When one of open source’s favorite cloud hosts went dark, even LWN.net blinked. Here’s what happened—and why it matters.
The post Power Outage at Newark Data Center Disrupts Linode, Took LWN Offline appeared first on Linux Today.
This release ports the VU Meter plugin to the GTK build and adds support for outdated ReplayGain tags in Opus files.
The post Audacious 4.5 Open-Source Audio Player Adds Playback History Plugin, Winamp 2.9 Skin appeared first on Linux Today.
Discover the exciting features of Debian 13, set to launch with the latest KDE Plasma 6.3.6 desktop environment. Explore enhancements and improvements today!
The post Debian 13 to Ship with KDE Plasma 6.3.6 Desktop Environment appeared first on Linux Today.
Discover the latest in Linux news with our Weekly Wrap-Up for Week 30 (Jul 21 – 27, 2025). Stay informed on trends, updates, and community highlights.
The post Linuxiac Weekly Wrap-Up: Week 30 (Jul 21 – 27, 2025) appeared first on Linux Today.
Discover the 15 best free and open source Linux web servers. Enhance your hosting experience with powerful, flexible, and cost-effective solutions.
The post 15 Best Free and Open Source Linux Web Servers appeared first on Linux Today.
I benchmark the Firefly AIBOX-3588S and compare it to single board computers (both ARM and RISC-V) as well as an Intel N100 Mini PC.
The post Benchmarking the Firefly AIBOX-3588S Embedded Fanless PC appeared first on Linux Today.
Discover the 9 best free and open source translators that enhance your language skills. Explore powerful tools for seamless communication and translation.
The post 9 Best Free and Open Source Translators appeared first on Linux Today.
Need Google Chrome on your Enterprise Linux system? Here’s how to install it on Rocky Linux 10.
The post How to Install Google Chrome on Rocky Linux 10 appeared first on Linux Today.
Shotcut 25.07 video editor adds a new Speech to Text model downloader, brings new System and System Fusion UI themes, and more.
The post Shotcut 25.07 Video Editor Adds Speech-to-Text Model appeared first on Linux Today.
Ever wondered which countries love Arch Linux the most or what desktop environment, browser, or shell its users prefer? Here are the answers.
The post Insights Into Arch Linux Users’ Preferences appeared first on Linux Today.
Flatpak promises a secure runtime for Linux applications through container-like isolation, relying on bubblewrap namespaces, syscall filtering, and portal interfaces. In theory, each app should operate inside a strong sandbox, disconnected from the host system. But in reality, experience shows gaps, tiny cracks through which apps may escape with serious consequences.
Flatpak applications begin life in a highly-restricted environment: no network by default, no access to host files beyond the runtime and a private data directory, limited syscalls, and restricted access to session or system services. Portals provide a controlled channel for granting specific capabilities (e.g. file dialogs, screenshot, printing) without broad privileges.
Yet, many Flatpak packages declare broad permissions like filesystem=home
, filesystem=host
, or device=all
. That effectively grants full read-write access to the user's home directory or even system devices, defeating the purpose of the sandbox in practice. Users often assume that 'sandboxed' means locked-down, but blanket permissions expose them to risk.
Security researcher Gergo Koteles uncovered a high-severity vulnerability where malicious Flatpak apps could craft a .desktop
file via the org.freedesktop.portal.Background.RequestBackground
interface. That tricked Flatpak’s --command=
parsing into injecting bwrap
arguments (e.g. --bind
). This allowed arbitrary host commands to execute outside the sandbox boundary. Versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8 were affected. Patched in the listed versions and mitigated in xdg-desktop-portal 1.18.4 and newer.
A Flatpak flag, --persist
(or persistent=
in manifest), allows apps writable storage within their data directory. But if a malicious install replaces that directory with a symlink pointing to sensitive host folders (e.g. ~/.ssh
), the sandbox mount entry follows it into the real filesystem, giving the app unintended access to files outside its name-spaced area. All versions up to 1.14.8 and 1.15.x ≤ 1.15.9 are vulnerable; patched in 1.14.10 and 1.15.10+.
A detailed study of hundreds of Flatpak and Snap packages found that nearly 42% of Flatpak apps either override the supposed isolation or misconfigure sandboxing, resulting in overprivilege or potential escape paths. Crafting fine-grained sandbox policy is hard, and mistakes slip through easily.
On February 27, 2024, the Tails Project unveiled version 6.0, a milestone release built atop Debian 12 “Bookworm” and GNOME 43 . Tails, short for The Amnesic Incognito Live System, is engineered from the ground up to prevent data leakage, protect against targeted surveillance, and ensure that every use leaves no trace unless explicitly permitted . Version 6.0 refines this mission with a bold suite of features tailored to block modern surveillance tactics.
Live USBs are critical lifelines for persistence in Tails. Now, Tails 6.0 alerts users when underlying storage suffers read/write errors. This early detection, prior to catastrophic data loss, allows users to back up their encrypted areas before disaster strikes .
Defense Against Rogue USB DevicesOne of the stealthiest attack vectors involves plugging in malicious USB gear while a device is unattended. Tails now ignores any USB device connected while the screen is locked. Only when the screen is unlocked can new USB devices be activated, closing the door on rubber‑duckying-style malware delivery .
Plug in a flash drive or encrypted external disk while Tails is unlocked, and the system now instantly mounts the device and prompts for decryption (e.g. VeraCrypt volumes), smoothing workflow while preserving safeguards .
Ambient Display Options for Privacy-Conscious UseGNOME 43 brings native support for dark mode, night‑light warm tones, or combinations thereof, all accessible via the system menu. These modes reduce eye strain and lower screen glare in sensitive situations, minimizing accidental disclosure in low-light settings .
Simplified Screenshots and Screencast AccessThrough a redesigned system menu, users can now take screenshots or record screencasts with a few clicks—reducing reliance on external tools and minimizing exposure via unnecessary browser or app use .
Streamlined Gmail Setup in ThunderbirdConfiguring a Gmail account is now smoother: Tails 6.0 allows direct sign‑in within Thunderbird using standard two-step verification, no manual IMAP or security adjustments required, eliminating error-prone manual steps .
In recent times, two critical Linux security frameworks, AppArmor and SELinux, have seen noteworthy acceleration in real-world deployment. As Linux continues to anchor enterprise, container, cloud, and desktop systems, these Mandatory Access Control (MAC) tools have crossed threshold events signaling broader acceptance. This article examines those pivotal inflection points, dives into why they matter, and offers reflections on the shifting landscape of Linux security.
Originally conceived by the NSA and later shepherded by Red Hat, SELinux added powerful MAC controls to Linux by the early 2000s. Since being fully embedded into the Linux 2.6.x kernel, SELinux has steadily expanded its reach. It has become the default security layer on Red Hat Enterprise Linux, Fedora, and their derivatives, and integrated into Debian 9+, plus Ubuntu from version 8.04. Android further embraced SELinux starting from version 4.3, marking its normalization in mobile devices.
But the most recent watershed occurred in early 2025: openSUSE Tumbleweed made SELinux the default MAC for new installations beginning with snapshot 20250211, accompanied by minimalVM images running in enforcing mode. Existing installations remain unaffected unless manually migrated, and AppArmor remains an installer option. Moreover, openSUSE Leap 16 will be shipping with SELinux in enforcing mode by default, affirming a full shift within SUSE ecosystems.
This chain of events reflects a conscious pivot in favor of SELinux across both SUSE and community platforms, aligning them more closely with enterprise-grade security policies.
AppArmor’s Established ReachAppArmor, originally named SubDomain in the late '90s, emerged from Immunix and later became a core tool in SUSE distributions. It officially became part of the Linux kernel in version 2.6.36 around October 2010. Ubuntu began shipping it by default starting with 7.10; by 8.04, CUPS was protected. Over the following releases, its scope widened to include MySQL, libvirt, browser sessions, and more. In Debian 10 ("Buster"), released July 2019, AppArmor became enabled by default, anchoring its adoption across Debian-based ecosystems.
Privilege escalation in Linux has always walked a tightrope between convenience and risk. sudo
allows users to perform tasks as root without sharing the root password—intuitive, powerful—but also a high-value target for exploits rooted in memory safety bugs. Ubuntu is now pioneering a transition: replacing the traditional C-based sudo
with sudo‑rs, a Rust-powered rewrite engineered for safer root handling.
Built under the Trifecta Tech Foundation’s “Privilege Boundary” initiative, sudo‑rs is a from-scratch implementation of sudo
and su
created in Rust, a language celebrated for its compile-time guarantees against memory mishaps. Designed to behave like the classic “sudo,” it supports user prompts, permission checks, and environment handling, but keeps underlying behavior Turing-equivalent.
Rust’s strict approach to memory usage eradicates whole classes of vulnerabilities—like buffer overflows and use-after-free—that have long plagued system tools. For a utility as privileged as sudo
, these protections offer exponentially greater security value. Ubuntu’s strategy, dubbed “Carefully But Purposefully Oxidising Ubuntu,” is a methodical shift toward memory-safe tooling.
Canonical has announced that Ubuntu 25.10 (“Questing Quokka”), scheduled for October 9, 2025, will ship sudo‑rs as the default /usr/bin/sudo
. This serves as a proving ground ahead of Ubuntu 26.04 LTS (April 2026). Regular users will find no change—commands, flags, and password prompts remain familiar—while Ubuntu monitors real-world feedback.
To deliver a smooth switch, Canonical is funding “Milestone 5” development in sudo‑rs to implement:
NOEXEC for shell escape control,
AppArmor integration,
sudoedit
,
Support for kernels older than 5.9 (critical for Ubuntu 20.04 containers).
A “less‑is‑more” philosophy guides, meaning legacy niche features—like LDAP-based sudoers—might remain absent. But, for most workflows, sudo‑rs should cover every essential feature.
Ubuntu’s old sudo
will still be available in the repositories and can be reselected via the alternatives system. Users needing features not yet ported to sudo‑rs can effortlessly revert.
In an era when remote work, video conferencing, and travel-heavy lifestyles are the norm, users expect laptops to last longer unplugged. Meanwhile, growing awareness of sustainability adds pressure to maximize energy efficiency. Recognizing this mantra, Linux developers have overhauled power-handling strategies, from the kernel core to user-space tools, to meet these expectations in 2025.
Linux 6.8 introduced refined support for newer hardware, including better CPU/GPU idle-state transitions and energy-friendly firmware interfaces.
Linux 6.15, released in May 2025, continues this trend by adding improved power-capping, more regulators, voltage handlers, and enhanced support for ARM, RISC-V, and Intel/AMD CPU power modules.
These enhancements enable finer-grained control over sleep states, clock gating, and dynamic walling-off of unused chip domains, all pivotal for squeezing extra runtime.
MCU-Firmware Communication with FWCTLA new firmware controller (fwctl) infrastructure within 6.15 gives user-space tools secure communication channels with embedded controller features, making tasks like adjusting battery charge thresholds more accessible and scriptable.
Both intel_pstate and amd_pstate drivers continue evolving. Passive and conservative CPU governors now dynamically adapt based on workload profiles, delivering noticeable battery gains with minimal performance loss.
Low-Power On-Battery GPU ModesGraphics subsystems are smarter about sleep:
Intel's Arc and DG2 families now feature improved idle ramp-down behaviors for better battery performance.
For AMD users, the transition from generic AMDGPU RADEON_POWER_PROFILE settings to fwctl-control offers more granular DPM tuning on laptops, especially under battery constraints.
The adoption of ACPI 6.6 and expanded kernel support for S0ix and modern-sleep states allow laptops to hang out in ultra-low-power standby, extending idle time battery life. Suspend-to-disk and resume logic also got less noisy, reducing spur-of-the-moment wake-ups that were draining battery life for many users.
When Rust first made its way into the Linux kernel in late 2022 (mainline inclusion began with version 6.1), it didn’t merely introduce a new programming language, it marked a profound shift in how we ensure operating system resilience. This article dives into why that matters, how it’s being implemented, and what it could mean for Linux’s long-term robustness.
For over three decades, the Linux kernel has been maintained in C, a language that offers both raw control and notorious pitfalls. Manual memory juggling in C leads to high-risk bugs: buffer overflows, phantom pointers, heap corruption, and race conditions. In fact, memory safety issues account for around two-thirds of all kernel vulnerabilities.
Enter Rust: a systems language designed to eliminate whole classes of these errors through strict compile-time checks, without sacrificing low-level efficiency.
Rust’s most powerful features for kernel reliability include:
Ownership semantics & the borrow checker These enforce rules about who owns a piece of memory at compile-time, no dangling pointers, no double frees.
No runtime garbage collector All abstractions compile down to efficient machine code, ensuring performance remains rock-solid.
Race elimination for free Rust-language concurrency prevents data races statically, eliminating a whole breed of timing-related bugs.
Combined, these attributes strip away entire categories of vulnerabilities that plague C-based code.
The groundwork for Rust modules in Linux was laid with kernel 6.1, and by version 6.8, the first experimental Rust drivers, covering areas like network PHYs and panic QR logging, were accepted. These drivers coexist with traditional C components, forming a hybrid architecture where Rust is used for new drivers while C remains the backbone.
Crucially, this integration includes:
A Rust bindings crate to interface safely with C internals.
A kernel crate that wraps core kernel structures and APIs for Rust consumption.
This layering enables gradual Rust adoption, developed drivers, not wholesale rewrites.
Evidence is already showing promise:
Memory safety vulnerabilities drop out as code gets written in Rust, tackling roughly two-thirds of past CVEs.
Kernel maintainers are noticeably more comfortable merging Rust patches, citing the added rigor from the borrow checker.
The landscape of desktop operating systems has witnessed a notable transformation in 2025. Linux, once considered a niche player, has achieved a significant milestone by capturing 4.7% of the global desktop market share. This achievement underscores a growing trend of users seeking alternatives to traditional operating systems.
Linux's journey to its current standing has been marked by steady growth:
July 2022: 2.76%
July 2023: 3.12%
July 2024: 4.44%
June 2025: 4.7%
This upward trend reflects a combination of technological advancements and shifting user preferences.
The gaming sector has played a pivotal role in Linux's rising popularity. Valve's Steam Deck, a handheld gaming device running on Linux-based SteamOS, has introduced a new audience to the capabilities of Linux. Additionally, compatibility layers like Proton have enhanced the gaming experience on Linux platforms.
2. Enhanced Hardware SupportModern Linux distributions have significantly improved hardware compatibility, making installation and daily use more seamless for users across various devices.
3. Cost-Effective SolutionsThe open-source nature of Linux offers a free alternative to proprietary operating systems, appealing to both individual users and organizations aiming to reduce software licensing costs.
4. Regional Adoption PatternsCertain regions have exhibited higher adoption rates. In the United States, Linux's desktop market share reached 5.03% in June 2025. In India, the figure stood at 16.21% as of July 2024. These statistics highlight the global appeal and adaptability of Linux.
The diversity of Linux distributions, while offering flexibility, can lead to inconsistencies in user experience and software compatibility.
Despite progress, some proprietary applications and games remain inaccessible or require complex configurations on Linux systems.
2. Software AvailabilityDespite progress, some proprietary applications and games remain inaccessible or require complex configurations on Linux systems.
Released on March 24, 2025, Linux Kernel 6.14 introduces significant enhancements for Intel and AMD processors, focusing on performance, power efficiency, and hardware compatibility. These updates are particularly beneficial for users leveraging the latest CPU architectures and AI-driven workloads.
Linux 6.14 extends support to Intel's forthcoming Panther Lake CPUs, incorporating thermal driver support for improved power efficiency and enabling Ultra-High Bit Rate (UHBR) modes via DisplayPort on Thunderbolt's Alt-Mode. This advancement allows for 10G and 20G UHBR modes, enhancing display capabilities for devices equipped with Xe3 graphics.
Additionally, preparations for Intel's Clearwater Forest server processors are underway, with the inclusion of EDAC (Error Detection and Correction) driver support and readiness of the Turbostat tool for monitoring.
Performance and Virtualization ImprovementsThe kernel introduces Translation Lookaside Buffer (TLB) flushing scalability optimizations, reducing overhead during context switches and improving overall system performance. Enhancements to the x86 Kernel-based Virtual Machine (KVM) also contribute to better virtualization support, benefiting environments that rely on virtual machines.
A notable addition in Linux 6.14 is the AMD XDNA driver, providing support for AMD's Neural Processing Units (NPUs) integrated into Ryzen AI processors. This driver facilitates AI workloads, such as machine learning applications, by enabling efficient execution of tasks like convolutional neural networks and large language models.
Power Management and Performance TweaksThe AMD P-State driver receives updates, including dynamic ranking of preferred CPU cores and defaulting to the 'balance_performance' Energy Performance Policy (EPP) on Ryzen and EPYC processors. These changes aim to optimize power consumption without compromising performance.
Furthermore, encryption performance sees a 2-3% boost for AES-GCM and AES-XTS standards on Zen 4 and Zen 5 processors, enhancing data security operations.
Beyond CPU-specific enhancements, Linux 6.14 introduces the NTSYNC driver, improving compatibility and performance for Windows games emulated via Wine and Proton. The kernel also expands support to accommodate up to 4,096 CPU cores, doubling the previous limit and catering to high-performance computing environments. Additionally, improvements in suspend/resume functionality enhance power management for various devices.