by George Whittaker Introduction

If you use Linux and occasionally run Windows applications, whether via native Wine or through gaming layers like Proton, you’ll appreciate what just dropped in Wine 10.19. Released November 14 2025, this version brings a major enhancement: official support for Windows reparse points, a filesystem feature many Windows apps rely on, and a host of other compatibility upgrades.

In simpler terms: Wine now understands more of the Windows filesystem semantics, which means fewer workarounds, better application compatibility, and smoother experiences for many games and tools previously finicky under Linux.

What Are Reparse Points & Why They Matter Understanding Reparse Points

On Windows, a reparse point is a filesystem object (file or directory) that carries additional data, often used for symbolic links, junctions, mount points, or other redirection features. When an application opens or queries a file, the OS may check the reparse tag to determine special behavior (for example “redirect this file open to this other path”).

Because many Windows apps, installers, games, DRM systems, file-managers, use reparse points for features like directory redirection, path abstractions, or filesystem overlays, lacking full support for them in Wine means those apps often misbehave.

What Wine 10.19 Adds

With Wine 10.19, support for these reparse point mechanisms has been implemented in key filesystem APIs: for example NtQueryDirectoryFile, GetFileInfo, file attribute tags, and DeleteFile/RemoveDirectory for reparse objects.

This means that in Wine 10.19:

• Windows apps that create or manage symbolic links, directory junctions or mount-point style re-parsing will now function correctly in many more cases.

• Installers or frameworks that rely on “when opening path X, redirect to path Y” will work with less tinkering.

• Games or utilities that check for reparse tags or use directory redirections will have fewer “stuck” behaviors or missing files.

In effect, this is a step toward closer to native behavior for Windows file-system semantics under Linux.

Other Key Highlights in Wine 10.19

Beyond reparse points, the release brings several notable improvements:

• Expanded support for WinRT exceptions (Windows Runtime error handling) meaning better compatibility for Universal Windows Platform (UWP) apps and newer Windows-based frameworks.

• Refactoring of “Common Controls” (COMCTL32) following the version 5 vs version 6 split, which helps GUI applications that rely on older controls or expect mixed versions.

Go to Full Article

by George Whittaker Introduction

Mozilla has rolled out Firefox 145, a significant update that brings a range of usability, security and privacy enhancements, while marking a clear turning point by discontinuing official support for 32-bit Linux systems. For users on older hardware or legacy distros, this change means it’s time to consider moving to a 64-bit environment or opting for a supported version.

Here’s a detailed look at what’s new, what’s changed, and what you need to know.

Major Changes in Firefox 145 End of 32-Bit Linux Builds

One of the headline items in this release is Mozilla’s decision to stop building and distributing Firefox for 32-bit x86 Linux. As per their announcement:

“32-bit Linux (on x86) is no longer widely supported by the vast majority of Linux distributions, and maintaining Firefox on this platform has become increasingly difficult and unreliable.”

From Firefox 145 onward, only 64-bit (x86_64) and relevant 64-bit architectures (such as ARM64) will be officially supported. For those still running 32-bit Linux builds, Mozilla recommends migrating to 64-bit or switching to the Extended Support Release (ESR) branch (Firefox 140 ESR) which still supports 32-bit for a limited period.

Usability & Interface Enhancements

Firefox 145 brings several improvements designed to make everyday web browsing smoother and more flexible:

• PDF viewer enhancements: You can now add, edit, and delete comments in PDFs, and a comments sidebar helps you easily navigate your annotations.

• Tab-group preview: When you hover over the name of a collapsed tab group, a thumbnail preview of the tabs inside appears, helpful for reorganizing or returning to work.

• Access saved passwords from the sidebar, without needing to open a new tab or window.

• “Open links from apps next to your active tab” setting: When enabled, links opened from external applications insert next to your current tab instead of at the end of the tab bar.

• Slight UI refinements: Buttons, input fields, tabs and other elements get more rounded edges, horizontal tabs are redesigned to align with vertical-tab aesthetics.

Privacy, Security & Under-the-Hood Upgrades

Mozilla has also doubled down on privacy and risk reduction:

• Fingerprinting defenses: Firefox 145 introduces new anti-fingerprinting techniques that Mozilla estimates reduce the number of users identified as unique by nearly half when Private Browsing mode or Enhanced Tracking Protection (strict) is used.

Go to Full Article

by George Whittaker Introduction

The team behind MX Linux has just released version 25, carrying the codename “Infinity”, and it brings a significant upgrade by building upon the stable base of Debian 13 “Trixie”. Released on November 9, 2025, this edition doesn’t just refresh the desktop, it introduces modernized tooling, updated kernels, dual init-options, and installer enhancements aimed at both newcomers and long-time users.

In the sections that follow, we’ll walk through the key new features of MX Linux 25, what’s changed for each desktop edition, recommended upgrade or fresh-install paths, and why this release matters in the wider Linux-distribution ecosystem.

What’s New in MX Linux 25 “Infinity”

Here are the headline changes and improvements that define this release:

Debian 13 “Trixie” Base

By moving to Debian 13, Infinity inherits all the stability, security updates, and broader hardware support of the latest Debian stable release. The base system now aligns with Trixie’s libraries, kernels, and architecture support.

Kernel Choices & Hardware Support

• The standard editions ship with the Linux 6.12 LTS kernel series, offering a solid baseline for most hardware.

• For newer hardware or advanced users, the “AHS” (Advanced Hardware Support) variants and the KDE Plasma edition adopt a Liquorix-flavored Linux 6.16 (or 6.15 in some variants) kernel, maximizing performance and compatibility with cutting-edge setups.

Dual Init Option: systemd and SysVinit

Traditionally associated with lighter-weight init options, MX Linux now offers both systemd by default and SysVinit editions (particularly for Xfce and Fluxbox variants). This gives users the freedom to choose their init system preference without losing new features.

Updated Desktop Environments

• Xfce edition: Ships with Xfce 4.20. Improvements include a revamped Whisker Menu, updated archive management tools (Engrampa replacing File Roller in some editions).

• KDE Plasma edition: Uses KDE Plasma 6.3.6, defaults to Wayland for a modern session experience (with X11 still optionally available), adds root-actions and service menus to Dolphin, and switches TLP out for power-profiles-daemon to resolve power widget issues.

• Fluxbox edition: Offers a more minimal, highly customizable environment: new panel layouts, updated “appfinder” configs for Rofi, toolbar changes and themes refined. Defaults the audio player to Audacious (instead of the older DeaDBeeF).

Go to Full Article

by George Whittaker

Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:

• Archinstall 3.0.12 – a more polished, smarter TUI installer

• Pacman 7.1 – a package manager update with stricter security and better tooling

If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.

Why Arch Still Ships Monthly ISOs in a Rolling World

Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:

sudo pacman -Syu

…but in practice, that’s painful:

• Huge initial update downloads

• Possible breakage jumping across many months of changes

• Outdated installer tooling

That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:

• Start with a current kernel and userland

• Spend less time updating right after install

• Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)

The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.

What’s Inside the November 2025 ISO (2025.11.01)

The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:

• Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.

• Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.

• The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.

You can download it from the official Arch Linux download page or via BitTorrent mirrors.

One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.

Archinstall 3.0.12: What’s Actually New?

Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.

Go to Full Article

by George Whittaker

AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.

Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.

What AMD Just Confirmed

AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:

• Return the value 0 from RDSEED far more often than true randomness would allow

• Still signal “success” (carry flag CF=1), so software thinks it got a good random value

The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.

Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.

AMD classifies the impact as:

Loss of confidentiality and integrity (High severity).

How the Vulnerability Works (In Plain English) What RDSEED Is Supposed to Do

Modern CPUs expose hardware instructions like RDRAND and RDSEED:

• RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.

• RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).

Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.

What’s Going Wrong on Zen 5

On affected Zen 5 CPUs:

• The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.

• Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.

In cryptographic terms, this means:

• Entropy can be dramatically reduced (many key bits become predictable or even fixed).

• Keys or nonces derived from those values can become partially or fully guessable.

Go to Full Article

by George Whittaker

The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.

CVE-2025-21756 – Use-After-Free in the vsock Subsystem

One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.

How the exploit works: A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.

Why it matters: Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.

Mitigation: Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.

CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets

Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.

Attack scenario: A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.

Why it matters: This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.

Mitigation: Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.

CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers

In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Go to Full Article

by George Whittaker

The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.

What the Rumours Suggest

Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:

• Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.

• A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.

• One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.

• Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.

In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.

Why This Matters for Linux Gaming

The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:

Validation of SteamOS & Linux Gaming

The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.

Handheld PC Ecosystem Momentum

Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.

Go to Full Article

by George Whittaker Introduction

The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.

In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.

What’s New in Kali Linux 2025.3

This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.

Tooling Additions: Ten Fresh Packages

One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:

• Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).

• Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.

• Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.

• krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.

• ligolo-mp – a multiplayer pivoting solution for network-lateral movement.

• llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).

• mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.

• patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).

• vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.

Go to Full Article

by George Whittaker Introduction

In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.

Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.

In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).

What VMScape Is & Why It Matters The Basics of Speculative Side-Channels

Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.

One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.

VMScape: Guest to Host via Branch Predictor

VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”

Here are the key elements making VMScape significant:

• The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).

Go to Full Article

by George Whittaker Introduction

Modern computing systems rely heavily on operating-system schedulers to allocate CPU time fairly and efficiently. Yet many of these schedulers operate blindly with respect to the meaning of workloads: they cannot distinguish, for example, whether a task is latency-sensitive or batch-oriented. This mismatch, between application semantics and scheduler heuristics, is often referred to as the semantic gap.

A recent research framework called SchedCP aims to close that gap. By using autonomous LLM‐based agents, the system analyzes workload characteristics, selects or synthesizes custom scheduling policies, and safely deploys them into the kernel, without human intervention. This represents a meaningful step toward self-optimizing, application-aware kernels.

In this article we will explore what SchedCP is, how it works under the hood, the evidence of its effectiveness, real-world implications, and what caveats remain.

Why the Problem Matters

At the heart of the issue is that general-purpose schedulers (for example the Linux kernel’s default policy) assume broad fairness, rather than tailoring scheduling to what your application cares about. For instance:

• A video-streaming service may care most about minimal tail latency.

• A CI/CD build system may care most about throughput and job completion time.

• A cloud analytics job may prefer maximum utilisation of cores with less concern for interactive responsiveness.

Traditional schedulers treat all tasks mostly the same, tuning knobs generically. As a result, systems often sacrifice optimisation opportunities. Some prior efforts have used reinforcement-learning techniques to tune scheduler parameters, but these approaches have limitations: slow convergence, limited generalisation, and weak reasoning about why a workload behaves as it does.

SchedCP starts from the observation that large language models can reason semantically about workloads (expressed in plain language or structured summaries), propose new scheduling strategies, and generate code via eBPF that is loaded into the kernel via the sched_ext interface. Thus, a custom scheduler (or modified policy) can be developed specifically for a given workload scenario, and in a self-service, automated way.

Architecture & Key Components

SchedCP comprises two primary subsystems: a control-plane framework and an agent loop that interacts with it. The framework decouples “what to optimise” (reasoning) from “how to act” (execution) in order to preserve kernel stability while enabling powerful optimisations.

Here are the major components:

Go to Full Article

by George Whittaker Introduction

After years of debate and development, bcachefs—a modern copy-on-write filesystem once merged into the Linux kernel—is being removed from mainline. As of kernel 6.17, the in-kernel implementation has been excised, and future use is expected via an out-of-tree DKMS module. This marks a turning point for the bcachefs project, raising questions about its stability, adoption, and relationship with the kernel development community.

In this article, we’ll explore the background of bcachefs, the sequence of events leading to its removal, the technical and community dynamics involved, and implications for users, distributions, and the filesystem’s future.

What Is Bcachefs?

Before diving into the removal, let’s recap what bcachefs is and why it attracted attention.

• Origin & goals: Developed by Kent Overstreet, bcachefs emerged from ideas in the earlier bcache project (a block-device caching layer). It aimed to build a full-featured, general-purpose filesystem combining performance, reliability, and modern features (snapshots, compression, encryption) in a coherent design.

• Mainline inclusion: Bcachefs was merged into the mainline kernel in version 6.7 (released January 2024) after a lengthy review and incubation period.

• “Experimental” classification: Even after being part of the kernel, bcachefs always carried disclaimers about its maturity and stability—they were not necessarily recommends for production use by all users.

Its presence in mainline gave distributions a path to ship it more casually, and users had easier access without building external modules—an important convenience for adoption.

What Led to the Removal

The excision of bcachefs from the kernel was not sudden but the culmination of tension over development practices, patch acceptance timing, and upstream policy norms.

“Externally Maintained” status in 6.17

In kernel 6.17’s preparation, maintainers marked bcachefs as “externally maintained.” Though the code remained present, the change signified that upstream would no longer accept new patches or updates within the kernel tree.

This move allowed a transitional period. The code was “frozen” inside the tree to avoid breaking existing systems immediately, while preparation was made for future removal.

Go to Full Article

by George Whittaker Introduction

The Linux Mint team has officially unveiled Linux Mint 22.2, codenamed “Zara”, on September 4, 2025. As a Long-Term Support (LTS) release, Zara will receive updates through 2029, promising users stability, incremental improvements, and a comfortable desktop experience.

This version is not about flashy overhauls; rather, it’s about refinement — applying polish to existing features, smoothing rough edges, weaving in new conveniences (like fingerprint login), and improving compatibility with modern hardware. Below, we’ll delve into what’s new in Zara, what users should know before upgrading, and how it continues Mint’s philosophy of combining usability, reliability, and elegance.

What’s New in Linux Mint 22.2 “Zara”

Here’s a breakdown of key changes, refinements, and enhancements in Zara.

Base, Support & Kernel Stack

• Ubuntu 24.04 (Noble) base: Zara continues to use Ubuntu 24.04 as its upstream base, ensuring broad package compatibility and long-term security support.

• Kernel 6.14 (HWE): The default kernel for new installations is 6.14, bringing support for newer hardware.

• However — for existing systems upgraded from Mint 22 or 22.1 — the older kernel (6.8 LTS) remains the default, because 6.14’s support window is shorter.

• Zara is an LTS edition, with security updates and maintenance promised through 2029.

Major Features & Enhancements Fingerprint Authentication via Fingwit

Zara introduces a first-party tool called Fingwit to manage fingerprint-based authentication. With compatible hardware and support via the libfprint framework, users can:

• Enroll fingerprints

• Use fingerprint login for the screensaver

• Authenticate sudo commands

• Launch administrative tools via pkexec using the fingerprint

• In some cases, bypass password entry at login (unless home directory encryption or keyring constraints force password fallback)

It is important to note that fingerprint login on the actual login screen may be disabled or limited depending on encryption or keyring usage; in those cases, the system falls back to password entry.

UI & Theming Refinements

• Sticky Notes app now sports rounded corners, improved Wayland compatibility, and a companion Android app named StyncyNotes (available via F-Droid) to sync notes across devices.

Go to Full Article

by George Whittaker Introduction

In early September 2025, Ubuntu users globally experienced disruptive delays in installing updates and new packages. What seemed like a fleeting outage—only about 36 minutes of server downtime—triggered a cascade of effects: mirrors lagging, queued requests overflowing, and installations hanging for days. The incident exposed how fragile parts of Ubuntu’s update infrastructure can be under sudden load.

In this article, we’ll walk through what happened, why the fallout was so severe, how Canonical responded, and lessons for users and infrastructure architects alike.

What Happened: Outage & Immediate Impact

On September 5, 2025, Canonical’s archive servers—specifically archive.ubuntu.com and security.ubuntu.com—suffered an unplanned outage. The status page for Canonical showed the incident lasting roughly 36 minutes, after which operations were declared “resolved.”

However, that brief disruption set off a domino effect. Because the archives and security servers serve as the central hubs for Ubuntu’s package ecosystem, any downtime causes massive backlog among mirror servers and client requests. Mirrors found themselves out of sync, processing queues piled up, and users attempting updates or new installs encountered failed downloads, hung operations, or “404 / package not found” errors.

On Ubuntu’s community forums, Canonical acknowledged that while the server outage was short, the upload / processing queue for security and repository updates had become “obscenely” backlogged. Users were urged to be patient, as there was no immediate workaround.

Throughout September 5–7, users continued reporting incomplete or failed updates, slow mirror responses, and installations freezing mid-process. Even newly provisioning systems faced broken repos due to inconsistent mirror states.

By September 8, the situation largely stabilized: mirrors caught up, package availability resumed, and normal update flows returned. But the extended period of degraded service had already left many users frustrated.

Why a Short Outage Turned into Days of Disruption

At first blush, 36 minutes seems trivial. Why did it have such prolonged consequences? Several factors contributed:

1. Centralized repository backplane Ubuntu’s infrastructure is architected around central canonical repositories (archive, security) which then propagate to mirrors worldwide. When the central system is unavailable, mirrors stop receiving updates and become stale.

Go to Full Article

by George Whittaker Introduction

Android has long been focused on running mobile apps, but in recent years, features aimed at developers and power users have begun pushing its boundaries. One exciting frontier: running full Linux graphical (GUI) applications on Android devices. What was once a novelty is now gradually becoming more viable, and recent developments point toward much smoother, GPU-accelerated Linux GUI experiences on Android.

In this article, we’ll trace how Linux apps have run on Android so far, explain the new architecture changes enabling GPU rendering, showcase early demonstrations, discuss remaining hurdles, and look at where this capability is headed.

The State of Linux on Android Today The Linux Terminal App

Google’s Linux Terminal app is the core interface for running Linux environments on Android. It spins up a virtual machine (VM), often booting Debian or similar, and lets users enter a shell, install packages, run command-line tools, etc.

Initially, the app was limited purely to text / terminal-based Linux programs; graphical apps were not supported meaningfully. More recently, Google introduced support for launching GUI Linux applications in experimental channels.

Limitations: Rendering & Performance

Even now, most GUI Linux apps on Android are rendered in software, that is, all drawing happens on the CPU (via a software renderer) rather than using the device’s GPU. This leads to sluggish UI, high CPU usage, more thermal stress, and shorter battery life.

Because of these limitations, running heavy GUI apps (graphics editors, games, desktop-level toolkits) has been more experimental than practical.

What’s Changing: GPU-Accelerated Rendering

The big leap forward is moving from CPU rendering to GPU-accelerated rendering, letting the device’s graphics hardware do the heavy lifting.

Lavapipe (Current Baseline)

At present, the Linux VM uses Lavapipe (a Mesa software rasterizer) to interpret GPU API calls on the CPU. This works, but is inefficient, especially for complex GUIs or animations.

Introducing gfxstream

Google is planning to integrate gfxstream into the Linux Terminal app. gfxstream is a GPU virtualization / forwarding technology: rather than reinterpreting graphics calls in software, it forwards them from the guest (Linux VM) to the host’s GPU directly. This avoids CPU overhead and enables near-native rendering speeds.

Go to Full Article

by George Whittaker Introduction

Fedora’s beta releases offer one of the earliest glimpses into the next major version of the distribution — letting users and developers poke, test, and report issues before the final version ships. With Fedora 43 Beta, released on September 16, 2025, the community begins the final stretch toward the stable Fedora 43.

This beta is largely feature-complete: developers hope it will closely match what the final release looks like (barring last-minute fixes). The goal is to surface regression bugs, UX issues, and compatibility problems before Fedora 43 is broadly adopted.

Release & Availability

The Fedora Project published the beta across multiple editions and media — Workstation, KDE Plasma, Server, IoT, Cloud, and spins/labs where applicable. ISO images are available for download from the official Fedora servers.

Users already running Fedora 42 can upgrade via the DNF system-upgrade mechanism. Some spins (e.g. Mate or i3) are not fully available across all architectures yet.

Because it’s a beta, users should be ready to encounter bugs. Fedora encourages testers to file issues via the QA mailing list or Fedora’s issue tracking infrastructure.

Major New Features & Changes

Fedora 43 Beta brings many updates under the hood — some in visible user features, others in core tooling and system behavior.

Kernel, Desktop & Session Updates

• Fedora 43 Beta is built on Linux kernel 6.17.

• The Workstation edition features GNOME 49.

• In a bold shift, Fedora removes GNOME X11 packages for the Workstation, making Wayland-only the default and only session for GNOME. Existing users are migrated to Wayland.

• On KDE, Fedora 43 Beta ships with KDE Plasma 6.4 in the Plasma edition.

Installer & Package Management

• Fedora’s Anaconda installer gets a WebUI by default for all Spins, providing a more unified and modern install experience across desktop variants.

• The installer now uses DNF5 internally, phasing out DNF4 which is now in maintenance mode.

• Auto-updates are enabled by default in Fedora Kinoite, ensuring that systems apply updates seamlessly in the background with minimal user intervention.

Programming & Core Tooling Updates

• The Python version in Fedora 43 Beta moves to 3.14, an early adoption to catch bugs before the upstream release.

Go to Full Article

by George Whittaker Introduction

Simulating physics is central to robotics: before a robot ever moves in the real world, much of its learning, testing, and control happens in a virtual environment. But traditional simulators often struggle to match real-world physical complexity, especially where contact, friction, deformable materials, and unpredictable surfaces are involved. That discrepancy is known as the sim-to-real gap, and it’s one of the biggest hurdles in robotics and embodied AI.

On September 29th, the Linux Foundation announced that it is contributing Newton, a next-generation, GPU-accelerated physics engine, as a fully open, community-governed project. This move aims to accelerate robotics research, reduce barriers to entry, and ensure long-term sustainability under neutral governance.

In this article, we’ll unpack what Newton is, how its architecture stands out, the role the Linux Foundation will play, early use cases and challenges, and what this could mean for the future of robotics and simulation.

What Is Newton?

Newton is a physics simulation engine designed specifically for roboticists and simulation researchers who want high fidelity, performance, and extensibility. It was conceived through collaboration among Disney Research, Google DeepMind, and NVIDIA. The recent contribution to the Linux Foundation transforms Newton into an open governance project, inviting broader community collaboration.

Design Goals & Key Features

• GPU-accelerated simulation: Newton leverages NVIDIA Warp as its compute backbone, enabling physics computations on GPUs for much higher throughput than traditional CPU-based simulators.

• Differentiable physics: Newton allows gradients to be propagated through simulation steps, making it possible to integrate physics into learning pipelines (e.g. backpropagation through control parameters).

• Extensible and multi-solver architecture: Users or researchers can plug in custom solvers, mix models (rigid bodies, soft bodies, cloth), and tailor functionality for domain-specific needs.

• Interoperability via OpenUSD: Newton builds on OpenUSD (Universal Scene Description) to allow flexible data modeling of robots and environments, and easier integration with asset pipelines.

• Compatibility with MuJoCo-Warp: As part of the Newton project, the MuJoCo backbone is adapted (MuJoCo-Warp) for high-performance simulation within Newton’s framework.

Go to Full Article

by George Whittaker Introduction

In the life cycle of any kernel branch, patch releases, those minor “.x” updates, play a vital role in refining performance, patching regressions, and ironing out rough edges. Kernel 6.15.4 is one such release: it doesn’t bring headline features, but focuses squarely on stabilizing and optimizing the 6.15 series with targeted fixes in performance and networking.

While version 6.15 already introduced several ambitious changes (filesystem improvements, networking enhancements, Rust driver infrastructure, etc.), the 6.15.4 update doubles down on making those changes more robust and efficient. In this article, we'll walk through the most significant improvements, what they mean for systems running 6.15.*, and how to approach updating.

Release Highlights

The official announcement of Kernel 6.15.4 surfaced around late June 2025. The release includes:

• A full source tarball (linux-6.15.4.tar.xz) and patches.

• Signature verification via PGP for integrity.

• A changelog/diff summary comparing 6.15.3 → 6.15.4.

This update is not a major feature expansion; it’s a refinement release targeting performance regressions, network subsystem reliability, and bug fixes that emerged in prior 6.15.* builds.

Performance Enhancements

Because 6.15 already brought several ambitious changes to memory, I/O, scheduler, and mount semantics, many of the improvements in 6.15.4 are about smoothing interactions, avoiding regressions, and reclaiming performance in corner cases. While not all patches are publicly detailed in summaries, we can infer patterns based on what 6.15 introduced and what “performance patches” generally target.

Memory & TLB Optimizations

One often-painful cost in high-performance workloads is flushing translation lookaside buffers (TLBs) too aggressively. Kernel 6.15 had already begun to optimize broadcast TLB invalidation using AMD’s INVLPGB (for remote CPUs) to reduce overhead in multi-CPU environments. In 6.15.4, fixes likely target edge cases or regressions in those mechanisms, ensuring TLB invalidation is more efficient and consistent.

Additionally, various memory management cleanups, object reuse, and page handling improvements tend to appear in patch releases. While not explicitly documented in the public summaries, such fixes help reduce fragmentation, locking contention, and latency in memory allocation.

Go to Full Article

by George Whittaker Introduction

On June 11, 2025, the Python core team released Python 3.13.5, the fifth maintenance update to the 3.13 line. This release is not about flashy new language features, instead, it addresses some pressing regressions and bugs introduced in 3.13.4. The “.5” in the version number signals that this is a corrective, expedited update rather than a feature-driven milestone.

In this article, we’ll explore what motivated 3.13.5, catalog the key fixes, review changes inherited in the 3.13 stream, and discuss whether and how you should upgrade. We’ll also peek at implications for future Python releases.

What Led to 3.13.5 (Release Context)

Python 3.13 — released on October 7, 2024 — introduced several significant enhancements over 3.12, including a revamped interactive shell, experimental support for running without a Global Interpreter Lock (GIL), and preliminary JIT infrastructure.

However, after releasing 3.13.4, the maintainers discovered several serious regressions. Thus, 3.13.5 was accelerated (rather than waiting for the next regular maintenance release) to correct these before they impacted a broader user base. In discussions preceding the release, it was noted the Windows extension module build broke under certain configurations, prompting urgent action.

Because of this, 3.13.5 is a “repair” release — its focus is bug fixes and stability, not new capabilities. Nonetheless, it also inherits and stabilizes many of the improvements introduced earlier in 3.13.

Key Fixes & Corrections

While numerous smaller bugs are resolved in 3.13.5, three corrections stand out as primary drivers for the expedited update:

GH-135151 — Windows extension build failure

Under certain build configurations on Windows (for the non-free-threaded build), compiling extension modules failed. This was traced to the pyconfig.h header inadvertently enabling free-threaded builds. The patch restores proper alignment of configuration macros, ensuring extension builds succeed as before.

GH-135171 — Generator expression TypeError delay

In 3.13.4, generator expressions stopped raising a TypeError early when given a non-iterable. Instead, the error was deferred to the time of first iteration. 3.13.5 restores the earlier behavior of raising the TypeError at creation time when the supplied input is not iterable. This change avoids subtler runtime surprises for developers.

Go to Full Article

by George Whittaker

In the summer of 2025, Denmark’s government put forward a major policy change in its digital infrastructure: moving away from using Microsoft Office 365, and in part, open-source its operations with LibreOffice. Below is an original account of what this entails, why it matters, how it’s being done, and what the risks and opportunities are.

What’s Changing and What’s Not

• The Danish Ministry of Digital Affairs has committed to replacing Microsoft Office 365 with LibreOffice.

• Earlier reports said that Windows would also be entirely swapped-out for Linux, but those reports have since been corrected: Windows will remain in use on many devices for now.

• For LibreOffice, the adoption is being phased: about half of the ministry’s employees will begin using LibreOffice (and possibly Linux in some instances) in the summer months; the rest are expected to transition by autumn.

Why Denmark Is Making This Move Digital Sovereignty & Dependence

A primary driver is the concern over reliance on large foreign tech companies, especially suppliers based outside Europe. By reducing dependency on proprietary software controlled by corporations abroad, Denmark aims to gain more control over its data, security, and updates.

Cost and Licensing

Proprietary software comes with licensing fees, recurring costs, and often tied contracts. Adopting open-source alternatives like LibreOffice can potentially reduce those long-term expenditures.

Security, Transparency, Flexibility

Open-source software tends to allow more auditability, quicker patching, and the ability to adapt tools or software behavior to specific local or regulatory requirements.

Implementation Plan & Timeline Phase What happens Approximate Timing Phase 1 Begin by moving about 50% of Ministry of Digital Affairs employees to LibreOffice (and in selected cases, using Linux tools) Summer 2025 (mid-year) Phase 2 Full transition of the ministry’s office productivity tasks away from Microsoft Office 365 to LibreOffice Autumn 2025

 

“Full” here is understood in the scope of office productivity tools (word processing, spreadsheets, slides, etc.), not necessarily replacing all legacy systems or moving everything off Windows.

Challenges & Concerns

While the vision is ambitious, there are several hurdles:

Go to Full Article

by George Whittaker Introduction

Steam’s monthly Hardware & Software Survey, published by Valve, offers a window into what operating systems, hardware, and software choices its user base is making. It has become a key barometer for understanding trends in PC gaming, especially for less dominant platforms like Linux. The newest data shows that Linux usage among Steam users has edged downward subtly. While the drop is small, it raises interesting questions about momentum, hardware preferences, and what might lie ahead for Linux gaming.

This article dives into the latest numbers, explores what may be pushing them to abandon Steam, and considers what it means for Linux users, developers, and Valve itself.

Recent Figures: What the Data Shows

• June 2025 Survey Outcome: In June, Linux’s slice of Steam’s user base stood at 2.57%, down from approximately 2.69% in May — a decrease of 0.12 percentage points.

• Year-Over-Year Comparison: Looking back to June 2024, the Linux share was around 2.08%, so even with this recent slip, there’s still an upward trend compared to a year ago.

• Distribution Among Linux Users: A significant portion of Linux gamers are using Valve’s own SteamOS Holo (currying sizable usage numbers via Steam Deck and similar devices). In June, roughly one-third of the Linux user group was on SteamOS Holo.

• Hardware Insights:

  • Among Linux users, AMD CPUs dominate: about 69% of Linux gamers use AMD in June.

  • Contrast that with the Windows-only survey, where Intel still has about 60% CPU share to AMD’s 39%.

Interpreting the Slip: What Might Be Behind the Dip

Though the drop is modest, a number of factors likely combine to produce it. Here are possible causes:

1. Statistical Noise & Normal Fluctuation Monthly survey results tend to vary a bit, especially for smaller share percentages. A 0.12% decrease could simply be part of the normal ebb and flow.

2. Sampling and Survey Methodology

   • Survey participation may shift by region, language, hardware type, or time of year. If fewer Linux users participated in a given month, the percentage would drop even if absolute numbers stayed flat.

   • Language shifts in Steam’s usage have shown up before; changes in how many users set certain settings or respond could affect results.

   • Latency or delays in uploading or processing survey data might also contribute to anomalies.

3. External Hardware & Platform Trends

Go to Full Article