|
1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
Show Descriptions... (Show All/All+Images)
(Single Column)
- Bcachefs goes to "externally maintained"
Linus Torvalds has quietly changedthe maintainer status of bcachefs to "externally maintained",indicating that further changes are unlikely to enter the mainline anytimesoon. This change also suggests, though, that the immediate removal ofbcachefs from the mainline kernel is not in the cards.
- [$] The challenge of maintaining curl
Keynote sessions at Open Source Summit events tend not to allow much time fordetailed talks, and the 2025 OpenSource Summit Europe did not diverge from that pattern. Even so,Daniel Stenberg, the maintainer of the curlproject, managed to cram a lot into the 15 minutes given to him.Like the maintainers of many other projects, Stenberg is feeling somestress, and the problems appear to be getting worse over time.
- [$] Highlights from systemd v258: part one
The next release of systemd has been percolating for an unusuallylong time. Systemd releases are usually about six months apart, butv257 came out inDecember 2024, and v258 just now seems to be nearing the finishline; the third release candidate for v258 was published onAugust 20 (releasenotes). Now is a good time to dig in and take a look at some ofthe new features, enhancements, and removals coming soon tosystemd. These include new workload-management features, a concept formultiple home-directory environments, and the final, once-and-for-allremoval of support for controlgroups version 1.
- Security updates for Friday
Security updates have been issued by AlmaLinux (aide, fence-agents, firefox, kernel-rt, python-cryptography, and thunderbird), Debian (golang-github-gin-contrib-cors, libxml2, and udisks2), Fedora (chromium), Oracle (postgresql16, postgresql:16, python3.11, and thunderbird), Red Hat (lz4 and mpfr), SUSE (chromium, docker, dpkg, firefox, gdk-pixbuf, git, git, git-lfs, obs-scm-bridge, python-PyYAML, gnutls, kernel, libarchive, libxml2, net-tools, netty, perl-Crypt-CBC, polkit, postgresql14, postgresql15, sqlite3, thunderbird, tomcat10, and udisks2), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-gcp, linux-hwe-6.14, linux-raspi, linux-realtime, linux-realtime-6.14, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-oracle-6.8, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-gke, linux-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi, linux-gke, linux-kvm, linux-oem-6.14, linux-realtime, linux-intel-iot-realtime, linux-realtime, linux-raspi-realtime, openldap, and udisks2).
- Python: The Documentary
Attendees at EuroPython had the chance to preview part ofPython: The Documentary during akeynote panel. The full film, created by CultRepo, is now available on YouTube:
This is the story of the world's most beloved programming language:Python. What began as a side project in Amsterdam during the 1990sbecame the software powering artificial intelligence, data science andsome of the world's biggest companies. But Python's future wasn'tcertain; at one point it almost disappeared.
This 90-minute documentary features Guido van Rossum, TravisOliphant, Barry Warsaw, and many more, and they tell the story ofPython's rise, its community-driven evolution, the conflicts thatalmost tore it apart, and the language's impact on... well...everything.
The videoof the keynote is also available.
- Seven stable kernels for Thursday
Greg Kroah-Hartman has announced the release of the 6.16.4, 6.12.44, 6.6.103, 6.1.149, 5.15.190, 5.10.241, and 5.4.297 stable Linux kernels. Each onecontains important fixes.
- [$] Changing GNOME technical governance?
The GNOME project, which recently celebrated its28th birthday, has never had a formal technical governance; progresshas been driven by individuals and groups that advocated for—and workedtoward—a particular goal in an ad hoc fashion. Longtime GNOME contributorEmmanuele Bassi would like to see that change by adding cross-project teamsand a steering committee for the project; to that end, he gave a talk (YouTubevideo) at GUADEC 2025in late July on his idea to establish some technical governance for theproject. He also put together a blogpost with his notes from the talk. The audience reaction wasfavorable, so he has followed up on the GNOME discussion forum with an RFC ongovernance to try to move the effort along.
- Security updates for Thursday
Security updates have been issued by AlmaLinux (aide, firefox, kernel, and mod_http2), Debian (chromium and unbound), Fedora (mod_auth_openidc), Oracle (fence-agents and kernel), SUSE (ignition, jetty-minimal, kernel, libmozjs-128-0, matrix-synapse, postgresql13, postgresql15, postgresql16, and postgresql17), and Ubuntu (kernel).
- [$] LWN.net Weekly Edition for August 28, 2025
Inside this week's LWN.net Weekly Edition:
Front: Groklaw takeover; CRL cache sharing; browsers and XSLT; Microdot; restartable sequences; shadow-stack control Briefs: Android restrictions; Arch services; GhostBSD 25.02; FFmpeg 8.0; PyCon videos; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.
- Rosenzweig: Dissecting the Apple M1 GPU, the end
Alyssa Rosenzweig has written a blog postabout her work to help ship a "great driver" for the Apple M1GPU that supports OpenGL, Vulkan, and enables gaming with Proton.
We've succeeded beyond my dreams. The challenges I chased, I havetackled. The drivers are fully upstream in Mesa. Performance isn't toobad. With the Vulkan on Apple myth busted, conformant Vulkan is nowcoming to macOS via LunarG'sKosmicKrisp project building on my work.
Satisfied, I am now stepping away from the Apple ecosystem. Myfriends in the Asahi Linux orbit will carry the torch from here.
Rosenzweig indicates her next project will be working on Intel'scovered her talk on AppleM1/M2 GPU drivers in October 2024.
- [$] The tangled web of XSLT browser support
The ExtensibleStylesheet Language Transformations (XSLT) language is used by webbrowsers to style XML content to make it easily readable; XSLT is part of theHTML livingstandard that is maintained by the Web Hypertext Application TechnologyWorking Group (WHATWG). Only a small fraction of web sites servecontent that requires web browsers to support XSLT, in part becausemajor browser implementations have neglected the technology over the past 25years. Now, it seems, they would like to rid themselves of itentirely. A planto disable XSLT in Blink (Chrome's rendering engine) and a pull request bya Google Chrome developer to remove mentions of the specification fromthe HTML standard have been met with opposition, but arguments infavor of XSLT have proven ineffective.
- GhostBSD 25.02 released
The GhostBSD project has released version 25.02 of theFreeBSD-based desktop operating system. This release brings GhostBSDup to date with FreeBSD 14.3,includes enhancements for the Software Station package managementapplication, and introduces an "OS X-like" desktop environmentbased on GNUstep called Gershwin:
This early preview includes:
GNUstep-based desktop environment with familiar OS X-styleinterfaceSeamless integration with GhostBSD tools through wrappers forinstaller, Software Station, Backup Station, and Update StationSupport for running non-GNUstep applications alongside GNUstepappsSeveral included GNUstep applications to get you started
LWN covered GhostBSDin June 2024.
- [$] The need to reliably preserve our community history
The Internet is a wonderful thing; it allows anybody to look upinformation of interest. Included in all of that is the history of thefree-software development community; how we got to where we are says a lotabout why things are the way they are and what might come next. So thetakeover of Groklaw rings a loud alarm; we have been reminded that historystored on the Internet is an ephemeral thing and cannot be expected toremain available forever.
- Security updates for Wednesday
Security updates have been issued by Debian (node-cipher-base), Fedora (keylime-agent-rust and libtiff), Oracle (aide, kernel, mod_http2, pam, pki-deps:10.6, python-cryptography, python3, python3.12, and thunderbird), SUSE (cheat, ffmpeg, firebird, govulncheck-vulndb, postgresql17, tomcat, tomcat10, tomcat11, ucode-intel-20250812, and v2ray-core), and Ubuntu (binutils, gst-plugins-base1.0, gst-plugins-good1.0, and linux-raspi-realtime).
- [$] Shadow-stack control in clone3()
Shadow stacks are a control-flow-integrity feature designed to defendagainst exploits that manipulate a thread's call stack. The kernel firstgained support for hardware-implemented shadowstacks, for the x86 architecture, in the 6.6 release; 64-bit Armsupport followed in 6.13. This feature does not give user space muchcontrol over the allocation of shadow stacks for new threads, though; a patchseries from Mark Brown may, after many attempts, finally be aboutto change that situation.
- AAEON MIX-MTLD1 Delivers Intel Core Ultra and OOB Management to Mini-ITX
AAEON has released the MIX-MTLD1, a Mini-ITX motherboard featuring Intel Core Ultra processors, Intel Arc graphics, and an on-chip AI Boost NPU. Built on Intel’s multi-pillar die architecture, the design combines CPU, GPU, and NPU resources to accelerate inference workloads and expand deployment potential across AI-driven and edge applications. The platform is powered by Intel […]
- China's KylinOS Linux takes a great leap forward to v11 and kernel 6.6
Supports several Chinese chips and GPUs – and of course it has AI insideChina’s KylinSoft has delivered a major update to its flagship Linux, which Beijing hailed as a great leap forward for the nation’s ambition to develop operating systems that match and exceed the capabilities of western products.…
- Whisper it: FFmpeg 8 can now subtitle your videos on the fly
Media multitool taps Vulkan for GPU encoding, adds VVC support, and dusts off some ancient formatsFFmpeg 8.0 brings GPU-accelerated video encoding via Vulkan – and can now subtitle your videos automatically using integrated speech recognition.…
- Linux 6.17 Showing Off Some Nice Gains For 5th Gen AMD EPYC "Turin" Performance
Earlier this week I provided benchmarks looking at the Linux 5.15 LTS through Linux 6.17 Git kernel performance using the latest stable and development kernels compared to the Long Term Support (LTS) kernels over the past four years. For having hardware support back to Linux 5.15 I was using an AMD EPYC Milan-X server. In those benchmarks there were some nice gains and even from Linux 6.16 to 6.17 Git was around a 3% geo mean improvement. So I was curious to run some benchmarks on the latest-generation AMD EPYC 9005 "Turin" processors to see if there was similar uplift there...
- DongshanPi Previews RK3576-Based SBC Targeted at Computer Vision
DongshanPi has shared early details about an upcoming SBC designed for AI and computer vision education. Based on the Rockchip RK3576, the DshanPi-A1 supports OpenCV and multimedia workloads through a software stack built around ArmbianOS (community-supported) and Rockchip’s media and inference libraries. DshanPi-A1 features the Rockchip RK3576, an octa-core processor with four Cortex-A72 and four […]
- Linux Patches To Unconditionally Enable Architecture-Optimized BLAKE2s Support
While Linus Torvalds doesn't too often like new kernel options being enabled by default, one area where it has proven beneficial and otherwise an oversight by those configuring their own kernel builds is the architecture-optimized crypto algorithm implementations. Some will enable support for different kernel crypto algorithms only to forget or be unaware that there are CPU architecture specific implementations that can also typically be enabled for much better performance over the common code. Google engineer Eric Biggers has been cleaning this up and BLAKE2s is the latest receiving treatment...
- Google and Zed push protocol to pry AI agents out of VS Code's clutches
Because not every bot wants to live inside Microsoft's walled gardenGoogle and code editor company Zed Industries have introduced the Agent Client Protocol (ACP) as a standard way for AI agents to integrate with an IDE, with the idea that this will prevent developers getting locked into VS Code.…
- Olimex Showcases ESP32-C5-EVB Development Board
Olimex has announced the ESP32-C5-EVB, an open-source hardware evaluation board based on the ESP32-C5-WROOM-N8R4 module from Espressif. The board integrates dual-band Wi-Fi 6, Bluetooth 5 LE, Zigbee/Thread, relays, opto-isolated inputs, and LiPo UPS support, and is designed as a flexible platform for IoT development and prototyping. The ESP32-C5 is the first RISC-V microcontroller supporting dual-band […]
- FTC Claims Gmail Filtering Republican Emails Threatens 'American Freedoms'
Federal Trade Commission Chairman Andrew Ferguson accused Google of using "partisan" spam filtering in Gmail that sends Republican fundraising emails to the spam folder while delivering Democratic emails to inboxes. From a report: Ferguson sent a letter yesterday to Alphabet CEO Sundar Pichai, accusing the company of "potential FTC Act violations related to partisan administration of Gmail." Ferguson's letter revives longstanding Republican complaints that were previously rejected by a federal judge and the Federal Election Commission. "My understanding from recent reporting is that Gmail's spam filters routinely block messages from reaching consumers when those messages come from Republican senders but fail to block similar messages sent by Democrats," Ferguson wrote. The FTC chair cited a recent New York Post report on the alleged practice. The letter told Pichai that if "Gmail's filters keep Americans from receiving speech they expect, or donating as they see fit, the filters may harm American consumers and may violate the FTC Act's prohibition of unfair or deceptive trade practices." Ferguson added that any "act or practice inconsistent with" Google's obligations under the FTC Act "could lead to an FTC investigation and potential enforcement action."
 
Read more of this story at Slashdot.
- Microsoft Says Recent Windows Update Didn't Kill Your SSD
Microsoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting solid-state drives (SSDs) and hard disk drives (HDDs). From a report: Redmond first told BleepingComputer last week that it is aware of users reporting SSD failures after installing this month's Windows 11 24H2 security update. In a subsequent service alert seen by BleepingComputer, Redmond said that it was unable to reproduce the issue on up-to-date systems and began collecting user reports with additional details from those affected. "After thorough investigation, Microsoft has found no connection between the August 2025 Windows security update and the types of hard drive failures reported on social media," Microsoft said in an update to the service alert this week. "As always, we continue to monitor feedback after the release of every Windows update, and will investigate any future reports."
Read more of this story at Slashdot.
- Today's Game Consoles Are Historically Overpriced
ArsTechnica: Today's video game consoles are hundreds of dollars more expensive than you'd expect based on historic pricing trends. That's according to an Ars Technica analysis of decades of pricing data and price-cut timing across dozens of major US console releases. The overall direction of this trend has been apparent to industry watchers for a while now. Nintendo, Sony, and Microsoft have failed to cut their console prices in recent years and have instead been increasing the nominal MSRP for many current consoles in the past six months. But when you crunch the numbers, it's pretty incredible just how much today's console prices defy historic expectations, even when you account for higher-than-normal inflation in recent years. If today's consoles were seeing anything like what used to be standard price cuts over time, we could be paying around $200 today for pricey systems like the Switch OLED, PS5 Digital Edition, and Xbox Series S.
Read more of this story at Slashdot.
- Macron Vows Retaliation If Europe's Digital Sovereignty Attacked
French President Emmanuel Macron vowed a strong response [non-paywalled source] if any country takes measures that undermine Europe's digital sovereignty. From a report: Earlier this week, US President Donald Trump threatened to impose fresh tariffs and export restrictions on countries that have digital services taxes or regulations that harm American tech companies. France was among the first nations to implement a digital services tax. "We will not let anyone else decide for us on this matter," he told reporters in Toulon, France, on Friday. "We cannot allow our digital sector or the regulations we have chosen for ourselves, which are a necessity, to be threatened today." Trump has long railed against EU tech and antitrust regulation over US tech giants including Alphabet's Google and Apple.
Read more of this story at Slashdot.
- Bank Apologizes For Firing Staff With Accidental Email
One of Australia's largest banks has apologized to staff who found out they had been fired through an automated email asking them to hand back their laptops. From a report: ANZ's retail banking executive Bruce Rush said it was "not our intention to share such sensitive news with you in this way" as the firm cuts jobs in its retail banking business. The bank said the emails were sent to some staff ahead of schedule in error. It said it has since stopped sending the emails and that staff have been spoken to personally. The Financial Sector Union said the email caused "panic and distress" and was a result of the company forcing through a "chaotic pace of change." The union's president Wendy Streets said it had not been consulted on the changes the bank was making, adding that "ANZ must do better." "Speed and cost-cutting cannot come at the expense of dignity and respect for workers," Ms Streets said, describing the "botched" episode as "disgusting." Mr Rush wrote in an email to staff: "Unfortunately, these emails indicate an exit date for some of our colleagues before we've been able to share their outcome with them."
Read more of this story at Slashdot.
- UK Sought Broad Access To Apple Customers' Data, Court Filing Suggests
A newly published Investigatory Powers Tribunal filing indicates the UK government's Technical Capability Notice to Apple went beyond the company's Advanced Data Protection encryption to include standard iCloud services used by millions [non-paywalled source]. The document states the UK Home Office order "is not limited to" ADP data and applies "globally in respect of the relevant data categories of all iCloud users." The filing emerged days after Trump administration officials claimed the UK had agreed to drop efforts targeting American citizens' data. Apple launched its legal challenge in March after receiving the TCN, which the company cannot discuss publicly under the Investigatory Powers Act. The tribunal scheduled a hearing for early next year. Apple withdrew ADP from UK customers in February.
Read more of this story at Slashdot.
- Georgia Tech Is Teaching Other Universities a Fundraising Lesson
Universities facing federal research budget cuts are increasingly turning to corporate partnerships for funding as Georgia Tech secures $70 million from industry this fiscal year -- 28% more than last year and representing 15% of campus research funding versus the 6% national average. The Atlanta school's corporate engagement office has fielded multiple weekly calls from other institutions seeking guidance after securing deals including Hyundai's $55 million stadium naming rights agreement alongside undisclosed research investments in electric vehicle and hydrogen fuel technologies. The arrangements come with restrictions: nondisclosure agreements limit publication options for graduate students, and companies typically avoid funding basic research without immediate commercial applications. Federal grants still constitute over half of university research spending nationally, supporting early-stage discovery work that laid groundwork for current quantum computing developments.
Read more of this story at Slashdot.
- Steam Users in the UK Will Need a Credit Card To Access 'Mature Content' Games
An anonymous reader shares a report: Valve has started to comply with the UK's Online Safety Act, by rolling out a requirement for all Brits to verify their age with a credit card to access "mature content" pages and games on Steam. UK users won't even be able to access the community hubs of mature content games unless a valid credit card is stored on a Steam account. While platforms like Reddit, Bluesky, and Discord have opted for age verification checks using selfies, Valve is restricting its age checks to just credit cards, according to a support article. "Among all age assurance mechanisms reviewed by Valve, this process preserves the maximum degree of user privacy," says Valve. "Having the credit card stored as a payment method acts as an additional deterrent against circumventing age verification by sharing a single Steam user account among multiple persons."
Read more of this story at Slashdot.
- A Troubled Man, His Chatbot and a Murder-Suicide in Old Greenwich
A 56-year-old tech industry veteran killed his mother and himself in Old Greenwich, Connecticut on August 5 after months of interactions with ChatGPT that encouraged his paranoid delusions. Greenwich police discovered Stein-Erik Soelberg and his 83-year-old mother Suzanne Eberson Adams dead in their home. Videos posted by Soelberg documented conversations where ChatGPT repeatedly assured him he was sane while validating his beliefs about surveillance campaigns and poisoning attempts by his mother. The chatbot told him a Chinese food receipt contained demonic symbols and that his mother's anger over a disconnected printer indicated she was "protecting a surveillance asset." OpenAI has contacted Greenwich police and announced plans for updates to help keep users experiencing mental distress grounded in reality.
Read more of this story at Slashdot.
- Engineers Send Quantum Signals With Standard Internet Protocol
An anonymous reader quotes a report from Phys.org: In a first-of-its-kind experiment, engineers at the University of Pennsylvania brought quantum networking out of the lab and onto commercial fiber-optic cables using the same Internet Protocol (IP) that powers today's web. Reported in Science, the work shows that fragile quantum signals can run on the same infrastructure that carries everyday online traffic. The team tested their approach on Verizon's campus fiber-optic network. The Penn team's tiny "Q-chip" coordinates quantum and classical data and, crucially, speaks the same language as the modern web. That approach could pave the way for a future "quantum internet," which scientists believe may one day be as transformative as the dawn of the online era. Quantum signals rely on pairs of "entangled" particles, so closely linked that changing one instantly affects the other. Harnessing that property could allow quantum computers to link up and pool their processing power, enabling advances like faster, more energy-efficient AI or designing new drugs and materials beyond the reach of today's supercomputers. Penn's work shows, for the first time on live commercial fiber, that a chip can not only send quantum signals but also automatically correct for noise, bundle quantum and classical data into standard internet-style packets, and route them using the same addressing system and management tools that connect everyday devices online. "By showing an integrated chip can manage quantum signals on a live commercial network like Verizon's, and do so using the same protocols that run the classical internet, we've taken a key step toward larger-scale experiments and a practical quantum internet," says Liang Feng, Professor in Materials Science and Engineering (MSE) and in Electrical and Systems Engineering (ESE), and the Science paper's senior author. "This feels like the early days of the classical internet in the 1990s, when universities first connected their networks," added Robert Broberg, a doctoral student in ESE and co-author of the paper. "That opened the door to transformations no one could have predicted. A quantum internet has the same potential."
Read more of this story at Slashdot.
- Taco Bell's AI Drive-Thru Plan Gets Caught Up On Trolls and Glitches
Taco Bell's rollout of AI-powered drive-thru assistants has run into problems, with glitches and trolls gaming the system by making absurd orders like thousands of water cups. It's so bad that the company is reconsidering where and how to deploy the tech, admitting it may not work well in "super busy" restaurants. "We're learning a lot, I'm going to be honest with you," Dane Mathews, Taco Bell's chief digital and technology officer, told the WSJ. "I think like everybody, sometimes it lets me down, but sometimes it really surprises me." The Verge reports: Since announcing plans to put AI in the drive-thru last year, Taco Bell has deployed the tech in over 500 locations across the US, according to the WSJ. Other fast-food chains are experimenting with AI, too, including McDonald's, Wendy's, and White Castle. Mathews tells the outlet that while the company still plans on pushing ahead with AI voice technology and evaluating the data, he's discovered that using AI exclusively in certain situations, like a drive-thru for "super busy restaurants with long lines," might not be such a great idea after all.
Read more of this story at Slashdot.
- Nanoparticles Turn Houseplants Into Night Lights
Longtime Slashdot reader cristiroma shares a report from New Atlas: Wouldn't it be great if the plants in your home could do more than just sit there looking pretty? Researchers at South China Agricultural University in the city of Guangzhou have found a way to upgrade them into soft glowing night lights in a range of hues, with the use of nanoparticles. The team developed a light-emitting phosphor compound that enabled succulents with fleshy leaves to charge in sunlight or indoor LED light in just a couple of minutes, and then emit a soft uniform glow that lasts up to two hours. The afterglow phosphor compound -- which is similar to those found in glow-in-the-dark toys -- is inexpensive, biocompatible, and negates the need for more complex methods of infusing bioluminescence in plants, like genetic modification. It simply gets injected into the leaves. [...] Beyond modifying a commercial compound for this project, the team also had to figure out the right size for the phosphor particles so they'd work as intended inside plants. Shuting Liu, first author on the study that appeared in Matter this week, noted, "Smaller, nano-sized particles move easily within the plant but are dimmer. Larger particles glowed brighter but couldn't travel far inside the plant." Through extensive testing, the researchers arrived at an optimal size of around 7 micrometers, about the width of a red blood cell. They also determined through experimentation that the particles worked best in succulents, rather than plants with thinner leaves like bok choy. Once they'd landed on the right particle size, loading concentration, and plant type, the team found that the phosphor material diffused into succulent leaves almost instantly, and uniformly lit up entire leaves -- enough to illuminate nearby objects. The scientists were also able to create modified phosphors that glowed in colors like green, red, and blue. That could make for novel indoor or garden decor, as well as pathway lighting. These luminous plants also don't cost much -- according to Liu, "Each plant takes about 10 minutes to prepare and costs a little over 10 yuan (about $1.4), not including labor." Over the course of 10 days, the injected plants didn't show any signs of damage, yellowing, structural integrity, or even reduced levels of chlorophyll.
Read more of this story at Slashdot.
- Florida Deploys Robot Rabbits To Control Invasive Burmese Python Population
An anonymous reader quotes a report from CBS News: They look, move and even smell like the kind of furry Everglades marsh rabbit a Burmese python would love to eat. But these bunnies are robots meant to lure the giant invasive snakes out of their hiding spots. It's the latest effort by the South Florida Water Management District to eliminate as many pythons as possible from the Everglades, where they are decimating native species with their voracious appetites. In Everglades National Park, officials say the snakes have eliminated 95% of small mammals as well as thousands of birds. "Removing them is fairly simple. It's detection. We're having a really hard time finding them," said Mike Kirkland, lead invasive animal biologist for the water district. "They're so well camouflaged in the field." The water district and University of Florida researchers deployed 120 robot rabbits this summer as an experiment. Previously, there was an effort to use live rabbits as snake lures but that became too expensive and time-consuming, Kirkland said. The robots are simple toy rabbits, but retrofitted to emit heat, a smell and to make natural movements to appear like any other regular rabbit. "They look like a real rabbit," Kirkland said. They are solar powered and can be switched on and off remotely. They are placed in small pens monitored by a video camera that sends out a signal when a python is nearby. "Then I can deploy one of our many contractors to go out and remove the python," Kirkland said. The total cost per robot rabbit is about $4,000, financed by the water district, he added.
Read more of this story at Slashdot.
- Amtrak's New 160mph Acela Trains Take Just As Long As the Old Ones
Amtrak's new 160 mph tilting Acela trains have debuted on the Northeast Corridor, offering smoother rides, upgraded interiors, faster Wi-Fi, and 27% more seating capacity. However, "they don't complete the journey any faster than the old trains," reports The Independent. From the report: Acela runs from Washington, DC's Union Station to Boston via Philadelphia, New York Penn Station, New Haven, and Providence. It's a total distance of 457 miles, with the fastest next-gen Acela journey being six hours and 43 minutes, five minutes slower than the quickest end-to-end time offered by the old Acela trains, introduced in 2000. However, this may be because, as is common practice with new trains the world over, Amtrak is scheduling longer dwell times at stations so staff and passengers can adjust to them. The next-gen sets have a top service speed that's 10mph faster -- though this can only be achieved on certain sections of the mostly 110mph route -- and an enhanced "anticipative" tilting system that allows for higher speeds through curves.
Read more of this story at Slashdot.
- Microsoft Reveals Two In-House AI Models
Today, Microsoft unveiled two in-house AI models: MAI-Voice-1, a high-speed speech-generation system now live in Copilot, and MAI-1-Preview, its first end-to-end foundation model trained on 15,000 H100 GPUs. Neowin reports: MAI-Voice-1 is a speech generation model and is already available in Copilot Daily and Podcasts. To preview the full capabilities of this voice model, Microsoft has created a new Copilot Labs experience that anyone can try today. With the Copilot Audio Expressions experience, users can just paste text content and select the voice, style, and mode to generate high-fidelity, expressive audio. They can also download the generated audio if required. Microsoft also highlighted that this MAI-Voice-1 model is very fast and efficient. In fact, it can generate a full minute of audio in under a second on a single GPU. Second, Microsoft has begun public testing of MAI-1-preview on LMArena, a popular platform for community model evaluation. This represents MAI's first foundation model trained end-to-end and offers a glimpse of future offerings inside Copilot. They are actively spinning the flywheel to deliver improved models and will have much more to share in the coming months. MAI-1-preview is an MoE (mixture-of-experts) model, pre-trained and post-trained on nearly 15,000 NVIDIA H100 GPUs. Notably, MAI-1-preview is Microsoft's first foundation model trained end-to-end in-house. Microsoft claims that this model is better at following instructions and can offer helpful responses to everyday user questions. Microsoft will be rolling out this new model to certain text use cases within Copilot over the coming weeks.
Read more of this story at Slashdot.
- GitHub engineer claims team was 'coerced' to put Grok into Copilot
Platform's staffer complains security review was 'rushed'
Microsoft-owned collaborative coding platform GitHub is deepening its ties with Elon Musk's xAI, bringing early access to the company's Grok Code Fast 1 large language model (LLM) into GitHub Copilot. However, a whistleblower has claimed that the rollout suffers from inadequate security testing and an engineering team operating under duress.…
- Pentagon ends Microsoft's use of China-based support staff for DoD cloud
'It blows my mind,' says SecDef
The Pentagon has formally kiboshed Microsoft's use of China-based employees to support Azure cloud services deployed by US government agencies, and it's demanding Microsoft do more of its own digging to determine whether any sensitive data was compromised. …
- Enterprise password management outfit Passwordstate patches Emergency Access bug
Up to 29,000 organizations and potentially 370,000 security and IT pros affected
Australian development house Click Studios has warned users of its Passwordstate enterprise password management platform to update immediately if not sooner, following the discovery of an authentication bypass vulnerability that opens the doors to an emergency administration account with nothing more than a "carefully crafted URL."…
- How Windows 11 is breaking from its bedrock and moving away
The once mighty Wintel supercontinent is cracking in more ways than you might think
Opinion Say what you like about its role in the destruction of civilization, the net is still good for a few party games. Take bets on when the "Wintel Empire" was first reported as under attack, and by what. Then go and find out.…
- Cloud computing has become so normal, it's invisible
Maybe someday we'll just call it 'data processing' again
Feature In IT, terms and categories come and go. Distinctions disappear as computing evolves and as something that was shiny and new simply becomes the way that we do things.…
- China’s KylinOS Linux takes a great leap forward to v11 and kernel 6.6
Supports several Chinese chips and GPUs – and of course it has AI inside
China’s KylinSoft has delivered a major update to its flagship Linux, which Beijing hailed as a great leap forward for the nation’s ambition to develop operating systems that match and exceed the capabilities of western products.…
- FBI cyber cop: Salt Typhoon pwned 'nearly every American'
Plus millions of other people across 80+ countries
China's Salt Typhoon cyberspies hoovered up information belonging to millions of people in the United States over the course of the years-long intrusion into telecommunications networks, according to a top FBI cyber official.…
- Older developers are down with the vibe coding vibe
They use AI more but also check it more
For those who thought AI vibe coding was just for the youngsters, newly published research shows that developers with over 10 years of experience are more than twice as likely to do it.…
- DOGE delayed deals, says Nutanix
But private cloud contender sees upside in its modernization mission
Donald Trump's DOGE cost-cutting unit has made it harder to do business with the US federal government, according to private cloud contender Nutanix.…
- vSphere upgrades are not near the top of VMware's to-do list
Nor is its Arm port
When VMware delivered its Cloud Foundation 9 suite in June, it marked the end of a two-year push to integrate its compute, storage, and networking products. What’s next for the Broadcom business unit? At the VMware Explore conference this week, The Register sniffed out a few other items on its to-do list.…
- Whisper it: FFmpeg 8 can now subtitle your videos on the fly
Media multitool taps Vulkan for GPU encoding, adds VVC support, and dusts off some ancient formats
FFmpeg 8.0 brings GPU-accelerated video encoding via Vulkan – and can now subtitle your videos automatically using integrated speech recognition.…
- Google and Zed push protocol to pry AI agents out of VS Code's clutches
Because not every bot wants to live inside Microsoft's walled garden
Google and code editor company Zed Industries have introduced the Agent Client Protocol (ACP) as a standard way for AI agents to integrate with an IDE, with the idea that this will prevent developers getting locked into VS Code.…
- Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Shadowserver counts more than 13,000 appliances still wide open – including thousands in US, Germany, and UK
Thousands of Citrix NetScaler appliances remain exposed to a trio of security flaws that the vendor patched this week, one of which is already being actively exploited in the wild.…
- Good morning, Brit Xbox fans – ready to prove your age?
Microsoft blames incoming UK Online Safety Act, says you have until 2026
Microsoft has begun emailing users of its Xbox gaming platform with likely unwelcome news: users will need to verify their age if they want to keep access to the company's various social services, and it's blaming the UK Online Safety Act.…
- UK unions want 'worker first' plan for AI as people fear for their jobs
Labor group says new technologies could increase inequality if we're not careful
AI-Pocalypse Over half of the British public are worried about the impact of AI on their jobs, according to employment unions, which want the UK government to adopt a "worker first" strategy rather than simply allowing corporations to ditch employees for algorithms.…
- Wastewater monitoring project could catch next pandemic early, says health agency
UK starts early warning system combing through stuff that folks flush away
The UK Health Security Agency is looking to set up an early warning system ahead of future pandemics, launching a £1.3 million (around $1.75 million) program to identify "cutting-edge technologies" which could turn people's pee and poop into valuable data on the spread of viruses.…
- ChatGPT hates LA Chargers fans
Harvard researchers find model guardrails tailor query responses to user's inferred politics and other affiliations
OpenAI's ChatGPT appears to be more likely to refuse to respond to questions posed by fans of the Los Angeles Chargers football team than to followers of other teams.…
- Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting. Read More at Causely
The post Using OpenTelemetry and the OTel Collector for Logs, Metrics, and Traces appeared first on Linux.com.
- Xen 4.19 is released
Xen Project 4.19 has been officially out since July 31st, 2024, and it brings significant updates. With enhancements in performance, security, and versatility across various architectures like Arm, PPC, RISC-V, and x86, this release is an important milestone for the Xen community. Read more at XCP-ng Blog
The post Xen 4.19 is released appeared first on Linux.com.
- Advancing Xen on RISC-V: key updates
At Vates, we are heavily invested in the advancement of Xen and the RISC-V architecture. RISC-V, a rapidly emerging open-source hardware architecture, is gaining traction due to its flexibility, scalability and openness, which align perfectly with our ethos of fostering open development ecosystems. Although the upstream version of Xen for RISC-V is not yet fully [0]
The post Advancing Xen on RISC-V: key updates appeared first on Linux.com.
- AI Produces Data-driven OpenFOAM Speedup (HPC Wire)
Researchers from TU Darmstadt, TU Dresden, Hewlett Packard Enterprise (HPE), and Intel have developed advanced applications that combine HPC simulations with AI techniques using the open-source computational fluid dynamics solver OpenFOAM and the HPE-led SmartSim AI/ML library. These applications show promise for improving the accuracy and capabilities of traditional scientific and engineering modelling with data-driven [0]
The post AI Produces Data-driven OpenFOAM Speedup (HPC Wire) appeared first on Linux.com.
- GNOME Executive Director Steps Down After Four Months
It was barely four months ago that the GNOME Foundation announced its new Executive Director, Steven Deobald, who was taking over afterHolly Million stepped down after less than one year. Today Deobald announced he is stepping down as the Executive Director...
- Linux 6.17 Showing Off Some Nice Gains For 5th Gen AMD EPYC "Turin" Performance
Earlier this week I provided benchmarks looking at the Linux 5.15 LTS through Linux 6.17 Git kernel performance using the latest stable and development kernels compared to the Long Term Support (LTS) kernels over the past four years. For having hardware support back to Linux 5.15 I was using an AMD EPYC Milan-X server. In those benchmarks there were some nice gains and even from Linux 6.16 to 6.17 Git was around a 3% geo mean improvement. So I was curious to run some benchmarks on the latest-generation AMD EPYC 9005 "Turin" processors to see if there was similar uplift there...
- AMD ISP4 Driver Updated As It Nears The Mainline Linux Kernel
Posted today to the Linux kernel mailing list was the patch series for introducing the AMD ISP4 driver to the mainline kernel. This supports the image signal processor IP that to date is found with HP's Strix Halo powered ZBook Ultra G1a laptop. With time, future AMD Ryzen laptops will also likely be leveraging this ISP technology for offloading more webcamera work from the CPU, but for now the HP ZBook Ultra G1a is the main beneficiary of this open-source driver...
- Linux Patches To Unconditionally Enable Architecture-Optimized BLAKE2s Support
While Linus Torvalds doesn't too often like new kernel options being enabled by default, one area where it has proven beneficial and otherwise an oversight by those configuring their own kernel builds is the architecture-optimized crypto algorithm implementations. Some will enable support for different kernel crypto algorithms only to forget or be unaware that there are CPU architecture specific implementations that can also typically be enabled for much better performance over the common code. Google engineer Eric Biggers has been cleaning this up and BLAKE2s is the latest receiving treatment...
- Agama 17 OS Installer Preps For SUSE Linux Enterprise 16.0
Ahead of the upcoming SUSE Linux Enterprise 16.0 release, SUSE engineers are busy finishing up work on their new "Agama" operating system installer. Agama 17 is now available as what will be the installer powering SUSE Linux Enterprise 16 installations or a version very similar to this latest milestone...
- x86 Ecosystem Advisory Group Aligning On FRED, AVX10 & APX
Last year Intel and AMD formed an x86 Ecosystem Advisory Group "EAG" in collaboration with key partners. The x86 Ecosystem Advisory Group is to collaborate and innovate further around the x86_64 ISA. With AMD and Intel in agreement, FRED (Flexible Return Event Delivery), AVX10, and Advanced Performance Extensions (APX) are some of the early areas where they are finding common ground and interest...
- Mesa 25.1.9 Released To End Out The Mesa 25.1 Series
With Mesa 25.2.1 recently having been released, the prior quarter's Mesa 25.1 series is now drawing to a close. Excellent Mesa release manager Eric Engestrom released Mesa 25.1.9 as one last point release for Mesa 25.1 before ending this branch...
- Framework Desktop Power Mode Tuning For Better Performance Or Power Efficiency
Continuing on with our Framework Desktop benchmarking powered by AMD Ryzen AI Max "Strix Halo", today we are looking at the performance and power impact of power mode tuning for this review sample powered by the AMD Ryzen AI Max+ 395 SoC. A wide variety of benchmarks were done across the power saver / balanced / performance power modes for looking at the impact on performance as well as thermals and power consumption.
- RADV Vulkan Driver Lands Untyped Pointers Support
Introduced earlier this month with the Vulkan API 1.4.325 spec update was the introduction of the untyped pointers extension with VK_KHR_shader_untyped_pointers and SPIR-V's underlying SPV_KHR_untyped_pointers for providing an alternative option to strongly-typed pointers. As of yesterday the Mesa Radeon Vulkan driver "RADV" is now supporting this untyped pointers extension...
- The Former Lead For Apple Graphics Drivers On Linux Is Now Working At Intel
There's a follow-up to yesterday's surprising story of Alyssa Rosenzweig stepping away from Asahi Linux and that ARM graphics driver work where she led reverse engineering and development of the Asahi Gallium3D and HoneyKrisp Vulkan drivers within Mesa. She's now working at Intel on their Linux graphics drivers...
- Latest NOVA Patches From NVIDIA Get The GSP Booting To RISC-V Active State
The NOVA open-source kernel graphics driver continues getting slowly built-up for the NVIDIA RTX 20 "Turing" and newer GPUs that sport the GPU System Processor (GSP) for easing the hardware initialization and management of modern NVIDIA GPUs within the mainline kernel. This Rust-written kernel driver now has patches pending for booting up the NVIDIA GSP to its RISC-V active state...
- Rusticl vs. Intel Compute Runtime Performance For OpenCL On Battlemage
Earlier this month I ran some benchmarks of Mesa9s Rusticl OpenCL driver against AMD ROCm on Strix Halo. Those benchmarks caught many by surprise with how well that Rust-based open-source OpenCL driver was working on AMD GPUs for being a generic OpenCL implementation built atop Mesa9s Gallium3D. For those curious about the potential of Rusticl on the Intel graphics side, here are some Battlemage benchmarks for Rusticl up against Intel9s official Compute Runtime driver stack.
- Framework Laptop 16 Upgrade Announced With Ryzen AI 300 Series, GeForce RTX 5070
While the Framework 13 was upgraded earlier this year with a motherboard upgrade for the AMD Ryzen AI 300 series "Strix Point", the larger Framework 16 has been stuck in the Zen 4 era. But today Framework announced a new upgrade path for this 16-inch modular laptop for the Ryzen AI 300 series as well as NVIDIA GeForce RTX 5070 discrete graphics...
- Blocky Planet: making Minecraft spherical
Blocky Planet is a tech demo I created in the`Unity game engine`that attempts to map Minecraft’s cubic voxels onto a spherical planet. The planet is procedurally generated and fully destructible, allowing players to place or remove more than 20 different block types. While much of the implementation relies on common techniques you’d expect from your average Kirkland brand Minecraft clone, the spherical structure introduces a number of unique design considerations. This post will focus on these more novel challenges. ↫ Bowerbyte What a great read. Turning a �flat earth� game like Minecraft into something taking place on a spherical world seems impossible at first, but it seems Bowerbyte managed to do it. If you�ve ever wondered what it would be like to play a Minecraft-like game on an actual sphere, this is it.
- Genode OS Framework 25.08 released
Genode 25.08 is ripe with deeply technical topics that have been cooking since the beginning of the year or even longer. In particular our new kernel scheduler as the flagship feature of this release has been in the works since February 2024. Section`Kernel scheduling for fairness and low latency`tells its background story and explains the approach taken. Another culmination of a long-term endeavor is the introduction of an alternative to XML syntax, specifically designed for the usage patterns of Genode and Sculpt OS. Section`Consideration of a lean alternative to XML`kicks off the practical evaluation of an idea that gradually evolved over more than two years. Also the holistic storage optimizations presented in Section`Block-storage stack renovations`are the result of careful long-term analysis, planning, and execution. ↫ Genode 25.08 release notes While these are the three tentpole features for this release, there�s a whole lot more here, as well. Genode�s Linux-based PC device drivers have all been updated to Linux 6.12, there are a ton of fixes related to USB, optional EFI boot support in VirtualBox 6, and tons more.
- The EU needs a corporate open source contribution tax! to fund open source maintainers
Open source, the thing that drives the world, the thing Harvard says has an economic value of 8.8 trillion dollars (also a big number). Most of it is one person. And I can promise you not one of those single person projects have the proper amount of resources they need. If you want to talk about possible risks to your supply chain, a single maintainer that’s grossly underpaid and overworked. That’s the risk. The country they are from is irrelevant. ↫ Josh Bressers If the massive corporations that exploit the open source world for massive personal profit don�t want to contribute back, perhaps it�s time we start making them. I envision an European Economic Area-wide open source contribution tax!, levied against any technology corporation operating within the European Economic Area, whether they actually make use of open source code or not, not entirely unlike how insurance works � you pay into it even if you don�t make any claims. Such tax could be based on revenue, number of users, or any combination thereof or other factors. The revenue from this open source contribution tax is put into an EEA-wide fund and redistributed to EEA-based open source maintainers in the form of a monetary subsidy. Such types of taxes and money redistribution frameworks already exist in virtually every country for a whole wide variety of purposes and in a wide variety of forms, both in non-commercial and commercial settings. While it may seem complicated at first, it really isn�t. The most difficult aspect is definitely figuring out who, exactly, would be eligible to receive the subsidy and how much, but that, too, is a question both governments and commercial entities answer every single day. No, it will never be perfect, and some people will receive a subsidy who shouldn�t, and some who should receive it will not, but if that�s a valid reason not to implement a tax like this, no tax or insurance should be implemented. The benefits are legion. Of course, there is the primary benefit of alleviating the thousands of open source maintainers who form the backbone of pretty much out entire digital infrastructure, which in and of itself should be reason enough. On top of that, it would also strengthen the open source world � on which, I wish to reiterate, our entire digital infrastructure is built � against the kind of infiltration we saw with XZ Utils. And to put another top on top of that, it would cement Europe, or the EEA more specifically, as the hub for open source development, innovation, and leadership, and would surely attract countless open source maintainers to relocate to Europe. In other words, it would serve the grander European ambition to become less dependent on the criminal behaviour US tech giants and the erratic behaviour of the US government. We can either wait indefinitely for those who exploit the free labour of open source maintainers to contribute, or we make them.
- In-application browsers: the worst erosion of user choice you haven�t heard of
A long, long time ago, Android treated browser tabs in a very unique way. Individual tabs were were seen as �applications�, and would appear interspersed with the recent applications list as if they were, indeed, applications. This used to be one of my favourite Android features, as it made websites feel very well integrated into the overall user experience, and gave them a sense of place within your workflows. Eventually, though, Google decided to remove this unique approach, as we can�t have nice things and everything must be bland, boring, and the same, and now finding a website you have open requires going to your browser and finding the correct tab. More approachable to most people, I�d wager, but a reduction in usability, for me. I still mourn this loss. Similarly, we�ve seen a huge increase in the use of in-application browsers, a feature designed to trap users inside applications, instead of letting them freely explore the web the moment they click on a link inside an application. Application developers don�t want you leaving their application, so almost all of them, by default, will now open a webview inside the application when you click on an outbound link. For advertising companies, like Google and Facebook, this has the additional benefit of circumventing any and all privacy protections you may have set up in your browser, since those won�t apply to the webview the application opens. This sucks. I hate in-application browsers with a passion. Decades of internet use have taught me that clicking on a link means I�m opening a website in my browser. That�s what I want, that�s what I expect, and that�s how it should be. In-application webviews entirely break this normal chain of events; not because it improves the user experience, but because it benefits the bottom line of others. It�s also a massive security risk. Worst of all, this switch grants these apps the ability to spy and manipulate third-party websites. Popular apps like Instagram, Facebook Messenger and Facebook have all been caught injecting JavaScript via their in-app browsers into third party websites. TikTok was running commands that were essentially a keylogger. While we have no proof that this data was used or exfiltrated from the device, the mere presence of JavaScript code collecting this data combined with no plausible explanation is extremely concerning. ↫ Open Web Advocacy Open Web Advocacy has submitted a detailed and expansive report to the European Commission detailing the various issues with these in-application browsers, and suggests a number of remedies to strengthen security, improve privacy, and preserve browser choice. I hope this gets picked up, because in-application browsers are just another way in which we�re losing control over our devices.
- Word to save new files on Microsoft�s servers by default
You already need custom scripts and third-party applications that make custom Windows ISOs to make installing Windows somewhat bearable � unless you enjoy spending hours manually disabling all the anti-user settings in Windows � and now there�s another setting to add to the massive, growing list of stuff you have to fix after setting up a new Windows installation. Microsoft has announced that Word will start saving every new file to OneDrive (or another provider if you�ve installed one) by default. We are modernizing the way files are created and stored in Word for Windows! Now you don’t have to worry about saving your documents: Anything new you create will be saved automatically to OneDrive or your preferred cloud destination. ↫ Raul Munoz on the Microsoft 365 Insider Blog There�s the usual spiel of how this is safer and supposedly more convenient, but I suspect the real reason Microsoft is doing this is listed right there at the end of the list of supposed benefits: this enables the use of Copilot�s AI! features right from the beginning. In other words, by automatically saving your new Word documents to OneDrive by default, you�re giving Microsoft access to whatever you write for AI! training purposes. The setting can be changed, but defaults matter and few people change them. It�s also possible to set another provider than OneDrive as your online storage, but again � defaults matter. In fact, I wouldn�t be surprised if few people will even realise their Word documents will be stored not on their local PC, but on Microsoft�s servers.
- Dick Pick�s unique database operating system
We usually at least recognize old computer hardware and software names. But Asianmoetry taught us a new one: Pick OS. This 1960s-era system was sort of a database and sort of an operating system for big iron used by the Army. The request was for an English-like query language, and TRW assigned two guys, Don Nelson and Dick Pick, to the job. The planned query language would allow for things like “list the title, author, and abstract of every transportation system reference with the principal city ‘Los Angeles’.” This was GIM or generalized information management, and, in a forward-looking choice, it ran in a virtual machine. ↫ Al Williams at Hackaday The linked article is a short summary of a YouTube video by the YouTube channel Asianometry, which goes into a lot more detail about Pick OS, where it came from, what it can do, who the people involved were, and where Pick OS eventually ended up. I had never heard of this system before, and it�s easy to see why � not only was it used almost exclusively in vertically integrated complete solutions, it was also whitelabeled, so it existed under countless different names. Regardless, it seems the people who actually had to use it were incredibly enthusiastic about it, and to this day you can read new comments from people fondly remembering how easy to use it was. It has always been proprietary, and still is to this day, apparently owned by a company called Rocket Software, who don�t seem to actually be doing anything with it.
- Guix gets a new Rust packaging model
While Nix and NixOS get all the attention when it comes to declarative package management, there are other, competing implementations of the same general idea. Guix, developed as part of the GNU Project, was originally based on Nix, but grew into its own thing. The project recently announced a major change to how it packages Rust and its countless dependencies and optional �crates�. We have changed to a simplified Rust packaging model that is easier to automate and allows for modification, replacement and deletion of dependencies at the same time. The new model will significantly reduce our Rust packaging time and will help us to improve both package availability and quality. ↫ Hilton Chain at the Guix blog I hear people talk about Nix and NixOS all the time � I tried it myself, too, but I felt I was using an IBM z17 mainframe to watch a YouTube video � and in fact, Nix has kind of become a meme in and of itself, but you never hear people talk about Guix. With this being OSNews, I�m assuming there�s going to be people here using it, and I�m incredibly curious about your experiences. What are the features and benefits that make you use it? If you�re curious � the best way to try Guix is probably to install the GNU Guix System, the Linux distribution built around Guix and Shepard, GNU�s alternative init system. It�s available for i686, x86_64, ARMv7, and AArch64, and can be virtualised too, of course.
- The size of Adobe Reader installers through the years
The following chart shows how the Adobe Reader installer has grown in size over the years. When possible, 64-bit versions of installers were used. ↫ Alexander Gromnitsky Disk space is cheap, sure, but this is insanity.
- My OpenBSD home network setup!
I recently moved to an area with more internet provider options, all of which were not satellite-based. This change allowed me leave my current provider (Starlink) and also freed my network from being locked behind CGNAT. The jump from ~150Mbps to 1Gbps has been fantastic, but the real benefit in this switch has been the ability to overhaul my home network setup. ↫ Bradley Taunt OpenBSD is generally the way to go for custom router setups, it seems, and if it wasn�t for my own full Ubiquiti setup, I�d definitely consider this too.
- Google to require developer certification to install Android applications, even outside of the Play Store
Google�s grip on Android keeps tightening. In what will certainly be another step that we will look back upon as just another nail in the coffin, Google is going to require every Android developer to register with Google, even if they don�t publish anything in the Play Store. In other words, even if you develop Android applications ad only make them available through F-Droid or GitHub, you�ll still have to register with Google and hand over a bunch of personal information and a small fee of $25. Google is effectively recreating Apple�s Gatekeeper for macOS, but on Android. It won�t come as a surprise to you that Google is doing this in the name of security and protecting users. The company claims that its own analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play!, and the main reason is that malware developers can hide behind anonymity. As such, Google�s solution is to simply deanonymise every single Android developer. Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down. Think of it like an ID check at the airport, which confirms a traveler�s identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from. This change will start in a few select countries specifically impacted by these forms of fraudulent app scams, often from repeat perpetrators. ↫ Suzanne Frey at the Android Developer Blog This new policy will only apply to certified Android devices!, which means Android devices that ship with Google Play Services and all related Google stuff preinstalled. How this policy will affect devices running de-Googled Android ROMs like GrapheneOS where the user has opted to install the Play Store and Google Play Services is unclear. Google does claim the personal information you hand over as part of your registration will remain entirely private and not be shown to anyone, but that�s not going to reassure anyone. To its small credit, Google intends to create an Android Developer Console explicitly for developers who only operate outside of the Play Store, and a special workflow for students and hobbyists that waives the $25 fee. First tests will start in October of this year, with an official rollout in a number of countries later in 2026, which will then expand to cover the whole world. The first countries seeing the official rollout will be countries hit especially hard by scams (according to Google�s research, at least): Brazil, Indonesia, Singapore, and Thailand. Google has been trying to claw back control over Android for years now, and it seems the pace is accelerating lately. None of these steps should surprise you, but they should highlight just how crucially important it is that we somehow managed to come to a viable third way, something not controlled by either Apple or Google.
- I revived pkgsrc on AIX!
Earlier this year, I was trying to get actual daily work done on HP-UX 11.11 (11i v1) running on HP�s last and greatest PA-RISC workstation, the HP c8000. After weeks of frustration caused first by outdated software no longer working properly with the modern web, and then by modern software no longer compiling on HP-UX 11.11, I decided to play the ace up my sleeve: NetBSD�s pkgsrc has support for HP-UX. Sadly, HP-UX is obviously not a main platform or even a point of interest for pkgsrc developers � as it should be, nobody uses this combination � so various incompatibilities and more modern requirements had snuck into pkgsrc, and I couldn�t get it to bootstrap. I made some minor progress here and there with the help of people far smarter than I, but in the end I just lacked the skills to progress any further. This story will make it to OSNews in a more complete form, I promise. Anyway, in May of this year, it seems Brian Robert Callahan was working on a very similar problem: getting pkgsrc to work properly on IBM�s AIX. The state of packages on AIX genuinely surprises me. IBM hosts a`repository`of open source software for AIX. But it seems pretty sparse compared to what you`could`get with pkgsrc. Another`website`offering AIX packages seems quite old. I think pkgsrc would be a great way to bring modern packages to AIX. I am not the first to think this. There are AIX 7.2 pkgsrc packages available at`this repository, however all the packages are compiled as 32-bit RISC System/6000 objects. I would greatly prefer to have everything be 64-bit XCOFF objects, as we could do more with 64-bit programs. There also aren�t too many packages in that repository, so I think starting fresh is in our best interest. As we shall see, this was not as straightforward as I would have hoped. ↫ Brian Robert Callahan Reading through his journey getting pkgsrc to work properly on AIX, I can�t help but feel a bit better about myself not being to get it to work on HP-UX 11.11. Callahan was working with AIX 7.2 TL4, which was released in November 2019 and still actively supported by IBM on a maintained architecture, while I was working with HP-UX 11.11 (or 11i v1), which last got some updates in and around 2005, running on an architecture that�s well dead and buried. Looking at what Callahan still had to figure out and do, it�s not surprising someone with my lack of skill in this area couldn�t get it working. I�m still hoping someone far smarter than I stumbles upon a HP c8000 and dives into getting pkgsrc to work on HP-UX, because I feel pkgsrc could turn an otherwise incredibly powerful HP c8000 from a strictly retro machine into something borderline usable in the modern world. HP-UX is much harder to virtualise � if it�s even possible at all � so real hardware is probably going to be required. The NetBSD people on Mastodon suggested I could possibly give remote access to my machine so someone could dive into this, which is something I�ll keep under consideration.
- Windows 11 to get ability to resume applications from Android which nobody will implement
The history of Android applications on Windows is convoluted, with various failed and cancelled attempts by Microsoft to allow Windows users to run Android applications behind us. Now that these attempts are well dead and buried, Microsoft is going at it from a different perspective: what if you could continue where you left off on your Android phone, right on your Windows machine, but without having to run an Android applications on Windows? We are beginning to gradually roll out the ability to seamlessly resume using your favorite apps from your Android phone on your Windows 11 PC to Windows Insiders in the Dev and Beta Channels. To start with, you will be able to resume or continue listening to your favorite Spotify tracks and episodes right from where you left off on the Spotify app on your Android phone. First, start listening to one of your favorite songs or episodes in the Spotify app on your Android phone. On your PC (running the latest Insider Preview builds in the Dev or Beta Channels) a ‘Resume alert’`will appear on`your taskbar. When you click on that alert, Spotify’s desktop app will open and the same track will now continue playing on your PC. ↫ Amanda Langowski and Brandon LeBlanc So basically, the Spotify application on Windows will know where you left off on the Spotify application on Android, and resume playback. This is table-stakes for most services, and it doesn�t seem like it would warrant such a big announcement from Microsoft, and while I don�t use Spotify, I assume it was already built into the service anyway. It seems all Microsoft is doing is providing a nice little notification to expose that functionality a little bit more clearly, but it also explains that you need to manually link your device and the Spotify Android application to the Windows PC and Spotify Windows application, which seems like a lot of manual steps. Does this mean every application developer needs to opt into this and add this feature, thereby making it dead on arrival? Well, yes, you�ll need to add support on both sides of the equation, which I can guarantee you very few developers will do. Not only does this feature require you to already have a Windows version of your application � which, statistically, you don�t � it also requires you to do the work yourself, and manually apply to Microsoft to even gain access to the required APIs and SDKs. The odds of this feature making it beyond a few very big names Microsoft can give money to is slim.
- My other email client is a daemon
I have a slight problem wherein every time I start up a game of NetHack, I completely lose touch with my surroundings for hours on end. Thankfully`The DevTeam Thinks Of Everything`and there’s a solution that allows communication with the outside world without breaking immersion: the mail daemon! If compiled with`-DMAIL`and`OPTIONS=mail`is set in your runtime configuration (the default on Linux), NetHack will periodically check a user specified mbox file (MAIL) for new mail, and upon receiving an email a mail daemon will spawn in and deliver a scroll of mail to the player. Upon reading this scroll a mail program (MAILREADER) will be executed, which hopefully allows you to read your mail. ↫ George Huebner I love everything about this.
- Nitro: a tiny but flexible init system and process supervisor
The most unlikely subsystem of contention is definitely the init system used by Linux, with most popular distributions opting for systemd, while a vocal minority prefers to use something else. Neither of these two groups are wrong or right, as we live in a free world and different people have different needs and desires. Personally, I don�t think there�s a more utterly pointless and meaningless debate than this, and people who make the init system they use their entire personality more often than not come across as really, really sad. It�s a tool; use the one you like and move on with life. A brand new init system was recently released by Leah Neukirchen, who among a ton of other things, contributes to Void Linux. It�s called nitro, and it�s a tiny process supervisor that also can be used as pid 1 on Linux!, and it also can be used on FreeBSD supervised by FreeBSD�s init. There�s some overlap with runit here, so Neukirchen published a blog post detailing the differences between the two, which should help in getting a better understanding of what makes nitro stand apart. While both use a directory of services managed by small scripts, nitro seems to opt for a more contained, monolithic approach, as it keeps everything in a single process. On top of that, Nitro contains some new features runit doesn�t have. The focus seems to be on integrating a few capabilities that on runit require hacks, but on nitro are just built-in, like support for one-shot �services�, i.e. running scripts on up/down without a process to supervise (e.g. persist audio volume, keep RNG state)!, running service directories multiple times, and more. Nitro also maintains its runtime state in RAM and provides an IPC service to query it, meaning it can be run on read-only filesystems without special configuration. There�s a lot more information in Neukirchen�s blog post, including a look at some of the current limitations of Nitro. I highly suggest reading it, and perhaps we will see nitro as another valid alternative to the popular systemd.
- The AI! bubble is showing cracks, and Microsoft ruins Excel
It�s not AI winter just yet, though there is a distinct chill in the air. Meta is shaking up and downsizing its artificial intelligence division. A new report out of MIT finds that 95 percent of companies� generative AI programs have failed to earn any profit whatsoever. Tech stocks tanked Tuesday, regarding broader fears that this bubble may have swelled about as large as it can go. Surely, there will be no wider repercussions for normal people if and when Nvidia, currently propping up the market like a load-bearing matchstick, finally runs out of fake companies to sell chips to. But getting in under the wire, before we�re all bartering gas in the desert and people who can read become the priestly caste, is Microsoft, with the single most Who asked for this?! application of AI I�ve seen yet: They�re jamming it into Excel. ↫ Barry Petchesky at Defector I�m going to skip over the mounting and palpable uneasiness that the cracks in the AI! bubble are starting to form, and go right to that thing about Excel. Quite possible one of the most successful applications of all time, and the backbone of countless small, medium, and even large business, it started out as a Mac program to supplant Microsoft�s MultiPlan, which was being clobbered in the market by Lotus 1-2-3. It wasn�t until version 2.0 that it came to Intel, as an application that contained a Windows runtime. It was a port of Excel 2.0 for the Mac. Anyway, it took a few years, but Excel took over the market, and I don�t think any other spreadsheet program has ever even remotely threatened its market dominance ever since. Well, not until Google Sheets arrived on the scene � it�s hard to find any useful numbers, but it seems Google Sheets is insanely popular in all kinds of sectors, at least according to Statista. They claim Google�s online office suite has a 49% market share, with Microsoft Office sitting at 29%. I have no idea how that translates into the usage shares of Google Sheets versus Microsoft Excel, but it�s a sign of the times, regardless. One of the things you�d expect a spreadsheet to do is calculate numbers and tabulate data, and to do so accurately. The core competency of a computer is to compute, do stuff with numbers, and we�d flip out collective shit if our computers failed to do such basic arithmetic. So, what if I told you that Microsoft, in its infinite wisdom, has decided to add AI! to Excel, and as such, has to add a disclaimer that this means Excel may not do basic arithmetic correctly? Look, we can all disagree on the use of AI!, where it makes sense, where it doesn�t, if it even does anything useful, and so on, but I would assume � for the world�s sake � that we can at least agree that using AI! in an application used to do very important calculations for a lot of business is a really, really dumb idea? Is the person doing the bookkeeping in Excel at Windmill Restaurant, in Spearville, Kansas, properly aware of the limitations of AI!, or are they not following technology that closely, and as such only hear the marketing and hype? A spreadsheet should give accurate outcomes based on the input given by humans. The moment you let a confabulator loose on your spreadsheet, it ceases being a tool that can be used for anything even remotely serious. The fact that Microsoft is adding this nonsense to Excel and letting it loose on the unsuspecting public at large is absolutely wild to me, and I can assure you it�s going to have serious consequences for a lot of people. Microsoft, of course, will be able to point at the disclaimer buried in some random support document and absolve itself of any and all responsibility. I�d like to point out that Lotus 1-2-3 probably still runs on Windows 11, for no reason at all.
- Why is my device a touchpad and a mouse and a keyboard?
If you have spent any time around HID devices under Linux (for example if you are an avid mouse, touchpad or keyboard user) then you may have noticed that your single physical device actually shows up as multiple device nodes (for free! and nothing happens for free these days!). If you haven�t noticed this, run libinput record and you may be part of the lucky roughly 50% who get free extra event nodes. ↫ Peter Hutterer I�ve honestly always wondered about this, since some of my laptops shows both a trackpad and a mouse configuration panel even when there�s no mouse plugged in. Thanks to this article, I now know why this happens.
- EU OS: A Bold Step Toward Digital Sovereignty for Europe
Image 
A new initiative, called "EU OS," has been launched to develop a Linux-based operating system tailored specifically for the public sector organizations of the European Union (EU). This community-driven project aims to address the EU's unique needs and challenges, focusing on fostering digital sovereignty, reducing dependency on external vendors, and building a secure, self-sufficient digital ecosystem.
What Is EU OS?
EU OS is not an entirely novel operating system. Instead, it builds upon a Linux foundation derived from Fedora, with the KDE Plasma desktop environment. It draws inspiration from previous efforts such as France's GendBuntu and Munich's LiMux, which aimed to provide Linux-based systems for public sector use. The goal remains the same: to create a standardized Linux distribution that can be adapted to different regional, national, and sector-specific needs within the EU.
Rather than reinventing the wheel, EU OS focuses on standardization, offering a solid Linux foundation that can be customized according to the unique requirements of various organizations. This approach makes EU OS a practical choice for the public sector, ensuring broad compatibility and ease of implementation across diverse environments.
The Vision Behind EU OS
The guiding principle of EU OS is the concept of "public money – public code," ensuring that taxpayer money is used transparently and effectively. By adopting an open-source model, EU OS eliminates licensing fees, which not only lowers costs but also reduces the dependency on a select group of software vendors. This provides the EU’s public sector organizations with greater flexibility and control over their IT infrastructure, free from the constraints of vendor lock-in.
Additionally, EU OS offers flexibility in terms of software migration and hardware upgrades. Organizations can adapt to new technologies and manage their IT evolution at a manageable cost, both in terms of finances and time.
However, there are some concerns about the choice of Fedora as the base for EU OS. While Fedora is a solid and reliable distribution, it is backed by the United States-based Red Hat. Some argue that using European-backed projects such as openSUSE or KDE's upcoming distribution might have aligned better with the EU's goal of strengthening digital sovereignty.
Conclusion
EU OS marks a significant step towards Europe's digital independence by providing a robust, standardized Linux distribution for the public sector. By reducing reliance on proprietary software and vendors, it paves the way for a more flexible, cost-effective, and secure digital ecosystem. While the choice of Fedora as the base for the project has raised some questions, the overall vision of EU OS offers a promising future for Europe's public sector in the digital age.
Source: It's FOSS
European Union
- Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linus Torvalds Acknowledges Missed Release of Linux 6.14 Due to Oversight
Linux kernel lead developer Linus Torvalds has admitted to forgetting to release version 6.14, attributing the oversight to his own lapse in memory. Torvalds is known for releasing new Linux kernel candidates and final versions on Sunday afternoons, typically accompanied by a post detailing the release. If he is unavailable due to travel or other commitments, he usually informs the community ahead of time, so users don’t worry if there’s a delay.
In his post on March 16, Torvalds gave no indication that the release might be delayed, instead stating, “I expect to release the final 6.14 next weekend unless something very surprising happens.” However, Sunday, March 23rd passed without any announcement.
On March 24th, Torvalds wrote in a follow-up message, “I’d love to have some good excuse for why I didn’t do the 6.14 release yesterday on my regular Sunday afternoon schedule,” adding, “But no. It’s just pure incompetence.” He further explained that while he had been clearing up unrelated tasks, he simply forgot to finalize the release. “D'oh,” he joked.
Despite this minor delay, Torvalds’ track record of successfully managing the Linux kernel’s development process over the years remains strong. A single day’s delay is not critical, especially since most Linux users don't urgently need the very latest version.
The new 6.14 release introduces several important features, including enhanced support for writing drivers in Rust—an ongoing topic of discussion among developers—support for Qualcomm’s Snapdragon 8 Elite mobile chip, a fix for the GhostWrite vulnerability in certain RISC-V processors from Alibaba’s T-Head Semiconductor, and a completed NTSYNC driver update that improves the WINE emulator’s ability to run Windows applications, particularly games, on Linux.
Although the 6.14 release went smoothly aside from the delay, Torvalds expressed that version 6.15 may present more challenges due to the volume of pending pull requests. “Judging by my pending pile of pull requests, 6.15 will be much busier,” he noted.
You can download the latest kernel here.
Linus Torvalds kernel
- AerynOS 2025.03 Alpha Released with GNOME 48, Mesa 25, and Linux Kernel 6.13.8
Image 
AerynOS 2025.03 has officially been released, introducing a variety of exciting features for Linux users. The release includes the highly anticipated GNOME 48 desktop environment, which comes with significant improvements like HDR support, dynamic triple buffering, and a Wayland color management protocol. Other updates include a battery charge limiting feature and a Wellbeing option aimed at improving user experience.
This release, while still in alpha, incorporates Linux kernel 6.13.8 and the updated Mesa 25.0.2 graphics stack, alongside tools like LLVM 19.1.7 and Vulkan SDK 1.4.309.0. Additionally, the Moss package manager now integrates os-info to generate more detailed OS metadata via a JSON file.
Future plans for AerynOS include automated package updates, easier rollback management, improved disk handling with Rust, and fractional scaling enabled by default. The installer has also been revamped to support full disk wipes and dynamic partitioning.
Although still considered an alpha release, AerynOS 2025.03 can be downloaded and tested right now from its official website.
Source: 9to5Linux
AerynOS
- Xojo 2025r1: Big Updates for Developers with Linux ARM Support, Web Drag and Drop, and Direct App Store Publishing
Image 
Xojo has just rolled out its latest release, Xojo 2025 Release 1, and it’s packed with features that developers have been eagerly waiting for. This major update introduces support for running Xojo on Linux ARM, including Raspberry Pi, brings drag-and-drop functionality to the Web framework, and simplifies app deployment with the ability to directly submit apps to the macOS and iOS App Stores.
Here’s a quick overview of what’s new in Xojo 2025r1:
1. Linux ARM IDE Support
Xojo 2025r1 now allows developers to run the Xojo IDE on Linux ARM devices, including popular platforms like Raspberry Pi. This opens up a whole new world of possibilities for developers who want to create apps for ARM-based devices without the usual complexity. Whether you’re building for a Raspberry Pi or other ARM devices, this update makes it easier than ever to get started.
2. Web Drag and Drop
One of the standout features in this release is the addition of drag-and-drop support for web applications. Now, developers can easily drag and drop visual controls in their web projects, making it simpler to create interactive, user-friendly web applications. Plus, the WebListBox has been enhanced with support for editable cells, checkboxes, and row reordering via dragging. No JavaScript required!
3. Direct App Store Publishing
Xojo has also streamlined the process of publishing apps. With this update, developers can now directly submit macOS and iOS apps to App Store Connect right from the Xojo IDE. This eliminates the need for multiple steps and makes it much easier to get apps into the App Store, saving valuable time during the development process.
4. New Desktop and Mobile Features
This release isn’t just about web and Linux updates. Xojo 2025r1 brings some great improvements for desktop and mobile apps as well. On the desktop side, all projects now include a default window menu for macOS apps. On the mobile side, Xojo has introduced new features for Android and iOS, including support for ColorGroup and Dark Mode on Android, and a new MobileColorPicker for iOS to simplify color selection.
5. Performance and IDE Enhancements
Xojo’s IDE has also been improved in several key areas. There’s now an option to hide toolbar captions, and the toolbar has been made smaller on Windows. The IDE on Windows and Linux now features modern Bootstrap icons, and the Documentation window toolbar is more compact. In the code editor, developers can now quickly navigate to variable declarations with a simple Cmd/Ctrl + Double-click. Plus, performance for complex container layouts in the Layout Editor has been enhanced.
What Does This Mean for Developers?
Xojo 2025r1 brings significant improvements across all the platforms that Xojo supports, from desktop and mobile to web and Linux. The added Linux ARM support opens up new opportunities for Raspberry Pi and ARM-based device development, while the drag-and-drop functionality for web projects will make it easier to create modern, interactive web apps. The ability to publish directly to the App Store is a game-changer for macOS and iOS developers, reducing the friction of app distribution.
How to Get Started
Xojo is free for learning and development, as well as for building apps for Linux and Raspberry Pi. If you’re ready to dive into cross-platform development, paid licenses start at $99 for a single-platform desktop license, and $399 for cross-platform desktop, mobile, or web development. For professional developers who need additional resources and support, Xojo Pro and Pro Plus licenses start at $799. You can also find special pricing for educators and students.
Download Xojo 2025r1 today at xojo.com.
Final Thoughts
With each new release, Xojo continues to make cross-platform development more accessible and efficient. The 2025r1 release is no exception, delivering key updates that simplify the development process and open up new possibilities for developers working on a variety of platforms. Whether you’re a Raspberry Pi enthusiast or a mobile app developer, Xojo 2025r1 has something for you.
Xojo ARM
- New 'Mirrored' Network Mode Introduced in Windows Subsystem for Linux
Microsoft's Windows Subsystem for Linux (WSL) continues to evolve with the release of WSL 2 version 0.0.2. This update introduces a set of opt-in preview features designed to enhance performance and compatibility.
Key additions include "Automatic memory reclaim" which dynamically optimizes WSL's memory footprint, and "Sparse VHD" to shrink the size of the virtual hard disk file. These improvements aim to streamline resource usage.
Additionally, a new "mirrored networking mode" brings expanded networking capabilities like IPv6 and multicast support. Microsoft claims this will improve VPN and LAN connectivity from both the Windows host and Linux guest.
Complementing this is a new "DNS Tunneling" feature that changes how DNS queries are resolved to avoid compatibility issues with certain network setups. According to Microsoft, this should reduce problems connecting to the internet or local network resources within WSL.
Advanced firewall configuration options are also now available through Hyper-V integration. The new "autoProxy" feature ensures WSL seamlessly utilizes the Windows system proxy configuration.
Microsoft states these features are currently rolling out to Windows Insiders running Windows 11 22H2 Build 22621.2359 or later. They remain opt-in previews to allow testing before final integration into WSL.
By expanding WSL 2 with compelling new capabilities in areas like resource efficiency, networking, and security, Microsoft aims to make Linux on Windows more performant and compatible. This evolutionary approach based on user feedback highlights Microsoft's commitment to WSL as a key part of the Windows ecosystem.
Windows
- Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in Attacks on Government Entities
The threat actor Earth Lusca, linked to Chinese state-sponsored hacking groups, has been observed utilizing a new Linux backdoor dubbed SprySOCKS to target government organizations globally.
As initially reported in January 2022 by Trend Micro, Earth Lusca has been active since at least 2021 conducting cyber espionage campaigns against public and private sector targets in Asia, Australia, Europe, and North America. Their tactics include spear-phishing and watering hole attacks to gain initial access. Some of Earth Lusca's activities overlap with another Chinese threat cluster known as RedHotel.
In new research, Trend Micro reveals Earth Lusca remains highly active, even expanding operations in the first half of 2023. Primary victims are government departments focused on foreign affairs, technology, and telecommunications. Attacks concentrate in Southeast Asia, Central Asia, and the Balkans regions.
After breaching internet-facing systems by exploiting flaws in Fortinet, GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca uses web shells and Cobalt Strike to move laterally. Their goal is exfiltrating documents and credentials, while also installing additional backdoors like ShadowPad and Winnti for long-term spying.
The Command and Control server delivering Cobalt Strike was also found hosting SprySOCKS - an advanced backdoor not previously publicly reported. With roots in the Windows malware Trochilus, SprySOCKS contains reconnaissance, remote shell, proxy, and file operation capabilities. It communicates over TCP mimicking patterns used by a Windows trojan called RedLeaves, itself built on Trochilus.
At least two SprySOCKS versions have been identified, indicating ongoing development. This novel Linux backdoor deployed by Earth Lusca highlights the increasing sophistication of Chinese state-sponsored threats. Robust patching, access controls, monitoring for unusual activities, and other proactive defenses remain essential to counter this advanced malware.
The Trend Micro researchers emphasize that organizations must minimize attack surfaces, regularly update systems, and ensure robust security hygiene to interrupt the tactics, techniques, and procedures of relentless threat groups like Earth Lusca.
Security
- Linux Kernel Faces Reduction in Long-Term Support Due to Maintenance Challenges
The Linux kernel is undergoing major changes that will shape its future development and adoption, according to Jonathan Corbet, Linux kernel developer and executive editor of Linux Weekly News. Speaking at the Open Source Summit Europe, Corbet provided an update on the latest Linux kernel developments and a glimpse of what's to come.
A major change on the horizon is a reduction in long-term support (LTS) for kernel versions from six years to just two years. Corbet explained that maintaining old kernel branches indefinitely is unsustainable and most users have migrated to newer versions, so there's little point in continuing six years of support. While some may grumble about shortened support lifecycles, the reality is that constantly backporting fixes to ancient kernels strains maintainers.
This maintainer burnout poses a serious threat, as Corbet highlighted. Maintaining Linux is largely a volunteer effort, with only about 200 of the 2,000+ developers paid for their contributions. The endless demands on maintainers' time from fuzz testing, fixing minor bugs, and reviewing contributions takes a toll. Prominent maintainers have warned they need help to avoid collapse. Companies relying on Linux must realize giving back financially is in their interest to sustain this vital ecosystem.
The Linux kernel is also wading into waters new with the introduction of Rust code. While Rust solves many problems, it also introduces new complexities around language integration, evolving standards, and maintainer expertise. Corbet believes Rust will pass the point of no return when core features depend on it, which may occur soon with additions like Apple M1 GPU drivers. Despite skepticism in some corners, Rust's benefits likely outweigh any transition costs.
On the distro front, Red Hat's decision to restrict RHEL cloning sparked community backlash. While business considerations were at play, Corbet noted technical factors too. Using older kernels with backported fixes, as RHEL does, risks creating divergent, vendor-specific branches. The Android model of tracking mainline kernel dev more closely has shown security benefits. Ultimately, Linux works best when aligned with the broader community.
In closing, Corbet recalled the saying "Linux is free like a puppy is free." Using open source seems easy at first, but sustaining it long-term requires significant care and feeding. As Linux is incorporated into more critical systems, that maintenance becomes ever more crucial. The kernel changes ahead are aimed at keeping Linux healthy and vibrant for the next generation of users, businesses, and developers.
kernel
- Linux Celebrates 32 Years with the Release of 6.6-rc2 Version
Today marks the 32nd anniversary of Linus Torvalds introducing the inaugural Linux 0.01 kernel version, and celebrating this milestone, Torvalds has launched the Linux 6.6-rc2. Among the noteworthy updates are the inclusion of a feature catering to the ASUS ROG Flow X16 tablet's mode handling and the renaming of the new GenPD subsystem to pmdomain.
The Linux 6.6 edition is progressing well, brimming with exciting new features that promise to enhance user experience. Early benchmarks are indicating promising results, especially on high-core-count servers, pointing to a potentially robust and efficient update in the Linux series.
Here is what Linus Torvalds had to say in today's announcement:
Another week, another -rc.I think the most notable thing about 6.6-rc2 is simply that it'sexactly 32 years to the day since the 0.01 release. And that's a roundnumber if you are a computer person.Because other than the random date, I don't see anything that reallystands out here. We've got random fixes all over, and none of it looksparticularly strange. The genpd -> pmdomain rename shows up in thediffstat, but there's no actual code changes involved (make sure touse "git diff -M" to see them as zero-line renames).And other than that, things look very normal. Sure, the architecturefixes happen to be mostly parisc this week, which isn't exactly theusual pattern, but it's also not exactly a huge amount of changes.Most of the (small) changes here are in drivers, with some tracingfixes and just random things. The shortlog below is short enough toscroll through and get a taste of what's been going on. Linus Torvalds
- Introducing Bavarder: A User-Friendly Linux Desktop App for Quick ChatGPT Interaction
Want to interact with ChatGPT from your Linux desktop without using a web browser?
Bavarder, a new app, allows you to do just that.
Developed with Python and GTK4/libadwaita, Bavarder offers a simple concept: pose a question to ChatGPT, receive a response, and promptly copy the answer (or your inquiry) to the clipboard for pasting elsewhere.
With an incredibly user-friendly interface, you won't require AI expertise (or a novice blogger) to comprehend it. Type your question in the top box, click the blue send button, and wait for a generated response to appear at the bottom. You can edit or modify your message and repeat the process as needed.
During our evaluation, Bavarder employed BAI Chat, a GPT-3.5/ChatGPT API-based chatbot that's free and doesn't require signups or API keys. Future app versions will incorporate support for alternative backends, such as ChatGPT 4 and Hugging Chat, and allow users to input an API key to utilize ChatGPT3.
At present, there's no option to regenerate a response (though you can resend the same question for a potentially different answer). Due to the lack of a "conversation" view, tracking a dialogue or following up on answers can be challenging — but Bavarder excels for rapid-fire questions.
As with any AI, standard disclaimers apply. Responses might seem plausible but could contain inaccurate or false information. Additionally, it's relatively easy to lead these models into irrational loops, like convincing them that 2 + 2 equals 106 — so stay alert!
Overall, Bavarder is an attractive app with a well-defined purpose. If you enjoy ChatGPT and similar technologies, it's worth exploring.
ChatGPT AI
- LibreOffice 7.5.3 Released: Third Maintenance Update Brings 119 Bug Fixes to Popular Open-Source Office Suite
Today, The Document Foundation unveiled the release and widespread availability of LibreOffice 7.5.3, which serves as the third maintenance update to the current LibreOffice 7.5 open-source and complimentary office suite series.
Approximately five weeks after the launch of LibreOffice 7.5.2, LibreOffice 7.5.3 arrives with a new set of bug fixes for those who have successfully updated their GNU/Linux system to the LibreOffice 7.5 series.
LibreOffice 7.5.3 addresses a total of 119 bugs identified by users or uncovered by LibreOffice developers. For a more comprehensive understanding of these bug fixes, consult the RC1 and RC2 changelogs.
You can download LibreOffice 7.5.3 directly from the LibreOffice websiteor from SourceForge as binary installers for DEB or RPM-based GNU/Linux distributions. A source tarball is also accessible for individuals who prefer to compile the software from sources or for system integrators.
All users operating the LibreOffice 7.5 office suite series should promptly update their installations to the new point release, which will soon appear in the stable software repositories of your GNU/Linux distributions.
In early February 2023, LibreOffice 7.5 debuted as a substantial upgrade to the widely-used open-source office suite, introducing numerous features and improvements. These enhancements encompass major upgrades to dark mode support, new application and MIME-type icons, a refined Single Toolbar UI, enhanced PDF Export, and more.
Seven maintenance updates will support LibreOffice 7.5 until November 30th, 2023. The next point release, LibreOffice 7.5.4, is scheduled for early June and will include additional bug fixes.
The Document Foundation once again emphasizes that the LibreOffice office suite's "Community" edition is maintained by volunteers and members of the Open Source community. For enterprise implementations, they suggest using the LibreOffice Enterprise family of applications from ecosystem partners.
LibreOffice
- VirtualBox 7.2 Has Arrived
With early support for Linux kernel 6.17 and other new additions, VirtualBox 7.2 is a must-update for users.
- Linux Hits an Important Milestone
If you pay attention to the news in the Linux-sphere, you've probably heard that the open source operating system recently crashed through a ceiling no one thought possible.
- Plasma Bigscreen Returns
A developer discovered that the Plasma Bigscreen feature had been sitting untouched, so he decided to do something about it.
- Fedora Continues 32-Bit Support
In a move that should come as a relief to some portions of the Linux community, Fedora will continue supporting 32-bit architecture.
- ONLYOFFICE v9 Embraces AI
Like nearly all office suites on the market (except LibreOffice), ONLYOFFICE has decided to go the AI route.
|
