by George Whittaker Introduction

Linux has long been known as the operating system of developers and power users, but today it’s far more accessible than ever before. Thanks to user-friendly distributions that prioritize simplicity, stability, and support, even someone who’s never used Linux can get up and running quickly. In this guide, we’ll explore some of the best Linux distributions (distros) for beginners, what sets them apart, and who each one is best suited for.

Whether you’re switching from Windows or macOS, using a PC for the first time, or simply curious about Linux, there’s a distro here that fits your comfort level and workflow.

1. Ubuntu: The Standard for New Users

Why it’s great: Ubuntu is one of the most recognizable Linux distributions, and for good reason. It offers a polished graphical interface, a massive community, and extensive documentation. If you’ve ever wanted a desktop that “just works,” Ubuntu delivers with minimal setup.

Key Features:

• Intuitive GNOME desktop environment

• Regular releases and a Long-Term Support (LTS) version with five years of updates

• Large software repository and excellent hardware support

• Strong community forums and extensive official documentation

Good for: Users completely new to Linux or those switching from Windows or macOS.

Best for: Desktops, laptops, beginners.

2. Linux Mint: Familiar Feel for Former Windows Users

Why it’s great: Linux Mint focuses on a familiar desktop experience. Its Cinnamon edition resembles the classic Windows layout, making the transition easier for users coming from that platform. Mint is stable, fast, and comes with many tools that simplify daily tasks.

Key Features:

• Traditional desktop layout (like Windows)

• Comes bundled with multimedia codecs and essential apps

• Excellent performance on older hardware

• Multiple desktop options (Cinnamon, MATE, Xfce)

Good for: Windows switchers looking for a gentle introduction.

Best for: Desktops, older machines, learners.

3. Zorin OS: A Windows-Like Experience With Style

Why it’s great: Zorin OS is designed with newcomers in mind. It’s polished, modern, and “comfortable” for users who may find traditional Linux desktops intimidating. Its interface can mimic Windows or macOS out of the box, and Zorin includes tools to effortlessly install popular applications.

Key Features:

• Look-and-feel switcher (Windows, macOS styles)

Go to Full Article

by George Whittaker Introduction

The KDE community has just published KDE Gear 25.12, the newest quarterly update to its suite of applications. This refresh brings a mix of enhancements, bug fixes, performance refinements, and new features across many popular KDE apps, from Dolphin file manager and Konsole terminal to Krita and Spectacle. With this release, KDE continues its tradition of incremental yet meaningful upgrades that make everyday use smoother and more productive.

KDE Gear updates are not limited to the KDE Plasma desktop; they also benefit users of other desktop environments who install KDE apps on their systems. Whether you’re running KDE on Linux, BSD, or even Windows via KDE Windows builds, Gear 25.12 delivers improvements worth checking out.

Highlights from KDE Gear 25.12 Dolphin: Better File Browsing and Thumbnails

Dolphin, KDE’s file manager, receives several enhancements in this update:

• Improved thumbnail generation for more file types, making previews quicker and more dependable.

• UI polish in the sidebar for easier navigation between folders and mounted drives.

• Better handling of network shares and remote locations, improving responsiveness and reducing hangs.

These changes combine to make everyday file exploration more responsive and visually informative.

Konsole: Productivity Boosts

The KDE terminal emulator, Konsole, gets attention too:

• Search field improvements help you find text within long terminal scrollbacks faster and with fewer clicks.

• Tab and session indicators are clearer, helping users manage multiple tabs or split views more easily.

• Stability fixes reduce crashes in edge cases when closing multiple sessions at once.

For developers and power users who spend a lot of time in a terminal, these refinements are genuinely useful.

Krita: More Painting Power

Krita, KDE’s professional painting and illustration application, also benefits from this release:

• Improvements to brush performance, reducing lag on large canvases and complex brush sets.

• Better color management and palette handling, smoothing workflows for digital artists.

• Fixes for certain configuration edge cases that previously caused settings not to persist across sessions.

Artists and digital illustrators should notice fewer interruptions and smoother performance when working on large projects.

Go to Full Article

by George Whittaker

One of the most widely deployed Linux kernels has officially reached the end of its lifecycle. The maintainers of the Linux kernel have confirmed that Linux 5.4, once a cornerstone of countless servers, desktops, and embedded devices, is now end-of-life (EOL). After years of long-term support, the branch has been retired and will no longer receive upstream fixes or security updates.

A Kernel Release That Defined a Generation of Linux Systems

When Linux 5.4 debuted, it made headlines for bringing native exFAT support, broader hardware compatibility, and performance improvements that many distributions quickly embraced. It became the foundation for major OS releases, including Ubuntu LTS, certain ChromeOS versions, Android kernels, and numerous appliance and IoT devices.

Its long support window made it a favorite for organizations seeking stability over bleeding-edge features.

What End-of-Life Actually Means

With the EOL announcement, the upstream kernel maintainers are officially done with version 5.4. That means:

• No more security patches

• No more bug fixes or performance updates

• No regressions or vulnerabilities will be addressed

Some enterprise vendors may continue backporting patches privately, but the public upstream branch is now frozen. For most users, that makes 5.4 effectively unsafe to run.

Why This Matters for Users and Organizations

Many devices, especially embedded systems, tend to run kernels for much longer than desktops or servers. If those systems continue using 5.4, they now risk exposure to unpatched vulnerabilities.

Running an unsupported kernel can also create compliance issues for companies operating under strict security guidelines or certifications. Even home users running older LTS distributions may unknowingly remain on a kernel that’s no longer protected.

Upgrading Is the Clear Next Step

With 5.4 retired, users should begin planning an upgrade to a supported kernel line. Today’s active long-term support kernels include more modern branches such as 6.1, 6.6, and 6.8, which provide:

• Better CPU and GPU support

• Significant security improvements

• Enhanced performance and energy efficiency

• Longer future support windows

Before upgrading, organizations should test workloads, custom drivers, and hardware, especially with specialized or embedded deployments.

Go to Full Article

by George Whittaker

For years, Windows users frustrated with constant changes, aggressive updates, and growing system bloat have flirted with switching to Linux. But 2025 marks a noticeable shift: a new generation of Linux distributions built specifically for ex-Windows users is gaining real traction. One of the standout examples is Bazzite, a gaming-optimized Fedora-based distro that has quickly become a go-to choice for people abandoning Windows in favor of a cleaner, more customizable experience.

Why Many Windows Users Are Finally Jumping Ship

Microsoft’s ecosystem has been slowly pushing some users toward the exit. Hardware requirements for Windows 11 left millions of perfectly functional PCs behind. Ads on the Start menu and in system notifications have frustrated many. And for gamers, launcher problems, forced reboots and background processes that siphon resources have driven a search for alternatives.

Linux distributions have benefited from that frustration, especially those that focus on simplicity, performance and gaming readiness.

Gaming-First Distros Are Leading the Movement

Historically, switching to Linux meant sacrificing game compatibility. But with Valve’s Proton layer and Vulkan-based translation technologies, thousands of Windows games now run flawlessly, sometimes better than on Windows.

Distros targeting former Windows users are leaning into this new reality:

• Seamless Steam integration

• Automatic driver configuration for AMD, Intel and NVIDIA

• Built-in performance overlays like MangoHUD

• Proton GE and tools for modding or shader fixes

• Support for HDR, VR and modern controller layouts

This means a new Linux user can install one of these distros and jump straight into gaming with almost no setup.

Bazzite: A Standout Alternative OS

Bazzite has become the poster child for this trend. Built on Fedora’s image-based system and the Universal Blue infrastructure, it offers an incredibly stable base that updates atomically, similar to SteamOS.

What makes Bazzite so attractive to Windows refugees?

• Gaming-ready out of the box no tweaking, no driver hunts

• Rock-solid performance thanks to an immutable system layout

• Support for handheld PCs like the Steam Deck, ROG Ally and Legion Go

• Friendly workflows that feel familiar to new Linux users

• Customization without the risk of breaking the system

It’s no surprise that many “I switched to Linux!” posts now mention Bazzite as their distro of choice.

Go to Full Article

by George Whittaker

The stable release of Linux Kernel 6.18 was officially tagged on November 30, 2025.

It’s expected to become this year’s major long-term support (LTS) kernel, something many users and distributions care about.

Here’s a breakdown of the most significant changes and improvements in this release:

Core Improvements: Performance, Memory, Infrastructure

• The kernel’s memory allocation subsystem gets a major upgrade with “sheaves”, a per-CPU caching layer for slab allocations. This reduces locking overhead and speeds up memory allocation and freeing, improving overall system responsiveness.

• A new device-mapper target dm-pcache arrives, enabling use of persistent memory (e.g. NVDIMM/CXL) as a cache layer for block devices, useful for systems with fast non-volatile memory, SSDs, or hybrid storage.

• Overall memory management and swapping performance have been improved, which should help under memory pressure or heavy workloads.

Networking & Security Enhancements

• Networking gets a boost: support for Accurate Explicit Congestion Notification (AccECN) in TCP, which can provide better congestion signals and more efficient network behaviour under load.

• A new option for PSP-encrypted TCP connections has been added, a fresh attempt to push more secure transport-layer encryption (like a more efficient alternative to IPsec/TLS for some workloads) under kernel control.

• The kernel now supports cryptographically signed BPF programs (eBPF), so BPF bytecode loaded at runtime can be verified for integrity. This is a noteworthy security hardening step.

• The overall security infrastructure and auditing path, including multi-LSM (Linux Security Modules) support, has been refined, improving compatibility for setups using SELinux, AppArmor, or similar simultaneously.

Hardware, Drivers & Architecture Coverage

• Kernel 6.18 brings enhanced hardware support: updated and new drivers for many platforms across architectures (x86_64, ARM, RISC-V, MIPS, etc.), including improvements for GPUs, CPU power management, storage controllers, and more.

• In particular, support for newer SoCs, chipsets, and embedded-board device trees has been extended, beneficial for people using SBCs, ARM-based laptops/boards, or niche hardware.

• For gaming rigs, laptops, and desktops alike: improvements to drivers, power-state management, and performance tuning may lead to better overall hardware efficiency.

Go to Full Article

by George Whittaker Introduction

If you use Linux and occasionally run Windows applications, whether via native Wine or through gaming layers like Proton, you’ll appreciate what just dropped in Wine 10.19. Released November 14 2025, this version brings a major enhancement: official support for Windows reparse points, a filesystem feature many Windows apps rely on, and a host of other compatibility upgrades.

In simpler terms: Wine now understands more of the Windows filesystem semantics, which means fewer workarounds, better application compatibility, and smoother experiences for many games and tools previously finicky under Linux.

What Are Reparse Points & Why They Matter Understanding Reparse Points

On Windows, a reparse point is a filesystem object (file or directory) that carries additional data, often used for symbolic links, junctions, mount points, or other redirection features. When an application opens or queries a file, the OS may check the reparse tag to determine special behavior (for example “redirect this file open to this other path”).

Because many Windows apps, installers, games, DRM systems, file-managers, use reparse points for features like directory redirection, path abstractions, or filesystem overlays, lacking full support for them in Wine means those apps often misbehave.

What Wine 10.19 Adds

With Wine 10.19, support for these reparse point mechanisms has been implemented in key filesystem APIs: for example NtQueryDirectoryFile, GetFileInfo, file attribute tags, and DeleteFile/RemoveDirectory for reparse objects.

This means that in Wine 10.19:

• Windows apps that create or manage symbolic links, directory junctions or mount-point style re-parsing will now function correctly in many more cases.

• Installers or frameworks that rely on “when opening path X, redirect to path Y” will work with less tinkering.

• Games or utilities that check for reparse tags or use directory redirections will have fewer “stuck” behaviors or missing files.

In effect, this is a step toward closer to native behavior for Windows file-system semantics under Linux.

Other Key Highlights in Wine 10.19

Beyond reparse points, the release brings several notable improvements:

• Expanded support for WinRT exceptions (Windows Runtime error handling) meaning better compatibility for Universal Windows Platform (UWP) apps and newer Windows-based frameworks.

• Refactoring of “Common Controls” (COMCTL32) following the version 5 vs version 6 split, which helps GUI applications that rely on older controls or expect mixed versions.

Go to Full Article

by George Whittaker Introduction

Mozilla has rolled out Firefox 145, a significant update that brings a range of usability, security and privacy enhancements, while marking a clear turning point by discontinuing official support for 32-bit Linux systems. For users on older hardware or legacy distros, this change means it’s time to consider moving to a 64-bit environment or opting for a supported version.

Here’s a detailed look at what’s new, what’s changed, and what you need to know.

Major Changes in Firefox 145 End of 32-Bit Linux Builds

One of the headline items in this release is Mozilla’s decision to stop building and distributing Firefox for 32-bit x86 Linux. As per their announcement:

“32-bit Linux (on x86) is no longer widely supported by the vast majority of Linux distributions, and maintaining Firefox on this platform has become increasingly difficult and unreliable.”

From Firefox 145 onward, only 64-bit (x86_64) and relevant 64-bit architectures (such as ARM64) will be officially supported. For those still running 32-bit Linux builds, Mozilla recommends migrating to 64-bit or switching to the Extended Support Release (ESR) branch (Firefox 140 ESR) which still supports 32-bit for a limited period.

Usability & Interface Enhancements

Firefox 145 brings several improvements designed to make everyday web browsing smoother and more flexible:

• PDF viewer enhancements: You can now add, edit, and delete comments in PDFs, and a comments sidebar helps you easily navigate your annotations.

• Tab-group preview: When you hover over the name of a collapsed tab group, a thumbnail preview of the tabs inside appears, helpful for reorganizing or returning to work.

• Access saved passwords from the sidebar, without needing to open a new tab or window.

• “Open links from apps next to your active tab” setting: When enabled, links opened from external applications insert next to your current tab instead of at the end of the tab bar.

• Slight UI refinements: Buttons, input fields, tabs and other elements get more rounded edges, horizontal tabs are redesigned to align with vertical-tab aesthetics.

Privacy, Security & Under-the-Hood Upgrades

Mozilla has also doubled down on privacy and risk reduction:

• Fingerprinting defenses: Firefox 145 introduces new anti-fingerprinting techniques that Mozilla estimates reduce the number of users identified as unique by nearly half when Private Browsing mode or Enhanced Tracking Protection (strict) is used.

Go to Full Article

by George Whittaker Introduction

The team behind MX Linux has just released version 25, carrying the codename “Infinity”, and it brings a significant upgrade by building upon the stable base of Debian 13 “Trixie”. Released on November 9, 2025, this edition doesn’t just refresh the desktop, it introduces modernized tooling, updated kernels, dual init-options, and installer enhancements aimed at both newcomers and long-time users.

In the sections that follow, we’ll walk through the key new features of MX Linux 25, what’s changed for each desktop edition, recommended upgrade or fresh-install paths, and why this release matters in the wider Linux-distribution ecosystem.

What’s New in MX Linux 25 “Infinity”

Here are the headline changes and improvements that define this release:

Debian 13 “Trixie” Base

By moving to Debian 13, Infinity inherits all the stability, security updates, and broader hardware support of the latest Debian stable release. The base system now aligns with Trixie’s libraries, kernels, and architecture support.

Kernel Choices & Hardware Support

• The standard editions ship with the Linux 6.12 LTS kernel series, offering a solid baseline for most hardware.

• For newer hardware or advanced users, the “AHS” (Advanced Hardware Support) variants and the KDE Plasma edition adopt a Liquorix-flavored Linux 6.16 (or 6.15 in some variants) kernel, maximizing performance and compatibility with cutting-edge setups.

Dual Init Option: systemd and SysVinit

Traditionally associated with lighter-weight init options, MX Linux now offers both systemd by default and SysVinit editions (particularly for Xfce and Fluxbox variants). This gives users the freedom to choose their init system preference without losing new features.

Updated Desktop Environments

• Xfce edition: Ships with Xfce 4.20. Improvements include a revamped Whisker Menu, updated archive management tools (Engrampa replacing File Roller in some editions).

• KDE Plasma edition: Uses KDE Plasma 6.3.6, defaults to Wayland for a modern session experience (with X11 still optionally available), adds root-actions and service menus to Dolphin, and switches TLP out for power-profiles-daemon to resolve power widget issues.

• Fluxbox edition: Offers a more minimal, highly customizable environment: new panel layouts, updated “appfinder” configs for Rofi, toolbar changes and themes refined. Defaults the audio player to Audacious (instead of the older DeaDBeeF).

Go to Full Article

by George Whittaker

Arch Linux has shipped its November 2025 ISO snapshot (2025.11.01), and while Arch remains a rolling distribution, these monthly images are a big deal, especially for new installs, labs, and homelab deployments. This time, the ISO lands alongside two important pieces:

• Archinstall 3.0.12 – a more polished, smarter TUI installer

• Pacman 7.1 – a package manager update with stricter security and better tooling

If you’ve been thinking about spinning up a fresh Arch box, or you’re curious what changed under the hood, this release is a very nice jumping-on point.

Why Arch Still Ships Monthly ISOs in a Rolling World

Arch is famous for its “install once, update forever” model. Technically, you could install from a two-year-old image and just run:

sudo pacman -Syu

…but in practice, that’s painful:

• Huge initial update downloads

• Possible breakage jumping across many months of changes

• Outdated installer tooling

That’s why the project publishes a monthly snapshot ISO: it rolls all current packages into a fresh image so you:

• Start with a current kernel and userland

• Spend less time updating right after install

• Get the latest Archinstall baked in (or just a pacman -Sy archinstall away)

The 2025.11.01 ISO is exactly that: Arch as of early November 2025, ready to go.

What’s Inside the November 2025 ISO (2025.11.01)

The November snapshot doesn’t introduce new features by itself, it’s a frozen image of current Arch, but a few details are worth calling out:

• Ships with a Linux 6.17.x kernel, including improved AMD/Intel GPU support and updated Btrfs bits.

• Includes all the usual base packages plus current toolchains, drivers, and desktop stacks from the rolling repos.

• The image is intended only for new installs; existing Arch systems should keep using pacman -Syu for upgrades.

You can download it from the official Arch Linux download page or via BitTorrent mirrors.

One small twist: the ISO itself still ships with Archinstall 3.0.11, but 3.0.12 was released the same day – so we’ll grab the newer version from the repos before running the installer.

Archinstall 3.0.12: What’s Actually New?

Archinstall has evolved from “nice experiment” to “pretty solid way to install Arch” if you don’t want to script everything yourself. Version 3.0.12 is a refinement release focused on stability, storage, and bootloader logic.

Go to Full Article

by George Whittaker

AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number generator.

Here’s a clear breakdown of what’s going on, how bad it really is, and what you should do if you’re running Zen 5.

What AMD Just Confirmed

AMD’s security bulletin AMD-SB-7055, now tracked as CVE-2025-62626, describes a bug in the RDSEED instruction on Zen 5 processors. Under certain conditions, the CPU can:

• Return the value 0 from RDSEED far more often than true randomness would allow

• Still signal “success” (carry flag CF=1), so software thinks it got a good random value

The issue affects the 16-bit and 32-bit forms of RDSEED on Zen 5; the 64-bit form is not affected.

Because RDSEED is used to feed cryptographically secure random number generators (CSPRNGs), a broken RDSEED can poison keys, tokens, and other security-critical values.

AMD classifies the impact as:

Loss of confidentiality and integrity (High severity).

How the Vulnerability Works (In Plain English) What RDSEED Is Supposed to Do

Modern CPUs expose hardware instructions like RDRAND and RDSEED:

• RDRAND: Gives you pseudo-random values from a DRBG that’s already been seeded.

• RDSEED: Gives you raw entropy samples suitable for seeding cryptographic PRNGs (it should be very close to truly random).

Software like TLS libraries, key generators, HSM emulators, and OS RNGs may rely directly or indirectly on RDSEED to bootstrap secure randomness.

What’s Going Wrong on Zen 5

On affected Zen 5 CPUs:

• The 16-bit and 32-bit RDSEED variants sometimes return 0 much more often than a true random source should.

• Even worse, they simultaneously report success (CF=1), so software assumes the value is fine rather than retrying.

In cryptographic terms, this means:

• Entropy can be dramatically reduced (many key bits become predictable or even fixed).

• Keys or nonces derived from those values can become partially or fully guessable.

Go to Full Article

by George Whittaker

The Linux kernel, foundational for servers, desktops, embedded systems, and cloud infrastructure, has been under heightened scrutiny. Several vulnerabilities have been exploited in real-world attacks, targeting critical subsystems and isolation layers. In this article, we’ll walk through major examples, explain their significance, and offer actionable guidance for defenders.

CVE-2025-21756 – Use-After-Free in the vsock Subsystem

One of the most alarming flaws this year involves a use-after-free vulnerability in the Linux kernel’s vsock implementation (Virtual Socket), which enables communication between virtual machines and their hosts.

How the exploit works: A malicious actor inside a VM (or other privileged context) manipulates reference counters when a vsock transport is reassigned. The code ends up freeing a socket object while it’s still in use, enabling memory corruption and potentially root-level access.

Why it matters: Since vsock is used for VM-to-host and inter-VM communication, this flaw breaks a key isolation barrier. In multi-tenant cloud environments or container hosts that expose vsock endpoints, the impact can be severe.

Mitigation: Kernel maintainers have released patches. If your systems run hosts, hypervisors, or other environments where vsock is present, make sure the kernel is updated and virtualization subsystems are patched.

CVE-2025-38236 – Out-of-Bounds / Sandbox Escape via UNIX Domain Sockets

Another high-impact vulnerability involves the UNIX domain socket interface and the MSG_OOB flag. The bug was publicly detailed in August 2025 and is already in active discussion.

Attack scenario: A process running inside a sandbox (for example a browser renderer) can exploit MSG_OOB operations on a UNIX domain socket to trigger a use-after-free or out-of-bounds read/write. That allows leaking kernel pointers or memory and then chaining to full kernel privilege escalation.

Why it matters: This vulnerability is especially dangerous because it bridges from a low-privilege sandboxed process to kernel-level compromise. Many systems assume sandboxed code is safe; this attack undermines that assumption.

Mitigation: Distributions and vendors (like browser teams) have disabled or restricted MSG_OOB usage for sandboxed contexts. Kernel patches are available. Systems that run browser sandboxes or other sandboxed processes need to apply these updates immediately.

CVE-2025-38352 – TOCTOU Race Condition in POSIX CPU Timers

In September 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Go to Full Article

by George Whittaker

The speculation around a successor to the Steam Deck has stirred renewed excitement, not just for a new handheld, but for what it signals in Linux-based gaming. With whispers of next-gen specs, deeper integration of SteamOS, and an evolving handheld PC ecosystem, these rumors are fueling broader hopes that Linux gaming is entering a more mature age. In this article we look at the existing rumors, how they tie into the Linux gaming landscape, why this matters, and what to watch.

What the Rumours Suggest

Although Valve has kept things quiet, multiple credible outlets report about the Steam Deck 2 being in development and potentially arriving well after 2026. Some of the key tid-bits:

• Editorials note that Valve isn’t planning a mere spec refresh; it wants a “generational leap in compute without sacrificing battery life”.

• A leaked hardware slide pointed to an AMD “Magnus”-class APU built on Zen 6 architecture being tied to next-gen handhelds, including speculation about the Steam Deck 2.

• One hardware leaker (KeplerL2) cited a possible 2028 launch window for the Steam Deck 2, which would make it roughly 6 years after the original.

• Valve’s own design leads have publicly stated that a refresh with only 20-30% more performance is “not meaningful enough”, implying they’re waiting for a more substantial upgrade.

In short: while nothing is official yet, there’s strong evidence that Valve is working on the next iteration and wants it to be a noteworthy jump, not just a minor update.

Why This Matters for Linux Gaming

The rumoured arrival of the Steam Deck 2 isn’t just about hardware, it reflects and could accelerate key inflection points for Linux & gaming:

Validation of SteamOS & Linux Gaming

The original Steam Deck, running SteamOS (a Linux-based OS), helped prove that PC gaming doesn’t always require Windows. A well-received successor would further validate Linux as a first-class gaming platform, not a niche alternative but a mainstream choice.

Handheld PC Ecosystem Momentum

Since the first Deck, many Windows-based handhelds have entered the market (such as the ROG Ally, Lenovo Legion Go). Rumours of the Deck 2 keep spotlight on the form factor and raise expectations for Linux-native handhelds. This momentum helps encourage driver, compatibility and OS investments from the broader community.

Go to Full Article

by George Whittaker Introduction

The popular penetration-testing distribution Kali Linux has dropped its latest quarterly snapshot: version 2025.3. This release continues the tradition of the rolling-release model used by the project, offering users and security professionals a refreshed toolkit, broader hardware support (especially wireless), and infrastructure enhancements under the hood. With this update, the distribution aims to streamline lab setups, bolster wireless hacking capabilities (particularly on Raspberry Pi devices), and integrate modern workflows including automated VMs and LLM-based tooling.

In this article, we’ll walk through the key highlights of Kali Linux 2025.3, how the changes affect users (both old and new), the upgrade path, and what to keep in mind for real-world deployment.

What’s New in Kali Linux 2025.3

This snapshot from the Kali team brings several categories of improvements: tooling, wireless/hardware support, architecture changes, virtualization/image workflows, UI and plugin tweaks. Below is a breakdown of the major updates.

Tooling Additions: Ten Fresh Packages

One of the headline items is the addition of ten new security tools to the Kali repositories. These tools reflect shifts in the field, toward AI-augmented recon, advanced wireless simulation and pivoting, and updated attack surface coverage. Among the additions are:

• Caido and Caido-cli – a client-server web-security auditing toolkit (graphical client + backend).

• Detect It Easy (DiE) – a utility for identifying file types, a useful tool in reverse engineering workflows.

• Gemini CLI – an open-source AI agent that integrates Google’s Gemini (or similar LLM) capabilities into the terminal environment.

• krbrelayx – a toolkit focused on Kerberos relaying/unconstrained delegation attacks.

• ligolo-mp – a multiplayer pivoting solution for network-lateral movement.

• llm-tools-nmap – allows large-language-model workflows to drive Nmap scans (automated/discovery).

• mcp-kali-server – configuration tooling to connect an AI agent to Kali infrastructure.

• patchleaks – a tool that detects security-fix patches and provides detailed descriptions (useful both for defenders and auditors).

• vwifi-dkms – enables creation of “dummy” Wi-Fi networks (virtual wireless interfaces) for advanced wireless testing and hacking exercises.

Go to Full Article

by George Whittaker Introduction

In the world of modern CPUs, speculative execution, where a processor guesses ahead on branches and executes instructions before the actual code path is confirmed, has long been recognized as a performance booster. However, it has also given rise to a class of vulnerabilities collectively known as “Spectre” attacks, where microarchitectural side states (such as the branch target buffer, caches, or predictor state) are mis-exploited to leak sensitive data.

Now, a new attack variant, dubbed VMScape, exposes a previously under-appreciated weakness: the isolation between a guest virtual machine and its host (or hypervisor) in the branch predictor domain. In simpler terms: a malicious VM can influence the CPU’s branch predictor in such a way that when control returns to the host, secrets in the host or hypervisor can be exposed. This has major implications for cloud security, virtualization environments, and kernel/hypervisor protections.

In this article we’ll walk through how VMScape works, the CPUs and environments it affects, how the Linux kernel and hypervisors are mitigating it, and what users, cloud operators and admins should know (and do).

What VMScape Is & Why It Matters The Basics of Speculative Side-Channels

Speculative execution vulnerabilities like Spectre exploit the gap between architectural state (what the software sees as completed instructions) and microarchitectural state (what the CPU has done internally, such as cache loads, branch predictor updates, etc). Even when speculative paths are rolled back architecturally, side-effects in the microarchitecture can remain and be probed by attackers.

One of the original variants, Spectre-BTI (Branch Target Injection, also called Spectre v2) leveraged the Branch Target Buffer (BTB) / predictor to redirect speculative execution along attacker-controlled paths. Over time, hardware and software mitigations (IBRS, eIBRS, IBPB, STIBP) have been introduced. But VMScape shows that when virtualization enters the picture, the isolation assumptions break down.

VMScape: Guest to Host via Branch Predictor

VMScape (tracked as CVE‑2025‑40300) is described by researchers from ETH Zürich as “the first Spectre-based end-to-end exploit in which a malicious guest VM can leak arbitrary sensitive information from the host domain/hypervisor, without requiring host code modifications and in default configuration.”

Here are the key elements making VMScape significant:

• The attack is cross-virtualization: a guest VM influences the host’s branch predictor state (not just within the guest).

Go to Full Article

by George Whittaker Introduction

Modern computing systems rely heavily on operating-system schedulers to allocate CPU time fairly and efficiently. Yet many of these schedulers operate blindly with respect to the meaning of workloads: they cannot distinguish, for example, whether a task is latency-sensitive or batch-oriented. This mismatch, between application semantics and scheduler heuristics, is often referred to as the semantic gap.

A recent research framework called SchedCP aims to close that gap. By using autonomous LLM‐based agents, the system analyzes workload characteristics, selects or synthesizes custom scheduling policies, and safely deploys them into the kernel, without human intervention. This represents a meaningful step toward self-optimizing, application-aware kernels.

In this article we will explore what SchedCP is, how it works under the hood, the evidence of its effectiveness, real-world implications, and what caveats remain.

Why the Problem Matters

At the heart of the issue is that general-purpose schedulers (for example the Linux kernel’s default policy) assume broad fairness, rather than tailoring scheduling to what your application cares about. For instance:

• A video-streaming service may care most about minimal tail latency.

• A CI/CD build system may care most about throughput and job completion time.

• A cloud analytics job may prefer maximum utilisation of cores with less concern for interactive responsiveness.

Traditional schedulers treat all tasks mostly the same, tuning knobs generically. As a result, systems often sacrifice optimisation opportunities. Some prior efforts have used reinforcement-learning techniques to tune scheduler parameters, but these approaches have limitations: slow convergence, limited generalisation, and weak reasoning about why a workload behaves as it does.

SchedCP starts from the observation that large language models can reason semantically about workloads (expressed in plain language or structured summaries), propose new scheduling strategies, and generate code via eBPF that is loaded into the kernel via the sched_ext interface. Thus, a custom scheduler (or modified policy) can be developed specifically for a given workload scenario, and in a self-service, automated way.

Architecture & Key Components

SchedCP comprises two primary subsystems: a control-plane framework and an agent loop that interacts with it. The framework decouples “what to optimise” (reasoning) from “how to act” (execution) in order to preserve kernel stability while enabling powerful optimisations.

Here are the major components:

Go to Full Article

by George Whittaker Introduction

After years of debate and development, bcachefs—a modern copy-on-write filesystem once merged into the Linux kernel—is being removed from mainline. As of kernel 6.17, the in-kernel implementation has been excised, and future use is expected via an out-of-tree DKMS module. This marks a turning point for the bcachefs project, raising questions about its stability, adoption, and relationship with the kernel development community.

In this article, we’ll explore the background of bcachefs, the sequence of events leading to its removal, the technical and community dynamics involved, and implications for users, distributions, and the filesystem’s future.

What Is Bcachefs?

Before diving into the removal, let’s recap what bcachefs is and why it attracted attention.

• Origin & goals: Developed by Kent Overstreet, bcachefs emerged from ideas in the earlier bcache project (a block-device caching layer). It aimed to build a full-featured, general-purpose filesystem combining performance, reliability, and modern features (snapshots, compression, encryption) in a coherent design.

• Mainline inclusion: Bcachefs was merged into the mainline kernel in version 6.7 (released January 2024) after a lengthy review and incubation period.

• “Experimental” classification: Even after being part of the kernel, bcachefs always carried disclaimers about its maturity and stability—they were not necessarily recommends for production use by all users.

Its presence in mainline gave distributions a path to ship it more casually, and users had easier access without building external modules—an important convenience for adoption.

What Led to the Removal

The excision of bcachefs from the kernel was not sudden but the culmination of tension over development practices, patch acceptance timing, and upstream policy norms.

“Externally Maintained” status in 6.17

In kernel 6.17’s preparation, maintainers marked bcachefs as “externally maintained.” Though the code remained present, the change signified that upstream would no longer accept new patches or updates within the kernel tree.

This move allowed a transitional period. The code was “frozen” inside the tree to avoid breaking existing systems immediately, while preparation was made for future removal.

Go to Full Article

by George Whittaker Introduction

The Linux Mint team has officially unveiled Linux Mint 22.2, codenamed “Zara”, on September 4, 2025. As a Long-Term Support (LTS) release, Zara will receive updates through 2029, promising users stability, incremental improvements, and a comfortable desktop experience.

This version is not about flashy overhauls; rather, it’s about refinement — applying polish to existing features, smoothing rough edges, weaving in new conveniences (like fingerprint login), and improving compatibility with modern hardware. Below, we’ll delve into what’s new in Zara, what users should know before upgrading, and how it continues Mint’s philosophy of combining usability, reliability, and elegance.

What’s New in Linux Mint 22.2 “Zara”

Here’s a breakdown of key changes, refinements, and enhancements in Zara.

Base, Support & Kernel Stack

• Ubuntu 24.04 (Noble) base: Zara continues to use Ubuntu 24.04 as its upstream base, ensuring broad package compatibility and long-term security support.

• Kernel 6.14 (HWE): The default kernel for new installations is 6.14, bringing support for newer hardware.

• However — for existing systems upgraded from Mint 22 or 22.1 — the older kernel (6.8 LTS) remains the default, because 6.14’s support window is shorter.

• Zara is an LTS edition, with security updates and maintenance promised through 2029.

Major Features & Enhancements Fingerprint Authentication via Fingwit

Zara introduces a first-party tool called Fingwit to manage fingerprint-based authentication. With compatible hardware and support via the libfprint framework, users can:

• Enroll fingerprints

• Use fingerprint login for the screensaver

• Authenticate sudo commands

• Launch administrative tools via pkexec using the fingerprint

• In some cases, bypass password entry at login (unless home directory encryption or keyring constraints force password fallback)

It is important to note that fingerprint login on the actual login screen may be disabled or limited depending on encryption or keyring usage; in those cases, the system falls back to password entry.

UI & Theming Refinements

• Sticky Notes app now sports rounded corners, improved Wayland compatibility, and a companion Android app named StyncyNotes (available via F-Droid) to sync notes across devices.

Go to Full Article

by George Whittaker Introduction

In early September 2025, Ubuntu users globally experienced disruptive delays in installing updates and new packages. What seemed like a fleeting outage—only about 36 minutes of server downtime—triggered a cascade of effects: mirrors lagging, queued requests overflowing, and installations hanging for days. The incident exposed how fragile parts of Ubuntu’s update infrastructure can be under sudden load.

In this article, we’ll walk through what happened, why the fallout was so severe, how Canonical responded, and lessons for users and infrastructure architects alike.

What Happened: Outage & Immediate Impact

On September 5, 2025, Canonical’s archive servers—specifically archive.ubuntu.com and security.ubuntu.com—suffered an unplanned outage. The status page for Canonical showed the incident lasting roughly 36 minutes, after which operations were declared “resolved.”

However, that brief disruption set off a domino effect. Because the archives and security servers serve as the central hubs for Ubuntu’s package ecosystem, any downtime causes massive backlog among mirror servers and client requests. Mirrors found themselves out of sync, processing queues piled up, and users attempting updates or new installs encountered failed downloads, hung operations, or “404 / package not found” errors.

On Ubuntu’s community forums, Canonical acknowledged that while the server outage was short, the upload / processing queue for security and repository updates had become “obscenely” backlogged. Users were urged to be patient, as there was no immediate workaround.

Throughout September 5–7, users continued reporting incomplete or failed updates, slow mirror responses, and installations freezing mid-process. Even newly provisioning systems faced broken repos due to inconsistent mirror states.

By September 8, the situation largely stabilized: mirrors caught up, package availability resumed, and normal update flows returned. But the extended period of degraded service had already left many users frustrated.

Why a Short Outage Turned into Days of Disruption

At first blush, 36 minutes seems trivial. Why did it have such prolonged consequences? Several factors contributed:

1. Centralized repository backplane Ubuntu’s infrastructure is architected around central canonical repositories (archive, security) which then propagate to mirrors worldwide. When the central system is unavailable, mirrors stop receiving updates and become stale.

Go to Full Article

by George Whittaker Introduction

Android has long been focused on running mobile apps, but in recent years, features aimed at developers and power users have begun pushing its boundaries. One exciting frontier: running full Linux graphical (GUI) applications on Android devices. What was once a novelty is now gradually becoming more viable, and recent developments point toward much smoother, GPU-accelerated Linux GUI experiences on Android.

In this article, we’ll trace how Linux apps have run on Android so far, explain the new architecture changes enabling GPU rendering, showcase early demonstrations, discuss remaining hurdles, and look at where this capability is headed.

The State of Linux on Android Today The Linux Terminal App

Google’s Linux Terminal app is the core interface for running Linux environments on Android. It spins up a virtual machine (VM), often booting Debian or similar, and lets users enter a shell, install packages, run command-line tools, etc.

Initially, the app was limited purely to text / terminal-based Linux programs; graphical apps were not supported meaningfully. More recently, Google introduced support for launching GUI Linux applications in experimental channels.

Limitations: Rendering & Performance

Even now, most GUI Linux apps on Android are rendered in software, that is, all drawing happens on the CPU (via a software renderer) rather than using the device’s GPU. This leads to sluggish UI, high CPU usage, more thermal stress, and shorter battery life.

Because of these limitations, running heavy GUI apps (graphics editors, games, desktop-level toolkits) has been more experimental than practical.

What’s Changing: GPU-Accelerated Rendering

The big leap forward is moving from CPU rendering to GPU-accelerated rendering, letting the device’s graphics hardware do the heavy lifting.

Lavapipe (Current Baseline)

At present, the Linux VM uses Lavapipe (a Mesa software rasterizer) to interpret GPU API calls on the CPU. This works, but is inefficient, especially for complex GUIs or animations.

Introducing gfxstream

Google is planning to integrate gfxstream into the Linux Terminal app. gfxstream is a GPU virtualization / forwarding technology: rather than reinterpreting graphics calls in software, it forwards them from the guest (Linux VM) to the host’s GPU directly. This avoids CPU overhead and enables near-native rendering speeds.

Go to Full Article

by George Whittaker Introduction

Fedora’s beta releases offer one of the earliest glimpses into the next major version of the distribution — letting users and developers poke, test, and report issues before the final version ships. With Fedora 43 Beta, released on September 16, 2025, the community begins the final stretch toward the stable Fedora 43.

This beta is largely feature-complete: developers hope it will closely match what the final release looks like (barring last-minute fixes). The goal is to surface regression bugs, UX issues, and compatibility problems before Fedora 43 is broadly adopted.

Release & Availability

The Fedora Project published the beta across multiple editions and media — Workstation, KDE Plasma, Server, IoT, Cloud, and spins/labs where applicable. ISO images are available for download from the official Fedora servers.

Users already running Fedora 42 can upgrade via the DNF system-upgrade mechanism. Some spins (e.g. Mate or i3) are not fully available across all architectures yet.

Because it’s a beta, users should be ready to encounter bugs. Fedora encourages testers to file issues via the QA mailing list or Fedora’s issue tracking infrastructure.

Major New Features & Changes

Fedora 43 Beta brings many updates under the hood — some in visible user features, others in core tooling and system behavior.

Kernel, Desktop & Session Updates

• Fedora 43 Beta is built on Linux kernel 6.17.

• The Workstation edition features GNOME 49.

• In a bold shift, Fedora removes GNOME X11 packages for the Workstation, making Wayland-only the default and only session for GNOME. Existing users are migrated to Wayland.

• On KDE, Fedora 43 Beta ships with KDE Plasma 6.4 in the Plasma edition.

Installer & Package Management

• Fedora’s Anaconda installer gets a WebUI by default for all Spins, providing a more unified and modern install experience across desktop variants.

• The installer now uses DNF5 internally, phasing out DNF4 which is now in maintenance mode.

• Auto-updates are enabled by default in Fedora Kinoite, ensuring that systems apply updates seamlessly in the background with minimal user intervention.

Programming & Core Tooling Updates

• The Python version in Fedora 43 Beta moves to 3.14, an early adoption to catch bugs before the upstream release.

Go to Full Article