LinuxWebLog.com

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: Gnoppix AI Linux 25_10
News: openSUSE updates Tumbleweed's boot loader, Fedora plans improved handling of broken packages, KDE Plasma 6.8 to become Wayland-only, FreeBSD publishes status report
Questions and answers: Does the distribution really matter?
Released last week: Ultramarine Linux 43, AlmaLinux OS 10.1, Rocky....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Armbian is a Linux distribution designed for ARM (and other) development boards. It is usually based on one of the stable or development versions of Debian or Ubuntu. The proejct's latest snapshot is version 25.11.1 and it features a wider range of hardware support and Btrfs boot support.....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The NixOS project has published a new release, NixOS 25.11, which carries the codename Xantusia. The new release offers seven months of support and many updates: "Hey everyone, we are jopejoe1 and Leona Maroni, the release managers of the newest release of NixOS. We are very proud to....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The CachyOS project, which develops a highly-optimised, Arch Linux-based distribution with the latest KDE Plasma as the default live desktop, has updated its ISO image to version 251129: "This is our seventh release this year, bringing better accessibility, changes to mkinitcpio, and more. First, we are pleased to....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The Solus project has published a snapshot of its rolling release distribution. The new version, labelled 4.8, replaces the old software centre, does away with Python 2, and completes the usr-merge process. "In October, we made the jump to a new epoch, the final chapter of our Usr-Merge....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The 4MLinux project has announced a new release of the minimal distribution. 4MLinux 50.0 includes package updates, new games and new file managers. "As always, the new major release has some new features. Support for webcam devices has been greatly improved (via Zbar and V4L2 Viewer). Old (yet....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Bryan Poerwo has announced the release of a brand-new version of EndeavourOS, an Arch Linux-based distribution with a customised KDE Plasma as the default desktop and the Calamares system installer. This new release carries the code name "Ganymede": "The long wait is over, Ganymede has arrived. The live....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Glen MacArthur has announced the release of AV Linux MXE-25, a major update of the project's MX Linux-based distribution designed primarily for content creators, with Enlightenment as the default desktop user interface. The new version is based on the recently-released MX Linux 25. Additionally, a brand-new flavour, called....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Pardus 25.0 has been released. This is a major new update from the project that prioritises the adoption of open-source and free software within the public sector in Türkiye. Pardus 25.0 continues to offer a choice of Xfce and GNOME desktops on its desktop flavours, while also providing....

During last month's KubeCon North America in Atlanta, Kubernetes maintainers announced the upcoming retirement of Ingress NGINX. "Best-effort maintenance will continue until March 2026," noted the Kubernetes SIG Network and the Security Response Committee. "Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered." In a recent op-ed for The Register, Steven J. Vaughan-Nichols reflects on the decision and speculates about what might have prevented this outcome: Ingress NGINX, for those who don't know it, is an ingress controller in Kubernetes clusters that manages and routes external HTTP and HTTPS traffic to the cluster's internal services based on configurable Ingress rules. It acts as a reverse proxy, ensuring that requests from clients outside the cluster are forwarded to the correct backend services within the cluster according to path, domain, and TLS configuration. As such, it's vital for network traffic management and load balancing. You know, the important stuff. Now this longstanding project, once celebrated for its flexibility and breadth of features, will soon be "abandonware." So what? After all, it won't be the first time a once-popular program shuffled off the stage. Off the top of my head, dBase, Lotus 1-2-3, and VisiCalc spring to my mind. What's different is that there are still thousands of Ingress NGINX controllers in use. Why is it being put down, then, if it's so popular? Well, there is a good reason. As Tabitha Sable, a staff engineer at Datadog who is also co-chair of the Kubernetes special interest group for security, pointed out: "Ingress NGINX has always struggled with insufficient or barely sufficient maintainership. For years, the project has had only one or two people doing development work, on their own time, after work hours, and on weekends. Last year, the Ingress NGINX maintainers announced their plans to wind down Ingress NGINX and develop a replacement controller together with the Gateway API community. Unfortunately, even that announcement failed to generate additional interest in helping maintain Ingress NGINX or develop InGate to replace it." [...] The final nail in the coffin was when security company Wix found a killer Ingress NGINX security hole. How bad was it? Wix declared: "Exploiting this flaw allows an attacker to execute arbitrary code and access all cluster secrets across namespaces, which could lead to complete cluster takeover." [...] You see, the real problem isn't that Ingress NGINX has a major security problem. Heck, hardly a month goes by without another stop-the-presses Windows bug being uncovered. No, the real issue is that here we have yet another example of a mission-critical open source program no one pays to support...

Read more of this story at Slashdot.

Shoppers in the UK and India can virtually try billions of apparel listings on themselves, just by uploading a photo.

OpenAI has reportedly issued a "code red" on Monday, pausing projects like ads, shopping agents, health tools, and its Pulse assistant to focus entirely on improving ChatGPT. "This includes core features like greater speed and reliability, better personalization, and the ability to answer more questions," reports The Verge, citing a memo reported by the Wall Street Journal and The Information. "There will be a daily call for those tasked with improving the chatbot, the memo said, and Altman encouraged temporary team transfers to speed up development." From the report: The newfound urgency illustrates an inflection point for OpenAI as it spends hundreds of billions of dollars to fund growth and figures out a path to future profitability. It is also something of a full-circle moment in the AI race. Google, which declared its own "code red" after the arrival of ChatGPT, is a particular concern. Google's AI user base is growing -- helped by the success of popular tools like the Nano Banana image model -- and its latest AI model, Gemini 3, blew past its competitors on many industry benchmarks and popular metrics.

Read more of this story at Slashdot.

Apple does not plan to comply with India's mandate to preload its smartphones with a state-owned cyber safety app that cannot be disabled. According to Reuters, the order "sparked surveillance concerns and a political uproar" after it was revealed on Monday. From the report: In the wake of the criticism, India's telecom minister Jyotiraditya M. Scindia on Tuesday said the app was a "voluntary and democratic system," adding that users can choose to activate it and can "easily delete it from their phone at any time." At present, the app can be deleted by users. Scindia did not comment on or clarify the November 28 confidential directive that ordered smartphone makers to start preloading it and ensure "its functionalities are not disabled or restricted." Apple however does not plan to comply with the directive and will tell the government it does not follow such mandates anywhere in the world as they raise a host of privacy and security issues for the company's iOS ecosystem, said two of the industry sources who are familiar with Apple's concerns. They declined to be named publicly as the company's strategy is private. "Its not only like taking a sledgehammer, this is like a double-barrel gun," said the first source.

Read more of this story at Slashdot.

The UK government plans to ban political donations made in cryptocurrency over fears of anonymity, foreign influence, and traceability issues, though the ban won't be ready in time for the upcoming elections bill. The Guardian reports: The government's ambition to ban crypto donations will be a blow to Nigel Farage's Reform UK party, which became the first to accept contributions in digital currency this year. It is believed to have received its first registrable donations in cryptocurrency this autumn and the party has set up its own crypto portal to receive contributions, saying it is subject to "enhanced" checks. Government sources have said ministers believe cryptocurrency donations to be a problem, as they are difficult to trace and could be exploited by foreign powers or criminals. Pat McFadden, then a Cabinet Office minister, first raised the idea in July, saying: "I definitely think it is something that the Electoral Commission should be considering. I think that it's very important that we know who is providing the donation, are they properly registered, what are the bona fides of that donation." The Electoral Commission provides guidance on crypto donations but ministers accept any ban would probably have to come from the government through legislation. "Crypto donations present real risks to our democracy," said Susan Hawley, the executive director of Spotlight on Corruption. "We know that bad actors like Russia use crypto to undermine and interfere in democracies globally, while the difficulties involved in tracing the true source of transactions means that British voters may not know everyone who's funding the parties they vote for."

Read more of this story at Slashdot.

AMD Zen 6 RAS Preparation, AMD SDCI Features Merged For Linux 6.19  Phoronix

AWS is deepening its partnership with Nvidia by adopting "NVLink Fusion" in its upcoming Trainium4 AI chips. "The NVLink technology creates speedy connections between different kinds of chips and is one of Nvidia's crown jewels," notes Reuters. From the report: Nvidia has been pushing to sign up other chip firms to adopt its NVLink technology, with Intel, Qualcomm and now AWS on board. The technology will help AWS build bigger AI servers that can recognize and communicate with one another faster, a critical factor in training large AI models, in which thousands of machines must be strung together. As part of the Nvidia partnership, customers will have access to what AWS is calling AI Factories, exclusive AI infrastructure inside their own data centers for greater speed and readiness. Separately, Amazon said it is rolling out new servers based on a chip called Trainium3. The new servers, available on Tuesday, each contain 144 chips and have more than four times the computing power of AWS's previous generation of AI, while using 40% less power, Dave Brown, vice president of AWS compute and machine learning services, told Reuters. Brown did not give absolute figures on power or performance, but said AWS aims to compete with rivals -- including Nvidia -- based on price. "Together, Nvidia and AWS are creating the compute fabric for the AI industrial revolution - bringing advanced AI to every company, in every country, and accelerating the world's path to intelligence," Nvidia CEO Jensen Huang said in a statement.

Read more of this story at Slashdot.

Linux Mint 22.3 Beta Will Be Released This Month  OMG! Ubuntu

Linux 6.18 Release Improves Gaming, Laptops, and Security  OMG! Ubuntu

An anonymous reader quotes a report from BleepingComputer: The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. The compromise became known when multiple users reported that Play Protect, Android's built-in antivirus module, blocked SmartTube on their devices and warned them of a risk. The developer of SmartTube, Yuriy Yuliskov, admitted that his digital keys were compromised late last week, leading to the injection of malware into the app. Yuliskov revoked the old signature and said he would soon publish a new version with a separate app ID, urging users to move to that one instead. [...] A user who reverse-engineered the compromised SmartTube version number 30.51 found that it includes a hidden native library named libalphasdk.so [VirusTotal]. This library does not exist in the public source code, so it is being injected into release builds. [...] The library runs silently in the background without user interaction, fingerprints the host device, registers it with a remote backend, and periodically sends metrics and retrieves configuration via an encrypted communications channel. All this happens without any visible indication to the user. While there's no evidence of malicious activity such as account theft or participation in DDoS botnets, the risk of enabling such activities at any time is high.

Read more of this story at Slashdot.

Linux usage reaches an all time high on Steam  How-To Geek