Linux News3 things Linux users always get wrong
But these mistakes are also easy to fix.
An investigation of the forces behind the age-verification bills
Reddit user "Ok_Lingonberry3296" has posted the results of an extensive investigation into the companies that are pushing US state legislatures to enact age-verification bills. I've been pulling public records on the wave of "age verification" bills moving through US state legislatures. IRS 990 filings, Senate lobbying disclosures, state ethics databases, campaign finance records, corporate registries, WHOIS lookups, Wayback Machine archives. What started as curiosity about who was pushing these bills turned into documenting a coordinated influence operation that, from a privacy standpoint, is building surveillance infrastructure at the operating system level while the company behind it faces zero new requirements for its own platforms. (See also this article for a look at the California law.)
A set of AppArmor vulnerabilities
Qualys has sent out a somewhat breathless advisory describing a number of vulnerabilities in the AppArmor security module, which is used in a number of Debian-based distributions (among others). This "CrackArmor" advisory exposes a confused-deputy flaw allowing unprivileged users to manipulate security profiles via pseudo-files, bypass user-namespace restrictions, and execute arbitrary code within the kernel. These flaws facilitate local privilege escalation to root through complex interactions with tools like Sudo and Postfix, alongside denial-of-service attacks via stack exhaustion and Kernel Address Space Layout Randomization (KASLR) bypasses via out-of-bounds reads.
[$] More timing side-channels for the page cache
In 2019, researchers published a way to identify which file-backed pages were being accessed on a system using timing information from the page cache, leading to a handful of unpleasant consequences and a change to the design of the mincore() system call. Discussion at the time led to a number of ad-hoc patches to address the problem. The lack of new page-cache attacks suggested that attempts to fix things in a piecemeal fashion had succeeded. Now, however, Sudheendra Raghav Neela, Jonas Juffinger, Lukas Maar, and Daniel Gruss have found a new set of holes in the Linux kernel's page-cache-timing protections that allow the same general class of attack.
Panther Lake Tuning For The Intel Idle Driver In Linux 7.1
While the Linux support for Intel Core Ultra Series 3 Panther Lake is largely in good shape as shown in my numerous articles over the past month and a half, there are occasional missing remnants landing in the kernel. As the latest example, or the upcoming Linux 7.1 kernel, the unified Panther Lake C-States table is being added for the Intel Idle driver...
Security updates for Friday
Security updates have been issued by Debian (chromium, kernel, and multipart), Fedora (dnf5, dr_libs, easyrpg-player, libmaxminddb, python3.12, strongswan, task, and udisks2), Oracle (.NET 10.0, .NET 8.0, .NET 9.0, gnutls, ImageMagick, kernel, libvpx, mingw-libpng, nginx:1.26, python3.11, and uek-kernel), Red Hat (delve, git-lfs, mingw-libpng, osbuild-composer, and rhc-worker-playbook), SUSE (cjson, curl, dnsdist, libsoup2, postgresql16, postgresql17, postgresql18, python-lxml_html_clean, python-pypdf2, python36, and thunderbird), and Ubuntu (dotnet8, dotnet9, dotnet10, freetype, golang-github-go-git-go-git, golang-golang-x-net, openssh, python-cryptography, sudo, and util-linux).
4 Microsoft Copilot Linux alternatives that are just as good (if not better)
Wondering if Linux has AI companions that are as accessible, capable, and easy to use as Microsoft Copilot? Try these AI alternatives for Linux.
What to Expect from Krita Digital Painting App in 2026
Krita developers outline their 2026 roadmap, focusing on a mobile-friendly interface, faster performance, improved color management, and a potential new file format.
Linux Kernel API Specification Framework Advances Past RFC Stage
After going through five rounds of review under a Request For Comments (RFC) flag, today the latest round of Kernel API Specification Framework patches were sent out with the RFC flag removed...
These 4 distros tried to reinvent Linux (but failed)
These distros took big risks and lost.
Linux 6.12 Through Linux 7.0 File-System Benchmarks For EXT4 + XFS
Earlier this month were various Linux 7.0 file-system benchmarks showing how XFS is leading the race in the overall upstream Linux file-system performance on this forthcoming kernel. Stemming from that testing some premium supporters requested a fresh look at the historical performance of XFS as well as EXT4. So today's article is a look at how XFS and EXT4 have performed on every kernel release going back to Linux 6.12 LTS.
Intel Xe Driver In Linux 7.1 Preps For Intel Nova Lake P, Introduces VM_BIND DECOMPRESS
Sent out this week were more Intel Xe driver feature patches to DRM-Next for queuing ahead of next month's Linux 7.1 merge window...
Vulkan 1.4.346 Released With Notable VK_KHR_device_address_commands
Vulkan 1.4.346 was published today with one big new extension in tow: VK_KHR_device_address_commands...
FreeRDP 3.24 Released With Security Fixes & Improved X11 Client Support
FreeRDP as this open-source and cross-platform Remote Desktop Protocol (RDP) implementation is out with FreeRDP 3.24 to ship new security fixes as well as other improvements...
JSFX on Fedora Linux: an ultra-fast audio prototyping engine
Introduction Writing a real-time audio plugin on Linux often conjures up images of a complex environment: C++, toolchains, CMake, CLAP / VST3 / LV2 SDK, ABI… However, there is a much simpler approach : JSFX This article offers a practical introduction to JSFX and YSFX on Fedora Linux: we’ll write some small examples, add a graphical […]