Linux, open source, and security news from across the web.
Plus, Raspberry Pi edition finally catches up
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 8.0, .NET 9.0, bind, expat, httpd:2.4, kernel, kernel-rt, mod_http2, openssl, poppler, redis, redis:7, samba, and unbound), Debian (ironic, kernel-wedge, libinput, linux-base, and neutron), Fedora (kernel, openssl, v…
what shipped: model weights: MIT license (8B MoT + A3B MoT variants) training code: Apache-2.0, based on InternEvo framework, supports 5 task types (text-to-image, image editing, interleaved gen, interleaved understanding, generic multimodal) sequence packing with FlexAttention b…
Comments
The distro ditches systemd as the init system while keeping some key components around.
Security updates have been issued by AlmaLinux (poppler), Debian (dnsmasq, mistral, okular, openssl, poppler, and strongswan), Fedora (exim, firefox, pcs, putty, and xorg-x11-server), Mageia (freeciv, golang-x-net, jq, libssh, libxmp, libxpm, minetest, ruby-net-ssh, tor, and wire…
https://gitlab.com/christosangel/hanoi Hanoi is a simple terminal version of the known classical game Tower of Hanoi, written in Bash. During the game, the user can move left and right, pick disks and drop them in other stacks. The aim is to move all the disks from the ORIGIN pil…
just joking, im running an ai on my pc with a ubuntu server vm and using it at my phone by ssh, its ollama qwen3:4b, because im growing the level of the ai, because i cant put on a super duper cool ai and it gives me a problem because im not using too many cores of my i7-14700k, …
An anonymous reader quotes a report from Ars Technica: Researchers have analyzed a high-severity vulnerability in Linux that's able to escalate untrusted users to root by exploiting a bug you don't often see: a single errant character inside the kernel. The vulnerability, tracked…
Comments
Security updates have been issued by AlmaLinux (bind and libyang), Debian (keystone and openssl), Fedora (mingw-objfw, objfw, sentencepiece, and tailscale), Mageia (packagekit and suricata), Oracle (bind, bind9.16, go-toolset:ol8, ImageMagick, kernel, samba, and vim), SUSE (apach…
Heise is carrying a report from the Linux App Summit, held in Berlin in May. The slightly more than a dozen talks were symbolically framed between the opening keynote by systemd creator Lennart Poettering and the closing talk by Jorge Castro, initiator of the Universal Blue proje…
I've had a thought for a while now that I think could actually really improve the distro ecosystem, both in terms of user freedom and technical merits: most distros should really just be tiny highly modular install script wizards (preferably with a TUI or GUI available) that just…
Security updates have been issued by AlmaLinux (bind, bind9.16, frr, kernel, kernel-rt, libexif, mysql, php, and unbound), Debian (apache2, chromium, glibc, gsasl, jackson-core, libxml2, nginx, request-tracker4, request-tracker5, tomcat10, tomcat11, and tomcat9), Fedora (chromium…
I've been going back and forth on this for a while and figured the people here would have actual experience rather than just opinions. Posting my hardware, what I do with it, and my reasoning, happy to be argued out of it. The hardware Laptop (TongFang barebone): Ryzen 9 9955HX, …
Hey everyone, Like a lot of you, I’ve spent years bouncing between two extremes for configuration management. On one side, you have simple dotfile managers that rely on fragile symlinks. On the other, you have heavy enterprise tools like Ansible, which are incredible but often fe…
This is just a very simple, 100% local STT toggle/CLI tool (open source & Apache-2 licensed) that adheres to the UNIX philosophy, does one job and one job only. Tap once, speak for as long as you want, tap again, transcribed and copied to the clipboard. A native C++ binary that l…
A new npm supply-chain attack has infected 36 packages with Rust-based infostealer malware called IronWorm. According to BleepingComputer, the malware "targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm cred…
Security updates have been issued by AlmaLinux (.NET 10.0, compat-openssl10, compat-openssl11, delve, expat, httpd:2.4, libexif, mod_http2, openssl, ruby4.0, samba, thunderbird, unbound, and vim), Debian (ceph and sudo), Fedora (libsoup3, pie, roundcubemail, and xorg-x11-server-X…
The stable release of systemd 261 is quickly approaching for being found in H2'2026 Linux distributions...
go-touch-grass - is a simple background daemon for linux machine, to track your computer's up time consistently across app startups, daily. it stores simple json object, with in mind of history (flags not added yet). i built this today, just wondering about how systemd works in l…
Been running schema-init as PID 1 on a Fedora 44 / KDE Plasma machine for a few weeks now. Today we closed the last visible rough edge — the boot splash. Things that don't work the way you'd expect without systemd: - Plymouth `script` plugin fails silently on AMD Picasso/Raven DR…
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in …
We added a detection rule for --allow-dangerously-skip-permissions in Claude Desktop. Then we found an attack chain nobody was talking about. "No shell, no impact" is the wrong mental model for AI agents. An agent running with that flag, even with Bash blocked, can still: • Read …
submitted by /u/ouyawei [link] [comments]
Is Linux Mint planning to release an immutable and atomic version? If not, what is the equivalent of Linux Mint that is immutable and atomic? Is there an immutable and atomic distro without systemd? Note: I know there are still very few immutable and atomic distros. Fedora and Un…
Security updates have been issued by AlmaLinux (php:8.2 and php:8.3), Debian (gst-plugins-good1.0, symfony, and yelp), Fedora (dovecot, freeipa, hplip, libpng, perl-Catalyst-Plugin-Authentication, postfix, samba, unbound, and vim), Mageia (assimp, libcaca, sdl2_sound, and tar), S…
Hey everyone, I recently built shellfolio, a portfolio template inspired by Linux terminals I wanted something different from the usual portfolio sites, so I tried to make it feel more like an actual system: a fastfetch-style homepage, a systemd-inspired boot sequence, keyboard-f…
Comments
здравствуйте всем, я сделал свой дистрибутив wilix. он конечно же независимый и с пакетным мененджером wpm (Wilix Package Manager), собственным инитом oneinit. дистрибутив устанавливается на диск, я проверял на своем железе и оно работает и на виртуалке собственно работает. вы мо…
Aikido Security says more than 30 official @redhat-cloud-services npm packages were compromised with a credential-stealing worm called "Miasma," a variant resembling the open-sourced Mini Shai-Hulud supply-chain malware. "The packages were published via GitHub Actions OIDC, indic…
A lot of beginners still copy/paste commands from forums, Discord, or GitHub without checking what they do. So I made a short, dramatic demo showing what happens when you run the infamous destructive command: rm -rf / Don’t worry — everything was done inside a throwaway VirtualBo…
Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivi…
Security updates have been issued by AlmaLinux (.NET 10.0, .NET 9.0, firefox, flatpak, httpd, and thunderbird), Debian (chromium, corosync, cyborg, dovecot, exim4, git-lfs, imagemagick, kernel, keystone, linux-6.1, php-twig, python-aiohttp, sentry-python, swift, and symfony), Fed…
Comments
submitted by /u/somerandomxander [link] [comments]
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The NixOS project has published a new snapshot of its distribution: NixOS 26.05. The new version updates initrdto be based on systemd, plans for the retirement of x86_64-darwin, and updates GNOME to version 50. "sys…
"The Best Code is No Code At All" \~Jeff Atwood \### A new licence has been added Around 15 clauses have been added to our licence; these clauses are as follows:" " These provisions are expected to benefit free software \### Isabelle/HOL ready-to-use folder for mathematical verif…
NixOS 26.05 is out today as the latest version of this Linux distribution built around the Nix package manager...
I recently built VinMail, an interactive CLI mail manager written entirely in Bash that sits on top of msmtp. It lets you manage multiple email accounts from a terminal interface, compose emails with attachments, switch accounts instantly, and optionally GPG-sign messages. The ap…
Hey everyone, I wanted to see if I could build a distributed orchestrator from from scratch without relying on heavy external infrastructure like Postgres, Redis, or Kafka. The strict rule was: everything must run from a single binary. The core engine is zero dependency single ja…
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, cockpit, firefox, flatpak, httpd, kernel, and kernel-rt), Debian (kernel, kitty, lemonldap-ng, nagios4, python-flask-httpauth, and roundcube), Fedora (CImg, gmic, haveged, jpegxl, kernel, libpng, mapserver, mingw…
I recently built VinMail, an interactive CLI mail manager written entirely in Bash that sits on top of msmtp. It lets you manage multiple email accounts from a terminal interface, compose emails with attachments, switch accounts instantly, and optionally GPG-sign messages. The …
I built a tiny command-line tool called bai that takes a plain-English request and turns it into a shell command. Example: sh $ bai find large log files modified this week It prints a command and copies it to the clipboard so you can paste, inspect, edit, or ignore it. It does no…
Security updates have been issued by AlmaLinux (firefox, gdk-pixbuf2, glibc, gnutls, kernel, libexif, mysql8.4, postgresql16, postgresql18, python3.14, ruby:3.3, and ruby:4.0), Debian (krb5, roundcube, starlette, unbound, and varnish), Fedora (kernel, nginx, nginx-mod-brotli, ngi…
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. OviOS Linux is an independent, storage operating system. The project's latest release, version 6, makes some significant changes behind the scenes. One of the key changes is swapping out SysV init in favour of syste…
Most Akira write-ups focus on the ransom note or the encryption routine. By the time those show up the interesting forensic work is over. The questions that matter to defenders sit earlier. How did they get in. When did they get domain admin. What did they touch before the binary…
Security updates have been issued by AlmaLinux (bind, buildah, compat-libtiff3, compat-openssl11, containernetworking-plugins, crun, delve, dnsmasq, dovecot, edk2, firefox, freeipmi, gdk-pixbuf2, giflib, git-lfs, glib2, go-fdo-client, go-fdo-server, golang, grafana, grafana-pcp, …
So I know the past few years have brought a lot of Manjaro hate, but I proudly plodded on, choosing to ignore the rhetoric, given my history of more than 10 years of continuous use. My primary install topped out at over 7 years, despite the drive itself moving between 3 different…
I've been working on hiya, a fingerprint authentication daemon for Linux. It's a drop-in D-Bus replacement for fprintd. It ships a PAM module so fingerprint authentication works for sudo, login, and lock screen. On top of that it adds FIDO2/passkey support and SSH security key su…
Security updates have been issued by Debian (postorius and spip), Fedora (bind, bind-dyndb-ldap, linux-firmware, tor, and unbound), Mageia (ffmpeg, nginx, perl-Imager, and tigervnc, x11-server, x11-server-xwayland), Oracle (firefox and kernel), Red Hat (buildah, git-lfs, go-tools…
Hey GNU folks ,i am going to try to explain myself as best as i can, english is not my first language, so here goes nothing: so I've been working on this little open source tool called Hosomaki that basically reads your system logs and explains what's actually wrong in plain Engl…
Comments
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
I think everyone who use agents should know how harness works and they are honestly pretty simple tools that orchestrate the message context. Earlier I implemented legacy method of payload parsing for tool calling. Later added modern style function tool calling. Learned a lot dur…
Security updates have been issued by Debian (atril, evince, gnutls28, haproxy, haveged, jq, kernel, krb5, libgcrypt20, nodejs, and thunderbird), Fedora (aw-server-rust, awatcher, bind, bind-dyndb-ldap, chromium, composer, docker-buildkit, docker-buildx, dotnet10.0, dotnet8.0, dot…
Hi Reddit, I released an agentic legal system that I have been built for the last 6 months, free. 150,000+ lines of code, 67 specialist agents, nine workflows, and at least ten things inside it that you could make as a separate product. It is released under Apache 2.0. license so…
Linux is supposed to be the bastion of free computing. The fact that distros are even considering complying with age fingerprinting is wild to me. When I first heard the news of California striking at the heart of all operating systems I thought "Windows, of course. Mac? Likely. …
The systemd change that adds a birthDate field to JSON user records is now present in upstream v261-rc1. It is also already in Debian Sid as systemd 261~rc1-1. This is not just an isolated metadata field. It is part of the technical plumbing that can turn general-purpose operatin…
https://transfem.social/notes/amkk9ypcps9a002q Basically when Jorge Castro was asked for clarification on if flatpak 2.0 will be depended on systemd his response was "Are you serious? Of course." Which even though I use systemd distros myself seems like a bit of a problematic sta…