"The U.S. and Canadian websites for Lenovo offered U.S. $140 and CAD $211 off on the same ThinkPad X1 Carbon model when choosing any one of the Linux-based alternatives," reports It's FOSS News: This was brought to my attention thanks to a Reddit post... Others then chimed in, saying that Lenovo has been doing this since at least 2020 and that the big price difference shows how ridiculous Windows' pricing is...

Not all models from their laptop lineup, like ThinkPad, Yoga, Legion, LOQ, etc., feature an option to get Linux pre-installed during the checkout process. Luckily, there is an easy way to filter through the numerous laptops. Just go to the laptops section (U.S.) on the Lenovo website and turn on the "Operating System" filter under the Filter by specs sidebar menu.
The article end with an embedded YouTube video showing a VCR playing a videotape of a 1999 local TV news report... about the legendary "Windows Refund Day" protests.

Slashdot ran numerous stories about the event — including one by Jon Katz...

Some patches for Linux 6.15-rc4 (updating the kernel driver for the Bcachefs file system) triggered some "straight-to-the-point wisdom" from Linus Torvalds about case-insensitive filesystems, reports Phoronix.

Bcachefs developer Kent Overstreet started the conversation, explaining how some buggy patches for their case-insensitive file and folder support were upstreamed into the Bcachefs kernel driver nearly two years ago: When I was discussing with the developer who did the implementation, I noted that fstests should already have tests. However, it seems I neglected to tell him to make sure the tests actually run... It is _not_ enough to simply rely on the automated tests. You have to have eyes on what your code is doing.
Overstreet added "There's a story behind the case insensitive directory fixes, and lessons to be learned." To which Torvalds replied.... "No."

"The only lesson to be learned is that filesystem people never learn."

Torvalds: Case-insensitive names are horribly wrong, and you shouldn't have done them at all. The problem wasn't the lack of testing, the problem was implementing it in the first place. The problem is then compounded by "trying to do it right", and in the process doing it horrible wrong indeed, because "right" doesn't exist, but trying to will make random bytes have very magical meaning.

And btw, the tests are all completely broken anyway. Last I saw, they didn't actually test for all the really interesting cases — the ones that cause security issues in user land. Security issues like "user space checked that the filename didn't match some security-sensitive pattern". And then the shit-for-brains filesystem ends up matching that pattern *anyway*, because the people who do case insensitivity *INVARIABLY* do things like ignore non-printing characters, so now "case insensitive" also means "insensitive to other things too"....

Dammit. Case sensitivity is a BUG. The fact that filesystem people *still* think it's a feature, I cannot understand. It's like they revere the old FAT filesystem _so_ much that they have to recreate it — badly.
And this led to a very lively back-and-forth discussion.

Slashdot's summary of the highlights:

BrianFagioli writes: ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called "Curing" that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.

At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms.

Wine 10.6 has been released, featuring a new lexer within its Command Processor (CMD), support for the PBKDF2 algorithm to its Bcrypt implementation, and improved metadata handling in WindowsCodecs. According to Phoronix, the update also includes 27 known bug fixes that address issues with Unity games, Alan Wake, GDI+, and various other games and applications.

You can see all the changes and download the relesae via WineHQ.org GitLab.

"The time has come for me to step away," ArcoLinux lead Erik Dubois posted last week. ("After eight years of dedication to the ArcoLinux project and the broader Linux community...")

'Learn, have fun, and enjoy' was our motto for the past eight years — and I really had fun doing all this," Dubois says in a video version of his farewell post. "And if we reflect back on this teaching and the building and promoting of Linux, it was fun. But the time has come for me to step away..."

Over its eight years ArcoLinux "accomplished several important milestones," reports Linux magazine, "such as creating over 5,000 educational videos; the creation of ArcoInstall; the Carli education project; the Arch Linux Calamares Installer (ALCI); the ArcoPlasma, ArcoNet, ArcroPro, and Ariser variants; and much more." According to Dubois, they weren't just creating a distribution but a mindset.

Dubois says that the code will remain online so others can learn from, fork, or remix the distro. He also indicated that ArcoLinux will supply users with a transition package to help them convert their existing ArcoLinux systems to Arch Linux. That package will remove ArcoLinux branding, replace pacman.conf with an Arch and Chaotic-AUR focused config file, and change the arcolinux-mirrorlist to a single source.
It's FOSS News describes ArcoLinux as one of those "user-friendly Arch-based distros that give you a bleeding-edge experience." The reasoning behind this move, as shared by Erik, is his advancing age and him realizing that he doesn't have the same level of mental focus or stamina he used to have before. He has found himself making small mistakes, the kind that can negatively affect a major undertaking like this... Come July 1, 2025, the transition period will end, marking a stop to all development, including the deactivation of the ArcoLinux social media handles. The Telegram and Discord communities will stay a bit longer but will close up eventually.
"I want to leave ArcoLinux while it's still strong, and while I can look back with pride at everything we've accomplished together," Dubois says in their post...

Linux Mint Debian Edition 7 "will come with full support for OEM installations," according to their monthly newsletter, so Linux Mint "can be pre-installed on computers which are sold throughout the World. It's a very important feature and it's one of the very few remaining things which wasn't supported by Linux Mint Debian Edition."

Slashdot reader BrianFagioli speculates that "this could be a sign of something much bigger." OEM installs are typically reserved for operating systems meant to ship on hardware. It's how companies preload Linux on laptops without setting a username, password, or timezone... Mint has supported this for years — but only in its Ubuntu-based version. So why is this feature suddenly coming to Linux Mint Debian Edition, which the team has repeatedly described as a contingency? In other words, if the Debian variant is merely a plan B, why make it ready for OEMs?
Their blog post goes on to speculate about possible explanations (like the hypothetical possibility of dissatisfaction with Snap packages or Canonical's decisions around telemetry and packaging).

Slashdot reached out to Linux Mint project leader Clement Lefebvre, who responded cheerfully that "I know people love to speculate on this. There's no hidden agenda on our side though.

"Improving LMDE is a continuous effort. It's something we do regularly." "Any LMDE improvement facilitates a future potential transition to Debian, of course. But there are other reasons to implement OEM support.

"We depend on Ubiquity in Linux Mint. We have a much simpler installer, with no dependencies, no technical debt and with a design we're in control of in LMDE. Porting LMDE's live-installer to Linux Mint is something we're looking into. Implementing OEM support in live-installer kills two birds with one stone. It improves LMDE and opens the door to switching away from Ubiquity in Linux Mint."

Celebrating Git's 20th anniversary, GitHub hosted a Q&A with Linus Torvalds, writes Its FOSS News.

Among the other revelations: He says his college-age daughter sent a texting saying he's better known at her CS lab for Git than for Linux, "because they actually use Git for everything there." Which he describes as "ridiculous" because he maintained it for just four months before handing it off to Junio Hamano who's been heading up development for more than 19 years now. "When it did what I needed," Torvalds says, "I lost interest." Linus then goes on to share how Git was never a big thing for him, but a means to an end that prevented the Linux kernel from descending into chaos over the absence of a version control system. You see, before Git, Linux used BitKeeper for version control, but its proprietary licensing didn't sit too well with other Linux contributors, and Linus Torvalds had to look for alternatives. As it turned out, existing tools like CVS and Subversion were too slow for the job at hand, prompting him to build a new tool from scratch, with the coding part just taking 10 days for an early self-hostable version of Git.

In its initial days, there were some teething issues, where users would complain about Git to Linus, even finding it too difficult to use, but things got calmer as the tool developed further.
Torvalds thinks some early adopters had trouble because they were coming from a background that was more like CVS. "The Git mindset, I came at it from a file system person's standpoint, where I had this disdain and almost hatred of most source control management projects, so I was not at all interested in maintaining the status quo."

Fedora has proposed a major change for its upcoming version 43 release that aims to achieve 99% package reproducibility, addressing growing concerns about supply-chain security. According to the change proposal announced March 31, Fedora has already reached 90% reproducibility through infrastructure changes including "clamping" file modification times and implementing a Rust-based "add-determinism" tool that standardizes metadata. The remaining 10% will require individual package maintainer involvement, treating reproducibility failures as bugs.

The effort will use a public instance of rebuilderd to independently verify that binary packages can be reproduced from source code. Unlike Debian's bit-by-bit reproducibility definition, Fedora allows differences in package signatures and some metadata while requiring identical payloads. The initiative follows similar efforts by Debian and openSUSE, and comes amid heightened focus on supply-chain security after the recent XZ backdoor incident.

It was long-time Slashdot reader uninet who argued "Apple Needs a Snow Sequoia." (That is, Apple needs an upgrade to MacOS Sequoia that's like it's earlier "Snow Leopard" upgrade to "Leopard" OS — an upgrade that's "all about how little it added and how much it took away".)

"My recent column on Apple's declining software quality hit a nerve..." he writes in a follow-up. "So why do any of us put up with software that grows increasingly buggy?"

"One word: hardware. And that's where I'd love to see someone help Linux take the next step." Apple knows how to turn out very good quality pieces of hardware and, for many purposes, stands alone. That's been largely true for the last couple of decades. The half-decade of Apple Silicon has cemented this position. At any price point Apple contends, Macs, iPads and iPhones are either without peers or at the top of the market in build quality and processing power... [I]f only there were hardware that was as good and worked together as well as Apple's, jumping ship to Linux would be awfully attractive at this juncture...

For Apple aficionados troubled by the state of MacOS, the modern GNOME desktop on Linux beckons as a more faithful implementation of the ideals of MacOS than current MacOS does. GNOME is painstakingly consistent across its different apps and exudes the minimalist philosophy with which Apple's hardware shines... Now is a perfect moment for a modern Linux push to take that wind back. What it needs, though, is to solve its remaining weakness on the hardware side. One of the giants of electronics manufacturing, tired of being stuck between the Microsoft and Apple ecosystems, would only need to decide to commit the resources necessary to solve the hardware puzzle...

ChromeOS has grown to the extent it does because there is hardware designed for it. Take that and carry it further by making it good hardware utilizing the best Linux software and you'd have something disruptive... Initially, the hardware could be "good enough" for the software, much as Apple's software today is merely "good enough" for the hardware. Iterating from there could lead to a genuine third way of computing.
They titled their piece, "I Want a Better Mac, so I'm Cheering for a Better Linux." (Wondering if Dell or Sony could be the one to supply that good hardware...) "I say this not as someone who thinks Linux will ever dominate the personal computing world, but as someone who wants to see a spark of creativity and push beyond mediocrity in it again.

"Apple needs a real competitor, one alternatives such as GNOME on Linux could actually be, if only the hardware rose to the occasion."

Over on Reddit's "selfhosted" subreddit for alternatives to popular services, long-time Slashdot reader Zoup described a pain point:

- Landlock is a Linux Security Module (LSM) that lets unprivileged processes restrict themselves.

- It's been in the kernel since 5.13, but the API is awkward to use directly.

- It always annoyed the hell out of me to run random binaries from the internet without any real control over what they can access.

So they've rolled their own solution, according to Thursday's submission to Slashdot: I just released Landrun, a Go-based CLI tool that wraps Linux Landlock (5.13+) to sandbox any process without root, containers, or seccomp. Think firejail, but minimal and kernel-native. Supports fine-grained file access (ro/rw/exec) and TCP port restrictions (6.7+). No daemons, no YAML, just flags.

Example (where --rox allows read-only access with execution to specified path):

# landrun --rox /usr touch /tmp/file
touch: cannot touch '/tmp/file': Permission denied
# landrun --rox /usr --rw /tmp touch /tmp/file
#

It's MIT-licensed, easy to audit, and now supports systemd services.

Software engineer and longtime Slashdot reader, Dmitry Grinberg (dmitrygr), shares a recent project they've been working on: "an interactive-speed Linux on a tiny board you can easily build with only 3 8-pin chips": There was a time when one could order a kit and assemble a computer at home. It would do just about what a contemporary store-bought computer could do. That time is long gone. Modern computers are made of hundreds of huge complex chips with no public datasheets and many hundreds of watts of power supplied to them over complex power delivery topologies. It does not help that modern operating systems require gigabytes of RAM, terabytes of storage, and always-on internet connectivity to properly spy on you. But what if one tried to fit a modern computer into a kit that could be easily assembled at home? What if the kit only had three chips, each with only 8 pins? Can it be done? Yes. The system runs a custom MIPS emulator written in ARMv6 assembly and includes a custom bootloader that supports firmware updates via FAT16-formatted SD cards. Clever pin-sharing hacks allow all components (RAM, SD, serial I/O) to work despite the 6 usable I/O pins. Overclocked to up to 150MHz, the board boots into a full Linux shell in about a minute and performs at ~1.65MHz MIPS-equivalent speed.

It's not fast, writes Dmitry, but it's fully functional -- you can edit files, compile code, and even install Debian packages. A kit may be made available if a partner is found.

"The big set of open-source graphics driver updates for Linux 6.15 have been merged," writes Phoronix, "but Linux creator Linus Torvalds isn't particularly happy with the pull request." The new "hdrtest" code is for the Intel Xe kernel driver and is around trying to help ensure the Direct Rendering Manager header files are self-contained and pass kernel-doc tests — basic maintenance checks on the included DRM header files to ensure they are all in good shape.
But Torvalds accused the code of not only slowing down the full-kernel builds, but also leaving behind "random" files for dependencies "that then make the source tree nasty," reports Tom's Hardware: While Torvalds was disturbed by the code that was impacting the latest Linux kernel, beginning his post with a "Grr," he remained precise in his objections to it. "I did the pull, resolved the (trivial) conflicts, but I notice that this ended up containing the disgusting 'hdrtest' crap that (a) slows down the build because it's done for a regular allmodconfig build rather than be some simple thing that you guys can run as needed (b) also leaves random 'hdrtest' turds around in the include directories," he wrote.

Torvalds went on to state that he had previously complained about this issue, and inquired why the hdr testing is being done as a regular part of the build. Moreover, he highlighted that the resulting 'turds' were breaking filename completion. Torvalds underlined this point — and his disgust — by stating, "this thing needs to *die*." In a shot of advice to fellow Linux developers, Torvalds said, "If you want to do that hdrtest thing, do it as part of your *own* checks. Don't make everybody else see that disgusting thing...."

He then noted that he had decided to mark hdrtest as broken for now, to prevent its inclusion in regular builds.
As of Saturday, all of the DRM-Next code had made it into Linux 6.15 Git, notes Phoronix. "But Linus Torvalds is expecting all this 'hdrtest' mess to be cleaned up."

An anonymous reader shared this report from BleepingComputer: Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. The issues allow local unprivileged users to create user namespaces with full administrative capabilities and impact Ubuntu versions 23.10, where unprivileged user namespaces restrictions are enabled, and 24.04 which has them active by default...

Ubuntu added AppArmor-based restrictions in version 23.10 and enabled them by default in 24.04 to limit the risk of namespace misuse. Researchers at cloud security and compliance company Qualys found that these restrictions can be bypassed in three different ways... The researchers note that these bypasses are dangerous when combined with kernel-related vulnerabilities, and they are not enough to obtain complete control of the system... Qualys notified the Ubuntu security team of their findings on January 15 and agreed to a coordinated release. However, the busybox bypass was discovered independently by vulnerability researcher Roddux, who published the details on March 21.

Canonical, the organization behind Ubuntu Linux, has acknowledged Qualys' findings and confirmed to BleepingComputer that they are developing improvements to the AppArmor protections. A spokesperson told us that they are not treating these findings as vulnerabilities per se but as limitations of a defense-in-depth mechanism. Hence, protections will be released according to standard release schedules and not as urgent security fixes.
Canonical shared hardening steps that administrators should consider in a bulletin published on their official "Ubuntu Discourse" discussion forum.

An anonymous reader quotes a report from ZDNet, written by Steven Vaughan-Nichols: Despite the minor delay, Linux 6.14 arrives packed with cutting-edge features and improvements to power upcoming Linux distributions, such as the forthcoming Ubuntu 25.04 and Fedora 42. The big news for desktop users is the improved NTSYNC driver, especially those who like to play Windows games or run Windows programs on Linux. This driver is designed to emulate Windows NT synchronization primitives. What that feature means for you and me is that it will significantly improve the performance of Windows programs running on Wine and Steam Play. [...] Gamers always want the best possible graphics performance, so they'll also be happy to see that Linux now supports recently launched AMD RDNA 4 graphics cards. This approach includes support for the AMD Radeon RX 9070 XT and RX 9070 graphics cards. Combine this support with the recently improved open-source RADV driver and AMD gamers should see the best speed yet on their gaming rigs.

Of course, the release is not just for gamers. Linux 6.14 also includes several AMD and Intel processor enhancements. These boosts focus on power management, thermal control, and compute performance optimizations. These updates are expected to improve overall system efficiency and performance. This release also comes with the AMDXDNA driver, which provides official support for AMD's neural processing units based on the XDNA architecture. This integration enables efficient execution of AI workloads, such as convolutional neural networks and large language models, directly on supported AMD hardware. While Rust has faced some difficulties in recent months in Linux, more Rust programming language abstractions have been integrated into the kernel, laying the groundwork for future drivers written in Rust. [...] Besides drivers, Miguel Ojeda, Rust for Linux's lead developer, said recently that the introduction of the macro for smart pointers with Rust 1.84: derive(CoercePointee) is an "important milestone on the way to building a kernel that only uses stable Rust functions." This approach will also make integrating C and Rust code easier. We're getting much closer to Rust being grafted into Linux's tree.

In addition, Linux 6.14 supports Qualcomm's latest Snapdragon 8 Elite mobile processor, enhancing performance and stability for devices powered by this chipset. That support means you can expect to see much faster Android-based smartphones later this year. This release includes a patch for the so-called GhostWrite vulnerability, which can be used to root some RISC-V processors. This fix will block such attacks. Additionally, Linux 6.14 includes improvements for the copy-on-write Btrfs file system/logical volume manager. These primarily read-balancing methods offer flexibility for different RAID hardware configurations and workloads. Additionally, support for uncached buffered I/O optimizes memory usage on systems with fast storage devices. Linux 6.14 is available for download here.

prisoninmate shares a report: Highlights of Linux 6.14 include Btrfs RAID1 read balancing support, a new ntsync subsystem for Win NT synchronization primitives to boost game emulation with Wine, uncached buffered I/O support, and a new accelerator driver for the AMD XDNA Ryzen AI NPUs (Neural Processing Units).

Also new is DRM panic support for the AMDGPU driver, reflink and reverse-mapping support for the XFS real-time device, Intel Clearwater Forest server support, support for SELinux extended permissions, FUSE support for io_uring, a new fsnotify file pre-access event type, and a new cgroup controller for device memory.