cm0002

The Tails project has announced the release of Tails 7.2, a new version of the privacy-focused Linux distribution that routes all internet connections through the Tor network.

The update’s highlight is the upgrade to Tor Browser 15.0.1, introducing a trio of interface improvements inherited from Firefox 140. These include vertical tabs, tab groups, and a redesigned address bar with enhanced search.

The Linux kernel's port to the DEC Alpha processors remains alive over 30 years after these processors first appeared.

Sent out yesterday was a pull request for the DEC Alpha code with the sole change of introducing another maintainer for the Alpha port. That change is now merged for Linux 6.18 with having another recognized maintainer of the Alpha code within the Linux kernel.

Canonical has significantly expanded the scope of its enterprise offering by extending the Ubuntu Pro Legacy add-on, which now brings the total lifecycle for Ubuntu LTS releases to 15 years.

The change applies retroactively, starting with Ubuntu 14.04 LTS (Trusty Tahr), providing organizations with a longer, more predictable maintenance horizon for mission-critical systems.

Many distributions provide support out of the proverbial box for Flatpak packages, but Fedora is unusual in that it also provides, and defaults, to its own repository of Fedora-built Flatpaks. This has been a source of confusion for Fedora users, who expect to get the Flatpak built by the original developers and hosted on Flathub. It has also been a source of conflict with upstream projects, because users complain of bugs in Flatpak packages they are not responsible for. The situation has also frustrated some Fedora developers, who would prefer to offer put Flathub's offerings first. A new complaint that Fedora has apparently used manifests from Flathub to build the packages for Fedora—without giving credit to the original authors—has spurred discussions about Fedora's Flatpaks once again. While no concrete changes are on the table, yet, there may be some movement toward addressing persistent complaints.

Any developer or project can provide a repository with their software in Flatpak format; however, Flathub is the de facto hosting service for Flatpaks these days. Projects that publish Flatpaks expect users to get them from Flathub, and users looking for software would generally expect to get the Flathub version of a Flatpak.

Patches posted to the Linux kernel mailing list this week are seeking to remove SHA1 support for signing of kernel modules. This is part of the larger effort in the industry for moving away from SHA1 given its vulnerabilities to hash collisions and superior hashing algorithms being available.

SUSE engineer Petr Pavlu sent out the patch set this week to remove SHA1 support for module signing within the Linux kernel. He noted on that patch series:

"SHA-1 is considered deprecated and insecure due to vulnerabilities that can lead to hash collisions. Most distributions have already been using SHA-2 for module signing because of this. The default was also changed last year from SHA-1 to SHA-512 in f3b93547b91a ("module: sign with sha512 instead of sha1 by default"). This was not reported to cause any issues. Therefore, it now seems to be a good time to remove SHA-1 support for module signing.

Looking at the configs of several distributions, it seems only Android still uses SHA-1 for module signing."

Microsoft has launched a new rewards program offering Chrome users "real cash value" points to switch to Edge browser[^1]. When users search for "Chrome" on Bing, they receive a prompt offering 1,300 Microsoft Rewards points that can be exchanged for gift cards, including on Amazon[^1].

The Browser Choice Alliance, representing Chrome, Opera and Vivaldi, criticizes this as Microsoft's latest tactic to manipulate browser choice, following earlier practices like "forced resets, misleading prompts, and hidden settings"[^1].

The market context shows why Microsoft is pursuing this strategy - Edge holds less than 9% market share compared to Chrome's 78%[^1]. The rewards program appears targeted specifically at Chrome users, with Windows Latest noting "we're not seeing ads for other browsers, such as Opera, Firefox or Brave"[^1].

[^1]: Forbes - Microsoft Offers Chrome Users 'Real Cash' Rewards To Change Browser

A disturbing email released as part of the House Oversight Committee’s 20,000-page document dump on Wednesday revealed a chummy relationship between Jeffrey Epstein and Tom Barrack, a private equity investor who currently serves as the U.S. ambassador to Turkey.

Republicans on the House committee made the Epstein-related files public after Democrats on the committee released a handful of damning emails between the late sex offender and journalist Michael Wolff earlier in the day.

In the emails, Epstein asserts that President Donald Trump not only knew about the parade of young and underage girls he sexually exploited but had once spent “hours” with one of them.

In March 2016, Epstein emailed Barrack: “send photos of you and child. — make me smile.”

collapsed inline media