You are here

Agreguesi i feed

Why Apache 2.4.64 Is a Must for Securing Linux Web Servers

LinuxSecurity.com - Pre, 11/07/2025 - 9:14md
Sometimes, software updates are just about bug fixes and fine-tuning performance. This one? It's not the kind you can afford to brush off as "I'll get to it next week." Apache HTTP Server 2.4.64 is here, and it's carrying quite a load of security fixes that Linux admins absolutely need to pay attention to. Whether your Apache deployment is running simple HTTP workloads or juggling SSL/TLS-heavy configurations, let's be clear''if you're on anything between 2.4.0 and 2.4.63, your system just got a target painted on it.

next-20250711: linux-next

Kernel Linux - Pre, 11/07/2025 - 11:08pd
Version:next-20250711 (linux-next) Released:2025-07-11

New EU Regulations Require Transparency, Copyright Protection From Powerful AI Systems

Slashdot - Enj, 10/07/2025 - 5:20md
European Union officials unveiled new AI regulations on Thursday that require makers of the most powerful AI systems to improve transparency, limit copyright violations and protect public safety. The rules apply to companies like OpenAI, Microsoft and Google that develop general-purpose AI systems underpinning services like ChatGPT, which can analyze enormous amounts of data and perform human tasks. The code of practice provides concrete details about enforcing the AI Act passed last year, with rules taking effect August 2. EU regulators cannot impose penalties for noncompliance until August 2026. Companies must provide detailed breakdowns of content used for training algorithms and conduct risk assessments to prevent misuse for creating biological weapons. CCIA Europe, representing Amazon, Google and Meta, told New York Times the code imposes a disproportionate burden on AI providers.

Read more of this story at Slashdot.

Intel CEO Says Company Has Fallen From 'Top 10' Semiconductor Firms, 'Too Late' To Catch Nvidia in AI

Slashdot - Enj, 10/07/2025 - 4:42md
Intel CEO Lip-Bu Tan told employees this week that the company has fallen out of the "top 10 semiconductor companies" and that it's "too late" to catch up with Nvidia in AI training technology. The remarks came as Intel began laying off thousands of workers globally, including 529 in Oregon and several hundred others in California, Arizona and Israel. "Twenty, 30 years ago, we are really the leader," Tan said during a conversation broadcast to Intel employees worldwide. "Now I think the world has changed. We are not in the top 10 semiconductor companies." Tan said Nvidia's position in AI training is "too strong" and that customers are giving Intel failing grades. Intel's market value has dropped to around $100 billion, roughly half its value from 18 months ago, while Nvidia briefly hit $4 trillion on Wednesday. Tan said Intel will instead focus on "edge" AI that operates directly on devices rather than centralized computers.

Read more of this story at Slashdot.

6.15.6: stable

Kernel Linux - Enj, 10/07/2025 - 4:09md
Version:6.15.6 (stable) Released:2025-07-10 Source:linux-6.15.6.tar.xz PGP Signature:linux-6.15.6.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.15.6

6.12.37: longterm

Kernel Linux - Enj, 10/07/2025 - 4:05md
Version:6.12.37 (longterm) Released:2025-07-10 Source:linux-6.12.37.tar.xz PGP Signature:linux-6.12.37.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.37

6.6.97: longterm

Kernel Linux - Enj, 10/07/2025 - 4:03md
Version:6.6.97 (longterm) Released:2025-07-10 Source:linux-6.6.97.tar.xz PGP Signature:linux-6.6.97.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.97

Millions of Tonnes of Nanoplastics Are Polluting the Ocean

Slashdot - Enj, 10/07/2025 - 4:02md
Researchers have discovered 27 million tonnes of nanoplastics distributed across just the top layer of the temperate to subtropical North Atlantic Ocean, according to a study published in Nature. The team sampled water at three depths across 12 locations during a November 2020 research cruise, finding average concentrations of 18 milligrams per cubic meter of three plastic types: polyethylene terephthalate, polystyrene and polyvinylchloride. These particles, smaller than one micrometer in diameter, behave differently from larger microplastics by remaining suspended throughout the water column rather than settling to the ocean floor. The nanoplastics can pass through cell walls and enter the marine food web through phytoplankton, said Tony Walker, an environmental scientist at Dalhousie University. The world's oceans contain an estimated 3 million tonnes of floating plastic pollution when excluding nanoplastics.

Read more of this story at Slashdot.

6.1.144: longterm

Kernel Linux - Enj, 10/07/2025 - 4:00md
Version:6.1.144 (longterm) Released:2025-07-10 Source:linux-6.1.144.tar.xz PGP Signature:linux-6.1.144.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.144

5.15.187: longterm

Kernel Linux - Enj, 10/07/2025 - 3:57md
Version:5.15.187 (longterm) Released:2025-07-10 Source:linux-5.15.187.tar.xz PGP Signature:linux-5.15.187.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.187

Jack Dorsey Says His 'Secure' New Bitchat App Has Not Been Tested For Security

Slashdot - Enj, 10/07/2025 - 3:00md
An anonymous reader quotes a report from TechCrunch: On Sunday, Block CEO and Twitter co-founder Jack Dorsey launched an open source chat app called Bitchat, promising to deliver "secure" and "private" messaging without a centralized infrastructure. The app relies on Bluetooth and end-to-end encryption, unlike traditional messaging apps that rely on the internet. By being decentralized, Bitchat has potential for being a secure app in high-risk environments where the internet is monitored or inaccessible. According to Dorsey's white paper detailing the app's protocols and privacy mechanisms, Bitchat's system design "prioritizes" security. But the claims that the app is secure, however, are already facing scrutiny by security researchers, given that the app and its code have not been reviewed or tested for security issues at all -- by Dorsey's own admission. Since launching, Dorsey has added a warning to Bitchat's GitHub page: "This software has not received external security review and may contain vulnerabilities and does not necessarily meet its stated security goals. Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed." This warning now also appears on Bitchat's main GitHub project page but was not there at the time the app debuted. As of Wednesday, Dorsey added: "Work in progress," next to the warning on GitHub. This latest disclaimer came after security researcher Alex Radocea found that it's possible to impersonate someone else and trick a person's contacts into thinking they are talking to the legitimate contact, as the researcher explained in a blog post. Radocea wrote that Bitchat has a "broken identity authentication/verification" system that allows an attacker to intercept someone's "identity key" and "peer id pair" -- essentially a digital handshake that is supposed to establish a trusted connection between two people using the app. Bitchat calls these "Favorite" contacts and marks them with a star icon. The goal of this feature is to allow two Bitchat users to interact, knowing that they are talking to the same person they talked to before.

Read more of this story at Slashdot.

Lennart Poettering: ASG! 2025 CfP Closes Tomorrow!

Planet GNOME - Enj, 12/06/2025 - 2:00pd

The All Systems Go! 2025 Call for Participation Closes Tomorrow!

The Call for Participation (CFP) for All Systems Go! 2025 will close tomorrow, on 13th of June! We’d like to invite you to submit your proposals for consideration to the CFP submission site quickly!

Andy Wingo: whippet in guile hacklog: evacuation

Planet GNOME - Mër, 11/06/2025 - 10:56md

Good evening, hackfolk. A quick note this evening to record a waypoint in my efforts to improve Guile’s memory manager.

So, I got Guile running on top of the Whippet API. This API can be implemented by a number of concrete garbage collector implementations. The implementation backed by the Boehm collector is fine, as expected. The implementation that uses the bump-pointer-allocation-into-holes strategy is less good. The minor reason is heap sizing heuristics; I still get it wrong about when to grow the heap and when not to do so. But the major reason is that non-moving Immix collectors appear to have pathological fragmentation characteristics.

Fragmentation, for our purposes, is memory under the control of the GC which was free after the previous collection, but which the current cycle failed to use for allocation. I have the feeling that for the non-moving Immix-family collector implementations, fragmentation is much higher than for size-segregated freelist-based mark-sweep collectors. For an allocation of, say, 1024 bytes, the collector might have to scan over many smaller holes until you find a hole that is big enough. This wastes free memory. Fragmentation memory is not gone—it is still available for allocation!—but it won’t be allocatable until after the current cycle when we visit all holes again. In Immix, fragmentation wastes allocatable memory during a cycle, hastening collection and causing more frequent whole-heap traversals.

The value proposition of Immix is that if there is too much fragmentation, you can just go into evacuating mode, and probably improve things. I still buy it. However I don’t think that non-moving Immix is a winner. I still need to do more science to know for sure. I need to fix Guile to support the stack-conservative, heap-precise version of the Immix-family collector which will allow for evacuation.

So that’s where I’m at: a load of gnarly Guile refactors to allow for precise tracing of the heap. I probably have another couple weeks left until I can run some tests. Fingers crossed; we’ll see!

Alireza Shabani: Why GNOME’s Translation Platform Is Called “Damned Lies”

Planet GNOME - Mër, 11/06/2025 - 3:32md

Damned Lies is the name of GNOME’s web application for managing localization (l10n) across its projects. But why is it named like this?

Damned Lies about GNOME

On the About page of GNOME’s localization site, the only explanation given for the name Damned Lies is a link to a Wikipedia article called “Lies, damned lies, and statistics.

“Damned Lies” comes from the saying “Lies, damned lies, and statistics” which is a 19th-century phrase used to describe the persuasive power of statistics to bolster weak arguments, as described on Wikipedia. One of its earliest known uses appeared in a 1891 letter to the National Observer, which categorised lies into three types:

“Sir, —It has been wittily remarked that there are three kinds of falsehood: the first is a ‘fib,’ the second is a downright lie, and the third and most aggravated is statistics. It is on statistics and on the absence of statistics that the advocate of national pensions relies …”

To find out more, I asked in GNOME’s i18n Matrix room, and Alexandre Franke helped a lot, he said:

Stats are indeed lies, in many ways. Like if GNOME 48 gets 100% translated in your language on Damned Lies, it doesn’t mean the version of GNOME 48 you have installed on your system is 100% translated, because the former is a real time stat for the branch and the latter is a snapshot (tarball) at a specific time. So 48.1 gets released while the translation is at 99%, and then the translators complete the work, but you won’t get the missing translations until 48.2 gets released. Works the other way around: the translation is at 100% at the time of the release, but then there’s a freeze exception and the stats go 99% while the released version is at 100%. Or you are looking at an old version of GNOME for which there won’t be any new release, which wasn’t fully translated by the time of the latest release, but then a translator decided that they wanted to see 100% because the incomplete translation was not looking as nice as they’d like, and you end up with Damned Lies telling you that version of GNOME was fully translated when it never was and never will be. All that to say that translators need to learn to work smart, at the right time, on the right modules, and not focus on the stats.

So there you have it: Damned Lies is a name that reminds us that numbers and statistics can be misleading even on GNOME’s I10n Web application.

Elizabeth K. Joseph: A VisionFive 2 and a Raspberry Pi 1 B

Planet Ubuntu - Enj, 03/04/2025 - 10:43md

A couple weeks ago I was playing around with a multiple architecture CI setup with another team, and that led me to pull out my StarFive VisionFive 2 SBC again to see where I could make it this time with an install.

I left off about a year ago when I succeeded in getting an older version of Debian on it, but attempts to get the tooling to install a more broadly supported version of U-Boot to the SPI flash were unsuccessful. Then I got pulled away to other things, effectively just bringing my VF2 around to events as a prop for my multiarch talks – which it did beautifully! I even had one conference attendee buy one to play with while sitting in the audience of my talk. Cool.

I was delighted to learn how much progress had been made since I last looked. Canonical has published more formalized documentation: Install Ubuntu on the StarFive VisionFive 2 in the place of what had been a rather cluttered wiki page. So I got all hooked up and began my latest attempt.

My first step was to grab the pre-installed server image. I got that installed, but struggled a little with persistence once I unplugged the USB UART adapter and rebooted. I then decided just to move forward with the Install U-Boot to the SPI flash instructions. I struggled a bit here for two reasons:

  1. The documentation today leads off with having you download the livecd, but you actually want the pre-installed server image to flash U-Boot, the livecd step doesn’t come until later. Admittedly, the instructions do say this, but I wasn’t reading carefully enough and was more focused on the steps.
  2. I couldn’t get the 24.10 pre-installed image to work for flashing U-Boot, but once I went back to the 24.04 pre-installed image it worked.

And then I had to fly across the country. We’re spending a couple weeks around spring break here at our vacation house in Philadelphia, but the good thing about SBCs is that they’re incredibly portable and I just tossed my gear into my backpack and brought it along.

Thanks to Emil Renner Berthing (esmil) on the Ubuntu Matrix server for providing me with enough guidance to figure out where I had gone wrong above, and got me on my way just a few days after we arrived in Philly.

With the newer U-Boot installed, I was able to use the Ubuntu 24.04 livecd image on a micro SD Card to install Ubuntu 24.04 on an NVMe drive! That’s another new change since I last looked at installation, using my little NVMe drive as a target was a lot simpler than it would have been a year ago. In fact, it was rather anticlimactic, hah!

And with that, I was fully logged in to my new system.

elizabeth@r2kt:~$ cat /proc/cpuinfo
processor : 0
hart : 2
isa : rv64imafdc_zicntr_zicsr_zifencei_zihpm_zba_zbb
mmu : sv39
uarch : sifive,u74-mc
mvendorid : 0x489
marchid : 0x8000000000000007
mimpid : 0x4210427
hart isa : rv64imafdc_zicntr_zicsr_zifencei_zihpm_zba_zbb

It has 4 cores, so here’s the full output: vf2-cpus.txt

What will I do with this little single board computer? I don’t know yet. I joked with my husband that I’d “install Debian on it and forget about it like everything else” but I really would like to get past that. I have my little multiarch demo CI project in the wings, and I’ll probably loop it into that.

Since we were in Philly, I had a look over at my long-neglected Raspberry Pi 1B that I have here. When we first moved in, I used it as an ssh tunnel to get to this network from California. It was great for that! But now we have a more sophisticated network setup between the houses with a VLAN that connects them, so the ssh tunnel is unnecessary. In fact, my poor Raspberry Pi fell off the WiFi network when we switched to 802.1X just over a year ago and I never got around to getting it back on the network. I connected it to a keyboard and monitor and started some investigation. Honestly, I’m surprised the little guy was still running, but it’s doing fine!

And it had been chugging along running Rasbian based on Debian 9. Well, that’s worth an upgrade. But not just an upgrade, I didn’t want to stress the device and SD card, so I figured flashing it with the latest version of Raspberry Pi OS was the right way to go. It turns out, it’s been a long time since I’ve done a Raspberry Pi install.

I grabbed the Raspberry Pi Imager and went on my way. It’s really nice. I went with the Raspberry Pi OS Lite install since it’s the RP1, I didn’t want a GUI. The imager asked the usual installation questions, loaded up my SSH key, and I was ready to load it up in my Pi.

The only thing I need to finish sorting out is networking. The old USB WiFi adapter I have it in doesn’t initialize until after it’s booted up, so wpa_supplicant on boot can’t negotiate with the access point. I’ll have to play around with it. And what will I use this for once I do, now that it’s not an SSH tunnel? I’m not sure yet.

I realize this blog post isn’t very deep or technical, but I guess that’s the point. We’ve come a long way in recent years in support for non-x86 architectures, so installation has gotten a lot easier across several of them. If you’re new to playing around with architectures, I’d say it’s a really good time to start. You can hit the ground running with some wins, and then play around as you go with various things you want to help get working. It’s a lot of fun, and the years I spent playing around with Debian on Sparc back in the day definitely laid the groundwork for the job I have at IBM working on mainframes. You never know where a bit of technical curiosity will get you.

Lubuntu Blog: Lubuntu Plucky Puffin Beta Released!

Planet Ubuntu - Enj, 27/03/2025 - 10:02md
Thanks to the hard work of our contributors, we are happy to announce the release of Lubuntu's Plucky Beta, which will become Lubuntu 25.04. This is a snapshot of the daily images. Approximately two months ago, we posted an Alpha-level update. While some information is duplicated below, that contains an accurate, concise technical summary of […]

Faqet

Subscribe to AlbLinux agreguesi