|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- Security updates for Friday
Security updates have been issued by Debian (krita and tryton-server), Oracle (bind9.18, ipa, kernel, libssh, redis, redis:7, sqlite, sssd, and vim), Slackware (cups), SUSE (containerd, cups, curl, dovecot24, git-bug, gitea-tea, glib2, grub2, himmelblau, java-25-openjdk, kernel, libmicrohttpd, libvirt, pnpm, powerpc-utils, python311, python313, redis, rnp, runc, sssd, tomcat11, unbound, and xwayland), and Ubuntu (cups, libxml2, openvpn, and webkit2gtk).
- Security updates for Thursday
Security updates have been issued by Debian (kdeconnect, libssh, and samba), Fedora (7zip, docker-buildkit, and docker-buildx), Oracle (bind, buildah, cups, delve and golang, expat, firefox, gimp, go-rpm-macros, haproxy, kernel, lasso, libsoup, libtiff, mingw-expat, openssl, podman, python-kdcproxy, qt5-qt3d, runc, squid, thunderbird, tigervnc, valkey, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (buildah, cloudflared, containerd, expat, firefox, gnutls, helm, kernel, libxslt, mysql-connector-java, ongres-scram, openbao, openexr, openssh, podman, python311, python312, ruby2.5, rubygem-rack, runc, samba, sssd, tiff, unbound, and yelp), and Ubuntu (edk2, ffmpeg, h2o, python3.13, rust-openssl, and valkey).
- KDE Plasma 6.8 will be Wayland-only
KDE's Plasma team has announcedthat KDE Plasma will drop X11 session support with Plasma 6.8:
The Plasma X11 session will be supported by KDE into early2027.
We cannot provide a specific date, as we're exploring thepossibility of shipping some extra bug-fix releases for Plasma6.7. The exact timing of the last one will only be known when we getcloser to its actual release, which we expect will be sometime inearly 2027.
What if I still really need X11?
This is a perfect use case for long term support (LTS)distributions shipping older versions of Plasma. For example,AlmaLinux 9 includes the Plasma X11 session and will be supporteduntil sometime in 2032.
See the blog post for information on running X11 applications(still supported), accessibility, gaming, and more.
- Security updates for Wednesday
Security updates have been issued by AlmaLinux (bind, binutils, delve and golang, expat, firefox, haproxy, kernel, libsoup3, libssh, libtiff, openssh, openssl, pam, podman, python-kdcproxy, shadow-utils, squid, thunderbird, vim, xorg-x11-server-Xwayland, and zziplib), Debian (cups-filters, libsdl2, linux-6.1, net-snmp, pdfminer, rails, and tryton-sao), Fedora (chromium, docker-buildkit, docker-buildx, and sudo-rs), Gentoo (librnp), Mageia (webkit2), SUSE (amazon-ssm-agent, buildah, curl, dpdk, fontforge-20251009, kernel, libIex-3_4-33, librnp0, python311, rclone, and sssd), and Ubuntu (linux, linux-aws, linux-aws-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-aws-6.14, linux-oracle-6.14, linux-aws-fips, linux-fips, linux-gcp-fips, linux-realtime, linux-realtime-6.8, mupdf, openjdk-17, openjdk-8, and openjdk-lts).
- Security updates for Tuesday
Security updates have been issued by AlmaLinux (buildah, firefox, go-rpm-macros, kernel, kernel-rt, podman, and thunderbird), Debian (erlang, python-gevent, and r-cran-gh), Fedora (buildah, chromium, k9s, kubernetes1.33, kubernetes1.34, podman, python-mkdocs-include-markdown-plugin, and webkitgtk), Gentoo (Chromium, Google Chrome, Microsoft Edge. Opera, qtsvg, redict, redis, UDisks, and WebKitGTK+), Mageia (cups-filters and ruby-rack), Oracle (kernel and libssh), Red Hat (.NET 8.0, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (act, bind, cups-filters, govulncheck-vulndb, grub2, libebml, python39, and tcpreplay), and Ubuntu (linux-raspi, linux-raspi-realtime, openjdk-21, openjdk-25, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4, and runc-app, runc-stable).
- AlmaLinux 10.1 released
AlmaLinux 10.1 has been released. Inaddition to providing binary compatibility with Red Hat EnterpriseLinux (RHEL) 10.1, the most notable feature in AlmaLinux 10.1 isthe addition of supportfor Btrfs, which is not available in RHEL:
Btrfs support encompasses both kernel and userspace enablement, and itis now possible to install AlmaLinux OS on a Btrfs filesystem from thevery beginning. Initial enablement was scoped to the installer andstorage management stack, and broader support within the AlmaLinuxsoftware collection for Btrfs features is forthcoming.
In addition to Btrfs support, AlmaLinux OS 10.1 includes numerousother improvements to serve our community. We have continued to extendhardware support both by addingdrivers and by adding a secondary version of AlmaLinux OS and EPELto extend support of x86_64_v2 processors.
See the releasenotes for a full list of changes.
- [$] APT Rust requirement raises questions
It is rarely newsworthy when a project or package picks up a newdependency. However, changes in a core tool like Debian's Advanced PackageTool (APT) can have far-reaching effects. For example, JulianAndres Klode's declarationthat APT would require Rust in May 2026 means that a few of Debian'sunofficial ports must either acquire a working Rust toolchain ordepend on an old version of APT. This has raised several questionswithin the project, particularly about the ability of a singlemaintainer to make changes that have widespread impact.
- Security updates for Monday
Security updates have been issued by Fedora (calibre, chromium, cri-o1.32, cri-o1.33, cri-o1.34, dotnet10.0, dovecot, gnutls, gopass, gopass-hibp, gopass-jsonapi, kubernetes1.31, kubernetes1.32, kubernetes1.33, kubernetes1.34, and linux-firmware), Mageia (ffmpeg, kernel, kmod-xtables-addons & kmod-virtualbox, kernel-linus, konsole, and redis), Red Hat (bind and bind-dyndb-ldap and kernel), SUSE (act, alloy, amazon-ssm-agent, ansible-12, ansible-core, blender, chromium, cups-filters, curl, elfutils, expat, firefox, glib2, grub2, helm, kernel, libipa_hbac-devel, libxslt, nvidia-container-toolkit, ongres-scram, openexr, podman, poppler, runc, samba, sssd, thunderbird, and tomcat), and Ubuntu (cups-filters, linux, linux-aws, linux-gcp, linux-hwe-6.14, linux-oracle, linux-realtime, linux-oem-6.14, and linux-realtime-6.14).
- Kernel prepatch 6.18-rc7
Linus has released 6.18-rc7, probably thelast -rc before the 6.18 release.
So the rc6 kernel wasn't great: we had a last-minute core VM regression that caused people problems.
That's not a great thing late in the release cycle like that, but it was a fairly trivial fix, and the cause wasn't some horrid bug, just a latent gotcha that happened to then bite a late VM fix. So while not great, it also doesn't make me worry about the state of 6.18. We're still on track for a final release next weekend unless some big new problem rears its ugly head.
- Racket 9.0 released
The Racket programming languageproject has released Racketversion 9.0. Racket is a descendant of Scheme, so it is part of the Lisp family of languages. The headline feature in the release is parallelthreads, which adds to the concurrency tools in the language: "WhileRacket has had green threads for some time, and supports parallelism viafutures and places, we feel parallel threads is a major addition."Other new features include the black-boxwrapper to prevent the compiler from optimizing calculations away, the decompile-linkletfunction to map linkletsback to an s-expression, theaddition of Weibulldistributions to the math library, and more.
- Improving GCC Buffer Overflow Detection for C Flexible Array Members (Oracle)
The Oracle blog has alengthy article on enhancements to GCC to help detect overflows offlexible array members (FAMs) in C programs.
We describe here two new GNU extensions which specify size information for FAMs. These are a new attribute, "counted_by" and a new builtin function, "__builtin_counted_by_ref". Both extensions can be used in GNU C applications to specify size information for FAMs, improving the buffer overflow detection for FAMs in general.
This work has been covered on LWN as well.
- The 2025 Linux Foundation Technical Advisory Board election
The call forcandidates for the 2025 election for the Linux Foundation TechnicalAdvisory Board has been posted.
The TAB exists to provide advice from the kernel community to the Linux Foundation and holds a seat on the LF's board of directors; it also serves to facilitate interactions both within the community and with outside entities. Over the last year, the TAB has overseen the organization of the Linux Plumbers Conference, advised on the setup of the kernel CVE numbering authority, worked behind the scenes to help resolve a number of contentious community discussions, worked with the Linux Foundation on community conference planning, and more.
Nominations close on December 13.
- [$] Unpacking for Python comprehensions
Unpacking Python iterables of various sorts, such as dictionaries or lists,is useful in a number of contexts, including for function arguments, butthere has long been a call for extending that capability to comprehensions. PEP 798 ("Unpacking inComprehensions") was first proposed in June 2025 to fill that gap. In earlyNovember, the steering council acceptedthe PEP, which means that the feature will be coming to Python 3.15 inOctober 2026. It may be something of a niche feature, but it is aninconsistency that has been apparent for a while—to the point that some Python programmersassume that it is already present in the language.
- PHP 8.5.0 released
Version8.5.0 of the PHP language has been released. Changes include a new"|>" operator that, for some reason, makes these two linesequivalent:
$result = strlen("Hello world"); $result = "Hello world" |> strlen(...);
Other changes include a new function attribute, "#[\NoDiscard]" toindicate that the return value should be used, attributes on constants, andmore; see themigration guide for details.
- Intel Hiring Two More Experienced Linux Kernel Engineers
While there have been a number of Intel Linux engineers laid off over roughly the past year, other Linux kernel engineers opting to pursue employment opportunities elsewhere amid the ongoing challenges and restructuring at the company, and shifts in their open-source strategy, there's some good news as we work toward the 2025 holidays. Intel is currently hiring for two more experienced Linux kernel software engineers...
- Open-Source Nouveau+NVK vs. NVIDIA 580 Linux Gaming/Graphics & Compute Driver Performance
This Black Friday is an in-depth look at the current performance of the open-source NVIDIA Linux driver stack with the Nouveau kernel driver (the Nova driver not yet being ready for end-users) paired with the latest Mesa NVK driver for open-source Vulkan API support. With that NVK Vulkan driver is also looking at the OpenGL performance using the Zink OpenGL-on-Vulkan driver used now for OpenGL on modern NVIDIA GPUs rather than maintaining the Nouveau Gallium3D driver. Plus the Rusticl driver for OpenCL compute atop the NVK driver. This fully open-source and latest NVIDIA Linux driver support was compared to NVIDIA's official 580 series Linux driver. Both RTX 40 Ada and RTX 50 Blackwell graphics cards were tested for this thorough GPU driver comparison.
- Dual-Radio T-Lora Dual Supports LoRa at 150-960 MHz and 2.4 GHz
LILYGO has introduced the T-Lora Dual LR, a compact board that integrates an ESP32-S3R8 microcontroller with two LR1121 transceivers, combining Wi-Fi, Bluetooth LE, and LoRa across sub-GHz and 2.4 GHz bands. The module uses the ESP32-S3R8 as its main processor. It features a dual-core LX7 architecture and includes integrated wireless connectivity for Wi-Fi 802.11 b/g/n […]
- AI Helps Drive Record $11.8B in Black Friday Online Spending
Earlier this month MasterCard noted that even Walmart now allows its customers to make purchases through ChatGPT. And after polling more than 4,000 consumers in the U.S., Canada, U.K., and UAE, they found "more than four in 10 consumers already use AI tools to help them shop, including 61% of Gen Z and 57% of millennials."Many (50% of Gen Z and 49% of millennials) say they'd even let AI handle all their gift-buying if it meant avoiding stress. Younger shoppers trust AI's taste, with 51% of Gen Z and 55% of millennials relying on it to deliver unique and thoughtful recommendations (sometimes even more than they trust themselves). The most popular uses include getting personalized product recommendations, confirming the best deal before purchasing, and summarizing thousands of reviews instantly.The bottom line: Shoppers are embracing AI as their new personal assistant — one that knows their budget, style, and patience level... If the 2025 holiday shopper could be summed up in one word, it's intentional. They're planning earlier, spending wiser and using technology to make every dollar and every gift count. The first figures are now in for the traditional "Black Friday" shopping day after Thanksgiving, and U.S. shoppers "spent a record $11.8 billion online," reports Reuters, "up 9.1% from 2024 on the year's biggest shopping day, according to Adobe Analytics, which tracks 1 trillion visits that shoppers make to online retail websites..." And sure enough, this year shoppers were helped by AI:AI-powered shopping tools helped drive a surge in U.S. online spending on Black Friday, as shoppers bypassed crowded stores and turned to chatbots to compare prices and secure discounts amid concerns about tariff-driven price hikes... The AI-driven traffic to U.S. retail sites soared 805% compared to last year, Adobe said, when artificial intelligence tools such as Walmart's Sparky or Amazon's Rufus had not yet been launched. "Consumers are using new tools to get to what they need faster," said Suzy Davidkhanian, an analyst at eMarketer. "Gift giving can be stressful, and LLMs (large language models) make the discovery process feel quicker and more guided..." Globally, AI and agents influenced $14.2 billion in online sales on Black Friday, of which $3 billion came from the U.S. alone, according to software firm Salesforce. There's another reason shoppers turned to AI. 2025's Black Friday arrived "amid tighter budgets, unemployment nearing a four-year high, U.S. consumer confidence sagging to a seven-month low and price tags that have shoppers watching every dollar," according to the article:Discount rates also remained flat when compared to 2024, with AI helping shoppers discover the best deals, and an increase in the price tags made deeper discounts difficult for retailers... Order volumes fell 1% as average selling prices rose 7%. Consumers also purchased fewer items at checkout, with units per transaction falling 2% on a year-over-year basis, Salesforce said. The spending surge sets the stage for an even bigger Cyber Monday, projected to drive $14.2 billion in sales, up 6.3% on a year-over-year basis and the largest online shopping day of the year, Adobe said. Electronics are expected to see the deepest discounts on Cyber Monday, reaching 30% off list prices, along with strong deals on apparel and computers, Adobe said.
Read more of this story at Slashdot.
- Are There More Linux Users Than We Think?
"By my count, Linux has over 11% of the desktop market," writes ZDNet's Steven Vaughan-Nichols:In StatCounter's latest US numbers, which cover through October, Linux shows up as only 3.49%. But if you look closer, "unknown" accounts for 4.21%. Allow me to make an educated guess here: I suspect those unknown desktops are actually running Linux. What else could it be? FreeBSD? Unix? OS/2? Unlikely. In addition, ChromeOS comes in at 3.67%, which strikes me as much too low. Leaving that aside, ChromeOS is a Linux variant. It just uses the Chrome web browser for its interface rather than KDE Plasma, Cinnamon, or another Linux desktop environment. Put all these together, and you get a Linux desktop market share of 11.37%... If you want to look at the broader world of end-user operating systems, including phones and tablets, Linux comes out even better. In the US, where we love our Apple iPhones, Android — yes, another Linux distro — boasts 41.71% of the market share, according to StatCounter's latest numbers. Globally, however, Android rules with 72.55% of the market. Yes, that's right, if you widen the Linux end-user operating system metric to include PC, tablets, and smartphones, you can make a reasonable argument that Linux, and not Windows, is already the top dog operating system... If you add Chrome OS (1.7%) and Android (15.8%), 23.3% of all people accessing the U.S. government's websites are Linux users. The Linux kernel's user-facing footprint is much larger than the "desktop Linux" label suggests. The article lists reasons more people might be switching to Linux, including broader hardware support and "the increased viability of gaming via Steam and Proton" — but also the rise of Digital Sovereignty initiatives. (One EU group has even created EU OS.") And finally, "not everyone is thrilled with Windows 11 being turned into an AI-agentic operating system."
Read more of this story at Slashdot.
- Scientists Discover People Act More Altruistic When Batman Is Present
Psychology Today reports:In a study conducted in Milan, Italy, and published in November 2025, the sight of a person dressed as Batman led to a nearly doubled rate of people giving up their seat to a pregnant woman. Over the course of 138 subway rides, researchers found that people who saw "Batman" standing near the pregnant woman were far more altruistic than those who did not. Researchers are calling this the "Batman effect," suggesting a form of "involuntary" mindfulness may be at play. Noticing these subtle social cues appears to shift people's typical, automatic reactions. Most interestingly, 44 percent of the people questioned reported they did not even consciously register Batman's presence... The superhero costume serves as a visual nudge, pulling us out of our default, self-focused mode and into a more generous, attentive state. More from Futurism:Batman showing up is just one — albeit striking — way of promoting what's called "prosocial behavior," or the act of helping others around you, via introducing an unexpected event, the researchers write. "Our findings are similar to those of previous research linking present-moment awareness (mindfulness) to greater prosociality," said study lead author Francesco Pagnini, a professor of clinical psychology at the Università Cattolica in Milan, in a statement about the work. "This may create a context in which individuals become more attuned to social cues." Thanks to Black Parrot (Slashdot reader #19,622) for sharing the article.
Read more of this story at Slashdot.
- Defense Company Announces an AI-Powered Dome to Shield Cities and Infrastructure From Attacks
An anonymous reader shared this report from CNBC:Italian defense company Leonardo on Thursday unveiled plans for an AI-powered shield for cities and critical infrastructure, adding to Europe's push to ramp up sovereign defense capabilities amid rising geopolitical tensions. The system, dubbed the "Michelangelo Dome" in a nod to Israel's Iron Dome and U.S. President Donald Trump's plans for a "Golden Dome," will integrate multiple defense systems to detect and neutralize threats from sea to air including missile attacks and drone swarms... Leonardo's dome will be built on what CEO Roberto Cingolani called an "open architecture" system meaning it can operate alongside any country's defense systems... Leonardo's dome will be built on what CEO Roberto Cingolani called an "open architecture" system meaning it can operate alongside any country's defense systems.
Read more of this story at Slashdot.
- The Battle Over Africa's Great Untapped Resource: IP Addresses
In his mid-20s, Lu Heng "got an idea that has made him a lot richer," writes the Wall Street Journal. He scooped up 10 million unused IP addresses, mostly form Africa, and then leases them to companies, mostly outside Africa, "that need them badly."[A]round half of internet traffic continues to use IPv4, because changing to IPv6 can be expensive and complex and many older devices still need IPv4. Companies including Amazon, Microsoft and Google still want IPv4 addresses because their cloud-hosting businesses need them as bridges between the IPv4 and IPv6 worlds... Africa, which has been slower to develop internet infrastructure than the rest of the world, is the only region that still has some of the older addresses to dole out... He searches for IPv4 addresses that aren't being used — by ISPs or anyone else that holds them — and uses his Hong Kong-based company, Larus, to lease them out to others. In 2013, Lu registered a new company in the Seychelles, an African archipelago in the Indian Ocean, to apply for IP addresses from Africa's internet registry, called the African Network Information Centre, or Afrinic. Between 2013 and 2016, Afrinic granted that company, Cloud Innovation, 6.2 million IPv4 addresses. That's more addresses than are assigned to Nigeria, Africa's most populous nation. A single IPv4 address can be worth about $50 on its transfer to a company like Larus, which leases it onward for around 5% to 10% of that value annually. Larus and its affiliate companies, Lu said, control just over 10 million IPv4 addresses. The architects of the internet don't appear to have contemplated the possibility that anyone would seek to monetize IP addresses... Lu's activities triggered a showdown with Africa's internet registry. In 2020, after what it said was an internal review, Afrinic sent letters to Lu and others seeking to reclaim the IP addresses they held. In Lu's case, Afrinic said he shouldn't be using the addresses outside Africa. Lu responded that he wasn't violating rules in place when he got the addresses... After some back-and-forth, Lu sued Afrinic in Mauritius to keep his allocated addresses, eventually filing dozens of lawsuits... One of the lawsuits that Lu filed in Mauritius prompted a court there to freeze Afrinic's bank accounts in July 2021, effectively paralyzing the organization and eventually sending it into receivership. The receivership choked off distributions of new IPv4 addresses, leaving the continent's service providers struggling to expand capacity... In September, Afrinic elected a new board. Since then, some internet-service providers have been granted IPv4 addresses.
Read more of this story at Slashdot.
- Hundreds of Free Software Supporters Tuned in For 'FSF40' Hackathon
The Free Software Foundation describes how "After months of preparation and excitement, we finally came together on November 21 for a global online hackathon to support free software projects and "put a spotlight on the difficult and often thankless work that free software hackers carry out..." Based on how many of you dropped in over the weekend and were incredibly engaged in the important work that is improving free software, either as a spectator or as a participant, this goal was accomplished. And it's all thanks to you! Friday started a little rocky with a datacenter outage affecting most FSF services. Participants spread out to work on six different free software projects over forty-eight hours as our tech team worked to restore all FSF sites with the help and support of the community. Over three hundred folks were tuned in at a time, some to participate in the hackathon and others to follow the progress being made. As a community, we got a lot done over the weekend... It was amazing to see so many of you take a little (or a lot of!) time out of your busy schedules to improve free software, and we're incredibly grateful for each and every one of you. It really energizes us and shows us how much we can accomplish when we work together over even just a couple days. Not only was this a fantastic sight to see because of the work we got done, but it was also a very fitting way to conclude our fortieth anniversary celebration events. Free software has been and always will be a community effort, one that continues to get better and better because of the dedicated developers, contributors, and users who ensure its existence. Thank you for celebrating forty years of the FSF and fighting for a freer future for us all.
Read more of this story at Slashdot.
- 63% of Americans Polled Say Four-Year College Degrees Aren't Worth the Cost
Almost two-thirds of registered U.S. voters "say that a four-year college degree isn't worth the cost," according to a new NBC News poll:Just 33% agree a four-year college degree is "worth the cost because people have a better chance to get a good job and earn more money over their lifetime," while 63% agree more with the concept that it's "not worth the cost because people often graduate without specific job skills and with a large amount of debt to pay off." In 2017, U.S. adults surveyed were virtually split on the question — 49% said a degree was worth the cost and 47% said it wasn't. When CNBC asked the same question in 2013 as part of its All American Economic Survey, 53% said a degree was worth it and 40% said it was not. The eye-popping shift over the last 12 years comes against the backdrop of several major trends shaping the job market and the education world, from exploding college tuition prices to rapid changes in the modern economy — which seems once again poised for radical transformation alongside advances in AI... Remarkably, less than half of voters with college degrees see those degrees as worth the cost: 46% now, down from 63% in 2013... The upshot is that interest in technical, vocational and two-year degree programs has soared. "The 20-point decline over the last 12 years among those who say a degree is worth it — from 53% in 2013 to 33% now — is reflected across virtually every demographic group."
Read more of this story at Slashdot.
- Uber Launches Driverless Robotaxi Service in Abu Dhabi, and Plans Many More
"A year after launching a commercial robotaxi service in Abu Dhabi, Chinese autonomous vehicle technology company WeRide and partner Uber can finally call that service driverless," reports TechCrunch. A company official hailed it as "a historic transportation milestone, as the first driverless AV deployment outside of the U.S. or China." But TechCrunch notes that's just the beginning:Uber has spent the past two years locking up partnerships with 20 autonomous vehicle technology companies in various countries, including the United States, Europe, and the Middle East. Those partnerships have expanded beyond the realm of robotaxis as well. Uber's deals span the full range of self-driving applications, including delivery and trucking. This year alone, it announced partnerships withAnn Arbor, Michigan-basedMay MobilityandVolkswagen, Chinese self-driving firms Momenta,Pony.ai, and Baidu, as well as a recent deal to create a premium robotaxi service using Lucid Gravity SUVs equipped with a self-driving system from San Francisco-based startup Nuro. These deals are finally beginning to materialize into commercial services. For instance, Uber and Waymo launched a robotaxi service earlier this year in Austin. Now, Uber has expanded to the Middle East with WeRide in Abu Dhabi — with even more cities to come, including Dubai. Uber CEO Dara Khosrowshahi forecast in the company's third-quarter earnings report that there would be autonomous vehicle deployments on the Uber network in at least 10 cities by the end of 2026. Uber and WeRide have previously shared plans to expand to 15 cities throughout the Middle East and Europe, eventually scaling to thousands of robotaxis. That would represent a massive leap for WeRide, which today has more than 150 robotaxis in the region.
Read more of this story at Slashdot.
- How Bad Will RAM and Memory Shortages Get?
Digital Trends reports:A wave of shortages now threatens to ripple across RAM, SSDs, and even hard drives, affecting not only performance-hungry rigs but also everyday systems. — CyberPowerPC has publicly confirmed it will raise prices on all systems starting December 7th due to RAM costs spiking by 500% and SSD prices doubling since October. — Memory suppliers warn of a global DRAM and SSD shortage running into late 2026 or even 2027, driven heavily by AI server demand. — As reported by Bloomberg, Lenovo has already stockpiled memory to ride out the crunch and maintain steadier PC pricing. — Among other OEMs, HP, in its recent earnings call, flagged possible price increases or lower-spec models on the back of rising component costs. But Apple "may also be in a good position to weather the shortage," reports Ars Technica, since "analysts at Morgan Stanley and Bernstein Research believe that Apple has already laid claim to the RAM that it needs and that its healthy profit margins will allow it to absorb the increases better than most." Ars Technica also shows how much RAM and storage prices have jumped — sometimes as much as 2x or even 3x in just three months. "In short, there's no escaping these price increases, which affect SSDs and both DDR4 and DDR5 RAM kits of all capacities (though higher-capacity RAM kits do seem to be hit a little harder)."Memory and storage shortages can be particularly difficult to get through. As with all chips, it can take years to ramp up capacity and/or build new manufacturing facilities... And memory makers in particular may be slow to ramp up manufacturing capacity in response to shortages. If they decide to start manufacturing more chips now, what happens if memory demand drops off a cliff in six months or a year (if, say, an AI bubble deflates or pops altogether)? It means an oversupply of memory chips — consumers benefit from rock-bottom prices for components, but it becomes harder for manufacturers to cover their costs... The upshot is: Not only are memory prices getting bad now, but it's exceptionally difficult to predict when shortage-fueled price hikes might end... Tom's Hardware reports that AMD has told its partners that it expects to raise GPU prices by about 10 percent starting next year and that Nvidia may have canceled a planned RTX 50-series Super launch entirely because of shortages and price increases.
Read more of this story at Slashdot.
- New Hyperloop Projects Continue in Europe
Hyperloop One ceased operations in December 2023, notes CNN. "Yet nearly two years on, in other parts of the world, hyperloop projects are ongoing." For example, Rotterdam-based Hardt Hyperloop has a cool web site — and the company's managing director tells CNN that hyperloops are the only "actionable, sustainable solution to replace short-haul air travel" over distances greater than 300 miles. "It's 90% more efficient than air travel, operational expenses and maintenance costs are much lower than conventional high-speed railways and, as an enclosed, autonomous system, it's not affected by external factors such as bad weather or strikes."Rail-friendly Europe appears to be the new hyperloop hub, with four companies dedicated to it... Europe's Hyperloop Development Program (HDP) is a public-private partnership backed by EU funding and the private sector. HDP's vision is to have the first set of commercially viable hyperloop lines open by 2035-40, followed by a route network by 2050. It estimates that a 15,000-mile network linking 130 of Europe's major cities could shift 66% of short-haul flight passengers to hyperloop by 2050, saving between 113 million and 242 million tons of carbon dioxide emissions. Core network hubs would be scattered across the continent from London to Berlin, Madrid to Belgrade, and Sofia to Athens, while loops would serve the Iberian Peninsula, the Baltic States and Scandinavia, the Balkans and Central and Eastern Europe. The cost? A cool 981 billion euros, or $1.1 trillion, according to HDP estimates... [T]hose behind the EU-backed HDP project are hoping to have a full-scale test track of up to 3 miles operational by the end of 2029, followed by a 20-30 mile twin-tube "Living Lab" which would replicate all aspects of day-to-day operation and public service, slated to be up and running by 2034. Elsewhere, Hyperloop Italia is investing in a demonstration line between Venice and Padua costing up to €800 million ($929 million) which could be ready by 2029, while Germany, Spain, India and China are also investigating trial routes to establish the viability of the technology. And meanwhile China and Japan are also building "maglev" (magnetic levitation) train lines, the article points out — though it also includes this quote from rail expert and author Christian Wolmar. "Hyperloop is unworkable. The infrastructure it needs would be amazingly expensive to build and it can't deliver the capacity to compete with high-speed railways or airlines. "It doesn't integrate with existing transport modes, the infrastructure required to reach city centers would cause intolerable noise and disruption. And there are doubts over energy costs, capacity and passenger safety if something goes wrong at such high speeds.... "[T]he economics of it just don't work."
Read more of this story at Slashdot.
- Viral Song Created with Suno's genAI Removed From Streaming Platforms, Re-Released With Human Vocals
An EDM song by the British group Haven ran into trouble in October after it shared clips of upcoming song "I Run" on TikTok. The song "was an overnight viral sensation online," writes Digital Music News — racking up millions of plays "even before it hit streaming services." (Although the Washington Post notes that "Record labels and TikTok users began questioning whether 'I Run' used an AI deepfake, modeled off British R&B singer Jorja Smith, for the vocals.") Digital Music News picks up the story:The artist says he used his own voice to record the vocals, and then ran it through layers of processing and filtering to turn it into the female-sounding voice heard in the track. However, that filtering also included the use of the controversial genAI platform Suno — and that's what complicates things... [The article says later that Suno "is currently in the middle of a blockbuster lawsuit with the Big Three major labels over allegations of widespread copyright infringement of sound recordings used during the AI model training process."] Meanwhile, the song was rapidly amassing listenership. It soared to #11 on the U.S. Spotify chart and #25 on Spotify globally. Videos using the song continued going viral on TikTok and Instagram, including one in which rapper Offset had apparently played the song during a Boiler Room set, which later turned out to be falsified. And then, as quickly as it appeared, "I Run" was taken down from streaming services, including Spotify and Apple Music. That was due, in part, to numerous takedown notices from The Orchard, the label to which Jorja Smith is signed, as well as the RIAA and IFPI. The takedown notices alleged various issues with the track, including the "misrepresentation" of another artist, as well as copyright infringement. As a result, the song has also been withheld from the Billboard charts, including the Hot 100, on which it had been predicted to debut this week before the controversy. Billboard points out that it "reserves the right to withhold or remove titles from appearing on the charts that are known to be involved in active legal disputes related to copyright infringement that may extend to the deletion of such content on digital service providers." The song itself has now been re-released with an all-human vocal track. But going forward will the music industry ever work with AI platforms? The Washington Post reports:"I Run" has taken off as record labels remain unsure of the extent to which they should welcome generative AI programs such as Suno or Udio into the industry. After the two AI music companies began growing in popularity, the three major labels — Sony Music, Warner Music Group and Universal Music Group — filed lawsuits against Suno and Udio, claiming that the AI companies have used the labels' sound recordings to train their model. Since then, UMG and Warnerhave reached agreementsto work with Udio, ending their litigation... It comes shortly after all three major labels licensed their catalogue to Klay, a music streaming start-up that allows users to adjust songs using artificial intelligence. Major licensing organizations such as ASCAP and BMI shared that they would register songs that were partially AI-generated — but not fully generated ones. Haven appears to present an uncomfortable edge case. While some AI-generated songs that sound broadly like other artists have been allowed to remain on streaming platforms, the voice in "I Run" appears to have been deemed too duplicative for comfort.
Read more of this story at Slashdot.
- OpenAI Partners Amass $100 Billion Debt Pile To Fund Its Ambitions
OpenAI's data centre partners are on course to amass almost $100 billion in borrowing tied to the lossmaking start-up, as the ChatGPT maker benefits from a debt-fuelled spending spree without taking on financial risks itself. Financial Times: SoftBank, Oracle and CoreWeave have borrowed at least $30 billion to invest in the start-up or help build its data centres, according to FT analysis. Investment group Blue Owl Capital and computing infrastructure companies such as Crusoe also rely on deals with OpenAI to service about $28 billion in loans. A group of banks is in talks to lend another $38 billion for Oracle and data centre builder Vantage to fund further sites for OpenAI, according to people familiar with the matter. The deal is expected to be finalised in the coming weeks. OpenAI executives have said they plan to raise substantial debt to help pay for these contracts, but so far the financial burden has fallen to its counterparties and their lenders. "That's been kind of the strategy," said a senior OpenAI executive. "How does [OpenAI] leverage other people's balance sheets?"
Read more of this story at Slashdot.
- Officials Clashed in Investigation of Deadly Air India Crash
The investigation into the June 12 Air India crash that killed 260 people has been marked by tension, suspicion and poor communication between American and Indian officials, including an episode where NTSB chairwoman Jennifer Homendy instructed her black-box specialists not to board a late-night Indian military flight to a remote facility, WSJ reports. When two American recorder experts landed in New Delhi in late June, they received urgent messages from colleagues telling them not to go with the Indians; Homendy had grown concerned about sending U.S. personnel and equipment to an aerospace lab in the remote town of Korwa amid State Department security warnings about terrorism in the region. She made calls to Transportation Secretary Sean Duffy and the CEOs of Boeing and GE Aerospace, and the State Department sent embassy officials to intercept the NTSB specialists at the airport. Homendy eventually delivered an ultimatum: if Indian authorities didn't choose between their Delhi facility and the NTSB's Washington lab within 48 hours, she would withdraw American support from the probe. Indian officials relented. The downloaded data showed someone in the cockpit moved switches that cut off the engines' fuel supply, and India's preliminary report stated one pilot asked the other why he moved the switches while that pilot denied doing so. American government and industry officials now privately believe the captain likely moved the switches deliberately.
Read more of this story at Slashdot.
- The Mysterious Black Fungus From Chernobyl That May Eat Radiation
Black fungus found growing inside Chernobyl's destroyed reactor may be feeding on radiation, and researchers have tested samples of the same species aboard the International Space Station to explore whether it could eventually shield astronauts from cosmic rays. Ukrainian scientist Nelli Zhdanova first discovered the melanin-rich mould colonizing the walls and ceilings of the exploded reactor building during a May 1997 survey. Her research indicated that the fungal hyphae were actually growing toward sources of ionizing radiation rather than merely tolerating it. In 2007, nuclear scientist Ekaterina Dadachova at the Albert Einstein College of Medicine found that melanised fungi grew 10% faster when exposed to radioactive caesium compared to control samples, leading her to propose "radiosynthesis" -- a process where organisms convert radiation into metabolic energy. The same strain, Cladosporium sphaerospermum, traveled to the ISS in December 2018 and grew an average of 1.21 times faster over 26 days compared to Earth-based controls. Nils Averesch, a biochemist at the University of Florida and co-author of that study, remains cautious about attributing the growth boost to radiation harvesting since zero gravity could also be responsible.
Read more of this story at Slashdot.
- Airbus Issues Major A320 Recall, Threatening Global Flight Disruption
Europe's Airbus said on Friday it was ordering immediate repairs to 6,000 of its widely used A320 family of jets in a sweeping recall affecting more than half the global fleet, threatening upheaval during the busiest travel weekend of the year in the United States and disruption worldwide. From a report: The setback appears to be among the largest recalls affecting Airbus in its 55-year history and comes weeks after the A320 overtook the Boeing 737 as the most-delivered model. At the time Airbus issued its bulletin to the plane's more than 350 operators, some 3,000 A320-family jets were in the air. The fix mainly involves reverting to earlier software and is relatively simple, but must be carried out before the planes can fly again, other than repositioning to repair centres, according to the bulletin to airlines seen by Reuters. Airlines from the United States to South America, Europe, India and New Zealand warned the repairs could potentially cause flight delays or cancellations.
Read more of this story at Slashdot.
- Baikonur's only crew-capable pad busted after Soyuz flight
Roscosmos confirms 'damage' as images suggest repairs could stretch into 2027
The pad used by Russia to send Soyuz spacecraft to the International Space Station (ISS) sustained damage during yesterday's crew launch, according to Roscosmos.…
- PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle
Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm
PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials.…
- GrapheneOS bails on OVHcloud over France's privacy stance
Project cites fears of state access as cloud sovereignty row deepens
French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the company's servers over concerns about France's approach to digital privacy.…
- GPUs aren't worth their weight in gold – it just feels like they are
Nvidia's accelerators look pricey, but bullion still wins on cost per ounce
For as long as I have been a reporter and analyst in the IT sector, November has always been supercomputing month. Way before there was a TOP500 ranking of supercomputers in June 1993 but just as I was leaving university, the first Supercomputing Conference was held in Orlando in 1988. And that November SC show set the cadence for high-performance computing for the decades that followed.…
- OBR drags in cyber bigwig after Budget leak blunder
Ex-NCSC chief Ciaran Martin asked to examine how forecast ended up online ahead of schedule
The Office for Budget Responsibility (OBR) has drafted in former National Cyber Security Centre (NCSC) chief Ciaran Martin to sniff out how its Budget day forecast wandered onto the open internet before the Chancellor had even reached the dispatch box.…
- UK digital ID plan gets a price tag at last – £1.8B
OBR says the scheme will cost £600M a year with no identified savings
The UK government has finally put a £1.8 billion price tag on its digital ID plans – days after the minister responsible refused to name a figure.…
- UK Digital Services Tax raises £800M from global tech giants
Treasury haul beats early forecasts, yet captures only a fraction of the revenue generated in Britain
The UK government collected just £800 million in Digital Services Tax (DST) from companies such as Amazon, Google, Meta, eBay, and TikTok in the most recent tax year.…
- Canadian data order risks blowing a hole in EU sovereignty
OVH stuck between a rock and a hard place as investigators demand access
A Canadian court has ordered French cloud provider OVHcloud to hand over customer data stored in Europe, potentially undermining the provider's claims about digital sovereignty protections.…
- Tiny tweak for Pi OS, big makeover for the Imager
Debian 13.2 freshness, better HiDPI support, and 101 other things to run on your Pi
Raspberry Pi Ltd has shipped two updates for its single-board computers: a very small refresh to Pi OS 6, and a more substantial upgrade to the tool that writes your Pi's operating system to an SD card.…
- HPC won't be an x86 monoculture forever – and it's starting to show
Arm and RISC-V would like a word
Feature Remember when high-performance computing always seemed to be about x86? Exactly a decade ago, almost nine in ten supercomputers in the TOP500 (a list of the beefiest machines maintained twice yearly by academics) were Intel-based. Today, it's down to 57 percent.…
- Norway's most powerful supercomputer will use waste heat to raise salmon
HPE-built system mixes Nvidia's Grace-Hopper superchips with AMD Turin CPUs to maximize HPC potential
This week the Norwegian scientific community celebrated the completion of the Olivia supercomputer, which combines AMD CPUs with Nvidia Superchips to deliver a 16-fold boost to the nation's computing capacity – and eventually put fresh fish on the table.…
- Botnet takes advantage of AWS outage to smack 28 countries
Even worse, it might have been a 'test run' for future attacks
A Mirai-based botnet named ShadowV2 emerged during last October's widespread AWS outage, infecting IoT devices across industries and continents, likely serving as a "test run" for future attacks, according to Fortinet's FortiGuard Labs.…
- Mobile industry warns patchwork cyber regs are driving up costs
GSMA says fragmented, poorly designed laws add burdens without making networks any safer
Mobile operators' core cybersecurity spending is projected to more than double by 2030 as threats evolve, while poorly designed and fragmented policy frameworks add extra compliance costs, according to industry group the GSMA.…
- Doom hits KiCad as PCB traces become demons and doors
Engineer bends layout tool into vector renderer, then pushes frames through a MacBook's headphone jack
There's a certain delight to be had in doing something just to see if you can. Case in point: rendering Doom using PCB design software, or wading through the shores of Hell via the medium of an oscilloscope.…
- Workday confronts existential threat as customers freeze hiring
HR software vendor pushes cross-selling as modest workforce growth exposes vulnerability of per-seat pricing
Workday is confronting a troubling reality. Customers aren't hiring much and some are actively cutting staff. The solution? Cross-selling to squeeze more revenue per user out of its installed base.…
- HSBC spies $207B crater in OpenAI's expansion goals
Gap threatens Oracle, Microsoft, and Amazon despite optimistic forecasts of 3 billion ChatGPT users by 2030
OpenAI needs to secure $207 billion in new financing by 2030 to fulfill its expansion plans, according to HSBC Global Investment Research – a challenge that could ripple across Big Tech.…
- The exascale offensive: America's race to rule AI HPC
From nuclear weapons testing to climate modeling, nine new machines will give the US unprecedented computing firepower
Feature A silent arms race is accelerating in the world's most advanced laboratories. While headlines focus on chatbots and consumer AI, the United States is orchestrating something far more consequential: a massive expansion of supercomputing power that may reshape the future of science, security, and technological supremacy.…
- Seven years later, Airbus is still trying to kick its Microsoft habit
Google Workspace switch drags on amid Excel dependencies, compliance requirements, and compatibility issues
Exclusive Breaking free from Microsoft is harder than it looks. Airbus began migrating its 100,000-plus workforce from Office to Google Workspace more than seven years ago and it still hasn't completed the switch.…
- India has satisfied its supercomputing needs, but not its ambitions
Creating 37 supers in a decade is impressive. The homegrown tech in them, less so
Feature In the decade since India launched its National Supercomputing Mission (NSM), the nation has commissioned 37 machines with a combined power of 39 petaFLOPS, with another 35-petaFLOPS hybrid due to come online later this year. But while plenty of those machines use locally developed technology, India is yet to deliver on its ambition to become a leader or major semiconductor player.…
- Alibaba Cloud can’t deploy servers fast enough to satisfy demand for AI
Chinese giant adds to ‘No AI bubble’ babble by citing oversubscribed infrastructure and surging demand
China’s Alibaba Cloud can’t deploy servers fast enough to keep up with demand for AI, so is rationing access to GPUs so that customers who use all of its services enjoy priority access.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Genode OS Framework 25.11 released
The release 25.11 wraps up our year of rigidity, clarity, performance! with a bouquet of vast under-the-hood improvements. Genode�s custom kernel received special tuning of its new CPU scheduler for Sculpt-OS workloads, and became much more scalable with respect to virtual-memory management. Combined, those efforts visibly boost the performance of Sculpt OS on performance-starved hardware like the PinePhone or the i.MX8-based MNT Reform laptop. On account of improving clarity, our new configuration format � now named human-inclined data (HID) � proliferates throughout Genode�s tooling. We are also happy to report that almost all Genode components have become interoperable with both XML and HID by now. ↫ Genode OS Framework 25.11 release notes The Genode Framework 25.11 also brings a major change to how important shared components that aren�t strictly part of the framework are handled, such as ports like libSDL, sqlite, or gnutls. Before, these could only be built with the Genode build system, which was suboptimal because this isn�t designed for building individual components. Several changes have been made to now enable the use of multiple build systems and the Goa SDK, which should make it a lot easier to these crucial components to become the responsibility of wider parts of the community. There�s way more, of course, such as the usual driver improvements, including the addition of support for serial-to-USB adapters.
- Dell: about 1 billion PCs will not or cannot be upgraded to Windows 11
During a Dell earnings call, the company mentioned some staggering numbers regarding the amount of PCs that will not or cannot be upgraded to Windows 11. “We have about 500 million of them capable of running Windows 11 that haven’t been upgraded,” said Dell COO Jeffrey Clarke on a Q3 earnings call earlier this week, referring to the overall PC market, not just Dell’s slice of machines. “And we have another 500 million that are four years old that can’t run Windows 11.” He sees this as an opportunity to guide customers towards the latest Windows 11 machines and AI PCs, but warns that the PC market is going to be relatively flat next year. ↫ Tom Warren at The Verge The monumental scale of the Windows 10 install base that simply won�t or cannot upgrade to Windows 11 is massive, and it�s absolutely bonkers to me that we�re mostly just letting them get away with leaving at least a billion users out in the cold when it comes to security updates and bug fixes. The US government (in better times) and the EU should�ve 100% forced Microsoft�s hand, as leaving this many people on outdated, unsupported operating system installations is several disasters waiting to happen. Aside from the dangerous position Microsoft is forcing its Windows 10 users into, there�s also the massive environmental and public health impact of huge swaths of machines, especially in enterprise environments, becoming obsolete overnight. Many of these will end up in landfills, often shipped to third-world countries so we in the west don�t have to deal with our e-waste and its dangerous consequences directly. I can get fined for littering � rightfully so � but when a company like Microsoft makes sweeping decisions which cause untold amounts of dangerous chemicals to be dumped in countless locations all over the globe, governments shrug it off and move on. At least we will get some cheap eBay hardware out of it, I guess.
- CDE 2.5.3 released
So my love for the Common Desktop Environment isn�t exactly a secret, so let�s talk about the project�s latest release, CDE 2.5.3, released a few days ago. As the version number suggests, this first new version in two years is a rather minor release, containing only a few bug fixes. For instance, CDE�s window manager dtwm picked up support for more mouse buttons, its file manager dtfile now uses sh to find files instead of ksh, and a few more of these rather minor, but welcome, changes and bugfixes. Ever since CDE was released as open source over thirteen years ago, and while considerable work has been done to make it build, install, and run on modern platforms, that�s kind of where the steam ran out. CDE isn�t being actively developed to build upon its strengths and add new and welcome features and conveniences, but is instead kept in a sort of buildable stasis. There is absolutely nothing wrong with this � it keeps CDE accessible on modern platforms, and that�s a huge amount of work that deserves respect and gratitude � but it�d be nice if we lived in a world where there was enough interest (and time and money) to have people work on actually improving it. Of course, the reality is that there�d be very little interest in such an improved CDE, and that�s exactly why it isn�t happening. On top op the current work the CDE team is doing, you�d need to not only develop new features, but also improve the Motif toolkit to make such new features possible, and make sure such improvements don�t break anything else. With such an old codebase, that can�t possible be an easy task. Still, I will continue to daydream of a slightly more modernised CDE with some additional niceties we�ve come to expect over the past 30 years, even if I know full well it�s futile.
- Moss: a Linux-compatible kernel written in Rust
Moss is a Unix-like, Linux-compatible kernel written in Rust and Aarch64 assembly. It features a modern, asynchronous core, a modular architecture abstraction layer, and binary compatibility with Linux userspace applications (currently capable of running most BusyBox commands). ↫ Moss� GitHub page I mean, hobby operating systems and kernels written in Rust aren�t exactly the most unique right now, but that doesn�t make them any less interesting for the kinds of people that frequent a site called OSNews. Moss has quite a few things going for it, including support for enough Linux system calls to run most BusyBox commands, complex memory and process management, use of Rust�s async/await model in the kernel, and much more.
- I work for an evil company, but outside work, I’m actually a really good person
I love my job. I make a great salary, there’s a clear path to promotion, and a never-ending supply of cold brew in the office. And even though my job requires me to commit sociopathic acts of evil that directly contribute to making the world a measurably worse place from Monday through Friday, five days a week, from morning to night, outside work, I’m actually a really good person. ↫ Emily Bressler at McSweeney�s The tech industry is full of people like this.
- KDE to drop X11 session in KDE Plasma 6.8
The KDE project has made the call. Well folks, it’s the beginning of a new era: after nearly three decades of KDE desktop environments running on X11, the future KDE Plasma 6.8 release will be Wayland-exclusive! Support for X11 applications will be fully entrusted to Xwayland, and the Plasma X11 session will no longer be included. ↫ The Plasma Team They�re following in the footsteps of the GNOME project, who will also be leaving the legacy windowing system behind. What this means in practice is that official KDE X11 support will cease once KDE Plasma 6.7 is no longer supported, which should be somewhere early 2027. Do note that the KDE developers intend to release a few extra bugfix releases in the 6.7 release cycle to stabilise the X11 session as much as possible for those people who are going to stick with KDE Plasma 6.7 to keep X11 around. For people who wish to keep using X11 after that point, the KDE project advises them to switch to LTS distributions like Alma Linux, which intend to keep supporting Plasma X11 until 2032. Xwayland will handle virtually all X11 applications running inside the Wayland session, including X11 forwarding, with similar functionality implemented in Wayland through Waypipe. Also note that this only applies to Plasma as a whole; KDE applications will continue to support X11 when run in other desktop environments or on other platforms. As for platforms other than Linux � FreeBSD already has relatively robust Wayland support, so if you intend to run KDE on FreeBSD in the near future, you�ll have to move over to Wayland there, as well. The other BSD variants are also dabbling with Wayland support, so it won�t be long before they, too, will be able to run the KDE Plasma Wayland session without any issues. What this means is that the two desktop environments that probably make up like 95% of the desktop Linux user base will now be focusing exclusively on Wayland, which is great news. X11 is a legacy platform and aside from retrocomputing and artisanal, boutique setups, you simply shouldn�t be using it anymore. Less popular desktop environments like Xfce, Cinnamon, Budgie, and LXQt are also adding Wayland support, so it won�t be much longer before virtually no new desktop Linux installations will be using X11. One X down, one more to go.
- Microsoft will start preloading Explorer because it�s so slow
With all the problems Windows is facing, I think one area where Microsoft can make some easy, quick gains is by drastically improving Explorer, Windows� file manager. It seems that in the latest developer releases, they�re doing just that. The most impactful change � possibly � is that Microsoft is going to preload Explorer. We’re exploring preloading File Explorer in the background to help improve File Explorer launch performance. This shouldn’t be visible to you, outside of File Explorer hopefully launching faster when you need to use it. If you have the change, if needed there is an option you can uncheck to disable this called “Enable window preloading for faster launch times” in File Explorer’s Folder Options, under View. ↫ Windows Insider Program Team Microsoft is also reordering the context menu in Explorer, and while this may seem like a small set of changes, the new context menu does look much tidier and less busy. They achieve this by moving a few top-level items to a submenu, and reordering some other elements. Sadly, the context menu still retains its own context menu ( Show more options!), which is a traditional Win32 menu � which I still think is one of the most Windows of Windows things of all time. Regardless, I hope these small changes make Explorer more bearable to use for those of you still using Windows, because we all know you need it.
- Google�s Android for desktops and laptops is called Aluminium
Google has made it very clear that it�s intending to bring Android to laptops and desktops, and replace Chrome OS with Android in the process. We now have a codename, and some more information about what this will look like in practice. Over the weekend, a tipster on Telegram named Frost Core shared a link to an intriguing Google job listing for a ‘Senior Product Manager, Android, Laptop and Tablets.’ While we already know Google is bringing Android to the PC, the listing explicitly states that the role involves ‘working on a new Aluminium, Android-based, operating system.’ This effectively confirms that Aluminium is the codename for the new unified platform. The name appears to be a nod to the project’s roots: like Chromium (the open-source version of ChromeOS), Aluminium is a metal ending in ‘-ium.’ The choice of the British spelling — emphasizing the ‘Al’ prefix — likely pays homage to Android serving as the project’s foundation.” ↫ Mishaal Rahman at Android Authority So we have the codename, and of course, what we also have is a strong focus on AI!, which will be at the core! of desktop Android. Further details uncovered in job openings include a focus not just on entry-level hardware, but also midrange and premium laptops and desktops, as well as Chrome OS being replaced by this new desktop Android variant. I somehow doubt existing Chrome OS devices will be updated to this new desktop Android variant, so Chrome OS will continue to exist as a product for at least quite a few years to come. I still have a considerable amount of doubt that Google would be able to pull this off in a successful way. It�s already hard enough to get anyone to buy any laptop that isn�t running Windows or macOS, and I doubt the Android operating system has the kind of pull with consumers to make them consider switching to it on their laptops or desktops. Enthusiasts will surely eat it up � if only to try � but without any clear, massive success, this desktop Android thing runs the real risk of ending up at Google�s graveyard. These Android laptops can be incredible products, but even if they are, I just won�t trust Google to remain interested in it.
- Microsoft admits almost all major Windows 11 core features are broken
You may have noticed a sharp increase in problems and issues in Windows recently � following the rise of the AI! hype cycle, entirely coincidentally, I�m sure � and it seems Microsoft is finally starting to acknowledge just how bad Windows has become. On the positive side though, following all that backlash, Microsoft acknowledged Windows has issues, and as if on cue, the company in a new support article has admitted that there are problems on almost every major Windows 11 core feature. The issues are related to XAML and this impacts all the Shell components like the Start Menu, Taskbar, Explorer, and Windows Settings. ↫ Sayan Sen at Neowin It�s wild how many core components like this have apparently been broken due to these problems since July of this year. This means countless Windows users have been experiencing weird issues on a daily basis in multiple components for four months now, which is absolutely wild. On top of all the more structural problems in Windows, I wonder how people can get anything done at all � only a few days ago, I had to manually clean out the Installer folder in the Windows folder on my wife�s gaming PC, because for some inexplicable reason, Windows decided to permanently store 18GB�s worth (!) of past Adobe Acrobat updates and installers in there. It�s impossible to reliably say that Microsoft�s incessant focus on crypto NFTs AI! lies at the root of all of these problems, but if 30% of new! code in Microsoft is indeed regurgitated by AI!, it�s hard not to conclude as such.
- The privacy nightmare of browser fingerprinting
I suspect that many people who take an interest in Internet privacy don’t appreciate how hard it is to resist browser fingerprinting. Taking steps to reduce it leads to inconvenience and, with the present state of technology, even the most intrusive approaches are only partially effective. The data collected by fingerprinting is invisible to the user, and stored somewhere beyond the user’s reach. On the other hand, browser fingerprinting produces only statistical results, and usually can’t be used to track or identify a user with certainty. The data it collects has a relatively short lifespan – days to weeks, not months or years. While it probably can be used for sinister purposes, my main concern is that it supports the intrusive, out-of-control online advertising industry, which has made a wasteland of the Internet. ↫ Kevin Boone My view on this matter is probably a bit more extreme than some: I believe it should be illegal to track users for advertising purposes, because the data collected and the targeting it enables not only violate basic privacy rights enshrined in most constitutions, they also pose a massive danger in other ways. This very same targeting data is already being abused by totalitarian states to influence our politics, which has had disastrous results. Of course, our own democratic governments� hands aren�t exactly clean either in this regard, as they increasingly want to use this data to stop terrorists! and otherwise infringe on basic rights. Finally, any time such data ends up on the black market after data breaches, criminals, organised or otherwise, also get their hands on it. I have no idea what such a ban should look like, or if it�s possible to do this even remotely effectively. In the current political climate in many western countries, which are dominated by the wealthy few and corporate interests, it�s highly unlikely that even if such a ban was passed as lip service to concerned constituents, any fines or other deterrents would probably be far too low to make a difference anyway. As such, my desire to have targeted online advertising banned is mostly theory, not practice � further illustrated by the European Union caving like cowards on privacy to even the slightest bit of pressure. Best I can do for now is not partake in this advertising hellhole. I disabled and removed all advertising from OSNews recently, and have always strongly advised everyone to use as many adblocking options as possible. We not only have a Pi-Hole to keep all of our devices at home safe, but also use a second layer of on-device adblockers, and I advise everyone to do the same.
- Americans are holding onto devices longer than ever and it’s costing the economy!
We need to consume. The average American now holds onto their smartphone for 29 months, according to a`recent survey by Reviews.org, and that cycle is getting longer. The average was around 22 months in 2016. While squeezing as much life out of your device as possible may save money in the short run, especially amid widespread fears about the strength of the consumer and job market, it might cost the economy in the long run, especially when device hoarding occurs at the level of corporations. ↫ Kevin Williams at CNBC Line must go up. Ļ̷̩̺̾i̶̼̳͍͂̒ͅn̵͕̉̾e̴̞͛̓̀̍ ̴͙̙̥͋͐m̸͚̉̆u̴̖̰̪̽̔ͅs̶̨̛̾ţ̷̢̂͛̆͝ ̵̱̐̓̾̔͜ğ̷͕̮̮͆o̷̟͈̐̏̄͝ ̷̢̨̞̉u̴̢̪̭̱̿͑͛̌p̴͈̜̫̖̌.
- Tuxedo cancels Snapdragon X Elite Linux laptop project
For the past 18 months, the Linux OEM Tuxedo Computers has been working on bringing a Snapdragon X Elite ARM laptop to market, but now they cancelled the project due to complications. Development turned out to be challenging due to the different architecture, and in the end, the first-generation X1E proved to be less suitable for Linux than expected. In particular, the long battery runtimes—usually one of the strong arguments for ARM devices—were not achieved under Linux. A viable approach for BIOS updates under Linux is also missing at this stage, as is fan control. Virtualization with KVM is not foreseeable on our model, nor are the high USB4 transfer rates. Video hardware decoding is technically possible, but most applications lack the necessary support. Given these conditions, investing several more months of development time does not seem sensible, as it is not foreseeable that all the features you can rightfully expect would be available in the end. In addition, we would be offering you a device with what would then be a more than two-year-old Snapdragon X Elite (X1E), whose successor, the Snapdragon X2 Elite (X2E), was officially introduced in September 2025 and is expected to become available in the first half of 2026. ↫ Tuxedo�s announcement Back when Qualcomm was hyping up these processors, the company made big claims about supporting Linux equally to Windows, but those promises have turned out to be absolutely worthless. Tuxedo already highlighted the problems it was dealing with half a year ago, and now it seems these problems have become impossible to overcome � at least for now. This is a shame, bu also not entirely unexpected, since there�s no way a small Linux OEM can do the work that Qualcomm promised it would do for its own chip. All this sadly means we still don�t really have proper Linux support for modern ARM laptops, which is a crying shame. The problem isn�t so much Linux itself, but the non-standardised world of ARM hardware. Large OEMs are willing to do the work to make Windows work, but despite recent successes, desktop Linux is nowhere near as popular as Windows, so there�s little incentive for OEMs (or Qualcomm) to step up their game. It is what it is.
- The Commodore CHESSmate
The CHESSmate was demonstrated at the January 1978 Consumer Electronics Show in Las Vegas as a prototype in order to assess customer interest in the product. It was available for order at the June 1978 CES in Chicago and the first units, manufactured in Hong Kong, shipped later that year. It was a big seller in Germany from the beginning. ↫ Peter R. Jennings There�s no way I can summarise this story.
- Microsoft removes WINS from future Windows Server releases
Blasts from the pasts are often fun, and in the case of feature removals from Windows, it�s often accompanied by surprise that the feature in question still existed. Case in point: This article provides essential information about the deprecation and planned removal of Windows Internet Name Service (WINS) from future Windows Server releases. Microsoft has announced that WINS will be removed from all Windows Server releases after Windows Server 2025 and will remain under the standard support lifecycle through November 2034. Organizations using WINS are strongly encouraged to migrate to modern DNS-based name resolution solutions. ↫ Microsoft knowledge base article WINS was introduced with Windows NT 3.5 back in 1994, and maps NetBIOS to IP addresses in much the same way DNS maps domains names to IP addresses. Nobody should be using WINS anymore, and Microsoft has been discouraging its use for a long time now. With the ubiquity of DNS, WINS serves very little purpose, so it makes sense Microsoft is removing it from Windows.
- LionsOS: an adaptable OS based on the seL4 microkernel
LionsOS is an operating system based on the seL4 microkernel with the goal of making the achievements of seL4 accessible. That is, to provide performance, security, and reliability. It is not a conventional operating system, but contains composable components for creating custom operating systems that are specific to a particular task. Components are joined together using the Microkit tool. ↫ LionsOS website The project is under active research and development, led by the Trustworthy Systems research group at UNSW Sydney in Australia. The source code is available on GitHub.
- HP, Dell quietly disable HEVC on certain laptops over minute license fee increase
Inter-corporation bullshit screwing over consumers � a tale as old as time. Major laptop vendors have quietly removed hardware decode support for the H.265/HEVC codec in several business and entry-level models, a decision apparently driven by rising licensing fees. Users working with H.265 content may face reduced performance unless they verify codec support or rely on software workarounds. ↫ Hilbert Hagedoornn at The Guru of 3D You may want to know how much these licensing fees are, and by how much they�re increasing next year, making these laptop OEMs remove features to avoid the costs. The HEVC licensing fee is $0.20 per device, and in 2026 it�s increasing to $0.24. Yes, a $0.04 increase per device is forcing! these giant companies to screw over their consumers. Nobody�s coming out a winner here, and everyone loses. We took a wrong turn, but nobody seems to know when and where.
- Wine 10.19 Released: Game Changing Support for Windows Reparse Points on Linux
by George Whittaker Introduction
If you use Linux and occasionally run Windows applications, whether via native Wine or through gaming layers like Proton, you’ll appreciate what just dropped in Wine 10.19. Released November 14 2025, this version brings a major enhancement: official support for Windows reparse points, a filesystem feature many Windows apps rely on, and a host of other compatibility upgrades.
In simpler terms: Wine now understands more of the Windows filesystem semantics, which means fewer workarounds, better application compatibility, and smoother experiences for many games and tools previously finicky under Linux.
What Are Reparse Points & Why They MatterUnderstanding Reparse Points
On Windows, a reparse point is a filesystem object (file or directory) that carries additional data, often used for symbolic links, junctions, mount points, or other redirection features. When an application opens or queries a file, the OS may check the reparse tag to determine special behavior (for example “redirect this file open to this other path”).
Because many Windows apps, installers, games, DRM systems, file-managers, use reparse points for features like directory redirection, path abstractions, or filesystem overlays, lacking full support for them in Wine means those apps often misbehave.
What Wine 10.19 Adds
With Wine 10.19, support for these reparse point mechanisms has been implemented in key filesystem APIs: for example NtQueryDirectoryFile, GetFileInfo, file attribute tags, and DeleteFile/RemoveDirectory for reparse objects.
This means that in Wine 10.19:
Windows apps that create or manage symbolic links, directory junctions or mount-point style re-parsing will now function correctly in many more cases.
Installers or frameworks that rely on “when opening path X, redirect to path Y” will work with less tinkering.
Games or utilities that check for reparse tags or use directory redirections will have fewer “stuck” behaviors or missing files.
In effect, this is a step toward closer to native behavior for Windows file-system semantics under Linux.
Other Key Highlights in Wine 10.19
Beyond reparse points, the release brings several notable improvements:
Expanded support for WinRT exceptions (Windows Runtime error handling) meaning better compatibility for Universal Windows Platform (UWP) apps and newer Windows-based frameworks.
Refactoring of “Common Controls” (COMCTL32) following the version 5 vs version 6 split, which helps GUI applications that rely on older controls or expect mixed versions.
Go to Full Article
- Firefox 145: A Major Release with 32-Bit Linux Support Dropped
by George Whittaker Introduction
Mozilla has rolled out Firefox 145, a significant update that brings a range of usability, security and privacy enhancements, while marking a clear turning point by discontinuing official support for 32-bit Linux systems. For users on older hardware or legacy distros, this change means it’s time to consider moving to a 64-bit environment or opting for a supported version.
Here’s a detailed look at what’s new, what’s changed, and what you need to know.
Major Changes in Firefox 145End of 32-Bit Linux Builds
One of the headline items in this release is Mozilla’s decision to stop building and distributing Firefox for 32-bit x86 Linux. As per their announcement:
“32-bit Linux (on x86) is no longer widely supported by the vast majority of Linux distributions, and maintaining Firefox on this platform has become increasingly difficult and unreliable.”
From Firefox 145 onward, only 64-bit (x86_64) and relevant 64-bit architectures (such as ARM64) will be officially supported. For those still running 32-bit Linux builds, Mozilla recommends migrating to 64-bit or switching to the Extended Support Release (ESR) branch (Firefox 140 ESR) which still supports 32-bit for a limited period.
Usability & Interface Enhancements
Firefox 145 brings several improvements designed to make everyday web browsing smoother and more flexible:
PDF viewer enhancements: You can now add, edit, and delete comments in PDFs, and a comments sidebar helps you easily navigate your annotations.
Tab-group preview: When you hover over the name of a collapsed tab group, a thumbnail preview of the tabs inside appears, helpful for reorganizing or returning to work.
Access saved passwords from the sidebar, without needing to open a new tab or window.
“Open links from apps next to your active tab” setting: When enabled, links opened from external applications insert next to your current tab instead of at the end of the tab bar.
Slight UI refinements: Buttons, input fields, tabs and other elements get more rounded edges, horizontal tabs are redesigned to align with vertical-tab aesthetics.
Privacy, Security & Under-the-Hood Upgrades
Mozilla has also doubled down on privacy and risk reduction:
Fingerprinting defenses: Firefox 145 introduces new anti-fingerprinting techniques that Mozilla estimates reduce the number of users identified as unique by nearly half when Private Browsing mode or Enhanced Tracking Protection (strict) is used.
Go to Full Article
- MX Linux 25 ‘Infinity’ Arrives: Debian 13 ‘Trixie’ Base, Modern Tools & A Fresh Installer
by George Whittaker Introduction
The team behind MX Linux has just released version 25, carrying the codename “Infinity”, and it brings a significant upgrade by building upon the stable base of Debian 13 “Trixie”. Released on November 9, 2025, this edition doesn’t just refresh the desktop, it introduces modernized tooling, updated kernels, dual init-options, and installer enhancements aimed at both newcomers and long-time users.
In the sections that follow, we’ll walk through the key new features of MX Linux 25, what’s changed for each desktop edition, recommended upgrade or fresh-install paths, and why this release matters in the wider Linux-distribution ecosystem.
What’s New in MX Linux 25 “Infinity”
Here are the headline changes and improvements that define this release:
Debian 13 “Trixie” Base
By moving to Debian 13, Infinity inherits all the stability, security updates, and broader hardware support of the latest Debian stable release. The base system now aligns with Trixie’s libraries, kernels, and architecture support.
Kernel Choices & Hardware Support
The standard editions ship with the Linux 6.12 LTS kernel series, offering a solid baseline for most hardware.
For newer hardware or advanced users, the “AHS” (Advanced Hardware Support) variants and the KDE Plasma edition adopt a Liquorix-flavored Linux 6.16 (or 6.15 in some variants) kernel, maximizing performance and compatibility with cutting-edge setups.
Dual Init Option: systemd and SysVinit
Traditionally associated with lighter-weight init options, MX Linux now offers both systemd by default and SysVinit editions (particularly for Xfce and Fluxbox variants). This gives users the freedom to choose their init system preference without losing new features.
Updated Desktop Environments
Xfce edition: Ships with Xfce 4.20. Improvements include a revamped Whisker Menu, updated archive management tools (Engrampa replacing File Roller in some editions).
KDE Plasma edition: Uses KDE Plasma 6.3.6, defaults to Wayland for a modern session experience (with X11 still optionally available), adds root-actions and service menus to Dolphin, and switches TLP out for power-profiles-daemon to resolve power widget issues.
Fluxbox edition: Offers a more minimal, highly customizable environment: new panel layouts, updated “appfinder” configs for Rofi, toolbar changes and themes refined. Defaults the audio player to Audacious (instead of the older DeaDBeeF).
Go to Full Article
- Arch Linux November 2025 ISO: Fresh Snapshot, Smarter Installer (Archinstall 3.0.12) & Pacman 7.1
by George Whittaker
Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:
Archinstall 3.0.12 – a more polished, smarter TUI installer
Pacman 7.1 – a package manager update with stricter security and better tooling
If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.
Why Arch Still Ships Monthly ISOs in a Rolling World
Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:
sudo pacman -Syu
…but in practice, that’s painful:
Huge initial update downloads
Possible breakage jumping across many months of changes
Outdated installer tooling
That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:
Start with a current kernel and userland
Spend less time updating right after install
Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)
The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.
What’s Inside the November 2025 ISO (2025.11.01)
The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:
Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.
Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.
The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.
You can download it from the official Arch Linux download page or via BitTorrent mirrors.
One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.
Archinstall 3.0.12: What’s Actually New?
Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.
Go to Full Article
- AMD Confirms Zen 5 RNG Flaw: When ‘Random’ Isn’t Random Enough
by George Whittaker
AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.
Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.
What AMD Just Confirmed
AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:
Return the value 0 from RDSEED far more often than true randomness would allow
Still signal “success” (carry flag CF=1), so software thinks it got a good random value
The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.
Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.
AMD classifies the impact as:
Loss of confidentiality and integrity (High severity).
How the Vulnerability Works (In Plain English)What RDSEED Is Supposed to Do
Modern CPUs expose hardware instructions like RDRAND and RDSEED:
RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.
RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).
Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.
What’s Going Wrong on Zen 5
On affected Zen 5 CPUs:
The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.
Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.
In cryptographic terms, this means:
Entropy can be dramatically reduced (many key bits become predictable or even fixed).
Keys or nonces derived from those values can become partially or fully guessable.
Go to Full Article
- The Most Critical Linux Kernel Breaches of 2025 So Far
by George Whittaker
The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.
CVE-2025-21756 – Use-After-Free in the vsock Subsystem
One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.
How the exploit works:A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.
Why it matters:Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.
Mitigation:Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.
CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets
Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.
Attack scenario:A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.
Why it matters:This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.
Mitigation:Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.
CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers
In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Go to Full Article
- Steam Deck 2 Rumors Ignite a New Era for Linux Gaming
by George Whittaker
The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.
What the Rumours Suggest
Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:
Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.
A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.
One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.
Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.
In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.
Why This Matters for Linux Gaming
The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:
Validation of SteamOS & Linux Gaming
The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.
Handheld PC Ecosystem Momentum
Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.
Go to Full Article
- Kali Linux 2025.3 Lands: Enhanced Wireless Capabilities, Ten New Tools & Infrastructure Refresh
by George Whittaker Introduction
The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.
In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.
What’s New in Kali Linux 2025.3
This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.
Tooling Additions: Ten Fresh Packages
One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:
Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).
Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.
Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.
krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.
ligolo-mp – a multiplayer pivoting solution for network-lateral movement.
llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).
mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.
patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).
vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.
Go to Full Article
- VMScape: Cracking VM-Host Isolation in the Speculative Execution Age & How Linux Patches Respond
by George Whittaker Introduction
In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.
Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.
In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).
What VMScape Is & Why It MattersThe Basics of Speculative Side-Channels
Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.
One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.
VMScape: Guest to Host via Branch Predictor
VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”
Here are the key elements making VMScape significant:
The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).
Go to Full Article
- Self-Tuning Linux Kernels: How LLM-Driven Agents Are Reinventing Scheduler Policies
by George Whittaker Introduction
Modern computing systems rely heavily on operating-system schedulers to allocate CPU time fairly and efficiently. Yet many of these schedulers operate blindly with respect to the meaning of workloads: they cannot distinguish, for example, whether a task is latency-sensitive or batch-oriented. This mismatch, between application semantics and scheduler heuristics, is often referred to as the semantic gap.
A recent research framework called SchedCP aims to close that gap. By using autonomous LLM‐based agents, the system analyzes workload characteristics, selects or synthesizes custom scheduling policies, and safely deploys them into the kernel, without human intervention. This represents a meaningful step toward self-optimizing, application-aware kernels.
In this article we will explore what SchedCP is, how it works under the hood, the evidence of its effectiveness, real-world implications, and what caveats remain.
Why the Problem Matters
At the heart of the issue is that general-purpose schedulers (for example the Linux kernel’s default policy) assume broad fairness, rather than tailoring scheduling to what your application cares about. For instance:
A video-streaming service may care most about minimal tail latency.
A CI/CD build system may care most about throughput and job completion time.
A cloud analytics job may prefer maximum utilisation of cores with less concern for interactive responsiveness.
Traditional schedulers treat all tasks mostly the same, tuning knobs generically. As a result, systems often sacrifice optimisation opportunities. Some prior efforts have used reinforcement-learning techniques to tune scheduler parameters, but these approaches have limitations: slow convergence, limited generalisation, and weak reasoning about why a workload behaves as it does.
SchedCP starts from the observation that large language models can reason semantically about workloads (expressed in plain language or structured summaries), propose new scheduling strategies, and generate code via eBPF that is loaded into the kernel via the sched_ext interface. Thus, a custom scheduler (or modified policy) can be developed specifically for a given workload scenario, and in a self-service, automated way.
Architecture & Key Components
SchedCP comprises two primary subsystems: a control-plane framework and an agent loop that interacts with it. The framework decouples “what to optimise” (reasoning) from “how to act” (execution) in order to preserve kernel stability while enabling powerful optimisations.
Here are the major components:
Go to Full Article
|
