Feed aggregator

Talos is a specialist Linux-based operating system for running Kubernetes, an open-source system for automating deployment, scaling and management of containerised applications. Minimal, immutable and hardened, it does not offer any shell or interactive console; instead, all system management is done via remote Application Programming Interface (API) calls, where messages sent from a client application are protected with mutual Transport Layer Security TLS (mTLS) authentication. Talos also delivers atomic updates, thus maintaining the Linux and Kubernetes versions up-to-date. Talos is developed in the USA by Sidero Labs, Inc.

Version:next-20251209 (linux-next) Released:2025-12-09

HackerOS is a live Linux distribution based on Debian's "Testing" branch and designed for regular users, gamers and cybersecurity enthusiasts. Some of its features include an optimised XanMod Linux kernel for faster boot times and reduced resource usage, out-of-the-box support for NVIDIA graphics cards, and a collection of cybersecurity tools, such as enhanced firewalls and intrusion detection software. The distribution uses the KDE Plasma desktop.

Kicksecure is a security-hardened Linux distribution based on Debian's "Stable" branch, with Xfce as the default desktop user interface. It is a hardened operating system designed to be resistant to viruses, malware and attacks, and extensively reconfigured in accordance with an advanced multi-layer defense model, thereby providing in-depth security. Kicksecure provides protection from many types of malware in its default configuration with no customization required.

The Internet Engineering Task Force (IETF) is the standards body responsible for the TLS encryption standard — which your browser is using right now to allow you to read LWN.net. As part of its work to keep TLS secure, the IETF has been entertaining proposals to adopt "post-quantum" cryptography (that is, cryptography that is not known to be easily broken by a quantum computer) for TLS version 1.3. Discussion of the proposal has exposed a large disagreement between participants who worried about weakened security and others who worried about weakened marketability.

Jon Seager, VP of engineering for Canonical, has announced a plan to develop a universal Public Key Infrastructure tool called upki:

Earlier this year, LWN featured an excellent article titled "Linux's missing CRL infrastructure". The article highlighted a number of key issues surrounding traditional Public Key Infrastructure (PKI), but critically noted how even the available measures are effectively ignored by the majority of system-level software on Linux.

One of the motivators for the discussion is that the Online Certificate Status Protocol (OCSP) will cease to be supported by Let's Encrypt. The remaining alternative is to use Certificate Revocation Lists (CRLs), yet there is little or no support for managing (or even querying) these lists in most Linux system utilities.

To solve this, I'm happy to share that in partnership with rustls maintainers Dirkjan Ochtman and Joe Birr-Pixton, we're starting the development of upki: a universal PKI tool. This project initially aims to close the revocation gap through the combination of a new system utility and eventual library support for common TLS/SSL libraries such as OpenSSL, GnuTLS and rustls.

No code is available as of yet, but the announcement indicates that upki will be available as an opt-in preview for Ubuntu 26.04 LTS. Thanks to Dirjan Ochtman for the tip.

Manjaro Linux is a fast, user-friendly, desktop-oriented operating system based on Arch Linux. Key features include intuitive installation process, automatic hardware detection, stable rolling-release model, ability to install multiple kernels, special Bash scripts for managing graphics drivers and extensive desktop configurability. Manjaro Linux offers Xfce as the core desktop options, as well as KDE, GNOME and a minimalist Net edition for more advanced users. Community-supported desktop flavours are also available.

Security updates have been issued by Debian (ffmpeg, krita, lasso, and libpng1.6), Fedora (abrt, cef, chromium, tinygltf, webkitgtk, and xkbcomp), Oracle (buildah, delve and golang, expat, python-kdcproxy, qt6-qtquick3d, qt6-qtsvg, sssd, thunderbird, and valkey), Red Hat (webkit2gtk3), and SUSE (git-bug, go1, and libpng12-0).

Ventoy LiveCD is a minimalist, single-purpose live CD designed to install the Ventoy application on Windows system. It is based on Porteus Kiosk and uses the Openbox window manager. It can be useful in cases where the standard installation of Ventoy on Windows fails due to Windows-specific restrictions on some low-level operations. Ventoy, an open-source application that facilitates the creation of bootable USB drives from ISO, WIM, IMG, VHD(x) and EFI files, is a useful utility for those who frequently install or test Linux distributions or other open-source operating systems.

MakuluLinux is a rolling-release, desktop distribution based either on Ubuntu's LTS (long-term support) release or Debian's "Testing" branch. It includes pre-installed multimedia codecs, device drivers and software for everyday use. MakuluLinux comes in four editions: "LinDoz" - featuring the Cinnamon desktop with the user interface customised to resemble that of Microsoft Windows, "Core" - presenting a highly customised Xfce desktop environment, "Flash" - providing a standard Xfce desktop, and finally "Shift" - delivering a pre-configured GNOME desktop environment.

As has been recently announced, nominations are open for the 2025 Linux Foundation Technical Advisory Board (TAB) elections. I am one of the TAB members whose term is coming to an end, but I have decided that, after 18 years on the board, I will not be seeking re-election; instead, I will step aside and make room for a fresh voice. My time on the TAB has been rewarding, and I will be sad to leave; the TAB has an important role to play in the functioning of the kernel community.

Version:next-20251208 (linux-next) Released:2025-12-08

Gentoo Linux is a versatile and fast, completely free Linux distribution geared towards developers and network professionals. Unlike other distros, Gentoo Linux has an advanced package management system called Portage. Portage is a true ports system in the tradition of BSD ports, but is Python-based and sports a number of advanced features including dependencies, fine-grained package management, "fake" (OpenBSD-style) installs, safe unmerging, system profiles, virtual packages, config file management, and more.

Founded in 2014 by Oliver Pinter and Shawn Webb, HardenedBSD is a security-enhanced fork of FreeBSD. The HardenedBSD Project is implementing many exploit mitigation and security technologies on top of FreeBSD. The project started with Address Space Layout Randomization (ASLR) as an initial focal point and is now implementing further exploit mitigation techniques.

StratOS Linux is an Arch-based Linux distribution which uses scripts from Bedrock Linux to include various packages and repositories from other Linux distributions. It provides several desktop variants featuring the GNOME desktop as well as the Hyprland and the Niri Wayland compositors. The project also develops several custom tools, such as StratVIM (a fork of the Neovim text editor), Rockers (a custom package manager wrapper able to fetch and install binary and source packages from other Linux distributions and from Flatpaks), Stratmacs (a custom Emacs configuration), grab (a fetch script), and Maneki-Neko (a Welcome application).

Whonix is an operating system focused on anonymity, privacy and security. It is based on the Tor anonymity network, Debian GNU/Linux and security by isolation. Whonix consists of two parts: One solely runs Tor and acts as a gateway, which is called Whonix-Gateway. The other, which is called Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. With Whonix, you can use applications and run servers anonymously over the Internet. DNS leaks are impossible, and even malware with root privileges cannot find out the user's real IP.

Greg Kroah-Hartman has announced the release of the 6.17.11, 6.12.61, 6.6.119, 6.1.159, 5.15.197, and 5.10.247 stable kernels. Each contains important fixes throughout the tree; users of these kernels should upgrade.

CuerdOS is a Debian-based GNU/Linux distribution with focus on stability, efficiency and performance. It comes with a series of optimisations, such as performance and memory consumption improvements. These optimisations are achieved through kernel patching and the Ananicy daemon, the latter of which manages input/output and CPU priorities. The distribution's "Standard" product uses Wayland's Sway compositor by default, but separate "Legacy" and "Community" builds with Budgie, Cinnamon, LXQt, MATE and Xfce desktops are also available.

iDeal OS is a computer operating system, a custom respin of the powerful MX Linux distribution, with the best privacy and security settings enabled by default. The main goals of iDeal OS are privacy and security, offering to surf, shop, trade and bank online with complete peace of mind, without annoying advertisements, tracking, logging, bugs, viruses or unwanted disclosure of personal information. iDeal OS is available in two different editions: "Emerald", which offers applications for everyday computing needs, and "Diamond", with is a powerful digital workstation with a wide range of professional tools.

Zorin OS is an Ubuntu-based Linux distribution designed especially for newcomers to Linux. It has a Windows-like graphical user interface and many programs similar to those found in Windows. Zorin OS also comes with an application that lets users run many Windows programs. The distribution's ultimate goal is to provide a Linux alternative to Windows and let Windows users enjoy all the features of Linux without complications.