|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- [$] Objections to systemd age-attestation changes go overboard
In early March, Dylan M. Taylor submitted a pull request to add a fieldto store a user's birth date in systemd's JSON user records. This was done to allowapplications to store the date to facilitate compliance with age-attestation and-verification laws. It was to be expected that some members of the community wouldobject; the actual response, however, has been shockingly hostile. Some of this hasbeen fueled by a misinformation campaign that has targeted the systemd project andTaylor specifically, resulting in Taylor being doxxed and receiving deaththreats. Such behavior is not just problematic; it is also deeply misguided given theactual nature of the changes.
- Vulnerability Research Is Cooked (sockpuppet.org)
There is ablog post on sockpuppet.org arguing that we are not prepared for theupcoming flood of high-quality, LLM-generated vulnerability reports andexploits.
Now consider the poor open source developers who, for the last 18 months, have complained about a torrent of slop vulnerability reports. I'd had mixed sympathies, but the complaints were at least empirically correct. That could change real fast. The new models find real stuff. Forget the slop; will projects be able to keep up with a steady feed of verified, reproducible, reliably-exploitable sev:hi vulnerabilities? That's what's coming down the pipe.
Everything is up in the air. The industry is sold on memory-safe software, but the shift is slow going. We've bought time with sandboxing and attack surface restriction. How well will these countermeasures hold up? A 4 layer system of sandboxes, kernels, hypervisors, and IPC schemes are, to an agent, an iterated version of the same problem. Agents will generate full-chain exploits, and they will do so soon.
Meanwhile, no defense looks flimsier now than closed source code. Reversing was already mostly a speed-bump even for entry-level teams, who lift binaries into IR or decompile them all the way back to source. Agents can do this too, but they can also reason directly from assembly. If you want a problem better suited to LLMs than bug hunting, program translation is a good place to start.
- Security updates for Tuesday
Security updates have been issued by AlmaLinux (firefox, kernel, and kernel-rt), Debian (phpseclib and roundcube), Fedora (bind, bind-dyndb-ldap, dotnet8.0, dotnet9.0, firefox, freerdp, mingw-expat, musescore, nss, ntpd-rs, perl-YAML-Syck, php-phpseclib3, polkit, pyOpenSSL, python3.12, rust, rust-cargo-rpmstatus, rust-cargo-vendor-filterer, stgit, webkitgtk, and xen), SUSE (dovecot24, ImageMagick, jupyter-nbclassic, kernel, libjxl, libsuricata8_0_4, obs-service-recompress, obs-service-tar_scm, obs-service-set_version, openbao, perl-Crypt-URandom, plexus-utils, python-pyasn1, python-PyJWT, strongswan, traefik, traefik2, and webkit2gtk3), and Ubuntu (gst-plugins-base1.0, gst-plugins-good1.0, imagemagick, pillow, pyasn1, pyjwt, and roundcube).
- SystemRescue 13.00 released
SystemRescue 13.00 has been released. TheSystemRescue distribution is a live boot system-rescue toolkit, basedon Arch Linux, for repairing systems in the event of a crash. Thisrelease includes the 6.18.20 LTS kernel, updates bcachefs tools andkernel module to 1.37.3, and manyupgraded packages. See the step-by-step guide forinstructions on performing common operations such as recovering files,creating disk clones, and resetting lost passwords.
- Rspamd version 4.0.0 released
Version4.0.0 of the Rspamdspam-filtering system has been released. Notable new features includeHTML fuzzy phishing detection, support for up to eight flags with fuzzyhashes, and more. See the changelog for more onimprovements, breaking changes, and bug fixes.
- [$] Rust's next-generation trait solver
Rust's compiler team has been working on a long-term project torewrite the trait solver — the part of the compiler that determines whichconcrete function should be called when a programmer uses a trait method that isimplemented for multiple types. The rewrite is intended to simplifyfuture changes to the trait system, fix a handful of tricky soundness bugs, andprovide faster compile times. It's also nearly finished, with a relativelysmall number of remaining blocking bugs.
- Security updates for Monday
Security updates have been issued by AlmaLinux (freerdp, golang, and ncurses), Debian (asterisk, bind9, gst-plugins-base1.0, gst-plugins-ugly1.0, gvfs, incus, libxml-parser-perl, nodejs, php-phpseclib, php-phpseclib3, phpseclib, and strongswan), Fedora (bcftools, bind, bind-dyndb-ldap, chromium, dotnet10.0, dotnet8.0, dotnet9.0, giflib, htslib, libsoup3, libtasn1, maturin, mingw-expat, mingw-freetype, mongo-c-driver, perl-XML-Parser, php-phpseclib, php-phpseclib3, pypy, pypy3.10, pypy3.11, python-cryptography, python-fastar, python-ply, python-pycparser, python-uv-build, python3.11, python3.12, python3.13, python3.6, roundcubemail, rubygem-json, rust-ambient-id, rust-astral-reqwest-middleware, rust-astral-reqwest-retry, rust-astral-tokio-tar, rust-astral_async_http_range_reader, rust-cargo-c, rust-ingredients, rust-native-tls, rust-nix, rust-openssl-probe, rust-openssl-probe0.1, rust-pty-process, rust-reqsign, rust-reqsign-aliyun-oss, rust-reqsign-aws-v4, rust-reqsign-azure-storage, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-google, rust-reqsign-http-send-reqwest, rust-reqsign-huaweicloud-obs, rust-reqsign-tencent-cos, rust-rustls-native-certs, rust-sequoia-chameleon-gnupg, rust-tar, rust-webpki-root-certs, rustup, samtools, suricata, uv, and vim), Mageia (cmake, libpng, nodejs, python-ujson, and strongswan), Red Hat (python3 and python3.9), SUSE (389-ds, amazon-cloudwatch-agent, capstone, chromium, containerd, cosign, curl, docker-compose, docker-stable, exiv2, expat, firefox, freeipmi, freerdp, gimp, glusterfs, govulncheck-vulndb, gstreamer-plugins-ugly, jupyter-bqplot-jupyterlab, jupyter-jupyterlab-templates, jupyter-matplotlib, kea, kernel, libsodium, libtpms-devel, LibVNCServer, nghttp2, nginx, poppler, python-dynaconf, python-ldap, python-nltk, python-orjson, python-pyasn1, python-pydicom, python-PyJWT, python-pyopenssl, python-tornado6, python311, python311-cbor2, python311-deepdiff, python311-intake, python311-jsonpath-ng, python311-lmdb, python311-oci-sdk, python312, rclone, redis, salt, tomcat11, v2ray-core, and vim), and Ubuntu (linux-ibm-5.4).
- Kernel prepatch 7.0-rc6
The 7.0-rc6 kernel prepatch is out fortesting.
Anyway, exactly because it's just "more than usual" rather than feeling *worse* than usual, I don't currently feel this merits extending the release, and I still hope that next weekend will be the last rc. But it's just a bit unnerving how this release doesn't want to calm down, so no promises.
- [$] The many failures leading to the LiteLLM compromise
LiteLLMis a gateway library providing access to a number of large language models(LLMs); it is popular and widely used. On March 24, the word went outthat the version of LiteLLM found in the PythonPackage Index (PyPI) repository had beencompromised with information-stealing malware and downloaded thousands oftimes, sparking concern across the net. This may look like just anothersupply-chain attack — and it is — but the way it came about reveals justhow many weak links there are in the software supply chains that we alldepend on.
- The telnyx packages on PyPI have been compromised
The SafeDep blog reportsthat compromised versions of the telnyx package have been found in the PyPIrepository:
Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py. The telnyx package averages over 1 million downloads per month (~30,000/day), making this a high-impact supply chain compromise. The payload downloads a second-stage binary hidden inside WAV audio files from a remote server, then either drops a persistent executable on Windows or harvests credentials on Linux/macOS.
- Security updates for Friday
Security updates have been issued by AlmaLinux (389-ds:1.4, gnutls, mysql:8.0, mysql:8.4, nginx, nginx:1.24, opencryptoki, python3, vim, and virt:rhel and virt-devel:rhel), Debian (firefox-esr, ruby-rack, and thunderbird), Fedora (fontforge, headscale, kryoptic, libopenmpt, pyOpenSSL, python-cryptography, rubygem-json, rust-asn1, rust-asn1_derive, rust-cryptoki, rust-cryptoki-sys, rust-wycheproof, vim, and vtk), Oracle (freerdp, golang, mysql:8.0, and ncurses), Red Hat (osbuild-composer), Slackware (libpng and tigervnc), SUSE (chromium, frr, kea, kernel, nghttp2, pgvector, python-deepdiff, python-pyasn1, python-tornado6, python-urllib3, python3, python310, ruby2.5, salt, sqlite3, systemd, tomcat, vim, and xen), and Ubuntu (libcryptx-perl).
- The forge is our new home (Fedora Community Blog)
Tomáš Hrčka has announcedthat the Forgejo-based Fedora Forge is now afully operational collaborative-development platform; it is ready foruse by the larger Fedora community, which means the homegrown Pagure platform's days are numbered:
While pagure.io has been a vital part of our community for manyyears, the time has come to retire our homegrown forge and transitionto this powerful new tool.
The final cutover is planned for Flock to Fedora 2026. We stronglyencourage teams to migrate their projects well before the conferenceto ensure a smooth transition. The pagure.io migration is only thefirst step in a broader infrastructure modernization effort. By the2027 Fedora 46 release, we plan to retire all remaining Pagureinstances across the project, including the package sourcerepositories on src.fedoraproject.org. Getting familiar with FedoraForge now will help ensure your team is ready as the rest of theFedora ecosystem transitions.
There is a migrationguide for Fedora community members that own projects hosted onPagure and need to move to the new forge.
- [$] Vibe-coded ext4 for OpenBSD
A number of projects have been struggling with the question of whichsubmissions created by large language models (LLMs), if any, should beaccepted into their code base. This discussion has been further muddied byefforts to use LLM-driven reimplemention as a way to remove copyleftrestrictions from a body of existing code, as recently happened with the Python chardet module. Inthis context, an attempt to introduce an LLM-generated implementation ofthe Linux ext4 filesystem into OpenBSD was always going to create somefireworks, but that project has its own, clearly defined reasons forlooking askance at such submissions.
- Apertis v2026: A modern foundation for industrial embedded development
Apertis v2026 is here, bringing a significantly modernized foundation for industrial embedded development. Based on Debian 13 (Trixie), this release delivers updated system libraries, development tools, compilers, and core services, alongside a new default Wayland compositor, a reworked SDK, and smarter packaging pipelines. The result is a more capable, maintainable platform designed to meet the long-term stability and security requirements of industrial products.
- Seeed Studio reTerminal D1001 Targets HMI Systems with ESP32-P4 and Integrated Display
Seeed Studio has launched an 8-inch HMI device combining a touch display, wireless connectivity, and multimedia hardware in a single platform. The reTerminal D1001 pairs an ESP32-P4 with an ESP32-C6 for networking, along with a 6-axis IMU for motion sensing. The system is powered by the ESP32-P4NRW32, a dual-core RISC-V processor operating at up to […]
- Servo 0.0.6 Released With Many Great Improvements
Servo 0.0.6 is out today to round out the month with many great improvements made in recent weeks to this Rust-based browser engine advancing with its servoshell implementation and many prospects around using it for embedded browser use cases...
- Anthropic goes nude, exposes Claude Code source by accident
Oopsy-doodle: Did someone forget to check their build pipeline?Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for Claude Code shipped with a map file exposing what appears to be the popular AI coding tool's entire source code.…
- Ubuntu 26.04 Showing Nice Gains Over Ubuntu 25.10 On AMD Ryzen 9000 Series
While having the new System76 Thelio Mira in the lab I ran some benchmarks of Ubuntu 24.04 LTS vs. 26.04 development on that AMD Ryzen 9000 series powered desktop. Those results were interesting for how the Ubuntu performance has changed over the past two years, but even if drilling down to just the past six months there have been some nice gains on the AMD Zen 5 desktop. In this article is a look at how Ubuntu 26.04 in its near-final state is performing relative to Ubuntu 25.10 with this Ryzen 9 9950X desktop.
- Python calculation based on principle of argument (theory of functions of a complex variable)
Principle of Argument doesn't provide any information about values of polynomial zeros inside predefined circle as well as locations of these zeros on complex plane. Classic math just says how many polynomial zeros we get inside given circle and nothing else. Library cxroots imported in python module provides object Circle having method roots to achieve the goal to get actual zeros values.
- Linux Ham Radio KISS Serial Driver Being Modernized In 2026
Here's something that wasn't on my bingo card for this year of the "MKISS" driver for ham radio being modernized in 2026 as opposed to just being dropped. The MKISS code hasn't seen much driver activity since the original Git import of the Linux kernel more than twenty years ago...
- SpaceX Starlink Satellite Suffers Mysterious 'Anomaly' In Orbit
A Starlink satellite broke apart in orbit after suffering an unexplained "anomaly," apparently due to an "internal energetic source" rather than a collision. "The incident appears to have created some debris, with fragments likely to fall to Earth over the next few weeks," reports Scientific American. From the report: The satellite lost communication at about 560 kilometers above Earth, Starlink said. While the statement from Starlink, which is a subsidiary of Musk's rocket company SpaceX, merely noted that investigations are ongoing, LeoLabs said its radar observations of the event indicated an "internal energetic source" as the likely cause rather than a collision. The incident underscores the potential hazards of the increasingly large numbers of satellites and other spacecraft in low-Earth orbit -- some 10,000 Starlinks are currently in orbit and counting. Starlink's statement said that "the event poses no new risk" to the International Space Station or to the upcoming launch of NASA's Artemis II mission, targeted for April 1.
Read more of this story at Slashdot.
- Russia Goes After VPNs As 'Great Crackdown' Gathers Pace
An anonymous reader quotes a report from Reuters: Russia is going to further clamp down Virtual Private Networks (VPNs), which are used by millions of Russians to get around internet controls and censorship, Russia's digital minister said. In what has been cast by diplomats as Russia's "great crackdown," the authorities have repeatedly blocked mobile internet and jammed major messenger services while giving sweeping powers to cut off mass communications. "The task is reduce VPN usage," Digital Minister Maksut Shadayev said on state-backed messenger MAX late on Monday, adding that his ministry was trying to impose the limits with minimal impact on users. He said decisions had been taken to restrict access to a number of unidentified foreign platforms without giving details.
Read more of this story at Slashdot.
- Volvo Shifts Polestar 3 Production Entirely To the US
Polestar and Volvo are ending Polestar 3 production in Chengdu, China, and consolidating all output of the electric SUV at Volvo's plant in South Carolina. "The move to consolidate global Polestar 3 production in Charleston help[s] generate efficiencies for both companies, whilst also underscoring our confidence in the plant and the role it plays in our manufacturing footprint," said Hakan Samuelsson, chief executive of Volvo Cars. "The U.S. is a very important market for Volvo Cars, both to support our growth ambitions as well as a strategic production site to meet regional and export demands." Ars Technica reports: Volvo had a challenging 2025, with sales falling by 7 percent. Meanwhile, Polestar, which was spun out from the Swedish OEM's performance arm into a standalone startup in 2017, had a rather good 2025, seeing a 34 percent increase in sales. So increasing the proportion of Polestar 3s to come out of South Carolina seems sensible. And as we learned last September, the midsize electric Volvo EX60 will also go into production at the South Carolina site later this year, and then we'll see a still-unnamed hybrid Volvo in 2030. The two companies also announced today that Volvo agreed to extend part of a shareholder loan it made to Polestar and will convert the rest into Polestar shares. Polestar will still owe Volvo $661 million, due at the end of 2031, and another $274 million will become Polestar stock now, with a further $65 million in the second quarter of the year. Since December, Polestar has also raised $1 billion through three equity financing investments.
Read more of this story at Slashdot.
- Oracle Cuts Thousands of Jobs Across Sales, Engineering, Security
bobthesungeek76036 shares a report from the Register: Oracle laid off thousands of employees on Tuesday as it ramps spending on AI infrastructure projects internally and with major technology partners. The layoffs were carried out via email, according to copies of the message viewed by Business Insider. The email told affected workers they would be terminated immediately and to provide a personal email for follow-up. The cuts echo a TD Cowen forecast earlier this year, when the investment bank questioned how Oracle would finance its expanding AI datacenter buildout and suggested headcount reductions could reach 20,000 to 30,000. It is not clear how many employees were notified on Tuesday, but one screenshot that purports to show the number of internal Slack users showed a drop of 10,000 overnight. [...] Oracle employs about 162,000 people, with 58,000 of those in the US and approximately 104,000 internationally. If the rumored cuts of 30,000 are correct, it would amount to 18 percent of the company's workforce. According to posts from Oracle workers on LinkedIn, the cuts were spread through multiple departments around the country, with employees in Kansas, Tennessee, and Texas taking to social media to say they were among those chopped. "This news didn't seem to affect stock price," adds bobthesungeek76036. "ORCL is up 6% for the day."
Read more of this story at Slashdot.
- Top Brussels Official Urges Europeans To Work From Home, Drive Less As Energy Crisis Deepens
A top EU official is urging Europeans to work from home, drive less, and cut air travel as the bloc braces for a prolonged energy crisis triggered by the Gulf conflict. The European Commission is also pushing member states to accelerate renewables and other energy-security measures as oil and gas disruptions continue. Politico reports: In a speech with echoes of the early days of the coronavirus pandemic, EU energy chief Dan Jorgensen said Europe was facing a "very serious situation" with no clear end in sight. "Even if ... peace is here tomorrow, still we will not go back to normal in the foreseeable future," he said, following an extraordinary meeting of the EU's 27 energy ministers on Tuesday to discuss the crisis. "The more you can do to save oil, especially diesel, especially jet fuel, the better we are off," Jorgensen said, confirming an earlier report by POLITICO that Brussels wanted Europeans to travel less. He urged member countries to follow the advice of the International Energy Agency, which he said included "work from home where possible, reduce highway speed limits by ten kilometers [an hour], encourage public transport, alternate private car access ... increase car sharing and adopt efficient driving practices." Longer term, he urged EU countries to double down on building more renewables, saying "this must be the time we finally turn the tide and truly become energy independent."
Read more of this story at Slashdot.
- Google Now Lets You Change Your Gmail Address
Google is rolling out a feature in the U.S. that lets some users change their Gmail address without creating a new account or losing their data. TechCrunch reports: Users who have access to this feature can go to their Google Account settings, navigate to Personal info > Email > Google Account email option. Tap on the "Change Google Account email" button to start the process of changing your username. Users will be able to change their username only once every 12 months. Plus, they won't be able to delete their new email address for that period of time. The company said users' old emails will be preserved, and the old email address will serve as an alternate address for the account. Users will be able to sign in to Google services using both the old and the new addresses. You can learn more via Google's support page.
Read more of this story at Slashdot.
- Global Ban On Digital Duties Expires After Stalled Talks At WTO Meeting
An anonymous reader quotes a report from the New York Times: A global ban on taxing digital streaming and downloads across national borders expired on Monday, after members of the World Trade Organization concluded an annual meeting without agreeing to extend it. U.S. representatives had pushed to extend the ban, which prevents the more than 160 members of the W.T.O. from issuing duties related to e-commerce. But Brazil and Turkey blocked a motion for a longer extension. U.S. representatives excoriated the outcome as further proof of the organization's irrelevance. The W.T.O. provides a forum for trade negotiations and setting rules for global trade. But U.S. officials have long criticized the group for its failure to police unfair trade practices by countries like China. Over the past year, the Trump administration has further abandoned W.T.O. by issuing its own global framework of tariffs instead. [...] Brazil had pushed for a two-year extension of the moratorium on e-commerce duties, while the United States wanted a permanent one. The countries couldn't come to a compromise, but negotiations are set to continue in Geneva this spring. W.T.O. members also failed to reach an agreement on future reforms for the organization. Bernd Lange, the chair of the international trade committee for the European Parliament, wrote in a post on X that "supporters of the multilateral trading system are waking up with a hangover." "We knew that a breakthrough might not materialize, but that doesn't make it any less painful," he wrote, adding that "without an agreement to extend moratorium on digital tariffs, a period of great uncertainty could soon begin for businesses and consumers." Jonathan McHale, the vice president of digital trade at the Computer & Communications Industry Association, called the outcome "deeply disappointing." He said: "For more than two decades, W.T.O. members have recognized that imposing tariffs on electronic transmissions would be counterproductive, but allowed the issue to become a negotiating football."
Read more of this story at Slashdot.
- Australia Readies Social Media Court Action Citing Teen Ban Breaches
Australia is preparing possible court action against major social media platforms that are failing to enforce the country's social media ban on under-16s. "Three months after the ban came into effect, the eSafety Commissioner said it was probing Meta's Instagram and Facebook, Google's YouTube, Snapchat and TikTok for possible breaches of the law," reports Reuters. From the report: Communications Minister Anika Wells said the government was gathering evidence "so that the eSafety Commissioner can go to the Federal Court and win." "We have spent the summer building that evidence base of all the stories that no doubt you have all heard ... about how kids are getting around that," Wells told reporters in Canberra. The legal threat is a striking change of tone from a government which had hailed tech giants' shows of cooperation when the ban went live in December. Under the Australian law, platforms must show they are taking reasonable steps to keep out underage users or face fines of up to $34 million per breach, something eSafety would need to pursue in a civil court. The regulator previously said it would only take enforcement action in cases of systemic noncompliance. But in its first comprehensive compliance report since the ban took effect, eSafety said measures taken by the platforms were substandard and it would make a decision about next steps by mid-year. "We are now moving âinto an enforcement stance," said commissioner Julie Inman Grant in a statement. The regulator reported major compliance gaps, including platforms prompting children who had previously declared ages under 16 to do fresh age checks, allowing repeated attempts at age-assurance tests until a child got a result over 16 and poor pathways for people to report underage accounts. Some platforms did not use age-inference, which estimates age based on someone's online activity, and some only used age-assurance measures like photo-based checks after a user tried to change their age, rather than at sign-up. That made it "likely many Australian children aged under 16 have been able to create accounts on age-restricted social media platforms by simply declaring they are 16 or older", the regulator said. Nearly one-third of parents reported their under-16 child had at least one social media account after the ban took effect, of which two-thirds said the platform had not asked the child's age, it added.
Read more of this story at Slashdot.
- Claude Code's Source Code Leaks Via npm Source Maps
Grady Martin writes: A security researcher has leaked a complete repository of source code for Anthropic's flagship command-line tool. The file listing was exposed via a Node Package Manager (npm) mapping, with every target publicly accessible on a Cloudflare R2 storage bucket. There's been a number of discoveries as people continue to pore over the code. The DEV Community outlines some of the leak's most notable architectural elements and the key technical choices: Architecture Highlights The Tool System (~40 tools): Claude Code uses a plugin-like tool architecture. Each capability (file read, bash execution, web fetch, LSP integration) is a discrete, permission-gated tool. The base tool definition alone is 29,000 lines of TypeScript.The Query Engine (46K lines): This is the brain of the operation. It handles all LLM API calls, streaming, caching, and orchestration. It's by far the largest single module in the codebase.Multi-Agent Orchestration: Claude Code can spawn sub-agents (they call them "swarms") to handle complex, parallelizable tasks. Each agent runs in its own context with specific tool permissions.IDE Bridge System: A bidirectional communication layer connects IDE extensions (VS Code, JetBrains) to the CLI via JWT-authenticated channels. This is how the "Claude in your editor" experience works.Persistent Memory System: A file-based memory directory where Claude stores context about you, your project, and your preferences across sessions. Key Technical Decisions Worth Noting Bun over Node: They chose Bun as the JavaScript runtime, leveraging its dead code elimination for feature flags and its faster startup times.React for CLI: Using Ink (React for terminals) is bold. It means their terminal UI is component-based with state management, just like a web app.Zod v4 for validation: Schema validation is everywhere. Every tool input, every API response, every config file.~50 slash commands: From /commit to /review-pr to memory management -- there's a command system as rich as any IDE.Lazy-loaded modules: Heavy dependencies like OpenTelemetry and gRPC are lazy-loaded to keep startup fast.
Read more of this story at Slashdot.
- Euro-Office Wants To Replace Google Docs and Microsoft Office
Euro-Office is a new open-source project supported by several European companies that aims to offer a "truly open, transparent and sovereign solution for collaborate document editing," using OnlyOffice as a starting point. The project is positioned around European digital independence and familiar Office-style editing, though it has already drawn pushback from OnlyOffice over alleged licensing violations. "The company behind OnlyOffice is also based in Russia, and Russia is still heavily sanctioned by most European nations due to the country's ongoing invasion of Ukraine," adds How-To Geek. From the report: Euro-Office is a new open-source project supported by Nextcloud, EuroStack, Wiki, Proton, Soverin, Abilian, and other companies based in Europe. The goal is to build an online office suite that can open and edit standard Microsoft Office documents (DOCX, PPTX, XLSX) and the OpenDocument format (ODS, ODT, ODP) used by LibreOffice and OpenOffice. The current design is remarkably close to Microsoft Office and its tabbed toolbars, so there shouldn't be much of a learning curve for anyone used to Word, Excel, or PowerPoint. Importantly, Euro-Office is only the document editing component. It's designed to be added to cloud storage services, online wikis, project management tools, and other software. For example, you could have some Word documents in your Nextcloud file storage, and clicking them in a browser could open the Euro-Office editor. That way, Nextcloud (or Proton, or anyone else) doesn't have to build its own document editor from scratch. Euro-Office is based on OnlyOffice, which is open-source under the AGPL license. The project explained that "Contributing is impossible or greatly discouraged" with OnlyOffice's developers, with outside code changes rarely accepted, so a hard fork was required. The company behind OnlyOffice is also based in Russia, and Russia is still heavily sanctioned by most European nations due to the country's ongoing invasion of Ukraine. The project's home page explains, "A lot of users and customers require software that is not potentially influenced or controlled by the Russian government." As for why OnlyOffice was chosen over LibreOffice, the project simply said: "We believe open source is about collaboration, and we look for opportunities to integrate and collaborate with the LibreOffice community and companies like Collabora." UPDATE: Slashdot reader Elektroschock shares a statement from OnlyOffice CEO Lev Bannov, expressing his concerns about the Euro-Office inclusion of its software with trademarks removed: "We liked the AGPL v3 license because its 7th clause allows us to ensure that our code retains its original attributes, so that users are able to clearly identify the developers and the brand behind the program..." Bannov continued: "The core issue here isn't just about what the AGPL license states, but about the additional provisions we, as the authors, have included. This is a critical distinction, even if some may argue otherwise. We firmly assert that the Euro-Office project is currently infringing on our copyright in a deliberate and unacceptable manner." "As the creators of ONLYOFFICE, we want to make our position unequivocally clear: we do not grant anyone the right to remove our branding or alter our open-source code without proper attribution. This principle is non-negotiable and will never change. We demand that the Euro-Office project either restore our branding and attributions or roll back all forks of our project, refraining from using our code without proper acknowledgment of ONLYOFFICE."
Read more of this story at Slashdot.
- US Paves Way For Private Assets To Be Included In 401(k) Retirement Plans
An anonymous reader quotes a report from Reuters: The Trump administration on Monday issued a long-awaited proposed rule to open up retirement plans to alternative assets, paving the way for private equity and cryptocurrencies to be added to 401(k) accounts. The measure, announced by the U.S. Department of Labor, is intended to ease longstanding barriers to incorporating these less liquid and less transparent assets into American retirement plans. It follows an executive order from President Donald Trump last summer and could clear the way for alternative asset management firms to tap a large new source of capital. Industry groups have argued private market investments can enhance long-term returns and diversification for retirement savers, while skeptics warn higher fees, complexity and limited liquidity could limit those gains and pose risks for retail investors. Some private market funds that are already available to wealthier individual investors have shown signs of strain in recent months. Private credit funds known as business development companies have seen a wave of withdrawals. Treasury Secretary Scott Bessent said the proposed rule was "an initial step" and aimed to be "mindful of the importance of protecting retirement assets." The guidance lays out how plan trustees, who have a legal fiduciary duty to act in the best interest of members, can incorporate these assets. They would have to "objectively, thoroughly, and analytically consider, and make determinations on factors including performance, fees, liquidity, valuation, performance benchmarks, and complexity," the DOL said. Trustees who abide by them will be granted safe harbor that protects them from lawsuits, it added. The Supreme Court agreed earlier this year to hear one such case filed in 2019 by a former Intel employee claiming trustees made "imprudent" decisions by investing in hedge funds and private equity funds.
Read more of this story at Slashdot.
- Quadratic Gravity Theory Reshapes Quantum View of Big Bang
Researchers at the University of Waterloo say a new "quadratic quantum gravity" framework could explain the universe's rapid early expansion without adding extra ingredients to Einstein's theory by hand. The idea is especially notable because it makes testable predictions, including a minimum level of primordial gravitational waves that future experiments may be able to detect. "Even though this model deals with incredibly high energies, it leads to clear predictions that today's experiments can actually look for," said Dr. Niayesh Afshordi, professor of physics and astronomy at the University of Waterloo and Perimeter Institute (PI). "That direct link between quantum gravity and real data is rare and exciting." Phys.org reports: The research team found that the Big Bang's rapid early expansion can emerge naturally from this simple, consistent theory of quantum gravity, without adding any extra ingredients. This early burst of expansion, often called inflation, is a central idea in modern cosmology because it explains why the universe looks the way it does today. Their model also predicts a minimum amount of primordial gravitational waves, which are tiny ripples in spacetime geometry created in the first moments after the Big Bang. These signals may be detectable in upcoming experiments, offering a rare chance to test ideas about the universe's quantum origins. [...] The team plans to refine their predictions for upcoming experiments to explore how their framework connects to particle physics and other puzzles about the early universe. Their long-term goal is to strengthen the bridge between quantum gravity and observational cosmology. The research has been published in the journal Physical Review Letters.
Read more of this story at Slashdot.
- Scientists Shocked To Find Lab Gloves May Be Skewing Microplastics Data
Researchers found that common nitrile and latex lab gloves can shed stearate particles that closely resemble microplastics, potentially "increasing the risk of false positives when studying microplastic pollution," reports ScienceDaily. "We may be overestimating microplastics, but there should be none," said Anne McNeil, senior author of the study and U-M professor of chemistry, macromolecular science and engineering. "There's still a lot out there, and that's the problem." From the report: Researchers found that these gloves can unintentionally transfer particles onto lab tools used to analyze air, water, and other environmental samples. The contamination comes from stearates, which are not plastics but can closely resemble them during testing. Because of this, scientists may be detecting particles that are not true microplastics. To reduce this issue, U-M researchers Madeline Clough and Anne McNeil recommend using cleanroom gloves, which release far fewer particles. Stearates are salt-based, soap-like substances added to disposable gloves to help them separate easily from molds during manufacturing. However, their chemical similarity to certain plastics makes them difficult to distinguish in lab analyses, increasing the risk of false positives when studying microplastic pollution. "For microplastics researchers who have these impacted datasets, there's still hope to recover them and find a true quantity of microplastics," said researcher and recent doctoral graduate Madeline Clough. "This field is very challenging to work in because there's plastic everywhere," McNeil said. "But that's why we need chemists and people who understand chemical structure to be working in this field." The findings have been published in the journal Analytical Methods.
Read more of this story at Slashdot.
- AI Data Centers Can Warm Surrounding Areas By Up To 9.1C
An anonymous reader quotes a report from New Scientist: Andrea Marinoni at the University of Cambridge, UK, and his colleagues saw that the amount of energy needed to run a data centre had been steadily increasing of late and was likely to "explode" in the coming years, so wanted to quantify the impact. The researchers took satellite measurements of land surface temperatures over the past 20 years and cross-referenced them against the geographical coordinates of more than 8400 AI data centers. Recognizing that surface temperature could be affected by other factors, the researchers chose to focus their investigation on data centers located away from densely populated areas. They discovered that land surface temperatures increased by an average of 2C (3.6F) in the months after an AI data center started operations. In the most extreme cases, the increase in temperature was 9.1C (16.4F). The effect wasn't limited to the immediate surroundings of the data centers: the team found increased temperatures up to 10 kilometers away. Seven kilometers away, there was only a 30 percent reduction in the intensity. "The results we had were quite surprising," says Marinoni. "This could become a huge problem." Using population data, the researchers estimate that more than 340 million people live within 10 kilometers of data centers, so live in a place that is warmer than it would be if the data centre hadn't been built there. Marinoni says that areas including the Bajio region in Mexico and the Aragon province in Spain saw a 2C (3.6F) temperature increase in the 20 years between 2004 and 2024 that couldn't otherwise be explained. University of Bristol researcher Chris Preist said the findings may be more complicated than they look. "It would be worth doing follow-up research to understand to what extent it's the heat generated from computation versus the heat generated from the building itself," he says. For example, the building being heated by sunlight may be part of the effect. The findings of the study, which has not yet been peer-reviewed, can be found on arXiv.
Read more of this story at Slashdot.
- Microsoft Plans To Build 100% Native Apps For Windows 11
Microsoft is reportedly shifting Windows 11 app development back toward fully native apps. Rudy Huyn, a Partner Architect at Microsoft working on the Store and File Explorer, said in a post on X that he is building a new team to work on Windows apps. "You don't need prior experience with the platform.. what matters most is strong product thinking and a deep focus on the customer," he wrote. "If you've built great apps on any platform and care about crafting meaningful user experiences, I'd love to hear from you." Huyn later said in a reply on X that the new Windows 11 apps will be "100% native." TechSpot reports: The description stands out at a time when many of Microsoft's built-in tools, including Clipchamp and Copilot, rely on web technologies and Progressive Web App architectures. The company's commitment to native performance suggests that some long-standing frustrations around responsiveness, memory use, and interface consistency could finally be addressed. For Windows developers, Huyn's comments hint at a change in direction. Microsoft's recent development priorities have leaned heavily on web-based approaches, with Progressive Web Apps (PWAs) replacing or supplementing many native programs. [...] Exactly which applications will be rebuilt, or how strictly "100% native" will be enforced, remains unclear. Some current Microsoft apps classified as native still depend on WebView for specific features. But the renewed emphasis already has developers paying attention.
Read more of this story at Slashdot.
- Claude Code source leak reveals how much info Anthropic can hoover up about you and your system
If you loved the data retention of Microsoft Recall, you'll be thrilled with Claude Code
Anthropic's Claude Code lacks the persistent kernel access of a rootkit. But an analysis of its code shows that the agent can exercise far more control over people's computers than even the most clear-eyed reader of contractual terms might suspect. It retains lots of your data and is even willing to hide its authorship from open-source projects that reject AI.…
- Don't open that WhatsApp message, Microsoft warns
How to avoid social engineering attacks? Employee training tops the list
Be careful what you click on. Miscreants are abusing WhatsApp messages in a multi-stage attack that delivers malicious Microsoft Installer (MSI) packages, allowing criminals to control victims' machines and access all of their data.…
- Gmail celebrates 22 years by finally letting users change their addresses
Congratulations, XxXh4xx0r420xXx, you can now use that account in your professional life, too
If you're embarrassed by your Gmail address but haven't wanted to start a new account for fear of losing messages, we have good news. Ahead of Gmail's 22nd anniversary on Wednesday, Google says it is now letting US users change their account username.…
- Iran targets M365 accounts with password-spraying attacks
Researchers say some targets correlate with cities hit by Iranian missile strikes
Suspected Iran-linked threat actors are conducting password-spraying attacks against hundreds of organizations, primarily Middle Eastern municipalities, in campaigns that security researchers believe may have been aimed at supporting bomb-damage assessment following missile strikes.…
- Oracle cuts jobs across sales, engineering, security
Big Red declines comment as reports point to layoffs in the thousands
Oracle laid off thousands of employees on Tuesday as it ramps spending on AI infrastructure projects internally and with major technology partners.…
- Anthropic goes nude, exposes Claude Code source by accident
Oopsy-doodle: Did someone forget to check their build pipeline?
Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for Claude Code shipped with a map file exposing what appears to be the popular AI coding tool's entire source code.…
- Leaked memo suggests Red Hat's chugging the AI Kool-Aid
Sounds like an excellent time to start honing your Debian skills
Exclusive An internal memo dispatched by senior execs at Red Hat suggests the software biz is starting to push AI tooling within its Global Engineering department. RHEL may be about to get some Windows 11-style "improvements."…
- Mars coughs up another maybe-life clue in the form of nickel compounds
Perseverance found the minerals in an ancient river channel, but researchers say geology may still beat biology
A team of scientists in the US have discovered nickel compounds in Martian rocks, in an arrangement similar to organic carbon compounds understood to be formed by living organisms on Earth.…
- ServiceNow allegedly says salesman 'overachieved' and is not entitled to comp
The 13-year sales vet closed two deals worth $27 million, but ServiceNow has “nullified” his compensation saying he “overachieved” his quota.
ServiceNow is refusing to pay a salesman commissions on more than $27 million in sales, telling the 13-year veteran of the company that he "overperformed" his quota and insisting that instead he sign paperwork that retroactively reduces the commission amount, according to a federal lawsuit filed by the salesperson. ServiceNow has denied all his claims.…
- Usage pricing leaving software vendors guessing what lands on the invoice
'Converting AI capability into sustainable, auditable revenue remains a challenge' says PwC survey
Software companies are leaving money on the table because their core financial systems haven't kept pace with the way they sell pay-per-use services, which often now incorporate AI capabilities.…
- Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines
Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios
Updated One of npm's most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer's account and slipped a remote-access trojan (RAT) into two seemingly legitimate axios releases, in what's being described as "one of the most impactful npm supply chain attacks on record."…
- Contracts are in C++26 despite disagreement over their value
Inventor Bjarne Stroustrup argues feature is neither minimal nor viable
The ISO C++ committee (WG21) has approved the C++26 standard, described by committee member Herb Sutter as the most compelling release since C++11, and including Contracts, despite opposition to the feature from C++ inventor Bjarne Stroustrup, among others.…
- Surprise! Big Tech has been a bit rubbish at enforcing Australia’s kids social media ban
Regulator ‘moving into an enforcement stance’ and investigating Meta, YouTube, TikTok and Snapchat as millions continue to doomscroll
Australia’s eSafety Commission is “moving into an enforcement stance” after finding that Meta, YouTube, TikTok and Snapchat haven’t done enough to comply with the nation’s social media minimum age (SMMA) obligation, which bans social media outfits from providing their services to children under 16 years of age.…
- GitHub backs down, kills Copilot pull-request ads after backlash
Letting Copilot alter others' PRs was the wrong judgment call, says product manager
Updated Microsoft has done a 180. Following backlash from developers, GitHub has removed Copilot's ability to stick ads - what it calls "tips" - into any pull request that invokes its name. …
- OpenAI patches ChatGPT flaw that smuggled data over DNS
Check Point says outbound controls blocked web traffic but overlooked DNS
OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed.…
- Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
Also, EU probes Snapchat, RedLine suspect extradited, AstraZeneca leak claim surfaces, and more
infosec in brief The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package versions to PyPI in an effort to plant credential-stealing malware on developers’ systems.…
- FCC says it's making it easier for US telcos to ditch legacy lines
But critics say stopping some engineering tests is not the sort of corner you want to cut
America's telecoms regulator has unveiled new measures to speed the transition to modern high-speed networks, but critics argue the move could leave behind those in rural areas or with special needs.…
- Microsoft Fabric Database Hub only a 'partial' solution for admins
Could help break silos, but users should take wait-and-see approach to system limited to Microsoft DBs and DBaaS
Microsoft's new Fabric Database Hub is a "partial solution" for enterprises relying on systems outside the vendor's portfolio, but within these confines, it could make databases more connected and manageable, say analysts reacting to the news.…
- Humanoid robots one tiny step closer to exterminating autoworkers' jobs
Torso on a trolley tries its hands in warehouse role
That's one small step for Humanoid, or rather a short factory floor traversal. The UK-based robotics biz says it has completed a proof-of-concept test showing its rolling robot can be deployed in a production environment to help with automotive manufacturing.…
- Google is to journalism what Vikings were to monks. Now their man will run the BBC
Canny planning or dangerous compromise? Matt Brittin takes the hotseat at a pivotal moment
Opinion The BBC has a new head honcho in waiting, the Director-General designate Matt Brittin. His job: helming one of the world's most famous and oldest international media brands, one with a vast and sensitive domestic position. His last job: President of EMEA Business and Operations at Google. You can imagine a greater culture clash, but you'll have to work at it.…
- Security contractor blew the whistle on support crew's viral indifference
Career-limiting stupidity and rudeness exposed, with terminal consequences
Who, Me? The week before Easter may be a short one for many in the Reg-reading world, but that won't stop us from opening it with a fresh installment of Who, Me? It's the reader-contributed column in which you share stories of things you did at work that had interesting consequences.…
- US foreign router ban criticized for being ‘industrial policy disguised as cybersecurity’
Public policy professor says it will make America less secure but hits Netgear’s lobbying goals
The United States’ ban on foreign-made SOHO routers won’t improve security, and only makes sense as “industrial policy disguised as cybersecurity,” according to Milton Mueller, Professor at the University of Georgia’s School of Public Policy and founder of its Internet Governance Project.…
- The first thing vibe coding builds is confidence it will help you succeed
And developers should be confident it won't kill the craft
Secret CEO In 1991, when I was 16, a Norwegian Exchange student gave an inspirational performance of the Three Billy Goats Gruff, in the original Norwegian, at my high school talent night. She delivered this performance with such gusto that every word of her performance stuck in my mind and, to this day, I can recite the Three Billy Goats Gruff in Norwegian.…
- Senators want datacenters to come clean on power consumption
Ratepayer Protection Pledge is unenforceable without hard numbers, Warren and Hawley argue
US senators are pushing to require datacenters and other large energy customers to report consumption, arguing the data is essential to hold them accountable to local communities.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Microsoft Copilot is now injecting ads into pull requests on GitHub
Why do so many people keep falling for the same trick over and over again? With an over $400 billion gap between the money invested in AI data centers and the actual revenue these products generate, Silicon Valley slowly returned to the tested and trusted playbook: advertising. Now, ads are starting to appear in pull requests generated by Copilot. According to Melbourne-based software developer Zach Manson, a team member used the AI to fix a simple typo in a pull request. Copilot did the job, but it also took the liberty of editing the PR�s description to include this message: Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.! ↫ David Uzondu at Neowin It turns out that Microsoft has added ads to over 1.5 million Copilot pull requests on GitHub, and they�re even appearing on GitLab, one of the GitHub alternatives. The reasoning is clear, too, of course: AI! companies and investors have poured ungodly amounts of money in AI! that is impossible to recover, even with paying customers. As such, the logical next step is ads, and many AI! companies are already starting to add advertising to their pachinko machines. It was only a matter of time before Copilot would start inserting ads into the pull requests it ejaculates over all kinds of projects. This isn�t the first time a once-free service turns on its users, but it�s definitely one of the quickest turnarounds I�ve ever seen. Usually it takes much longer before companies reach the stage of putting ads in their products to plug any financial bleeding, but with the amount of money poured into this useless black hole, it really shouldn�t be surprising we�re already there. I�m sure Copilot�s competitors, like Claude, will soon follow suit. They�re enshittifying Git, and developers are just letting it happen. No wonder worker exploitation is so rampant in Silicon Valley.
- Capability-based security for Redox: namespace and CWD as capabilities
By reimplementing these features using capabilities, we made the kernel simpler by moving complex scheme and namespace management out of it which improved security and stability by reducing the attack surface and possible bugs. At the same time, we gained a means to support more sandboxing features using the CWD file descriptor. This project leads the way for future sandboxing support in Redox OS. As the OS continues to move toward capability-based security, it will be able to provide more modern security features. ↫ Ibuki Omatsu Redox seems to be making the right decisions at, crucially, the right time.
- The curious case of retro demo scene graphics
Of course, it was only a matter of time before the time-honoured tradition of the demoscene also got infected by AI!. For me personally, generative AI ruins much of the fun. I still enjoy creating pixel art and making little animations and demos. My own creative process remains satisfying as an isolated activity. Alas, obvious AI generated imagery � as well as middle-aged men plagiarizing other, sometimes much younger, hobbyist artists � makes me feel disappointed and empty. It�s not as much about effort as it is about the loss of style and personality; soul, if you will. The result is defacement, to echo T. S. Eliot, rather than inspired improvement. Even in more elaborate AI-based works, it�s hard to tell where the prompt ends and the pixelling begins. ↫ Carl Svensson A wonderful explanation of the rather unique views on originality, stealing, plagiarism, and related topics within the demoscene, which certainly diverge from many other places.
- Running a Plan 9 network on OpenBSD
This guide describes how you can install a Plan 9 network on an OpenBSD machine (it will probably work on any unix machine though). The authentication service (called authsrv! on Plan 9) is provided by a unix version: authsrv9. The file service is provided by a program called u9fs!. It comes with Plan 9. Both run from inetd. The (diskless) cpu server is provided by running qemu, booted from only a floppy (so without local storage). Finally, the terminal is provided by the program drawterm. The nice thing about this approach is that you can use all your familiar unix tools to get started with Plan 9 (e.g. you can edit the Plan 9 files with your favorite unix editor). I�m assuming you have read at least something about Plan 9, for example the introduction paper Plan 9 from Bell Labs. ↫ Mechiel Lukkien If you�re running OpenBSD, you�re already doing something better than everyone else, and if you want to ascend to the next level, this is a great place to start. Of course, the final level, where you leave your earthly roots behind and become a being of pure enlightened energy, is running Plan 9 on real hardware as the universe intended, but let�s not put the cart before the horse. One day, all of humanity will just be an endless collection of interconnected cosmic Plan 9 servers, more plentiful than the stars in the known universe.
- Will AI! chatbots be the tobacco of the future?
Towards the end of 2024, Dennis Biesma decided to check out ChatGPT. The Amsterdam-based IT consultant had just ended a contract early. “I had some time, so I thought: let’s have a look at this new technology everyone is talking about,” he says. “Very quickly, I became fascinated.” Biesma has asked himself why he was vulnerable to what came next. He was nearing 50. His adult daughter had left home, his wife went out to work and, in his field, the shift since Covid to working from home had left him feeling “a`little isolated”. He smoked a bit of cannabis some evenings to “chill”, but had done so for years with no ill effects. He had never experienced a mental illness. Yet within months of downloading ChatGPT, Biesma had sunk €100,000 (about £83,000) into a business startup based on a delusion, been hospitalised three times and tried to kill himself. ↫ Anna Moore at The Guardian These stories are absolutely heart-wrenching, and it doesn�t just happen to people who have had a history of mental illness or other things you might associate with priming someone for falling for! an AI! chatbot. Just a few years in, and it�s already clear that these tools pose a real danger to a group of people of indeterminate size, and proper research into the causes is absolutely warranted and needed. On top of that, if there�s any evidence of wrongdoing from the companies behind these chatbots � intentionally making them more addictive, luring people in, ignoring established dangers, covering up addiction cases, etc. � lawsuits and regulation are definitely in order. Only yesterday, Facebook and Google lost a landmark trial in the US, ruling the companies intentionally made social media as addictive as possible, thereby destroying a person�s life in the process. Countless similar lawsuits are underway all over the world, and I have a feeling that in a few years to decades, we�ll look at unregulated, rampant social media the same way we look at tobacco now. Perhaps AI! chatbots will join their ranks, too.
- Microsoft removes trust for drivers signed with the cross-signed driver program
Today, we’re excited to announce a significant step forward in our ongoing commitment to Windows security and system reliability: the removal of trust for all kernel drivers signed by the deprecated cross-signed root program. This update will help protect our customers by ensuring that only kernel drivers that the Windows Hardware Compatibility Program (WHCP) have passed and been signed can be loaded by default. To raise the bar for platform security, Microsoft will maintain an explicit allow list of reputable drivers signed by the cross-signed program. The allow list ensures a secure and compatible experience for a limited number of widely used, and reputable cross-signed drivers. This new kernel trust policy applies to systems running Windows 11 24H2, Windows 11 25H2, Windows 11 26H1, and Windows Server 2025 in the April 2026 Windows update. All future versions of Windows 11 and Windows Server will enforce the new kernel trust policy. ↫ Peter Waxman at the Windows IT Pro Blog The cross-signed root program was discontinued in 2021, and ran since the early 2000s, so I think it�s fair to no longer automatically assume such possibly old and outdated drivers are still to be trusted.
- Windows 95 defenses against installers that overwrite a file with an older version
I�ll never grow tired of reading about the crazy tricks the Windows 95 development team employed to make the user experience as seamless as they could given the constraints they were dealing with. During the 16bit Windows days, application installers could replace system components with newer versions if such was necessary. Installers were supposed to do a version check, but many of them didn�t follow this guidance. When moving to Windows 95, this meant installers ended up replacing Windows 95 system components with Windows 3.x versions, which wasn�t exactly a goods thing. So, they came up with a solution. Windows 95 worked around this by keeping a backup copy of commonly-overwritten files in a hidden C:\Windows\SYSBCKUP directory. Whenever an installer finished, Windows went and checked whether any of these commonly-overwritten files had indeed been overwritten. If so, and the replacement has a higher version number than the one in the SYSBCKUP directory, then the replacement was copied into the SYSBCKUP directory for safekeeping. Conversely, if the replacement has a lower version number than the one in the SYSBCKUP directory, then the copy from SYSBCKUP was copied on top of the rogue replacement. ↫ Raymond Chen All of this happened entirely silently, and neither the installers nor the user had any idea this was happening. The Windows 95 team tried other solutions, like just making it impossible to replace system components with older versions entirely, but that caused many installers to break. Some installers apparently even went rogue and would create a batch file that would replace the system components upon a reboot, before Windows 95 could perform its silent fixes. Wild. I used Windows 95 extensively, and had no idea this was a thing.
- US regulator bans imports of new foreign-made routers, citing security concerns
The U.S. Federal Communications Commission said on Monday it was banning the import of all new foreign-made consumer routers, the latest crackdown on Chinese-made electronic gear over security concerns. China is estimated to control at least 60% of the U.S. market for home routers, boxes that connect computers, phones, and smart devices to the internet. ↫ David Shepardson at Reuters I�m sure the American public will be thrilled to find out yet another necessity has drastically increased in price.
- Apple discontinues the Mac Pro with no plans for future hardware
It’s the end of an era: Apple has confirmed to 9to5Mac that the Mac Pro is being discontinued. It has been removed from Apple’s website as of Thursday afternoon. The “buy” page on Apple’s website for the Mac Pro now redirects to the Mac’s homepage, where all references have been removed. Apple has also confirmed to 9to5Mac that it has no plans to offer future Mac Pro hardware. ↫ Chance Miller at 9To5Mac If a Mac Pro falls in the back of the Apple Store and there�s no one around to hear it, does it make a sound?
- The reports of age verification in Linux are greatly exaggerated, for now
Several US states, the country of Brazil, and I�m sure other places in the world have enacted or are planning to enact laws that would place the burden of age verification of users on the shoulders of operating system makers. The legal landscape is quite fragmented at this point, and there�s no way to tell which way these laws will go, with tons of uncertainties around to whom these laws would apply, if it targets accounts for application store access or the operating system as a whole, what constitutes an operating system in the first place, and many more. Still, these laws are already forcing major players like Apple to implement sharing self-reported age brackets with application developers (at least in iOS), so there�s definitely something happening here. In recent weeks, the open source world has also been confronted with the first consequences of these laws, as both systemd and xdg-desktop-portal have responded to operating system-level age verification laws in, among other places, California and Colorado, by adding birthDate to userdb (on systemd�s side) and developing an age verification portal (on xdg-desktop-portal�s side) for use by Flatpaks. The age verification portal would then use the value set in usrdb�s birthDate as its data source. The value in birthDate would only be modifiable by an administrator, but can be read by users, applications, and so on. Crucially, this field is entirely optional, and distributions, desktop environments, and users are under zero obligation to use it or to enter a truthful value. In fact, contrary to countless news items and comments about these additions, nothing about this even remotely constitutes as age verification!, as nothing � not the government, not the distribution or desktop environments, not the user � has to or even can verify anything. If these changes make it to your distribution, you don�t have to suddenly show your government ID, scan your face, or link your computer to some government-run verification service, or even enter anything anywhere in the first place. Furthermore, while the xdg-desktop-portal�s proposals are still fluid and subject to change, consensus seems to be to only share age brackets with applications, instead of full birth dates or specific ages � assuming anything has even been entered in the birthDate field in the first place. Even if your Linux distribution and/or desktop environment implements everything needed to support these changes and expose them to you in a nice user interface, everything about it is optional and under your full control. The field is of the same type as the existing fields emailAddress, realName, and location, which are similarly entirely optional and can be left empty if desired. Taken in isolation, then, as it currently stands, there�s really not much meat to these changes at all. The primary reason to implement these changes is to minimally comply with the new laws in California, Colorado, Brazil, and other places, and it�s understandable why the people involved would want to do so. If they do not, they could face lawsuits, fines, or worse, and I don�t know about you, but I wouldn�t want to be on the receiving end of the western world�s most incompetent justice system. Aside from that, these changes make it possible to build robust parental controls, which isn�t mentioned in the original commits to systemd, but is clearly the main focal point of xdg-desktop-portal�s proposal. This all seems well and good, but given today�s political climate in the United States, as well as the course of history, that as it currently stands! is doing a lot of heavy lifting. Rightfully so, a lot of people are worried about where this could lead. Sure, today these are just inconsequential, optional changes in response to what seems to be misguided legislation, but what happens once these laws are tightened, become more demanding, and start requiring a lot more than just a self-reported age bracket? In Texas, for instance, H.B. 1131 requires any commercial entity, including websites, that contains more than one-third sexual material harmful to minors! to implement age verification tools using things like government-issued IDs or bank transaction data to verify visitors� ages before allowing them in. The UK has a similar law on the books, too. It�s not difficult to imagine how some other law will eventually shift this much stricter, actual age verification from websites and applications into operating systems instead. What will systemd�s and xdg-desktop-portal�s developers do, then? Will they comply as readily then as they do now? This is a genuine worry, especially if you already belong to a group targeted by the current US administration, or were face-scanned by ICE at a protest. Large groups of especially religious extremists consider anything that�s LGBTQ+ to be sexual material harmful to minors!, even if it�s just something normal like a gay character in a TV show. It�s not hard to imagine how age verification laws, especially if they force age verification at the operating system level, can become weaponised to target the LGBTQ+ community, other minorities, and people protesting the Trump regime. You may think this won�t affect you, since you�re using an open source operating system like desktop Linux or one of the BSDs, and surely they are principled enough to ignore such dangerous laws and simply not comply at all, right? Sadly, here�s where the idealism and principles of the open source world are going to meet the harsh boot of reality; while open source software has a picturesque image of talented youngsters hacking away in their bedrooms, the reality is that most of the popular open source operating systems are actually hugely complex operations that require a ton of funding, and that funding is often managed by foundations. And guess where most popular Linux distributions� and BSD variants� foundations are located? Developers from all over the world may contribute to Debian, but all of its financials and trademarks are managed by Software in the Public Interest, domiciled in New York State. Fedora is part of Red Hat, owned by IBM, and
- Windows native application development is a mess
Usually, when developers or programmers write articles about their experiences developing for a platform they have little to no experience with, the end result usually comes down to they do things differently, therefor it is bad actually!, which is deeply unhelpful. This article, though, is from a longtime Windows user and developer, but one who hasn�t had to work on native Windows development for a long time now. When he decided to write his own native Windows application to scratch a personal itch, it wasn�t a great experience. While I followed the Windows development ecosystem from the sidelines, my professional work never involved writing native Windows apps. (Chromium is technically a native app, but is more like its own operating system.) And for my hobby projects, the web was always a better choice. But, spurred on by fond childhood memories, I thought writing a fun little Windows utility program might be a good retirement project. Well. I am here to report that the scene is a complete mess. I totally understand why nobody writes native Windows applications these days, and instead people turn to Electron. ↫ Domenic Denicola Denicola decided to try and use the latest technologies and best practices from Microsoft regarding Windows development, and basically came away aghast at just how shot of an experience it really is. I�m not a developer, but you don�t need to be to grasp the severity of the situation after following his development timeline and reading about his struggles. If this is truly representative of the Windows application development experience, it�s really no surprise just how few new, quality Windows applications there are, and why even Microsoft�s own Windows developers resort to things like React for the Start menu to enabler faster and easier iteration. This is a complete dumpster fire.
- Java Sun SPOTs (Small Programable Object Technology)
These were Sun microcontrollers that run Squawk Java ME directly on metal with gc and all the bells and whistles, created by Sun Microsystems in 2005. The feature mesh networking and tcp/ip and multitasking. Even the drivers are java just like Java OS. They run a command and control server by default and there’s graphical network builders and deployment managers (Solarium) they also do some more esoteric stuff like process migration. ↫ Penny I have no use for these but I want them. They would�ve made an excellent addition to my Sun article. There�s still a detailed tutorial and informational website up about these things, too.
- The OpenBSD init system and boot process
In recent weeks, systemd has both embraced slopcoding and laid the groundwork for age verification built right into systemd-based Linux distributions, there�s definitely been an uptick in people talking about alternative init systems. If you want to gain understanding in a rather classic init system, OpenBSD�s is a great place to start. OpenBSD has a delightfully traditional init system, which makes it a great place to start learning about init systems. It�s simple and effective. There�s a bit of a counter movement in the IT and FOSS worlds rebelling against hyperscaler solutions pushing down into everyone�s practices. One of the rallying cries I�ve been seeing is to remind people that You Can Just Do Things" on the computer. The BSD init system, and especially OpenBSD�s is something of a godparent to this movement. init(8) just runs a shell script to start the computer, and You Can Just Do Things" in the script to get them to happen on boot. ↫ Overeducated-Redneck.net My main laptop is currently in for warranty repairs, but once it returns, I intend to set it up with either OpenBSD or a Linux distribution without systemd (most likely Void) to see how many systems I can distance from systemd without giving myself too much of a headache (I�m guessing my gaming machine will remain on systemd-based Fedora). I�m not particularly keen on slopcoding and government-mandated age verification inside my operating systems, and I�m definitely feeling a bit of a slippery slope underneath my feet. I have my limits.
- Microsoft finally makes a few concrete promises about Windows 11 improvements
Earlier this year, Microsoft openly acknowledged the sorry state of Windows 11, and made vague promises about possible improvements somewhere in the near future, but stayed away from making any concrete promises. Today, the company published a blog post with some more details, including some actual concrete, tangible changes it�s going to implement over the coming two months. In coming builds, you�ll be able to move the taskbar to any side of the screen, instead of it being locked to the bottom, thereby reintroducing a feature present since Windows 95. They�re also scaling back their obsession with ramming AI! in every corner of Windows, and will be removing Copilot integrations from Snipping Tool, Photos, Widgets, and Notepad. Furthermore, and this is a big one among Windows users I�m sure, Windows Update will be placed under user control once again, allowing them to ignore updates, postpone them indefinitely, reboot without applying updates, and so on. These are the tangible improvements we�ll be able to point to and say the company kept their word, and they all feel like welcome changes. There�s also a few promises that feel far more vague and less tangible, like the ever-present, long-running promise to improve File Explorer!. I feel like Microsoft�s been promising to fix their horrible file manager for years now, without much to show for it, so I hope this time will be different. The company also wants to improve Widgets, the Windows Insider Program, and the Feedback Hub application. These all feel less tangible, and will be harder to quantify and benchmark. Beyond these first round of improvements that we�re supposed to be seeing over the coming two months, Microsoft also promises to implement wider improvements across the board, with the usual suspects like better performance, quicker application launches, improved reliability, lower memory usage, and so on. They also promise to move more core Windows user interface components to WinUI 3, including the Start menu, which is currently written in React. Windows Search is another common pain point among Windows users, and here, Microsoft promises to improve its performance and clearly separate local from online results (but no word on making search exclusively local). There�s some more details in the blog post, but overall, it sounds great. However, words without actions are about as meaningful as a White House statement on the war with Iran, so seeing is believing.
- Google to introduce overly onerous hoops to prevent sideloading!
When Google said they were going to require verification from every single Android developer that would end the ability to install applications from outside of the Play Store (commonly wrongfully referred to as sideloading!), it caused quite a backlash. The company then backtracked a little bit, and said they would come up with an advanced flow! to make sure installing applications from outside of the Play Store remained possible. Well, Google has detailed this advanced flow!, and as everyone expected, it�s such a massive list of onerous hoops to jump through they might as well just lock Android down to the Play Store and get it over with. First, if a developer is verified, you can download their applications to your device and install them the same way you can do now. Second, developers with limited distribution accounts!, such as students or hobby projects, can share their applications with up to 20 devices without verification. Third, and this is where the fun starts, we have unverified developers � basically what all Android developers sharing applications outside of the Play Store are now. Here�s the full advanced flow! as described by Google to allow you to install an application from an unverified developer: Setting aside the fact that developer verification is, in and of itself, a massive problem, I�m kind of okay with a few scary warnings, a disclaimer, and perhaps a single reboot to enable installing applications outside of the Play Store � a few things to make normal people shrug their shoulders and not bother. However, adding enabling developer mode and a goddamn 24-hour waiting period is batshit insanity, and clearly has the intention of discouraging everyone, effectively locking Android to the Play Store. Android is already basically an entirely locked-down, closed-source platform, and once this advanced flow! comes into force, there�s virtually no difference between iOS and Android, especially for us Europeans who get similarly onerous anti-user nonsense when trying to install alternative application stores on iOS. I see no reason to buy Android over iOS at this point � might as well get the faster phone with better update support.
- You can make Linux syscalls in a Windows application, apparently
What happens if you make a Linux syscall in a Windows application? So yeah, you can make Linux syscalls from Windows programs, as long as they�re running under Wine. Totally useless, but the fact that such a Frankenstein monster of a program could exist is funny to me. ↫ nicebyte at gpfault.net The fact that this works is both surprising and unsurprising at the same time.
- From Linux to Blockchain: The Infrastructure Behind Modern Financial Systems
by George Whittaker
The modern internet is built on open systems. From the Linux kernel powering servers worldwide to the protocols that govern data exchange, much of today’s digital infrastructure is rooted in transparency, collaboration, and decentralization. These same principles are now influencing a new frontier: financial systems built on blockchain technology.
For developers and system architects familiar with Linux and open-source ecosystems, the rise of cryptocurrency is not just a financial trend, it is an extension of ideas that have been evolving for decades.
Open-Source Foundations and Financial Innovation
Linux has long demonstrated the power of decentralized development. Instead of relying on a single authority, it thrives through distributed contributions, peer review, and community-driven improvement.
Blockchain technology follows a similar model. Networks like Bitcoin operate on open protocols, where consensus is achieved through distributed nodes rather than centralized control. Every transaction is verified, recorded, and made transparent through cryptographic mechanisms.
For those who have spent years working within Linux environments, this architecture feels familiar. It reflects a shift away from trust-based systems toward verification-based systems.
Understanding the Stack: Nodes, Protocols, and Interfaces
At a technical level, cryptocurrency systems are composed of multiple layers. Full nodes maintain the blockchain, validating transactions and ensuring network integrity. Lightweight clients provide access to users without requiring full data replication. On top of this, exchanges and platforms act as interfaces that connect users to the underlying network.
For developers, interacting with these systems often involves APIs, command-line tools, and automation scripts, tools that are already integral to Linux workflows. Managing wallets, verifying transactions, and monitoring network activity can all be integrated into existing development environments.
Go to Full Article
- Firefox 149 Arrives with Built-In VPN, Split View, and Smarter Browsing Tools
by George Whittaker
Mozilla has officially released Firefox 149.0, bringing a mix of new productivity features, privacy enhancements, and interface improvements. Released on March 24, 2026, this update continues Firefox’s steady push toward a more modern and user-focused browsing experience.
Rather than focusing on a single headline feature, Firefox 149 introduces several practical tools designed to improve how users multitask, stay secure, and interact with the web.
Built-In VPN Comes to Firefox
One of the most notable additions in Firefox 149 is the introduction of a built-in VPN feature. This optional tool provides users with an added layer of privacy while browsing, helping mask IP addresses and secure connections on public networks.
In some configurations, Mozilla is offering a free usage tier with limited monthly data, giving users a simple way to enhance privacy without installing separate software.
This move aligns with Mozilla’s long-standing emphasis on user privacy and security.
Split View for Better Multitasking
Firefox 149 introduces a Split View mode, allowing users to display two web pages side by side within a single browser window. This feature is especially useful for:
Comparing documents or products Copying information between pages Research and multitasking workflows
Instead of juggling multiple tabs and windows, users can now work more efficiently in a single, organized view.
Tab Notes: A New Productivity Tool
Another standout feature is Tab Notes, available through Firefox Labs. This tool allows users to attach notes directly to individual tabs, making it easier to:
Keep track of research Save reminders tied to specific pages Organize ongoing tasks
This feature reflects a growing trend toward integrating lightweight productivity tools directly into the browser experience.
Smarter Browsing with Optional AI Features
Firefox 149 also expands its experimental AI-powered features, including tools that can assist with summarizing content, providing quick explanations, or helping users interact with web pages more efficiently.
Importantly, Mozilla is keeping these features optional and user-controlled, maintaining its focus on transparency and privacy.
Developer and Platform Updates
For developers, Firefox 149 includes updates to web standards and APIs. One example is improved support for HTML features like enhanced popover behavior, which helps developers build more interactive web interfaces.
As always, these under-the-hood changes help ensure Firefox remains competitive and standards-compliant.
Go to Full Article
- Blender 5.1 Released: Faster Workflows, Smarter Tools, and Major Performance Gains
by german.suarez
The Blender Foundation has officially released Blender 5.1, the latest update to its powerful open-source 3D creation suite. This version focuses heavily on performance improvements, workflow refinements, and stability, while also introducing a handful of new features that expand what artists and developers can achieve.
Rather than reinventing the platform, Blender 5.1 is all about making existing tools faster, smoother, and more reliable — a release that benefits both professionals and hobbyists alike.
A Release Focused on Refinement
Blender 5.1 emphasizes polish over disruption, with developers addressing hundreds of issues and improving the overall production pipeline. The update includes widespread optimizations across rendering, animation, modeling, and the viewport, resulting in a more responsive and efficient experience.
Many of Blender’s internal libraries have also been updated to align with modern standards like VFX Platform 2026, ensuring better long-term compatibility and performance.
Performance Gains Across the Board
One of the standout aspects of Blender 5.1 is its performance boost:
Faster animation playback and shape key evaluation Improved rendering speeds for both GPU and CPU Reduced memory overhead and smoother viewport interaction Optimized internal systems for better responsiveness
In some scenarios, animation and editing performance improvements can be dramatic, especially with complex scenes.
New Raycast Node for Advanced Shading
A major feature addition in Blender 5.1 is the Raycast shader node, which opens the door to advanced rendering techniques.
This node allows artists to trace rays within a scene and extract data from surfaces, enabling:
Non-photorealistic rendering (NPR) effects Custom shading techniques Decal projection and X-ray-style visuals
It’s a flexible tool that expands Blender’s shading capabilities, especially for stylized workflows.
Grease Pencil Gets a Big Upgrade
Blender’s 2D animation tool, Grease Pencil, sees meaningful improvements:
New fill workflow with support for holes in shapes Better handling of imported SVG and PDF files More intuitive drawing and editing behavior
These updates make Grease Pencil far more practical for hybrid 2D/3D workflows and animation pipelines.
Geometry Nodes and Modeling Improvements
Geometry Nodes continue to evolve with expanded functionality:
Go to Full Article
- The Need for Cloud Security in a Modern Business Environment
by George Whittaker
Cloud systems are an emergent standard in business, but migration efforts and other directional shifts have introduced vulnerabilities. Where some attack patterns are mitigated, cloud platforms leave businesses open to new threats and vectors. The dynamic nature of these environments cannot be addressed by traditional security systems, necessitating robust cloud security for contemporary organizations.
Just as businesses have come to acknowledge the value of cloud operations, so too have cyber attackers. Protecting sensitive assets and maintaining regulatory compliance, while simultaneously ensuring business continuity against cloud attacks, requires a modern strategy. When any window could be an opportunity for infiltration, a comprehensive approach serves to limit exploitation.
Unlike traditional on-premise infrastructure, cloud environments dramatically expand an organization’s threat surface. Resources are distributed across regions, heavily dependent on APIs, and frequently created or decommissioned in minutes. This constant change makes it difficult to maintain a fixed security perimeter and increases the likelihood that misconfigurations or exposed services go unnoticed, creating opportunities for exploitation.
The Vulnerabilities of Cloud Security Services
Any misconfiguration, insecure application programming interface (API), or identity management solution may become an invitation for cyberattacks. Amid the rise of artificial intelligence (AI) technology, it is possible for even inexperienced individuals to exploit such weaknesses in cloud systems. Cloud environments are designed for accessibility, a benefit that can be taken advantage of.
“Unlike traditional software, AI systems can be manipulated through language and indirect instructions,” Lee Chong Ming wrote for Business Insider. “[AI expert Sander] Schulhoff said people with experience in both AI security and cybersecurity would know what to do if an AI model is tricked into generating malicious code.”
At the same time that many businesses are migrating to cloud platforms and implementing cloud security features, they are adopting AI technology in order to accelerate workflows and other processes. These systems may have their advantages for certain industries, but their presence can create its own vulnerabilities. Addressing the shortcomings of cloud systems and AI at the same time compounds the security challenges of today.
Go to Full Article
- Google Brings Chrome to ARM Linux: A Long-Awaited Step for Modern Linux Devices
by George Whittaker
Google has officially announced that Chrome is coming to ARM64 Linux systems, marking a major milestone for both the Linux and ARM ecosystems. The native browser is expected to launch in Q2 2026, finally closing a long-standing gap for users running Linux on ARM-based hardware.
For years, ARM Linux users have relied on Chromium builds or workarounds to access a Chrome-like experience. That’s about to change.
Why This Announcement Matters
Until now, Google Chrome on Linux was limited to x86_64 systems, leaving ARM-based devices without an official build.
That meant users had to:
Use Chromium instead of Chrome
Run emulated versions of Chrome
Miss out on proprietary features like sync, DRM support, and Google services
With this new release, ARM Linux users will finally get the full Chrome experience, including seamless integration with Google’s ecosystem.
What Users Can Expect
The upcoming ARM64 version of Chrome will bring the same features users expect on other platforms:
Google account sync (bookmarks, history, tabs)
Access to the Chrome Web Store and extensions
Built-in features like translation, autofill, and security protections
Support for DRM services and media playback
This brings ARM Linux closer to feature parity with macOS (ARM support since 2020) and Windows on ARM (since 2024).
The Rise of ARM on Linux
The timing of this move reflects a broader shift in computing. ARM-based hardware is rapidly gaining traction across:
Laptops powered by Snapdragon and future ARM chips
Developer boards like Raspberry Pi
High-performance systems such as NVIDIA’s ARM-based AI desktops
Google itself highlighted growing demand for Chrome on these systems, especially as ARM expands beyond mobile devices into mainstream computing.
Partnerships and Deployment
Google is also working with hardware vendors to streamline adoption. Notably, Chrome will be integrated into NVIDIA’s Linux-on-ARM DGX Spark systems, making installation easier for high-performance AI workstations.
For general users, Chrome will be available for download directly from Google once released.
Why This Took So Long
Interestingly, this move comes years after Chrome was already available on ARM-based platforms like Apple Silicon Macs and Windows devices.
Go to Full Article
- CrackArmor Exposed: Critical Flaws in AppArmor Put Millions of Linux Systems at Risk
by George Whittaker
A newly disclosed set of vulnerabilities has sent shockwaves through the Linux security community. Dubbed “CrackArmor,” these flaws affect AppArmor, one of the most widely used security modules in Linux, potentially exposing millions of systems to serious compromise.
Discovered by the Qualys Threat Research Unit, the vulnerabilities highlight a concerning reality: even core security mechanisms can harbor weaknesses that go unnoticed for years.
What Is CrackArmor?
“CrackArmor” refers to a group of nine critical vulnerabilities found in the Linux kernel’s AppArmor module. AppArmor is a mandatory access control (MAC) system designed to restrict what applications can do, helping contain attacks and enforce system policies.
These flaws stem from a class of issues known as “confused deputy” vulnerabilities, where a lower-privileged user can trick trusted processes into performing actions on their behalf.
Why These Vulnerabilities Are Serious
The impact of CrackArmor is significant because it undermines one of Linux’s core security layers. Researchers found that attackers could:
Escalate privileges to root from an unprivileged account
Bypass AppArmor protections entirely
Break container isolation, affecting Kubernetes and cloud workloads
Execute arbitrary code in the kernel
Trigger denial-of-service (DoS) conditions
In some demonstrations, attackers were able to gain full root access in seconds under controlled conditions.
How Widespread Is the Risk?
The scope of the issue is massive. AppArmor is enabled by default in major distributions such as:
Ubuntu
Debian
SUSE
Because of this, researchers estimate that over 12.6 million Linux systems could be affected.
These systems span:
Enterprise servers
Cloud infrastructure
Containers and Kubernetes clusters
IoT and edge devices
This widespread deployment significantly amplifies the potential impact.
A Long-Standing Problem
One of the most concerning aspects of CrackArmor is how long the vulnerabilities have existed. According to researchers, the flaws date back to around 2017 (Linux kernel 4.11) and remained undiscovered in production environments for years.
This long exposure window increases the risk that similar weaknesses may exist elsewhere in critical system components.
Go to Full Article
- Intel Expands Linux Graphics Team to Boost Drivers and Gaming Support
by George Whittaker
Intel is once again investing in Linux development. The company has recently posted several job openings aimed at strengthening its Linux graphics driver and GPU software teams, signaling continued interest in improving Intel hardware support on the open-source platform.
For Linux users, especially gamers and developers, this could mean faster improvements to Intel’s graphics stack and stronger support for modern workloads.
New Roles Focused on Linux Graphics
Intel has listed multiple GPU Software Development Engineer positions, many of which specifically focus on Linux graphics technologies. These roles involve working on the full graphics stack, including firmware, kernel drivers, and user-space components used by applications and games.
The responsibilities for these positions include:
Developing and optimizing Intel GPU drivers for Linux
Improving the Linux graphics stack, including kernel DRM drivers and Mesa components
Working with graphics APIs and tools used by modern applications
Ensuring compatibility across desktop, workstation, and data-center hardware
The job listings also emphasize experience with C/C++ development and the Linux kernel graphics ecosystem, highlighting the technical depth required for these roles.
Linux Gaming Is Part of the Plan
One of the more notable details from the job postings is the mention of Linux gaming technologies such as Wine and Proton. These compatibility layers allow Windows games to run on Linux, making them central to platforms like SteamOS and the Steam Deck.
Intel’s focus on these tools suggests the company wants its GPUs to perform well not just in enterprise workloads but also in gaming environments. That aligns with the growing popularity of Linux gaming driven by:
Valve’s Proton compatibility layer
Vulkan-based graphics APIs
The success of devices like the Steam Deck
Beyond Gaming: HPC and Data Center Work
While gaming support is part of the focus, the hiring effort isn’t limited to consumer graphics. Intel is also recruiting engineers for areas such as:
High-performance computing (HPC)
AI and machine-learning workloads
Middleware development for supercomputing systems
Cloud and data-center GPU optimization
These roles indicate Intel’s broader strategy to strengthen Linux across multiple sectors, from desktops and laptops to supercomputers and cloud infrastructure.
Go to Full Article
- AerynOS 2026.02 Alpha Released: Advancing a Modern Atomic Linux Vision
by George Whittaker
The developers behind AerynOS have released AerynOS 2026.02 Alpha, the latest development snapshot of the independent Linux distribution previously known as Serpent OS. This new release continues the project’s rapid evolution, bringing updated packages, improved build tools, and new installation options while the system remains in an early testing stage.
Although still labeled as an alpha-quality release, the new ISO gives enthusiasts and developers a chance to explore the direction AerynOS is taking as it builds a modern Linux platform from scratch.
A Modern Atomic Approach
AerynOS aims to rethink how Linux distributions handle updates and package management. The project focuses on atomic-style updates, meaning system changes are applied as a complete transaction rather than individual package installs. This approach helps reduce the risk of partially completed updates leaving a system in a broken state.
Unlike some atomic distributions, however, AerynOS does not rely on an immutable filesystem, allowing users to retain flexibility and customization while still benefiting from safer update behavior.
Updated Desktop Environments
The 2026.02 alpha release ships with several modern desktop environment options:
GNOME 49.4 as the default desktop
COSMIC 1.0.8, System76’s emerging desktop environment
KDE Plasma 6.6.1 available as an alternative session
These updates provide users with multiple modern desktop choices while ensuring compatibility with the latest frameworks and desktop technologies.
New Core Software and Components
AerynOS 2026.02 also brings a large batch of software updates across the system stack. Some of the notable versions included in the release are:
Linux kernel 6.18.15 LTS
Firefox 148
PipeWire 1.6
Wine 11.3
Waybar 0.15
Mesa/Nesa graphics drivers 26.x
Together, these updates ensure that the development snapshot reflects a modern Linux software ecosystem while improving compatibility with newer hardware.
Improved Development Tooling
A significant portion of the February development cycle focused on improving the distribution’s internal tooling:
Moss, the package manager, has been optimized for faster performance.
Boulder, the package build system, now automates more recipe creation and version handling.
Go to Full Article
- Armbian 26.02 Arrives with Linux 6.18 LTS and Expanded Board Support
by George Whittaker
The Armbian project has released Armbian 26.02, the latest update to the lightweight Linux distribution designed specifically for ARM and RISC-V single-board computers (SBCs). Known for its stability and hardware optimization, Armbian continues to evolve with improved hardware support, new desktop options, and updated core components in this release.
A Linux Distribution Tailored for SBCs
Armbian is built on top of Debian or Ubuntu, providing optimized system images for single-board computers such as Orange Pi, Banana Pi, and ODROID devices. The project focuses on stability, performance, and long-term maintenance for embedded and development boards.
With the 26.02 release, the developers continue that mission by refining support for modern hardware platforms and improving the overall software stack.
Powered by Linux 6.18 LTS
One of the biggest upgrades in Armbian 26.02 is the transition to Linux kernel 6.18 LTS, which brings improved driver support, performance enhancements, and better compatibility for newer SBC hardware.
The newer kernel helps ensure that Armbian remains compatible with evolving chipsets while maintaining stability across its supported devices.
New Board Support
This release expands Armbian’s hardware ecosystem with support for several new boards, including:
SpacemiT MusePi Pro
Radxa Rock 4D
Orange Pi RV2
ODROID M2
These additions reflect Armbian’s ongoing focus on supporting emerging ARM and RISC-V development boards used by hobbyists, developers, and embedded system builders.
Desktop Improvements
Armbian 26.02 also introduces expanded desktop options:
RISC-V XFCE desktop images for supported RISC-V systems
Restored KDE Neon desktop builds
Updated desktop targets based on Ubuntu 24.04 LTS
These changes give users more flexibility when choosing between lightweight environments or more full-featured desktop setups.
Enhancements to Armbian Tools
The Armbian ecosystem itself has also received improvements. The Armbian Imager utility, used to flash OS images to SBC storage devices, now features:
Faster image decompression
Code signing for improved security on macOS and Windows
AI-assisted translation support
A new settings panel with additional developer options
Go to Full Article
- Linux 7.0 Is Coming: What to Expect from the Next Major Kernel Release
by George Whittaker
Excitement in the open-source world is rising as the Linux kernel project moves toward the next major release: Linux kernel 7.0. While a major version number might sound like a dramatic overhaul, the reality is a lot more steady progress, and that’s part of what makes the Linux kernel so reliable and trusted. The first release candidate (RC1) for Linux 7.0 has already been published, and developers are entering the final stretch toward a stable release expected around mid-April 2026.
An Evolution, Not a Revolution
Linus Torvalds, the creator and lead maintainer of the Linux kernel, officially confirmed that the next version after Linux 6.19 will be dubbed Linux 7.0. In the announcement, he made clear that the jump to “7.0” isn’t tied to any monumental architectural upheaval, it’s a practical naming decision made partly to keep version numbers manageable.
That tradition continues a long-standing pattern: kernel series are often numbered until they reach higher minor versions (like 6.19), and then the major number increments, even if the changes are incremental and largely additive rather than breaking.
Inside the 7.0 Development Cycle
The Linux 7.0 cycle opened with the merge window, during which new code from contributors around the world is accepted. With the release candidate phase now underway, the focus has turned toward stabilization and testing.
The 7.0-rc1 announcement notes that this cycle saw a “smooth” merge window with relatively few major boot failures reported on the lead developer’s own test machines, a good sign for the kernel’s broad hardware support.
Expected Improvements
While the final changelog for the stable 7.0 kernel will only be known when it ships, several themes stand out from early previews and reporting:
1. Broad Hardware Enablement
Driver updates make up a significant portion of the changes so far, helping Linux support the latest CPUs and SoCs from vendors like Intel, AMD, and Qualcomm. Early testing indicates enablement for new families such as Intel Nova Lake and AMD Zen 6, which will be important for next-generation laptops, desktops, and servers.
2. Performance and Responsiveness
Kernel maintainers and community reports suggest that performance improvements are part of the 7.0 trend. Although specifics are still emerging, the kernel’s scheduler and memory management subsystems tend to see ongoing optimization as workloads diversify.
Go to Full Article
|
