Feed aggregator

Hidamari is a Python-based app that offers video wallpaper for Linux and a bit more besides. It’s free and open source software.

The post Linux Candy: Hidamari Is Fun Video Wallpaper for Linux appeared first on Linux Today.

Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could allow attackers to manipulate log content and entries, while the third one – CVE-2025-27610 – is a path traversal vulnerability that may allow attackers to gain unauthorized access to sensitive information.

The post Rack Ruby Vulnerability Could Reveal Secrets to Attackers appeared first on Linux Today.

So, you’ve just installed Ubuntu 25.04 “Plucky Puffin” on your computer—congrats! I recently did the same, and let me tell you, this release feels fresh, fast, and packed with cool features, but as with any new system, there are a few things I always do right after installation to make my setup smoother and more enjoyable.

The post My Experience – Top Things to Do After Installing Ubuntu 25.04 appeared first on Linux Today.

Incus 6.12 container & virtual machine manager adds online VM memory growth, enhanced network ACLs, and reworked logging for better monitoring and flexibility.

The post Incus 6.12 Container & Virtual Machine Manager Released appeared first on Linux Today.

Version:next-20250508 (linux-next) Released:2025-05-08

Lukas Fittl writes in detail on the pganalyze blog about the asynchronous I/O capability coming with the PostgreSQL 18 release.

Asynchronous I/O delivers the most noticeable gains in cloud environments where storage is network-attached, such as Amazon EBS volumes. In these setups, individual disk reads often take multiple milliseconds, introducing substantial latency compared to local SSDs.

With traditional synchronous I/O, each of these reads blocks query execution until the data arrives, leading to idle CPU time and degraded throughput. By contrast, asynchronous I/O allows Postgres to issue multiple read requests in parallel and continue processing while waiting for results. This reduces query latency and enables much more efficient use of available I/O bandwidth and CPU cycles.

Inside this week's LWN.net Weekly Edition:

• Front: Debian and essential packages; Custom BPF OOM killers; Speculation barriers for BPF programs; More LSFMM+BPF 2025 coverage.
• Briefs: Deepin on openSUSE; AUTOSEL; Mission Center 1.0.0; OASIS ODF; Redis license; USENIX ATC; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Version 2025.5 of the Home Assistant home automation system has been released. With this release, the project is celebrating two million active installations. Changes include improvements to the backup system, Z-Wave Long Range support, a number of new integrations, and more.

Anton Protopopov led a short discussion at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit about amount of memory used by hash tables in BPF programs. He thinks that the current memory layout is inefficient, and wants to split the structure that holds table entries into two variants for different kinds of maps. When that proposal proved uncontroversial, he also took the chance to talk about a bug in BPF's call instruction.

The Debian project has the concept of essential packages, which provide the bare minimum functionality considered absolutely necessary (or "essential") for a system to function. Packages tagged as essential, and the packages that are required by the set of essential packages, are always installed as part of a Debian system. However, Debian's packaging rules do not require developers to explicitly declare dependencies on that set of packages (the essential set) but they can simply rely on the fact that those will always be present. That means that changing the essential set, as the project may wish to do occasionally, is more complicated than it should be. This came to light recently when a Debian developer asked what might be required to remove mawk to slim down the project's container images.

The SUSE Security Team has announced the removal of the Deepin Desktop from openSUSE due to violations of the project's packaging policy.

The discovery of the bypass of the security whitelistings via the deepin-feature-enable package marks a turning point in our assessment of Deepin. We don't believe that the openSUSE Deepin packager acted with bad intent when he implemented the "license agreement" dialog to bypass our whitelisting restrictions. The dialog itself makes the security concerns we have transparent, so this does not happen in a sneaky way, at least not towards users. It was not discussed with us, however, and it violates openSUSE packaging policies. Beyond the security aspect, this also affects general packaging quality assurance: the D-Bus configuration files and Polkit policies installed by the deepin-feature-enable package are unknown to the package manager and won't be cleaned up upon package removal, for example. Such bypasses are not deemed acceptable by us.

The combination of these factors led us to the decision to remove the Deepin desktop completely from openSUSE Tumbleweed and from the future Leap 16.0 release. In openSUSE Leap 15.6 we will remove the offending deepin-feature-enable package only. It is a difficult decision given that the Deepin desktop has a considerable number of users. We firmly believe the Deepin packaging and security assessment in openSUSE needs a reboot, however, ideally involving new people that can help get the Deepin packages into shape, establish a relationship with Deepin upstream and keep an eye on bugfixes, thus avoiding fruitless follow-up reviews that just waste our time. In such a new setup we would be willing to have a look at all the sensitive Deepin components again one by one.

The announcement goes into detail about the bypass of openSUSE packaging policy and the history of security reviews of Deepin components. It also offers guidance on continuing to use Deepin Desktop on openSUSE.

Security updates have been issued by Fedora (incus and nodejs20), Red Hat (freetype, kernel, kernel-rt, libsoup, libtiff, redis, redis:6, and thunderbird), SUSE (apparmor, chromium, grafana, ImageMagick, java-11-openjdk, java-17-openjdk, libsoup, libsoup2, libxslt, opensaml, rabbitmq-server, rubygem-rack-1_6, sqlite3, and thunderbird), and Ubuntu (kernel, libfcgi, libraw, libsoup2.4, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oracle, linux-raspi, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure, linux-azure-4.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-azure, linux-azure-6.11, linux-azure-6.8, linux-azure-fips, linux-intel-iot-realtime, linux-realtime, linux-oem-6.11, linux-raspi, linux-realtime, python, python-scrapy, and ruby-carrierwave).

The co-founder of the open-source company Nextcloud reminds us that the free software philosophy that’s the foundation of open source is much more than a software development model.

The post Is Free/Open Source Software Sustainable? appeared first on Linux Today.

Steam releases a new client update that fixes DLC recognition and window startup issues, improving stability across Windows and macOS.

The post Steam Client Update Fixes DLC Recognition appeared first on Linux Today.

Learn how to install PostgreSQL on Ubuntu, update PostgreSQL passwords, and enable remote access for PostgreSQL with practical examples.

The post How to Install and Configure PostgreSQL on Ubuntu 25.04 appeared first on Linux Today.

We’re keeping our fingers crossed that Fedora’s upcoming election will take place without all of the controversies that surrounded Open Source Initiative’s recent board election.

The post Nominations Are Open for Upcoming Fedora Election appeared first on Linux Today.

GStreamer 1.26.1 is here with a bunch of improvements for the dav1d AV1 decoder by adding RGB support and fixing renegotiation and buffer pool handling, Matroska v4 support in the muxer, the awstranslate and speechmatics plugins, and MP4 demuxer uncompressed video handling.

The post GStreamer 1.26.1 Improves dav1d AV1 Decoder, Matroska v4 Support in Muxer appeared first on Linux Today.

Here’s some preliminary information about AlmaLinux OS Foundation’s upcoming board election. We’ll keep you up-to-date as we learn more.

The post After Three Years, AlmaLinux Is Having an Election appeared first on Linux Today.

Windows users can now install AlmaLinux directly from the command line with WSL (Windows Subsystem for Linux) CLI.

The post Installing AlmaLinux on Windows Just Got Easier appeared first on Linux Today.

This detailed tutorial explains what Ubuntu Pro is, why I think it’s worth considering, and how you can get started with Ubuntu pro.

The post How To Enable Ubuntu Pro For FREE To Get 10 Years Of Security Updates appeared first on Linux Today.