The openSUSE team has decided to remove the Deepin Desktop Environment from openSUSE, after the project’s packager for openSUSE was found to have added workaround specifically to bypass various security requirements openSUSE has in place for RPM packages.

Recently we noticed a policy violation in the packaging of the Deepin desktop environment in openSUSE. To get around security review requirements, our Deepin community packager implemented a workaround which bypasses the regular RPM packaging mechanisms to install restricted assets.

As a result of this violation, and in the light of the difficult history we have with Deepin code reviews, we will be removing the Deepin Desktop packages from openSUSE distributions for the time being.

↫ Matthias Gerstner

Matthias Gerstner goes into great detail to lay out every single time the openSUSE team found massive, glaring security issues in Deepin, and the complete lack of adequate responses from the Deepin upstream team over the past 8 or so years. It’s absolutely shocking to see how utterly lax the Deepin developers have been regarding the security of their desktop environment and its dependencies, and the openSUSE team could really only come to one harsh conclusion: Deepin has no security culture whatsoever, and it’s extremely likely that every corner of the Deepin code is riddled with very serious security issues.

As such, despite the relatively large number of Deepin users on openSUSE, the team has decided to remove Deepin from openSUSE entirely, instead pointing users to a third-party repository if they desire to keep using Deepin. I think this is the best possible option in this situation, but it’s not exactly ideal. After reading this entire saga, however, I don’t think anyone who cares about security should be using Deepin.

Of course, I doubt this will be the end of the story. What about all the other Linux distributions out there? The security issues in Deepin itself are most likely also present in Debian, Fedora, and other distributions who have the Deepin Desktop Environment in their repositories, but what about the workaround to bypass packaging security practices? Does that exist elsewhere as well?

I think we’re about to find out.

Daniel Stenberg, creator and maintainer of curl, has had enough of the neverending torrent of “AI”-generated security reports the curl project has to deal with.

That’s it. I’ve had it. I’m putting my foot down on this craziness.

1. Every reporter submitting security reports on Hackerone for curl now needs to answer this question: “Did you use an AI to find the problem or generate this submission?” (and if they do select it, they can expect a stream of proof of actual intelligence follow-up questions)

2. We now ban every reporter INSTANTLY who submits reports we deem AI slop. A threshold has been reached. We are effectively being DDoSed. If we could, we would charge them for this waste of our time.

We still have not seen a single valid security report done with AI help.

↫ Daniel Stenberg

This is the real impact of “AI”: streams of digital trash real humans have to clean up. While proponents of “AI” keep claiming it will increase productivity, actual studies show this not to be the case. Instead, what “AI” is really doing is create more work for others to deal with by barfing useless garbage into other people’s backyards. It’s like the digital version of the western world sending its trash to third-world countries to deal with.

The best possible sign that “AI” is a toxic trash heap you wouldn’t want to have anything to do with are the people fighting for team “AI”.

In Zuckerberg’s vision for a new digital future, artificial-intelligence friends outnumber human companions and chatbot experiences supplant therapists, ad agencies and coders. AI will play a central role in the human experience, the Facebook co-founder and CEO of Meta Platforms has said in a series of recent podcasts, interviews and public appearances.

↫ Meghan Bobrowsky at the WSJ

Mark Zuckerberg, who built his empire by using people’s photos without permission so he could rank who was hotter, who used Facebook logins to break into journalists’ email accounts because they were about to publish a negative story about him, who called Facebook users “dumb fucks” for entrusting their personal information to him, is on the forefront fighting for “AI”. If that isn’t the ultimate proof there’s something deeply wrong and ethically unsound about “AI”, I don’t know what is.

VectorVFS is a lightweight Python package that transforms your Linux filesystem into a vector database by leveraging the native VFS (Virtual File System) extended attributes. Rather than maintaining a separate index or external database, VectorVFS stores vector embeddings directly alongside each file—turning your existing directory structure into an efficient and semantically searchable embedding store.

VectorVFS supports Meta’s Perception Encoders (PE) [arxiv] which includes image/video encoders for vision language understanding, it outperforms InternVL3, Qwen2.5VL and SigLIP2 for zero-shot image tasks. We support both CPU and GPU but if you have a large collection of images it might take a while in the first time to embed all items if you are not using a GPU.

↫ Christian S. Perone

It won’t surprise many of you that this goes a bit above my paygrade, but according to my limited understanding, VectorVFS stores information about files inside the xattr part of inodes. The information being stored is converted into vectors first, and this is the part that breaks my brain a bit, because vectors in this context are far too complex for me to understand.

I vaguely understand the end result here – making files searchable using vector magic without using a dedicated database or separate files by using extended attributes in inodes – but the process is far more complicated to understand. It still seems like a very interesting approach, though, and I’d love for people smarter than me to take VectorVFS apart and explain it in easier terms for those of us who don’t fully grasp it.

Can someone please stop these months from coming and going, because I’m getting dizzy with yet another monthly report of all the progress made by Redox. Aside from the usual swath of improvements to the kernel, relibc, drivers, and so on, this month saw the completion of the userspace process manager.

In monolithic kernels this management is done in the kernel, resulting in necessary ambient authority, and possibly constrained interfaces if a stable ABI is to be guaranteed. With this userspace implementation, it will be easier to manage access rights using capabilities, reduce kernel bugs by keeping it simpler, and make changes where both sides of the interface can be updated simultaneously.

↫ Ribbon and Ron Williams

Students at Georgia Tech have been hard at work this winter on Redox as well, building a system health monitoring and recovery daemon and user interface. The Redox team has also done a lot of work to improve the build infrastructure, fixing a number of related issues along the way. The sudo daemon has now replaced the setuid bit for improved user authentication security, and a ton of existing ports have been fixed and updated where needed.

Redox’ monthly progress is kind of stunning, and it’s clear there’s a lot of interesting in the Rust-based operating system from outside the project itself as well. I wonder at what point Redox becomes usable for at least some daily, end-user tasks. I think it’s not quite there yet, especially when it comes to hardware support, but I feel like it’s getting there faster than anyone anticipated.

Following the recent release of the IBM z17 mainframe, IBM today unveiled the LinuxONE Emperor 5, which packs much of the same hardware as the z17, but focused on Linux use.

Today we’re announcing IBM LinuxONE 5, performant Linux computing platform for data, applications and your trusted AI, powered by the IBM Telum II processor with built-in AI acceleration. This launch comes at a pivotal time, as technology leaders focus on three critical imperatives: enabling security, improving cost-efficiency, and integrating AI into enterprise systems.

↫ Marcel Mitran and Tina Tarquinio

Yes, much like the z17, the LinuxONE 5 is a huge “AI” buzzword bonanza, but that’s to be expected in this day and age. The LinuxONE 5, which, again, few of us will ever get to work with, officially supports Red Hat, OpenSUSE, and Ubuntu, but a variety of other Linux distributions offers support for IBM’s Z hardware, as well.

Bootc and associated tools provide the basis for building a personalised desktop. This article will describe the process to build your own custom installation.

↫ Daniel Mendizabal at Fedora Magazine

The fact that atomic distributions make it relatively easy to create custom “distributions” is s really interesting bonus quality of these types of Linux distributions. The developers behind Blue95, which we talked about a few weeks ago, based their entire distribution on this bootc personalised desktop approach using Fedora, and they argue that the term “distribution” probably isn’t the correct term here:

Blue95 is a collection of scripts and YAML files cobbled together to produce a Containerfile, which is built via GitHub Actions and published to the GitHub Container Registry. Which part of this process elevates the project to the status of a Linux distribution? What set of RUN commands in the Containerfile take the project from being merely a Fedora-based OCI image to a full-blown Linux distribution?

↫ Adam Fidel

While this discussion is mostly academic, I still find it interesting how with the march of technology, and with the aid of new ideas, it’s becoming easier and easier to spin up a customised version of you favourite Linux distribution, making it incredibly easy to have your own personal ISO, with all your settings, themes, and customisations applied. This has always been possible, but it seems to be getting easier.

Atomic, immutable distributions are not for me, personally, but I firmly believe most distributions focusing on average, normal users – Ubuntu, Fedora, SUSE – will eventually move their immutable variants to the prime spot on their web sites. This will make a whole lot of people big mad, but I think it’s inevitable. Of course, traditional Linux distributions won’t be going away, but much like how people keep complaining about systemd despite the tons alternatives, I’m guessing the same will happen with immutable distributions.

OSle is an incredibly small operating system, coming in at only 510 bytes, so it fits entirely into a boot sector. It runs in real-mode, and is written in assembly. Despite the small size, it has a shell, a read and write file system, process management, and more. It even has its own tiny SDK and some pre-built programs.

The code’s available under the MIT license.

A European Union privacy watchdog fined TikTok 530 million euros ($600 million) on Friday after a four-year investigation found that the video sharing app’s data transfers to China put users at risk of spying, in breach of strict EU data privacy rules.

Ireland’s Data Protection Commission also sanctioned TikTok for not being transparent with users about where their personal data was being sent and ordered the company to comply with the rules within six months.

↫ Kelvin Chan for AP News

In case you’re wondering what Ireland’s specific role in this case is, TikTok’s European headquarters are located in Ireland, which means that any EU-wide privacy violations by TikTok are handled by Ireland’s privacy watchdog.

Anyway, sounds like a big fine, right? Let’s do some math.

TikTok’s global revenue last year is estimated at €20 billion. This means that a €530 million fine is 2.65% of TikTok’s global yearly revenue. Now let’s make this more relatable for us normal people. The yearly median income in Sweden is €34365 (pre-taxes), which means that if the median income Swede had to pay a fine with the same impact as the TikTok fine, they’d have to pay €910.

That’s how utterly bullshit this fine is. €910 isn’t nothing if you make €34000 per year, but would you call this a true punishment for TikTok? Any time you read about any of these coporate fines, you should do math like this to get an idea of what the true impact of the fine really amounts to. You’ll be surprised to learn to just how utterly toothless they are.

It has been well over two years since the last release of DragonFlyBSD, version 6.4.0, and today the project pushed out a small update, DragonFlyBSD 6.4.1. It fixes a few small, longstanding issues, but as the version number suggests, don’t expect any groundbreaking changes here. The legacy IDE/NATA driver had a memory leak fixed, the ca_root_nss package has been updated to support newer Let’s Encrypt certificates, the package update command will no longer delete an important configuration file that rendered the command unusable, and more small fixes like that.

Existing users can update the usual way.

Chips and Cheese takes a very detailed look at the latest processor design from Zhaoxin, the Chinese company that inherited VIA’s x86 license and has been making new x86 chips ever since. Their latest design, 世纪大道 (Century Avenue), tries to take yet another step closer to current designs chips form Intel and AMD, and while falling way short, that’s not really the point here.

Ultimately performance is what matters to an end-user. In that respect, the KX-7000 sometimes falls behind Bulldozer in multithreaded workloads. It’s disappointing from the perspective that Bulldozer is a 2011-era design, with pairs of hardware thread sharing a frontend and floating point unit. Single-threaded performance is similarly unimpressive. It roughly matches Bulldozer there, but the FX-8150’s single-threaded performance was one of its greatest weaknesses even back in 2011. But of course, the KX-7000 isn’t trying to impress western consumers. It’s trying to provide a usable experience without relying on foreign companies. In that respect, Bulldozer-level single-threaded performance is plenty. And while Century Avenue lacks the balance and sophistication that a modern AMD, Arm, or Intel core is likely to display, it’s a good step in Zhaoxin’s effort to break into higher performance targets.

↫ Chester Lam at Chips and Cheese

I find Chinese processors, like the x86-based ones from Zhaoxin or the recent LoongArch processors (which you can buy on AliExpress), incredibly fascinating, and would absolutely love to get my hands on one. A board with two of the most recent LoongArch processors – the 3c6000 – goes for about €4000 at the moment, and I’m keeping my eye on that price to see if there’s ever going to be a sharp drop. This is prime OSNews material, after all.

No, they’re not competitive with the latest offerings from Intel, AMD, or ARM, but I don’t really care – they interest me as a computer enthusiast, and since it’s highly unlikely we’re going to see anyone seriously threaten Intel, AMD, and ARM here in the west, you’re going to have to look at China if you’re interested in weird architectures and unique processors.

Way back in 2021, in the Epic v. Apple court case, judge US District Judge Yvonne Gonzalez Rogers ordered Apple to allow third-party developers to tell users how to make payments inside iOS applications without going through Apple’s App Store. As we have come to expect from Apple, the company maliciously complied, lowering the commission on purchases outside of its ecosystem from 30% to 27%, while also adding a whole bunch of hoops and hurdles, like scare screens with doom-and-gloom language to, well, scare consumers into staying within Apple’s ecosystem for in-app payments.

Well, it turns out Judge Yvonne Gonzalez Rogers is furious, giving Apple, Tim Cook, and its other executives what can only be described as a beatdown – even highlighting how one of Apple’s executives, under orders from Tim Cook, lied under oath several times. Gonzalez is referring this to the District Attorney for Northern California “to investigate whether criminal contempt proceedings are appropriate.”

In stark contrast to Apple’s initial in-court testimony, contemporaneous business documents reveal that Apple knew exactly what it was doing and at every turn chose the most anticompetitive option. To hide the truth, Vice-President of Finance, Alex Roman, outright lied under oath. Internally, Phillip Schiller had advocated that Apple comply with the Injunction, but Tim Cook ignored Schiller and instead allowed Chief Financial Officer Luca Maestri and his finance team to convince him otherwise. Cook chose poorly. The real evidence, detailed herein, more than meets the clear and convincing standard to find a violation. The Court refers the matter to the United States Attorney for the Northern District of California to investigate whether criminal contempt proceedings are appropriate.

↫ US District Judge Judge Yvonne Gonzalez Rogers

Gonzalez’ entire ruling is scathing, seething with rage, and will probably do more reputational damage to Apple, Tim Cook, and his executive team than any bendgate or antennagate could ever do. Judge Gonzalez:

This is an injunction, not a negotiation. There are no do-overs once a party willfully disregards a court order. Time is of the essence. The Court will not tolerate further delays. As previously ordered, Apple will not impede competition. The Court enjoins Apple from implementing its new anticompetitive acts to avoid compliance with the Injunction. Effective immediately Apple will no longer impede developers’ ability to communicate with users nor will they levy or impose a new commission on off-app purchases.

[…]

Apple willfully chose not to comply with this Court’s Injunction. It did so with the express intent to create new anticompetitive barriers which would, by design and in effect, maintain a valued revenue stream; a revenue stream previously found to be anticompetitive. That it thought this Court would tolerate such insubordination was a gross miscalculation. As always, the cover-up made it worse. For this Court, there is no second bite at the apple.

↫ US District Judge Judge Yvonne Gonzalez Rogers

Gonzalez effectively destroyed any ability for Apple to charge commissions on purchases made inside iOS applications but outside Apple’s App Store, and this order will definitely find its way to the European Union as well, where it will serve as further evidence of Tim Cook’s and Apple’s continuous, never-ending contempt for the law and courts that uphold it. For its part, Apple has stated they’re going to appeal.

Good luck with that.

Sculpt OS 25.04 has been released, and with it come a number of very welcome and important improvements. What most users will care about the most is the updated version of the Falkon web browser, built atop Qt 6.2.2 and its accompanying qtwebengine release, which in turn is using version 112 of the Chromium engine. Aside from this major improvement, there’s two other things that stand out:

Usability-wise, the new version comes with two highly anticipated features. First, building upon the multi-monitor support added with the previous release, the new version takes multi-monitor awareness to the window management level, allowing for the flexible assignment of virtual desktops to physical displays, adding new window-manipulation conveniences, and supporting rotated displays. Second, a new directory browser allows the user to interactively assign arbitrary directories as file systems to components, vastly easing the fine-grained sandboxing of subsystems.

↫ Sculpt OS 25.04 release announcement

Sculpt OS 25.04 also inherits the improvements of recent Genode Framework releases, such as support for Intel’s Meteor-Lake hardware. Sculpt OS is available for PC, the PinePhone, and the MNT Reform laptop.

When Google released the fourth beta of Android 16 this month, many users were disappointed by the lack of major UI changes. As Beta 4 is the final beta, it’s likely the stable Android 16 release won’t look much different than last year’s release. However, that might not hold true for subsequent updates. Google recently confirmed it will unveil a new version of its Material Design theme at its upcoming developer conference, and we’ve already caught glimpses of these design changes in Android—including a notable increase in background blur effects. Ahead of I/O next month, here’s an early look at Google’s upcoming Android redesign.

↫ Mishaal Rahman at Android Authority

With Android, it’s hard to really care about changes like these because it will take forever and a day for the Android ecosystem to catch up, and in general in mobile computing, most people use applications that have zero respect for platform integration anyway, preferring their own shit branding and UI “design” over that of the platform they’re running on. In other words, most people will never really encounter many of these changes, unless they’re Pixel users.

That being said, these changes seem to basically replace a lot of “window” backgrounds with a blur, which makes everything feel more airy and brighter – so much so that in screenshots purporting to show dark mode, it looks like light mode. This doesn’t really seem like the “big UI overhaul” the linked article claims it to be, but there might be more changes on the way we haven’t seen yet.

Instead of UI changes, I’m much more concerned about how much worse Google will be making Android by shoving Clippy into every corner of the operating system.

I have no idea how much relevance this short but informative rundown of how PATH works in Linux has in the real world, but I found it incredibly interesting and enlightening.

The basic gist – and I might be wrong, there’s code involved and I’m not very smart – is that Linux itself needs absolute paths to binaries, while shells and programming languages do not. In other words, the Linux kernel does not know about PATH, and any lookup you’re doing comes from either the shell or the programming language you’re using.

In practice this doesn’t matter, but it’s still interesting to know.