Ancient Slashdot reader jantangring shares a report from Swedish electronics industry news site Elektroniktidningen (translated to English), writing: "Open source code library cURL is removing the possibility to earn money by reporting bugs, hoping that this will reduce the volume of AI slop reports," reports etn.se. "Joshua Rogers -- AI wielding bug hunter of fame -- thinks it's a great idea." cURL maintainer Daniel Stenberg famously reported on the flood AI-generated bad bug reports last year -- "Death by a thousand slops." Now, cURL is removing the bounty payouts as of the end of January.

"We have to try to brake the flood in order not to drown," says cURL maintainer Daniel Stenberg [...]. "Despite being an AI wielding bug hunter himself, Joshua Rogers -- slasher of a hundred bugs -- thinks removing the bounty money is an excellent idea. [...] I think it's a good move and worth a bigger consideration by others. It's ridiculous that it went on for so long to be honest, and I personally would have pulled the plug long ago," he says to etn.se.

The senior editor at the blog Windows Central decries two serious Windows issues "that were not spotted by Microsoft during testing, and are so severe that the company has now issued an emergency fix to address the problems." Microsoft's first update for Windows 11 in 2026 has already caused two major issues that saw users unable to fully shutdown their PCs or sign-in into a device when using Remote Desktop... Being unable to shut down your PC due to a recent OS update is a huge oversight on Microsoft's part, but this is the latest in a long list of updates over the last year to cause a major issue like this... Other issues that have cropped up in Windows 11 in the last year include a bug that caused Task Manager to fail to close when the user exited the application, causing system resources to lock up after a prolonged period of time if the user had opened and closed Task Manager multiple times in a session. Another update caused saw File Explorer flashbang users with a white screen when opening it in dark mode, which appeared in an update that was supposed to improve dark mode on Windows 11...

For whatever reason, the Windows Insider Program doesn't appear to be working anymore, as severe bugs are somehow making it into shipping versions of the OS.
"The out of band updates, KB5077744 and KB5077797, are available now via Windows Update and is rolling out to everybody," they write. "Once installed, your PC should go back to being able to shut down successfully, and signing-in via Remote Desktop should work again."

Microsoft has also officially acknowledged a third bug which crashes Outlook Classic when using POP accounts, according to the blog Windows Latest, which adds that that bug has not yet been fixed.

They've also identified other minor bugs, including "a black screen problem in Windows 11 KB5074109... either due to the update itself or some compatibility issues with GPU drivers." After you install the January 2026 Update, Windows triggers random black screens where the desktop freezes for a second or two, the display goes black, then everything comes back. I can't pinpoint any specific configuration, but I can confirm the black screen issue has been observed on a small subset of PCs with both Nvidia and AMD GPUs. After you install the January 2026 Update, Windows triggers random black screens where the desktop freezes for a second or two, the display goes black, then everything comes back.

A recent Microsoft Patch Tuesday update has introduced a bug in Windows 11 23H2 that causes some PCs to refuse to shut down or hibernate, "no matter how many times you try," reports The Register. From the report: In a notice on its Windows release health dashboard, Microsoft confirmed that some PCs running Windows 11 23H2 might fail to power down properly after installing the latest security updates. Instead of slipping into shutdown or hibernation, affected machines stay stubbornly awake, draining batteries and ignoring shutdown like they have a mind of their own and don't want to experience temporary non-existence.

The bug appears to be tied to Secure Launch, a security feature that uses virtualization-based protections to ensure only trusted components load during boot. On systems with Secure Launch enabled, attempts to shut down, restart, or hibernate after applying the January patches may fail to complete. From the user's perspective, everything looks normal -- until the PC keeps running anyway, refusing to be denied life.

Microsoft says that entering the command "shutdown /s /t 0" at the command prompt will, in fact, force your PC to turn off, whether it wants to or not. "Until this issue is resolved, please ensure you save all your work, and shut down when you are done working on your device to avoid the device running out of power instead of hibernating," Microsoft said.

An anonymous reader shared this report from It's FOSS: Jenny Guanni Qu, a researcher at [VC fund] Pebblebed, analyzed 125,183 bugs from 20 years of Linux kernel development history (on Git). The findings show that the average bug takes 2.1 years to find. [Though the median is 0.7 years, with the average possibly skewed by "outliers" discovered after years of hiding.] The longest-lived bug, a buffer overflow in networking code, went unnoticed for 20.7 years! [But 86.5% of bugs are found within five years.]

The research was carried out by relying on the Fixes: tag that is used in kernel development. Basically, when a commit fixes a bug, it includes a tag pointing to the commit that introduced the bug. Jenny wrote a tool that extracted these tags from the kernel's git history going back to 2005. The tool finds all fixing commits, extracts the referenced commit hash, pulls dates from both commits, and calculates the time frame. As for the dataset, it includes over 125k records from Linux 6.19-rc3, covering bugs from April 2005 to January 2026. Out of these, 119,449 were unique fixing commits from 9,159 different authors, and only 158 bugs had CVE IDs assigned.
It took six hours to assemble the dataset, according to the blog post, which concludes that the percentage of bugs found within one year has improved dramatically, from 0% in 2010 to 69% by 2022. The blog post says this can likely be attributed to:

• The Syzkaller fuzzer (released in 2015)

• Dynamic memory error detectors like KASAN, KMSAN, KCSAN sanitizers

• Better static analysis

• More contributors reviewing code

But "We're simultaneously catching new bugs faster AND slowly working through ~5,400 ancient bugs that have been hiding for over 5 years."

They've also developed an AI model called VulnBERT that predicts whether a commit introduces a vulnerability, claiming that of all actual bug-introducing commits, it catches 92.2%. "The goal isn't to replace human reviewers but to point them at the 10% of commits most likely to be problematic, so they can focus attention where it matters..."

"We will make the new ð algorithm...open source in 7 days," Elon Musk posted Saturday on X.com. Musk says this is "including all code used to determine what organic and advertising posts are recommended to users," and "This will be repeated every 4 weeks, with comprehensive developer notes, to help you understand what changed."

Some context from Engadget: Musk has been making promises of open-sourcing the algorithm since his takeover of Twitter, and in 2023 published the code for the site's "For You" feed on GitHub. But the code wasn't all that revealing, leaving out key details, according to analyses at the time. And it hasn't been kept up to date.
Bloomberg also reported on Saturday's announcement: The billionaire didn't say why X was making its algorithm open source. He and the company have clashed several times with regulators over content being shown to users.

Some X users had previously complained that they were receiving fewer posts on the social media platform from people they follow. In October, Musk confirmed in a post on X that the company had found a "significant bug" in the platform's "For You" algorithm and pledged a fix. The company has also been working to incorporate more artificial intelligence into its recommendation algorithm for X, using Grok, Musk's artificial intelligence chatbot...

In September, Musk wrote that the goal was for X's recommendation engine to "be purely AI" and that the company would share its open source algorithm about every two weeks. "To the degree that people are seeing improvements in their feed, it is not due to the actions of specific individuals changing heuristics, but rather increasing use of Grok and other AI tools," Musk wrote in October. The company was working to have all of the more than 100 million daily posts published to X evaluated by Grok, which would then offer individual users the posts most likely to interest them, Musk wrote. "This will profoundly improve the quality of your feed." He added that the company was planning to roll out the new features by November.

Is there a trend? This week four different articles appeared on various tech-news sites with an author bragging about switching to Linux.

"Greetings from the year of Linux on my desktop," quipped the Verge's senior reviews editor, who finally "got fed up and said screw it, I'm installing Linux."

They switched to CachyOS — just like this writer for the videogame magazine Escapist: I've had a fantastic time gaming on Linux. Valve's Windows-to-Linux translation layer, Proton, and even CachyOS' bundled fork have been working just fine. Of course, it's not perfect, and there's been a couple of instances where I've had to problem-solve something, but most of the time, any issues gaming on Linux have been fixed by swapping to another version of Proton. If you're deep in online games like Fortnite, Call of Duty, Destiny 2, GTAV or Battlefield 6, it might not be the best option to switch. These games feature anti-cheats that look for versions of Windows or even the heart of the OS, the kernel, to verify the system isn't going to mess up someone's game....

CachyOS is thankfully pre-packed with Nvidia drivers, meaning I didn't have to dance around trying to find them.... Certain titles will perform worse than their counterparts, simply due to how the bods at Nvidia are handling the drivers for Linux. This said, I'm still not complaining when I'm pushing nearly 144fps or more in newer games. The performance hit is there, but it's nowhere near enough to stave off even an attempt to mess about with Linux.

Do you know how bizarre it is to say it's "nice to have a taskbar again"? I use macOS daily for a lot of my work, which uses a design baked back in the 1990s through NeXT. Seeing just a normal taskbar that doesn't try to advertise to me or crash because an update killed it for some reason is fantastic. That's how bad it is out there right now for Windows.
"I run Artix, by the way," joked a senior tech writer at Notebookcheck (adding "There. That's out of the way...") I dual-booted a Linux partition for a few weeks. After a Windows update (that I didn't choose to do) wiped that partition and, consequently, the Linux installation, I decided to go whole-hog: I deleted Windows 11 and used the entire drive for Linux...

Artix differs from Arch in that it does not use SystemD as its init system. I won't go down the rabbit hole of init systems here, but suffice it to say that Artix boots lightning quick (less than 10 seconds from a cold power on) and is pretty light on system resources. However, it didn't come "fully assembled..." The biggest problem I ran into after installing Artix on the [MacBook] Air was the lack of wireless drivers, which meant that WiFi did not work out of the box. The resolution was simple: I needed to download the appropriate WiFi drivers (Broadcom drivers, to be exact) from Artix's main repository. This is a straightforward process handled by a single command in the Terminal, but it requires an internet connection... which my laptop did not have. Ultimately, I connected a USB-to-Ethernet adapter, plugged the laptop directly into my router, and installed the WiFi drivers that way. The whole process took about 10 minutes, but it was annoying nonetheless.

For the record, my desktop (an AMD Ryzen 7 6800H-based system) worked flawlessly out-of-the-box, even with my second monitor's uncommon resolution (1680x1050, vertical orientation). I did run into issues with installing some packages on both machines. Trying to install the KDE desktop environment (essentially a different GUI for the main OS) resulted in strange artifacts that put white text on white backgrounds in the menus, and every resolution I tried failed to correct this bug. After reverting to XFCE4 (the default desktop environment for my Artix install), the WiFi signal indicator in the taskbar disappeared. This led to me having to uninstall a network manager installed by KDE and re-linking the default network manager to the runit services startup folder. If that sentence sounds confusing, the process was much more so. It has been resolved, and I have a WiFi indicator that lets me select wireless networks again, but only after about 45 minutes of reading manuals and forum posts.

Other issues are inherent to Linux. Not all games on Steam that are deemed Linux compatible actually are. Civilization III Complete is a good example: launching the game results in the map turning completely black. (Running the game through an application called Lutris resolved this issue.) Not all the software I used on Windows is available in Linux, such as Greenshot for screenshots or uMark for watermarking photos in bulk. There are alternatives to these, but they don't have the same features or require me to relearn workflows... Linux is not a "one and done" silver bullet to solve all your computer issues. It is like any other operating system in that it will require users to learn its methods and quirks. Admittedly, it does require a little bit more technical knowledge to dive into the nitty-gritty of the OS and fully unlock its potential, but many distributions (such as Mint) are ready to go out of the box and may never require someone to open a command line...

[T]he issues I ran into on Linux were, for the most part, my fault. On Windows or macOS, most problems I run into are caused by a restriction or bug in the OS. Linux gives me the freedom to break my machine and fix it again, teaching me along the way. With Microsoft's refusal (either from pride or ignorance) to improve (or at least not crapify) Windows 11 despite loud user outrage, switching to Linux is becoming a popular option. It's one you should consider doing, and if you've been thinking about it for any length of time, it's time to dive in.
And tinkerer Kevin Wammer switched from MacOS to Linux, saying "Linux has come a long way" after more than 30 years — but "Windows still sucks..."

Long-time Slashdot reader theodp writes: Last September, tech-backed nonprofit Code.org pledged to engage 25 million K-12 schoolchildren in an "Hour of AI" this school year. Preliminary numbers released this week by the Code.org Advocacy Coalition showed that [halfway through the five-day event Computer Science Education Week] 13.1 million users had participated in the inaugural Hour of AI, attaining 52.4% of its goal of 25 million participants.

In a pivot from coding to AI literacy, the Hour of AI replaced Code.org's hugely-popular Hour of Code this December as the flagship event of Computer Science Education Week (December 8-14). According to Code.org's 2024-25 Impact Report, "in 2024–25 alone, students logged over 100 million Hours of Code, including more than 43 million in the four months leading up to and including CS Education Week."
Minecraft participated with their own Hour of AI lessons. ("Program an AI Agent to craft tools and build shelter before dusk falls in this iconic challenge!") And Google contributed AI Quests, "a gamified, in-class learning experience" allowing students to "step into the shoes of Google researchers using AI to solve real-world challenges." Other participating organizations included the Scratch Foundation, Lego Education, Adobe, and Roblox.

And Microsoft contributed two — including one with their block-based programming environment Microsoft MakeCode Arcade, with students urged to "code and train your own super-smart bug using AI algorithms and challenge other AI bugs in an epic Tower battle for ultimate Bug Arena glory!"

See all the educational festivities here...

Archive.org now has a page with "the raw analog waveform and the reconstructed digital tape image (analog.tap), read at the Computer History Museum's Shustek Research Archives on 19 December 2025 by Al Kossow using a modified tape reader and analyzed with Len Shustek's readtape tool." A Berlin-based retrocomputing enthusiast has created a page with the contents of the tape ready for bootstrapping, "including a tar file of the filesystem," and instructions on dumping an RK05 disk image from tape to disk (and what to do next).

Research professor Rob Ricci at the University of Utah's school of computing posted pictures and video of the tape-reading process, along with several updates. ("So far some of our folks think they have found Hunt The Wumpus and the C code for a Snobol interpreter.") University researcher Mike Hibler noted the code predates the famous comment "You are not expected to understand this" — and found part of the C compiler with a copyright of 1972.

The version of Unix recovered seems to have some (but not all) of the commands that later appeared in Unix v5, according to discussion on social media. "UNIX wasn't versioned as we know it today," explains University of Utah PhD student Thalia Archibald, who researched early Unix history (including the tape) and also worked on its upload. "In the early days, when you wanted to cut a tape, you'd ask Ken if it was a good day — whether the system was relatively bug-free — and copy off the research machine... I've been saying It's probably V5 minus a tiny bit, which turned out to be quite true."

An anonymous reader quotes a report from Ars Technica: At this point, most competitive online multiplayer games on the PC come with some kind of kernel-level anti-cheat software. As we've written before, this is software that runs with more elevated privileges than most other apps and games you run on your PC, allowing it to load in earlier and detect advanced methods of cheating. More recently, anti-cheat software has started to require more Windows security features like Secure Boot, a TPM 2.0 module, and virtualization-based memory integrity protection. Riot Games, best known for titles like Valorant and League of Legends and the Vanguard anti-cheat software, has often been one of the earliest to implement new anti-cheat requirements. There's already a long list of checks that systems need to clear before they'll be allowed to play Riot's games online, and now the studio is announcing a new one: a BIOS update requirement that will be imposed on "certain players" following Riot's discovery of a UEFI bug that could allow especially dedicated and motivated cheaters to circumvent certain memory protections.

In short, the bug affects the input-output memory management unit (IOMMU) "on some UEFI-based motherboards from multiple vendors." One feature of the IOMMU is to protect system memory from direct access during boot by external hardware devices, which otherwise might manipulate the contents of your PC's memory in ways that could enable cheating. The patch for these security vulnerabilities (CVE-2025-11901, CVE-202514302, CVE-2025-14303, and CVE-2025-14304) fixes a problem where this pre-boot direct memory access (DMA) protection could be disabled even if it was marked as enabled in the BIOS, creating a small window during the boot process where DMA devices could gain access to RAM.

The relative obscurity and complexity of this hardware exploit means that Vanguard isn't going to be enforcing these BIOS requirements on every single player of its games. For now, it will just apply to "restricted" players of Valorant whose systems, for one reason or another, are "too similar to cheaters who get around security features in order to become undetectable to Vanguard." But Riot says it's considering rolling the BIOS requirement out to all players in Valorant's highest competitive ranking tiers (Ascendant, Immortal, and Radiant), where there's more to be gained from working around the anti-cheat software. And Riot anti-cheat analyst Mohamed Al-Sharifi says the same restrictions could be turned on for League of Legends, though they aren't currently. If users are blocked from playing by Vanguard, they'll need to download and install the latest BIOS update for their motherboard before they'll be allowed to launch the game. Riot's new anti-cheat change could create problems for older PCs if the new anti-cheat change is expanded, notes Ars.

The update relies on a BIOS patch to fix a UEFI flaw, and many older motherboards, especially Intel 300-series and AMD AM4 boards, may never receive that update. If Riot flags a system and the manufacturer doesn't provide a patched BIOS, players could be locked out of games despite having otherwise capable hardware.

Intel has quietly stopped maintaining its open-source user-space driver stack for Gaudi accelerators. Phoronix reports: It turns out earlier this year Intel archived the SynapseAI Core open-source code and is no longer maintained by Intel. The open-source Synapse AI Core GitHub repository was archived in February and README updated with: "This project will no longer be maintained by Intel. Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project. Intel no longer accepts patches to this project. If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project."

A critical React vulnerability (CVE-2025-55182) is being actively exploited at scale by Chinese, Iranian, North Korean, and criminal groups to gain remote code execution, deploy backdoors, and mine crypto. The Register reports: React maintainers disclosed the critical bug on December 3, and exploitation began almost immediately. According to Amazon's threat intel team, Chinese government crews, including Earth Lamia and Jackpot Panda, started battering the security hole within hours of its disclosure. Palo Alto Networks' Unit 42 responders have put the victim count at more than 50 organizations across multiple sectors, with attackers from North Korea also abusing the flaw.

Google, in a late Friday report, said at least five other suspected PRC spy groups also exploited React2Shell, along with criminals who deployed XMRig for illicit cryptocurrency mining, and "Iran-nexus actors," although the report doesn't provide any additional details about who the Iran-linked groups are and what they are doing after exploitation. "GTIG has also observed numerous discussions regarding CVE-2025-55182 in underground forums, including threads in which threat actors have shared links to scanning tools, proof-of-concept (PoC) code, and their experiences using these tools," the researchers wrote.

The Black Hat Europe hacker conference in London included a session titled "Don't Judge an Audiobook by Its Cover" about a two critical (and now fixed) flaws in Amazon's Kindle. The Times reports both flaws were discovered by engineering analyst Valentino Ricotta (from the cybersecurity research division of Thales), who was awarded a "bug bounty" of $20,000 (£15,000 ). He said: "What especially struck me with this device, that's been sitting on my bedside table for years, is that it's connected to the internet. It's constantly running because the battery lasts a long time and it has access to my Amazon account. It can even pay for books from the store with my credit card in a single click. Once an attacker gets a foothold inside a Kindle, it could access personal data, your credit card information, pivot to your local network or even to other devices that are registered with your Amazon account."

Ricotta discovered flaws in the Kindle software that scans and extracts information from audiobooks... He also identified a vulnerability in the onscreen keyboard. Through both of these, he tricked the Kindle into loading malicious code, which enabled him to take the user's Amazon session cookies — tokens that give access to the account. Ricotta said that people could be exposed to this type of hack if they "side-load" books on to the Kindle through non-Amazon stores.
Ricotta donated his bug bounties to charity...

Stanford researchers spent much of the past year building an AI bot called Artemis that scans networks for software vulnerabilities, and when they pitted it against ten professional penetration testers on the university's own engineering network, the bot outperformed nine of them. The experiment offers a window into how rapidly AI hacking tools have improved after years of underwhelming performance.

"We thought it would probably be below average," said Justin Lin, a Stanford cybersecurity researcher. Artemis found bugs at a fraction of human cost -- just under $60 per hour compared to the $2,000 to $2,500 per day that professional pen testers typically charge. But its performance wasn't flawless. About 18% of its bug reports were false positives, and it completely missed an obvious vulnerability on a webpage that most human testers caught. In one case, Artemis found a bug on an outdated page that didn't render in standard browsers; it used a command-line tool called Curl instead of Chrome or Firefox.

Dan Boneh, a Stanford computer science professor who advised the researchers, noted that vast amounts of software shipped without being vetted by LLMs could now be at risk. "We're in this moment of time where many actors can increase their productivity to find bugs at an extreme scale," said Jacob Klein, head of threat intelligence at Anthropic.

Longtime Slashdot reader MadCow42 writes: Canonical just announced that they're packaging AMD's ROCm libraries (for AIML and HPC with both data-center GPUs as well as desktop/laptop GPUs), directly into the Ubuntu Universe archive. You can run ROCm on Ubuntu today but you have to install it via a script from AMD and manually remove and reinstall for any upgrades or bug fixes. Having it in Ubuntu as a normal Debian package will make it much easier to install and also to maintain in the long run via normal apt tooling ('apt upgrade'). This also means that ROCm can be an automatically-installed dependency for other packages, which doesn't happen today.

And, interestingly, Canonical has committed to providing long-term-support for ROCm in Ubuntu -- which is particularly exciting for edge and IoT devices that may have a long life in the field and need regular security patches and updates.

Anthropic is bringing Claude Code directly into Slack, letting developers spin up coding sessions from chat threads and automate workflows without leaving the app. TechCrunch reports: Previously, developers could only get lightweight coding help via Claude in Slack -- like writing snippets, debugging, and explanations. Now they can tag @Claude to spin up a complete coding session using Slack context like bug reports or feature requests. Claude analyzes recent messages to determine the right repository, posts progress updates in threads, and shares links to review work and open pull requests.

The move reflects a broader industry shift: AI coding assistants are migrating from IDEs (integrated development environment, where software development happens) into collaboration tools where teams already work. [...] While Anthropic has not yet confirmed when it would make a broader rollout available, the timing is strategic. The AI coding market is getting more competitive, and differentiation is starting to depend more on integration depth and distribution than model capability alone.

FreeBSD 15.0-RELEASE arrived this week, notes this report from The Register, which calls it the latest release "of the Unix world's leading alternative to Linux." As well as numerous bug fixes and upgrades to many of its components, the major changes in this version are reductions in the number of platforms the OS supports, and in how it's built and how its component software is packaged.

FreeBSD 15 has significantly reduced support for 32-bit platforms. Compared to FreeBSD 14 in 2023, there are no longer builds for x86-32, POWER, or ARM-v6. As the release notes put it:

"The venerable 32-bit hardware platforms i386, armv6, and 32-bit powerpc have been retired. 32-bit application support lives on via the 32-bit compatibility mode in their respective 64-bit platforms. The armv7 platform remains as the last supported 32-bit platform. We thank them for their service."

Now FreeBSD supports five CPU architectures — two Tier-1 platforms, x86-64 and AArch64, and three Tier-2 platforms, armv7 and up, powerpc64le, and riscv64.

Arguably, it's time. AMD's first 64-bit chips started shipping 22 years ago. Intel launched the original x86 chip, the 8086 in 1978. These days, 64-bit is nearly as old as the entire Intel 80x86 platform was when the 64-bit versions first appeared. In comparison, a few months ago, Debian 13 also dropped its x86-32 edition — six years after Canonical launched its first x86-64-only distro, Ubuntu 19.10.

Another significant change is that this is the first version built under the new pkgbase system, although it's still experimental and optional for now. If you opt for a pkgbase installation, then the core OS itself is installed from multiple separate software packages, meaning that the whole system can be updated using the package manager. Over in the Linux world, this is the norm, but Linux is a very different beast... The plan is that by FreeBSD 16, scheduled for December 2027, the restructure will be complete, the old distribution sets will be removed, and the current freebsd-update command and its associated infrastructure can be turned off.

Another significant change is reproducible builds, a milestone the project reached in late October. This change is part of a multi-project initiative toward ensuring deterministic compilation: to be able to demonstrate that a certain set of source files and compilation directives is guaranteed to produce identical binaries, as a countermeasure against compromised code. A handy side-effect is that building the whole OS, including installation media images, no longer needs root access.

There are of course other new features. Lots of drivers and subsystems have been updated, and this release has better power management, including suspend and resume. There's improved wireless networking, with support for more Wi-Fi chipsets and faster wireless standards, plus updated graphics drivers... The release announcement calls out the inclusion of OpenZFS 2.4.0-rc4, OpenSSL 3.5.4, and OpenSSH 10.0 p2, and notes the inclusion of some new quantum-resistant encryption systems...

In general, we found FreeBSD 15 easier and less complicated to work with than either of the previous major releases. It should be easier on servers too. The new OCI container support in FreeBSD 14.2, which we wrote about a year ago, is more mature now. FreeBSD has its own version of Podman, and you can run Linux containers on FreeBSD. This means you can use Docker commands and tools, which are familiar to many more developers than FreeBSD's native Jail system.

"FreeBSD has its own place in servers and the public cloud, but it's getting easier to run it as a desktop OS as well," the article concludes. "It can run all the main Linux desktops, including GNOME on Wayland."

"There's no systemd here, and never will be — and no Flatpak or Snap either, for that matter.

During last month's KubeCon North America in Atlanta, Kubernetes maintainers announced the upcoming retirement of Ingress NGINX. "Best-effort maintenance will continue until March 2026," noted the Kubernetes SIG Network and the Security Response Committee. "Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered." In a recent op-ed for The Register, Steven J. Vaughan-Nichols reflects on the decision and speculates about what might have prevented this outcome: Ingress NGINX, for those who don't know it, is an ingress controller in Kubernetes clusters that manages and routes external HTTP and HTTPS traffic to the cluster's internal services based on configurable Ingress rules. It acts as a reverse proxy, ensuring that requests from clients outside the cluster are forwarded to the correct backend services within the cluster according to path, domain, and TLS configuration. As such, it's vital for network traffic management and load balancing. You know, the important stuff.

Now this longstanding project, once celebrated for its flexibility and breadth of features, will soon be "abandonware." So what? After all, it won't be the first time a once-popular program shuffled off the stage. Off the top of my head, dBase, Lotus 1-2-3, and VisiCalc spring to my mind. What's different is that there are still thousands of Ingress NGINX controllers in use. Why is it being put down, then, if it's so popular? Well, there is a good reason. As Tabitha Sable, a staff engineer at Datadog who is also co-chair of the Kubernetes special interest group for security, pointed out: "Ingress NGINX has always struggled with insufficient or barely sufficient maintainership. For years, the project has had only one or two people doing development work, on their own time, after work hours, and on weekends. Last year, the Ingress NGINX maintainers announced their plans to wind down Ingress NGINX and develop a replacement controller together with the Gateway API community. Unfortunately, even that announcement failed to generate additional interest in helping maintain Ingress NGINX or develop InGate to replace it." [...]

The final nail in the coffin was when security company Wix found a killer Ingress NGINX security hole. How bad was it? Wix declared: "Exploiting this flaw allows an attacker to execute arbitrary code and access all cluster secrets across namespaces, which could lead to complete cluster takeover." [...] You see, the real problem isn't that Ingress NGINX has a major security problem. Heck, hardly a month goes by without another stop-the-presses Windows bug being uncovered. No, the real issue is that here we have yet another example of a mission-critical open source program no one pays to support...

Microsoft has acknowledged that a recent Windows preview update, KB5064081, contains a bug that renders the password icon invisible on the lock screen, leaving users to click on what appears to be empty space to enter their credentials.

The issue affects Windows Insider channel users who installed the non-security preview update. The company's suggested workaround is straightforward if somewhat absurd: click where the button should be, and the password field will appear. Microsoft said it is working to resolve the issue.

Airbus said Monday that the vast majority of around 6,000 A320-family jets affected by an emergency software recall have now been modified, leaving fewer than 100 aircraft still requiring work after a frantic weekend of repairs prompted by the discovery of a vulnerability to solar flares. The unprecedented recall -- described as the broadest emergency action in the company's history -- came after a mid-air incident on a JetBlue A320 revealed a possible link between a drop in altitude and a space-related computer bug.

The fix involved reverting to an earlier version of software that controls nose angle, uploaded via cable from a portable device called a data loader. Some older A320 jets will need entirely new computers rather than a simple software reset, raising questions about how long those aircraft will remain grounded amid global chip shortages.

Reuters separately reported on Monday that Airbus had discovered an industrial quality issue affecting metal panels of a "limited" number of A320-family aircraft. The company told the publication that it had "identified" and "contained" the source of the issue and that "all newly produced panels conform to all requirements."

Phoronix's Michael Larabel reports: A 21 year old bug report requesting support of the XDG Base Directory specification is finally being addressed by Firefox. The Firefox 147 release should respect this XDG specification around where files should be positioned within Linux users' home directory.

The XDG Base Directory specification lays out where application data files, configuration files, cached assets, and other files and file formats should be positioned within a user's home directory and the XDG environment variables for accessing those locations. To date Firefox has just positioned all files under ~/.mozilla rather than the likes of ~/.config and ~/.local/share.