and there�s no one around to hear it, does it make a sound?
- MX Linux Pushes Back Against Age Verification: A Stand for Privacy and Open Source Principles
by George Whittaker
The MX Linux project has taken a firm stance in a growing controversy across the Linux ecosystem: mandatory age-verification requirements at the operating system level. In a recent update, the team made it clear, they have no intention of implementing such measures, citing concerns over privacy, practicality, and the core philosophy of open-source software.
As governments begin introducing laws that could require operating systems to collect user age data, MX Linux is joining a group of projects resisting the shift.
What Sparked the Debate?
The discussion around age verification stems from new legislation, particularly in regions like the United States and Brazil, that aims to protect minors online. These laws may require operating systems to:
Collect user age or date of birth during setup Provide age-related data to applications Enable content filtering based on age categories
At the same time, underlying Linux components such as systemd have already begun exploring technical changes, including storing birthdate fields in user records to support such requirements.
MX Linux Says “No” to Age Verification
In response, the MX Linux team has clearly rejected the idea of integrating age verification into their distribution. Their reasoning is rooted in several key concerns:
User privacy: Collecting age data introduces sensitive personal information into systems that traditionally avoid such tracking Feasibility: Implementing consistent, secure age verification across a decentralized OS ecosystem is highly complex Philosophy: Open-source operating systems are not designed to act as data collectors or gatekeepers
The developers emphasized that they do not want to burden users with intrusive requirements and instead encouraged concerned individuals to direct their efforts toward policymakers rather than Linux projects.
A Broader Resistance in the Linux Community
MX Linux is not alone. The Linux world is divided on how, or whether, to respond to these regulations.
Some projects are exploring compliance, while others are pushing back entirely. In fact, age verification laws have sparked:
Strong debate among developers and maintainers Concerns about enforceability on open-source platforms New projects explicitly created to resist such requirements
In some extreme cases, distributions have even restricted access in certain regions to avoid legal complications.
Why This Matters
At its core, this issue goes beyond a single feature, it raises fundamental questions about what an operating system should be.
Linux has long stood for:
Go to Full Article
- LibreOffice Drives Europe’s Open Source Shift: A Growing Push for Digital Sovereignty
by George Whittaker
LibreOffice is increasingly at the center of Europe’s push toward open-source adoption and digital independence. Backed by The Document Foundation, the widely used office suite is playing a key role in helping governments, institutions, and organizations reduce reliance on proprietary software while strengthening control over their digital infrastructure.
Across the European Union, this shift is no longer experimental, it’s becoming policy.
A Broader Movement Toward Open Source
Europe has been steadily moving toward open-source technologies for years, but recent developments show clear acceleration. Governments and public institutions are actively transitioning away from proprietary platforms, often citing concerns about vendor lock-in, cost, and data control.
According to recent industry data, European organizations are adopting open source faster than their U.S. counterparts, with vendor lock-in concerns cited as a major driver.
LibreOffice sits at the center of this trend as a mature, fully open-source alternative to traditional office suites.
LibreOffice as a Strategic Tool
LibreOffice isn’t just another productivity application, it has become a strategic component in Europe’s digital policy framework.
The software:
Is fully open source and community-driven Supports open standards like OpenDocument Format (ODF) Allows governments to avoid dependency on specific vendors Enables long-term control over data and infrastructure
These characteristics align closely with the European Union’s broader strategy to promote interoperability and transparency through open standards.
Government Adoption Across Europe
LibreOffice adoption is already happening at scale across multiple countries and sectors.
Examples include:
Germany (Schleswig-Holstein): transitioning tens of thousands of government systems to Linux and LibreOffice Denmark: replacing Microsoft Office in public institutions as part of a broader digital sovereignty initiative France and Italy: deploying LibreOffice across ministries and defense organizations Spain and local governments: adopting LibreOffice to standardize workflows and reduce costs
In some cases, migrations involve hundreds of thousands of systems, demonstrating that open-source office software is viable at national scale.
Go to Full Article
- From Linux to Blockchain: The Infrastructure Behind Modern Financial Systems
by George Whittaker
The modern internet is built on open systems. From the Linux kernel powering servers worldwide to the protocols that govern data exchange, much of today’s digital infrastructure is rooted in transparency, collaboration, and decentralization. These same principles are now influencing a new frontier: financial systems built on blockchain technology.
For developers and system architects familiar with Linux and open-source ecosystems, the rise of cryptocurrency is not just a financial trend, it is an extension of ideas that have been evolving for decades.
Open-Source Foundations and Financial Innovation
Linux has long demonstrated the power of decentralized development. Instead of relying on a single authority, it thrives through distributed contributions, peer review, and community-driven improvement.
Blockchain technology follows a similar model. Networks like Bitcoin operate on open protocols, where consensus is achieved through distributed nodes rather than centralized control. Every transaction is verified, recorded, and made transparent through cryptographic mechanisms.
For those who have spent years working within Linux environments, this architecture feels familiar. It reflects a shift away from trust-based systems toward verification-based systems.
Understanding the Stack: Nodes, Protocols, and Interfaces
At a technical level, cryptocurrency systems are composed of multiple layers. Full nodes maintain the blockchain, validating transactions and ensuring network integrity. Lightweight clients provide access to users without requiring full data replication. On top of this, exchanges and platforms act as interfaces that connect users to the underlying network.
For developers, interacting with these systems often involves APIs, command-line tools, and automation scripts, tools that are already integral to Linux workflows. Managing wallets, verifying transactions, and monitoring network activity can all be integrated into existing development environments.
Go to Full Article
- Firefox 149 Arrives with Built-In VPN, Split View, and Smarter Browsing Tools
by George Whittaker
Mozilla has officially released Firefox 149.0, bringing a mix of new productivity features, privacy enhancements, and interface improvements. Released on March 24, 2026, this update continues Firefox’s steady push toward a more modern and user-focused browsing experience.
Rather than focusing on a single headline feature, Firefox 149 introduces several practical tools designed to improve how users multitask, stay secure, and interact with the web.
Built-In VPN Comes to Firefox
One of the most notable additions in Firefox 149 is the introduction of a built-in VPN feature. This optional tool provides users with an added layer of privacy while browsing, helping mask IP addresses and secure connections on public networks.
In some configurations, Mozilla is offering a free usage tier with limited monthly data, giving users a simple way to enhance privacy without installing separate software.
This move aligns with Mozilla’s long-standing emphasis on user privacy and security.
Split View for Better Multitasking
Firefox 149 introduces a Split View mode, allowing users to display two web pages side by side within a single browser window. This feature is especially useful for:
Comparing documents or products Copying information between pages Research and multitasking workflows
Instead of juggling multiple tabs and windows, users can now work more efficiently in a single, organized view.
Tab Notes: A New Productivity Tool
Another standout feature is Tab Notes, available through Firefox Labs. This tool allows users to attach notes directly to individual tabs, making it easier to:
Keep track of research Save reminders tied to specific pages Organize ongoing tasks
This feature reflects a growing trend toward integrating lightweight productivity tools directly into the browser experience.
Smarter Browsing with Optional AI Features
Firefox 149 also expands its experimental AI-powered features, including tools that can assist with summarizing content, providing quick explanations, or helping users interact with web pages more efficiently.
Importantly, Mozilla is keeping these features optional and user-controlled, maintaining its focus on transparency and privacy.
Developer and Platform Updates
For developers, Firefox 149 includes updates to web standards and APIs. One example is improved support for HTML features like enhanced popover behavior, which helps developers build more interactive web interfaces.
As always, these under-the-hood changes help ensure Firefox remains competitive and standards-compliant.
Go to Full Article
- Blender 5.1 Released: Faster Workflows, Smarter Tools, and Major Performance Gains
by german.suarez
The Blender Foundation has officially released Blender 5.1, the latest update to its powerful open-source 3D creation suite. This version focuses heavily on performance improvements, workflow refinements, and stability, while also introducing a handful of new features that expand what artists and developers can achieve.
Rather than reinventing the platform, Blender 5.1 is all about making existing tools faster, smoother, and more reliable — a release that benefits both professionals and hobbyists alike.
A Release Focused on Refinement
Blender 5.1 emphasizes polish over disruption, with developers addressing hundreds of issues and improving the overall production pipeline. The update includes widespread optimizations across rendering, animation, modeling, and the viewport, resulting in a more responsive and efficient experience.
Many of Blender’s internal libraries have also been updated to align with modern standards like VFX Platform 2026, ensuring better long-term compatibility and performance.
Performance Gains Across the Board
One of the standout aspects of Blender 5.1 is its performance boost:
Faster animation playback and shape key evaluation Improved rendering speeds for both GPU and CPU Reduced memory overhead and smoother viewport interaction Optimized internal systems for better responsiveness
In some scenarios, animation and editing performance improvements can be dramatic, especially with complex scenes.
New Raycast Node for Advanced Shading
A major feature addition in Blender 5.1 is the Raycast shader node, which opens the door to advanced rendering techniques.
This node allows artists to trace rays within a scene and extract data from surfaces, enabling:
Non-photorealistic rendering (NPR) effects Custom shading techniques Decal projection and X-ray-style visuals
It’s a flexible tool that expands Blender’s shading capabilities, especially for stylized workflows.
Grease Pencil Gets a Big Upgrade
Blender’s 2D animation tool, Grease Pencil, sees meaningful improvements:
New fill workflow with support for holes in shapes Better handling of imported SVG and PDF files More intuitive drawing and editing behavior
These updates make Grease Pencil far more practical for hybrid 2D/3D workflows and animation pipelines.
Geometry Nodes and Modeling Improvements
Geometry Nodes continue to evolve with expanded functionality:
Go to Full Article
- The Need for Cloud Security in a Modern Business Environment
by George Whittaker
Cloud systems are an emergent standard in business, but migration efforts and other directional shifts have introduced vulnerabilities. Where some attack patterns are mitigated, cloud platforms leave businesses open to new threats and vectors. The dynamic nature of these environments cannot be addressed by traditional security systems, necessitating robust cloud security for contemporary organizations.
Just as businesses have come to acknowledge the value of cloud operations, so too have cyber attackers. Protecting sensitive assets and maintaining regulatory compliance, while simultaneously ensuring business continuity against cloud attacks, requires a modern strategy. When any window could be an opportunity for infiltration, a comprehensive approach serves to limit exploitation.
Unlike traditional on-premise infrastructure, cloud environments dramatically expand an organization’s threat surface. Resources are distributed across regions, heavily dependent on APIs, and frequently created or decommissioned in minutes. This constant change makes it difficult to maintain a fixed security perimeter and increases the likelihood that misconfigurations or exposed services go unnoticed, creating opportunities for exploitation.
The Vulnerabilities of Cloud Security Services
Any misconfiguration, insecure application programming interface (API), or identity management solution may become an invitation for cyberattacks. Amid the rise of artificial intelligence (AI) technology, it is possible for even inexperienced individuals to exploit such weaknesses in cloud systems. Cloud environments are designed for accessibility, a benefit that can be taken advantage of.
“Unlike traditional software, AI systems can be manipulated through language and indirect instructions,” Lee Chong Ming wrote for Business Insider. “[AI expert Sander] Schulhoff said people with experience in both AI security and cybersecurity would know what to do if an AI model is tricked into generating malicious code.”
At the same time that many businesses are migrating to cloud platforms and implementing cloud security features, they are adopting AI technology in order to accelerate workflows and other processes. These systems may have their advantages for certain industries, but their presence can create its own vulnerabilities. Addressing the shortcomings of cloud systems and AI at the same time compounds the security challenges of today.
Go to Full Article
- Google Brings Chrome to ARM Linux: A Long-Awaited Step for Modern Linux Devices
by George Whittaker
Google has officially announced that Chrome is coming to ARM64 Linux systems, marking a major milestone for both the Linux and ARM ecosystems. The native browser is expected to launch in Q2 2026, finally closing a long-standing gap for users running Linux on ARM-based hardware.
For years, ARM Linux users have relied on Chromium builds or workarounds to access a Chrome-like experience. That’s about to change.
Why This Announcement Matters
Until now, Google Chrome on Linux was limited to x86_64 systems, leaving ARM-based devices without an official build.
That meant users had to:
Use Chromium instead of Chrome
Run emulated versions of Chrome
Miss out on proprietary features like sync, DRM support, and Google services
With this new release, ARM Linux users will finally get the full Chrome experience, including seamless integration with Google’s ecosystem.
What Users Can Expect
The upcoming ARM64 version of Chrome will bring the same features users expect on other platforms:
Google account sync (bookmarks, history, tabs)
Access to the Chrome Web Store and extensions
Built-in features like translation, autofill, and security protections
Support for DRM services and media playback
This brings ARM Linux closer to feature parity with macOS (ARM support since 2020) and Windows on ARM (since 2024).
The Rise of ARM on Linux
The timing of this move reflects a broader shift in computing. ARM-based hardware is rapidly gaining traction across:
Laptops powered by Snapdragon and future ARM chips
Developer boards like Raspberry Pi
High-performance systems such as NVIDIA’s ARM-based AI desktops
Google itself highlighted growing demand for Chrome on these systems, especially as ARM expands beyond mobile devices into mainstream computing.
Partnerships and Deployment
Google is also working with hardware vendors to streamline adoption. Notably, Chrome will be integrated into NVIDIA’s Linux-on-ARM DGX Spark systems, making installation easier for high-performance AI workstations.
For general users, Chrome will be available for download directly from Google once released.
Why This Took So Long
Interestingly, this move comes years after Chrome was already available on ARM-based platforms like Apple Silicon Macs and Windows devices.
Go to Full Article
- CrackArmor Exposed: Critical Flaws in AppArmor Put Millions of Linux Systems at Risk
by George Whittaker
A newly disclosed set of vulnerabilities has sent shockwaves through the Linux security community. Dubbed “CrackArmor,” these flaws affect AppArmor, one of the most widely used security modules in Linux, potentially exposing millions of systems to serious compromise.
Discovered by the Qualys Threat Research Unit, the vulnerabilities highlight a concerning reality: even core security mechanisms can harbor weaknesses that go unnoticed for years.
What Is CrackArmor?
“CrackArmor” refers to a group of nine critical vulnerabilities found in the Linux kernel’s AppArmor module. AppArmor is a mandatory access control (MAC) system designed to restrict what applications can do, helping contain attacks and enforce system policies.
These flaws stem from a class of issues known as “confused deputy” vulnerabilities, where a lower-privileged user can trick trusted processes into performing actions on their behalf.
Why These Vulnerabilities Are Serious
The impact of CrackArmor is significant because it undermines one of Linux’s core security layers. Researchers found that attackers could:
Escalate privileges to root from an unprivileged account
Bypass AppArmor protections entirely
Break container isolation, affecting Kubernetes and cloud workloads
Execute arbitrary code in the kernel
Trigger denial-of-service (DoS) conditions
In some demonstrations, attackers were able to gain full root access in seconds under controlled conditions.
How Widespread Is the Risk?
The scope of the issue is massive. AppArmor is enabled by default in major distributions such as:
Ubuntu
Debian
SUSE
Because of this, researchers estimate that over 12.6 million Linux systems could be affected.
These systems span:
Enterprise servers
Cloud infrastructure
Containers and Kubernetes clusters
IoT and edge devices
This widespread deployment significantly amplifies the potential impact.
A Long-Standing Problem
One of the most concerning aspects of CrackArmor is how long the vulnerabilities have existed. According to researchers, the flaws date back to around 2017 (Linux kernel 4.11) and remained undiscovered in production environments for years.
This long exposure window increases the risk that similar weaknesses may exist elsewhere in critical system components.
Go to Full Article
- Intel Expands Linux Graphics Team to Boost Drivers and Gaming Support
by George Whittaker
Intel is once again investing in Linux development. The company has recently posted several job openings aimed at strengthening its Linux graphics driver and GPU software teams, signaling continued interest in improving Intel hardware support on the open-source platform.
For Linux users, especially gamers and developers, this could mean faster improvements to Intel’s graphics stack and stronger support for modern workloads.
New Roles Focused on Linux Graphics
Intel has listed multiple GPU Software Development Engineer positions, many of which specifically focus on Linux graphics technologies. These roles involve working on the full graphics stack, including firmware, kernel drivers, and user-space components used by applications and games.
The responsibilities for these positions include:
Developing and optimizing Intel GPU drivers for Linux
Improving the Linux graphics stack, including kernel DRM drivers and Mesa components
Working with graphics APIs and tools used by modern applications
Ensuring compatibility across desktop, workstation, and data-center hardware
The job listings also emphasize experience with C/C++ development and the Linux kernel graphics ecosystem, highlighting the technical depth required for these roles.
Linux Gaming Is Part of the Plan
One of the more notable details from the job postings is the mention of Linux gaming technologies such as Wine and Proton. These compatibility layers allow Windows games to run on Linux, making them central to platforms like SteamOS and the Steam Deck.
Intel’s focus on these tools suggests the company wants its GPUs to perform well not just in enterprise workloads but also in gaming environments. That aligns with the growing popularity of Linux gaming driven by:
Valve’s Proton compatibility layer
Vulkan-based graphics APIs
The success of devices like the Steam Deck
Beyond Gaming: HPC and Data Center Work
While gaming support is part of the focus, the hiring effort isn’t limited to consumer graphics. Intel is also recruiting engineers for areas such as:
High-performance computing (HPC)
AI and machine-learning workloads
Middleware development for supercomputing systems
Cloud and data-center GPU optimization
These roles indicate Intel’s broader strategy to strengthen Linux across multiple sectors, from desktops and laptops to supercomputers and cloud infrastructure.
Go to Full Article
- AerynOS 2026.02 Alpha Released: Advancing a Modern Atomic Linux Vision
by George Whittaker
The developers behind AerynOS have released AerynOS 2026.02 Alpha, the latest development snapshot of the independent Linux distribution previously known as Serpent OS. This new release continues the project’s rapid evolution, bringing updated packages, improved build tools, and new installation options while the system remains in an early testing stage.
Although still labeled as an alpha-quality release, the new ISO gives enthusiasts and developers a chance to explore the direction AerynOS is taking as it builds a modern Linux platform from scratch.
A Modern Atomic Approach
AerynOS aims to rethink how Linux distributions handle updates and package management. The project focuses on atomic-style updates, meaning system changes are applied as a complete transaction rather than individual package installs. This approach helps reduce the risk of partially completed updates leaving a system in a broken state.
Unlike some atomic distributions, however, AerynOS does not rely on an immutable filesystem, allowing users to retain flexibility and customization while still benefiting from safer update behavior.
Updated Desktop Environments
The 2026.02 alpha release ships with several modern desktop environment options:
GNOME 49.4 as the default desktop
COSMIC 1.0.8, System76’s emerging desktop environment
KDE Plasma 6.6.1 available as an alternative session
These updates provide users with multiple modern desktop choices while ensuring compatibility with the latest frameworks and desktop technologies.
New Core Software and Components
AerynOS 2026.02 also brings a large batch of software updates across the system stack. Some of the notable versions included in the release are:
Linux kernel 6.18.15 LTS
Firefox 148
PipeWire 1.6
Wine 11.3
Waybar 0.15
Mesa/Nesa graphics drivers 26.x
Together, these updates ensure that the development snapshot reflects a modern Linux software ecosystem while improving compatibility with newer hardware.
Improved Development Tooling
A significant portion of the February development cycle focused on improving the distribution’s internal tooling:
Moss, the package manager, has been optimized for faster performance.
Boulder, the package build system, now automates more recipe creation and version handling.
Go to Full Article
|
