|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- Debian: vlc Critical Denial of Service and Code Execution DSA-6082-1
Multiple vulnerabilities were discovered in the VLC media player, which could result in denial of service or potentially the execution of arbitrary code if a malformed video file is opened. For the oldstable distribution (bookworm), this problem has been fixed in version 3.0.22-0+deb12u1.
- [$] Calibre adds AI "discussion" feature
Version8.16.0 of the calibreebook-management software, released on December 4, includes a"Discuss with AI" feature that can be used to query various AI/LLMservices or local models about books, and ask for recommendations onwhat to read next. The feature has sparked discussion among humanusers of calibre as well, and more than a few are upset about theintrusion of AI into the software. After much pushback, it looks asthough users will get the ability to hide the feature from calibre's userinterface, but LLM-driven features are here to stay and more willlikely be added over time.
- Announcing Vojtux: a Fedora-based accessible Linux distribution
Vojtěch Polášek has announcedan unofficial effort to create a Fedora-based distribution designedfor visually impaired users:
My ultimate vision for this project is "NO VOJTUX NEEDED!" becauseI believe Fedora should eventually be fully accessible out of thebox. We aren't there yet, which is where Vojtux comes in to fill thegap. [...]
Key Features:
-Speaks out of the box: When the live desktop is ready, Orca startsautomatically. After installation, it is configured so that it startson the login screen and also after logging in.
-Batteries included: Comes with LIOS , Ocrdesktop, Tesseract,Audacity, and command-line tools like Git and Curl. There are alsomany preconfigured keyboard shortcuts.
See the repositoryfor instructions on getting the image.
- [$] Better development tools for the kernel
Despite depending heavily on tools, the kernel project often seems tounder-invest in the development of those tools. There has been progress inthat area, though. At the 2025 Maintainers Summit, Konstantin Ryabitsev,who is (among other things) the author of b4, led a session on waysin which the kernel's tools could be improved to make the developmentprocess more efficient and accessible.
- Security updates for Monday
Security updates have been issued by AlmaLinux (firefox, grafana, kernel, libsoup3, mysql8.4, and wireshark), Debian (ruby-git, ruby-sidekiq, thunderbird, and vlc), Fedora (apptainer, chromium, firefox, golangci-lint, libpng, and xkbcomp), Mageia (golang), SUSE (binutils, chromium, firefox, gegl, go1.25, govulncheck-vulndb, hauler, kernel, keylime, libpng12, pgadmin4, postgresql16, python, python-Django, python-django, python3, python311, rhino, thunderbird, unbound, and xkbcomp), and Ubuntu (usbmuxd).
- Kernel prepatch 6.19-rc1
Linus has released 6.19-rc1, perhaps a bitearlier than expected.
So it's Sunday afternoon in the part of the world where I am now, so if somebody was looking at trying to limbo under the merge window timing with one last pull request and is taken by surprise by the slightly unusual timing of the rc1 release, that failed.
Teaching moment, or random capricious acts? You be the judge.
- Conill: Rethinking sudo with object capabilities
Ariadne Conill isexploring a capability-based approach to privilege escalation on Linuxsystems.
Inspired by the object-capability model, I've been working on a project named capsudo. Instead of treating privilege escalation as a temporary change of identity, capsudo reframes it as a mediated interaction with a service called capsudod that holds specific authority, which may range from full root privileges to a narrowly scoped set of capabilities depending on how it is deployed.
- [$] The state of the kernel Rust experiment
The ability to write kernel code in Rust was explicitly added as anexperiment — if things did not go well, Rust would be removed again. Atthe 2025 Maintainers Summit, a session was held to evaluate the state ofthat experiment, and to decide whether the time had come to declare theresult to be a success. The (arguably unsurprising) conclusion was thatthe experiment is indeed a success, but there were some interesting pointsmade along the way.
- Three new stable kernels
Greg Kroah-Hartman has released the 6.18.1, 6.17.12, and 6.12.62 stablekernels. Each contains important fixes; users of those kernelsare advised to upgrade.
- [$] Best practices for linux-next
One of the key components in the kernel's development process is thelinux-next repository. Every day, a large number of branches, eachcontaining commits intended for the next kernel development cycle, ispulled into linux-next and integrated. If there are conflicts betweenbranches, the linux-next process will reveal them. In theory, many othertypes of problems can be found as well. Some developers feel thatlinux-next does not work as well as it could, though. At the 2025Maintainers Summit, Mark Brown, who helps to keep linux-next going, led asession on how it could be made to work more effectively.
- KDE Gear 25.12 released
KDE has announced therelease of KDE Gear 25.12. This release adds more"extractors" to the Itinerary travel-assistantapplication, improved Git support in the Kate text editor, better PDFexport in Konqueror, andmuch more. See the changelogfor all new features, improvements, and bug fixes.
- Security updates for Friday
Security updates have been issued by AlmaLinux (firefox, luksmeta, mysql, mysql:8.0, mysql:8.4, tomcat, and wireshark), Debian (chromium, kernel, and tzdata), Fedora (brotli, dr_libs, perl-Alien-Brotli, python-urllib3, singularity-ce, wireshark, and yarnpkg), Oracle (firefox, grafana, lasso, libsoup3, luksmeta, ruby, ruby:3.3, tomcat, and wireshark), Slackware (mozilla), SUSE (container-suseconnect, kubernetes-client, libpoppler-cpp2, postgresql14, postgresql15, and python3), and Ubuntu (c-ares, keystone, linux, linux-aws, linux-aws-5.15, linux-azure, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp, linux-azure, linux-azure-4.15, linux-oracle,, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-hwe-6.8, linux-oracle-6.8, linux-raspi, linux-realtime, linux-intel-iot-realtime, and python-urllib3).
- Pop!_OS 24.04 LTS released
Version 24.04 LTS of the Ubuntu-based Pop!_OS distribution hasbeen released with the COSMIC Desktop Environment:
Today is special not only in that it's the culmination of overthree years of work, but even more so in that System76 has built acomplete desktop environment for the open source community. We'reproud of this contribution to the open source ecosystem. COSMIC isbuilt on the ethos that the best open source projects enable people tonot only use them, but to build with them. COSMIC is modular andcomposable. It's the flagship experience for Pop!_OS in its own way,and can be adapted by anyone that wants to build their own unique userexperience for Linux.
In addition to the COSMIC desktop environment, Pop!_OS is nowavailable for Arm computers with the 24.04 LTS release, and thedistribution has added hybrid graphics support for better batterylife. LWN covered analpha version of COSMIC in August 2024.
- Rust 1.92.0 released
Version1.92.0 of Rust has been released. This release includes a numberof stabilized APIs, emits unwind tables by default on Linux, validatesinput to #[macro_export], and much more. See the separaterelease notes for Rust,Cargo,and Clippy.
- [$] Toward a policy for machine-learning tools in kernel development
The first topic of discussion at the 2025 Maintainers Summit has been inthe air for a while: what role — if any — should machine-learning-basedtools have in the kernel development process? While there has been a fairamount of controversy around these tools, and concerns remain, it seemsthat the kernel community, or at least its high-level maintainership, iscomfortable with these tools becoming a significant part of the developmentprocess.
- Toradex Luna SL1680 SBC Features Synaptics SL1680 SoC with 8 TOPS NPU, Starts at $105
Toradex has announced the Luna SL1680, a SBC that introduces the company’s new “Pro Consumer” product tier. Positioned between consumer development boards and fully industrial hardware, the platform targets applications such as smart kiosks, light industrial systems, and advanced maker projects. The Luna SL1680 is built around the Synaptics SL1680 system-on-chip, which integrates a quad-core […]
- Fedora Games Lab Looks To Be Revitalized As Modern Linux Gaming Showcase
One of the lesser known Fedora spins under the "Fedora Labs" initiative is the Fedora Games Lab that showcases some open-source games and can serve as an easy demonstrator for Linux gaming. Looking forward to 2026 with Fedora 44, there is a proposal to revitalize Fedora Games Lab to become a better showcase for the modern potential of Linux gaming...
- What's New in KDE Gear 25.12 -- A Major Update for KDE Software
The KDE community has just published KDE Gear 25.12, the newest quarterly update to its suite of applications. This refresh brings a mix of enhancements, bug fixes, performance refinements, and new features across many popular KDE apps, from Dolphin file manager and Konsole terminal to Krita and Spectacle.
- The Opt-In Proactive & Crash Time Data Collection On Valve's Steam Deck
Valve's Steam Deck with SteamOS features built-in crash data collection as well as for logging other system events worth having knowledge about like the split-lock detection and other events. This is all opt-in by users for data collection by Steam, but for those curious about a bit more insight into this Steam Deck data collection, a presentation at this past week's Linux Plumbers Conference dove into the matter...
- 9to5Linux Weekly Roundup: December 14th, 2025
The 270th installment of the 9to5Linux Weekly Roundup is here for the week ending on December 14th, 2025, keeping you updated with the most important things happening in the Linux world.
- Linuxiac Weekly Wrap-Up: Week 50 (Dec 8 – 14, 2025)
Catch up on the latest Linux news: Pop!_OS 24.04 LTS launches with COSMIC 1.0, Kali Linux 2025.4, Manjaro 25.1 Preview, Cinnamon 6.6, Plasma 6.5.4, Firefox 146, GNOME to reject AI-generated Shell extensions, and more.
- Glaciers To Reach Peak Rate of Extinction In the Alps In Eight Years
A new study warns that glaciers in the European Alps will hit their peak extinction rate within eight years, with global glacier loss accelerating toward thousands per year unless emissions are rapidly cut. "Glaciers in the western US and Canada are forecast to reach their peak year of loss less than a decade later, with more than 800 disappearing each year by then," adds the Guardian. From the report: About 200,000 glaciers remain worldwide, with about 750 disappearing each year. However, the research indicates this pace will accelerate rapidly as emissions from burning fossil fuels continue to be released into the atmosphere. Current climate action plans from governments are forecast to push global temperatures to about 2.7C above preindustrial levels, supercharging extreme weather. Under this scenario, glacier losses would peak at about 3,000 a year in 2040 and plateau at that rate until 2060. By the end of the century, 80% of today's glaciers will have gone. By contrast, rapid cuts to carbon emissions to keep global temperature rise to 1.5C would cap annual losses at about 2,000 a year in 2040, after which the rate would decline. [...] The new study, published in Nature Climate Change, analyzed more than 200,000 glaciers from a database of outlines derived from satellite images. The researchers used three global glacier models to assess their fate under different heating scenarios. Regions with the smallest and fastest-melting glaciers were found to be the most vulnerable. The study estimates the 3,200 glaciers in central Europe would shrink by 87% by 2100 -- even if global temperature rise is limited to 1.5C, rising to 97% under 2.7C of heating. In the western US and Canada, including Alaska, about 70% of today's 45,000 glaciers are projected to vanish under 1.5C of heating, and more than 90% under 2.7C. The Caucasus and southern Andes are also expected to face devastating losses. Larger glaciers take longer to melt, with those in Greenland reaching their peak extinction rate in about 2063 -- losing 40% by 2100 under 1.5C of heating and 59% under 2.7C. However, the melting is forecast to continue beyond 2100. The researchers said the peak loss dates represent more than a numerical milestone. "They mark turning points with profound implications for ecosystems, water resources and cultural heritage," they wrote. "[It is] a human story of vanishing landscapes, fading traditions and disrupted daily routines."
Read more of this story at Slashdot.
- Microsoft Will Finally Kill Obsolete Cipher That Has Wrecked Decades of Havoc
An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...] Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions. To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."
Read more of this story at Slashdot.
- Lidar-Maker Luminar Files For Bankruptcy
Once a star of the self-driving hype cycle, lidar maker Luminar has filed for bankruptcy amid legal turmoil, layoffs, and a cooling autonomous-vehicle market. It plans to sell off its assets before shutting down entirely. The Verge reports: As part of its bankruptcy, Luminar is seeking permission to sell both its lidar and semiconductor businesses, the latter of which it has already agreed to sell to Quantum Computing for $110 million. The company plans to continue to operate during the bankruptcy proceedings "to minimize disruptions and maintain delivery of its LiDAR hardware and software." That said, Luminar will cease to exist once the process is complete. "As we navigate this process, our top priority is to continue delivering the same quality, reliability and service our customers have come to expect from us," CEO Paul Ricci said in a statement. After launching in 2017, Luminar muscled its way to the front of the autonomous vehicle industry as a top maker of lidar systems, a key technology that driverless cars use to sense the shapes and distances of objects around them. Luminar has sold sensors to Mercedes-Benz, Volvo, Audi, Toyota Research Institute, Caterpillar, and even Tesla, which has dismissed lidar sensors in favor of traditional cameras. The company was valued at nearly $3 billion when it went public through a reverse merger with a SPAC in 2020.
Read more of this story at Slashdot.
- Google Search Homepage Adds a 'Plus' Menu
After introducing an AI Mode shortcut earlier this year, Google has now added a new "plus" menu to its Search homepage, highlighting options for image and file uploads. 9to5Google reports: On google.com, the Search bar now has a plus icon at the far left that replaces the magnifying glass. Clicking lets you "Upload image" or "Upload file." It very much matches the AI Mode experience. Those two capabilities aren't new, but this plus menu does help emphasize that you can use Google to accomplish tasks, and not just find information. Additionally, it helps indicate that they can be used with AI Mode and AI Overviews. This is just available on desktop web (not mobile) and is live on all the devices we checked today, including across signed-out Incognito sessions.
Read more of this story at Slashdot.
- China, Iran Are Having a Field Day With React2Shell, Google Warns
A critical React vulnerability (CVE-2025-55182) is being actively exploited at scale by Chinese, Iranian, North Korean, and criminal groups to gain remote code execution, deploy backdoors, and mine crypto. The Register reports: React maintainers disclosed the critical bug on December 3, and exploitation began almost immediately. According to Amazon's threat intel team, Chinese government crews, including Earth Lamia and Jackpot Panda, started battering the security hole within hours of its disclosure. Palo Alto Networks' Unit 42 responders have put the victim count at more than 50 organizations across multiple sectors, with attackers from North Korea also abusing the flaw. Google, in a late Friday report, said at least five other suspected PRC spy groups also exploited React2Shell, along with criminals who deployed XMRig for illicit cryptocurrency mining, and "Iran-nexus actors," although the report doesn't provide any additional details about who the Iran-linked groups are and what they are doing after exploitation. "GTIG has also observed numerous discussions regarding CVE-2025-55182 in underground forums, including threads in which threat actors have shared links to scanning tools, proof-of-concept (PoC) code, and their experiences using these tools," the researchers wrote.
Read more of this story at Slashdot.
- JPMorgan Steps Further Into Crypto With Tokenized Money Fund
An anonymous reader quotes a report from the Wall Street Journal: JPMorgan Chase is joining the list of traditional financial firms seeking to bring blockchain technology to an investing staple: the money-market fund. The banking giant's $4 trillion asset-management arm is rolling out its first tokenized money-market fund on the Ethereum blockchain. JPMorgan will seed the fund with $100 million of its own capital, and then open it to outside investors on Tuesday. Called My OnChain Net Yield Fund, or "MONY," the private fund is supported by JPMorgan's tokenization platform, Kinexys Digital Assets, and will be open to qualified investors, or individuals with at least $5 million in investments and institutions with a minimum of $25 million. The fund has a $1 million investment minimum. Wall Street has waded deeper into tokenization since the passage of the Genius Act earlier this year. The landmark measure, which establishes a regulatory framework for tokenized dollars known as stablecoins, has unleashed a wave of efforts to tokenize everything from stocks and bonds to funds and real assets. "There is a massive amount of interest from clients around tokenization," said John Donohue, head of global liquidity at J.P. Morgan Asset Management. "And we expect to be a leader in this space and work with clients to make sure that we have a product lineup that allows them to have the choices that we have in traditional money-market funds on blockchain."
Read more of this story at Slashdot.
- Merriam-Webster's 2025 Word of the Year Is 'Slop'
Merriam-Webster crowned "slop" its 2025 Word of the Year, reflecting growing public awareness and and fatigue around low-quality, AI-generated content flooding the internet. "It's such an illustrative word," said Greg Barlow, Merriam-Webster's president. "It's part of a transformative technology, AI, and it's something that people have found fascinating, annoying and a little bit ridiculous." The Associated Press reports: "Slop" was first used in the 1700s to mean soft mud, but it evolved more generally to mean something of little value. The definition has since expanded to mean "digital content of low quality that is produced usually in quantity by means of artificial intelligence." In other words, "you know, absurd videos, weird advertising images, cheesy propaganda, fake news that looks real, junky AI-written digital books," Barlow said. "Words like 'ubiquitous,' 'paradigm,' 'albeit,' 'irregardless,' these are always top lookups because they're words that are on the edge of our lexicon," Barlow said. "'Irregardless' is a word in the dictionary for one reason: It's used. It's been used for decades to mean 'regardless.'" The announcement can be found here.
Read more of this story at Slashdot.
- Ford Ends F-150 Lightning Production, Starts Battery Storage Business
Ford has effectively pulled the plug on the all-electric F-150 Lightning, pivoting away from full-size BEV pickups toward hybrids, range-extended EVs (EREVs), and even data-center battery storage. Ars Technica reports: Ford's announcements today can't be said to have come out of the blue. Rumors of the F-150's demise have been circulating for more than a month, and last week SK On ended its joint venture with Ford that was building a pair of EV battery plants in Kentucky and Tennessee. We learned then that Ford would keep the Kentucky plant and SK On gets the one in Tennessee, which would focus on the energy storage business instead. Now, we know that something similar will happen at the Kentucky plant -- Ford says it's spending $2 billion to convert the factory to make prismatic lithium iron phosphate (LFP) cells. Those aren't destined for EVs, but they are the preferred cell format for data centers, Ford says. The company says that it will bring the factory online in the next 18 months, reaching an annual output of 20 GWh. Other Ford plants are also being repurposed. With no full-size BEV pickup in the product plans, the assembly plant in Tennessee that was to produce it -- the one near the battery factory that SK On is keeping -- will instead build new gas-powered trucks, although not for another four years. Around that same time, its Ohio assembly plant will begin building new commercial vehicles. All of this will impact Ford's bottom line, to the tune of $19.5 billion over the next few years, $5.5 billion of which will be in cash. Most of that will hit in the final quarter of 2025, but will extend until 2027, Ford said.
Read more of this story at Slashdot.
- Russian Ban On Roblox Gaming Platform Sparks Rare Protest
An anonymous reader quotes a report from Reuters: Several dozen people protested on Sunday in the Siberian city of Tomsk against Russia's ban on U.S. children's gaming platform Roblox, a rare show of public dissent as popular irritation over the ban gains some momentum. In wartime Russia, censorship is extensive: Moscow blocks or restricts social media platforms such as Snapchat, Facebook, Instagram, WhatsApp and YouTube while distributing its own narrative through a network of social media and Russian media. Russia's communications watchdog Roskomnadzor said on December 3 it had blocked Roblox because it was "rife with inappropriate content that can negatively impact the spiritual and moral development of children." In Tomsk, 2,900 km (1,800 miles) east of Moscow, several dozen people braved the snow to hold up hand-drawn placards reading "Hands off Roblox" and "Roblox is the victim of the digital Iron Curtain" in Vladimir Vysotsky Park, according to photographs provided by an organizer of the protest. "Bans and blocks are all you are able to do," read one placard. The photographs showed about 25 people standing in a circle in the snow, holding up placards. In Russia, the ban on Roblox has triggered a debate over censorship, child safety in relation to technology and even the effectiveness of censorship in a digitalized world where children can bypass many bans in a few clicks.
Read more of this story at Slashdot.
- Verizon Refused To Unlock Man's iPhone, So He Sued the Carrier and Won
A Kansas man who sued Verizon in small claims court after the carrier refused to unlock his iPhone has won his case, scoring a small but meaningful victory against a company that retroactively applied a policy change to deny his unlock request. Patrick Roach bought a discounted iPhone 16e from Verizon's Straight Talk brand in February 2025, intending to pay for one month of service before switching the device to US Mobile. Under FCC rules dating back to a 2019 waiver, Verizon must unlock phones 60 days after activation on its network. Verizon refused to unlock the phone, citing a new policy implemented on April 1, 2025 requiring "60 days of paid active service." Roach had purchased his device over a month before that policy took effect. Magistrate Judge Elizabeth Henry ruled in October 2025 that applying the changed terms to Roach's earlier purchase violated the Kansas Consumer Protection Act. The court ordered Verizon to refund Roach's $410.40 purchase price plus court costs. Roach had previously rejected a $600 settlement offer because it would have required him to sign a non-disclosure agreement. He estimated spending about 20 hours on the lawsuit but said "it wasn't about" the money.
Read more of this story at Slashdot.
- Why Floods Threaten One of the Driest Places in the World
One of the most water-scarce regions on Earth is now experiencing a dramatic atmospheric shift that's pushing moisture onto Oman's northern coast at rates more than 1.5 times the global average, according to a Washington Post investigation of global atmospheric data [non-paywalled source]. The change has turned extreme rainfall into a recurrent source of catastrophe across the Arabian Peninsula. In the 126 years between 1881 and 2007, just six hurricane-strength storms hit Oman or came within 60 miles of the country. At least four more have made landfall in the past 15 years alone. Research from Sultan Qaboos University analyzing 8,000 storms across 69 rainfall stations found that half of all rain in Oman falls within the first 90 minutes of a 24-hour storm. These intense bursts quickly overwhelm the desert's ability to absorb water and send flash floods racing through wadis -- normally dry riverbeds where many communities are built. In response, Dubai is constructing an $8 billion underground stormwater network spanning more than 120 miles. Oman has agreements to build 58 new dams and is studying 14 major wadis that funnel to its al-Batinah coastline.
Read more of this story at Slashdot.
- Cloudflare Reveals How Bots and Governments Reshaped the Internet in 2025
Cloudflare's sixth annual Year in Review report describes an internet increasingly shaped by two forces: automated traffic and government intervention, as global connectivity grew 19% year over year in 2025. Google's web crawler now dominates automated traffic, dwarfing other AI and indexing bots to become the single largest source of bot activity on the web. Nearly half of all major internet disruptions globally were linked to government actions, and civil society and non-profit organizations became the most attacked sector for the first time. Post-quantum encryption crossed a significant threshold, now protecting 52% of human internet traffic observed by Cloudflare. The company also recorded more than 25 record-breaking DDoS attacks throughout the year.
Read more of this story at Slashdot.
- Google To Retire 'Dark Web Report' Tool That Scanned for Leaked User Data
Google has decided to retire its free dark web monitoring tool, saying it wasn't as helpful as the company hoped. From a report: In a support page, Google announced the discontinuation of the "dark web report" tool, two years after offering it as a free perk to Gmail users before expanding it more broadly. The feature worked by scanning for your email addresses to determine whether they had appeared in data breaches, which often circulate on Dark Web marketplaces. The tool could then alert you about where the data was exposed, including any accompanying details such as dates of birth, addresses, and phone numbers.
Read more of this story at Slashdot.
- US Tech Force Aims To Recruit 1,000 Technologists
The Trump administration announced Monday the United States Tech Force, a new program to recruit around 1,000 technologists for two-year government stints starting as soon as March -- less than a year after dismantling several federal technology teams and driving thousands of tech workers out of their jobs. The program will primarily recruit early-career software engineers and data scientists, paying between $150,000 and $200,000 annually. About 20 companies have signed on to participate, including Palantir, Meta, Oracle and Elon Musk's xAI. Some engineering managers will be allowed to take leaves of absence from their private-sector employers to join the program without divesting their stock holdings. The initiative follows the March closure of 18F, General Services Administration's internal tech consultancy, and the shuttering of the Social Security Administration's Office of Transformation in February. The IRS had lost over 2,000 tech workers by June.
Read more of this story at Slashdot.
- Scientists Thought Parkinson's Was in Our Genes. It Might Be in the Water
For decades, Parkinson's disease research has overwhelmingly focused on genetics -- more than half of all research dollars in the past two decades flowed toward genomic studies -- but a growing body of evidence now points to something far more mundane as a primary culprit: contaminated drinking water. A landmark study by epidemiologist Sam Goldman compared Marines stationed at Camp Lejeune in North Carolina, where trichloroethylene (TCE) had contaminated the water supply for approximately 35 years, against those at Camp Pendleton in California, which has clean water. Marines exposed to TCE at Lejeune were 70% more likely to develop Parkinson's. The latest research suggests only 10 to 15 percent of Parkinson's cases can be fully explained by genetics. Parkinson's rates in the US have doubled in the past 30 years -- a pattern inconsistent with an inherited genetic disease. The EPA moved to ban TCE in December 2024. The Trump administration moved to undo the ban in January.
Read more of this story at Slashdot.
- Ofcom comes knocking after BT, Three mobile outages cut 999 access
Watchdog reviews if failures breached availability rules after downtime left millions unable to make calls
Ofcom has opened formal investigations into BT and Three after mobile outages this summer left Britons unable to make calls – including to emergency services.…
- Ford shifts gears to build batteries for datacenters
EV sales didn’t accelerate as hoped, so it will repurpose idling factories
Automotive giant Ford has decided to start a business building big batteries, in part to cash in on the datacenter construction boom.…
- Amazon security boss blames Russia's GRU for years-long energy-sector hacks
Sustained focus on Western critical infrastructure
Russia's Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin's snoops persistent access to sensitive networks, according to Amazon's security boss.…
- US gov't launches 'Tech Force' to replace IT staff DOGE fired
Washington rediscovers that modern IT doesn’t run itself
After dissolving several federal tech modernization units and shedding large numbers of technologists, the Trump administration has launched a new talent recruitment initiative, suggesting it still needs people to help drag the government's IT into the present.…
- Apple blocks dev from all accounts after he tries to redeem bad gift card
Paris Buttfield-Addison literally wrote books on Swift
Apple has blocked a long-time developer from his Apple ID after he failed to redeem what support suggested was a dodgy $500 gift card, leaving him unable to work, cut off from personal files, and barred from what he calls his "core digital identity." …
- Hyperscalers fuel $112B server spending spree in Q3
IDC's latest tracker numbers were brought to you by the letters A and I
The global server market went into overdrive in the third quarter of 2025, racking up a record $112.4 billion in revenue as AI demand pushed vendor sales up 61 percent year-on-year, according to the latest figures from IDC.…
- Roomba maker iRobot gets cleaned out in Chapter 11
Company vacuumed up by its own manufacturer
iRobot, the company behind autonomous vacuum cleaner brand Roomba, has filed for Chapter 11 bankruptcy protection, telling investors that its Chinese manufacturer will assume control going forward.…
- Delay to European Central Bank messaging project cost the Bank of England £23M
Watchdog links schedule change to replanning of UK payments system overhaul
The European Central Bank's (ECB) decision to delay its move to a new messaging standard in 2022 ended up costing the Bank of England £23 million as it was forced to adjust migration to a new settlement system to avoid compounding risks.…
- JLR: Payroll data stolen in cybercrime that shook UK economy
Automaker admits raid that crippled its factories in August led to the theft of sensitive info
Jaguar Land Rover (JLR) has reportedly told staff the cyber raid that crippled its operations in August didn't just bring production to a screeching halt – it also walked off with the personal payroll data of thousands of employees.…
- Apple, Google forced to issue emergency 0-day patches
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse
Apple and Google have both issued emergency patches after zero-day bugs were caught being actively exploited in what the companies describe as "sophisticated" real-world attacks.…
- Denmark takes a Viking swing at VPN-enabled piracy
Minister insists 'modest' bill is not an assault on privacy-preserving tech
The Danish government wants the public to weigh in on its proposed laws restricting use of VPNs to access certain corners of the internet.…
- Techie 'forgot' to tell boss their cost-saving idea meant a day of gaming
One keypress turned a tricky Windows NT balancing act into a life of leisure
Who, Me? After a weekend of R&R, The Register welcomes you back to the working week with a new installment of Who, Me? It's the reader-contributed column in which you confess to workplace errors and indiscretions and reveal how you survived to tell the tale.…
- Honeypots can help defenders, or damn them if implemented badly
PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA's top 25 vulns for 2025; And more
Infosec In Brief The UK's National Cyber Security Centre (NCSC) has found that cyber-deception tactics such as honeypots and decoy accounts designed to fool attackers can be useful if implemented very carefully.…
- British Airways fears a future where AI agents pick flights and brands get ghosted
CEO warns airlines that don’t learn to sell themselves to machines could soon be flying under the radar
British Airways' chief executive has warned that the airline industry is fast heading for a future where AI agents, not humans, decide which brands get booked – and carriers that fail to adapt are at risk of quietly disappearing from the digital shop window.…
- Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit
Exploit hasn't been picked up by any malware detection engines, CEO tells The Reg
A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patch - with no word as to when Redmond plans to release an official one - along with a working exploit circulating online.…
- New React vulns leak secrets, invite DoS attacks
And the earlier React2Shell patch is vulnerable
If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support it should patch quickly.…
- Trump gives state AI regulation the presidential middle finger
Executive order sidesteps Congress and sets up Litigation Task Force
President Trump and his patrons in big tech have long wanted to block states from implementing their own AI regulations. After failing twice to do so in Congress, the US president has issued an executive order that would attempt to punish states that try to restrain the bot business.…
- Workday project at Washington University hits $266M
Protests force disclosure of costs totaling $16,000 per student over 7 year rollout replacing 80 legacy systems
The total cost of a Workday implementation project at Washington University in St. Louis is set to hit almost $266 million, it was revealed after the project was the subject of protests from students.…
- The CRASH Clock is ticking as satellite congestion in low Earth orbit worsens
It's getting crowded up there
Earth's orbit is starting to look like an LA freeway, with more and more satellites being launched each year. If you're worried about collisions and space debris making the area unusable – and you should be – scientists have proposed a new metric to contribute to your anxiety: the CRASH Clock.…
- AI datacenter boom could end badly, Goldman Sachs warns
Bank sketches four scenarios in which monetization falters or demand swamps supply by 2030
Goldman Sachs warns that datacenter investments may fail to pay off if the industry is unable to monetize AI models, but hedges its bets by saying that demand could also overwhelm available capacity by 2030.…
- Microsoft promises more bug payouts, with or without a bounty program
Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move
Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.…
- UK watchdog urged to probe GDPR failures in Home Office eVisa rollout
Rights groups say digital-only record is leaking data and courting trouble
Civil society groups are urging the UK's data watchdog to investigate whether the Home Office's digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and design failures that are exposing sensitive personal information while leaving migrants unable to prove their lawful status.…
- Half of exposed React servers remain unpatched amid active exploitation
Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews
Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain-basement cryptominers to state-linked intrusion tooling.…
- Salesforce opts for seat-based AI licensing as customers demand predictability
Analysts say the shift offers stability, but embedded usage caps ensure vendors keep control
Salesforce CEO Marc Benioff last week came closer to answering a multibillion-dollar question when he said seat-based pricing – with some caveats – was becoming the norm for its AI agents after flirting with pricing based on consumption and per-conversation payments.…
- User insisted their screen was blank, until admitting it wasn't
Getting that confession took hours, during which L1 and L2 support gave up
On Call Welcome once more to On Call, the Friday column in which we share stories of tech support incidents that went pear-shaped until cunning Reg readers stepped in to save the day.…
- AI superintelligence is a Silicon Valley fantasy, Ai2 researcher says
The dream of electric sheep gets a reality check from Moore’s Law
You want artificial general intelligence (AGI)? Current-day processors aren't powerful enough to make it happen and our ability to scale up may soon be coming to an end, argues well-known researcher Tim Dettmers.…
- VMware kills vSphere Foundation in parts of EMEA
Broadcom told The Register that EMEA customers need to check with their local dealer to see if VVF remains on the menu
Exclusive Broadcom has recently killed off VMware vSphere Foundation in parts of EMEA, the company told The Register, dealing a blow to smaller customers, one of whom told us they would likely switch to a rival hypervisor as a result.…
- Disney turns to dark side, licenses IP to OpenAI for videos, images
Begun, these AI wars have
Amid controversy over its ability to generate content with copyrighted characters, OpenAI has struck a three-year deal with Disney to license more than 200 Disney, Pixar, Marvel, and Star Wars characters for use in Sora videos and ChatGPT Images.…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- Haiku gets new Go port
There�s a new Haiku monthly activity report, and this one�s a true doozy. Let�s start with the biggest news. The most notable development in November was the introduction of a port of the Go programming language, version 1.18. This is still a few years old (from 2022; the current is Go 1.25), but it’s far newer than the previous Go port to Haiku (1.4 from 2014); and unlike the previous port which was never in the package repositories, this one is now already available there (for x86_64 at least) and can be installed via pkgman. ↫ Haiku activity report As the project notes, they�re still a few versions behind, but at least it�s a lot more modern of an implementation than they had before. Now that it�s in the repositories for Haiku, it might also attract more people to work on the port, potentially bringing even newer versions to the BeOS-inspired operating system. Welcome as it may be, this new Go port isn�t the only big ticket item this month. Haiku can now gracefully recover from an app_server crash, something it used to be able to do a long time ago, but which was broken for a long time. The app_server is Haiku�s display server and window manager, so the ability to restart it at runtime after a crash, and have it reconnect with still-running applications, is incredibly welcome. As far as I can tell, all modern operating systems can do this by now, so it�s great to have this functionality restored in Haiku. Of course, aside from these two big improvements, there�s the usual load of fixes and changes in applications, drivers, and other components of the operating system.
- Rethinking sudo with object capabilities
Alpine Linux maintainer Ariadne Conill has published a very interesting blog post about the shortcomings of both sudo and doas, and offers a potential different way of achieving the same goals as those tools. Systems built around identity-based access control tend to rely on ambient authority: policy is centralized and errors in the policy configuration or bugs in the policy engine can allow attackers to make full use of that ambient authority. In the case of a SUID binary like doas or sudo, that means an attacker can obtain root access in the event of a bug or misconfiguration. What if there was a better way? Instead of thinking about privilege escalation as becoming root for a moment, what if it meant being handed a narrowly scoped capability, one with just enough authority to perform a specific action and nothing more? Enter the object-capability model. ↫ Ariadne Conill To bring this approach to life, they created a tool called capsudo. Instead of temporarily changing your identity, capsudo can grant far more fine-grained capabilities that match the exact task you�re trying to accomplish. As an example, Conill details mounting and unmounting � with capsudo, you can not only grant the ability for a user to mount and unmount whatever device, but also allow the user to only mount or unmount just one specific device. Another example given is how capsudo can be used to give a service account user to only those resources the account needs to perform its tasks. Of course, Conill explains all of this way better than I ever could, with actual example commands and more details. Conill happens to be the same person who created Wayback, illustrating that they have a tendency to look at problems in a unique and interesting way. I�m not smart enough to determine if this approach makes sense compared to sudo or doas, but the way it�s described it does feel like a superior, more secure solution.
- One too many words on AT8T�s $2000 Korn shell and other Usenet topics
Unix has been enormously successful over the past 55 years. It started out as a small experiment to develop a time-sharing system (i.e., a multi-user operating system) at AT8T Bell Labs. The goal was to take a few core principles to their logical conclusion. The OS bundled many small tools that were easy to combine, as it was illustrated by a famous exchange between Donald Knuth and Douglas McIlroy in 1986. Today, Unix lives on mostly as a spiritual predecessor to Linux, Net/Free/OpenBSD, macOS, and arguably, ChromeOS and Android. Usenet tells us about the height of its early popularity. ↫ Gábor Nyéki There are so many amazing stories in this article, I honestly have no idea what to highlight. So first and foremost, I want you to read the whole thing yourself, as everyone�s bound to have their own personal favourite section that resonates the most. My personal favourite story from the article � which is just an aside, to illustrate that even the asides are great � is that when Australia joined Usenet in 1983, new posts to Usenet were delivered to the country by airmail. On magnetic tape. Once per week. The overarching theme here is that the early days of UNIX, as documented on Usenet, were a fascinating wild west of implementations, hacks, and personalities, which, yes, clashed with each other, but also spread untold amounts of information, knowledge, and experience to every corner of the world. I hope Nyéki will write more of these articles.
- COSMIC Desktop reaches first stable release
System76, creator of Pop!_OS and prominent Linux OEM, has just announced the release of Pop!_OS 24.04 LTS � normally not something I particularly care about, but in this case, it comes with the first stable release of COSMIC Desktop. COSMIC is a brand new desktop environment by System76, written in Rust, and after quite some time in development, it�s now out in the wild as a stable release. Today is special not only in that it’s the culmination of over three years of work, but even more so in that System76 has built a complete desktop environment for the open source community. We’re proud of this contribution to the open source ecosystem. COSMIC is built on the ethos that the best open source projects enable people to not only use them, but to build with them. COSMIC is modular and composable. It’s the flagship experience for Pop!_OS in its own way, and can be adapted by anyone that wants to build their own unique user experience for Linux. ↫ Carl Richell You don�t need to run Pop!_OS to try out COSMIC, as it�s already available on a variety of other distributions (although it may take a bit for this stable version to land in the respective repositories).
- Windows 3.1�s infamous Hot Dog Stand! colour scheme was not a joke
I�m sure most of us here are aware of the bright red-and-yellow colour scheme called Hot Dog Stand!, included in Windows 3.1. While it�s not the only truly garish colour scheme included in Windows 3.1, its name probably did a lot to make it stand out from the others. There�s been a ton of speculation about the origins of the colour scheme, and why it was included in Windows 3.1, but it seems nobody ever bothered to look for someone who actually worked on the Windows 3.1 user interface � until now. PC Gamer�s Wes Fenlon contacted Virginia Howlett, Microsoft�s first user interface designer who joined the company in 1985, and asked her about the infamous colour scheme. It turns out that the origin story for the infamous colour scheme is rather mundane. In Howlett�s own words: I do remember some discussion about whether we should include it, and some snarky laughter. But it was not intended as a joke. It was not inspired by any hot dog stands, and it was not included as an example of a bad interface—although it was one. It was just a garish choice, in case somebody out there liked ugly bright red and yellow. ↫ Virginia Howlett, quoted by Wes Fenlon in PC Gamer Howlett then lists a few other included colour schemes that were just as garish, or even more so, as examples to underline her point. Personally, I�m a huge proponent of allowing users to make their interfaces as ugly and garish as they want, as the only arbiter on what�s on your screen is you, and nobody else. Hot Dog Stand and similar garish themes need to make a comeback, because there�s bound to be some people out there whose vibes align with it.
- Using AI! to manage your Fedora system seems like a really bad idea
IBM owns Red Hat which in turn runs Fedora, the popular desktop Linux distribution. Sadly, shit rolls downhill, so we�re starting to see some worrying signs that Fedora is going to be used a means to push AI!. Case in point, this article in the Fedora Magazine: Generative AI systems are changing the way people interact with computers. MCP (model context protocol) is a way that enables generate AI systems to run commands and use tools to enable live, conversational interaction with systems. Using the new linux-mcp-server, let’s walk through how you can talk with your Fedora system for understanding your system and getting help troubleshooting it! ↫ Máirín Duffy and Brian Smith at Fedora Magazine This linux-mcp-server! tool is developed by IBM�s Red Hat, and of course, IBM has a vested interest in further increasing the size of the AI! bubble. As such, it makes sense from their perspective to start pushing AI! services and tools all the way down to the Fedora community, ending up with articles like this one. What�s sad is that even in this article, which surely uses the best possible examples, it�s hard to see how any of it could possibly be any faster than doing the example tasks without the help! of an AI!. In the first example, the AI! is supposed to figure out why the computer is having Wi-Fi connection issues, and while it does figure that out, the solutions it presents are really dumb and utterly wrong. Most notably, even though this is an article about running these tools on a Fedora system, written for Fedora Magazine, the AI! stubbornly insists on using apt for every solution, which is a basic, stupid mistake that doesn�t exactly instill confidence in any of its other findings being accurate. The second example involves asking the AI! to explain how much disk space the system is using, and why. The prompt! (the human-created question! the AI! is supposed to answer!) is bonkers long � it�s a 117 words long monstrosity, formatted into several individual questions � and the output is so verbose and it takes such a scattershot approach that following-up on everything is going to take a huge amount of time. Within that same time frame, it would�ve been not only much faster, but also much more user-friendly to just open Filelight (installed by default as part of KDE), which creates a nice diagram which instantly shows you what is taking up space, and why. The third example is about creating an update readiness report for upgrading from Fedora 42 to Fedora 43, and its prompt! is even longer at 190 words, and writing that up with all those individual questions must�ve taken more time than to just0 Do a simple dry-run of a dnf system upgrade which gets you like 90% of the way there. Here, too, the AI! blurts out so much information, much of which entirely useless, that going through it all takes more time than just manually checking up on a dnf dry run and peaking at your disk space usage. All this effort to set all of this up, and so much effort to carefully craft complex prompts!, only to end up with clearly wrong information, and way too much superfluous information that just ends up distracting you from the task you set out to accmplish. Is this really the kind of future of computing we�re supposed to be rooting for? Is this the kind of stuff Fedora�s new AI! policy is supposed to enable? If so, I�m afraid the disconnect between Fedora�s leadership and whatever its users actually use Fedora for is far, far wider than I imagined.
- FreeBSD debates sunsetting power64/power64le support
I have some potentially devastating news for POWER users interested in using FreeBSD, uncovered late last month by none other than Cameron Kaiser. FreeBSD is considering retiring powerpc64 prior to branching 16, which would make FreeBSD 15 the last stable version to support the architecture. (32-bit PowerPC is already dropped as of FreeBSD 14, though both OpenBSD and NetBSD generally serve this use case, and myself I have a Mac mini G4 running a custom NetBSD kernel with code from FreeBSD for automatic restart.) Although the message says powerpc64 and powerpc64le! it later on only makes specific reference to the big-endian port, whereas both endiannesses appear on the FreeBSD platform page and on the download server. ↫ Cameron Kaiser There�s two POWER9 systems in my office, so this obviously makes me quite sad. At the same time, though, it�s hard not to understand any possible decision to drop powerpc64/powerpc64le at this point in time. Raptor�s excellent POWER9 systems � the Blackbird, which I reviewed a few years ago, and the Talos II, which I also have � are very long in the tooth at this point and still quite expensive, and thanks to IBM royally screwing up POWER10, we never got any timely successors. There were rumblings about a possible POWER11-based successor from Raptor back in July 2025, but it�s been quiet on that front since. In other words, there are no modern powerpc64 and powerpc64le systems available. POWER10 and brand new POWER11 hardware are strictly IBM and incredibly expensive, so unless IBM makes some sort of generous donation to the FreeBSD Foundation, I honestly don�t know how FreeBSD is supposed to keep their powerpc64 and powerpc64le ports up-to-date with the latest generation of POWER hardware in the first place. It�s important to note that no final decision has been made yet, and since that initial report by Kaiser, several people have chimed in to argue the case that at least powerpc64le (the little endian variant) should remain properly supported. In fact, Timothy Pearson from Raptor Engineering stepped up the place, and stated he�s willing to take over maintainership of the port, as Raptor has been contributing to it for years anyway. Raptor remains committed to the architecture as a whole, and we have resources to assist with development. In fact, we sponsor several FreeBSD build machines already in our cloud environment, and have kernel developers working on expanding and maintaining the FreeBSD codebase. If there is any concern regarding hardware availability or developer resources, Raptor is willing and able to assist. ↫ Timothy Pearson Whatever decision the FreeBSD project makes, the Linux world will be fine for a while yet as IBM contributes to its development, and popular distributions still consider POWER a primary target. However, unless either IBM moves POWER hardware downmarket (extremely unlikely) or the rumours around Raptor have merit, I think at least the FreeBSD powerpc64 (big endian) port is done for, with the powerpc64le port hopefully being saved by people hearing these alarm bells.
- US government switches to Times New Roman because Calibri is woke!
Secretary of State Marco Rubio waded into the surprisingly fraught politics of typefaces on Tuesday with an order halting the State Department’s official use of Calibri, reversing a 2023 Biden-era directive that Mr. Rubio called a “wasteful” sop to diversity. While mostly framed as a matter of clarity and formality in presentation, Mr. Rubio’s directive to all diplomatic posts around the world blamed “radical” diversity, equity, inclusion and accessibility programs for what he said was a misguided and ineffective switch from the serif typeface Times New Roman to sans serif Calibri in official department paperwork. ↫ Michael Crowley and Hamed Aleaziz at The New York Times
- What do Linux kernel version numbers mean?
If you�re old enough, you no doubt remember that up until the 2.6.0 release of the Linux kernel, an odd number after the first version number indicated a pre-release, development version of the kernel. Even though this scheme was abandoned with the 2.6.0 release in 2003 and since then every single release has been a stable release, it seems the ghosts of this old versioning scheme still roam the halls, because prominent Linux kernel developer Greg Kroah-Hartman just published an explainer about Linux kernel versions. Despite having a stable release model and cadence since December 2003, Linux kernel version numbers seem to baffle and confuse those that run across them, causing numerous groups to mistakenly make versioning statements that are flat out false. So let’s go into how this all works in detail. ↫ Greg Kroah-Hartman I genuinely find it difficult to imagine what could possibly be unclear about Linux kernel version numbers. The Linux kernel uses a very generic major.minor scheme, but that�s not where the problems lie � it�s the actual development process of each of these numbered release that�s a bit more complex. This is where we have to talk about things like the roughly 10-week release cycle, containing a 2-week merge window, as well as Torvalds handing off the stable branch to the stable kernel maintainers. The other oddity is when the major version number gets incremented � the first number in the version number. There�s no real method to this, as Kroah-Hartman admits Torvalds increments this number whenever the remaining numbers get too high and unwieldy to deal with. Very practical, but it does mean that going from, say, 5.x to 6.x doesn�t really imply there�s any changes in there that are any bigger or more disruptive than when going from 6.8.x to 6.9.x or whatever. There�s a few more important details in here, of course, like where LTS releases come from, but that�s really it � nothing particularly groundbreaking or confusing.
- Microsoft will allow you to remove AI! actions from Windows 11�s context menus
With the current, rapidly deteriorating state of the Windows operating system, you have to take the small wins you can get: Microsoft is now offering the option of removing AI! actions from Windows 11�s context menus. buried deep in the Windows 11 Insider Preview Build 26220.7344 release notes, there�s this nugget: If there are no available or enabled AI Actions, this section will no longer show in the context menu. ↫ Windows Insider Preview release notes If you then go to Settings > Apps > Actions and uncheck all the AI! actions, the entire submenu in Windows 11�s context menus will vanish. While this is great news for those Windows users who don�t want to be bothered by all the AI! nonsense, I wish Microsoft would just give users a proper way to edit the context menu that doesn�t involve third party hackery. KDE�s Dolphin file manager gives me full control over what does and does not appear in its context menu, and I can�t imagine living without this functionality � there�s so many file-related operations I never use, and having them clutter up the context menu is annoying and just slows me down. There�s more substantial and important changes in this Insider Preview Build too, most notably the rollout of the Update Orchestration Platform, which should make downloading and installing application updates less cumbersome, but since it�s a new feature, application won�t support it right away. This release also brings the new Windows MIDI Services, and Microsoft hopes this will improve the experience for musicians using MIDI 1.0 or MIDI 2.0 on Windows. There�s a slew of smaller changes, too, of course. I�m not exactly sure when these new features will make their way to production installations � who does, honestly, with Microsoft�s convoluted release processes � but I hope it�s sooner rather than later.
- The anatomy of a macOS application
When Mac OS X was designed, it switched to the bundle structure inherited from NeXTSTEP. Instead of this multitude of resources, apps consisted of a hierarchy of directories containing files of executable code, and those with what had in Mac OS been supporting resources. Those app bundles came to adopt a standard form, shown below. ↫ Howard Oakley A short, but nonetheless informative overview of the structure of a macOS application. I�m sure most people on OSNews are aware that a macOS application is a bundle, which is effectively a glorified directory containing a variety of files and subdirectories that together make up the application. I haven�t used macOS in a while, but I think you can right-click on an application and open it as a folder to dig around inside of it. I�m trying to remember from my days as a Mac OS X user � 15-20 years ago � if there was ever a real need to do so, but I�m sure there were a few hacks you could do by messing around with the files inside of application bundles. These days, perhaps with all the code-signing, phoning-home to Apple, and other security trickery going on, such acts are quite frowned upon. Does making any otherwise harmless changes inside an application bundle set off a ton of alarm bells in macOs these days?
- Applets are officially gone, but Java in the browser is better than ever
The end of an era, perhaps. Applets are officially, completely removed from Java 26, coming in March of 2026. This brings to an official end the era of applets, which began in 1996. However, for years it has been possible to build modern, interactive web pages in Java without needing applets or plugins. TeaVM provides fast, performant, and lightweight tooling to transpile Java to run natively in the browser. And for a full front-end toolkit with templates, routing, components, and more, Flavour lets you build your modern single-page app using 100% Java. ↫ Andrew Oliver As consumers, we don�t really encounter Java that much anymore unless we play Minecraft, but that doesn�t mean Java no longer has a place in this world. In fact, it still consistently ranks in the top three of most popular programming languages, so any tools to make using Java easier, both for programmers and users, are welcome.
- OSNews needs your donations to survive
OSNews is funded entirely by you, our readers. There are no ads on OSNews, we are not part of a massive corporate publishing conglomerate like virtually every other technology news website, there are no wealthy (corporate) benefactors � it�s just whatever funds you, our readers, send our way. As such, I sometimes need to remind everyone about this, and December, the holiday month, seems as great a time as any to do this. If you want to support a truly independent technology news website, free from the corrupting influences of corporate interests, advertising companies, managers pushing AI!, and all the other nonsense destroying the web we once loved, you can do so by donating to keep OSNews alive. This gives me the time and means to write 9000 words about dead computer ecosystems, and I�m already working on an article about the next final UNIX workstation. Every single donation, large or small, is deeply appreciated and keeps the lights on around here. There aren�t many websites like OSNews left, especially not independent ones that answer to nobody. Your support keeps OSNews going, with June 2026 marking a special moment for me: it will mark twenty years since I took over this place. I�m not expecting a party � you�re paying me to work, not to party � but it is still a meaningful anniversary for me personally.
- Porting rePalm to Pixter devices
Some of you may be aware of rePalm, a project by Dmitry Grinberg to port the PalmOS to various devices it was never supposed to run on. We covered rePalm back in 2019 and again in 2023. His latest project involved porting PalmOS to a set of digital toys that were never intended to run PalmOS in any way. Fisher-Price (owned by Mattel) produced some toys in the early 2000 under the Pixter brand. They were touchscreen-based drawing toys, with cartridge-based extra games one could plug in. Pixter devices of the first three generations ( classic!, plus!, and 2.0!) featured 80�80 black-and-white screens, which makes them of no interest for rePalm. The last two generations of Pixter ( color! and multimedia!) featured 160�160 color displays. Now, this was more like it! Pixter was quite popular, as far as kids� toys go, in USA in the early 2000s. A friend brought it to my attention a year ago as a potential rePalm target. The screen resolution was right and looking inside a Pixter Color! showed an ARM SoC � a Sharp LH75411. The device had sound (games made noises), and touch panel was resistive. In theory � a viable rePalm target indeed. ↫ Dmitry Grinberg Considering the immensely limited ARMv7 implementation he had to deal with � no cache, no memory management unit, no memory protection unit � it�s a miracle Grinberg managed to succeed. To make matters even harder, the first revision boards of the color! model only had 1MB of flash, which is incredibly small even for PalmOS 5, so he had to rewrite parts of it to make it fit. Implementing communication over infrared was also a major difficulty, but that, too he managed to get working � on a device that doesn�t have IrDA SIR modulation. Wild. Grinberg went above and beyond, making sure the buttons on the devices work, developing and building a way to put PalmOS on a game! cartridge, reverse-engineering the display controller to make sure things like brightness adjustment works, adding screen type detection for that one small run of Pixter Color devices that came with a TFT instead of an STN screen, and so, so much more. Until you read the article, you have no idea how much work Grinberg put into this project. I continue to be in awe of Grinberg�s work every time I come across it.
- Haiku highlights interesting stalled commits you might want to adopt
Now this is a great initiative by the Haiku team: highlight a number of stale commits that�ve been without interaction for years, explain why they�ve stalled, and then hope renewed interest might grow (part 1 and part 2). Recently some discussions on the forum led to asking about the status of our Gerrit code review. There are a lot of changes there that have been inactive for several years, with no apparent interest from anyone. To be precise, there are currently 358 commits waiting for review (note that Gerrit, unlike Github and other popular code review tools, works on a commit-by-commit basis, so each commit from a multiple-commit change is counted separately). The oldest one has not seen any comments since 2018. Today, let’s have a look at some of these changes and see why they are stalled. Hopefully it will inspire someone to pick up the work and help finishing them up. ↫ Pulkomandy at the Haiku website Browsing through the highlighted stalled commits, there�s a few that seem quite interesting and relatively easy for a (new?) contributor to seek their teeth into. For instance, there�s a stalled commit to remove GCC from Haiku images built with clang/llvm, which stalled mostly because there are still other issues when building Haiku with clang/llvm. For a more complex problem, there�s the issue of how every menu in BeOS/Haiku is also a window, including its own thread, which means navigating deeply nested menus creates and destroys a lot of threads, that all need to be synchronised, too. If you want to get really ambitious, there�s the stalled commit to add initial 64bit PowerPC support. There�s more of these, of course, so if you have the skills and will to contribute to a project like Haiku, this might be a great place to start and get your feet wet. Now that these commits are back in the spotlight, there�s sure to be team members and regular contributors lined up to lend an extra hand, as well.
- Oracle Solaris 11.4 SRU 87 released
Oracle has released Solaris 11.4 SRU 87, which brings with it a whole slew of changes, updates, and fixes. Primarily, it upgrades Firefox and Thunderbird to their latest ESR 140.3.0 releases, and adds GCC 15, alongside a ton of updated other open source packages. On more Solaris 11-specific notes, useradd�s account activation options have been changed to address some issues caused by stricter enforcement introduced in SRU 78, there�s some preparations for the upgrade to BIND 9.20 in a future Solaris 11 release, a few virtualisation improvements, and much more. If you�re unclear about the relationship between this new release and the Common Build Environment or CBE release of Solaris 11.4 for enthusiasts, released earlier this year, the gist is that these SRU updates are only available to people with Oracle Solaris support contracts, while any updates to the CBE release are available to mere mortals like you and I. If you have a support contract and are using the CBE, you can upgrade from the CBE to the official SRU releases, but without such a contract, you�re out of luck. A new CBE release is in the works, and is planned to arrive in 2026 � which is great news, but I would love for the enthusiast variant of Solaris 11.4 to receive more regular updates. I don�t think making these SRU updates available to enthusiasts in a non-commercial, zero-warranty kind of way would pose any kind of threat to Oracle�s bottom line, but alas, I don�t run a business like Oracle so perhaps I�m wrong.
- What’s New in KDE Gear 25.12 — A Major Update for KDE Software
by George Whittaker Introduction
The KDE community has just published KDE Gear 25.12, the newest quarterly update to its suite of applications. This refresh brings a mix of enhancements, bug fixes, performance refinements, and new features across many popular KDE apps, from Dolphin file manager and Konsole terminal to Krita and Spectacle. With this release, KDE continues its tradition of incremental yet meaningful upgrades that make everyday use smoother and more productive.
KDE Gear updates are not limited to the KDE Plasma desktop; they also benefit users of other desktop environments who install KDE apps on their systems. Whether you’re running KDE on Linux, BSD, or even Windows via KDE Windows builds, Gear 25.12 delivers improvements worth checking out.
Highlights from KDE Gear 25.12Dolphin: Better File Browsing and Thumbnails
Dolphin, KDE’s file manager, receives several enhancements in this update:
Improved thumbnail generation for more file types, making previews quicker and more dependable.
UI polish in the sidebar for easier navigation between folders and mounted drives.
Better handling of network shares and remote locations, improving responsiveness and reducing hangs.
These changes combine to make everyday file exploration more responsive and visually informative.
Konsole: Productivity Boosts
The KDE terminal emulator, Konsole, gets attention too:
Search field improvements help you find text within long terminal scrollbacks faster and with fewer clicks.
Tab and session indicators are clearer, helping users manage multiple tabs or split views more easily.
Stability fixes reduce crashes in edge cases when closing multiple sessions at once.
For developers and power users who spend a lot of time in a terminal, these refinements are genuinely useful.
Krita: More Painting Power
Krita, KDE’s professional painting and illustration application, also benefits from this release:
Improvements to brush performance, reducing lag on large canvases and complex brush sets.
Better color management and palette handling, smoothing workflows for digital artists.
Fixes for certain configuration edge cases that previously caused settings not to persist across sessions.
Artists and digital illustrators should notice fewer interruptions and smoother performance when working on large projects.
Go to Full Article
- Linux Kernel 5.4 Reaches End-of-Life: Time to Retire a Workhorse
by George Whittaker
One of the most widely deployed Linux kernels has officially reached the end of its lifecycle. The maintainers of the Linux kernel have confirmed that Linux 5.4, once a cornerstone of countless servers, desktops, and embedded devices, is now end-of-life (EOL). After years of long-term support, the branch has been retired and will no longer receive upstream fixes or security updates.
A Kernel Release That Defined a Generation of Linux Systems
When Linux 5.4 debuted, it made headlines for bringing native exFAT support, broader hardware compatibility, and performance improvements that many distributions quickly embraced. It became the foundation for major OS releases, including Ubuntu LTS, certain ChromeOS versions, Android kernels, and numerous appliance and IoT devices.
Its long support window made it a favorite for organizations seeking stability over bleeding-edge features.
What End-of-Life Actually Means
With the EOL announcement, the upstream kernel maintainers are officially done with version 5.4. That means:
No more security patches
No more bug fixes or performance updates
No regressions or vulnerabilities will be addressed
Some enterprise vendors may continue backporting patches privately, but the public upstream branch is now frozen. For most users, that makes 5.4 effectively unsafe to run.
Why This Matters for Users and Organizations
Many devices, especially embedded systems, tend to run kernels for much longer than desktops or servers. If those systems continue using 5.4, they now risk exposure to unpatched vulnerabilities.
Running an unsupported kernel can also create compliance issues for companies operating under strict security guidelines or certifications. Even home users running older LTS distributions may unknowingly remain on a kernel that’s no longer protected.
Upgrading Is the Clear Next Step
With 5.4 retired, users should begin planning an upgrade to a supported kernel line. Today’s active long-term support kernels include more modern branches such as 6.1, 6.6, and 6.8, which provide:
Better CPU and GPU support
Significant security improvements
Enhanced performance and energy efficiency
Longer future support windows
Before upgrading, organizations should test workloads, custom drivers, and hardware, especially with specialized or embedded deployments.
Go to Full Article
- Linux Distros Designed for Former Windows Users Are Picking Up Steam
by George Whittaker
For years, Windows users frustrated with constant changes, aggressive updates, and growing system bloat have flirted with switching to Linux. But 2025 marks a noticeable shift: a new generation of Linux distributions built specifically for ex-Windows users is gaining real traction. One of the standout examples is Bazzite, a gaming-optimized Fedora-based distro that has quickly become a go-to choice for people abandoning Windows in favor of a cleaner, more customizable experience.
Why Many Windows Users Are Finally Jumping Ship
Microsoft’s ecosystem has been slowly pushing some users toward the exit. Hardware requirements for Windows 11 left millions of perfectly functional PCs behind. Ads on the Start menu and in system notifications have frustrated many. And for gamers, launcher problems, forced reboots and background processes that siphon resources have driven a search for alternatives.
Linux distributions have benefited from that frustration, especially those that focus on simplicity, performance and gaming readiness.
Gaming-First Distros Are Leading the Movement
Historically, switching to Linux meant sacrificing game compatibility. But with Valve’s Proton layer and Vulkan-based translation technologies, thousands of Windows games now run flawlessly, sometimes better than on Windows.
Distros targeting former Windows users are leaning into this new reality:
Seamless Steam integration
Automatic driver configuration for AMD, Intel and NVIDIA
Built-in performance overlays like MangoHUD
Proton GE and tools for modding or shader fixes
Support for HDR, VR and modern controller layouts
This means a new Linux user can install one of these distros and jump straight into gaming with almost no setup.
Bazzite: A Standout Alternative OS
Bazzite has become the poster child for this trend. Built on Fedora’s image-based system and the Universal Blue infrastructure, it offers an incredibly stable base that updates atomically, similar to SteamOS.
What makes Bazzite so attractive to Windows refugees?
Gaming-ready out of the box no tweaking, no driver hunts
Rock-solid performance thanks to an immutable system layout
Support for handheld PCs like the Steam Deck, ROG Ally and Legion Go
Friendly workflows that feel familiar to new Linux users
Customization without the risk of breaking the system
It’s no surprise that many “I switched to Linux!” posts now mention Bazzite as their distro of choice.
Go to Full Article
- Linux Kernel 6.18 Is Out: What’s New and Important
by George Whittaker
The stable release of Linux Kernel 6.18 was officially tagged on November 30, 2025.
It’s expected to become this year’s major long-term support (LTS) kernel, something many users and distributions care about.
Here’s a breakdown of the most significant changes and improvements in this release:
Core Improvements: Performance, Memory, Infrastructure
The kernel’s memory allocation subsystem gets a major upgrade with “sheaves”, a per-CPU caching layer for slab allocations. This reduces locking overhead and speeds up memory allocation and freeing, improving overall system responsiveness.
A new device-mapper target dm-pcache arrives, enabling use of persistent memory (e.g. NVDIMM/CXL) as a cache layer for block devices, useful for systems with fast non-volatile memory, SSDs, or hybrid storage.
Overall memory management and swapping performance have been improved, which should help under memory pressure or heavy workloads.
Networking & Security Enhancements
Networking gets a boost: support for Accurate Explicit Congestion Notification (AccECN) in TCP, which can provide better congestion signals and more efficient network behaviour under load.
A new option for PSP-encrypted TCP connections has been added, a fresh attempt to push more secure transport-layer encryption (like a more efficient alternative to IPsec/TLS for some workloads) under kernel control.
The kernel now supports cryptographically signed BPF programs (eBPF), so BPF bytecode loaded at runtime can be verified for integrity. This is a noteworthy security hardening step.
The overall security infrastructure and auditing path, including multi-LSM (Linux Security Modules) support, has been refined, improving compatibility for setups using SELinux, AppArmor, or similar simultaneously.
Hardware, Drivers & Architecture Coverage
Kernel 6.18 brings enhanced hardware support: updated and new drivers for many platforms across architectures (x86_64, ARM, RISC-V, MIPS, etc.), including improvements for GPUs, CPU power management, storage controllers, and more.
In particular, support for newer SoCs, chipsets, and embedded-board device trees has been extended, beneficial for people using SBCs, ARM-based laptops/boards, or niche hardware.
For gaming rigs, laptops, and desktops alike: improvements to drivers, power-state management, and performance tuning may lead to better overall hardware efficiency.
Go to Full Article
- Wine 10.19 Released: Game Changing Support for Windows Reparse Points on Linux
by George Whittaker Introduction
If you use Linux and occasionally run Windows applications, whether via native Wine or through gaming layers like Proton, you’ll appreciate what just dropped in Wine 10.19. Released November 14 2025, this version brings a major enhancement: official support for Windows reparse points, a filesystem feature many Windows apps rely on, and a host of other compatibility upgrades.
In simpler terms: Wine now understands more of the Windows filesystem semantics, which means fewer workarounds, better application compatibility, and smoother experiences for many games and tools previously finicky under Linux.
What Are Reparse Points & Why They MatterUnderstanding Reparse Points
On Windows, a reparse point is a filesystem object (file or directory) that carries additional data, often used for symbolic links, junctions, mount points, or other redirection features. When an application opens or queries a file, the OS may check the reparse tag to determine special behavior (for example “redirect this file open to this other path”).
Because many Windows apps, installers, games, DRM systems, file-managers, use reparse points for features like directory redirection, path abstractions, or filesystem overlays, lacking full support for them in Wine means those apps often misbehave.
What Wine 10.19 Adds
With Wine 10.19, support for these reparse point mechanisms has been implemented in key filesystem APIs: for example NtQueryDirectoryFile, GetFileInfo, file attribute tags, and DeleteFile/RemoveDirectory for reparse objects.
This means that in Wine 10.19:
Windows apps that create or manage symbolic links, directory junctions or mount-point style re-parsing will now function correctly in many more cases.
Installers or frameworks that rely on “when opening path X, redirect to path Y” will work with less tinkering.
Games or utilities that check for reparse tags or use directory redirections will have fewer “stuck” behaviors or missing files.
In effect, this is a step toward closer to native behavior for Windows file-system semantics under Linux.
Other Key Highlights in Wine 10.19
Beyond reparse points, the release brings several notable improvements:
Expanded support for WinRT exceptions (Windows Runtime error handling) meaning better compatibility for Universal Windows Platform (UWP) apps and newer Windows-based frameworks.
Refactoring of “Common Controls” (COMCTL32) following the version 5 vs version 6 split, which helps GUI applications that rely on older controls or expect mixed versions.
Go to Full Article
- Firefox 145: A Major Release with 32-Bit Linux Support Dropped
by George Whittaker Introduction
Mozilla has rolled out Firefox 145, a significant update that brings a range of usability, security and privacy enhancements, while marking a clear turning point by discontinuing official support for 32-bit Linux systems. For users on older hardware or legacy distros, this change means it’s time to consider moving to a 64-bit environment or opting for a supported version.
Here’s a detailed look at what’s new, what’s changed, and what you need to know.
Major Changes in Firefox 145End of 32-Bit Linux Builds
One of the headline items in this release is Mozilla’s decision to stop building and distributing Firefox for 32-bit x86 Linux. As per their announcement:
“32-bit Linux (on x86) is no longer widely supported by the vast majority of Linux distributions, and maintaining Firefox on this platform has become increasingly difficult and unreliable.”
From Firefox 145 onward, only 64-bit (x86_64) and relevant 64-bit architectures (such as ARM64) will be officially supported. For those still running 32-bit Linux builds, Mozilla recommends migrating to 64-bit or switching to the Extended Support Release (ESR) branch (Firefox 140 ESR) which still supports 32-bit for a limited period.
Usability & Interface Enhancements
Firefox 145 brings several improvements designed to make everyday web browsing smoother and more flexible:
PDF viewer enhancements: You can now add, edit, and delete comments in PDFs, and a comments sidebar helps you easily navigate your annotations.
Tab-group preview: When you hover over the name of a collapsed tab group, a thumbnail preview of the tabs inside appears, helpful for reorganizing or returning to work.
Access saved passwords from the sidebar, without needing to open a new tab or window.
“Open links from apps next to your active tab” setting: When enabled, links opened from external applications insert next to your current tab instead of at the end of the tab bar.
Slight UI refinements: Buttons, input fields, tabs and other elements get more rounded edges, horizontal tabs are redesigned to align with vertical-tab aesthetics.
Privacy, Security & Under-the-Hood Upgrades
Mozilla has also doubled down on privacy and risk reduction:
Fingerprinting defenses: Firefox 145 introduces new anti-fingerprinting techniques that Mozilla estimates reduce the number of users identified as unique by nearly half when Private Browsing mode or Enhanced Tracking Protection (strict) is used.
Go to Full Article
- MX Linux 25 ‘Infinity’ Arrives: Debian 13 ‘Trixie’ Base, Modern Tools & A Fresh Installer
by George Whittaker Introduction
The team behind MX Linux has just released version 25, carrying the codename “Infinity”, and it brings a significant upgrade by building upon the stable base of Debian 13 “Trixie”. Released on November 9, 2025, this edition doesn’t just refresh the desktop, it introduces modernized tooling, updated kernels, dual init-options, and installer enhancements aimed at both newcomers and long-time users.
In the sections that follow, we’ll walk through the key new features of MX Linux 25, what’s changed for each desktop edition, recommended upgrade or fresh-install paths, and why this release matters in the wider Linux-distribution ecosystem.
What’s New in MX Linux 25 “Infinity”
Here are the headline changes and improvements that define this release:
Debian 13 “Trixie” Base
By moving to Debian 13, Infinity inherits all the stability, security updates, and broader hardware support of the latest Debian stable release. The base system now aligns with Trixie’s libraries, kernels, and architecture support.
Kernel Choices & Hardware Support
The standard editions ship with the Linux 6.12 LTS kernel series, offering a solid baseline for most hardware.
For newer hardware or advanced users, the “AHS” (Advanced Hardware Support) variants and the KDE Plasma edition adopt a Liquorix-flavored Linux 6.16 (or 6.15 in some variants) kernel, maximizing performance and compatibility with cutting-edge setups.
Dual Init Option: systemd and SysVinit
Traditionally associated with lighter-weight init options, MX Linux now offers both systemd by default and SysVinit editions (particularly for Xfce and Fluxbox variants). This gives users the freedom to choose their init system preference without losing new features.
Updated Desktop Environments
Xfce edition: Ships with Xfce 4.20. Improvements include a revamped Whisker Menu, updated archive management tools (Engrampa replacing File Roller in some editions).
KDE Plasma edition: Uses KDE Plasma 6.3.6, defaults to Wayland for a modern session experience (with X11 still optionally available), adds root-actions and service menus to Dolphin, and switches TLP out for power-profiles-daemon to resolve power widget issues.
Fluxbox edition: Offers a more minimal, highly customizable environment: new panel layouts, updated “appfinder” configs for Rofi, toolbar changes and themes refined. Defaults the audio player to Audacious (instead of the older DeaDBeeF).
Go to Full Article
- Arch Linux November 2025 ISO: Fresh Snapshot, Smarter Installer (Archinstall 3.0.12) & Pacman 7.1
by George Whittaker
Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:
Archinstall 3.0.12 – a more polished, smarter TUI installer
Pacman 7.1 – a package manager update with stricter security and better tooling
If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.
Why Arch Still Ships Monthly ISOs in a Rolling World
Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:
sudo pacman -Syu
…but in practice, that’s painful:
Huge initial update downloads
Possible breakage jumping across many months of changes
Outdated installer tooling
That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:
Start with a current kernel and userland
Spend less time updating right after install
Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)
The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.
What’s Inside the November 2025 ISO (2025.11.01)
The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:
Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.
Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.
The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.
You can download it from the official Arch Linux download page or via BitTorrent mirrors.
One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.
Archinstall 3.0.12: What’s Actually New?
Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.
Go to Full Article
- AMD Confirms Zen 5 RNG Flaw: When ‘Random’ Isn’t Random Enough
by George Whittaker
AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.
Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.
What AMD Just Confirmed
AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:
Return the value 0 from RDSEED far more often than true randomness would allow
Still signal “success” (carry flag CF=1), so software thinks it got a good random value
The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.
Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.
AMD classifies the impact as:
Loss of confidentiality and integrity (High severity).
How the Vulnerability Works (In Plain English)What RDSEED Is Supposed to Do
Modern CPUs expose hardware instructions like RDRAND and RDSEED:
RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.
RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).
Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.
What’s Going Wrong on Zen 5
On affected Zen 5 CPUs:
The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.
Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.
In cryptographic terms, this means:
Entropy can be dramatically reduced (many key bits become predictable or even fixed).
Keys or nonces derived from those values can become partially or fully guessable.
Go to Full Article
- The Most Critical Linux Kernel Breaches of 2025 So Far
by George Whittaker
The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.
CVE-2025-21756 – Use-After-Free in the vsock Subsystem
One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.
How the exploit works:A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.
Why it matters:Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.
Mitigation:Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.
CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets
Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.
Attack scenario:A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.
Why it matters:This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.
Mitigation:Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.
CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers
In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Go to Full Article
|
