|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All)
(Two Column)
- [$] LWN.net Weekly Edition for November 13, 2025
Inside this week's LWN.net Weekly Edition:
Front: FUSE performance; Magic kfuncs; Tails Linux; Direct I/O and modifying buffers; Working with bootable containers. Briefs: Kernel LLM policy; Firefox 145; FHS; Homebrew 5.0.0; Mastodon 4.5; Public-inbox 2.0.0; Pytest 9.0.0; Quote; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- Homebrew 5.0.0 released
Version5.0.0 of the Homebrew packagemanager for Linux and macOS has been released. Notable changes in thisrelease include download concurrency by default, official support for64-bit Arm on Linux, and more.
- [$] The intersection of unstable pages and direct I/O
Longtime LWN readers will have encountered the concept of "stable pages"before; it was first covered here nearly15 years ago. For the most part, the problem that stable pages weremeant to solve — preventing errors when user space modifies a buffer thatis under I/O — has been dealt with. Butrecent discussions show that there is one area where problems remain:direct I/O. There is some disagreement,though, over whether those problems are the result of user-space bugs andhow much of a performance price should be paid to address them.
- Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and libtiff), Debian (kernel, libarchive, rust-sudo-rs, and squid), Fedora (chromium, dotnet8.0, forgejo, ruby, and webkitgtk), Oracle (bind, bind9.18, kernel, kernel-uek*, libtiff, and runc), Red Hat (firefox, kernel, and kernel-rt), Slackware (mozilla), SUSE (buildah, colord, containerd, kernel, lasso, libsoup, micropython, ongres-scram, openssh, proxy-helm, uyuni-tools, python-pdfminer.six, qatengine, qatlib, regclient, and runc), and Ubuntu (raptor and raptor2).
- Firefox 145 released
Firefox 145 has been released. Notablechanges in this release include note-takingfeatures for PDFs viewed in Firefox, enhancedprivacy protections, and the ability to access and manage passwords inthe sidebar. This release also drops support for 32-bit Linux systems.
- [$] Protecting privacy with Tails
Tails is an unusual Linuxdistribution developed by the Tor Project; itis designed to help users work around internet censorship and avoidsurveillance. It is a "portable" operating system that is meant to berun from a USB stick or ISO image and to leave no trace on thecomputer it was run on. Tails routes connections to the internet overthe Tornetwork and includes a selection of applications and toolssuited to working with sensitive documents, communicating securely,and preserving users' anonymity. The tradeoff, of course, is thatTails is less convenient and requires users to learn a new set oftools to avoid compromising their own security and anonymity. Tails 7.1 wasreleased in October, and it seemed like as good a time as any to takeit for a spin.
- Security updates for Tuesday
Security updates have been issued by AlmaLinux (bind, expat, kernel, osbuild-composer, qt6-qtsvg, runc, valkey, and xorg-x11-server-Xwayland), Debian (incus), Fedora (cef and dotnet8.0), Mageia (strongswan), Red Hat (fence-agents and python-requests), SUSE (chromium, colord, erlang26, java-1_8_0-openjdk, libsoup, python-django, thunderbird, tiff, and warewulf4), and Ubuntu (intel-microcode and rust-sudo-rs).
- Public-inbox 2.0.0 released
Version 2.0.0 of public-inbox, the mail archiving system behindlore.kernel.org and LWN's email archive, has been released. "Thisrelease includes several new features and fixes; mostly around improvedintegration between inboxes and coderepos for solver. Portability andreliability is also improved, especially in the internal process managementof lei."
- [$] Magic kernel functions for BPF
When programs written in BPF (the kernel's hot-loadable virtual-machine bytecode) call kernel functions (kfuncs), it may be usefulfor those functions to have additional information about the context in whichthose BPF programs are executing. Rather than requiring it to supplythat information, it would be convenient to let the BPF verifier pass thatinformation to the called function automatically. That is already possible, buta recent patch set from Ihor Solodrai would make it more ergonomic.It allows kerneldevelopers to specify that a kfunc should be passed additionalparameters inferred by the verifier, invisibly to the BPF program. Thediscussion included concerns that Solodrai's implementation was unnecessarily complex, however.
- Pytest 9.0.0 released
Version9.0.0 of pytest has been released. Notable changes in this releaseinclude the addition of subtests,native support for TOML configuration files, and a new strictmode. See the changelogfor a complete list of new features, enhancements, and bug fixes.
- Mozilla's Firefox 145 is heeeeeere: Buffs up privacy, bloats AI
Improves tracking prevention, profile management, PDF editing, and Perplexity creeps into your address barFirefox 145 is out, with more privacy, better profile handling, better image search for Google users… and, almost inevitably, more LLM bot integration.…
- Intel Finds Great Performance With PostgreSQL's AVX-512 Support
Back in April PostgreSQL added AVX-512 support for CRC32 computations. At the time the gains for CRC32 computations with this popular open-source database server were reported to be 50% to 3x faster for x86_64 CPUs able to leverage AVX-512. That AVX-512 support is found with PostgreSQL 18.0 that released in September and now Intel is praising this addition to PostgreSQL for which their developers also had a part in along with AWS and others...
- How to install Cloudpanel on Ubuntu 24.04
In this tutorial, we are going to show you how to install CloudPanel on Ubuntu 24.04 OS. CloudPanel is a free and open-source server control panel designed for servers and cloud environments.
- Make SSH as Easy as FTP with SSH Pilot
FTP’s simplicity came with security risks; SSH Pilot offers a familiar workflow for secure shell management and encrypted file transfers — without sacrificing security.
- Iceland Deems Possible Atlantic Current Collapse A Security Risk
Iceland has formally classified the potential collapse of a major Atlantic Ocean current system a national security threat, warning that a disruption could trigger a modern-day ice age in Northern Europe and destabilize global weather systems. The move elevates the risk across government and enables it to strategize for worst-case scenarios. Reuters reports: The Atlantic Meridional Overturning Circulation, or AMOC, current brings warm water from the tropics northward toward the Arctic, and the flow of warm water helps keep Europe's winters mild. But as warming temperatures speed the thaw of Arctic ice and cause meltwater from Greenland's ice sheet to pour into the ocean, scientists warn the cold freshwater could disrupt the current's flow. A potential collapse of AMOC could trigger a modern-day ice age, with winter temperatures across Northern Europe plummeting to new cold extremes, bringing far more snow and ice. The AMOC has collapsed in the past - notably before the last Ice Age that ended about 12,000 years ago. "It is a direct threat to our national resilience and security," Iceland Climate Minister Johann Pall Johannsson said by email. "(This) is the first time a specific climate-related phenomenon has been formally brought before the National Security Council as a potential existential threat." Elevation of the issue means Iceland's ministries will be on alert and coordinating a response, Johannsson said. The government is assessing what further research and policies are needed, with work underway on a disaster preparedness policy. Risks being evaluated span a range of areas, from energy and food security to infrastructure and international transportation. "Sea ice could affect marine transport; extreme weather could severely affect our capabilities to maintain any agriculture and fisheries, which are central to our economy and food systems," Johannsson said. "We cannot afford to wait for definitive, long-term research before acting."
Read more of this story at Slashdot.
- Alien: Earth Renewed For Second Season
FX has renewed Alien: Earth for a second season and signed creator Noah Hawley to a massive nine-figure overall deal with Disney Entertainment Television. Deadline reports: Inspired by Ridley Scott's sci-fi thriller film Alien, Hawley adapted the film franchise for television with the strong support of Scott Free and its president, David W. Zucker, who is an executive producer of the series. It earned a positive reaction from fans, posting a 94% Certified Fresh rating from Rotten Tomatoes and a Metacritic Must-Watch score of 85. "It has been our great privilege to work with Noah for more than a decade on some of FX's best and biggest shows, and we are thrilled to extend our partnership well into the future," said FX Chairman John Landgraf. "Noah never stops surprising us with truly original stories -- and his unique ability to bring them to vibrant life as a director and producer as well as writer makes him extraordinary. We can't wait to get to work on the next season of Alien: Earth, as well as some equally exciting future projects in advanced development."
Read more of this story at Slashdot.
- Scientists Watch Supernova Shockwave Shoot Through a Dying Star For First Time
For the first time, astronomers captured the shockwave of a supernova bursting through the surface of a dying red supergiant star, revealing a surprisingly symmetrical, grape-shaped explosion. Space.com reports: Seeing this moment in detail has previously been elusive because it's rare for a supernova to be spotted early enough and for telescopes to be trained on it -- and when they have been, the exploding star has been too far away. So, when supernova 2024ggi went boom on April 10, 2024 in the relatively nearby spiral galaxy NGC 3621, which is 22 million light-years away in the constellation of Hydra, the Water Snake, astronomer Yi Yang of Tsinghua University in Beijing knew he had to act. Although the supernova itself couldn't be resolved as anything put a point of light, the polarization of that light held the clues as to the geometry of the breakout. "The geometry of a supernova explosion provides fundamental information on stellar evolution and the physical processes leading to these cosmic fireworks," said Yang. "Spectropolarimetry delivers information about the geometry of the explosion that other types of observation cannot provide because the angular scales are too tiny," said another team-member, Lifan Wang of Texas A&M University. The measurement showed that the shape of the breakout explosion was flattened, like an olive or grape. Crucially, though, the explosion propagated symmetrically, and continued to do so even when it collided with a ring of circumstellar material. "These findings suggest a common physical mechanism that drives the explosion of many massive stars, which manifests a well-defined axial symmetry and acts on large scales," said Yang. The findings will allow astronomers to rule out some models and strengthen others that describe what drives the shockwave in a supernova explosion. The findings have been described in a paper on the ESO website.
Read more of this story at Slashdot.
- Toyota Opens the Doors To Its First EV Battery Plant In the US
An anonymous reader quotes a report from Electrek: Production is now underway at Toyota's new $13.9 billion battery plant in North Carolina, the company's first outside Japan. After the first batteries rolled off the production line at its new facility in Liberty, North Carolina, on Wednesday, Toyota said today marks a "pivotal moment" in the company's history. The facility is Toyota's 11th plant in the US and its first battery plant outside of Japan. Toyota first announced plans to build EV batteries in the US almost four years ago. The nearly $14 billion facility will create up to 5,100 jobs in the area. In addition, the Japanese auto giant announced plans to invest an additional $10 billion in its US operations over the next five years. Since it first arrived in the US nearly 70 years ago, Toyota has invested close to $60 billion. The mega site spans 1,850 acres, or about the size of 121 football fields, and can produce up to 30 GWh annually. Toyota will use the hub to develop and build lithium-ion batteries for its growing lineup of "electrified" vehicles, including battery electric (EV), plug-in hybrid (PHEV), and hybrid (HEV) models. Batteries from the plant will power the new Camry HEV, Corolla Cross HEV, RAV4 HEV, and Toyota's yet-to-be-announced three-row electric SUV.
Read more of this story at Slashdot.
- Russia's AI Robot Falls Seconds After Being Unveiled
Russia's first AI humanoid robot, Aldol, fell just seconds after its debut at a technology event in Moscow on Tuesday. "The robot was being led on stage to the soundtrack from the film 'Rocky,' before it suddenly lost its balance and fell," reports the BBC. "Assistants could then be seen scrambling to cover it with a cloth -- which ended up tangling in the process." Developers of Aldol blamed poor lighting and calibration issues for the collapse, saying the robot's stereo cameras are sensitive to light and the hall was dark.
Read more of this story at Slashdot.
- AI-Generated Song Tops Country Music Chart
Slashdot readers Tablizer and fjo3 share news that an AI-generated country song has topped the U.S. sales chart for the first time this week. ABC News reports: The new country tune, "Walk my Walk" by Breaking Rust, recently hit No. 1 on Billboard's Country Digital Song Sales chart, reaching over 3 million streams on Spotify in less than a month. That success has garnered mixed reactions from music fans and artists alike, particularly on TikTok, where hundreds of users have posted videos addressing the tune and others discussing the music in the comments. Billboard has acknowledged Breaking Rust is an AI act and said it is one of at least six to chart in the past few months alone. "Ultimately, this feels like an experiment to see just how far something like this can go and what happens in the future and in other disciplines of art as well," senior entertainment reporter Kelley L. Carter told ABC News. "AI artists won't require things that a real human artist will require, and once companies start considering it and looking at bottom lines, I think that's when artists should rightly be concerned about it," she added.
Read more of this story at Slashdot.
- Waymo Robotaxis Are Now Giving Rides On Freeways
Waymo is rolling out robotaxi rides that use freeways across Los Angeles, San Francisco, and Phoenix for the first time -- "a critical expansion for the company that it says will reduce ride times by up to 50%," reports TechCrunch. From the report: That stat could help attract a whole new group of users who need to travel between the many towns and suburbs within the greater San Francisco Bay Area or quicken commutes across the sprawling Los Angeles and Phoenix metro areas. Using freeways is also essential for Waymo to offer rides to and from the San Francisco Airport, a location the company is currently testing in. The service won't be offered to all Waymo riders at first, the company said. Waymo riders who want to experience freeway rides can note their preference in the Waymo app. Once the rider hails a ride, they may be matched with a freeway trip, according to the company. The company's robotaxi routes will now stretch to San Jose, an expansion that will create a unified 260-mile service area across the Peninsula, according to Waymo. The company said it will also begin curbside drop off and pick up service at the San Jose Mineta International Airport. It already offers curbside service to the Sky Harbor Phoenix International Airport.
Read more of this story at Slashdot.
- Anthropic To Spend $50 Billion On US AI Infrastructure
An anonymous reader quotes a report from CNBC: Anthropic announced plans Wednesday to spend $50 billion on a U.S. artificial intelligence infrastructure build-out, starting with custom data centers in Texas and New York. The facilities, which will be designed to support the company's rapid enterprise growth and its long-term research agenda, will be developed in partnership with Fluidstack. Fluidstack is an AI cloud platform that supplies large-scale graphics processing unit, or GPU, clusters to clients like Meta, Midjourney and Mistral. Additional sites are expected to follow, with the first locations going live in 2026. The project is expected to create 800 permanent jobs and more than 2,000 construction roles. The investment positions Anthropic as a major domestic player in physical AI infrastructure at a moment when policymakers are increasingly focused on U.S.-based compute capacity and technological sovereignty. "We're getting closer to AI that can accelerate scientific discovery and help solve complex problems in ways that weren't possible before. Realizing that potential requires infrastructure that can support continued development at the frontier," said CEO Dario Amodei. "These sites will help us build more capable AI systems that can drive those breakthroughs, while creating American jobs."
Read more of this story at Slashdot.
- Ask Slashdot: Are There Any Good Android Tablets Out There?
Longtime Slashdot reader hadleyburg writes: For a user with an Android phone and who's happy to stick within the Google ecosystem, an Android tablet might seem like the more obvious choice over an iPad. Of course, iPads are a lot more popular, and asking about Android tablets is likely to invite advice about sticking with what everyone else has. The Slashdot community on the other hand -- being a discerning and thoughtful crowd -- might have some experience in this area and be willing to share the pros and cons they have found. The use case is someone not requiring any heavy usage -- no video editing or gaming -- just email, browsing, YouTube, video calls, and that sort of thing.
Read more of this story at Slashdot.
- Valve Rejoins the VR Hardware Wars With Standalone Steam Frame
Valve is ready to rejoin the VR hardware race with the Steam Frame, a lightweight standalone SteamOS headset that can run games locally or stream wirelessly from a PC using new "foveated streaming" tech. It's set to launch in early 2026. Ars Technica reports: Powered by a Snapdragon 8 Gen 3 processor with 16 GB of RAM, the Steam Frame sports a 2160 x 2160 resolution display per eye at an "up to 110 degrees" field-of-view and up to 144 Hz. That's all roughly in line with 2023's Meta Quest 3, which runs on the slightly less performant Snapdragon XR2 Gen 2 processor. Valve's new headset will be available in models sporting 256GB and 1TB or internal storage, both with the option for expansion via a microSD card slot. Pricing details have not yet been revealed publicly. The Steam Frame's inside-out tracking cameras mean you won't have to set up the awkward external base stations that were necessary for previous SteamVR headsets (including the Index). But that also means old SteamVR controllers won't work with the new hardware. Instead, included Steam Frame controllers will track your hand movements, provide haptic feedback, and offer "input parity with a traditional game pad" through the usual buttons and control sticks. For those who want to bring desktop GPU power to their VR experience, the Steam Frame will be able to connect wirelessly to a PC using an included 6 GHz Wi-Fi 6E adapter. That streaming will be enhanced by what Valve is calling "foveated rendering" technology, which sends the highest-resolution video stream to where your eyes are directly focused (as tracked by two internal cameras). That will help Steam Frame streaming establish a "fast, direct, low-latency link" to the machine, Valve said, though the company has yet to respond to questions about just how much additional wireless latency users can expect. Further reading: Valve Enters the Console Wars
Read more of this story at Slashdot.
- Britain's first small modular reactors to be built in Wales
Government picks Wylfa on Anglesey for initial trio of units, but power unlikely before mid-2030s
The UK will build its first small modular reactor (SMR) nuclear plant at Wylfa on Anglesey, an island off northwest Wales - but it won't generate power until the mid-2030s.…
- Geopolitics push European CIOs to think local on cloud
Majority of customers plan to favor domestic providers as sovereignty fears rise
A survey of CIOs and tech leaders in Western Europe has found 61 percent want to increase their use of local cloud providers amid global geopolitical uncertainty.…
- London left buffering as Hyperoptic backup link refuses to boot
Broadband provider says damaged fiber and dormant failover path knocked customers offline for nearly 24 hours
UK broadband provider Hyperoptic learned the importance of testing backup systems this week after the service went dark for customers in London.…
- NHS supplier ends probe into ransomware attack that contributed to patient death
Synnovis's 18-month forensic review of Qilin intrusion completed, now affected patients to be notified
Synnovis has finally wrapped up its investigation into the 2024 ransomware attack that crippled pathology services across London, ending an 18-month effort to untangle what the NHS supplier describes as one of the most complex data reconstruction jobs it has ever faced.…
- Networking students need an explanation of the internet that can fit in their heads
Networks have changed profoundly, except for the parts that haven’t
Systems Approach When my colleague and co-author Bruce Davie delivered his keynote at the SIGCOMM conference, he was asked a thought-provoking question: How should we think about educating the next generation of students about networking, given how different and more complex the internet is today?…
- Security: Why Linux Is Better Than Windows Or Mac OS
Linux is a free and open source operating system that was released in 1991 developed and released by Linus Torvalds. Since its release it has reached a user base that is greatly widespread worldwide. Linux users swear by the reliability and freedom that this operating system offers, especially when compared to its counterparts, windows and [0]
- Essential Software That Are Not Available On Linux OS
An operating system is essentially the most important component in a computer. It manages the different hardware and software components of a computer in the most effective way. There are different types of operating system and everything comes with their own set of programs and software. You cannot expect a Linux program to have all [0]
- Things You Never Knew About Your Operating System
The advent of computers has brought about a revolution in our daily life. From computers that were so huge to fit in a room, we have come a very long way to desktops and even palmtops. These machines have become our virtual lockers, and a life without these network machines have become unimaginable. Sending mails, [0]
- How To Fully Optimize Your Operating System
Computers and systems are tricky and complicated. If you lack a thorough knowledge or even basic knowledge of computers, you will often find yourself in a bind. You must understand that something as complicated as a computer requires constant care and constant cleaning up of junk files. Unless you put in the time to configure [0]
- The Top Problems With Major Operating Systems
There is no such system which does not give you any problems. Even if the system and the operating system of your system is easy to understand, there will be some times when certain problems will arise. Most of these problems are easy to handle and easy to get rid of. But you must be [0]
- 8 Benefits Of Linux OS
Linux is a small and a fast-growing operating system. However, we can’t term it as software yet. As discussed in the article about what can a Linux OS do Linux is a kernel. Now, kernels are used for software and programs. These kernels are used by the computer and can be used with various third-party software [0]
- Things Linux OS Can Do That Other OS Can�t
What Is Linux OS? Linux, similar to U-bix is an operating system which can be used for various computers, hand held devices, embedded devices, etc. The reason why Linux operated system is preferred by many, is because it is easy to use and re-use. Linux based operating system is technically not an Operating System. Operating [0]
- Packagekit Interview
Packagekit aims to make the management of applications in the Linux and GNU systems. The main objective to remove the pains it takes to create a system. Along with this in an interview, Richard Hughes, the developer of Packagekit said that he aims to make the Linux systems just as powerful as the Windows or [0]
- What’s New in Ubuntu?
What Is Ubuntu? Ubuntu is open source software. It is useful for Linux based computers. The software is marketed by the Canonical Ltd., Ubuntu community. Ubuntu was first released in late October in 2004. The Ubuntu program uses Java, Python, C, C++ and C# programming languages. What Is New? The version 17.04 is now available here [0]
- Ext3 Reiserfs Xfs In Windows With Regards To Colinux
The problem with Windows is that there are various limitations to the computer and there is only so much you can do with it. You can access the Ext3 Reiserfs Xfs by using the coLinux tool. Download the tool from the official site or from the sourceforge site. Edit the connection to “TAP Win32 Adapter [0]
- VMS/XDE: an OpenVMS x86 development environment for Linux and Windows/WSL
VMS/XDE is an OpenVMS x86 development environment for Linux and WIndows (via WSL). It provides a familiar user experience for OpenVMS developers working in Linux and Windows yet offers 100% binary and file system compatilibilty with OpenVMS. VMS/XDE includes OpenVMS V9.2-3 user, supervisor and executive mode operating system environments and a set of x86 native compilers and layered products geared towards OpenVMS software development and testing. ↫ VMS/XDE website VMS/XDE is a beta version, and comes with the usual annoying OpenVMS x86 time bombs, this time exploding on 3 January 2026. If you intend to use the finalised commercial version after the beta period ends, you�ll have to employ the same licenses as regular OpenVMS. It�s a bit of a mess, but that�s the OpenVMS way, sadly � and I don�t blame them, either, as I�m sure they�re hamstrung by a ton of agreements and restrictions imposed upon them by HP. Regardless, VMS/XDE brings a zero setup OpenVMS environment to the operating system you�re already using, making it easier to develop and cross-compile for the platform. I still have absolutely no clue just how many people OpenVMS is still relevant for, but I absolutely adore the fact VMS Software Inc. is working on this. In a world where so many of its former competitors are being held hostage by corporate indifference, it�s refreshing to see VMS still moving forward.
- Plasma Mobile 6.5 keeps improving
As part of the KDE Plasma 6.5 release, we also got a new release of Plasma Mobile. As there�s a lot of changes, improvements, and new features in Plasma Mobile 6.5, the Plasma Mobile Team published a blog post to highlight them all. The biggest improvement is probably the further integration of Waydroid, a necessary evil to run Android applications until the Plasma Mobile ecosystem manages to become a bit more well-rounded. Waydroid can now be managed straight from the settings application and the quick settings dropdown. Furthermore, the lockscreen has been improved considerably, there�s been a ton of polish for the home screen and the user interface in general, the quick settings panel can now be customised to make it fit better on different form factors, the first early test version of the new Plasma mobile keyboard is included, and so much more. This is definitely a release I would want to try out, but since I don�t have any of the supported devices, I�m a bit stuck. This is, of course, one of the two major problems facing proper mobile Linux: the lack of device support. It�s improving due to the tireless work of countless volunteers, but they�re always going to be swimming upstream. The other major problem is, of course, application availability, but at least Waydroid can bridge the gap for the adventurous among us.
- Tribblix m38 released
Tribblix, the Illumos distribution focused on giving you a classic UNIX-style experience, has released a new version. Milestone 38 isn�t the most consequential release of all time, but it does bring a few small changes accompanied by the usual long list of updated open source packages. The zap install command now installs dependencies by default, while zap create-user will now restrict new home directories to mode 0700 by default. Meanwhile, int16h at Cryogenix published an article about using a Bhyve VM running FreeBSD to act as a Wi-Fi bridge for laptops with 802.11xx chips that Tribblix doesn�t support. This is a great, albeit somewhat convoluted option if your hardware uses any Wi-Fi chips Tribblix doesn�t support. There�s honestly a solution for everything, isn�t there?
- Setting up a combined 68k/PA-RISC HP-UX 9 cluster
Jonathan Pallant got lucky and managed to score a massive haul of �90s UNIX workstations, one of which was an HP 9000 Model 340, a HP-UX workstation built around a Motorola 68030 processor at 16.7 MHz. It doesn�t come with a hard drive or even a floppy controller, though, so he decided to borrow a PA-RISC-based HP 9000 Model 705 to set up an HP-UX 9 cluster. But wait, how does that work, when we�re dealing with two entirely different architectures? What�s more fun though, is putting it into a cluster with the Model 705 and network booting it. Yes, that a 68030 machine network booting from a PA-RISC machine 0 and`sharing the same root filesystem. But aren�t PA-RISC binaries and 68K binaries quite different? Oh yes, they really are. So, how does that work? ↫ Jonathan Pallant HP-UX is far more interesting and fascinating than a lot of people give it credit for, and while my interest lies with HP-UX 11i, I find what Pallant is doing here with HP-UX 9 just as fascinating. You first need to install HP-UX 9 for PA-RISC on the 700 series machine, convert it to a cluster server, and then install HP-UX 9 for 68k on top of that PA-RISC installation. After this is done, you effectively end up with a single root file system that contains both PA-RISC and 68k binaries, and you can network boot the 68k-based Model 340 right from it � using the same root filesystem on both machines. Absolutely wild. No, these are not universal binaries or some other trick you might know of from more modern system. In fact, installing the 68k version of HP-UX 9 into! the PA-RISC HP-UX 9 cluster server, you end up with something called a Context Dependent Filesystem. To get a better idea of what this means and how this works, you should really head on over to Pallant�s excellent article for all the details.
- Ironclad 0.7.0 and 0.8.0 released, adds RISC-V support
We�ve talked about Ironclad a few times, but there�s been two new releases since the 0.6.0 release we covered last, so let�s see what the project�s been up to. As a refresher, Ironclad is a formally verified, hard real-time capable kernel written in SPARK and Ada. Versions 0.7.0 and 0.8.0 improved support for block device caching, added a basic NVMe driver, added support for x86’s SMAP, switched from KVM to NVMM for Ironclad’s virtualization interface, and much, much more. In the meantime, Ironclad also added support for RISC-V, making it usable on any 64 bit RISC-V target that supports a Limine-protocol compatible bootloader. The easiest way to try out Ironclad is to download Gloire, a distribution that uses Ironclad and the GNU tools. It can be installed in both a virtual machine and on real hardware.
- Mac OS 7.6 and 8 for CHRP releases discovered
For those of us unaware � unlikely on OSNews, but still � for a hot minute in the second half of the �90s, Apple licensed its Mac OS to OEMs, resulting in officially sanctioned Mac clones from a variety of companies. While intended to grow the Mac�s market share, what ended up happening instead is that the clone makers outcompeted Apple on performance, price, and features, with clones offering several features and capabilities before Apple did � for far lower prices. When Steve Jobs returned to Apple, he killed the clone program almost instantly. The rather abrupt end of the clone program means there�s a number of variants of the Mac OS that never made their way into the market, most notable variants intended for the Common Reference Hardware Platform, or CHRP, a standard defined by IBM and Apple for PowerPC-based PCs. Thanks to the popular classic Mac YouTuber Mac84, we now have a few of these releases out in the wild. These CDs contain release candidates for Mac OS 7.6 and Mac OS 8 for CHRP (Common Hardware Reference Platform) systems. They were created to support CHRP computers, but were never released, likely due to Steve Jobs returning to Apple in September 1997 and eliminating the Mac Clone program and any CHRP efforts. ↫ Mac OS 7.6/8 CHRP releases page Mac84 has an accompanying video diving into more detail about these individual releases by booting and running them in an emulator, so we can get a better idea of what they contain. While most clone makers only got access to Mac OS 7.x, some of them did, in fact, gain access to Mac OS 8, namely UMAX and Power Computing (the latter of which was acquired by Apple). It�s not the clone nature of these releases that make them special, but the fact they�re CHRP releases is. This reference platform was a failure in the market, and only a few of IBM�s own machines and some of Motorola�s PowerStack machines properly supported it. Apple, meanwhile, only aid minor lip service to CHRP in its New World Power Macintosch machines.
- FreeBSD now builds reproducibly and without root privilege
The FreeBSD Foundation is pleased to announce that it has completed work to build FreeBSD without requiring root privilege. We have implemented support for all source release builds to use no-root infrastructure, eliminating the need for root privileges across the FreeBSD release pipeline. This work was completed as part of the`program commissioned by the Sovereign Tech Agency. ↫ FreeBSD Foundation blog This is great news in and of itself, but there�s more: FreeBSD has also improved build reproducability. This means that given the same source input, you should end up with the same binary output, which is an important part of building a verifiable chain of trust. These two improvements combined further add to making FreeBSD a trustworthy, secure option � something it already is anyway. In case you haven�t noticed, the FreeBSD project and its countless contributors are making a ton of tangible progress lately on a wide variety of topics, from improving desktop use, to solidifying Wi-Fi support, to improving the chain of trust. I think the time is quite right for FreeBSD to make some inroads in the desktop UNIX-y space, especially for people to whom desktop Linux has strayed too far from the traditional UNIX philosphy (whatever that means).
- LXQt 2.3.0 released
LXQt, the other Qt desktop environment, released version 2.3.0. This new version comes roughly six months after 2.2.0, and continues the project�s adoption of Wayland. The enhancement of Wayland support has been continued, especially in LXQt Panel, whose Desktop Switcher is now enabled for Labwc, Niri, …. It is also equipped with a backend specifically for Wayfire. In addition, the Custom Command plugin is made more flexible, regardless of Wayland and X11. ↫ LXQt 2.3.0 release announcement The screenshot utility has been improved as well, and lxqt-qdbus has been added to lxqt-wayland-session to make qdbus commands easier to use with all kinds of Wayland compositors.
- WINE gaming in FreeBSD Jails with Bastille
FreeBSD offers a whole bunch of technologies and tools to make gaming on the platform a lot more capable than you�d think, and this article by Pertho dives into the details. Running all your games inside a FreeBSD Jail with Wine installed into it is pretty neat. Initially, I thought this was going to be a pretty difficult and require a lot of trial and error but I was surprised at how easy it was to get this all working. I was really happy to get some of my favorite games working in a FreeBSD Jail, and having ZFS snapshots around was a great way to test things in case I needed to backtrack. ↫ Pertho at their blog No, this isn�t as easy as gaming on Linux has become, and it certainly requires a ton more work and knowledge than just installing a major Linux distribution and Steam, but for those of us who prefer a more traditional UNIX-like experience, this is a great option.
- Tape containing UNIX v4 found
A unique and very important find at the University of Utah: while cleaning out some storage rooms, the staff at the university discovered a tape containing a copy of UNIX v4 from Bell Labs. At this time, no complete copies are known to exist, and as such, this could be a crucial find for the archaeology of early UNIX. The tape in question will be sent to the Computer History Museum for further handling, where bitsavers.org will conduct the recovery process. I have the equipment. It is a 3M tape so it will probably be fine. It will be digitized on my analog recovery set up and I�ll use Len Shustek�s readtape program to recover the data. The only issue right now is my workflow isn�t a while you wait! thing, so I need to pull all the pieces into one physical location and test everything before I tell Penny it�s OK to come out. ↫ bitsavers.org It�s amazing how we still manage to find such treasures in nooks and crannies all over the world, and with everything looking good so far, it seems we�ll soon be able to fill in more of UNIX� early history.
- Arch Linux November 2025 ISO: Fresh Snapshot, Smarter Installer (Archinstall 3.0.12) & Pacman 7.1
by George Whittaker
Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:
Archinstall 3.0.12 – a more polished, smarter TUI installer
Pacman 7.1 – a package manager update with stricter security and better tooling
If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.
Why Arch Still Ships Monthly ISOs in a Rolling World
Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:
sudo pacman -Syu
…but in practice, that’s painful:
Huge initial update downloads
Possible breakage jumping across many months of changes
Outdated installer tooling
That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:
Start with a current kernel and userland
Spend less time updating right after install
Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)
The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.
What’s Inside the November 2025 ISO (2025.11.01)
The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:
Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.
Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.
The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.
You can download it from the official Arch Linux download page or via BitTorrent mirrors.
One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.
Archinstall 3.0.12: What’s Actually New?
Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.
Go to Full Article
- AMD Confirms Zen 5 RNG Flaw: When ‘Random’ Isn’t Random Enough
by George Whittaker
AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.
Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.
What AMD Just Confirmed
AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:
Return the value 0 from RDSEED far more often than true randomness would allow
Still signal “success” (carry flag CF=1), so software thinks it got a good random value
The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.
Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.
AMD classifies the impact as:
Loss of confidentiality and integrity (High severity).
How the Vulnerability Works (In Plain English)What RDSEED Is Supposed to Do
Modern CPUs expose hardware instructions like RDRAND and RDSEED:
RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.
RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).
Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.
What’s Going Wrong on Zen 5
On affected Zen 5 CPUs:
The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.
Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.
In cryptographic terms, this means:
Entropy can be dramatically reduced (many key bits become predictable or even fixed).
Keys or nonces derived from those values can become partially or fully guessable.
Go to Full Article
- The Most Critical Linux Kernel Breaches of 2025 So Far
by George Whittaker
The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.
CVE-2025-21756 – Use-After-Free in the vsock Subsystem
One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.
How the exploit works:A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.
Why it matters:Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.
Mitigation:Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.
CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets
Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.
Attack scenario:A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.
Why it matters:This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.
Mitigation:Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.
CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers
In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Go to Full Article
- Steam Deck 2 Rumors Ignite a New Era for Linux Gaming
by George Whittaker
The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.
What the Rumours Suggest
Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:
Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.
A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.
One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.
Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.
In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.
Why This Matters for Linux Gaming
The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:
Validation of SteamOS & Linux Gaming
The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.
Handheld PC Ecosystem Momentum
Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.
Go to Full Article
- Kali Linux 2025.3 Lands: Enhanced Wireless Capabilities, Ten New Tools & Infrastructure Refresh
by George Whittaker Introduction
The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.
In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.
What’s New in Kali Linux 2025.3
This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.
Tooling Additions: Ten Fresh Packages
One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:
Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).
Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.
Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.
krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.
ligolo-mp – a multiplayer pivoting solution for network-lateral movement.
llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).
mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.
patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).
vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.
Go to Full Article
- VMScape: Cracking VM-Host Isolation in the Speculative Execution Age & How Linux Patches Respond
by George Whittaker Introduction
In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.
Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.
In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).
What VMScape Is & Why It MattersThe Basics of Speculative Side-Channels
Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.
One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.
VMScape: Guest to Host via Branch Predictor
VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”
Here are the key elements making VMScape significant:
The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).
Go to Full Article
- Self-Tuning Linux Kernels: How LLM-Driven Agents Are Reinventing Scheduler Policies
by George Whittaker Introduction
Modern computing systems rely heavily on operating-system schedulers to allocate CPU time fairly and efficiently. Yet many of these schedulers operate blindly with respect to the meaning of workloads: they cannot distinguish, for example, whether a task is latency-sensitive or batch-oriented. This mismatch, between application semantics and scheduler heuristics, is often referred to as the semantic gap.
A recent research framework called SchedCP aims to close that gap. By using autonomous LLM‐based agents, the system analyzes workload characteristics, selects or synthesizes custom scheduling policies, and safely deploys them into the kernel, without human intervention. This represents a meaningful step toward self-optimizing, application-aware kernels.
In this article we will explore what SchedCP is, how it works under the hood, the evidence of its effectiveness, real-world implications, and what caveats remain.
Why the Problem Matters
At the heart of the issue is that general-purpose schedulers (for example the Linux kernel’s default policy) assume broad fairness, rather than tailoring scheduling to what your application cares about. For instance:
A video-streaming service may care most about minimal tail latency.
A CI/CD build system may care most about throughput and job completion time.
A cloud analytics job may prefer maximum utilisation of cores with less concern for interactive responsiveness.
Traditional schedulers treat all tasks mostly the same, tuning knobs generically. As a result, systems often sacrifice optimisation opportunities. Some prior efforts have used reinforcement-learning techniques to tune scheduler parameters, but these approaches have limitations: slow convergence, limited generalisation, and weak reasoning about why a workload behaves as it does.
SchedCP starts from the observation that large language models can reason semantically about workloads (expressed in plain language or structured summaries), propose new scheduling strategies, and generate code via eBPF that is loaded into the kernel via the sched_ext interface. Thus, a custom scheduler (or modified policy) can be developed specifically for a given workload scenario, and in a self-service, automated way.
Architecture & Key Components
SchedCP comprises two primary subsystems: a control-plane framework and an agent loop that interacts with it. The framework decouples “what to optimise” (reasoning) from “how to act” (execution) in order to preserve kernel stability while enabling powerful optimisations.
Here are the major components:
Go to Full Article
- Bcachefs Ousted from Mainline Kernel: The Move to DKMS and What It Means
by George Whittaker Introduction
After years of debate and development, bcachefs—a modern copy-on-write filesystem once merged into the Linux kernel—is being removed from mainline. As of kernel 6.17, the in-kernel implementation has been excised, and future use is expected via an out-of-tree DKMS module. This marks a turning point for the bcachefs project, raising questions about its stability, adoption, and relationship with the kernel development community.
In this article, we’ll explore the background of bcachefs, the sequence of events leading to its removal, the technical and community dynamics involved, and implications for users, distributions, and the filesystem’s future.
What Is Bcachefs?
Before diving into the removal, let’s recap what bcachefs is and why it attracted attention.
Origin & goals: Developed by Kent Overstreet, bcachefs emerged from ideas in the earlier bcache project (a block-device caching layer). It aimed to build a full-featured, general-purpose filesystem combining performance, reliability, and modern features (snapshots, compression, encryption) in a coherent design.
Mainline inclusion: Bcachefs was merged into the mainline kernel in version 6.7 (released January 2024) after a lengthy review and incubation period.
“Experimental” classification: Even after being part of the kernel, bcachefs always carried disclaimers about its maturity and stability—they were not necessarily recommends for production use by all users.
Its presence in mainline gave distributions a path to ship it more casually, and users had easier access without building external modules—an important convenience for adoption.
What Led to the Removal
The excision of bcachefs from the kernel was not sudden but the culmination of tension over development practices, patch acceptance timing, and upstream policy norms.
“Externally Maintained” status in 6.17
In kernel 6.17’s preparation, maintainers marked bcachefs as “externally maintained.” Though the code remained present, the change signified that upstream would no longer accept new patches or updates within the kernel tree.
This move allowed a transitional period. The code was “frozen” inside the tree to avoid breaking existing systems immediately, while preparation was made for future removal.
Go to Full Article
- Linux Mint 22.2 ‘Zara’ Released: Polished, Modern, and Built for Longevity
by George Whittaker Introduction
The Linux Mint team has officially unveiled Linux Mint 22.2, codenamed “Zara”, on September 4, 2025. As a Long-Term Support (LTS) release, Zara will receive updates through 2029, promising users stability, incremental improvements, and a comfortable desktop experience.
This version is not about flashy overhauls; rather, it’s about refinement — applying polish to existing features, smoothing rough edges, weaving in new conveniences (like fingerprint login), and improving compatibility with modern hardware. Below, we’ll delve into what’s new in Zara, what users should know before upgrading, and how it continues Mint’s philosophy of combining usability, reliability, and elegance.
What’s New in Linux Mint 22.2 “Zara”
Here’s a breakdown of key changes, refinements, and enhancements in Zara.
Base, Support & Kernel Stack
Ubuntu 24.04 (Noble) base: Zara continues to use Ubuntu 24.04 as its upstream base, ensuring broad package compatibility and long-term security support.
Kernel 6.14 (HWE): The default kernel for new installations is 6.14, bringing support for newer hardware.
However — for existing systems upgraded from Mint 22 or 22.1 — the older kernel (6.8 LTS) remains the default, because 6.14’s support window is shorter.
Zara is an LTS edition, with security updates and maintenance promised through 2029.
Major Features & EnhancementsFingerprint Authentication via Fingwit
Zara introduces a first-party tool called Fingwit to manage fingerprint-based authentication. With compatible hardware and support via the libfprint framework, users can:
Enroll fingerprints
Use fingerprint login for the screensaver
Authenticate sudo commands
Launch administrative tools via pkexec using the fingerprint
In some cases, bypass password entry at login (unless home directory encryption or keyring constraints force password fallback)
It is important to note that fingerprint login on the actual login screen may be disabled or limited depending on encryption or keyring usage; in those cases, the system falls back to password entry.
UI & Theming Refinements
Sticky Notes app now sports rounded corners, improved Wayland compatibility, and a companion Android app named StyncyNotes (available via F-Droid) to sync notes across devices.
Go to Full Article
- Ubuntu Update Backlog: How a Brief Canonical Outage Cascaded into Multi-Day Delays
by George Whittaker Introduction
In early September 2025, Ubuntu users globally experienced disruptive delays in installing updates and new packages. What seemed like a fleeting outage—only about 36 minutes of server downtime—triggered a cascade of effects: mirrors lagging, queued requests overflowing, and installations hanging for days. The incident exposed how fragile parts of Ubuntu’s update infrastructure can be under sudden load.
In this article, we’ll walk through what happened, why the fallout was so severe, how Canonical responded, and lessons for users and infrastructure architects alike.
What Happened: Outage & Immediate Impact
On September 5, 2025, Canonical’s archive servers—specifically archive.ubuntu.com and security.ubuntu.com—suffered an unplanned outage. The status page for Canonical showed the incident lasting roughly 36 minutes, after which operations were declared “resolved.”
However, that brief disruption set off a domino effect. Because the archives and security servers serve as the central hubs for Ubuntu’s package ecosystem, any downtime causes massive backlog among mirror servers and client requests. Mirrors found themselves out of sync, processing queues piled up, and users attempting updates or new installs encountered failed downloads, hung operations, or “404 / package not found” errors.
On Ubuntu’s community forums, Canonical acknowledged that while the server outage was short, the upload / processing queue for security and repository updates had become “obscenely” backlogged. Users were urged to be patient, as there was no immediate workaround.
Throughout September 5–7, users continued reporting incomplete or failed updates, slow mirror responses, and installations freezing mid-process. Even newly provisioning systems faced broken repos due to inconsistent mirror states.
By September 8, the situation largely stabilized: mirrors caught up, package availability resumed, and normal update flows returned. But the extended period of degraded service had already left many users frustrated.
Why a Short Outage Turned into Days of Disruption
At first blush, 36 minutes seems trivial. Why did it have such prolonged consequences? Several factors contributed:
Centralized repository backplane Ubuntu’s infrastructure is architected around central canonical repositories (archive, security) which then propagate to mirrors worldwide. When the central system is unavailable, mirrors stop receiving updates and become stale.
Go to Full Article
|
