|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- Home Assistant 2025.12 released
Version2025.12 of the Home Assistant home-automation system has been released.
This month, we're unveiling Home Assistant Labs, a brand-new space where you can preview features before they go mainstream. And what better way to kick it off than with Winter mode? ❄️ Enable it and watch snowflakes drift across your dashboard. It's completely unnecessary, utterly delightful, and exactly the kind of thing we love to build. ❄️
But that's just the beginning. We've been working on making automations more intuitive over the past releases, and this release finally delivers purpose-specific triggers and conditions. Instead of thinking in (numeric) states, you can now simply say "When a light turns on" or "If the climate is heating". It's automation building the way our mind works, as it should be.
- Django 6.0 released
The Django Python webframework project has announcedthe release of Django 6.0 including many new features, as can be seen inthe releasenotes. Some highlights include template partials for modularizingtemplates, a flexible task framework for running background tasks, amodernized email API, and a ContentSecurity Policy (CSP) feature that provides the ability to "easily configure and enforce browser-level security policies to protect against content injection".
- [$] Just: a command runner
Over time, many Linux users wind up with a collection of aliases,shell scripts, and makefiles to run simple commands (or a series ofcommands) that are often used, but challenging to remember andannoying to type out at length. The just command runner is aRust-based utility that just does one thing and does it well: it readsrecipes from a text file (aptly called a "justfile"), and runs thecommands from an invoked recipe. Rather than accumulating a libraryof one-off shell scripts over time, just provides a cross-platform toolwith a framework and well-documented syntax for collecting anddocumenting tasks that makes it useful for solo users andcollaborative projects.
- Security updates for Wednesday
Security updates have been issued by Debian (containerd, mako, and xen), Fedora (forgejo, nextcloud, openbao, rclone, restic, and tigervnc), Oracle (firefox, kernel, libtiff, libxml2, and postgresql), SUSE (libecpg6, lightdm-kde-greeter, python-cbor2, python-mistralclient-doc, python315, and python39), and Ubuntu (kdeconnect, linux, linux-aws, linux-realtime, python-django, and unbound).
- A final stable kernel update for 5.4
Greg Kroah-Hartman has announced the release of the 5.4.302 stable kernel:
This is the LAST 5.4.y release. It is now end-of-life and should notbe used by anyone, anymore. As of this point in time, there are 1539documented unfixed CVEs for this kernel branch, and that number willonly increase over time as more CVEs get assigned for kernel bugs.
For the curious, Kroah-Hartman has also provideda list of the unfixed CVEs for 5.4.302.
- Let's Encrypt to reduce certificate lifetimes
Let's Encrypt has announcedthat it will be reducing the validity period of its certificates from90 days to 45 days by 2028:
Most users of Let's Encrypt who automatically issue certificateswill not have to make any changes. However, you should verify thatyour automation is compatible with certificates that have shortervalidity periods.
To ensure your ACME client renews on time, we recommend using ACMERenewal Information (ARI). ARI is a feature we've introduced to helpclients know when they need to renew their certificates. Consult yourACME client's documentation on how to enable ARI, as it differs fromclient to client. If you are a client developer, check out thisintegration guide.
If your client doesn't support ARI yet, ensure it runs on aschedule that is compatible with 45-day certificates. For example,renewing at a hardcoded interval of 60 days will no longer besufficient. Acceptable behavior includes renewing certificates atapproximately two thirds of the way through the current certificate'slifetime.
Manually renewing certificates is not recommended, as it will needto be done more frequently with shorter certificate lifetimes.
- FreeBSD 15.0 released
FreeBSD15.0 has been released. Notable changes in this release include a newmethod for installingthe base system using the pkg package manager, an updateto OpenZFS 2.4.0-rc4,native support for the inotify(2)interface, and the addition of Open Container Initiative (OCI) imagesto FreeBSD's release artifacts. See the releasenotes for a full list of changes, hardwarenotes for supported hardware, and check the erratabefore installing or upgrading.
- Security updates for Tuesday
Security updates have been issued by Fedora (gnutls, libpng, mingw-python3, python-spotipy, source-to-image, unbound, and webkitgtk), Mageia (libpng), SUSE (bash-git-prompt, gitea-tea, java-17-openjdk, java-21-openjdk, kernel, openssh, python, and shadowsocks-v2ray-plugin, v2ray-core), and Ubuntu (binutils, openjdk-17-crac, openjdk-21-crac, and openjdk-25-crac).
- [$] Checked-size array parameters in C
There are many possible programmer mistakes that are not caught by theminimal checks specified by the C language; among those is passing an arrayof the wrong size to a function. A recent attempt to add some safetyaround array parameters within the crypto layer involved the use of someclever tricks, but it turns out that clever tricks are unnecessary in thiscase. There is an obscure C feature that can cause this checking tohappen, and it is already in use in a few places within the kernel.
- [$] Some 6.18 development statistics
Linus Torvalds releasedthe 6.18 kernel as expected on November 30, closing the last fulldevelopment cycle of 2025. It was another busy cycle, featuring a recordnumber of developers. The time has come for a look at where the code camefrom for this kernel release, but also for the year-long long-term-supportcycle which has also reached its conclusion with this release.
- Security updates for Monday
Security updates have been issued by AlmaLinux (bind9.18, cups, gimp, ipa, kernel, libssh, mingw-expat, openssl, pcs, sssd, tigervnc, and valkey), Debian (gnome-shell-extension-gsconnect, mistral-dashboard, pagure, python-mistralclient, pytorch, qtbase-opensource-src, sogo, tryton-server, and unbound), Fedora (cef, drupal7, glib2, linux-firmware, migrate, pack, pgadmin4, rnp, and unbound), Slackware (libxslt), SUSE (cpp-httplib, curl, glib2, grub2, kernel, libcoap-devel, libcryptopp, libwireshark19, postgresql15, and postgresql17), and Ubuntu (edk2).
- Three stable kernels for Monday
Greg Kroah-Hartman has announced the release of the 6.17.10, 6.12.60, and 6.6.118 stable kernels. As usual, eachcontains a number of important fixes throughout the tree. Users areadvised to upgrade.
- The 6.18 kernel has been released
Linus has released the 6.18 kernel, as expected.
So I'll have to admit that I'd have been happier with slightly less bugfixing noise in this last week of the release, but while there's a few more fixes than I would hope for, there was nothing that made me feel like this needs more time to cook. So 6.18 is tagged and pushed out.
Headline changes in this release includethe abilityto manage namespaces with file handles,support for the AccECNcongestion-control protocol,initial support for signing of BPFprograms,improved memory management with sheaves,the Rust binder driver,better control over transparent hugepages,and a lot more.This release also saw the removalof the bcachefs filesystem.
See the LWN merge-window summaries (part 1, part 2)and the KernelNewbies 6.18page for more information.
- NixOS 25.11 released
Version25.11 of the NixOS distribution has been released. "The 25.11release was made possible due to the efforts of 2742 contributors, whoauthored 59430 commits since the previous release". Changes include7,002 new packages, GNOME 49, LLVM 21, a new COSMIC desktopenvironment beta, firewalld support, and more; see therelease notes for details.
- How to turn on the AI-ready infrastructure you already own
Hammerspace maximizes your GPU usage using your existing NVMe storagePartner content As AI computing expands across hybrid and multi-cloud environments, infrastructure teams are under pressure to accelerate time-to-insight while maximizing GPU investments. But too often, storage becomes the bottleneck.…
- Docker: Patch Image Vulnerabilities with Trivy and Copa
Docker container images often contain security vulnerabilities inherited from their base operating system packages. Rather than rebuilding images from scratch, you can use Trivy to scan for vulnerabilities and Copa to patch them directly. This tutorial demonstrates how to identify and fix container vulnerabilities on Ubuntu, Debian, RHEL, CentOS, and Fedora systems using these two powerful open-source tools.
- openSUSE Begins Rolling Out Intel NPU Support
Via the openSUSE Innovator Initiative, packaging of the Intel Neural Processing Unit (NPU) driver for the openSUSE ecosystem has begun. This is helping to jump-start the Intel NPU support within the openSUSE space although user-space applications ready to leverage the Intel NPU still remains very limited...
- Whatever legitimate places AI has, inside an OS ain't one
We're getting it baked into Windows whether we like it or notOpinion Making software would be the perfect job if it wasn't for those darn users. Windows head honcho Pavan Davuluri would be forgiven for feeling this of late as his happy online paean about Windows becoming an "agentic OS" was met by massive dissent in the comments. "Agentic schmentic, we want reliability, usability, and stability" was the gist.…
- ntpdate Command not Found: Solution
The ntpdate command has been deprecated and removed from modern Linux distributions. If you encounter the “ntpdate command not found” error on Debian, Ubuntu Linux systems, this guide shows you how to synchronize your system time using the modern replacements: systemd-timesyncd and chrony.
- The Last Video Rental Store Is Your Public Library
404 Media's Claire Woodcock writes: As prices for streaming subscriptions continue to soar and finding movies to watch, new and old, is becoming harder as the number of streaming services continues to grow, people are turning to the unexpected last stronghold of physical media: the public library. Some libraries are now intentionally using iconic Blockbuster branding to recall the hours visitors once spent looking for something to rent on Friday and Saturday nights. John Scalzo, audiovisual collection librarian with a public library in western New York, says that despite an observed drop-off in DVD, Blu-ray, and 4K Ultra disc circulation in 2019, interest in physical media is coming back around. "People really seem to want physical media," Scalzo told 404 Media. Part of it has to do with consumer awareness: People know they're paying more for monthly subscriptions to streaming services and getting less. The same has been true for gaming. As the audiovisual selector with the Free Library of Philadelphia since 2024, Kris Langlais has been focused on building the library's video game collections to meet comparable interest in demand. Now that every branch library has a prominent video game collection, Langlais says that patrons who come for the games are reportedly expressing interest in more of what the library has to offer. "Librarians out in our branches are seeing a lot of young people who are really excited by these collections," Langlais told 404 Media. "Folks who are coming in just for the games are picking up program flyers and coming back for something like that." IP disputes are fueling the shift, too. The report notes how rights and licensing battles are making some films harder to access -- from titles that quietly slip out of commercial circulation, to streaming-only releases that never make it to disc, to entire shows vanishing during mergers like HBO Max-Discovery+. One prominent example is The People's Joker, which was briefly pulled from the Toronto International Film Festival over a conflict with Batman's rightsholders. Situations like that are pushing librarians to grab physical copies while they still can, before these works risk disappearing altogether.
Read more of this story at Slashdot.
- After AI Push, Trump Administration Is Now Looking To Robots
An anonymous reader quotes a report from Politico: Five months after releasing a plan to accelerate the development of artificial intelligence, the Trump administration is turning to robots. Commerce Secretary Howard Lutnick has been meeting with robotics industry CEOs and is "all in" on accelerating the industry's development, according to three people familiar with the discussions who were granted anonymity to share details. The administration is considering issuing an executive order on robotics next year, according to two of the people. A Department of Commerce spokesperson said: "We are committed to robotics and advanced manufacturing because they are central to bringing critical production back to the United States." The Department of Transportation is also preparing to announce a robotics working group, possibly before the end of the year, according to one person familiar with the planning. A spokesperson for the department did not respond to a request for comment. There's growing interest on Capitol Hill as well. A Republican amendment to the National Defense Authorization Act would have created a national robotics commission. The amendment was not included in the bill. Other legislative efforts are underway. The flurry of activity suggests robotics is emerging as the next major front in America's race against China. "There is now recognition that advanced robotics is crucial to the U.S. in terms of manufacturing, technology, national security, defense applications, public safety," said Brendan Schulman, VP of policy and government relations for Boston Dynamics. "The investment that we're seeing in the sector and the efforts in China to dominate the future of robotics are being noticed."
Read more of this story at Slashdot.
- After Nearly 30 Years, Crucial Will Stop Selling RAM To Consumers
Micron is shutting down its Crucial consumer RAM business in 2026 after nearly three decades, citing heavy demand from AI data centers. "The AI-driven growth in the data center has led to a surge in demand for memory and storage," Sumit Sadana, EVP and chief business officer at Micron Technology, said in a statement. "Micron has made the difficult decision to exit the Crucial consumer business in order to improve supply and support for our larger, strategic customers in faster-growing segments." Ars Technica reports: Micron said it will continue shipping Crucial consumer products through the end of its fiscal second quarter in February 2026 and will honor warranties on existing products. The company will continue selling Micron-branded enterprise products to commercial customers and plans to redeploy affected employees to other positions within the company. Crucial launched in 1996 during the Pentium era as Micron's consumer brand for RAM and storage upgrades. Over the years, the brand expanded to encompass other memory-related products such as SSDs, flash memory cards, and portable storage drives. Micron Technology has been manufacturing RAM since 1981.
Read more of this story at Slashdot.
- HBO Max Botches Mad Men's 4K Debut After Streaming Wrong File Showing Visible Crewmembers
HBO Max's 4K debut of Mad Men was botched after Lionsgate reportedly supplied the wrong file, leading to visible crew members where someone is seen pumping a vomit hose. Ars Technica reports: Mad Men ran on the AMC channel for seven seasons from 2007 to 2015. The show had a vintage aesthetic, depicting the 1960s advertising industry in New York City. Last month, HBO Max announced it would modernize the show by debuting a 4K version. The show originally aired in SD and HD resolutions and had not been previously made available in 4K through other means, such as Blu-ray. However, viewers were quick to spot problems with HBO Max's 4K Mad Men stream, the most egregious being visible crew members in the background of a scene. The episode was "Red in the Face" (Season 1, Episode 7), which was reportedly mislabeled. In it, Roger Sterling (John Slattery) throws up oysters. In the 4K version that was streaming on HBO Max, viewers could see someone pumping a vomit hose to make the fake puke flow. The Hollywood Reporter, citing an anonymous source, said that the error happened because Mad Men production company Lionsgate gave HBO Max the wrong file. The publication reported that Lionsgate "was working on getting HBO Max the correct file(s)" and was readying to provide them at approximately 10 a.m. PT today. The blunder is likely to be fixed for all viewers soon. There were no problems with the HD versions of HBO Max's Mad Men stream.
Read more of this story at Slashdot.
- YouTube Releases Its First-Ever Recap of Videos You've Watched
YouTube has launched its first-ever "Recap" for videos watched on the main platform, giving users personalized cards that showcase their top channels, interests, and a personality type based on their watch habits. The feature rolls out across North America today and globally this week. TechCrunch reports: Users can find their Recap directly on the YouTube homepage or under the "You" tab. Recaps are accessible on mobile devices and desktop. YouTube says the new feature was requested by users and that it conducted over 50 different concept tests before landing on the final product. Alongside the launch of Recap, YouTube also released trend charts showcasing the top creators, podcasts, and songs of the year.
Read more of this story at Slashdot.
- India Pulls Its Preinstalled iPhone App Demand
India has withdrawn its order requiring Apple and other smartphone makers to preinstall the government's Sanchar Saathi app after public backlash and privacy concerns. AppleInsider reports: On November 28, the India Ministry of Communication issued a secret directive to Apple and other smartphone manufacturers, requiring the preinstallation of a government-backed app. Less than a week later, the order has been rescinded. The withdrawal on Wednesday means Apple doesn't have to preload the Sanchar Saathi app onto iPhones sold in the country, in a way that couldn't be "disabled or restricted." [...] In pulling back from the demand, the government insisted that the app had an "increasing acceptance" among citizens. There was a tenfold spike of new user registrations on Tuesday alone, with over 600,000 new users made aware of the app from the public debacle. India Minister of Communications Jyotiraditya Scindia took a moment to insist that concerns the app could be used for increased surveillance were unfounded. "Snooping is neither possible nor will it happen" with the app, Scindia claimed. "This is a welcome development, but we are still awaiting the full text of the legal order that should accompany this announcement, including any revised directions under the Cyber Security Rules, 2024," said the Internet Freedom Foundation. It is treating the news with "cautious optimism, not closure," until formalities conclude. However, while promising, the backdown doesn't stop India from retrying something similar or another tactic in the future.
Read more of this story at Slashdot.
- Windows 11 Growth Slows As Millions Stick With Windows 10
Despite Windows 10 losing free support, Statcounter shows Windows 11 holding only a modest lead of 53.7% market share compared to Windows 10's 42.7%. Analysts say the slow transition reflects both hardware limitations and a lack of must-have Windows 11 features compelling organizations to refresh their fleets. The Register reports: The Register spoke to Lansweeper principal technical evangelist Esben Dochy, who noted that consumers were more likely to have devices that couldn't be upgraded or follow the "if it ain't broke, don't fix it" rule when it comes to change. He also pointed out consumers in the EU get Microsoft Extended Security Updates (ESU) for free. For businesses, though, it's different. Dochy told us: "The primary blocker is slow change management processes. These can be slow due to bad planning, lack of resources, difficulty in execution (in highly distributed organizations) etc. "The ESU are used to be secure while those change management processes take place, but organizations will have to pay to get those ESU making it more expensive for unprepared or inefficient organizations." [...] The challenge facing Windows 11 is that, other than the end of free support for many versions, there is no must-have feature to make enterprises break a hardware refresh cycle, particularly in a difficult economic environment. Microsoft has not released official statistics on Windows 11 adoption. However, hardware vendors have noted the sluggish pace of transition. Dell COO Jeffrey Clarke commented during an analyst call: "If you were to look at it relative to the previous OS end of support, we are 10-12 points behind at that point with Windows 11 than we were with the previous generation."
Read more of this story at Slashdot.
- Microsoft Lowers AI Software Sales Quota As Customers Resist New Products
An anonymous reader quotes a report from Reuters: Multiple divisions at Microsoft have lowered sales growth targets for certain artificial intelligence products after many sales staff missed goals in the fiscal year that ended in June, The Information reported on Wednesday. It is rare for Microsoft to lower quotas for specific products, the report said, citing two salespeople in the Azure cloud unit. The division is closely watched by investors as it is the main beneficiary of Microsoft's AI push. [...] The Information report said Carlyle Group last year started using Copilot Studio to automate tasks such as meeting summaries and financial models, but cut its spending on the product after flagging Microsoft about its struggles to get the software to reliably pull data from other applications. The report shows the industry was in the early stages of adopting AI, said D.A. Davidson analyst Gil Luria. "That does not mean there isn't promise for AI products to help companies become more productive, just that it may be harder than they thought."
Read more of this story at Slashdot.
- Chinese Reusable Booster Explodes During First Orbital Test
schwit1 shares a report from CNN: A private Chinese space firm successfully sent its Zhuque-3 rocket to orbit but failed in its historic attempt to re-land the rocket booster Wednesday -- the first such trial by a Chinese firm as the country's growing commercial space sector races to catch up with American rivals like SpaceX. The rocket entered orbit as planned, but its first stage did not successfully return to a landing site, instead crashing down, the company said in a statement. "An anomaly occurred after the first-stage engine ignited during the landing phase, preventing a soft landing on the designated recovery pad," the statement said. "The debris landed at the edge of the recovery area, resulting in a failed recovery test." The team would "conduct a comprehensive review" and continue to "advance the verification and application of reusable rocket technology in future missions," the statement added. You can watch a video of the launch and subsequent crash here.
Read more of this story at Slashdot.
- Zig Quits GitHub, Says Microsoft's AI Obsession Has Ruined the Service
The Zig Software Foundation has quit GitHub after years of unresolved GitHub Actions bugs -- including a "safe_sleep" script that could spin forever and cripple CI runners. Zig leadership puts the blame on Microsoft's growing AI-first priorities and declining engineering quality. Other open-source developers are voicing similar frustrations. The Register reports: The drama began in April 2025 when GitHub user AlekseiNikiforovIBM started a thread titled "safe_sleep.sh rarely hangs indefinitely." GitHub addressed the problem in August, but didn't reveal that in the thread, which remained open until Monday. That timing appears notable. Last week, Andrew Kelly, president and lead developer of the Zig Software Foundation, announced that the Zig project is moving to Codeberg, a non-profit git hosting service, because GitHub no longer demonstrates commitment to engineering excellence. One piece of evidence he offered for that assessment was the "safe_sleep.sh rarely hangs indefinitely" thread. "Most importantly, Actions has inexcusable bugs while being completely neglected," Kelly wrote. "After the CEO of GitHub said to 'embrace AI or get out', it seems the lackeys at Microsoft took the hint, because GitHub Actions started 'vibe-scheduling' -- choosing jobs to run seemingly at random. Combined with other bugs and inability to manually intervene, this causes our CI system to get so backed up that not even master branch commits get checked."
Read more of this story at Slashdot.
- Japanese Devs Face Font Licensing Dilemma as Annual Costs Increase From $380 To $20K
An anonymous reader quotes a report from GamesIndustry.biz: Japanese game makers are struggling to locate affordable commercial fonts after one of the country's leading font licensing services raised the cost of its annual plan from around $380 to $20,500 (USD). As reported by Gamemakers and GameSpark and translated by Automaton, Fontworks LETS discontinued its game license plan at the end of November. The expensive replacement plan -- offered through Fontwork's parent company, Monotype -- doesn't even provide local pricing for Japanese developers, and comes with a 25,000 user-cap, which is likely not workable for Japan's bigger studios. The problem is further compounded by the difficulties and complexities of securing fonts that can accurately transcribe Kanji and Katakana characters. UI/UX designer Yamanaka stressed that this would be particularly problematic for live service games; even if studios moved quickly and switched to fonts available through an alternate licensee, they will have to re-test, re-validate, and re-QA check content already live and in active use. The crisis could even eventually force some Japanese studios to rebrand entirely if their corporate identity is tied to a commercial font they can no longer afford to license.
Read more of this story at Slashdot.
- LandSpace Could Become China's First Company To Land a Reusable Rocket
China's private launch firm LandSpace is preparing the debut flight of its Zhuque-3 rocket, aiming to become the country's first to land a reusable orbital-class booster using a Falcon-9-style return profile. Ars Technica reports: Liftoff could happen around 11 pm EST tonight (04:00 UTC Wednesday), or noon local time at the Jiuquan Satellite Launch Center in northwestern China. Airspace warning notices advising pilots to steer clear of the rocket's flight path suggest LandSpace has a launch window of about two hours. When it lifts off, the Zhuque-3 (Vermillion Bird-3) rocket will become the largest commercial launch vehicle ever flown in China. What's more, LandSpace will become the first Chinese launch provider to attempt a landing of its first stage booster, using the same tried-and-true return method pioneered by SpaceX and, more recently, Blue Origin in the United States. Construction crews recently finished a landing pad in the remote Gobi Desert, some 240 miles (390 kilometers) southeast of the launch site at Jiuquan. Unlike US spaceports, the Jiuquan launch base is located in China's interior, with rockets flying over land as they climb into space. When the Zhuque-3 booster finishes its job of sending the rocket toward orbit, it will follow an arcing trajectory toward the recovery zone, firing its engines to slow for landing about eight-and-a-half minutes after liftoff. At least, that's what is supposed to happen. LandSpace officials have not made any public statements about the odds of a successful landing -- or, for that matter, a successful launch... UPDATE: Chinese Reusable Booster Explodes During First Orbital Test
Read more of this story at Slashdot.
- Study Finds Tattoo Ink Moves Through the Body, Killing Immune Cells
Bruce66423 shares a report from the Los Angeles Times: Tattoo ink doesn't just sit inertly in the skin. New research shows it moves rapidly into the lymphatic system, where it can persist for months, kill immune cells, and even disrupt how the body responds to vaccines. Scientists in Switzerland used a mouse model to trace what happens after tattooing. Pigments drained into nearby lymph nodes within minutes and continued to accumulate for two months, triggering immune-cell death and sustained inflammation. The ink also weakened the antibody response to Pfizer Inc. and BioNTech SE's COVID vaccine when the shot was administered in tattooed skin. In contrast, the same inflammation appeared to boost responses to an inactivated flu vaccine. "This work represents the most extensive study to date regarding the effect of tattoo ink on the immune response and raises serious health concerns associated with the tattooing practice," the researchers said. "Our work underscores the need for further research to inform public health policies and regulatory frameworks regarding the safety of tattoo inks." The findings have been published in the journal Proceedings of the National Academy of Sciences.
Read more of this story at Slashdot.
- Anthropic Acquires Bun In First Acquisition
Anthropic has made its first acquisition by buying Bun, the engine behind its fast-growing Claude Code agent. The move strengthens Anthropic's push into enterprise developer tooling as it scales Claude Code with major backers like Microsoft, Nvidia, Amazon, and Google. Adweek reports: Claude Code is a coding agent that lets developers write, debug and interpret code through natural-language instructions. Claude Code had already hit $1 billion in revenue six months since its public debut in May, according to a LinkedIn post from Anthropic's chief product officer, Mike Krieger. The coding agent continues to barrel toward scale with customers like Netflix, Spotify, and Salesforce. Further reading: Meet Bun, a Speedy New JavaScript Runtime
Read more of this story at Slashdot.
- San Francisco Will Sue Ultraprocessed Food Companies
An anonymous reader quotes a report from the New York Times: The San Francisco city attorney filed on Tuesday the nation's first government lawsuit against food manufacturers over ultraprocessed fare (source may be paywalled; alternative source), arguing that cities and counties have been burdened with the costs of treating diseases that stem from the companies' products. David Chiu, the city attorney, sued 10 corporations that make some of the country's most popular food and drinks. Ultraprocessed products now comprise 70 percent of the American food supply and fill grocery store shelves with a kaleidoscope of colorful packages. Think Slim Jim meat sticks and Cool Ranch Doritos. But also aisles of breads, sauces and granola bars marketed as natural or healthy. It is a rare issue on which the liberal leaders in San Francisco City Hall are fully aligned with the Trump administration, which has targeted ultraprocessed foods as part of its Make America Healthy Again mantra. Mr. Chiu's lawsuit, which was filed in San Francisco Superior Court on behalf of the State of California, seeks unspecified damages for the costs that local governments bear for treating residents whose health has been harmed by ultraprocessed food. The city accuses the companies of "unfair and deceptive acts" in how they market and sell their foods, arguing that such practices violate the state's Unfair Competition Law and public nuisance statute. The city also argues the companies knew that their food made people sick but sold it anyway.
Read more of this story at Slashdot.
- Micron ditches consumer memory brand Crucial to chase AI riches
First AI came for our jobs. Now, our memory?
The lure of AI spending was too much for Micron to ignore. On Wednesday, the US chipmaker announced it's abandoning its Crucial memory and storage lineup to bolster its supply of enterprise-focused chips, including those used in AI systems.…
- John Henry still leading the race vs. AI in customer service
Gartner found only 20% of customer service leaders have cut human agents because of AI
The world’s smallest digital violin is playing for AI chatbots, which are having a hard time elbowing out their human counterparts for jobs in customer service, according to a Gartner study.…
- Lawyer's 6-year-old son uses AI to build copyright infringement generator
Rights holders had better buckle up for years of legal wrangling, IP lawyer tells The Reg
You don't have to be smarter than a fifth grader (or even a first grader) to commit potential copyright infringement using AI tools. One IP attorney watched over the weekend as his young son built a bedtime story generator that used copyrighted characters without permission. …
- MAGA cognoscenti warn feds away from shielding AI infringers
Letting AI firms train on copyrighted data will end up helping China, conservative groups argue
A group of conservatives allied with President Donald Trump's MAGA movement, including former Trump strategist Steve Bannon, has asked the Justice Department and the White House to stop protecting Big Tech against copyright claims.…
- China's reusable rocket makes it to orbit but fails to stick the landing
An ‘anomaly’ meant a fireball arrived at the recovery zone instead of a spent first stage
There's good news and bad news for the Chinese commercial launch industry. The good news is that LandSpace's ZhuQue-3 launched successfully on its maiden flight. The bad news is that a hoped-for recovery of the first stage ended in a fireball.…
- Microsoft sharpens the blocking axe for Exchange Web Services
Starting in March, Frontline Worker and Kiosk–only mailboxes lose EWS access
Microsoft is getting serious about the end of Exchange Web Services (EWS) and has announced that, starting in March 2026, it will begin blocking EWS access to mailboxes without license rights.…
- HPE positions Morpheus stack as enterprise alternative to VMware
IT giant touts unified management, stretched clusters, and AI-ready networking at Discover Barcelona
HPE is laying out its enterprise stall with enhancements to its GreenLake hybrid cloud portfolio, while converging its Aruba and Juniper networking to offer customers AIOps across both, plus high-speed connectivity for AI processing.…
- ISS hits rare full house as all eight docking ports ocupado
Russian vehicles will depart soon, but Baikonur launchpad damage clouds future arrivals
NASA confirmed this week that for the first time, all eight of the International Space Station's docking ports are currently occupied – four by Russian vehicles.…
- Newly launched civil service pension portal from Capita is crapita, users report
Awarded a £239M contract, outsourcer apologizes for any inconvenience to 1.5M members
Updated Pension scheme members are facing a string of errors and malfunctions as they try to log into and retrieve account details from the UK's civil service portal the government is paying Capita £239 million ($318 million) to build and run.…
- Pat Gelsinger's EUV lithography gig gets $150M wink from Uncle Sam
Commerce Department wants equity in xLight as it backs a free-electron laser to challenge ASML
The US Department of Commerce has signed a preliminary letter of intent to provide up to $150 million to xLight, a Palo Alto-based startup led by former Intel chief Pat Gelsinger, that is working on extreme ultraviolet (EUV) lithography.…
- Amazon is forging a walled garden for enterprise AI
AWS Chief Matt Garman lays out his vision bringing artificial intelligence to the enterprise
Re:Invent Amazon wants to make AI meaningful to enterprises, and it’s building yet another walled garden disguised as an easy button to do it.…
- AWS offers AI-in-a-box for enterprise datacenters
If sovereignty or on-prem AI matters, the new AI Factories could be for you
re:invent Many businesses and government agencies require that all sensitive data stay on-premises for legal or security reasons. If those orgs want to work with AI, they can't rely on regular public clouds, but now they can let AWS build and manage AI hardware and software in their datacenters.…
- University of Pennsylvania joins list of victims from Clop's Oracle EBS raid
Ivy League school warns more than 1,400 people after attackers siphon data via zero-day
The University of Pennsylvania has become the latest victim of Clop's smash-and-grab spree against Oracle's E-Business Suite (EBS) customers, with the Ivy League school now warning more than a thousand individuals that their personal data was siphoned from its systems.…
- HPE backs AMD's Helios AI rack with Juniper's scale-up switch
Hardware bundle ties next-gen accelerators to an Ethernet fabric arriving in 2026
HPE is throwing its weight behind AMD's Helios rack-scale architecture and will offer this as part of its AI portfolio next year, including a purpose-built Juniper Networks scale-up switch.…
- Apple swaps one ex-Google AI chief for another
Amar Subramanya spent mere months at Microsoft before replacing John Giannandrea
Apple's failure to deliver advanced AI capabilities has triggered a changing of the guard. AI chief John Giannandrea is stepping down in favor of a new leader to steady the Siri ship.…
- MongoDB talks up its AI chops by talking down PostgreSQL
CEO touts win from 'super-high growth' customer that couldn't scale on rival system
At the risk of protesting too much in the shifting database landscape, NoSQL-based MongoDB has attempted to trash the competition by claiming PostgreSQL systems lack scalability to keep up with the demands of AI workloads.…
- Europol nukes Cryptomixer laundering hub, seizing €25M in Bitcoin
Operation Olympia pulls Swiss servers offline and scoops up 12TB of data in latest crime infrastructure crackdown
Law enforcement agencies in Germany and Switzerland have shut down cryptocurrency laundering platform Cryptomixer in Europe's latest pushback against cybercrime infrastructure.…
- Kensington and Chelsea confirms IT outage was a data breach after all
Borough says attackers copied 'historical' info as three-council cyber woes drag on
Kensington and Chelsea Council has admitted that data was quietly lifted from its systems during last week's cyber meltdown, confirming that the outage was not just an IT faceplant but a bona fide data breach.…
- London grid crunch delays new housing amid datacenter boom
Assembly report urges clearer planning as soaring AI power demands strain capital's network
Access to electricity has become a major source of delay for housebuilding in London, and datacenters are inevitably tied up in this, leading to calls for greater oversight of energy and construction planning so that they keep pace with demand.…
- Apply here to win a Microsoft Ugly Sweater. It's uglier than ever
2025 Xmas knitware nightmare could be yours if you make us smile: When was peak Microsoft?
Free Wear It's that time of year again when Microsoft dispatches its latest Ugly Sweater to The Register, and we spoil a lucky reader that makes us smile by sending you the garment in time for Christmas.…
- Whatever legitimate places AI has, inside an OS ain't one
We're getting it baked into Windows whether we like it or not
Opinion Making software would be the perfect job if it wasn't for those darn users. Windows head honcho Pavan Davuluri would be forgiven for feeling this of late as his happy online paean about Windows becoming an "agentic OS" was met by massive dissent in the comments. "Agentic schmentic, we want reliability, usability, and stability" was the gist.…
- UK sinks to fifth in ESA funding league behind Spain
Brit astro Tim Peake's much-vaunted mission to the ISS a distant memory
Nearly ten years after Brit astronaut Tim Peake visited the International Space Station (ISS), the UK has slipped behind Spain in European Space Agency funding rankings.…
- India demands smartphone makers install a government app on every handset
'Sanchar Saathi' shares data to help fight fraud and protect carrier security
India’s government has issued a directive that requires all smartphone manufacturers to install a government app on every handset in the country and has given them 90 days to get the job done – and to ensure users can’t remove the code.…
- OpenAI money-go-round sees it invest in company that invested in OpenAI
Thrive will use the AI-maker's tech in its managed services and accounting businesess
Scratch my back and I'll scratch yours. OpenAI says that it has taken an undisclosed ownership stake in Thrive Holdings, the management-focused offshoot of private equity heavyweight Thrive Capital, which itself is a major investor in the ChatGPT maker.…
- Google Antigravity vibe-codes user's entire drive out of existence
Caveat coder
In what appears to be the latest example of a troubling trend of "vibe coding" software development tools behaving badly, a Reddit user is reporting that Google's Antigravity platform improperly wiped out the contents of an entire hard drive partition. …
- UK gov blames budget leak on misconfigured WordPress plugin, server
Predictable URLs break security through obscurity and lack of server access controls don't help
WordPress is the world's most popular content management system, but not so much with the UK government. The country's Office for Budget Responsibility (OBR) has blamed an inadvertent budget disclosure last week on misconfiguration of its WordPress website.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- On recreating the lost SDK for a 42-year-old operating system: VisiCorp VisiOn
I would think most of us here at OSNews are aware of VisiOn, the graphical multitasking operating system for the IBM PC which was one of the first operating systems with a graphical user interface, predating Windows, GEM, the Mac, and even the Apple Lisa. While VisiOn was technically an open! platform anybody could develop an application for, the operating system�s SDK cost $7000 at the time and required a VAX system. This, combined with VisiOn failing in the market, means nobody knows how to develop an application for it. Until now. Over the past few months, Nina Kalinina painstakingly unraveled VisiOn so that she she could recreate the SDK from scratch. In turn, this allowed developer Atsuko to develop a clean-room application for VisiOn � which is most likely the very first third-party application ever developed and released for VisiOn. I�ve been following along with the pains Kalinina had to go through for this endeavour over on Fedi, and it sure was a wild ride few would be willing (and capable) to undertake. It took me a month of working 1-2 hours a day to produce a specification that allowed Atsuko to implement a`clean-room`homebrew application for VisiOn that is capable of bitmap display, menus and mouse handling. If you�re wondering what it felt like: this project is the largest Sudoku puzzle! I have ever tried to solve. In this note, I have tried to explain the process of solving this puzzle, as well as noteworthy things about VisiOn and its internals. ↫ Nina Kalinina The article contains both a detailed look at VisiOn, as well as the full process of recreating its SDK and developing an application with it. Near the end of the article, after going over all the work that was required to get here, there�s a sobering clarification: This reverse-engineering project ended up being much bigger than I anticipated. We have a working application, yes, but so far I�ve documented less than 10% of all the VisiHost and VisiOp calls. We still don�t know how to implement keyboard input, or how to work with timers and background processes (if it is possible). ↫ Nina Kalinina I�d love for more people to be interested in helping this effort out, as it�s not just an extremely difficult challenge, but also a massive contribution to software preservation. VisiOn may not be more than a small footnote in computing history, but it still deserves to be remembered and understood, and Kalinina and Atsuko have done an amazing amount of legwork for whomever wants to pick this up, too.
- Google is experimentally replacing news headlines with AI clickbait nonsense
Did you know that BG3 players exploit children? Are you aware that Qi2 slows older Pixels? If we wrote those misleading headlines, readers would rip us a new one — but Google is experimentally beginning to replace the original headlines on stories it serves with AI nonsense like that. ↫ Sean Hollister at The Verge I�m a little teapot, short and stout. Here is my handle, here is my spout. When I get all steamed up, hear me shout. Tip me over and pour me out!
- Micron is ending its consumer RAM business because of AI!
You may have noticed that due to AI! companies buying up all literally all the RAM in the world, prices for consumer RAM and SSDs have gone completely batshit insane. Well, it�s only going to get worse, since Micron has announced it�s going to exit the market for consumer RAM and is, therefore, retiring its Crucial brand. The reason? You know the reason. “The AI-driven growth in the data center has led to a surge in demand for memory and storage. Micron has made the difficult decision to exit the Crucial consumer business in order to improve supply and support for our larger, strategic customers in faster-growing segments,” said Sumit Sadana, EVP and Chief Business Officer at Micron Technology. ↫ Micron�s press release First it was the crypto pyramid scheme, and now it�s the AI! pyramid scheme. These MLMs for unimpressive white males who couldn�t imagine themselves out of a wet paper bag are ruining not just the environment, software, and soon the world�s economy when the bubble pops, but are now also making it extraordinarily expensive to buy some RAM or a bit of storage. Literally nothing good is coming from these techbro equivalents of Harlequin romance novels, and yet, we�re forced to pretend they�re the next coming of the railroads every time some guy who was voted most likely to die a middle manager at Albertsons in Casper, Wyoming, farts his idea out on a napkin. I am so tired.
- Redox takes first baby steps towards a modesetting driver for Intel graphics
An exciting tidbit of news from Redox, the Rust-based operating system. Its founder and lead developer Jeremy Soller has merged the first changes for a modesetting driver for Intel graphics. After a few nights of reading through thousands of pages of PRMs I have finally implemented a modesetting driver for Intel HD graphics on Redox OS. There is much more to do, but there is now a clear path to native hardware accelerated graphics! ↫ Jeremy Soller Of course, all the usual disclaimers apply, but it�s an important first step, and once again underlines that Redox is turning into a very solid platform that might just be on the cusp of becoming something we can use every day.
- MacOS: losing confidence
It�s always a bit sad and a little awkward when reality starts hitting long-time fans and users of an operating system, isn�t it? I feel like I�m at least fifteen years ahead of everyone else when it comes to macOS, at least. Over the last few weeks I’ve been`discovering problems`that have been eroding confidence in macOS. From text files that simply won’t show up in Spotlight search, to Clock timers that are blank and don’t function, there’s one common feature: macOS encounters an error or fault, but doesn’t report that to the user, instead just burying it deep in the log. When you can spare the time, the next step is to contact Apple Support, who seem equally puzzled. You’re eventually advised to reinstall macOS or, in the worst case, to wipe a fairly new Apple silicon Mac and restore it in DFU mode, but have no reason to believe that will stop the problem from recurring. You know that Apple Support doesn’t understand what’s going wrong, and despite the involvement of support engineers, they seem as perplexed as you. ↫ Howard Oakley I remember when Mac OS X was so far ahead of the competition it was honestly a little tragic. Around the late PowerPC and very early Intel days, when the iPhone hadn�t yet had the impact on the company it has now, the Mac and its operating system were the star of the company�s show, and you felt it when you used it. Even though the late PowerPC hardware was being outpaced left, right, and centre by Intel and AMD hardware in virtually every sense, Mac OS X more than made up for it being being a carefully and lovingly crafted operating system designed and developed by people who clearly deeply cared. I used nothing but Macs as a result. These days, everything�s reversed. By all accounts, Macs are doing amazing hardware-wise, with efficient, powerful processors and solid design. The operating system, however, has become a complete and utter mess, showing us that no, merely having great hardware does not make up for shit software in the same way the reverse was true two decades ago. I�d rather use a slower, hotter laptop with great software than a faster, cooler laptop with terrible software. I�m not sure we�re going to see this trend reversed any time soon. Apple, too, is chasing the dragon, and everything the company does is designed around their cash cow, and I just don�t see how that�s going to change without a complete overhaul of the company�s leadership.
- Why is running Linux on a RiscPC so hard?
What if you have a Risc PC, but aside from RISC OS, you also want to run Linux? Well, then you have to jump through a lot of hoops, especially in 2025. Well, this was a mess. I don�t know why Potato is so crashy when I install it. I don�t know why the busybox binary in the Woody initrd is so broken. But I�ve got it installed, and now I can do circa-2004 UNIX things with a machine from 1994. ↫ Jonathan Pallant The journey is definitely the most rewarding experience here for us readers, but I�m fairly sure Pallant is just happy to have a working Linux installation on his Risc PC and wants to mostly forget about that journey. Still, reading about the Risc PC is very welcome, since it�s one of those platforms you just don�t hear about very often between everyone talking about classic Macs and Commodore 64s all the time.
- A vector graphics workstation from the 70s
OK I promised computers, so let’s move to the Tek 4051 I got! Released in 1975, this was based on the 4010 series of terminals, but with a Motorola 6800 computer inside. This machine ran, like so many at the time, BASIC, but with extra subroutines for drawing and manipulating vector graphics. 8KB RAM was standard, but up to 32KB RAM could be installed. Extra software was installed via ROM modules in the back, for example to add DSP routines. Data could be saved on tape, and via RS232 and GBIP external devices could be attached! All in all, a pretty capable machine, especially in 1975. BASIC computers where getting common, but graphics was pretty new. According to Tektronix the 4051 was ideal for researches, analysts and physicians, and this could be yours for the low low price of 6 grand, or around $36.000 in 2025. I could not find sales figures, but it seems that this was a decently successful machine. Tektronix also made the 4052, with a faster CPU, and the 4054, a 19″ 4K resolution behemoth! Tektronix continued making workstations until the 90s but like almost all workstations of the era, x86/Linux eventually took over the entire workstation market. ↫ Rik te Winkel at Just another electronics blog Now that�s a retro computer you don�t see very often.
- FreeBSD 15.0 released with pkgbase
The FreeBSD team has released FreeBSD 15.0, and with it come several major changes, one of which you will surely want to know more about if you�re a FreeBSD user. Since this change will eventually drastically change the way you use FreeBSD, we should get right into it. Up until now, a full, system-wide update for FreeBSD � as in, updating both the base operating system as well as any packages you have installed on top of it � would use two separate tools: freebsd-update and the pkg package manager. You used the former to update the base operating system, which was installed as file sets, and the latter to update everything you had installed on top of it in the form of packages. With FreeBSD 15.0, this is starting to change. Instead of using two separate tools, in 15.0 you can opt to deprecate freebsd-update and file sets, and rely entirely on pkg for updating both the base operating system as well as any packages you have installed, because with this new method, the base system moves from file sets to packages. When installing FreeBSD 15.0, the installer will ask you to choose between the old method, or the new pkg-only method. Packages (pkgbase / New Method): The base system is installed as a set of packages from the FreeBSD-base! repository. Systems installed this way are managed entirely using the pkg(8) tool. This method is used by default for all VM images and images published in public clouds. In FreeBSD 15.0, pkgbase is offered as a technology preview, but it is expected to become the standard method for managing base system installations and upgrades in future releases. ↫ FreeBSD 15.0 release announcement As the release announcement notes, the net method is optional in FreeBSD 15 and will remain optional during the entire 15.x release cycle, but the plan is to deprecate freebsd-update and file sets entirely in FreeBSD 16.0. If you have an existing installation you wish to convert to using pkgbase, there�s a tool called pkgbasify to do just that. It�s sponsored by the FreeBSD Foundation, so it�s not some random script. Of course, there�s way more in this release than just pkgbase. Of note is that the 32bit platforms i386, armv6, and 32-bit powerpc have been retired, but of course, 32bit code will continue to run on their 64bit counterparts. FreeBSD 15.0 also brings a native inotify implementation, a ton of improvements to the audio components, improved Intel Wi-Fi drivers, and so, so much more.
- Windows drive letters are not limited to A-Z
On its own, the title of this post is just a true piece of trivia, verifiable with`the built-in`subst`tool`(among other methods). Here�s an example creating the drive +:\ as an alias for a directory at C:\foo: The +:\ drive then works as normal (at least in cmd.exe, this will be discussed more later): However, understanding why it�s true elucidates a lot about how Windows works under the hood, and turns up a few curious behaviors. ↫ Ryan Liptak Fascinating doesn�t even begin to describe this article, but at the same time, it also makes me wonder at what point maintaining this drive letter charade becomes too burdensome, clunky, and complex. Internally, Windows NT does not use drive letters at all, but for the sake of backwards compatibility and to give the user what they expect, a whole set of abstractions has been crafted to create the illusion that modern versions of Windows still use the same basic drive letter conventions as DOS did 40 years ago. I wonder if we�ll ever reach a point where Windows no longer uses drive letters, or if it�s possible today to somehow remove or disable these abstractions entirely, and run Windows NT without drive letters, as Cutler surely intended. Vast swaths of Windows programs would surely curl up in fetal position and die, including many core components of the operating system itself � as this article demonstrates, very few parts of Windows can handle even something as mundane as a drive letter outside of A-Z � but it�d make for a great experiment. Someone with just the right set of Windows NT skills must�ve tried something like this at some point, either publicly or inside of Microsoft.
- Migrating Dillo away from GitHub
What do you do if you develop a lightweight browser that doesn�t support JavaScript, but you once chose GitHub as the home for your code? You�re now in the unenviable position that your own browser can no longer access your own online source repository because it requires JavaScript, which is both annoying and, well, a little awkward. The solution is, of course, obvious: you move somewhere else. That�s exactly what the Dillo browser did. They set up a small VPS, opted for cgit as the git frontend for its performance and small size, and for the bug tracker, they created a brand new, very simple bug tracker. To avoid this problem, I created my own bug tracker software, buggy, which is a very simple C tool that parses plain Markdown files and creates a single HTML page for each bug. All bugs are stored in a git repository and a git hook regenerates the bug pages and the index on each new commit. As it is simply plain text, I can edit the bugs locally and only push them to the remote when I have Internet back, so it works nice offline. Also, as the output is just an static HTML site, I don�t need to worry about having any vulnerabilities in my code, as it will only run at build time. ↫ Rodrigo Arias Mallo There�s more considerations detailed in the article about Dillo�s migration, and it can serve as inspiration for anyone else running a small open source project who wishes to leave GitHub behind. With GitHub�s continuing to add more and more complexity and AI! to separate open source code from its licensing terms, we may see more and more projects giving GitHub the finger.
- Landlock-ing Linux
Landlock is a Linux API that lets applications explicitly declare which resources they are allowed to access. Its philosophy is similar to OpenBSD’s`unveil()`and (less so)`pledge(): programs can make a contract with the kernel stating, “I only need these files or resources — deny me everything else if I’m compromised.” It provides a simple, developer-friendly way to add defense-in-depth to applications. Compared to traditional Linux security mechanisms, Landlock is vastly easier to understand and integrate. This post is meant to be an accessible introduction, and hopefully persuade you to give Landlock a try. ↫ prizrak.me blog I had no idea this existed, even though it seems to plug a hole in the security and sandboxing landscape on Linux by not requiring any privileges and by being relatively simple and straightforward to use. There�s even an additional supervisor! proposal that would bring Android-like permissions not just to, say, desktop applications (see Flatpak), but to every process trying to access anything for the first time. I�m not knowledgeable enough to make any statements about Landlock compared to any other options we have for securing desktop Linux in a user-friendly, non-intrusive manner, but I definitely like its simplicity.
- System 7 natively boots on the Mac Mini G4
Only a few weeks ago, the CHRP variants of Mac OS 7.6 and 8 were discovered and uploaded to the internet for posterity, but we�re already seeing the positive results of this event unfold: Mac OS 7.x can now run on the Mac Mini G4 � natively. The very short of it is as follows. First, the CHRP release of Mac OS 8 contains a ROM file that allows Mac OS 8 to boot on the G4 Mac Mini. Second, the CHRP release of 7.6 contains a System Enabler that allows 7.6 earlier versions to run by using the aforementioned ROM file. Third, the ROM has been modified to add compatibility with as many Mac models as possible. There�s a lot more to it, of course, but the end result is that quite a few more older, pre-9.x versions of Mac OS can now run on G4 and G3 Macs, which is quite cool. Of course, there are limitations. Note that, although I describe many of these as stable!, I mean you can use much of it normally (sound/video/networking aside) without it crashing or misbehaving, at least not too hard, but that is not to say everything works, because that is just not the case. For example, when present, avoid opening the Apple System Profiler, unless you want a massive crash as it struggles trying to profile and gather all the information about your system. Some other apps or Control Panels might either not work, or work up to a certain point, after which they might freeze, requiring you to Force Quit the Finder to keep on going. And so on. ↫ Jubadub at Mac OS 9 Lives Issues or no, this is amazing news, and great work by all involved.
- Genode OS Framework 25.11 released
The release 25.11 wraps up our year of rigidity, clarity, performance! with a bouquet of vast under-the-hood improvements. Genode�s custom kernel received special tuning of its new CPU scheduler for Sculpt-OS workloads, and became much more scalable with respect to virtual-memory management. Combined, those efforts visibly boost the performance of Sculpt OS on performance-starved hardware like the PinePhone or the i.MX8-based MNT Reform laptop. On account of improving clarity, our new configuration format � now named human-inclined data (HID) � proliferates throughout Genode�s tooling. We are also happy to report that almost all Genode components have become interoperable with both XML and HID by now. ↫ Genode OS Framework 25.11 release notes The Genode Framework 25.11 also brings a major change to how important shared components that aren�t strictly part of the framework are handled, such as ports like libSDL, sqlite, or gnutls. Before, these could only be built with the Genode build system, which was suboptimal because this isn�t designed for building individual components. Several changes have been made to now enable the use of multiple build systems and the Goa SDK, which should make it a lot easier to these crucial components to become the responsibility of wider parts of the community. There�s way more, of course, such as the usual driver improvements, including the addition of support for serial-to-USB adapters.
- Dell: about 1 billion PCs will not or cannot be upgraded to Windows 11
During a Dell earnings call, the company mentioned some staggering numbers regarding the amount of PCs that will not or cannot be upgraded to Windows 11. “We have about 500 million of them capable of running Windows 11 that haven’t been upgraded,” said Dell COO Jeffrey Clarke on a Q3 earnings call earlier this week, referring to the overall PC market, not just Dell’s slice of machines. “And we have another 500 million that are four years old that can’t run Windows 11.” He sees this as an opportunity to guide customers towards the latest Windows 11 machines and AI PCs, but warns that the PC market is going to be relatively flat next year. ↫ Tom Warren at The Verge The monumental scale of the Windows 10 install base that simply won�t or cannot upgrade to Windows 11 is massive, and it�s absolutely bonkers to me that we�re mostly just letting them get away with leaving at least a billion users out in the cold when it comes to security updates and bug fixes. The US government (in better times) and the EU should�ve 100% forced Microsoft�s hand, as leaving this many people on outdated, unsupported operating system installations is several disasters waiting to happen. Aside from the dangerous position Microsoft is forcing its Windows 10 users into, there�s also the massive environmental and public health impact of huge swaths of machines, especially in enterprise environments, becoming obsolete overnight. Many of these will end up in landfills, often shipped to third-world countries so we in the west don�t have to deal with our e-waste and its dangerous consequences directly. I can get fined for littering � rightfully so � but when a company like Microsoft makes sweeping decisions which cause untold amounts of dangerous chemicals to be dumped in countless locations all over the globe, governments shrug it off and move on. At least we will get some cheap eBay hardware out of it, I guess.
- CDE 2.5.3 released
So my love for the Common Desktop Environment isn�t exactly a secret, so let�s talk about the project�s latest release, CDE 2.5.3, released a few days ago. As the version number suggests, this first new version in two years is a rather minor release, containing only a few bug fixes. For instance, CDE�s window manager dtwm picked up support for more mouse buttons, its file manager dtfile now uses sh to find files instead of ksh, and a few more of these rather minor, but welcome, changes and bugfixes. Ever since CDE was released as open source over thirteen years ago, and while considerable work has been done to make it build, install, and run on modern platforms, that�s kind of where the steam ran out. CDE isn�t being actively developed to build upon its strengths and add new and welcome features and conveniences, but is instead kept in a sort of buildable stasis. There is absolutely nothing wrong with this � it keeps CDE accessible on modern platforms, and that�s a huge amount of work that deserves respect and gratitude � but it�d be nice if we lived in a world where there was enough interest (and time and money) to have people work on actually improving it. Of course, the reality is that there�d be very little interest in such an improved CDE, and that�s exactly why it isn�t happening. On top op the current work the CDE team is doing, you�d need to not only develop new features, but also improve the Motif toolkit to make such new features possible, and make sure such improvements don�t break anything else. With such an old codebase, that can�t possible be an easy task. Still, I will continue to daydream of a slightly more modernised CDE with some additional niceties we�ve come to expect over the past 30 years, even if I know full well it�s futile.
- Moss: a Linux-compatible kernel written in Rust
Moss is a Unix-like, Linux-compatible kernel written in Rust and Aarch64 assembly. It features a modern, asynchronous core, a modular architecture abstraction layer, and binary compatibility with Linux userspace applications (currently capable of running most BusyBox commands). ↫ Moss� GitHub page I mean, hobby operating systems and kernels written in Rust aren�t exactly the most unique right now, but that doesn�t make them any less interesting for the kinds of people that frequent a site called OSNews. Moss has quite a few things going for it, including support for enough Linux system calls to run most BusyBox commands, complex memory and process management, use of Rust�s async/await model in the kernel, and much more.
- Linux Kernel 6.18 Is Out: What’s New and Important
by George Whittaker
The stable release of Linux Kernel 6.18 was officially tagged on November 30, 2025.
It’s expected to become this year’s major long-term support (LTS) kernel, something many users and distributions care about.
Here’s a breakdown of the most significant changes and improvements in this release:
Core Improvements: Performance, Memory, Infrastructure
The kernel’s memory allocation subsystem gets a major upgrade with “sheaves”, a per-CPU caching layer for slab allocations. This reduces locking overhead and speeds up memory allocation and freeing, improving overall system responsiveness.
A new device-mapper target dm-pcache arrives, enabling use of persistent memory (e.g. NVDIMM/CXL) as a cache layer for block devices, useful for systems with fast non-volatile memory, SSDs, or hybrid storage.
Overall memory management and swapping performance have been improved, which should help under memory pressure or heavy workloads.
Networking & Security Enhancements
Networking gets a boost: support for Accurate Explicit Congestion Notification (AccECN) in TCP, which can provide better congestion signals and more efficient network behaviour under load.
A new option for PSP-encrypted TCP connections has been added, a fresh attempt to push more secure transport-layer encryption (like a more efficient alternative to IPsec/TLS for some workloads) under kernel control.
The kernel now supports cryptographically signed BPF programs (eBPF), so BPF bytecode loaded at runtime can be verified for integrity. This is a noteworthy security hardening step.
The overall security infrastructure and auditing path, including multi-LSM (Linux Security Modules) support, has been refined, improving compatibility for setups using SELinux, AppArmor, or similar simultaneously.
Hardware, Drivers & Architecture Coverage
Kernel 6.18 brings enhanced hardware support: updated and new drivers for many platforms across architectures (x86_64, ARM, RISC-V, MIPS, etc.), including improvements for GPUs, CPU power management, storage controllers, and more.
In particular, support for newer SoCs, chipsets, and embedded-board device trees has been extended, beneficial for people using SBCs, ARM-based laptops/boards, or niche hardware.
For gaming rigs, laptops, and desktops alike: improvements to drivers, power-state management, and performance tuning may lead to better overall hardware efficiency.
Go to Full Article
- Wine 10.19 Released: Game Changing Support for Windows Reparse Points on Linux
by George Whittaker Introduction
If you use Linux and occasionally run Windows applications, whether via native Wine or through gaming layers like Proton, you’ll appreciate what just dropped in Wine 10.19. Released November 14 2025, this version brings a major enhancement: official support for Windows reparse points, a filesystem feature many Windows apps rely on, and a host of other compatibility upgrades.
In simpler terms: Wine now understands more of the Windows filesystem semantics, which means fewer workarounds, better application compatibility, and smoother experiences for many games and tools previously finicky under Linux.
What Are Reparse Points & Why They MatterUnderstanding Reparse Points
On Windows, a reparse point is a filesystem object (file or directory) that carries additional data, often used for symbolic links, junctions, mount points, or other redirection features. When an application opens or queries a file, the OS may check the reparse tag to determine special behavior (for example “redirect this file open to this other path”).
Because many Windows apps, installers, games, DRM systems, file-managers, use reparse points for features like directory redirection, path abstractions, or filesystem overlays, lacking full support for them in Wine means those apps often misbehave.
What Wine 10.19 Adds
With Wine 10.19, support for these reparse point mechanisms has been implemented in key filesystem APIs: for example NtQueryDirectoryFile, GetFileInfo, file attribute tags, and DeleteFile/RemoveDirectory for reparse objects.
This means that in Wine 10.19:
Windows apps that create or manage symbolic links, directory junctions or mount-point style re-parsing will now function correctly in many more cases.
Installers or frameworks that rely on “when opening path X, redirect to path Y” will work with less tinkering.
Games or utilities that check for reparse tags or use directory redirections will have fewer “stuck” behaviors or missing files.
In effect, this is a step toward closer to native behavior for Windows file-system semantics under Linux.
Other Key Highlights in Wine 10.19
Beyond reparse points, the release brings several notable improvements:
Expanded support for WinRT exceptions (Windows Runtime error handling) meaning better compatibility for Universal Windows Platform (UWP) apps and newer Windows-based frameworks.
Refactoring of “Common Controls” (COMCTL32) following the version 5 vs version 6 split, which helps GUI applications that rely on older controls or expect mixed versions.
Go to Full Article
- Firefox 145: A Major Release with 32-Bit Linux Support Dropped
by George Whittaker Introduction
Mozilla has rolled out Firefox 145, a significant update that brings a range of usability, security and privacy enhancements, while marking a clear turning point by discontinuing official support for 32-bit Linux systems. For users on older hardware or legacy distros, this change means it’s time to consider moving to a 64-bit environment or opting for a supported version.
Here’s a detailed look at what’s new, what’s changed, and what you need to know.
Major Changes in Firefox 145End of 32-Bit Linux Builds
One of the headline items in this release is Mozilla’s decision to stop building and distributing Firefox for 32-bit x86 Linux. As per their announcement:
“32-bit Linux (on x86) is no longer widely supported by the vast majority of Linux distributions, and maintaining Firefox on this platform has become increasingly difficult and unreliable.”
From Firefox 145 onward, only 64-bit (x86_64) and relevant 64-bit architectures (such as ARM64) will be officially supported. For those still running 32-bit Linux builds, Mozilla recommends migrating to 64-bit or switching to the Extended Support Release (ESR) branch (Firefox 140 ESR) which still supports 32-bit for a limited period.
Usability & Interface Enhancements
Firefox 145 brings several improvements designed to make everyday web browsing smoother and more flexible:
PDF viewer enhancements: You can now add, edit, and delete comments in PDFs, and a comments sidebar helps you easily navigate your annotations.
Tab-group preview: When you hover over the name of a collapsed tab group, a thumbnail preview of the tabs inside appears, helpful for reorganizing or returning to work.
Access saved passwords from the sidebar, without needing to open a new tab or window.
“Open links from apps next to your active tab” setting: When enabled, links opened from external applications insert next to your current tab instead of at the end of the tab bar.
Slight UI refinements: Buttons, input fields, tabs and other elements get more rounded edges, horizontal tabs are redesigned to align with vertical-tab aesthetics.
Privacy, Security & Under-the-Hood Upgrades
Mozilla has also doubled down on privacy and risk reduction:
Fingerprinting defenses: Firefox 145 introduces new anti-fingerprinting techniques that Mozilla estimates reduce the number of users identified as unique by nearly half when Private Browsing mode or Enhanced Tracking Protection (strict) is used.
Go to Full Article
- MX Linux 25 ‘Infinity’ Arrives: Debian 13 ‘Trixie’ Base, Modern Tools & A Fresh Installer
by George Whittaker Introduction
The team behind MX Linux has just released version 25, carrying the codename “Infinity”, and it brings a significant upgrade by building upon the stable base of Debian 13 “Trixie”. Released on November 9, 2025, this edition doesn’t just refresh the desktop, it introduces modernized tooling, updated kernels, dual init-options, and installer enhancements aimed at both newcomers and long-time users.
In the sections that follow, we’ll walk through the key new features of MX Linux 25, what’s changed for each desktop edition, recommended upgrade or fresh-install paths, and why this release matters in the wider Linux-distribution ecosystem.
What’s New in MX Linux 25 “Infinity”
Here are the headline changes and improvements that define this release:
Debian 13 “Trixie” Base
By moving to Debian 13, Infinity inherits all the stability, security updates, and broader hardware support of the latest Debian stable release. The base system now aligns with Trixie’s libraries, kernels, and architecture support.
Kernel Choices & Hardware Support
The standard editions ship with the Linux 6.12 LTS kernel series, offering a solid baseline for most hardware.
For newer hardware or advanced users, the “AHS” (Advanced Hardware Support) variants and the KDE Plasma edition adopt a Liquorix-flavored Linux 6.16 (or 6.15 in some variants) kernel, maximizing performance and compatibility with cutting-edge setups.
Dual Init Option: systemd and SysVinit
Traditionally associated with lighter-weight init options, MX Linux now offers both systemd by default and SysVinit editions (particularly for Xfce and Fluxbox variants). This gives users the freedom to choose their init system preference without losing new features.
Updated Desktop Environments
Xfce edition: Ships with Xfce 4.20. Improvements include a revamped Whisker Menu, updated archive management tools (Engrampa replacing File Roller in some editions).
KDE Plasma edition: Uses KDE Plasma 6.3.6, defaults to Wayland for a modern session experience (with X11 still optionally available), adds root-actions and service menus to Dolphin, and switches TLP out for power-profiles-daemon to resolve power widget issues.
Fluxbox edition: Offers a more minimal, highly customizable environment: new panel layouts, updated “appfinder” configs for Rofi, toolbar changes and themes refined. Defaults the audio player to Audacious (instead of the older DeaDBeeF).
Go to Full Article
- Arch Linux November 2025 ISO: Fresh Snapshot, Smarter Installer (Archinstall 3.0.12) & Pacman 7.1
by George Whittaker
Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:
Archinstall 3.0.12 – a more polished, smarter TUI installer
Pacman 7.1 – a package manager update with stricter security and better tooling
If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.
Why Arch Still Ships Monthly ISOs in a Rolling World
Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:
sudo pacman -Syu
…but in practice, that’s painful:
Huge initial update downloads
Possible breakage jumping across many months of changes
Outdated installer tooling
That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:
Start with a current kernel and userland
Spend less time updating right after install
Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)
The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.
What’s Inside the November 2025 ISO (2025.11.01)
The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:
Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.
Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.
The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.
You can download it from the official Arch Linux download page or via BitTorrent mirrors.
One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.
Archinstall 3.0.12: What’s Actually New?
Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.
Go to Full Article
- AMD Confirms Zen 5 RNG Flaw: When ‘Random’ Isn’t Random Enough
by George Whittaker
AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.
Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.
What AMD Just Confirmed
AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:
Return the value 0 from RDSEED far more often than true randomness would allow
Still signal “success” (carry flag CF=1), so software thinks it got a good random value
The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.
Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.
AMD classifies the impact as:
Loss of confidentiality and integrity (High severity).
How the Vulnerability Works (In Plain English)What RDSEED Is Supposed to Do
Modern CPUs expose hardware instructions like RDRAND and RDSEED:
RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.
RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).
Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.
What’s Going Wrong on Zen 5
On affected Zen 5 CPUs:
The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.
Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.
In cryptographic terms, this means:
Entropy can be dramatically reduced (many key bits become predictable or even fixed).
Keys or nonces derived from those values can become partially or fully guessable.
Go to Full Article
- The Most Critical Linux Kernel Breaches of 2025 So Far
by George Whittaker
The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.
CVE-2025-21756 – Use-After-Free in the vsock Subsystem
One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.
How the exploit works:A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.
Why it matters:Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.
Mitigation:Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.
CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets
Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.
Attack scenario:A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.
Why it matters:This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.
Mitigation:Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.
CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers
In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Go to Full Article
- Steam Deck 2 Rumors Ignite a New Era for Linux Gaming
by George Whittaker
The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.
What the Rumours Suggest
Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:
Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.
A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.
One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.
Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.
In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.
Why This Matters for Linux Gaming
The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:
Validation of SteamOS & Linux Gaming
The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.
Handheld PC Ecosystem Momentum
Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.
Go to Full Article
- Kali Linux 2025.3 Lands: Enhanced Wireless Capabilities, Ten New Tools & Infrastructure Refresh
by George Whittaker Introduction
The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.
In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.
What’s New in Kali Linux 2025.3
This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.
Tooling Additions: Ten Fresh Packages
One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:
Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).
Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.
Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.
krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.
ligolo-mp – a multiplayer pivoting solution for network-lateral movement.
llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).
mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.
patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).
vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.
Go to Full Article
- VMScape: Cracking VM-Host Isolation in the Speculative Execution Age & How Linux Patches Respond
by George Whittaker Introduction
In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.
Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.
In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).
What VMScape Is & Why It MattersThe Basics of Speculative Side-Channels
Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.
One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.
VMScape: Guest to Host via Branch Predictor
VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”
Here are the key elements making VMScape significant:
The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).
Go to Full Article
|
