submitted by lorenzodm to linux 1 points | 1 comments
Ho cambiato nuovamente #distribuzione #linux e credo di aver fatto, almeno per mez la miglior scelta possibile. Curiosi di sapere dove sono atterrato? Scopritelo nel mio ultimo video, dove vi racconto tutto quanto!
submitted by Grub_09 to linux 1 points | 0 comments
Garuda Linux pubblica la prima versione ISO del 2026 con i driver NVIDIA 590
#GarudaLinux, introduce i driver grafici NVIDIA 590, che non supportano più le schede grafiche della serie NVIDIA 1000.Il secondo cambiamento riguarda la gestione delle configurazioni di sistema. I file di configurazione di Garuda Linux sono ora amministrati ...
submitted by Grub_09 to linux 1 points | 0 comments
Rilasciata Tails 7.4:Novità e Miglioramenti per la Privacy
#tails 7.4 introduce diversi miglioramenti rilevanti, tra cui la possibilità di conservare in modo persistente le impostazioni relative alla lingua, al layout della tastiera e al formato regionale.Oltre a questo ci sono altri miglioramenti vari e gli Aggiornamenti dei compone...
submitted by opentitus to linux 1 points | 0 comments
LINUX MINT 22.3 ZENA: È questa la MIGLIORE versione di sempre? 🌿
Linux Mint 22.3 “Zena” è finalmente arrivata! 🌿 In questa recensione completa esploriamo tutte le novità di una delle distribuzioni Linux più amate al mondo. Vale la pena aggiornare? È davvero l’alternativa definitiva a Windows 11?
submitted by radiolinux to linux 2 points | 0 comments
Nella puntata di Radiolinux ore 12,30 su https://www.radiostart.it/
esaminiamo la distribuzione italiana ModiciaOs
ideale per esprimere creatività multimediale ed altro
Inoltre parliamo della nuova LinuxMint di Budgie Desktop, di utilizzo della
Intelligenza Artificiale nelle distribuzione Makulu, di Ghost Player S...
We follow up on episode 104 from September last year when we promised to tackle some Linux projects including moving to Immich and Jellyfin, learning about Docker Compose and Python, and ditching Synology.
Cisco network gear fell over when it shouldn’t have, yet another security flaw is found in Microsoft Copilot, the US military is letting Grok into all its networks, and managing LVM snapshots.
FOSDEM is a free event for software developers to meet, share ideas and collaborate. Every year, thousands of developers of free and open source software from all over the world gather at the event in Brussels. You don't need to register. Just turn up and join in!
The Linux Foundation has announced a second year of sponsorship for the ongoing maintenance of the Linux manual pages (man-pages) project, led by Alejandro (Alex) Colomar. This critical initiative is made possible through the continued support of Google, Hudson River Trading, and Meta, who have renewed their sponsorship to ensure the long-term health of one of the most fundamental resources in the Linux ecosystem.
Since 2020, Alex Colomar has been the lead maintainer of the man-pages, providing detailed documentation for system calls, library functions, and other core aspects of the Linux API. While Alex initially maintained the project voluntarily, sponsorship beginning in 2024—supported by Google, Hudson River Trading, Meta, and others—has enabled him to dedicate more time and focus to improving the quality, accessibility, and accuracy of the Linux man-pages.
Expanding and Modernizing the Man-Pages
Over the last year, Alex’s work has resulted in major improvements that benefit both developers and maintainers across the Linux ecosystem. Highlights include:
Enhanced readability and structure: The SYNOPSIS sections of many pages now include clearer parameter names and array bounds, while large pages such as fcntl(2), futex(2), and keyctl(2) have been refactored into more focused, maintainable units.
Build system improvements: Updates make packaging easier for distributions and introduce new diagnostic checks that help identify inconsistencies across pages.
New documentation for GCC and Clang attributes: These additions reduce the documentation burden on the LLVM project while helping developers better understand compiler-specific features.
Coverage of POSIX.1-2024 and ISO C23 updates: Nearly all recent standard changes have been documented, with more updates in progress.
Developer tools and scripts: Utilities such as diffman-git(1), mansect(1), and pdfman(1) help developers compare versions, extract specific sections, and generate printable documentation. Some are now included by default in major Linux distributions.
Historical preservation: Documentation now includes guidance for producing PDF books of manual pages and the ongoing project of recreating original Unix manuals to compare modern APIs against historical references.
Upstream fixes and contributions: Beyond man-pages, Alex has submitted patches to groff, the Linux kernel, and GCC, and contributed to improving the spatial memory safety of C through the ISO C Committee, including by adding the new _Countof()operator which will continue to evolve in the coming years.
Enabling Sustainability Through Collaboration
The man-pages project continues to be one of the most relied-upon open documentation resources in computing, providing millions of developers with accurate and accessible information directly from the command line. Its continued maintenance is vital to the long-term health of Linux and open source software at large.
submitted by inmarvinwetrust to linux 1 points | 0 comments
Ho caricato un nuovo video 🎥
Vi porto a fare un giro tra le mie postazioni e vi racconto quali distribuzioni GNU/Linux uso davvero ogni giorno e perché.
👉 Guarda il video qui: https://youtu.be/mRBPa-djLZw
Riprendono,alle ore 16.00 di sabato 17 gennaio 2026, gl'incontri quindicinali di "Oltre Tecnoestate": robotica e dobotica per ragazzi...un divertimento verso la professionalità!
Se il tuo computer sembra sia passato da nuovo a modalità tartaruga, questo è il posto giusto per trovare una soluzione 😎
Molti utenti notano cali di prestazioni, finestre pubblicitarie che compaiono all’improvviso e aggiornamenti che sembrano non finire mai, oltre che un rallentamento progressivo. Questi sintomi sono spesso il risultato di programmi che richiedono risorse eccessive più che di un difetto hardware.
A partire da ottobre, il supporto a Windows 10 è terminato. Questo significa che il tuo pc non è più sicuro poiché non riceverà più aggiornamenti di sicurezza, ed è un bel problema. L'unico modo per avere un pc aggiornato è fare un aggiornamento del sistema operativo, il che implica non pochi problemi e valutazioni da fare preventivamente.
Potrebbe essere, però, il momento ideale per considerare un’alternativa che ti restituisca velocità, sicurezza e tranquillità, senza dover acquistare un nuovo hardware, ed è anche una nuova esperienza da fare che potrebbe cambiare la vita.
Ti stiamo proponendo Linux: un sistema operativo open source e libero, senza costi di licenza; è altamente personalizzabile, offre una stabilità e una sicurezza superiori grazie a una struttura di permessi più rigorosa e a una comunità globale che ne garantisce continui miglioramenti, il tutto mantenendo le prestazioni elevate anche su computer più datati.
Ci sono varie "distribuzioni" (o, se preferisci, chiamale "versioni"). Noi proponiamo Zorin OS, ma avrai forse già sentito la più conosciuta Ubuntu o altre per gli scopi più disparati.
Cosa cambia passando a Zorin OS
Aggiornamenti stabili: le nuove versioni vengono rilasciate solo quando sono testate a fondo, così non ti troverai a dover riavviare il pc più volte al giorno.
Nessun antivirus necessario: la struttura di Linux è meno vulnerabile a malware comuni, quindi non devi più installare programmi di protezione che consumano risorse.
Stabilità e sicurezza: il sistema è progettato e ottimizzato da una comunità globale di aziende e persone che riducono al minimo i crash improvvisi, e i permessi di accesso più restrittivi riducono i rischi di attacchi.
Open Source: tutto il software è libero e trasparente; puoi vedere e modificare il codice, contribuendo a una comunità che mette al primo posto la privacy e la libertà digitale. Non dipende da un'azienda che ottiene un tornaconto nella diffusione di questo sistema poiché è aperto, si può sempre aggiornare e non ha vincoli a livello tecnicologico che ne impediscano il cambiamento in futuro. Finché l'hardware del tuo pc lo permette, il tuo sistema continuerà a girare senza problemi.
E' difficile cambiare?
Se ti aiutiamo noi no 😃
Da parte tua c'è solo un'importante operazione da fare, e cioè il backup: salva su una chiavetta, un disco o da qualche parte i dati importanti, per esempio foto e documenti, poiché per sostituire il sistema operativo verrà cancellato il disco per poter fare un'installazione pulita di Linux.
Vuoi provare?
Contattaci per organizzare l’aggiornamento del tuo pc a Linux. L’intervento è gratuito e senza impegno; se ti trovi bene, una piccola donazione è molto apprezzata e ci permette di continuare a offrire supporto a chi ne ha bisogno.
Scrivici ora e ridai vita al tuo vecchio computer!
The Springer journal "Digital Finance" has recently published "The proposed design of the digital euro: A critical analysis" by Mikolai Gütschow and Bernd Lucke. They describe serious flaws in the digital euro design as proposed by the European Commission and propose GNU Taler as an alternative technology for a potential CBDC with tangible benefits for Europeans.
Il volenteroso Gianfranco del GOLEM rinnova la proficua collaborazione con la biblioteca di Scandicci, con una serie di appuntamenti il sabato pomeriggio dalle 16:00 alle 18:00 a tema LibreOffice. La biblioteca di Scandicci si trova in via Roma 38a. LibreOffice è una suite di programmi per l’ufficio di software libero.
Hello everyone, I saw on a Spanish OPWRX+ WebSDR that the frequencies shown in the "receiver" window were in color. How can we do that? Modify a CSS or is there an easier way? Thanks
Since both this and the previous 13.2.0 release are based on the stable Debian trixie release, there really isn’t a lot of major changes but instead incremental minor progress for the installation process. Repeated installations has a tendency to reveal bugs, and we have resolved the apt sources list confusion for Calamares-based installations and a couple of other nits. This release is more polished and we are not aware of any known remaining issues with them (unlike for earlier versions which were released with known problems), although we conservatively regard the project as still in beta. A Debian Libre Live logo is needed before marking this as stable, any graphically talented takers? (Please base it on the Debian SVG upstream logo image.)
We provide GNOME, KDE, and XFCE desktop images, as well as text-only “standard” image, which match the regular Debian Live images with non-free software on them, but also provide a “slim” variant which is merely 750MB compared to the 1.9GB “standard” image. The slim image can still start a debian installer, and can still boot into a minimal live text-based system.
The GNOME, KDE and XFCE desktop images feature the Calamares installer, and we have performed testing on a variety of machines. The standard and slim images does not have a installer from the running live system, but all images support a boot menu entry to start the installer.
With this release we also extend our arm64 support to two tested platforms. The current list of successfully installed and supported systems now include the following hardware:
This is a very limited set of machines, but the diversity in CPUs and architecture should hopefully reflect well on a wide variety of commonly available machines. Several of these machines are crippled (usually GPU or WiFI) without adding non-free software, complain at your hardware vendor and adapt your use-cases and future purchases.
The images are as follows, with SHA256SUM checksums and GnuPG signature on the 13.3.0 release page.
submitted by ufficiozero to linux 1 points | 0 comments
📢 La release Lorena cambia mirror!
In questo breve articolo sul nostro blog è possibile leggere ed eseguire le brevi istruzioni per tenere allineato ed aggiornato il vostro pc con la release Lorena.
🔔 I nostri vecchi mirror saranno dismessi il giorno 10 Febbraio 2026, pertanto avete tutto il tempo per seguire la b...
submitted by EnthusiastNewbie to linux 1 points | 0 comments
il mio Setup Minimale con Debian e LABWC 💜… Ho sempre apprezzato la leggerezza di Openbox. Ero sicuro che con LABWC mi sarei divertito parecchio!!!
#linux #linuxitalia
@linux
https://youtu.be/KS0io7XqYeg
Hype is really starting to build for Valve’s upcoming Steam hardware and other great gaming news, Stack Overflow is losing to LLMs, old men like Félim don’t want to lose middle click paste, our optimism about Google continuing to release Android source code was misplaced, and Bose demonstrates how to kill a product.
2025 had a splash of activity; a few teams who were dormant in 2024 made
a notable progress, in terms of new translations or updating the existing ones.
General Statistics
About 2/3 new translations were made by the Chinese (zh-cn) team this year;
then the Greek and Albanian teams followed. The Polish and Dutch teams
considerably reduced the amount of their outdated translations.
Currently, the total amount of translations is over 3400; the overall percentage
of outdated translations was about 5% lower than in 2024.
The table below shows the number and size of newly translated articles
in important directories and typical number of outdated GNUNified
translations throughout the year.
The Esperanto translation was installed by GNU Translation Managers
without establishing a new team.
For the reference: 2 new articles were added, amounting to 27Ki (vs. 4 articles
and 44Ki in 2024); the number of commits (about 500 changes in approximately
90 English files) was almost twice as many as in 2024.
Orphaned Teams, New and Reformed Teams
No teams were orphaned, and no new teams were established. Greek and Dutch
teams changed their status to active without a reorganization. A volunteer
requested creating the Georgian team, with no further progress.
Thank you for your contribution.
I wish you all a happy and successful 2026.
GNU Parallel 20251222 ('Bondi') has been released. It is available for download at: lbry://@GnuParallel:4
Quote of the month:
Used? gnu parallel is my new favorite toy
-- Eytan Adar @eytan.adar.prof
New in this release:
No new features.
Bug fixes.
GNU Parallel - For people who live life in the parallel lane.
If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.
About GNU Parallel
GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.
If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.
GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.
For example you can run this to convert all jpeg files into png and gif files and have a progress bar:
GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.
The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.
When using GNU SQL for a publication please cite:
O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.
About GNU Niceload
GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.
I am happy to announce that since patchset 5.0.5, GNU Health Information system is ready for Python 3.14.
All GNU Health HIS packages have been updated so they allow Python 3.14. The GNU Health GTK client and GNU Health control installation and instance manager have also been upgraded.
Operating systems like Void Linux already upgraded to Python 3.14, and now you can enjoy this Pi.thon release in GNUHealth.
As usual, backup your database, local modules/packages and GNU Health filesystem before upgrading, and report any issue you may find.
The patchset 5.0.4 of GNU Health Information System is out!
This is a small patch related to the calendar package.
If you use the vanilla / standard installation, you can update the server and the dependencies from the gnuhealth control center (https://docs.gnuh ... ontrolcenter.html)
Backup
As usual, before you upgrade your instance, make sure you have made a backup of your DB instance and "attach" resource !
Happy hacking ❤️
Changelog for 5.0.4
5bbd80c38: health_calendar: Fix issue #164 - AttributeError when creating work schedule Tue Dec 2 11:13:26 2025 +0000 Luis Falcon
For more information, please check our Codeberg page:
I am delighted to announce a new release of GNU a2ps, the “anything to
PostScript” system.
This is to announce a2ps-4.15.8, a stable release. This release fixes a
buffer overflow, and a failure to build on some older systems.
There have been 13 commits by 1 people in the 21 weeks since 4.15.7.
See the NEWS below for a brief summary.
Thanks to everyone who has contributed!
The following people contributed changes to this release:
Reuben Thomas (13)
Reuben
[on behalf of the a2ps maintainers]
==================================================================
Here is the GNU a2ps home page:
https://gnu.org/s/a2ps/
Here are the compressed sources and a GPG detached signature:
https://ftpmirror.gnu.org/a2ps/a2ps-4.15.8.tar.gz
https://ftpmirror.gnu.org/a2ps/a2ps-4.15.8.tar.gz.sig
Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html
Verify the SHA256 checksum with either sha256sum, sha256, or
shasum -a 256.
Verify the SHA3-256 checksum with cksum -a sha3 --check
from coreutils-9.8.
Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify a2ps-4.15.8.tar.gz.sig
The signature should match the fingerprint of the following key:
If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.
or run this command from a git-cloned a2ps directory:
git shortlog v4.15.7..v4.15.8
This release was bootstrapped with the following tools:
Autoconf 2.72
Automake 1.18.1
Gnulib 2025-12-04 481064c5c22c8137188eecb6662ebea03fc6d0b8
NEWS
* Noteworthy changes in release 4.15.8 (2025-12-04) [stable]
* Bug fixes:
- Fix a buffer overflow when a long value supplied to -E.
- Include some header files with system paths, not user paths.
* Build system:
- Fix building on systems that need gnulib's malloc wrapper.
- Remove a generated file from git.
- Update the version of gettext used.
* Documentation:
- Update copyright notices to point to GPL online.
The initial injustice of proprietary software often leads to further injustices: malicious functionalities.
The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.
We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.
Apple repeatedly sabotaged Beeper Mini, a client to replace its iMessage instant messaging service, interfering with people's ability to use their installed software just to keep a dominant position in that market by avoiding competition.
Motorola ships Android phones with a locked bootloader, offering a method to unlock the devices. The method involves creating an account, which requires running nonfree JavaScript and disclosing personal data as well as identifying at least your phone's model.
This puts users in danger of privacy breaches in exchange for permission to modify the software that runs in a device they own. Users should be free to modify this and all software as they wish, without interference from the manufacturer or developer.
Back in 2013 (when the company was owned by Google) someone found a way to crack the bootloader restrictions. Android developers also provide a lock/unlock method.
Echelon forcefully downgraded the firmware of its home gym equipment so that the devices will provide their full capabilities only if connected to Echelon's servers and only with a paid subscription, all the while breaking compatibility with third party apps that offer additional functionalities. Efforts to restore offline functionality were successful, but the fix can't be released due to section 1201 of the DMCA.
Note that those articles mention “open source”; the GNU Project recommends the expression free/libre software instead.
Google has announced the inclusion of a “security” measure in Android “smartphones,” which will require any software installed in certified Android devices to come from a developer who has gone through Google's new developer verification program.
The problem here is not that there's a system that provides trust on the origin of the software. A system like that might be useful, but the end user should still be able to select which organization provides that service, or maybe set up such an organization or renounce the service altogether.
Making this verification exclusive to Google makes us question which is the threat here. Is it a user installing malware inadvertently? Or is it the user installing software that makes Google lose money?
This will also kill projects such as F-Droid that promote privacy and freedom by distributing free (as in freedom) apps.
submitted by Grub_09 to linux 1 points | 0 comments
Rilasciata ArchBang Linux 1001: una distribuzione GNU/Linux basata su Arch Linux
#archbang #linux è una distribuzione #gnulinux leggera e minimalista, progettata per offrire un sistema semplice, veloce e altamente personalizzabile.Si basa direttamente su Arch Linux, dal quale eredita la filosofia orientata al controllo totale del sist...
Dunque… #budgie passa da gtk a qt, come #Plasma senza però essere plasma o parte di #kde. Onestamente faccio un po’ fatica a capire il senso di questo desktop per @linux. Fino ad oggi Budgie era come un #Cinnamon più minimale, sostanzialmente un desktop tradizionale,...
Dealing with a crisis as a developer, how to keep everyone in the loop while you fix systems and code, why pointing the blame isn’t useful, some of our horror stories, and more.
Dealing with a crisis as a developer, how to keep everyone in the loop while you fix systems and code, why pointing the blame isn’t useful, some of our horror stories, and more.
submitted by lorenzodm to linux 1 points | 2 comments
Cosa ci riserverà il futuro 2026 informatico?
Provo a dire la mia sugli attuali temi caldi del settore azzardando delle previsioni a tema #Linux , #OpenSource , #FreeSoftware e big tech!
Nessuno parla mai di #Mageia, un’altra distribuzione europea dal passato glorioso (Mageia è l’erede naturale di #MandrakeLinux e #MandrivaLinux). Qualcuno di voi l’ha provata recentemente? @linux @linux@diggita.com #UnoLinux
submitted by grimjfoot to linux 3 points | 0 comments
The #Debian project is pleased to announce the third update of its stable distribution #Debian13 (codename trixie). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.
submitted by radiolinux to linux 1 points | 0 comments
salve a tutti
su https://www.radiostart.it/ ore 12,30
Radiolinux si sofferma
sul mondo della distribuzione Archlinux,
sicuramente la piu’ moderna per quanto riguarda
il software incluso con due distribuzioni
stabili come Manjaro 26 e Endeavours che cercano
di rendere piu’ facile l’utilizzo d...
submitted by opentitus to linux 1 points | 0 comments
🔧📡 Risolvere i Problemi di Connessione Wi-Fi su Linux
Se stai affrontando disconnessioni, velocità ridotta o instabilità della connessione Wi-Fi sul tuo computer con Linux, non disperare. Questi problemi sono spesso legati alla gestione dell’energia o a driver non ottimizzati, ma possono essere risolti facilmente.
Ian Kelling, FSF senior systems administrator, and also our president, outlines the complex steps the FSF tech team goes through to ensure the software we use is free. The tech team — currently just two people — is vital to our collective work for software freedom, which itself helps guarantee many of our other basic freedoms. We depend on people just like you to support our work: we have an associate membership drive to welcome 100 new members by January 16. Please join the FSF and help keep this work going.
What to consider when making a big move to a new technology for your on-prem or private cloud estate, for example when a provider suddenly hikes their subscription or license prices.
Antigravity A1
The Antigravity A1 is the world’s first all-in-one 8K 360 drone. It’s a real game-changer. You get full immersive flight with the goggles, intuitive controls, and endless creative freedom in editing. If you’re thinking about buying a drone, make it this one. Learn more at antigravity.tech
submitted by opensource to linux 1 points | 0 comments
🎉 FediLUG supera i 900 iscritti!
Una bella notizia da condividere: il gruppo @linux del fediverso ha superato i 900 iscritti!
Da quando il FediLUG è diventato il Linux User Group ufficiale del Fediverso, abbiamo assistito a un vero e proprio boom di adesioni. Segno che c’era bisogno di uno spazio dedicato: https://fedi...
The many reasons why email shouldn’t be trusted. Plus how to stop your kids accessing inappropriate content online, and why the answer probably isn’t a technical one.
submitted by Grub_09 to linux 1 points | 0 comments
Rilasciata Manjaro 26 “Anh-Linh”: con KDE Plasma 6.5 e GNOME 49 su Wayland come sessione predefinita
Manjaro è una delle distribuzioni #gnulinux più riconosciute per la sua capacità di offrire un sistema moderno, accessibile e costantemente aggiornato senza rinunciare alla stabilità.Pur basandosi su Arch Linux, #manjaro adotta ...
Avevo bisogno di un serverino domestico per alcuni esperimenti e per taccagneria passione per il trashware ho deciso di recuperare il mio “vecchio” (2007) EeePC 701 (Celeron M 900MHz, 2GB RAM, 4GB SSD). Sono consapevole che un Raspberry Pi 4 sarebbe molto più performante, ma quanto ci avrei messo ad ammortizzare l’investimento?L’EeePC 701 consuma: Tradotto […]
Installazione Per installare il programma principale di Open Broadcaster Software in Debian e derivate:apt install obs-studioAl primo avvio ci chiede se vogliamo ottimizzare per le dirette o per le registrazioni (la scelta può essere modificata in seguito dal menu “Strumenti”, Leggi tutto Installazione e configurazione di OBS Studio→...
The P15 CoNetWorking Space in Biel/Bienne right next to the train station (and the BFH) is the first shop to accept GNU Taler payments in Swiss francs (eCHF) issued by Taler Operations AG and thus the first merchant accepting Taler payments in fiat currency. P15 is a great space to net-work, so go check it out!
Linux users bristle at the whole idea of getting "tracked," but pixel tracking is built into the very foundation of the commercial web. We examine the dark art of pixel tracking and tell you about some tools that will keep the trackers at bay.
The term "vendor lock-in" has been in common parlance for as long as I've been working on this magazine. We don't talk about vendor lock-in as much as we used to, but everyone knows it is still out there, operating in evermore subtle ways to take choice away from users.
Experts use tools such as bc and dc for arithmetic in the shell. The num-utils and datamash packages open up further opportunities for processing numerical values at the command line.
Learn how to enable a microcontroller's USB interface and exchange data with a host Linux machine. We'll first emulate a serial port, then build a pen-drive-type device, and finally create a fully custom data transfer interface.
Curious about the planes that fly over your home? With some simple and affordable equipment, you can receive their ADS-B signals and uncover detailed flight information.
The Terraform orchestration tool lets you create a remote desktop configuration that you can easily bring up and tear down, which could save you money and add flexibility to your environment.
Nate explores the top FOSS including the latest version of Waterfox Browser, an image metadata removal tool, a lightweight media player, and the latest LibreQuake beta.
In the news: Two New Distros Adopt Enlightenment; Solus Linux 4.8 Removes Python 2; Zorin OS 18 Hits over a Million Downloads; TUXEDO Computers Scraps Snapdragon X1E-Based Laptop; Debian Unleashes Debian Libre Live; Valve Announces Pending Release of Steam Machine; and Happy Birthday, ADMIN Magazine!
If you're a developer wanting to create a new Gnome extension, you'd best set aside that AI code generator, because the extension team will have none of that.
Mikolai Gütschow and signum gave a talk at the 39th Chaos Communication Congress (39C3) in Hamburg, Germany, where they reported on their good experiences with offering GNU Taler as a local payment system at LugCamp 2024 and Datenspuren 2024 and 2025.
Why you should probably keep paying for your old domains, the perpetual problem of typo squatting, a machine learning expert’s take on BS from LLMs, and whether to separate compute and storage in a home setup.
GNU Emacs has been my primary computing environment of choice for over
a decade. Emacs has enabled me to perform a wide array of tasks
involving human and computer languages, such as reading and writing
notes, emails, chats, programs, and more, all in a cohesive and
consistent environment that I can tailor exactly to my needs and
liking.
Coming from a Vim background, I started my Emacs journey trying some
configuration frameworks that provided vi-like key bindings, and after
a few Emacs bankruptcies, ended up with my current homegrown
configuration that I wrote from scratch gradually over the last
7 years, with inspiration from the configurations of some folks who
shared theirs publicly. Though my configuration has been mostly
stable for a few years now and I consciously keep the number of
external packages I use very small, I occasionally add small bits and
pieces to my configuration when I’m inspired after learning about a
neat feature or package on the blogs aggregated on Planet Emacslife,
the messages sent to the Emacs mailing lists, or the videos from the
annual EmacsConf conference.
I like getting a glimpse of other people’s worlds through the lens of
their creative works such as writings, be it prose or Emacs Lisp.
That’s only possible when people share freely, free as in freedom.
I’m thankful to Richard Stallman for his foresight to imbue GNU Emacs
with that freedom from the very beginning and for his lifelong fight
for computer user freedom, and to the many other folks who have joined
the free software movement since then and have fought the good fight.
I’ve been inspired and encouraged by many awesome Emacs people through
the years. People like Corwin Brust with his joyful creative energy
around Emacs and the road to software freedom, Sacha Chua and her
philosophy of leading a life of learning, sharing, and scaling, Gopar
and his enthusiasm for Emacs and its intersection with the Python
world, folks like Protesilaos Stavrou and Greg Farough who discovered
Emacs initially as non-programmers yet were enamoured by its
embodiment of software freedom in practice and went on to integrate it
into their everyday lives, and shoshin of the Cicadas cooperative at
the intersection of humanity and technology sharing his passion for
the human element and community by developing and contributing input
methods for his ancestral language of Lakota to GNU Emacs. I’m deeply
inspired by each of these wonderful people, and grateful for having
known them and for each of their unique perspectives and life stories
with which they have enriched my experience in Emacs and the free
software world.
As wonderful and impactful as Emacs has been in the lives of the many
who have come to know it throughout the decades that it’s been around,
it would not have become what it has been, what it is today, and what
it may become in the future without its community of passionate users
and contributors. The People of Emacs are all of us. Here’s to many
more of us, enjoying many more years of Emacs and software freedom
together even if spread far apart.
I have noticed that if the reception passband is altered by moving the edge of the passband marker, it sticks and cannot be reset by switching between modes, which used to be possible.
Dragging the passband back to the original value is not always possible because of the granularity of the setting. The only method I have found is to clear the browser cookies and restart the instance.
I don't know if this is a deliberate new feature or a bug, but is it easy to restore the default value in some way ?
If not, would it be possible to be able to reset it back to the default value, perhaps by a long click on the mode button, or a shift click or similar ?
Thanks,
Martin
On Mon, Dec 15, 2025 at 07:48 AM, Marat Fayzullin wrote:
BOSTON, Massachusetts, USA (December 29, 2025) — The Free Software Foundation (FSF)
announced today that Eko K. A. Owen will follow in Ian Kelling's footsteps by
becoming the second union staff-elected board member on the organization's
board of directors.
It’s our 2025 review of Linux and open source news including great gaming news, the impact of AI, the disappointments from Mozilla, the year of Wayland on the desktop, the politics of open source, Intel’s lack of interest, and wins for KDE.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
Recently I have been using Gemini, a sort of a modernized
Gopher, more and more, and have finally decided to create and
maintain my own Gemini capsule, that you can find at
Recently I have been using Gemini, a sort of a modernized
Gopher, more and more, and have finally decided to create and
maintain my own Gemini capsule, that you can find at
OK, thanks, but I'm using an RTL-SDR dongle and I've already
tried lowering the gain, but without success.
For now, I've given up on the idea of receiving DAB...
Le 28/12/2025 à 19:44, grem via
groups.io a écrit :
just a note:
in my case DAB-Decoder is VERY sensitive to wrong Frequency
Setting and strong Signal.
so if any problems, try ATT and vary the Frequency a little
bit.
-> using my cheap RTL Device is perfect for DAB here, with
the RSPduo there is no chance, as even a small antenna is
overloading the input (~15km direkt line of sight to two
Transmitters
in my case DAB-Decoder is VERY sensitive to wrong Frequency Setting and strong Signal.
so if any problems, try ATT and vary the Frequency a little bit.
-> using my cheap RTL Device is perfect for DAB here, with the RSPduo there is no chance, as even a small antenna is overloading the input (~15km direkt line of sight to two Transmitters
What we are likely to be doing when you hear this, and why it’s unlikely to involve much in the way of development. This is a short episode because Joe is having a break for the Christmas period.
What we love most about the cloud and cloud native technologies. This is a short episode because (producer) Joe is having a break for the Christmas period.
The one bit of advice we’d give to someone wanting to become a professional sysadmin. This is a short episode because Joe is having a break for the Christmas period.
Boston, Massachusetts, USA (Wednesday, December 24, 2025) -- The Free Software Foundation (FSF) today announced it received two major contributions totaling around $900,000 USD.
Note that due to mirror synchronization, not all links may be functional
early after the release. For direct access try
https://ftp.gnu.org/gnu/gnunet/
Good news for custom Android ROMs, Rust is here to stay in the kernel, an open source success story in Germany, and a new version of elementary OS is out. Plus discoveries is back including better Firefox history, migrating from Windows to Linux, automating telescopes, turning old tablets into clocks, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
I purchase the RX888, and when I try to set 2m frequency, it crash.. But not on the rf. ChatGPT was make me turn around over and over, Claude told me that i need to specify the RF port... Doh! (working after that)
We tell stories from some of the tech support nightmares we’ve found ourselves in. This is a short episode because Joe is having a break for the Christmas period.
Apple deletes a person’s entire digital life, PornHub Premium user data is leaked, Mozilla’s new CEO wants to ruin Firefox, Tech Force in the USA is alarming, and fine tuning storage for databases.
The Steam machine will use an older HDMI standard because of arbitrary rules, more details about running X86 Windows games on Arm Linux, and the Steam Controller lives on. Plus Calibre is adding “AI”, and we laugh at another LLM.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
How far you can go with eliminating global variables, forcing everything you ever need to be passed in as arguments.
Tailscale
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/ldt and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
The new OpenWebRX+ 1.2.102 is now available from the repository. This is mostly a bugfix release that corrects MQTT initialization order, fixes background SSTV operation, and a few other things. I have also added an option to report ISM signal levels, submitted by Ryan Jacobs. Release news and discussion forum can be found on Telegram. See below for all changes.
- Added MSK144 to WSJT modes received over MQTT. - Added ISM signal level reporting [Ryan Jacobs]. - Added 27700kHz SSTV frequency to all bandplans. - Fixed MQTT initialization order [Jan Loewe]. - Fixed background digital mode instantiation. - Enabled RTTY skimmer to send to PskReporter. - Extended CB band to 28MHz in all bandplans. - Removed NOAA satellites from the bandplans. - Improved HAM callsigns verification.
PS: Short cheat sheet for people who just cannot get things to work:
1) If it does not work for you, reload OpenWebRX page while holding the SHIFT key. 2) If it does not work for you, check "Settings | Feature report" page to see what you are missing. 3) If it does not work for you, wait for a day or two, maybe it starts working or you figure it out. 4) If it does not work for you, create a separate forum thread and explain your problem there. Attach the logs, obtained with "sudo journalctl -u openwebrx". Do not paste the entire log into the message, attach it as a file instead.
With the right tool and a bit of artistic talent, you can create two-dimensional cartoons, even without Flash. In this article, we present four animation programs and look at how well they perform in practice.
Putting all virtualization tasks on a separate server saves significant resources on the client. phpVirtualBox makes it possible to create, configure, manage, and use remote VMs in a browser window.
Even state-of-the-art computers need to use clever methods to process ever-increasing amounts of document data. The open source Lucene framework uses inverted indexing for fast searches of document collections.
USB sticks and SD cards quickly lose their value, but if a script distributes the data across several such devices, flash memory is still useful as a fast and shockproof backup medium despite limited capacity.
KDE SC 4.10 was released six months after KDE 4.9, adding many new features. In the background, work is in full swing for the next generation, KDE Frameworks 5: a KDE based completely on Qt5 and QML.
Dynamic resource allocation and migration of virtual machines between hosts mean that VMware environments pose new monitoring challenges. A new version of the free OpenNMS network management tool now includes an option for monitoring VMware-based infrastructures.
Like any self-respecting Linux journalist, I'm often predisposed to take Microsoft to task. For the record, I do manage to spread it around, with occasional reflections on Apple and Google, because I truly believe our universe has room for more than one evil empire. But Microsoft is still the easiest mark.
We look at what makes a security issue critical and how upstream developers and vendors respond by examining three incidents: CVE-2013-0156, CVE-2013-0333, and rubygems.org. Moreover, we look at improvements that can make security better in the future – specifically, incident response handling.
In computer forensics, memory analysis is becoming increasingly important as a means for investigating security incidents. In this article, we provide an overview of the various memory dumping options on Linux and introduce the support in Linux for the Volatility Analysis Framework.
Thanks to protocols such as UPnP and DLNA, video, audio, and photos are distributed to TVs, gaming consoles, PCs, and smartphones without the need for configuration. Linux as a central media server is a welcome guest.
A Perl script calls various plugins that sniff around on FTP and HTTP servers run by the major Linux distributions to discover when Fedora, Debian, and other distros update their packages.
Security applications like antivirus protectors respond to events, rather than preventing them from happening, but the best security in Linux is architectural – that is, in its configuration.
The market for good image editing programs for Linux is pretty much saturated. Despite this, BrainDistrict has dared to launch two commercial programs: IFX-Supreme and PaintSupreme.
During the ongoing battle against spam, admins should inspect their troop's battle lines from time to time. If you don't relish the thought of counting the dinnerware, you can use the services of a logfile inspector like SendmailAnalyzer, which works surprisingly well with Postfix and the like.
In addition to its comprehensive tool set, LibreOffice packs a built-in Basic-like scripting language that can be used to automate repetitive tasks and extend the suite's default functionality.
How to connect your public environments across clouds and into your datacenter infrastructure – using official options, VPNs and new ideas like mTLS. Plus container networking, CNIs and other ways to plug extras into Kubernetes.
Antigravity A1
The Antigravity A1 is the world’s first all-in-one 8K 360 drone. It’s a real game-changer. You get full immersive flight with the goggles, intuitive controls, and endless creative freedom in editing. If you’re thinking about buying a drone, make it this one. Learn more at antigravity.tech
The new OpenWebRX+ 1.2.101 is now available from the repository. It extends CW skimmer functionality, letting it report CW spots via MQTT and PskReporter. The CW skimmer can now run in background, as a service. I have also fixed a rather serious issue with the bandwidth allocation for background services. Release news and discussion forum can be found on Telegram. See below for all changes.
- Fixed bandwidth allocation for services. - Added callsign spotter to CW/RTTY skimmers. - Added CW spot reporting to PskReporter. - Added CW skimmer to band plans. - Added more checks to callsign-to-country conversion. - Added MQTT events for downloading data from the web. - Added timestamps to chat messages. - Enabled CW/RTTY skimmers as background services. - Extended CW/RTTY skimmer bandwidth to 96ksps. - Removed NOAA-15 and NOAA-19 satellite decoders.
PS: Short cheat sheet for people who just cannot get things to work:
1) If it does not work for you, reload OpenWebRX page while holding the SHIFT key. 2) If it does not work for you, check "Settings | Feature report" page to see what you are missing. 3) If it does not work for you, wait for a day or two, maybe it starts working or you figure it out. 4) If it does not work for you, create a separate forum thread and explain your problem there. Attach the logs, obtained with "sudo journalctl -u openwebrx". Do not paste the entire log into the message, attach it as a file instead.
The Crucial brand of consumer SSDs and RAM is going away, AMD and Intel memory encryption can be bypassed with cheap hardware, more AI buffoonery, and monitoring users’ usage on a network.
We were asked about monitoring users’ usage on a network.
Tailscale
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/25a and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
How many jobs we’ve had, how seriously we take our Christmas decorations, whether we like pineapple on pizza, and memorable romantic dates. With Andy and Kevin from Linux Dev Time.
Patrons got this this in their feed two weeks ago.
BOSTON, Massachusetts, USA (Tuesday, December 9, 2025) — The Free
Software Foundation (FSF) announced today the recipients of the 2024
Free Software Awards, which are given annually by the FSF to groups
and individuals in the free software community who have made
significant contributions to the cause for software freedom.
Arduino’s new ToS has some people worried, some projects are starting to move away from GitHub for technical reasons, Raspberry Pi has a new model and prices are going up because of RAM costs, great news for OpenPrinting, old text adventure games get open source, and Joe’s foldable phone breaks in an unexpected way.
Take the first step to better security by securing your team’s credentials. Find out more at 1password.com/latenightlinux and start securing every login.
Tailscale
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
You answered my question about the new DAB function in Openwebrx
version 1.3.
However, I think you misunderstood my question, unfortunately.
I'm familiar with DAB, but I was asking what should appear in the
small window (a screenshot was attached...). I receive many stations
here on the FM band.
Also, what are the yellow dotted lines at the top of the waterfall
display for?
(Albert, I couldn't open your .tiff file.)
Le 08/12/2025 à 15:32, Albert Öttl via
groups.io a écrit :
I just installed the October 11, 2023 version of
OpenWebRX.(V1.3.0)
The new feature (for me) is that there's now a "DAB"
button that opens a small "Loading" window in the
bottom left corner (which is empty).
I don't understand how it works. Is there an
explanation somewhere?
I just installed the October 11, 2023 version of OpenWebRX.(V1.3.0) The new feature (for me) is that there's now a "DAB" button that opens a small "Loading" window in the bottom left corner (which is empty).
I don't understand how it works. Is there an explanation somewhere?
Hello and welcome to my November free software activities report.
I’ve been working on a number of things throughout this month but
they’re not quite ready for reporting yet, so this month’s report
will be quite short.
GNU & FSF
EmacsConf: I recorded the video for my Gnus talk for this year’s
conference. The video will be available along with the the other
EmacsConf talks from the conference website, but if you’re feeling
particularly impatient you can sneak a peek at it. :)
GNU Spotlight: I prepared and sent the November GNU Spotlight to
the FSF campaigns team for publication on the FSF’s community blog
and the monthly Free Software Supporter newsletter.
Hello and welcome to my October free software activities report.
GNU & FSF
GNU Spotlight: I prepared and sent the October GNU Spotlight
to the FSF campaigns team, who will review and publish it on the
FSF’s community blog and as part of the next issue of the monthly
Free Software Supporter newsletter.
bug#79629: I noticed that I was unable to customize the
holiday-other-holidays variable using the setopt macro:
my change did not seem to take effect. As Eli Zaretskii
helpfully pointed out, this was because customizing
holiday-other-holidays did not recompute the value of
calendar-holidays, which is computed once, when the package
is loaded.
So I prepared and sent a patch 500a2d0cc55 to recompute
calendar-holidays when its components are set.
bbabc1db258: While reading about custom-reevaluate-setting
in the Startup Summary node of the GNU Emacs Lisp reference manual
I noticed a small typo, so I committed a patch to fix it.
This month at work one of our Elasticsearch clusters experienced
partial failure, and we needed to extract document IDs from a backup
of one of the cluster’s shards. Elasticsearch uses Lucene under the
hood and each shard is a standalone Lucene index, so I used Lucene’s
Java API to write a little GetIDS class to query the index for
all of its documents, and for each document print its _id field,
decoding the binary-valued BytesRef as needed. The gotcha was
that all of the BytesRefs seemed to have a -1 byte in the
beginning, throwing off the recommended BytesRef.utf8ToString()
method, so I had to reimplement that method’s logic in my program
and have it use an adjusted offset + 1 and length - 1 instead.
I am pleased to announce the availability of Planet
Guix, an Atom and RSS aggregator covering all
things Guix. You can browse posts on the website or use your favourite feed
reader to subscribe to the aggregate feed.
Planet Guix already has subscriptions to 19 blogs from around the community;
if you write about Guix (no matter how infrequently) and would like your blog to
be included, or if you would like to suggest another blog I missed, please
create a pull request against the repository in
Codeberg — you'll see that the
subscriptions are simply configured as association lists in planet/config.scm.
Background
Back in September, Sébastien Gendre asked on the help-guix mailing
list if
there were any plans to create a Planet website for Guix. The discussion drifted
into how this might be implemented in Guile, and I thought it sounded like an
interesting project for the dark autumn evenings.
The original Planet aggregator was written in Python and many Planet websites
are still using its successor, Venus. The Venus
code base has not seen much activity in the last decade and still uses Python 2,
which was sunset in 2020. This was all the incentive I needed to implement a new
Planet aggregator and static site generator in Guile.
Implementation
We already know from the likes of
Haunt that Guile has all the tools
needed to generate a static web site. Both Atom and RSS are XML formats, and
Guile also has great support for working with XML. The Guile Planet
implementation uses the following built-in modules:
Many feeds include HTML content in the entry summary, which we need to parse.
This is where htmlprag
from guile-lib comes in. I used this both
to parse HTML embedded in feeds and to generate the static content from an
SXML data
structure.
With these libraries to hand the code for the planet aggregator almost wrote itself!
I was trying to keep dependencies to a minimum, but
guile-filesystem
is too useful to do without and, later in the development process, I pulled in
guile-srfi-235 which
provides some useful combinators. At the moment I'm only using apply-chain to
build a function for post-processing one of the feeds, but why re-invent the
wheel?
Deployment
I initially deployed the Planet to a test site running on one of my servers, but
the idea was received enthusiastically by the Guix maintainers and I was happy
that they wanted to host it on their infrastructure.
Of course they are using Guix to manage their virtual machines in Hetzner cloud!
While they could have picked up the Planet code and run with it, instead they
pointed me at the server configuration
and invited me to make a pull request against hydra/guix-hetzner-2.scm.
They suggested I base the configuration on their existing
static-web-site-configuration so I started reading the code which proved very
educational (I admit that I had to sleep on it for a week before coming up
with a plan!)
The static-web-site-configuration did almost everything needed to build the
Planet aggregator, only the build step runs like a Guix package build in an
isolated environment with no network - so we cannot fetch the feeds in this
build step.
Luckily, I had already implemented functionality in the Planet code base to
build the static site from feeds cached on disk. So it was simply a case of
adding support for a pre-build script to the static-web-site-configuration
and using this step to download the feeds.
The pull request was merged after some short discussion, and a few days later the
site was live in its new home.
Community
This was my second time contributing to the Guix project and I'm pleased to
report that it was a smooth experience both times. When it came to the
deployment, I was glad that I was encouraged to add the service configuration
myself instead of being spoon-fed: working with computers, you learn best by
doing.
I'd like to give a shout-out to @civodul, @cbaines, and @apteryx for their help
with the deployment, and to the several people who sent merge requests to add
their blogs before I even got around to writing this announcement.
I think the Planet site is already a great place to discover people writing
about Guix, and I hope it grows and becomes an asset to the community. Happy reading!
That's an error that typically occurs when you have the wrong repository selected for your distribution. Please make sure to select the correct repository.
The following packages have unmet dependencies: python3-csdr : Depends: python3 (< 3.11) but 3.12.3-0ubuntu2.1 is to be installed rtl-connector : Depends: librtlsdr0 (>= 0.6.0) but it is not installable
Huh, being a novice linux user I'm not able to cope/fix this, any hints appreciated !
The new OpenWebRX+ 1.2.100 is now available from the repository. Release news and discussion forum can be found on Telegram. It greatly enhances MQTT functionality. The new privacy options let you disable MQTT reports on server activity. The new subscription options let your server receive MQTT data from other OpenWebRX+ servers and show it on the map. There is also a distributed chat option that enables relaying chat messages between servers. Read more about this functionality in the documentation, by clicking on the question mark icon in the OpenWebRX+ UI. See below for all changes.
- Added option to chat between OWRX+ servers via MQTT. - Added option to relay WSJT spots between OWRX+ servers. - Added option to relay APRS/AIS data between OWRX+ servers. - Added option to relay aircraft data between OWRX+ servers. - Added number of connected clients to CLIENT MQTT reports. - Added options to disable RX and CLIENT MQTT reports. - Fixed MQTT code to work with Paho MQTT 2.x. - Fixed some maps not wrapping properly.
PS: Short cheat sheet for people who just cannot get things to work:
1) If it does not work for you, reload OpenWebRX page while holding the SHIFT key. 2) If it does not work for you, check "Settings | Feature report" page to see what you are missing. 3) If it does not work for you, wait for a day or two, maybe it starts working or you figure it out. 4) If it does not work for you, create a separate forum thread and explain your problem there. Attach the logs, obtained with "sudo journalctl -u openwebrx". Do not paste the entire log into the message, attach it as a file instead.
What a government crackdown on VPNs would look like, malware groups play the long game with browser extensions, a new major version of FreeBSD is released, and using a single database vs one DB per application or VM.
There are several main categories into which kernel releases may fall:
Prepatch
Prepatch or "RC" kernels are mainline kernel pre-releases that are
mostly aimed at other kernel developers and Linux enthusiasts. They
must be compiled from source and usually contain new features that
must be tested before they can be put into a stable release.
Prepatch kernels are maintained and released by Linus Torvalds.
Mainline
Mainline tree is maintained by Linus Torvalds. It's the tree where
all new features are introduced and where all the exciting new
development happens. New mainline kernels are released every 9-10
weeks.
Stable
After each mainline kernel is released, it is considered "stable."
Any bug fixes for a stable kernel are backported from the mainline
tree and applied by a designated stable kernel maintainer. There are
usually only a few bugfix kernel releases until next mainline kernel
becomes available -- unless it is designated a "longterm maintenance
kernel." Stable kernel updates are released on as-needed basis,
usually once a week.
Longterm
There are usually several "longterm maintenance" kernel releases
provided for the purposes of backporting bugfixes for older kernel
trees. Only important bugfixes are applied to such kernels and they
don't usually see very frequent releases, especially for older
trees.
Longterm release kernels
Version
Maintainer
Released
Projected EOL
6.18
Greg Kroah-Hartman & Sasha Levin
2025-11-30
Dec, 2027
6.12
Greg Kroah-Hartman & Sasha Levin
2024-11-17
Dec, 2026
6.6
Greg Kroah-Hartman & Sasha Levin
2023-10-29
Dec, 2026
6.1
Greg Kroah-Hartman & Sasha Levin
2022-12-11
Dec, 2027
5.15
Greg Kroah-Hartman & Sasha Levin
2021-10-31
Dec, 2026
5.10
Greg Kroah-Hartman & Sasha Levin
2020-12-13
Dec, 2026
Distribution kernels
Many Linux distributions provide their own "longterm maintenance"
kernels that may or may not be based on those maintained by kernel
developers. These kernel releases are not hosted at kernel.org and
kernel developers can provide no support for them.
It is easy to tell if you are running a distribution kernel. Unless you
downloaded, compiled and installed your own version of kernel from
kernel.org, you are running a distribution kernel. To find out the
version of your kernel, run uname -r:
# uname -r
5.6.19-300.fc32.x86_64
If you see anything at all after the dash, you are running a distribution
kernel. Please use the support channels offered by your distribution
vendor to obtain kernel support.
Releases FAQ
Here are some questions we routinely receive about kernel release
versions. See also the main "FAQ" section for some other topics.
When is the next mainline kernel version going to be released?
Linux kernel follows a simple release cadence:
after each mainline release, there is a 2-week "merge window" period
during which new major features are introduced into the kernel
after the merge window closes, there is a 7-week bugfix and
stabilization period with weekly "release candidate" snapshots
rc7 is usually the last release candidate, though occasionally there
may be additional rc8+ releases if that is deemed necessary
So, to find the approximate date of the next mainline kernel release,
take the date of the previous mainline release and add 9-10 weeks.
You can also subscribe to the releases calendar that forecasts key
development dates for the upcoming kernels:
Longterm kernels are picked based on various factors -- major new
features, popular commercial distribution needs, device manufacturer
demand, maintainer workload and availability, etc. You can roughly
estimate when the new longterm version will become available based on
how much time has elapsed since the last longterm version was chosen.
Why are some longterm versions supported longer than others?
The "projected EOL" dates are not set in stone. Each new longterm kernel
usually starts with only a 2-year projected EOL that can be extended
further if there is enough interest from the industry at large to help
support it for a longer period of time.
Does the major version number (4.x vs 5.x) mean anything?
No. The major version number is incremented when the number after the
dot starts looking "too big." There is literally no other reason.
Does the odd-even number still mean anything?
A long time ago Linux used a system where odd numbers after the first
dot indicated pre-release, development kernels (e.g. 2.1, 2.3, 2.5).
This scheme was abandoned after the release of kernel 2.6 and these days
pre-release kernels are indicated with "-rc".
KDE Plasma is finally moving on from X11, Tuxedo Computers abandons their Arm laptop project, Mozilla completely loses the room, but there might be a glimmer of hope.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
We are pleased to announce the release of GNU Guile 3.0.11! This
release is mainly a bug-fix release, though it does include a number of
new features, including support for SRFI 197: Pipeline
Operators,
support for SRFI 207: String-notated bytevectors
(bytestrings),
and JIT (just-in-time) compilation for the RISC-V architecture.
When the right time to make a big change to your software is, how you get users to test pre-release versions, how long you keep old features around, when that’s not possible, and more.
I am very happy to announce that, after almost a year in the
works, today the Algol 68
front-end has been merged in GCC proper in its development
trunk branch. This means that we are no longer off-tree, and
that GCC 16 will be featuring a full-fledged and modern Algol 68 compiler once it
gets released.
An Algol 68 module
This doesn't mean the work is done. The modules system, which is
already functional, needs to be completed and polished, parallel
clauses are still to be implemented, and the quality of the
generated code should be generally improved. We also want to
replace the boehm GC with a tightly integrated customized, exact
one, and to continue modernizing and expanding the language, always
carefully and respectfully, via GNU extensions: exception handling,
FFI, etc.
At this point I would like to thank Marcel van der Veer, Pietro
Monteiro, Mohammad-Reza Nabipoor, Thomas Schwinge, Sam James,
Matthias Klose, Iain Buclaw, Andrew Pinski, Segher Boessenkool, Iain
Sandoe, the GCC global reviewers and the overall GCC community.
Without their help, and Marcel's nifty Algol 68 parser, this
front-end would simply not exist.
And now, the real fun starts... ;)
Happy algoling!
On Fri, Nov 28, 2025 at 07:43 PM, Jakob DD5JFK Ketterl wrote:
It's not as big a loss as you think. Most transmissions you'll be receiving on DMR are going to be coming from a repeater anyway.
As I said, it hasn't been analysed, so I can't really give any advice to resolve. Feel free to dig into the code and see for yourself.
I think you're wrong. We use a lot of DMR simplex here. We don't listen to DMR repeaters. Simplex connections are the best. I'll try to do something about the code if i can.
$ podman run --privileged -it --hostname guix --rm registry.gitlab.com/debdistutils/guix/debian-with-guix-container:stable
root@guix:/# hello
bash: hello: command not found
root@guix:/# guix describe
guix c9eb69d
repository URL: https://gitlab.com/debdistutils/guix/mirror.git
branch: master
commit: c9eb69ddbf05e77300b59f49f4bb5aa50cae0892
root@guix:/# LC_ALL=C.UTF-8 /root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild &
[1] 21
root@guix:/# GUIX_PROFILE=/root/.config/guix/current; . "$GUIX_PROFILE/etc/profile"
root@guix:/# guix describe
Generation 2 Nov 28 2025 10:14:11 (current)
guix c9eb69d
repository URL: https://gitlab.com/debdistutils/guix/mirror.git
branch: master
commit: c9eb69ddbf05e77300b59f49f4bb5aa50cae0892
root@guix:/# guix install --verbosity=0 hello
accepted connection from pid 55, user root
The following package will be installed:
hello 2.12.2
hint: Consider setting the necessary environment variables by running:
GUIX_PROFILE="/root/.guix-profile"
. "$GUIX_PROFILE/etc/profile"
Alternately, see `guix package --search-paths -p "/root/.guix-profile"'.
root@guix:/# GUIX_PROFILE="/root/.guix-profile"
root@guix:/# . "$GUIX_PROFILE/etc/profile"
root@guix:/# hello
Hello, world!
root@guix:/#
Below is an example GitLab pipeline job that demonstrate how to run guix install to install additional dependencies, and then download and build a package that pick up the installed package from the system.
Guix binaries are downloaded from the Guix binary tarballs project because of upstream download site availability and bandwidth concerns.
Enjoy these images! Hopefully they can help you overcome the loss of Guix in Debian which made it a mere apt-get install guix away before.
There are several things that may be improved further. An alternative to using podman --privileged is to use --security-opt seccomp=unconfined --cap-add=CAP_SYS_ADMIN,CAP_NET_ADMIN which may be slightly more fine-grained.
For ppc64el support I ran into an error message that I wasn’t able to resolve:
guix pull: error: while setting up the build environment: cannot set host name: Operation not permitted
For riscv64, I can’t even find a Guix riscv64 binary tarball for download, is there one anywhere?
For arm64 containers, it seems that you need to start guix-daemon with --disable-chroot to get something to work, at least on GitLab.com’s shared runners, otherwise you will get this error message:
guix install: error: clone: Invalid argument
Building the images themselves also require disabling some security functionality, and I was not able to build images with buildah without providing --cap-add=CAP_SYS_ADMIN,CAP_NET_ADMIN otherwise there were errors like this:
guix pull: error: cloning builder process: Operation not permitted
guix pull: error: clone: Operation not permitted
guix pull: error: while setting up the build environment: cannot set loopback interface flags: Operation not permitted
Finally on amd64 it seems --security-opt seccomp=unconfined is necessary, otherwise there is an error message like this, even if you use --disable-chroot:
guix pull: error: while setting up the child process: in phase setPersonality: cannot set personality: Function not implemented
This particular error is discussed upstream, but I think generally that these error suggest that guix-daemon could use more optional use of features: if some particular feature is not available, gracefully fall back to another mode of operation, instead of exiting with an error. Of course, it should never fall back to an insecure mode of operation, unless the user requests that.
Google kept collecting sensor data even after bricking Nest thermostats, FreeBSD’s container support gets serious, and where to find cheap (or even dirt cheap) used hardware.
We were asked about where to find cheap (or even dirt cheap) used hardware.
Tailscale
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/25a and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
The 24th release of GNU Astronomy Utilities (Gnuastro) is now available. See the full announcement for all the new features in this release and the many bugs that have been found and fixed: https://lists.gnu ... -11/msg00001.html
Ubuntu get 15 years of support, Google finally releases Android source code and backs down on “sideloading”, more steps to move on from X11, IKEA launches a range of Matter IoS gear, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
GNU Parallel 20251122 ('Mamdani') has been released. It is available for download at: lbry://@GnuParallel:4
Quote of the month:
ainda não inventaram palavras capazes de expressar minha gratidão aos desenvolvedores do GNU Parallel
-- @nueidris.kawaii.social
New in this release:
No new features.
Bug fixes.
GNU Parallel - For people who live life in the parallel lane.
If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.
About GNU Parallel
GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.
If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.
GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.
For example you can run this to convert all jpeg files into png and gif files and have a progress bar:
GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.
The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.
When using GNU SQL for a publication please cite:
O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.
About GNU Niceload
GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.
Since last submission we have added a modules system based on the
Modules and Separate Compilation Facility designed by Charles
Lindsey and Hendrik Boom and released by the IFIP Working Group 2.1
Standing Subcommittee on ALGOL 68 Support. To our knowledge, this is
the first time the modules facility ever gets implemented.
This is the deal:
Jose E. Marchesi (50):
a68: top-level misc files
a68: build system
a68: build system (regenerated files)
a68: documentation
a68: command-line options
a68: DWARF language codes
a68: darwin specific support
a68: powerpc specific support
a68: gcc/algol68 misc files
a68: ga68 compiler driver
a68: a681 compiler proper
a68: unicode support routines
a68: front-end diagnostics
a68: modules exports
a68: modules imports
a68: parser: entry point
a68: parser: AST nodes attributes/types
a68: parser: scanner
a68: parser: keyword tables management
a68: parser: top-down parser
a68: parser: parenthesis checker
a68: parser: bottom-up parser
a68: parser: syntax check for declarers
a68: parser: standard prelude definitions
a68: parser: parsing of modes
a68: parser: symbol table management
a68: parser: static scope checker
a68: parser: debug facilities
a68: parser: extraction of tags from phrases
a68: parser: dynamic stack usage in serial clauses
a68: parser: pragmats infrastructure
a68: low: lowering entry point and misc handlers
a68: low: plain values
a68: low: stowed values
a68: low: standard prelude
a68: low: clauses and declarations
a68: low: runtime
a68: low: builtins
a68: low: ranges
a68: low: units and coercions
a68: low: modes
a68: libga68: sources, spec and misc files
a68: libga68: build system
a68: libga68: build system (generated files)
a68: testsuite: infrastructure
a68: testsuite: execution tests 1/2
a68: testsuite: execution tests 2/2
a68: testsuite: compilation tests
a68: testsuite: revised MC Algol 68 test set
a68: testsuite: mcgt tests
Windows is becoming an “agentic OS”, some WD SMR drives are dying prematurely, backing up VMware with ZFS, and separating trusted and non-trusted devices on your network.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
Note that due to mirror synchronization, not all links may be functional
early after the release. For direct access try
https://ftp.gnu.org/gnu/gnunet/
We dig into the recent major AWS outage, why a misconfiguration in one region called global issues, and whether there’s anything you can do to avoid being affected by a similar incident in the future.
We are pleased to announce the release of GNUnet 0.26.0.
GNUnet is an alternative network stack for building secure, decentralized and
privacy-preserving distributed applications.
Our goal is to replace the old insecure Internet protocol stack.
Starting from an application for secure publication of files, it has grown to
include all kinds of basic protocol components and applications towards the
creation of a GNU internet.
This is a new major release.
Major versions may break protocol compatibility with the 0.25.X versions.
Please be aware that Git master is thus henceforth (and has been for a
while)
INCOMPATIBLE
with
the 0.25.X GNUnet network, and interactions between old and new peers
will result in issues.
In terms of usability, users should be aware that there are still
a number of known open issues
in particular with respect to ease
of use, but also some critical privacy issues especially for mobile users.
Also, the nascent network is tiny and thus unlikely to
provide good anonymity or extensive amounts of interesting information.
As a result, the 0.26.0 release is still
only suitable for early adopters
with some reasonable pain tolerance
.
If it were not for compatibility-breaking changes in the crypto API of libgnunetutil
this would only be a maintenance release.
The changes hopefully protect users of the library from misuse of
GNUnet's cryptographic key objects in ways that may be detrimental to
security.
Since this change breaks backwards compatibility, this is a new major release.
Note that due to mirror synchronization, not all links might be functional
early after the release. For direct access try
http://ftp.gnu.org/gnu/gnunet/
Changes
A detailed list of changes can be found in the
git log
, the
NEWS
.
Known Issues
There are known major issues with the TRANSPORT subsystem.
There may be some regressions in the new CORE subsystem.
There are known moderate implementation limitations in CADET that negatively impact performance.
There are known moderate design issues in FS that also impact usability and performance.
There are minor implementation limitations in SET that create unnecessary attack surface for availability.
The RPS subsystem remains experimental.
In addition to this list, you may also want to consult our bug tracker at
bugs.gnunet.org
which lists about 190 more specific issues.
Thanks
This release was the work of many people. The following people contributed code and were thus easily identified:
Christian Grothoff, Florian Dold, TheJackiMonster, ch3, and Martin Schanzenbach.
Allan tells us about the recent OpenZFS Summit including inconsistent JBODs, more details about mixed disk sizes in ZFS with AnyRaid, an upcoming standard that allows you to keep using partially dead hard drives, Seagate’s roadmap for 50 and 100 TB drives, and NVMe connected mechanical drives. Plus using a separate mini PC for work.
The general goal is to provide a way to use Debian without reliance on non-free software, to the extent possible within the Debian project.
One challenge are the official Debian live and installer images. Since the 2022 decision on non-free firmware, the official images for bookworm and trixie contains non-free software.
The Debian Libre Live Images project provides Live ISO images for Intel/AMD-compatible 64-bit x86 CPUs (amd64) built without any non-free software, suitable for running and installing Debian. The images are similar to the Debian Live Images distributed as Debian live images.
One advantage of Debian Libre Live Images is that you do not need to agree to the distribution terms and usage license agreements of the non-free blobs included in the official Debian images. The rights to your own hardware won’t be crippled by the legal restrictions that follows from relying on those non-free blobs. The usage of your own machine is no longer limited to what the non-free firmware license agreements allows you to do. This improve your software supply-chain situation, since you no longer need to consider their implication on your computing environment for your liberty, privacy or security. Inclusion of non-free firmware is a vehicle for xz-style attacks. For more information about the advantages of free software, see the FSF’s page on What is Free Software?.
Enough talking, show me the code! Err, binaries! Download images:
The images are built by GitLab CI/CD shared runners. The pipeline .gitlab-ci.ymlcontainer job creates a container with live-build installed, defined in container/Containerfile. The build job then invokes run.sh that includes a run to lb build, and then upload the image to the package registry.
This is a first initial public release, calibrate your expectations! The primary audience are people already familiar with Debian. There are known issues. I have performed successful installations on a couple of different machines including laptops like Lenovo X201, Framework AMD Laptop 13″ etc.
Are you able to install Debian without any non-free software on some hardware using these images?
I am happy to announce that the GNU Health Hospital Information System 5.0.3 patchset has been released!
In addition to the patches, you will notice a tarball significantly smaller than previous bundles, mainly from not excluding large translation files that need work. You can of course always download the most current translation of any GNU Health package from our weblate instance at Codeberg.(https://translate ... ojects/gnuhealth/)
If you use the vanilla / standard installation, you can update the server and the dependencies from the gnuhealth control center (https://docs.gnuh ... ontrolcenter.html)
Backup
As usual, before you upgrade your instance, make sure you have made a backup of your DB instance and "attach" resource !
Happy hacking ❤️
Changelog for 5.0.3
2025-11-11 * [SKIP CI] Backport po files from devel branch. (c7f8f3a3c) (Feng Shu)
2025-11-11 * Add tryton/health_icd9procs/locale/el.po (5acbb83f2) (Feng Shu)
2025-11-10 * [SKIP CI] Backport po files from devel branch. (57aeec18f) (Feng Shu)
2025-11-07 * [SKIP CI] Backport po files from devel branch. (489f1b225) (Feng Shu)
2025-11-05 * Fix bug core:Dx command should filter by arguments #153 (dc410b014) (Luis Falcon)
2025-11-05 * [SKIP CI] Backport po files from devel branch. (40a327c3b) (Feng Shu)
2025-11-05 * Update tryton/health/locale/health.pot (a41f324ed) (Feng Shu)
2025-11-05 * [SKIP CI] Backport po files from devel branch. (583837f1b) (Feng Shu)
2025-11-05 * fix bug core: healthprof attribute duplicated in gnuhealth.patient.disease model (2c6976f6b) (Luis Falcon)
2025-11-04 * Readd sv.po file, for Umeaman will become a team leader for Swedish. [do not merge] (31ef5422c) (Feng Shu)
2025-11-04 * [SKIP CI] Backport po files from devel branch. (bc914fc3d) (Feng Shu)
2025-11-02 * Delete health module po files which translate progress < 30%, [do not merge] (48e76223a) (Feng Shu)
2025-10-29 * [SKIP CI] Backport po files from devel branch. (c2497b4de) (Feng Shu)
2025-10-28 * translation: Missing translation terms. #156. Fix spanish string for time in health_surgery (c76d20d36) (Luis Falcon)
2025-10-28 * Issue #155. Clean po files, backport from devel branch [do not merge] (59b8f3eb5) (Feng Shu)
2025-10-28 * Issue #155. genetics_uniprot: Remove empty translation po files (01806d006) (Luis Falcon)
2025-10-28 * [SKIP CI] Backport po files from devel branch. (e719e0f9c) (Feng Shu)
2025-10-28 * Update tryton/health/locale/health.pot [do not merge] (3b9ec6200) (Feng Shu)
2025-10-28 * Merge remote-tracking branch 'origin/po-backport' into patchset/5.0.3 (b6847391a) (Feng Shu)
2025-10-27 * [SKIP CI] Backport po files from devel branch. (32c1903b2) (po-backport)
2025-10-25 * Update package version to 5.0.3 (bbcc6c9ed) (Luis Falcon)
2025-10-25 * Fix bug #150. core: Include children in the family history (46f6293ad) (Luis Falcon)
For a more detailed list, please go to our project page at Codeberg:
The skills we wish we had (but accept we never will), what we are most scared of and if we’d confront it for money, and whether free will exists. With May, Chris, and Gary from Linux After Dark.
Patrons got this this in their feed two weeks ago.
Martin encrypts his new workFramework laptop without LVM, but with --cipher=aes-xts-plain64 --hash=sha256 --iter-time=1000 --key-size=256 --pbkdf-memory=1048576 --sector-size=4096, and without ZFS, but with btrfs and compress=lzo discard=async noatime rw space_cache=v2 ssd.
Mark gets help with his Moodle noodling from MDLCode.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
unrtf 0.21.11 is released, fixing recently submitted security issues and a number of older bugs. Until the tar file can be uploaded to the proper location on ftp.gnu,org, you can find it on the project home page
What we all learned at the recent Ubuntu Summit including open source as a counter to insular nationalism, Canonical taking RISC-V very seriously, TPM-backed full disk encryption getting a lot easier, what the post-AI-bubble will probably look like, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
This is to announce coreutils-9.9, a stable release.
This is primarily a stabilization release,
details of which are summarized in the NEWS below.
There have been 106 commits by 10 people in the 7 weeks since 9.8.
Thanks to everyone who has contributed!
The following people contributed changes to this release:
Bernhard Voelker (4) Mathieu Bordere (1)
Bruno Haible (4) Nicolas Boichat (1)
Collin Funk (28) Paul Eggert (9)
Grisha Levit (1) Pádraig Brady (57)
Hannes Braun (1) Sylvestre Ledru (1)
Pádraig [on behalf of the coreutils maintainers]
==================================================================
Here is the GNU coreutils home page:
https://gnu.org/s/coreutils/
Here are the compressed sources:
https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.gz (15MB)
https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.xz (6.1MB)
Here are the GPG detached signatures:
https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.gz.sig
https://ftp.gnu.org/gnu/coreutils/coreutils-9.9.tar.xz.sig
Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html
Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify coreutils-9.9.tar.gz.sig
The signature should match the fingerprint of the following key:
If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.
or run this command from a git-cloned coreutils directory:
git shortlog v9.8..v9.9
This release was bootstrapped with the following tools:
Autoconf 2.72.97-cf8b9
Automake 1.18.1
Gnulib 2025-11-06 862a81c0e15448adde6a6e7473ec47e3a4bd91a6
Bison 3.8.2
NEWS
* Noteworthy changes in release 9.9 (2025-11-10) [stable]
** Bug fixes
`basenc --base58` would not operate correctly with input > 15561475 bytes.
[bug introduced with --base58 in coreutils-9.8]
'cksum --check' now supports base64 encoded input in untagged format:
- for all length adjustable algorithms (blake2b, sha2, sha3),
- if that base64 input starts with a tag like "SHA1" etc.
Previously an error was given, about invalid input format.
[bug introduced in coreutils-9.2]
'cksum --check -a sha2' has better support for tagged format. Previously
an unneeded but explicit '-a sha2' did not match standard tags like SHA256.
Also non standard SHA2 tags with a bad length resulted in undefined behavior.
[bug introduced in coreutils-9.8]
'cp' restores performance with transparently compressed files, which
regressed due to the avoidance of copy offload, seen with OpenZFS at least.
[bug introduced in coreutils-9.8]
`env` on macOS, for now only when built with --disable-nls,
will no longer always set a __CF_USER_TEXT_ENCODING environment variable.
[bug introduced in coreutils-9.8]
'nice' now limits the adjusted niceness value to its supported range on
GNU/Hurd.
[This bug was present in "the beginning".]
'numfmt' no longer reads out-of-bounds memory with trailing blanks in input.
[bug introduced with numfmt in coreutils-8.21]
'numfmt' no longer outputs invalid characters with multi-byte blanks in input.
[bug introduced in coreutils-9.5]
'rm -d DIR' no longer fails on Ceph snapshot directories.
Although these directories are nonempty, 'rmdir DIR' succeeds on them.
[bug introduced in coreutils-8.16]
'sort --compress-program' now diagnoses if it can't write more data to an
exited compressor. Previously sort could have exited silently in this case.
[bug introduced in coreutils-6.8]
'tail' outputs the correct number of lines again for non-small -n values.
Previously it may have output too few lines.
[bug introduced in coreutils-9.8]
'unexpand' no longer triggers a heap buffer overflow with --tabs arguments
that use the GNU extension /NUM or +NUM formats.
[bug introduced in coreutils-8.28]
** Changes in behavior
'cp' with default options may again, like with versions before v9.8,
miss opportunities to create holes with file systems that support
SEEK_HOLE only trivially. This change is a consequence of the
abovementioned copy offload fix.
'sort --compress-program' will continue without compressing temporary files
if the specified program cannot be executed. Also malformed shell scripts
without a "shebang line" will no longer be executed.
** New Features
'numfmt' now accepts the --unit-separator=SEP option, to output or accept
a separator between the number and unit. For e.g. "1234 M".
** Improvements
'fmt', 'date', 'nl', and 'pr' will now exit promptly upon receiving a write
error, which is significant when reading large / unbounded inputs.
install, sort, and split now use posix_spawn() to invoke child programs more
efficiently and more independently from their own memory usage.
'numfmt':
- parses numbers with a non-breaking space character before a unit
- parses numbers containing grouping characters from the current locale
- supports a multi-byte --delimiter character
- no longer processes input indefinitely in the presence of write errors
wc -l now operates 10% faster on hosts that support AVX512 instructions.
** Build-related
chcon and runcon are not built by default if selinux headers are not present,
or if the --without-selinux configure option is specified.
This can be overridden with the --with-selinux configure option.
nproc no longer fails to build with Android API level <= 20.
[build issue introduced in coreutils-9.8]
Massive Christmas present by my italian friend Luca Franceschini of digitalmind. He merged his combo with my combined patch (2016.12.02 version) adding several (heavily customized) patches and functionalities. Luca is a C programmer and an expert system administrator who manages big servers.
Some of our Linux hot takes including the LTS release model being broken, Linux media being out of touch, social media being the root of most evil, and people being too angry and defensive about the software they use.
BOSTON, Massachusetts, USA (Thursday, November 6, 2025) — The Free Software Foundation (FSF) today announced the winning photo submissions in the FSF40 Photo Contest held in August.
Why you should seriously consider buying refurbished hard drives, why drives might be lasting longer than they once did, Jim’s M.2 NVMe drive died at an inopportune moment, using multiple partitions on disks with ZFS.
Hello and welcome to my October free software activities report.
GNU & FSF
GNU Spotlight: I prepared and sent the October GNU Spotlight
to the FSF campaigns team, who will review and publish it on the
FSF’s community blog and as part of the next issue of the monthly
Free Software Supporter newsletter.
bug#79629: I noticed that I was unable to customize the
holiday-other-holidays variable using the setopt macro:
my change did not seem to take effect. As Eli Zaretskii
helpfully pointed out, this was because customizing
holiday-other-holidays did not recompute the value of
calendar-holidays, which is computed once, when the package
is loaded.
So I prepared and sent a patch 500a2d0cc55 to recompute
calendar-holidays when its components are set.
bbabc1db258: While reading about custom-reevaluate-setting
in the Startup Summary node of the GNU Emacs Lisp reference manual
I noticed a small typo, so I committed a patch to fix it.
This month at work one of our Elasticsearch clusters experienced
partial failure, and we needed to extract document IDs from a backup
of one of the cluster’s shards. Elasticsearch uses Lucene under the
hood and each shard is a standalone Lucene index, so I used Lucene’s
Java API to write a little GetIDS class to query the index for
all of its documents, and for each document print its _id field,
decoding the binary-valued BytesRef as needed. The gotcha was
that all of the BytesRefs seemed to have a -1 byte in the
beginning, throwing off the recommended BytesRef.utf8ToString()
method, so I had to reimplement that method’s logic in my program
and have it use an adjusted offset + 1 and length - 1 instead.
It's been a month since we started the fundraising campaign to Sustain and Strengthen Guix. So far we've raised €6562 which is around 40% of our €15000 annual goal. If you'd like to support the project's fundraiser there's still time, pop over to the donate page now!
There have been a range of donations, both one-off and recurring. A few people have made large one-off donations, one of over €2150!There have been a couple between €500-€250 and a few more in the €100 range. These are big contributions to our goal, so I want to thank those individuals for helping out so generously.
Just over 100 people (115 right now) have stepped forward to become recurring supporters, pledging a monthly amount to help the project. This is key because it means the project knows there's a regular stream of donations that can pay for the shared resources that we all use. There's been great support with a few people donating €30-€50 a month which is fantastic, the rest at the €10-€15 a month - and one person managed to use the recurring button multiple times to get precisely the amount they wanted to donate monthly!
The result is that Open Collective estimates €657.50 a month of recurring donations, and Stripe estimates €720 a month of recurring donations. This is significant because if each person is able to continue giving monthly then annually we'd estimate around €16500 of donations. The maths is simple, the impact significant - a recurring donation of €10 a month is worth €120 a year, that's why recurring donations make such a difference!
Of course, people's situations change and they may stop supporting Guix - we've had a couple of cancellations already. So in terms of the actual money we've received we're at ~40% of the €15000 target which I think is pretty good!
Thanks to everyone who's supported Guix by donating, you're making a difference and we really appreciate it!
If you haven't done it yet, and would like to jump in to support the project then now's a great time! A recurring donation is ideal, but we appreciate any support you can give and every donation gets us a bit closer!
Guix is a global community of people, we've had donations from so many places. Where ever you are, it's amazing to think of so many people enjoying, supporting and contributing to Guix.
As we're distributed all over the globe we don't have that many ways to keep people informed about the project. I'm sure there are many Guix users who don't know the project needs support. You can help spread the word that Guix is running a fundraiser by talking about it and using this badge. Put it on your social media, your web site or your Git forge account! Thanks to Luis Felipe for creating it.
What's next
The next few weeks will tell us how many people are able to donate to Guix and the annual budget the project has so that it's sustainable.Then we'll be able plan where we can sustain Guix and where we can do new things to strengthen the project.
My goal is for the next blog post is to provide an update on both our fundraising campaign and how we're using the donations that we've received.
Mark Shuttleworth recently spoke to us about what he’s apprehensive and excited about in the tech world, and more. Plus in the news: Ubuntu Unity needs help to survive, the Python Software Foundation turns down a large government grant, Fedora allows AI contributions, SUSE goes all in on AI, and KDE hits its fundraising goal.
Joe sat down with Mark at the recent Ubuntu Summit to discuss what he’s apprehensive and excited about in the tech world, what we should look forward to in Ubuntu 26.04 LTS, and more.
1Password Extended Access Management
Take the first step to better security for your team by securing credentials and protecting every application — even unmanaged shadow IT.
Learn more at 1password.com/latenightlinux
Tailscale
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code LATENIGHTLINUX for three free months of any Tailscale paid plan.
Furthermore, the dovecot 2.4 branch no longer supports their
replication feature, it was removed.
For users relying on the replication feature or who are unable to
perform the 2.4 migration right now, we provide alternative packages
available in [extra]:
Shane has teething issues with his Kubernetes homelab, Sean ran a bootable containers workshop at Texas Linux Fest, and the case for enterprise rolling distros.
GNU Parallel 20251022 ('Goodall') has been released. It is available for download at: lbry://@GnuParallel:4
Quote of the month:
idk who built GNU parallel but I owe them a beer
-- ram @h4x0r1ng
New in this release:
No new features.
Bug fixes.
GNU Parallel - For people who live life in the parallel lane.
If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.
About GNU Parallel
GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.
If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.
GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.
For example you can run this to convert all jpeg files into png and gif files and have a progress bar:
GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.
The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.
When using GNU SQL for a publication please cite:
O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.
About GNU Niceload
GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.
Why you should keep your Baseboard Management Controller off the network, ZFS is hard to defeat with a zip bomb, how bad the Internet bot problem probably is, and building a small home server cluster.
In Part One of this series, we examined how the SONiC control plane and the VPP data plane form a cohesive, software-defined routing stack through the Switch Abstraction Interface.
We outlined how SONiC’s Redis-based orchestration and VPP’s user-space packet engine come together to create a high-performance, open router architecture.
In this second part, we’ll turn theory into practice. You’ll see how the architecture translates into a working environment, through a containerized lab setup that connects two SONiC-VPP routers and Linux hosts.
Reconstructing the L3 Routing Demo
Understanding the architecture is foundational, but the true power of this integration becomes apparent through a practical, container-based lab scenario.
The demo constructs a complete L3 routing environment using two SONiC-VPP virtual routers and two Linux hosts, showcasing how to configure interfaces, establish dynamic routing, and verify end-to-end connectivity.
Lab Environment and Topology
The demonstration is built using a containerized lab environment, orchestrated by a tool like Containerlab. This approach allows for the rapid deployment and configuration of a multi-node network topology from a simple declarative file. The topology consists of four nodes:
router1: A SONiC-VPP virtual machine acting as the gateway for the first LAN segment.
router2: A second SONiC-VPP virtual machine, serving as the gateway for the second LAN segment.
PC1: A standard Linux container representing a host in the first LAN segment.
PC2: Another Linux container representing a host in the second LAN segment.
These nodes are interconnected as follows:
An inter-router link connects router1:eth1 to router2:eth1.
PC1 is connected to router1 via PC1:eth2 and router1:eth2.
PC2 is connected to router2 via PC2:eth2 and router2:eth2.
Initial Network Configuration
Once the lab is deployed, a startup script applies the initial L3 configuration to all nodes.
Host Configuration: The Linux hosts, PC1 and PC2, are configured with static IP addresses and routes.
PC1 is assigned the IP address 10.20.1.1/24 and is given a static route for the 10.20.2.0/24 network via its gateway, router1 (10.20.1.254).
PC2 is assigned the IP address 10.20.2.1/24 and is given a static route for the 10.20.1.0/24 network via its gateway, router2 (10.20.2.254).
Router Interface Configuration: The SONiC-VPP routers are configured using the standard SONiC CLI.
router1:
The inter-router interface Ethernet0 is configured with the IP 10.0.1.1/30.
The LAN-facing interface Ethernet4 is configured with the IP 10.20.1.254/24.
router2:
The inter-router interface Ethernet0 is configured with the IP 10.0.1.2/30.
The LAN-facing interface Ethernet4 is configured with the IP 10.20.2.254/24.
After IP assignment, each interface is brought up using the sudo config interface startup command.
Dynamic Routing with BGP
With the interfaces configured, dynamic routing is established between the two routers using the FRRouting suite integrated within SONiC. The configuration is applied via the vtysh shell.
iBGP Peering: An internal BGP (iBGP) session is established between router1 and router2 as they both belong to the same Autonomous System (AS) 65100.
router1 (router-id 10.0.1.1) is configured to peer with router2 at 10.0.1.2.
router2 (router-id 10.0.1.2) is configured to peer with router1 at 10.0.1.1.
Route Advertisement: Each router advertises its connected LAN segment into the BGP session.
router1 advertises the 10.20.1.0/24 network.
router2 advertises the 10.20.2.0/24 network.
This BGP configuration ensures that router1 learns how to reach PC2’s network via router2, and router2 learns how to reach PC1’s network via router1.
Verification and Data Path Analysis
The final phase is to verify that the configuration is working correctly at every layer of the stack.
Control Plane Verification: The BGP session status and learned routes can be checked from within vtysh on either router. On router1, the command show ip bgp summary would confirm an established peering session with router2. The command show ip route would display the route to 10.20.2.0/24 learned via BGP from 10.0.1.2.
Data Plane Verification: To confirm the route has been programmed into the VPP data plane, an operator would access the VPP command-line interface (vppctl) inside the syncd container. The command show ip fib would display the forwarding table, which should include the BGP-learned route to 10.20.2.0/24, confirming that the state has been successfully synchronized from the control plane.
End-to-End Test: The ultimate test is to generate traffic between the hosts. A simple ping 10.20.2.1 from PC1 should succeed. This confirms that the entire data path is functional: PC1 sends the packet to its gateway (router1), router1 performs a lookup in its VPP FIB and forwards the packet to router2, which then forwards it to PC2. The return traffic follows the reverse path, validating the complete, integrated solution.
This practical demonstration, using standard container tooling and declarative configurations, powerfully illustrates the operational simplicity and robustness of the SONiC-VPP architecture for building high-performance, software-defined L3 networks.
Performance Implications and Future Trajectories
The elegance of the SONiC-VPP integration is matched by its impressive performance and its applicability to a wide range of modern networking challenges.
By offloading the data plane from the kernel to a highly optimized user-space framework, this solution unlocks capabilities that are simply unattainable with traditional software-based routing.
The performance gains are impressive.
VPP is consistently benchmarked as being much faster than kernel-based forwarding, with some sources claiming a 10x to 100x improvement in packet processing throughput.2
This enables use cases like “Terabit IPSec” on multi-core COTS servers, a feat that would have been unthinkable just a few years ago.3 Real-world deployments have validated this potential.
A demonstration at the ONE Summit 2024 showcased a SONiC-VPP virtual gateway providing multi-cloud connectivity between AWS and Azure. The performance testing revealed a round-trip time of less than 1 millisecond between application workloads and the cloud provider on-ramps (AWS Direct Connect and Azure ExpressRoute), highlighting its suitability for high-performance, low-latency applications.4
This level of performance opens the door to a variety of demanding use cases:
High-Performance Edge Routing: As a virtual router or gateway, SONiC-VPP can handle massive traffic volumes at the network edge, serving as a powerful and cost-effective alternative to proprietary hardware routers.5
Multi-Cloud and Hybrid Cloud Connectivity: The solution is ideal for creating secure, high-throughput virtual gateways that interconnect on-premises data centers with multiple public clouds, as demonstrated in the ONE Summit presentation.4
Integrated Security Services: The performance of VPP makes it an excellent platform for computationally intensive security functions. Commercial offerings based on this architecture, like AsterNOS-VPP, package the solution as an integrated platform for routing, security (firewall, IPsec VPN, IDS/IPS), and operations.5
While the raw throughput figures are compelling, a more nuanced benefit lies in the nature of the performance itself.
The Linux kernel, for all its power, is a general-purpose operating system. Its network stack is subject to non-deterministic delays, caused by system interrupts, process scheduling, and context switches. This introduces unpredictable latency, which can be detrimental to sensitive applications.12
VPP, by running in user space on dedicated cores and using poll-mode drivers, sidesteps these sources of unpredictability. This provides not just high throughput, but consistent, low-latencyperformance. For emerging workloads at the edge, such as real-time IoT data processing, AI/ML inference, and 5G network functions, this predictable performance is often more critical than raw aggregate bandwidth.16 The key value proposition, therefore, is not just being “fast,” but being “predictably fast.”
The SONiC-VPP project is not static; it is an active area of development within the open-source community.
A key focus for the future is to deepen the integration by extending the SAI API to expose more of VPP’s rich feature set to the SONiC control plane. Currently, SAI primarily covers core L2/L3 forwarding basics.
However, VPP has a vast library of advanced features. Active development efforts are underway to create SAI extensions for features like Network Address Translation (NAT) and advanced VxLAN multi-tenancy capabilities, which would allow these functions to be configured and managed directly through the standard SONiC interfaces.6
A review of pull requests on thesonic-platform-vpp GitHub repository shows ongoing work to add support for complex features like VxLAN BGP EVPN and to improve ACL testing, indicating a healthy and forward-looking development trajectory.6
The Future is Software-Defined and Open
The integration of the SONiC control plane with the VPP data plane is far more than a clever engineering exercise.
It is a powerful testament to the maturity and viability of the disaggregated networking model. This architecture successfully combines the strengths of two of the most significant open-source networking projects, creating a platform that is flexible, performant, and free from the constraints of proprietary hardware.
It proves that the separation of the control and data planes is no longer a theoretical concept but a practical, deployable reality that offers unparalleled architectural freedom.
The synergy between SONiC and FD.io VPP, both flagship projects of the Linux Foundation, highlights the immense innovative power of collaborative, community-driven development.1
This combined effort has produced a solution that fundamentally redefines the router, transforming it from a monolithic hardware appliance into a dynamic, high-performance software application that can be deployed on commodity servers.
Perhaps most importantly, this architecture provides the tools to manage network infrastructure with the same principles that govern modern software development.
As demonstrated by the L3 routing demo’s lifecycle-building from code, configuring with declarative files, and deploying as a versioned artifact, the SONiC-VPP stack paves the way for true NetDevOps. It enables network engineers and operators to embrace automation, version control, and CI/CD pipelines, finally treating network infrastructure as code. 7
In doing so, it delivers on the ultimate promise of software-defined networking – a network that is as agile, scalable, and innovative – as the applications it supports.
Martin created Glyph Party, for adding panache to your terminal applications.
Mark has lost all his free time to the latest Rimworld DLC, Odyssey.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Intel is contributing less to open source and it could easily backfire, Qualcomm buys Arduino and we have concerns, KDE turns 29, Germans are doing excellent work moving towards Linux, and good news for those running Linux on an Amiga.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
The GNU C Library is used as the C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.
The GNU C Library is primarily designed to be a portable
and high performance C library. It follows all relevant
standards including ISO C23 and POSIX.1-2024. It is also
internationalized and has one of the most complete
internationalization interfaces known.
Distributions are encouraged to track the release/* branches
corresponding to the releases they are using. The release
branches will be updated with conservative bug fixes and new
features while retaining backwards compatibility.
NEWS for version 2.42
=====================
Major new features:
The following ISO C23 function families (introduced in TS
18661-4:2015) are now supported in <math.h>. Each family includes
functions for float, double, long double, _FloatN and _FloatNx, and a
type-generic macro in <tgmath.h>.
- Power and absolute-value functions: compoundn, pown, powr, rootn,
rsqrt.
On Linux, the pthread_gettid_np function has been added.
The ISO C2Y family of unsigned abs functions, i.e. uabs, ulabs,
ullabs, and uimaxabs, is now supported.
On Linux, the <termios.h> interface now supports arbitrary baud rates;
speed_t is redefined to simply be the baud rate specified as an
unsigned int, which matches the kernel interface.
The thread-local cache in malloc (tcache) now supports caching of
large blocks. This feature can be enabled by setting the tunable
glibc.malloc.tcache_max to a larger value (max 4194304). Tcache is
also significantly faster for small sizes.
A new configure option, "--enable-sframe", can be used to enable
SFrame support of the GNU C Libraries. SFrame is a new stack trace
information format which can be used by backtrace. It requires
binutils with a minimum version of 2.45.
Support for lightweight stack guard pages via madvise and the
MADV_GUARD_INSTALL flag has been added to pthread_create.
Additional optimized and correctly rounded mathematical functions have
been imported from the CORE-MATH project, in particular acospif,
asinpif, atanpif, atan2pif, cospif, sinpif, tanpif.
The testsuite has been significantly extended, including coverage of
the functionality of the printf and scanf function families in many
variants.
The manual has been significantly extended and updated, particularly
the threads, terminal, filesystem, resource, and math chapters.
Code has been added to detect the x86-64 Intel Arrow Lake, Panther
Lake, Clearwater Forest, and Diamond Rapids microarchitectures.
Regarding S390, support for the new z17 platform has been added.
Deprecated and removed features, and other changes affecting compatibility:
The glibc.rtld.execstack tunable now supports a compatibility mode to
allow programs that require an executable stack through dynamically
loaded shared libraries.
On Linux, the <termio.h> header and the definition of struct termio
in <sys/ioctl.h> have been removed. The termio interface has been
obsolete since the very first version of POSIX.1 in 1988, replaced
with <termios.h>.
The support for TX lock elision of pthread mutexes has been deprecated
on all architectures and will be removed in the next release.
On AArch64 Linux targets supporting the Scalable Matrix Extension
(SME), setjmp and sigsetjmp will disable the ZA state of SME.
Changes to build and runtime requirements:
GCC 12.1 or later is now required to build the GNU C Library.
GNU Binutils 2.39 or later is now required to build the GNU C Library.
Security related changes:
The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:
GLIBC-SA-2025-0001:
assert: Buffer overflow when printing assertion failure message
(CVE-2025-0395)
GLIBC-SA-2025-0003:
power10: strcmp fails to save and restore nonvolatile vector
registers (CVE-2025-5702)
GLIBC-SA-2025-0004:
power10: strncmp fails to save and restore nonvolatile vector
registers (CVE-2025-5745)
GLIBC-SA-2025-0005:
posix: Fix double-free after allocation failure in regcomp
(CVE-2025-8058)
The following bugs were resolved with this release:
[5994] stdio: fflush after ungetc on seekable input stream
[12724] stdio: fclose violates POSIX 2008 on seekable input streams
[25263] dynamic-link: ldd and ld.so fail to resolve $ORIGIN with cross
dir symlink
[27880] nptl: Please provide a pthread pid accessor
[29190] dynamic-link: Symbols with version hash zero lead to crashes,
not matched correctly
[29459] stdio: fwrite does not return EPIPE when underlying write
fails with EPIPE.
[31791] nss: [Regression] nss: memory for >8 elements in nsswitch.conf
is not freed
[32058] libc: qsort leaks memory if C++ exception is thrown from
comparison function
[32269] dynamic-link: RISC-V IFUNC resolver cannot access gp pointer
[32369] stdio: fflush(NULL) doesn't properly flush files opened in
read mode
[32411] math: THREEp96 seems wrong
[32412] dynamic-link: Initial DTV is reallocated using main realloc in
auditing mode
[32483] locale: ctype.h macros segfault in multithreaded programs with
multiple libc.so
[32529] stdio: fseek failure on file opened with "rm" mode after
ungetc
[32535] stdio: fflush failure on file opened with "rm" mode after
ungetc
[32541] libc: getenv cannot be overridden in static builds
[32574] libc: pthread_attr_getstacksize/pthread_attr_getstack return
incorrect main stack size
[32612] dynamic-link: [aarch64 PAC] _dl_tlsdesc_dynamic can't be
unwound through with _Unwind_Backtrace
[32626] math: math: log10p1f is not correctly rounded
[32627] math: math: sinhf is not correctly rounded
[32630] math: math: tanf is not correctly rounded for all rounding
modes
[32653] dynamic-link: Review options for improving both security and
backwards compatibility of glibc 2.41 dlopen / execstack handling
[32694] math: wrong clang version 3.4 prereq checks in bits/floatn.h
for __float128 support, should be 3.9
[32708] libc: Inclusion of sys/mount.h triggers many gcc warnings
using -Wshift-overflow=2 -Wsystem-headers
[32711] math: math: remainder incorrect sign of zero result
[32717] libc: glibc tests fail when bfd is built with --enable-error-
execstack=yes
[32723] math: [2.41 Regression] /usr/include/bits/floatn.h doesn't
work with Intel SYCL compiler
[32763] dynamic-link: Static PIE with more than one PT_LOAD segments
at offset 0 segfault
[32777] crypt: The performance of the rand() function degradation
[32781] libc: Inccorect attribute access for sched_getattr
[32782] nptl: Race conditions in pthread cancellation causing crash
[32786] nptl: pthread_cond_* symbols should probably have had a
version bump in 2.41
[32795] nptl: aio_suspend_time64 confuses CLOCK_MONOTONIC and
CLOCK_REALTIME
[32810] dynamic-link: Immediate crash on x86-64 when running with
GLIBC_TUNABLES=glibc.cpu.hwcaps=-XSAVEC
[32823] libc: make[2]: * [../Rules:248:
/home/dave/gnu/glibc/objdir/elf/tst-origin] Error 1
[32897] dynamic-link: pthread_getattr_np fails when executable stack
tunable is set
[32918] math: math: atanhf triggers UB
[32919] math: math: coshf triggers UB
[32920] math: math: logf triggers UB
[32921] math: math: sinhf triggers UB
[32922] math: math: cbrtf triggers UB
[32923] math: math: cospif triggers UB
[32924] math: math: erfcf triggers UB
[32925] math: math: sinpif triggers UB
[32932] libc: riscv: __riscv_hwprobe function attributes are incorrect
[32947] libc: stdlib: wrong iovec array size on __libc_message_impl
[32980] manual: getopt_long_only does not check long options first, as
the manual claims
[32981] ports: elf/tst-execstack-prog-static-tunable fails on
sparc64-linux-gnu
[32987] libc: New tst-dlopen-sgid test FAILs
[32996] malloc: i386 TLS helper functions don't preserve XMM registers
[33035] libc: [2.27 regression] Linux: __close_nocancel_nostatus
clobbers errno
[33056] string: Power 10 strcmp clobbers nonvolatile vector registers
(CVE-2025-5702)
[33059] string: Power 10 memchr clobbers v20
[33060] string: Power 10 strncmp clobbers nonvolatile vector registers
(CVE-2025-5745)
[33088] dynamic-link: __ehdr_start may need run-time relocation
[33089] build: [2.42 Regression] GCC 14.2.1 failed to build glibc
[33134] libc: mcount_internal shouldn't use vector/r16-r31 registers
nor call memcpy/memset
[33139] stdio: %n after static dlopen is unreliable if file
descriptors are exhausted
[33165] build: [2.42 Regression] FAIL: elf/check-localplt
[33173] math: Wrong IFUNC selector is used for modf/modff
[33185] regex: Double-free after memory allocation failure in regcomp
bracket expression parsing (CVE-2025-8058)
[33224] dynamic-link: _dl_debug_state hook no longer works (since
8329939a37f483a16013dd8af8303cbcb86d92cb)
This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports. These include:
Aaron Merey
Adhemerval Zanella
Andreas K. Hüttel
Andreas Schwab
Andrew Pinski
Arjun Shankar
Aurelien Jarno
Ben Kallus
Carlos O'Donell
Claudiu Zissulescu
Colin Ian King
Collin Funk
Cupertino Miranda
Cœur
DJ Delorie
David Lau
Dylan Fleming
Flavio Cruz
Florian Weimer
Frédéric Bérat
H. Peter Anvin
H.J. Lu
Jakub Jelinek
Jeremy Harris
Jitka Obselkova
John David Anglin
Jonathan Wakely
Joseph Myers
Julian Zhu
Lenard Mollenkopf
Luca Dariz
Luna Lamb
Maciej W. Rozycki
Mark Harris
Mark Wielaard
Martin Coufal
Matteo Croce
Michael Jeanson
Paul Zimmermann
Petr Malat
Pierre Blanchard
Radko Krkos
Ravina Jain
Ronan Pigott
Sachin Monga
Sam James
Samuel Thibault
Samuel Zeter
Sergei Zimmerman
Sergey Bugaev
Sergey Kolosov
Siddhesh Poyarekar
Stefan Liebler
Sunil K Pandey
Tobias Stoeckmann
Tomas Volf
Tulio Magno Quites Machado Filho
Wilco Dijkstra
William Hunt
Xi Ruoyao
YLK
Yangyu Chen
Yat Long Poon
Yury Khrustalev
Zhaoming Luo
gfleury
koraynilay
panzhe0328
zhenwei pi
наб
We would like to call out the following and thank them for their
tireless patch review:
Adhemerval Zanella
Andreas K. Hüttel
Andreas Schwab
Arjun Shankar
Carlos O'Donell
Collin Funk
Cupertino Miranda
DJ Delorie
Florian Weimer
Frédéric Bérat
Geoffrey Thomas
guoce
H.J. Lu
Joseph Myers
Maciej W. Rozycki
Mark Harris
Matthieu Longo
Palmer Dabbelt
Paul Eggert
Peter Bergner
Sachin Monga
Sam James
Samuel Thibault
Stefan Liebler
Sunil K Pandey
Tulio Magno Quites Machado Filho
Wilco Dijkstra
Yury Khrustalev
We’ve done various challenges in the past where we’ve bought Linux machines on a seriously low budget, but what if we had an unlimited budget? What would we buy in this hypothetical situation? It turns out we all struggled to come up with anything and are pretty satisfied with the machines we already have.
Note that this episode was recorded before we found out that Framework supports problematic projects.
It looks like the storage companies aren’t betting on the AI bubble lasting much longer, the arguments against self-hosting, and setting up a server for virtualization and containers.
The networking industry is undergoing a fundamental architectural transformation, driven by the relentless demands of cloud-scale data centers and the rise of software-defined infrastructure. At the heart of this evolution is the principle of disaggregation: the systematic unbundling of components that were once tightly integrated within proprietary, monolithic systems.
This movement began with the separation of network hardware from the network operating system (NOS), a paradigm shift championed by hyperscalers to break free from vendor lock-in and accelerate innovation.
In this blog post, we will explore how disaggregated networking takes shape, when the SONiC control plane meets the VPP data plane. You’ll see how their integration creates a fully software-defined router – one that delivers ASIC-class performance on standard x86 hardware, while preserving the openness and flexibility of Linux-based systems.
Disaggregation today extends to the software stack, separating the control plane from the data plane. This decoupling enables modular design, independent component selection, and more efficient performance and cost management.
The integration of Software for Open Networking in the Cloud (SONiC) and the Vector Packet Processing (VPP) framework represents the peak of this disaggregated model.
SONiC, originally developed by Microsoft and now a thriving open-source project under the Linux Foundation, has established itself as the de facto standard for a disaggregated NOS, offering a rich suite of L3 routing functionalities hardened in the world’s largest data centers.1 Its core design philosophy is to abstract the underlying switch hardware, allowing a single, consistent software stack to run on a multitude of ASICs from different vendors. This liberates operators from the constraints of proprietary systems and fosters a competitive, innovative hardware ecosystem.
Complementing SONiC’s control plane prowess is VPP, a high-performance, user-space data plane developed by Cisco and now part of the Linux Foundation’s Fast Data Project (FD.io).
VPP’s singular focus is to deliver extraordinary packet processing throughput on commodity commercial-off-the-shelf (COTS) processors. By employing techniques like vector processing and bypassing the traditional kernel network stack, VPP achieves performance levels previously thought to be the exclusive domain of specialized, expensive hardware like ASICs and FPGAs.
The fusion of these two powerful open-source projects creates a new class of network device: a fully software-defined router that combines the mature, feature-rich control plane of SONiC with the blistering-fast forwarding performance of VPP.
This architecture directly addresses a critical industry need for a network platform that is simultaneously programmable, open, and capable of line-rate performance without relying on specialized hardware.
The economic implications are profound. By replacing vertically integrated, vendor-locked routers with a software stack running on standard x86 servers, organizations can fundamentally alter their procurement and operational models. This shift transforms network infrastructure from a capital-expenditure-heavy (CAPEX) model, characterized by large upfront investments in proprietary hardware, to a more agile and scalable operational expenditure (OPEX) model.
The ability to leverage COTS hardware drastically reduces total cost of ownership (TCO) and breaks the cycle of vendor lock-in, democratizing access to high-performance networking and enabling a more dynamic, cost-effective infrastructure strategy.
Deconstructing the Components: A Tale of Two Titans
To fully appreciate the synergy of the SONiC-VPP integration, it is essential to first understand the distinct architectural philosophies and capabilities of each component. While they work together to form a cohesive system, their internal designs are optimized for entirely different, yet complementary, purposes. SONiC is engineered for control, abstraction, and scalability at the management level, while VPP is purpose-built for raw, unadulterated packet processing speed.
SONiC: The Cloud-Scale Control Plane
SONiC is a complete, open-source NOS built upon the foundation of Debian Linux. Its architecture is a masterclass in modern software design, abandoning the monolithic structure of traditional network operating systems in favor of a modular, containerized, microservices-based approach. This design provides exceptional development agility and serviceability.
Key networking functions, such as:
Border Gateway Protocol (BGP) routing stack
Link Layer Discovery Protocol (LLDP)
platform monitoring (PMON)
each run within their own isolated Docker container. This modularity allows individual components to be updated, restarted, or replaced without affecting the entire system, a critical feature for maintaining high availability in large-scale environments.
The central nervous system of this distributed architecture is an in-memory Redis database engine, which serves as the single source of truth for the switch’s state.
Rather than communicating through direct inter-process communication (IPC) or rigid APIs, SONiC’s containers interact asynchronously by publishing and subscribing to various tables within the Redis database. This loosely coupled communication model is fundamental to SONiC’s flexibility. Key databases include:
CONFIG_DB: Stores the persistent, intended configuration of the switch.
APPL_DB: A high-level, application-centric representation of the network state, such as routes and neighbors.
STATE_DB: Holds the operational state of various components.
ASIC_DB: A hardware-agnostic representation of the forwarding plane’s desired state.
The cornerstone of SONiC’s hardware independence, and the very feature that makes the VPP integration possible, is the Switch Abstraction Interface (SAI). SAI is a standardized C API that defines a vendor-agnostic way for SONiC’s software to control the underlying forwarding elements. A dedicated container, syncd, is responsible for monitoring the ASIC_DB. Upon detecting changes, making the corresponding SAI API calls to program the hardware. Each hardware vendor provides a libsai.so library that implements this API, translating the standardized calls into the specific commands required by their ASIC’s SDK. This elegant abstraction allows the entire SONiC control plane to remain blissfully unaware of the specific silicon it is running on.
VPP: The User-Space Data Plane Accelerator
While SONiC manages the high-level state of the network, VPP is singularly focused on the task of moving packets as quickly as possible. As a core component of the FD.io project, VPP is an extensible framework that provides the functionality of a router or switch entirely in software. Its remarkable performance is derived from several key architectural principles.
Vector Processing
The first and most important is vector processing. Unlike traditional scalar processing, where the CPU processes one packet at a time through the entire forwarding pipeline, VPP processes packets in batches, or “vectors”. A vector typically contains up to 256 packets. The entire vector is processed through the first stage of the pipeline, then the second, and so on. This approach has a profound impact on CPU efficiency. The first packet in the vector effectively “warms up” the CPU’s instruction cache (i-cache), loading the necessary instructions for a given task. The subsequent packets in the vector can then be processed using these cached instructions, dramatically reducing the number of expensive fetches from main memory and maximizing the benefits of modern superscalar CPU architectures.
User-Space Orientation & Kernel Bypass
The second principle is user-space operation and kernel bypass. The Linux kernel network stack, while powerful and flexible, introduces performance overheads from system calls, context switching between kernel and user space, and interrupt handling. VPP avoids this entirely by running as a user-space process. It typically leverages the Data Plane Development Kit (DPDK) to gain direct, exclusive access to network interface card (NIC) hardware. Using poll-mode drivers (PMDs), VPP continuously polls the NIC’s receive queues for new packets, eliminating the latency and overhead associated with kernel interrupts. This direct hardware access is a critical component of its high-throughput, low-latency performance profile.
Packet Processing Graph
Finally, VPP’s functionality is organized as a packet processing graph. Each feature or operation-such as an L2 MAC lookup, an IP4 route lookup, or an Access Control List (ACL) check-is implemented as a “node” in a directed graph. Packets flow from node to node as they are processed. This modular architecture makes VPP highly extensible. New networking features can be added as plugins that introduce new graph nodes or rewire the existing graph, without requiring changes to the core VPP engine.
The design of SAI was a stroke of genius, originally intended to abstract the differences between various hardware ASICs.
However, its true power is revealed in its application here. The abstraction is so well-defined, that it can be used to represent not just a physical piece of silicon, but a software process. The SONiC control plane does not know or care whether the entity on the other side of the SAI API is a Broadcom Tomahawk chip or a VPP instance running on an x86 CPU. It simply speaks the standardized language of SAI.
This demonstrates that SAI successfully abstracted away not just the implementation details of a data plane, but the very notion of it being physical, allowing a purely software-based forwarder to be substituted with remarkable elegance.
Feature
SONiC
VPP
Primary Function
Control Plane & Management Plane
Data Plane
Architectural Model
Containerized Microservices
Packet Processing Graph
Key Abstraction
Switch Abstraction Interface (SAI)
Graph Nodes & Plugins
Operating Environment
Kernel/User-space Hybrid (Linux-based)
Pure User-space (Kernel Bypass)
Core Performance Mechanism
Distributed State Management via Redis
Vector Processing & CPU Cache Optimization
Primary Configuration Method
Declarative (config_db.json, Redis)
Imperative (startup.conf, Binary API)
Creating a High-Performance Software Router
The integration of SONiC and VPP is a sophisticated process that transforms two independent systems into a single, cohesive software router.
The architecture hinges on SONiC’s decoupled state management and a clever translation layer that bridges the abstract world of the control plane with the concrete forwarding logic of the data plane. Tracing the lifecycle of a single route update reveals the elegance of this design.
The End-to-End Control Plane Flow
The process begins when a new route is learned by the control plane. In a typical L3 scenario, this happens via BGP.
Route Reception: An eBGP peer sends a route update to the SONiC router. This update is received by the bgpd process, which runs within the BGP container. SONiC leverages the well-established FRRouting (FRR) suite for its routing protocols, so bgpd is the FRR BGP daemon.
RIB Update: bgpd processes the update and passes the new route information to zebra, FRR’s core component that acts as the Routing Information Base (RIB) manager.
Kernel and FPM Handoff: zebra performs two critical actions. First, it injectsa route into the host Linux kernel’s forwarding table – via a Netlink message. Second, it sends the same route information to the fpmsyncd process using the Forwarding Plane Manager (FPM) interface, a protocol designed for pushing routing updates from a RIB manager to a forwarding plane agent.
Publishing to Redis: The fpmsyncd process acts as the first bridge between the traditional routing world and SONiC’s database-centric architecture. It receives the route from zebra and writes it into the APPL_DB table in the Redis database. At this point, the route has been successfully onboarded into the SONiC ecosystem.
Orchestration and Translation: The Orchestration Agent (orchagent), a key process within the Switch State Service (SWSS) container, is constantly subscribed to changes in the APPL_DB. When it sees the new route entry, it performs a crucial translation. It converts the high-level application intent (“route to prefix X via next-hop Y”) into a hardware-agnostic representation and writes this new state to the ASIC_DB table in Redis.
Synchronization to the Data Plane: The final step in the SONiC control plane is handled by the syncd container. This process subscribes to the ASIC_DB. When it detects the new route entry created by orchagent, it knows it must program this state into the underlying forwarding plane.
This entire flow is made possible by the architectural decision to use Redis as a central, asynchronous message bus.
In a traditional, monolithic NOS, the BGP daemon might make a direct, tightly coupled function call to a forwarding plane driver. This creates brittle dependencies. SONiC’s pub/sub model, by contrast, ensures that each component is fully decoupled. The BGP container’s only responsibility is to publish routes to the APPL_DB; it has no knowledge of who will consume that information.
This allows the final consumer the data plane-to be swapped out with zero changes to any of the upstream control plane components. This decoupled architecture is what allows VPP to be substituted for a hardware ASIC so cleanly and implies that other data planes could be integrated in the future – simply by creating a new SAI implementation.
The Integration Foundation: libsaivpp.so
The handoff from syncd to the data plane is where the specific SONiC-VPP integration occurs.
In a standard SONiC deployment on a physical switch, the syncd container would be loaded with a vendor-provided shared library (e.g., libsai_broadcom.so). When syncd reads from the ASIC_DB, it calls the appropriate standardized SAI API function (e.g., sai_api_route->create_route_entry()), and the vendor library translates this into proprietary SDK calls, to program the physical ASIC.
In the SONiC-VPP architecture, this vendor library is replaced by a purpose-built shared library: libsaivpp.so. This library is the critical foundationof the entire system. It implements the full SAI API, presenting the exact same interface tosyncd as any hardware SAI library would.
However, its internal logic is completely different. When syncd calls a function like create_route_entry(), libsaivpp.so does not communicate with a hardware driver. Instead, it translates the SAI object and its attributes into a binary API message that the VPP process understands.
It then sends this message to the VPP engine, instructing it to add the corresponding entry to its software forwarding information base (FIB). This completes a “decision-to-execution” loop, bridging SONiC’s abstract control plane with VPP’s high-performance software data plane.
Component (Container)
Key Process(es)
Role in Integration
BGP Container
bgpd
Receives BGP updates from external peers using the FRRouting stack.
SWSS Container
zebra, fpmsyncd
zebra manages the RIB. fpmsyncd receives route updates from zebra and publishes them to the Redis APPL_DB.
Database Container
redis-server
Acts as the central, asynchronous message bus for all SONiC components. Hosts the APPL_DB and ASIC_DB.
SWSS Container
orchagent
Subscribes to APPL_DB, translates application intent into a hardware-agnostic format, and publishes it to the ASIC_DB.
Syncd Container
syncd
Subscribes to ASIC_DB and calls the appropriate SAI API functions to program the data plane.
VPP Platform
libsaivpp.so
The SAI implementation for VPP. Loaded by syncd, it translates SAI API calls into VPP binary API messages.
VPP Process
vpp
The user-space data plane. Receives API messages from libsaivpp.so and programs its internal forwarding tables accordingly.
In the second part of our series, we will move from architecture to action – building and testing a complete SONiC-VPP software router in a containerized lab.
We’ll configure BGP routing, verify control-to-data planesynchronization, and analyze performance benchmarks that showcase the real-world potential of this disaggregated design.
An AWS outage takes down a lot more sites and services than it should have, the new Ubuntu release has some surprisingly bad bugs, the Xubuntu website is compromised, Discord proves that uploading IDs is a bad idea, and Framework disappoints by sponsoring the baddies.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
With constant news stories about security issues with developer-published software in package managers like npm, we weigh up the pros and cons of this approach to distributing open source software.
Some examples of the technical debt we’ve seen in the cloud world, how to pay it back, avoiding it in the first place, and why a certain amount of tech debt is inevitable.
Windows 10 is officially end of life but Microsoft extends free updates for Windows 10 in Europe, it gets even harder to use a local account in Windows 11, and whether repurposing old server hardware is worth it.
When teams consider deploying Kubernetes, one of the first questions that arises is: where should it run? The default answer is often the public cloud, thanks to its flexibility and ease of use. However, a growing number of organizations are revisiting the advantages of running Kubernetes directly on bare metal servers. For workloads that demand maximum performance, predictable latency, and direct hardware access, bare metal Kubernetes can achieve results that virtualized or cloud-hosted environments simply cannot match.
Why Bare Metal Still Matters
Virtualization and cloud abstractions have delivered convenience, but they also introduce overhead. By eliminating the virtualization layer, applications gain direct access to CPUs, memory, storage devices, and network interfaces. This architectural difference translates into tangible benefits:
Near-Native Performance – Applications can leverage the full power of the hardware, experiencing minimal overhead from hypervisors or cloud APIs. (Cloud Native Bare Metal Report, CNCF 2023)
Predictable Latency – A critical factor in industries such as real-time analytics, telecommunications, and financial trading, where even microseconds matter.
Efficient Hardware Utilization – GPUs, NVMe storage, or SmartNICs can be accessed directly, without restrictions or performance bottlenecks introduced by virtualization.
Cost Optimization – For workloads that are steady and long-term, owning and operating bare metal servers can be significantly more cost-effective than continuously paying cloud provider bills (IDC: Bare Metal Economics).
Deep Infrastructure Control – Operators can configure firmware, tune networking, and manage storage directly, without depending on the abstractions and limitations imposed by cloud environments.
Bare metal provides power and control, but it comes with its own challenge: managing servers at scale. This is precisely where Bare Metal as a Service (BMaaS) steps in.
Bare Metal as a Service with metal-stack.io
metal-stack is an open-source platform that makes bare metal infrastructure as easy to consume as cloud resources. It provides a self-service model for physical servers, automating provisioning, networking, and lifecycle management. Essentially, it transforms racks of hardware into a cloud-like environment—while retaining the performance advantages of bare metal.
Automated Provisioning – Servers can be deployed with clean, reproducible operating system images, similar to how VMs are created in cloud environments.
Integrated Networking – With BGP-based routing and compatibility with Kubernetes CNI plugins like Cilium or Calico, metal-stack ensures high-performance and secure networking. Load balancing can be handled with MetalLB.
Multi-Tenant Support – Physical machines can be securely assigned to different teams or projects, enabling isolation and resource fairness.
Open Source Foundation – The entire stack is open source (MIT/AGPL), ensuring transparency, avoiding vendor lock-in, and allowing teams to adapt the system to their unique needs.
By using metal-stack.io, organizations don’t need to compromise between the raw speed of bare metal and the automation of cloud infrastructure—they can have both.
Building the Bare Metal Kubernetes Stack
Deploying Kubernetes on bare metal requires assembling several components into a complete ecosystem. With metal-stack at the foundation, additional layers ensure resilience, security, and operational visibility:
Networking – Pair metal-stack’s BGP routing with a Kubernetes CNI like Cilium for low-latency, policy-driven communication.
Storage – Tools like Rook (Ceph) or OpenEBS create distributed, high-speed storage pools that can survive node failures.
Observability – Monitoring with Prometheus, and logging with Loki or ELK, provide the insights needed to manage both hardware and workloads effectively.
Security – Without the isolation of virtualization, it becomes essential to enforce RBAC, Pod Security Standards, and strict network policies.
Lifecycle Management – While metal-stack automates the server lifecycle, Kubernetes operators and GitOps tools (e.g., ArgoCD or Flux) help automate application deployment and ongoing operations.
This layered approach turns bare metal clusters into production-ready platforms capable of handling enterprise-grade workloads.
Real-World Use Cases
Bare metal Kubernetes shines in scenarios where hardware performance and low latency are non-negotiable. Some standout use cases include:
AI/ML Training – Direct access to GPUs accelerates machine learning model training and inference workloads (NVIDIA on Bare Metal).
Telecom & 5G Networks – Edge deployments and network functions demand ultra-low latency and predictable performance.
Financial Services – High-frequency trading and other time-sensitive platforms benefit from microsecond-level predictability.
Enterprise Databases – Systems like PostgreSQL or Cassandra achieve higher throughput and stability when running directly on bare metal.
In each of these cases, bare metal Kubernetes provides both the performance edge and the flexibility of modern orchestration.
Getting Started with metal-stack.io
For organizations interested in exploring this model, the path forward is straightforward:
Benchmark workloads against equivalent cloud-based environments to validate performance gains.
Scale gradually, adding automation and expanding infrastructure as the needs grow.
This incremental approach reduces risk and allows teams to build confidence before moving critical workloads.
Conclusion & Next Steps
Running Kubernetes on bare metal delivers unmatched performance, efficiency, and control—capabilities that virtualized and cloud-based environments cannot fully replicate. Thanks to open-source solutions like metal-stack.io, organizations no longer need to choose between raw power and operational simplicity. Bare Metal as a Service (BMaaS) extends the agility of the cloud to physical servers, enabling DevOps teams to manage Kubernetes clusters that are faster, more predictable, and fully under their control.
For high-performance computing, latency-sensitive applications, and hardware-intensive workloads, Kubernetes on bare metal is not just an alternative—it is often the best choice.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
The Google Photos clone Immich finally has a stable release and Joe is impressed with it, we hope an open source printer crowdfunder works out, Amazon launches a Linux-based OS to replace Android on its streaming devices, Graham gives us an update on his Home Assistant hardware, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
Changelog
Oct 18, 2025 - clamav upgraded to v 1.5.1
Oct 11, 2025 - clamav upgraded to v 1.5.0. A recent version of rust is needed (successfully using 1.88 here). Just reinstall as explained below. No particular change is needed in the config files.
A Red Hat breach leads to a leak of lots of sensitive customer data, Synology backs down on allowing third-party drives but they are removing features, and managing ZFS properties during replication.
Our desert island disks, retirement plans, and the worst gifts people have brought back from holiday for us. With Gary from Linux After Dark, Félim from Late Night Linux, and Martin, Mark and Alan from Linux Matters.
Patrons got this this in their feed two weeks ago.
The most expensive Raspberry Pi ever might appeal to kids and a new OS version looks somewhat more modern, AI does something Félim can’t complain about, F-Droid might be doomed, ChromeOS is probably being replaced by Android, the UK government wants to implement a disastrous digital ID scheme, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
1Password Extended Access Management
Take the first step to better security for your team by securing credentials and protecting every application — even unmanaged shadow IT.
Learn more at 1password.com/latenightlinux
How we got started in our tech careers, how and why we moved into the cloud, and why the cloud often makes more sense than on-prem.
Insta360 Go Ultra
Insta360 have just launched their brand-new pocket camera, the GO Ultra. To get free Sticky Tabs with it go to store.insta360.com and use the promo code “hybridcloud”, available for the first 30 purchases only.
The weird errors you see when your root partition is full, TikTok uses a lot of bandwidth by preloading videos, and dealing with a ZFS pool that won’t import.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
The entrenched Linux or tech habits, workflows, and ideas we think we’ll move away from in the next few years and how we see ourselves doing it.
Tailscale
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
We cover some of your emails, questions, and comments. A challenge suggestion of not using a package manager, donating old hardware, why we don’t use custom ROMs on our phones, whether low end laptops with soldered eMMC storage are worth buying (they aren’t), and tips for using Home Assistant with Apple gear and Jellyfin on Android.
Intel and Nvidia are teaming up for multiple reasons, Open AI are planning to build data centers and use a ludicrous amount of power, LLM hallucinations aren’t going away, and how long we keep servers and hard drives in production.
Drama in KDE land, more worries about Android source code, Ubuntu’s transition away from GNU coreutils hits a slight speed bump, Mastodon adds a serious potential revenue stream, and a glimpse of a Blade Runner style dystopian tech future. With guest hosts Andy from Linux Dev Time, and Chris from Linux After Dark.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
SMTP relays and observability, why we didn’t recommend Podman over Docker to a newcomer, and Gary gives us an update on his homelab.
Insta360 Go Ultra
Insta360 have just launched their brand-new pocket camera, the GO Ultra. To get free Sticky Tabs with it go to store.insta360.com and use the promo code “hybridcloud”, available for the first 30 purchases only.
Joe set up a FreeBSD box to serve as a replication target and it was surprisingly straightforward, if rather different from Linux. Plus the lies that storage tells us.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Cloning disks (again), Félim’s new colour e-reader, 3 ways to make a QR code, improving your typing with a TUI and a game, a quick KDE Korner, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Entroware
This episode is sponsored by Entroware. They are a UK-based company who sells computers with Ubuntu preinstalled. They have configurable laptops, desktops and servers to suit a wide range of Linux users. Check them out and don’t forget to mention us at checkout if you buy one of their great machines.
Summer is officially over. As the nights draw in it’s time to hunker down and work on our technical debt. We all have Linuxy projects that we are planning, so we commit to doing them by Christmas – when we will record a follow-up episode. Docker Compose, Immich, Jellyfin, learning Python, moving away from Synology, Home Assistant, and more.
Matrix shows how painful enormous databases can be to restore, why the certificate authority system doesn’t seem to make sense in 2025, a hosting provider thinks they are better than Cloudflare at blocking malicious traffic, a viral app turns out to be written by an enthusiastic dev who doesn’t understand best practices, and using S3 object storage outside of the cloud. With guest host Gary from Linux After Dark and Hybrid Cloud Show.
Android becomes more like iOS, another key dev leaves the Asahi Linux project, Mozilla will probably keep their Google search deal, we troll Félim with some AI bollocks, GNOME can’t keep an executive director, Microsoft releases the source for an ancient BASIC implementation, friend of the show Connor is snubbed by an Irish newspaper, a brief review of a classic Bond movie, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
1Password Extended Access Management
Take the first step to better security for your team by securing credentials and protecting every application — even unmanaged shadow IT.
Learn more at 1password.com/latenightlinux
daemontools è una collezione di strumenti per gestire servizi UNIX. Monitora i servizi di qmail e salva i messaggi di errore in uno o più logs.
Changelog
Jan 5, 2026 (v0.83) This release doesn't add any new feature nor fixes any bug or issue. It just simplifies the installation by leaving the sources where the user wants them, installing the commands in the /command directory and creating a symbolic link in /usr/local/bin. From now on there's no daemontools directory in /var/qmail anymore.
Sep 30, 2025 (v0.82) - Fixed crash in multilog caused by invalid buffer access when read() returned -1 ea3abe9
Aug 3, 2025 - multilog prints a readable datetime in milliseconds if used with "m" flag (thanks squidvisa)
Mar 19, 2025 (v. 0.79) This version does not add new features nor corrects bugs. It's just a reorganizations of the files in the source dir - daemontools will be installed in /var/qmail/daemontools - Moved 'package' and 'src' to the top dir - Version grabbed from 'VERSION' in package/upgrade
Feb 9, 2025 (v0.78.4) - several adjustments to get clang version 18.1.6 compatibility - restored !/bin/sh in all scripts
Oct 14, 2024 (version 0.78.3) - all package/ scripts now run the bash shell - package/run script will recognize if we are in an lxc container to skip inittab configuration - package/run.rclocal will find both /etc/rc.local /etc/rc.d/rc.local - daemontools-0.78.2 directory renamed to daemontools
Oct 9, 2024 - added -ltr to conf-ld to restore compatibility with systems with glibc prior to v. 2.17 like RHEL6/CentOS6, where the librt.so library is not linked
Oct 10, 2024 - version 0.78.1: added package/compile which was missing again! (tx Bai Borko)
Sep 6, 2024 - fixed a .gitignore issue which was preventing the package/compile script upload (thanks Ivelin Topalov)
Jul 29, 2024 (version 0.78) - multilog prints a readable datetime if used with "d" flag, it prints timestamps if used in the usual way with the "t" flag (80f2133) - fixed several compilation warnings and/or breaks on gcc-14.1
Dec 9, 2023 -moved my patched daemontools to github and called 0.77 the new version -clear service moved to qmail/supervise/clear
A lot of key open source software is paid for by large companies. That has some advantages, but it can also cause some issues. Maybe it would be better if more FOSS development was paid for by smaller companies and contributions from users.
The first steps to move away from a “pets” mindset and towards automation and infrastructure as code, why we use a lot of abstraction at home, and how to use your homelab to improve your employment prospects. With guest host Joe Ressington from Late Night Linux.
Insta360 Go Ultra
Insta360 have just launched their brand-new pocket camera, the GO Ultra. To get free Sticky Tabs with it go to store.insta360.com and use the promo code “hybridcloud”, available for the first 30 purchases only.
McDonald’s IT systems seem to be riddled with 90s-style coding errors, we finally know where the fraudulent hard drives came from, when IT workers go rogue, and ZFS on root without using FreeBSD or Ubuntu.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
What happens to Linux after Linus, what a German legal case might mean for blocking ads on the web, Graham tell us about his new foldable phone which Joe has also had for about 7 months, and a quick KDE Korner.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Entroware
This episode is sponsored by Entroware. They are a UK-based company who sells computers with Ubuntu preinstalled. They have configurable laptops, desktops and servers to suit a wide range of Linux users. Check them out and don’t forget to mention us at checkout if you buy one of their great machines.
It’s the £20 Linux machine challenge! This time the rules are stricter: no adding storage and RAM. It turns out that if you try really hard, you can buy a really nice Linux computer on a seriously low budget.
Check out part 1 and part 2 of the £50 challenge that we did previously.
Google is planning to assert even more control over which Android apps can be installed, the US government takes a 10% stake in Intel, and minimum networking speeds in homes and offices.
The AI crawler bot arms race has developed more quickly than we hoped, Google pretends to care what the community thinks, full Linux desktop apps are probably coming to Android, Thunderbird shares more details of their paid services and we are interested, and PuTTY has a great new domain name.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
We explore the differences between terms like coder, software developer, engineer, and architect. They are often used interchangeably, but there can be real differences between them. Or at least once upon a time there were differences.
What exactly is platform engineering, and how does it differ from DevOps?
Insta360 Go Ultra
Insta360 have just launched their brand-new pocket camera, the GO Ultra. To get free Sticky Tabs with it go to store.insta360.com and use the promo code “hybridcloud”, available for the first 30 purchases only.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Xfce running on Wayland on openSUSE, Canonical laid off the printing guy, Mozilla pisses people off with AI tab groups, and what the post-x86 world will look like for desktop Linux. Plus a handy way to save and run project-specific commands, turning any device into a file server, and a convoluted way to get wind data from planes. With guest hosts Gary from Linux After Dark and Hybrid Cloud Show, and Kevin from Linux Dev Time.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Entroware
This episode is sponsored by Entroware. They are a UK-based company who sells computers with Ubuntu preinstalled. They have configurable laptops, desktops and servers to suit a wide range of Linux users. Check them out and don’t forget to mention us at checkout if you buy one of their great machines.
TxRep was designed as an enhanced replacement of the AutoWhitelist plugin. TxRep, just like AWL, tracks scores of messages previously received, and adjusts the current message score, either by boosting messages from senders who send ham or penalizing senders who have sent spam previously. This not only treats some senders as if they were whitelisted but also treats spammers as if they were blacklisted. Each message from a particular sender adjusts the historical total score which can change them from a spammer if they send non-spam messages. Senders who are considered non-spammers can become treated as spammers if they send messages which appear to be spam. Simpler told TxRep is a score averaging system. It keeps track of the historical average of a sender, and pushes any subsequent mail towards that average.
The Bayesian classifier in Spamassassin tries to identify spam by looking at what are called tokens; words or short character sequences that are commonly found in spam or ham. If I've handed 100 messages to sa-learn that have the phrase penis enlargement and told it that those are all spam, when the 101st message comes in with the words penis and enlargment, the Bayesian classifier will be pretty sure that the new message is spam and will increase the spam score of that message.
In pratica Bayes è un classificatore statistico: guarda i token (parole, header, URL, ecc.) e calcola la probabilità che il messaggio sia spam senza interessarsi di chi manda, ma solo del contenuto.
Invece TxRep tiene traccia della reputazione del mittente (indirizzo email + IP).
It’s our annual episode where we need to talk about Ubuntu. This time most of us are broadly indifferent about the distro itself, so we end up mostly discussing our concerns about Canonical.
AMD’s recent mobile-class processors impress us with their power to performance ratio, the UK government suggests a preposterous way to save water, setting up verified boot with snapshots, and the best way to configure ZFS to run VMs.
The field of science we find most interesting, the bionic enhancements we’d want, the longest we’ve stayed awake, and the wisdom we’d pass onto the next generation. With Gary from Linux After Dark and Félim from Late Night Linux.
Patrons got this this in their feed two weeks ago.
A new Debian version is out and it’s the end of the 32-bit x86 era, an AWS user almost found out the hard way about the need for proper backups, GitHub is finally fully swallowed into Microsoft (having gone all in on AI), and a quick KDE Korner. With guest hosts Gary from Linux After Dark and Hybrid Cloud Show, and Kevin from Linux Dev Time.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Not invented here syndrome is very common in open source. We get into why that is, when it makes sense to start your own project from scratch, and how contributing to existing software can sometimes be better for everyone.
Shane gives us an update on his janky Kubernetes homelab. The storage is under control with ZFS, he’s got a decent switch, and everything is in Git – so maybe it isn’t that janky anymore.
The Web is a mess of tracking and AI scraping so do we need a new one, would it even be possible, or is this the wrong question? Plus setting up servers in a garage where dusty woodworking is happening.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Whether we need a properly open source ChromeOS alternative (or maybe we already have loads of them), what to do about bogus AI vulnerability reports, PuTTY’s confusing website confusion, a cool new game, a quick KDE Korner, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
1Password Extended Access Management
Take the first step to better security for your team by securing credentials and protecting every application — even unmanaged shadow IT.
Learn more at 1password.com/latenightlinux
Gary has been using a Framework 12 laptop for a few weeks and gives us his impressions of it. Are the upgradability and repairability worth the premium price he paid for it?
Jim is concerned that although over-anthropomorphising LLMs is a mistake, we should be cautious about some of their human-like behaviour. Plus how to maintain old ZFS pools, and accessibility in the BSDs.
Intel kills its Linux distro without any notice, the UK government might ban state organisations from paying ransomware ransoms, we laugh at a vibe coding disaster, KDE’s new immutable arch-based distro, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
With the recent news of Bcachefs (probably) being removed from the Linux kernel, we are joined by Allan Jude from 2.5 Admins and Klara to discuss some of what we think went wrong, how to manage and maintain multiple releases of a project at once, and why release engineering is an important concept.
What to think about when picking a public cloud provider, and why it depends on the needs of your business. Free credits, billing complexity, available tools, small clouds vs the big three, hiring people with experience of particular cloud platforms, support, compliance, ease of repatriation, and more.
Two recent outages were handled very differently but show the dangers of centralisation, Let’s Encrypt is introducing certificates for IP addresses, and the differences between backup and production systems.
Mark upgrades the SSD in his Framework laptop in the most elaborate way, e-v-e-r!
Alan masters gh to build reports and automate GitHub operations.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
The sad reality of the AI crawler bot arms race, the baddies seem to be obsessed with Xorg, but Wayland will soon be a reality for older smaller desktops (hopefully). Plus controlling a silly Red Dwarf thing, software releases with feature flags, a massive list of cheat sheets, another way to avoid the likes of Reddit, old skool CPU monitoring, and an update on Joe’s KDE experiment.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Entroware
This episode is sponsored by Entroware. They are a UK-based company who sells computers with Ubuntu preinstalled. They have configurable laptops, desktops and servers to suit a wide range of Linux users. Check them out and don’t forget to mention us at checkout if you buy one of their great machines.
Per mia comodità ho spostato i sorgenti di qmail sources nel mio spazio github. Ciononostante, tutte le informazioni riguardanti qmail e programmi correlati continueranno a essere riportate in questo spazio web, e questo spazio rimarrà il luogo ove chiedere eventualmente supporto. Da ora in poi, annzichè rilasciare una patch combinata, rilascerò un pacchetto da scaricare da github, che sarà ovviamente il risultato dell'accomodamento delle patch elencate sotto più varie modifiche che verranno indicate nei commit di github.
Changelog
Jan 8, 2026 - bug fixed in helodnscheck: it allowed domains with only one dot #30
Jan 5, 2026 - helodnscheck.cpp: PCRE dependency avoided, to make happy Debian 13 d987ec4 - config-all now grabs the correct network interface c60d3fa - config-all will now prompt for 1024/2048 key length for DKIM c842cea - Fixed typo in qmailctl3f1ea75 - Makefile: Fixed incorrect rule syntax for 'make cert' 80222cc
Sep 8, 2025 - Fixes in SPP handling and support for [pass] plugins after RCPT accept. Support for RBLRESULT environment variable and RBL ignore ('=') option. (tx Andreas Gerstlauer) - Added -std=gnu17 to conf-cc, fixed some other issues and now it compiles on gcc-15.2 in #28 - scripts/qmail-pop3d and qmail/pop3sd: ports changed to 110 and 995 - Received: email header now hides the sender's hostname when the sender is RELAYCLIENT or is authenticated. 785e84b
Jul 10, 2025 - Authentication-Results: header support (Andreas Gerstlauer) - DKIM: added ERROR_FD=2 in control/filterargs to send error output of qmail-dkim in stderr when acting as a qmail-remote filter (Andreas Gerstlauer) - improved qmail-dkim error reporting when signing outgoing messages (Andreas Gerstlauer) - helodnscheck.cpp:qmail dir determined dinamically - qmHandle: Add -x and -X parametr for remove email by To/Cc/Bcc (by Stetinac)
Jun 9, 2025 - CRLF fix for fastremote-3 patch (thanks Andreas Gerstlauer) - Bug fix to the greetdelay program (thanks Andreas Gerstlauer): qmail-smtpd crashes if SMTPD_GREETDELAY is defined with no DROP_PRE_GREET defined. - turned off TLS and helo dns check on qmail-smtpsd/run script (tx Luis)
Apr 30, 2025 qmailctl, qmHandle, queue_repair and all scripts installed in QMAIL/bin and not in /usr/local/bin by config-all.sh
Apr 25, 2025 - added a configuration script config-all, which configure and installs the control files (as per the original config-fast script), aliases, SRS (uses control/me as the srs_domain), log dirs in /var/log/qmail, tcprules (basic, just to make initial tests), supervise scripts, qmailctl script, DKIM control/filterargs and control/domainkeys dir, SURBL, smtpplugins, helodnscheck spp plugin, svtools, qmHandle, queue-repair, SSL key file (optional). Consider this feature as "testing"
Feb 11, 2025 - Several adjustments to get freeBSD and netBSD compatibility. More info in the commit history. Hints/comments are welcome. - freeBSD users have to erase the very 1st line of the file "conf-lib", as libresolv.so in not needed on freeBSD. - Dropped files install-big.c, idedit.c and BIN.* files. - Dropped files byte_diff.c, str_cpy.c, str_diff.c, str_diffn.c and str_len.c, which break compilation on clang and can be replaced by the functions shipped by the compiler (tx notqmail). - Old documentation moved to the "doc" dir. install.c and hier.c modified accordingly - conf-cc and conf-ld now have -L/usr/local/lib and -I/usr/local/include to look for srs2 library - conf-cc and conf-ld now have -L/usr/pkg/lib and -I/usr/pkg/include to satisfy netBSD - vpopmail-dir.sh: minor correction to vpopmail dir existence check - srs.c: #include <srs2.h> now without path
This article explains how to convert a given Linux distribution to a Slackware one in an OVHcloud server. I wrote in the past an article about doing the same for OVH kimsufi.
NB se si è seguita la 'configurazione veloce' basata sullo script config-all, questo programma è già stato configurato.
Changelog
Jun 14, 2025 - Added a cronjob for rcptcheck-overlimit that only removes cases that didn't exceed the limit, i.e. enforces a permanent ban (tx Andreas Gerstlauer)
Se si vuole evitare il rischio di compromettere il proprio server a causa di account che inviano indiscriminatamente messaggi a tutto il mondo, ad esempio per via di di una password che è stata violata in qualche modo, si può utilizzare lo script rcptcheck-overlimit di Luca Franceschini, che deve essere usato insieme alla patch rcptcheck (una patch derivata da Luca da un lavoro originale di Jay Soffian).
Jun 6, 2025 - dehydrated now launches a hook.sh script which handles the post-installation tasks (assemble and copy the certificate into the qmail dir, restart the server and eventually alert the administrator in case of problems). It replaces the old scripts.
5 agosto 2023 - L'installzione del certificato è ora basata su dehydrated. La vecchia documentazione basata su certbot si trova in fondo a questa pagina, ma non verrà più aggiornata.
May 18, 2023 - added the option --key-type rsa to the certbot command, to avoid that certbot will silently default to ECDSA the private key format, which results not understandable by my openssl-1.1. In this way the format of the private key will be RSA. More info here.
To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol which typically runs on your web host.
qmail v2025.04.18 e successivi include un nuovo script config-all che automatizza la configurazione di qmail. Vari script che prima dovevano essere installati a mano successivamente all'installazione di base di qmail vengono ora installati automaticamente se si lancia semplicemente il comando './config-all mx.domain.tld' dopo la compilazione. Ecco cosa sarà installato e configurato con l'installazione rapida:
control file pricipali come da script originale config-fast,
alias,
RBL
SPF
SRS (usa control/me come srs_domain),
directory log in /var/log/qmail,
cronjobs
logrotate
PATH e MANPATH in /etc/profile.d/qmail.sh
tcprules (base, solo per poter fare i testi inziali),
supervise scripts,
qmailctl script,
DKIM control/filterargs and control/domainkeys directory,
SURBL,
overlimit feature,
moreipme,
smtpplugins,
helodnscheck spp plugin,
svtools,
qmHandle,
queue-repair,
SSL key file (opzionale)
Da ora in avanti, lanciando ./config-all mx.mydomain.tld dopo la compilazione si otterrà una installazione di qmail pronta per i test. Si dovrà solo aggiungere i propri domini virtuali e le altre funzionalità non menzionate sopra.
Coloro che preferiscono configurare tutto a mano possono continuare a usare lo script config-fast, che orà copia i miei script supervise nella cartella qmail/doc.
In quanto segue, la sezione "Configurazione Manuale" è ovviamente una lettura caldamente suggerita al fine di avere un quadro di come funziona il tutto, soprattutto se si è principianti di qmail.
Jul 31, 2024 multilog uses "d" flag as default to gain compatibility with the readable datetime format of multilog in daemontools-0.78. Change it with the "t" flag if you prefer to have timestamps.
L'architettura della mia configurazione di qmail è stata modificata parecchio nel corso degli anni, specialmente per quanto riguarda il recapito dei messaggi verso gli utenti virtuali nel caso si sia abilitata la funzionalità "defaultdelivery" per vpopmail (--enable-defaultdelivery) che ho modificato recentemente, pertanto ho costruito una illustrazione di qmail con l'intento di chiarire come le cose funzionano insieme.
Vpopmail fornisce un modo semplice di gestire indirizzi di posta su domini virtuali e account email diversi da quelli su /etc/passwd.
Changelog
Nov 20, 2025 - vutil: 'isSomething' functions reviewed to satisfy qmailadmin calls in #9 - Added definition of 'call_onchange' function and cured its calls to avoid break 97ffe38
Oct 30, 2025 (v. 5.6.10) - Added specific usage informations for s/qmail users (look here) - Dropped -std=gnu17 from compilation options and solved (probably) all breaks and warnings on gcc 15.2 2d8526d - configure.ac now looks for mariadb include and lib dir in addition to mysql dab36e8 - configure.ac automatically looks for vanilla qmail's users/cdb and s/qmail's users/assign.cdb file 723efb3 - Updated the usage() funcion message in vadduser.c to clarify the use of pre-hashed passwords with -e 5b5ccdb - control/defaultdelivery is now installed by vpopmail if --enable-defaultdelivery 77f54eb - vrcptcheck checks all kind of address (users, forwards, valiases) #7 - Dropped unused functions in vpopmail.c #8
Sep 1, 2025 (v. 5.6.9) - added -std=gnu17 to gain compatibility with gcc-15 (PR #6) - pw_clear_passwd field enlarged to varchar(128) to create room for long passwords (tx Ricardo Brisighelli) c54688d
Mar 29, 2025 - defaultdelivery feature (--enable-defaultdelivery) changes (more info here, commit):
vdelivermail is installed by default in .qmail-default of newly created domains with option 'delete' as in the previous version.
if no user's valiases and no .qmail are found, then the message is sent to the control/defaultdelivery file, so that dovecot-lda (or whatelse) can store the mail into inbox and execute the sieve rules.
if vdelivermail is found in control/defaultdelivery, then it is ignored. The delivery remains in charge to vdelivermail, to avoid loops.
v. 5.6.8 is backward compatible. The users having .qmail from previous versions of the defauldelivery feature are not affected by this change.
Mar 23, 2025 (v. 5.6.7) - bug fix in vpopmaild.c: Crypted[64] enlarged to Crypted[128] to make room for SHA-512 passwords. This restores the usability of the RoundCube's 'password' plugin (commit) - fixed quota calculation in sql procedures for dovecot (tx Hakan Cakiroglu) (commit) - minor changes to the usage function of vmakedotqmail.c (commit)
Feb 15, 2025 (v. 5.6.6) - bug fix: pwstr.h was not installed by Makefile (tx Bai Borko)
Feb 9, 2025 - added pwd strength check also for vadduser.c - removed -std=c99 -D_XOPEN_SOURCE=500 arguments from CFLAGS in configure.ac to make clang happy - several changes to compile on FreeBSD clang v. 18.1.6
Dec 20, 2024 (v. 5.6.4) - Password strength enforcement PR #5 (grabbed from Matt Brookings' 5.5.0-dev version) - Dropped min pwd length feature. - vmysql.h: tables' layout changed in order to have VARCHAR instead of CHAR. Fields containing ip addresses enlarged to VARCHAR(39), to create room for ipv6. Unix timestamps definition changed from BIGINT(20) to INT(11). (commit 44bad58) Have a look to the upgrade notes below.
Oct 14, 2024 (v. 5.6.3) - fixed a configure break where a trivial C test program exits on error with gcc-14.1 due to missing headers - vusaged/domain.c: fixed -Wimplicit-function-declaration compilation warning - vmysql.h: dropped the multicolumn PRIMARY KEY in valias table to allow multiple forwards for a given alias. In case one already has the valias table defined, this is the sql query for the upgrade: ALTER TABLE `vpopmail`.`valias` DROP PRIMARY KEY, ADD INDEX (`alias`, `domain`, `valias_type`) USING BTREE; ALTER TABLE `vpopmail`.`valias` ADD `id` INT NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY (`id`);
Aggiornare alla versione 5.6.x
Quando si passa dalla versione 5.4.33 alla versione 5.6.x, se si hanno gli account su SQL, è necessario aumentare le dimensioni della colonna vpopmail.pw_passwd del database, poichè il meccanismo di criptaggio delle password è ora basato su SHA512, che è più lungo del vecchio MD5; si può comunque scegliere di disabilitare le SHA512 pwd con --disable-sha512-passwords al momento della configurazione. La colonna vpopmail.pw_passwd dovrebbe essere ora impostata a una dimensione di 128; questa la query:
ALTER TABLE `vpopmail` CHANGE `pw_passwd` `pw_passwd` CHAR(128) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL;
Aggiornare dalla versione 5.6.3 alla versione 5.6.4
Varie altre modifiche che però non creano incompatibilità con le versioni precedenti sono state apportate al layout delle tabelle MySQL. Ecco la query da lanciare per alterarle (inlclusa la modifica già menzionata sopra):
/* vpopmail */
ALTER TABLE `vpopmail` CHANGE `pw_name` `pw_name` VARCHAR(64) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
ALTER TABLE `vpopmail` CHANGE `pw_domain` `pw_domain` VARCHAR(96) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
ALTER TABLE `vpopmail` CHANGE `pw_passwd` `pw_passwd` VARCHAR(128) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL;
ALTER TABLE `vpopmail` CHANGE `pw_gecos` `pw_gecos` VARCHAR(64) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL;
ALTER TABLE `vpopmail` CHANGE `pw_dir` `pw_dir` VARCHAR(160) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL;
ALTER TABLE `vpopmail` CHANGE `pw_shell` `pw_shell` VARCHAR(20) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL;
/* vlog */
ALTER TABLE `vlog` CHANGE `user` `user` VARCHAR(32) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL;
ALTER TABLE `vlog` CHANGE `passwd` `passwd` VARCHAR(32) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL;
ALTER TABLE `vlog` CHANGE `domain` `domain` VARCHAR(96) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL;
ALTER TABLE `vlog` CHANGE `remoteip` `remoteip` VARCHAR(39) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL;
ALTER TABLE `vlog` CHANGE `error` `error` TINYINT(1) NULL DEFAULT NULL;
ALTER TABLE `vlog` CHANGE `timestamp` `timestamp` INT NOT NULL DEFAULT '0';
/* lastauth */
ALTER TABLE `lastauth` CHANGE `user` `user` VARCHAR(32) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
ALTER TABLE `lastauth` CHANGE `domain` `domain` VARCHAR(96) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
ALTER TABLE `lastauth` CHANGE `remote_ip` `remote_ip` VARCHAR(39) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
ALTER TABLE `lastauth` CHANGE `timestamp` `timestamp` INT NOT NULL DEFAULT '0';
/* limits */
ALTER TABLE `limits` CHANGE `domain` `domain` VARCHAR(96) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
/* alias */
ALTER TABLE `valias` CHANGE `alias` `alias` VARCHAR(32) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
ALTER TABLE `valias` CHANGE `domain` `domain` VARCHAR(96) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
/* dir_control */
ALTER TABLE `dir_control` CHANGE `domain` `domain` VARCHAR(96) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
/* aliasdomains */
ALTER TABLE `aliasdomains` CHANGE `alias` `alias` VARCHAR(96) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
ALTER TABLE `aliasdomains` CHANGE `domain` `domain` VARCHAR(96) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
Mie modifiche al programma
Questo l'insieme delle mie patch che sono incluse in vpopmail a partire dalla versione 5.6.0:
la patch sql-aliasdomains, che fa in modo che VPopMail salvi gli aliasdomains su mysql. Questo consente al driver sql di dovecot di fare l'autenticazione non solo con i domini reali ma anche con gli alias, a condizione che si modifichi anche la query all'interno del driver, come verrà spiegato dopo. Ciò è ora importante, dato che dovecot ha eliminato il driver per VPopMail.
vdelivermail è installato per default nel .qmail-default dei nuovi domini con l'opzione 'delete'.
se nessun utente e nessun .qmail sono stati trovati viene eseguito quanto contenuto nel file control/defaultdelivery, di modo che dovecot-lda possa salvare la mail ed eseguire le regole sieve.
se vdelivermail è stato trovato nel file control/defaultdelivery, allora control/defaultdelivery viene ignorato e la consegna del messaggio rimane a carico di vdelivermail, per evitare loop.
dovecot-sql-procedures patch. Se si vuole usare il driver sql di dovecot con la configurazione "una tabella per un dominio) (--disable-many-domains) è necessario personalizzare in modo pesante le query sql. Con questo aggiustamento vpopmail installerà in modo autonomo la procedura e le funzioni sql nel database quando si crea un nuovo dominio. La procedura può essere chiamata da dovecot per fare l'autenticazione. Il codice sql supporta gli aliasdomains e i mysql limits, e sarà caricato dal file ~/vpopmail/etc/disable-many-domains_procedures.sql che si può ovviamente personalizzare. E' necessario configurare vpopmail con --enable-mysql-bin=PATH poichè dobbiamo installare la procedura chiamando mysql con un comando shell.
vusaged configure patch Almeno su Debian 11 sembra che vusaged si rifiuti di terminare la configurazione (comando configure) a causa di un mancato link alle librerie mysql (configure: error: No vauth_getpw in libvpopmail). Ovviamente ho spulciato lo script e il link sembra impostato correttamente, e ciò è al momento molto strano. Dopo un po' di prove, ho notato che facendo in modo che il configure superi il problema senza bloccarsi con un messaggio di errore, la compilazione susseguente vada a buon fine linkando corrrettamente libmysqlclient e terminando con successo la compilazione. NB: è necessario dare un autoreconf -f -i nella directory vusaged prima della configurazione, dal momento che il file configure.ac è stato modificato.
s/qmail cdb patch. Questa patch, che consente a vpopmail di localizzare correttamente il file assign.cdb di qmail per gli utenti s/qmail, nell'attuale pacchetto perchè rimpiazzata da una analoga. Gli utenti di s/qmail dovrebbero configurare vpopmail con l'opzione --enable-qmail-cdb-name=assign.cdb
recipient check per gli utenti s/qmail. Da usare con s/qmail di Erwin Hoffmann al fine di validare il destinatario della mail. Questa patch non è importante nella presente installazione. Si veda qui per maggiori informazioni.
vuserinfo-D_newline, una piccola patch che migliora la leggibilità quando si utilizza il comando vuserinfo -D, introducendo una nuova linea
Numerose modifiche per rendere il programma compatibile con gli ultimi compilatori gcc e clang.
Una patch che risolve i seguenti problemi (Ali Erturk TURKER): - vdelivermail.c controlla i permessi di spamassassin anzichè di maildrop. - vopen_smtp_relay() restituisce il valore corretto, di modo che open_smtp_relay() possa rilevare e riportare gli errori di connessione al database (vmysql.c, voracle.pc, vpgsql.c) - vdel_limits() esegue un core-dump se la connessione al database non è disponibile. (vmysql.c, voracle.pc)
Nov 24, 2025 - dropped 'enforce = no' from 90-quota.conf to enforce quota limits (commit)
Nov 22, 2025 - quota driver switched to 'count' (commit). 'count' is the recommended way of calculating quota on recent Dovecot installations.
Oct 30, 2025 - dovecot ugraded to v. 2.4.2
Mar 29, 2025 - dovecot updated to v. 2.4.1-4
Mar 15, 2025 (config version 2.4.0.1 diff) - Added quota warnings feature. Improved quota configuration in 90-quota.conf (more info here) - Configured auth-master.conf.ext and auth-deny.conf.ext. To be included from local.conf
Mar 9, 2025 - fixed quota calculation in sql queries (tx Hakan Cakiroglu)
Feb 22, 2025 - Bug fix in 90-sieve.conf: global script to move spam into Junk now working - Bug fix in move-spam.sieve: erroneously matches "YES" if "BAYES" is in the header
Feb 15, 2025 - added support for vpopmail configured with --disable-many-domains - 90-sieve.conf: global script move-spam.sieve called correctly
Feb 8, 2025 - dovecot_postlogin.sh: query changed in order to add new records as well (tx Bai Borko) - bug fix: pop3 service was executing imap instead of pop3 (tx Gabriel Torres)
Jan 29, 2025 - dovecot upgraded to v 2.4.0. Old configuration files are not valid anymore and you have to install dovecot from scratch.
Nov 15, 2024 - added a postlogin script to update the vpopmail.lastauth SQL table on login (see 10-master.conf, thanks kengheng)
Dec 29, 2023 default_pass_scheme = SHA512-CRYPT (was MD5-CRYPT) in dovecot-sql.conf.ext, as vpopmail-5.6.x has now SHA512-CRYPT password by default
Feb 10, 2023 - added a patch to restore the old vpopmail-auth driver (tx Ali Erturk TURKER)
Un grande grazie a Bai Borko per aver fornito le istruzioni su cui si basa quanto segue e per lo script perl.
AWStats è uno strumento libero e potente che genera statistiche per vari servizi per il web. Questo analizzatore di log funziona via CGI o dalla linea di comando e mostra tutte le informazioni possibili contenute nei log per mezzo di grafici in delle pagine web.
qmailAdmin è un software libero che fornisce un'interfaccia web per gestire sistemi qmail con domini virtuali basati su vpopmail. Fornisce amministrazione per la creazione/cancellazione di utenti, alias, forward, mailing list e autoesponder.
Changelog
Nov 28, 2025 (v1.2.27) - Solved a compilation break on mailinglist.c when onchange is enabled in vpopmail a6395a9 - --with-auth-log becomes --with-auth-logdire6bdd48 - Dropped VPOPMAIL_DEFS_H def in template.c658eaa9 - Revised the definition of PACKAGE and VERSION macros in several .c files 18abb99bff23be - Functions file_exists() and str_replace() renamed to file_exists2() and str_replace2() on util.c because they are already defined in vpopmailbff23be - Fixed quick search button functionality (wasn't working well) bff23be - qmailadmin now requires vpopmail-5.6.11a640c59 - Solved undefined EZMLDIR and changing --enable-auth-log to --enable-auth-logdir in #5 - Dropped a lot of br tags in lang files, fixed accents in italian language in #6 - Dropped unusued --enable-help feature in configure in #7 - mailinglist.c: if MySQL support is enabled mysql:localhost is the default host in #8
Nov 8, 2025 (v1.2.26) - Improved the handling of program exit because of wrong configuration. This should avoid the unpleasant "blank screen" situation in some cases. * Configure program is now able to require a minimum vpopmail version 3846a52 * Upgrade in auth-logging feature: added configurable auth log path via --with-auth-log=DIR (default ~vpopmail/log). Log file now written under vpopmail privileges instead of apache. 59e234d04e2bf90c75b475f768b1 * Added verbosity to the "File error" event #4
VqAdmin è un pannello di controllo su interfaccia web che consente di eseguire azioni che richiedono l'accesso a root — per esempio, aggiungere e cancellare domini.
Come si può vedere, VqAdmin ha una nuova versione con un nuovo aspetto mobile responsive, con tutte le mie vecchie patch incluse (compresa quella di ALI) e diverse correzioni e ripuliture del codice sorgente. Ho risolto tutti i warnings sia di autotools che di gcc e cambiato un paio di cose per poter rifare il tema html (guardare il changelog per maggiori dettagli). Come sempre i contributi nei commenti sono graditi.
PS: anche la parte apache è stata modificata e prima di fare l'aggiornamento è necessario guardare quali modifiche sono necessarie.
Have fun!
Changelog
Dec 06, 2024 - added a patch to highlight users with restrictions and with admin privileges (PR #1, thanks Bai Borko) - added control files notlshosts_auto and tlsserverciphers
Oct 19, 2024 (version 2.4.2) - Minor fix to view_domain.html - Minor fix to the html of list all domains - aclocal fix
Jul 26, 2024 (version 2.4.1) - Fixed configure break. Trivial C test program breaks on gcc-14.1 due to missing headers (commit)
Mar 5, 2024 - version 2.4.0 marked as stable
Jan 19, 2024 - 2.4.0-beta.2 * fixed a buffer overflow in domain.c (tx Bai Borko) * solved stringop-truncation warnings in domain.c and lang.c
Dec 21, 2023 - 2.4.0-beta released - new skin - vqadmin moved to github
Jul 18, 2023 patch updated - Italian translation file html/it updated, following the patch by Ali Erturk TURKER - the vqadmin source directory has been cleaned of unnececessary files
We now have support for EAI (RFC 5336SMTP Email Address Internationalization), as I accomodated the patch of Arnt Gulbrandsen into my qmail distribution (Nov 03, 2024 and later versions). This means that from now on addresses containing UTF8 characters like mimì@domain.tld or even आर्न्ट@यूनिवर्सल.भारत will be accepted provided that the remote server advertises the SMTPUTF8 verb after the MAIL FROM. If the remote server doesn't advertise SMTPUTF8 capabilities, then the conversation goes as in the past with no allowed UTF8 characters in the email addresses, with a few exceptions for special chars like $%?*^~&/\£#+_-.=
I also had to modify the Mail Address Verification program shipped by chkuser because, if activated by defining the CHKUSER_SENDER_FORMAT and/or CHKUSER_RCPT_FORMAT variables, it accepted only ASCII characters plus a small set of additional UTF8 in user and domain names. And since I was there I simplyfied the code dropping a couple of functions and variables.
19 agosto 2025 - netqmail-1.07.1 ora compila con gcc 15.2
10 febbraio 2025 - i sorgenti di netqmail sono ora compatibili con le nuove versioni di gcc e clang. - rinominati come netqmail-1.07 i vecchi sorgenti di netqmail
Mailman è un software libero per la gestione delle discussioni via mail e le liste di distribuzione. Mailman è integrato con il web, al fine di semplificare agli utenti la gestione degli account e agli ai proprietari (owners) l'amministrazione delle liste. Mailman comprende come parte integrante il sistema di archiviazione, il processamento automatico dei rimbalzi (bounce), il filtro dei contenuti, la spedizione dei digest, filtri anti spam, e altro.
Mailman è un software libero distribuitosotto la GNU General Public License, e scritto nel linguaggio di programmazione Python.
Per mia comodità di lavoro, ho spostato il codice sorgente di daemontools, qmail, vpopmail, qmailadmin e simscan su github. Da ora in avanti, invece dui rilasciare nuove patch di questi programmi pubblicherò un pacchetto sulla piattaforma github, che sarà linkato da qui. Ciononostante questo spazio web rimarrà il posto ove reperire le informazioni ed eventualmente chiedere supporto. Noterete che gli "issues" nel mio spazio github sono disabilitati, poichè vorrei centralizzare qui le discussioni.
vpopmail sarà scaricato da https://github.com/brunonymous/vpopmail. Questi ragazzi francesi hanno fatto un enorme lavoro rilasciando una nuova versione di vpopmail che include moltissime patche, tra cui le mie. Cosa più importante, hanno ripulito e corretto il codice, e aggiunto diverse funzionalità che potete vedere nel changelog.
SPF è in conflitto con il reindirizzamento delle email. SRS è un metodo che consente di risolvere questo problema mediante la riscrittura degli indirizzi email.
NB: Se si è effettuata 'configurazione rapida' basata sullo script config-all, il sistema SRS è stato già configurato. E' solo necessario tener presente che il dominio srs_domain coincide con il dominio in control/me domain, ovvero il nome della propria MTA.
Configurazione
Configurare srsfilter in modo tale che il programma sia lanciato ogni qual volta viene ricevuto un messaggio per l'utente srs:
Quindi creare e configurare un dominio virtuale da usare esclusivamente per l'SRS. Si tenga presente questo dominio virtuale non deve essere creato, come siamo abituati a fare, dal programma vadddomain, poichè esso ha il solo scopo di lanciare srsfilter attraverso l'account fittizio alias/.qmail-srs-default che abbiamo creato prima. Notare la differente sintassi di questa linea nel file virtualdomains rispetto ai domini virtuali regolari:
Quell'srs dopo i due punti : sarà usato da qmail-local come un prefisso negli indirizzi locali associati a srs.mydomain.tld e sarà gestito da .qmail-srs-default, dal momento che nessun altro utente srs esiste. Per esempio:
2023-06-20 22:55:51.265166500 starting delivery 62: msg 32560286 to local srs-SRS0=jiQ3=CI=gmail.com=sender@srs.mydomain.tld
Fare riferimento alla "bibbia" Life With Qmail per comprendere meglio la logica sottostante, specialmente per quanto concerne i concetti relativi a virtual domains, aliases, .qmail e extensions addresses.
Aggiungere srs.mydomain.tld a rcpthosts di modo che qmail-smtpd sappia che deve spedire localmente i messaggi per quel dominio. Non aggiungerlo al file control/locals altrimenti il file virtualdomains sarà ignorato e srsfilter non verrà lanciato.
Porre srs.mydomain.tld nel file srs_domain, di modo che srsfilter lo utilizzi nella riscrittura degli indirizzi per tutti i domini virtuali. Creare anche il file srs_secret. E' una stringa casuale che serve a generare e controllare gli indirizzi SRS.
Queste sono le uniche impostazioni obbligatorie; vedere i link in testa a questa pagina per avere informazioni riguardanti gli altri parametri che è possibile impostare.
Naturalmente è necessario dotare, nel proprio DNS, il dominio srs_domain appena creato di un record MX valido e anche di un record SPF come il seguente:
srs.mydomain.tld. IN TXT "v=spf1 a mx -all"
E' anche necessario configurare i record DKIM e DMARC per il dominio srs.mydomain.tld. Questo per soddisfare le politiche di google, che è uno dei provider più stringenti.
Inoltre, dovremmo aver già creato un analogo record SPF anche per il dominio che compare in control/me. Se non lo si è ancora fatto, sarà bene farlo ora.
Possiamo ora riavviare qmail e testare il nostro sistema SRS.
Questa pagina riguarda la patch DKIM inclusa nella mia patch combinata (maggiori informazioni qui). Questo argomento è avanzato ed è consigliabile tornare qui alla fine del tutto.
Mirko Buffoni ha pubblicato in un commento una piccola modifica che consente di firmare i messaggi inviati dagli utenti autenticati e di verificare quelli degli utenti non autenticati.
DKIM fornisce un metodo per validare l'identità di un nome a dominio associato a un messaggio con una autenticazione crittografata. La tecnica di validazione è basata sulla crittografia di una chiave pubblica: Il server che invia l'email aggiunge il nome a dominio al messaggio e vi affigge una firma digitale. Questa chiave è posta nell'intestazione DKIM-Signature: del messaggio. Colui che riceve il messaggio può controllare la validità della chiave pubblica leggendo un record TXT del DNS del dominio associato al messaggio.
Sei invitato a dare un'occhiata alle pagine man a partire da qmail-dkim(8) e spawn-filter(8).
Changelog
Jul 10, 2025 added ERROR_FD=2 in control/filterargs to send error output of qmail-dkim in stderr when acting as a qmail-remote filter (Andreas Gerstlauer)
Feb 12, 2024 - v. 1.48: fixed minor bug using filterargs for local deliveries (commit)
Feb 6, 2024 -DKIM patch upgraded to v. 1.47 * fixed a bug which was preventing filterargs' wildcards to work properly on sender domain
Jan 11, 2024 - version 1.46 * dk-filter.sh has been dropped. If signing at qmail-remote level, before upgrading, you have to review the configuration as explained below. * The variables USE_FROM, USE_SENDER and DKIMDOMAIN have been dropped * when signing at qmail-remote level qmail-dkim now has to be called directly by spawn-filter in the rc file. man spawn-filter for more info * In case of bounces the signature will be automatically based on the from: field. This will solve issues of DMARC reject by google in case of sieve/vacation bounces. * In case of ordinary bounces (mailbox not found, for instance) the bounce domain will be taken from control/bouncehost and, if doesn't exist, from control/me
Jan 4, 2024 - patch upgraded to v. 1.44 * fixed an issue with filterargs where spawn-filter is trying to execute remote:env xxxxx.... dk-filter. This issue happens when FILTERARGS environment variable is not defined in the qmail-send rc script. * dkim.c fix: https://notes.sagredo.eu/en/qmail-notes-185/configuring-dkim-for-qmail-92.html#comment3668 * adjustments fo dk-filter and dknewkey man pages
Nov 20, 2023 * The patch now by default excludes X-Arc-Authentication-Results * dkim can additionally use the environment variable EXCLUDE_DKIMSIGN to include colon separated list of headers to be excluded from signing (just like qmail-dkim). If -X option is used with dk-filter, it overrides the value of EXCLUDE_DKIMSIGN.
Feb 19, 2023 (v. 1.37 upgrade) - ed25519 support (RFC 8463) - multiple signatures/selectors via the enhanced control/dkimkeys or DKIMSIGN / DKIMSIGNEXTRA / DKIMSIGNOPTIONSDKIMSIGNOPTIONSEXTRA variables - domainkey script replaced by dknewkey in order to create ed25519 keys and rsa keys with 1024/2048/4096 bit - dropped yahoo's domainkeys support (no longer need the libdomainkeys.a library) - man pages revised and enhanced - domainkeys directory moved to /var/qmail/control/domainkeys - the documentation in this page has been revised. You can find how to sign with the rsa key together with the ed25519 key below.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) è un metodo standard per l'autenticazione delle email, che aiuta gli amministratori della posta a impedire che hacker e altri malintenzionati eseguano lo spoofing dell'organizzazione e del dominio Lo spoofing è un tipo di attacco che falsifica l'indirizzo nell'intestazione Da: di un messaggio email. Un messaggio contraffatto mediante lo spoofing sembra provenire dall'organizzazione o dal dominio la cui identità è stata rubata.
DMARC ti permette anche di richiedere rapporti dai server email che ricevono i messaggi dalla tua organizzazione o dal tuo dominio. I rapporti contengono informazioni utili per identificare possibili problemi di autenticazione e attività dannose nei messaggi inviati dal tuo dominio.
Added support for welcomelists, TXT and A queries, configurable return codes 451 or 553 with custom messages (by Luca Franceschini)
Questa patch sostituisce il programma rblsmtpd dell'autore dello stesso qmail, Daniel Bernstein. Essa incorpora la parte riguardante il controllo nelle Block List all'interno di qmail-smtpd con il vantaggio che si può vedere l'envelope dalla lettura del log. Registrare l'envelope accanto all'IP bannato è importante per poter risalire sempre a che fine hanno fatto i messaggi non ricevuti e poter così dare risposte certe ai nostri utenti.
Un'altra miglioria di questa patch rispetto al vecchio rblsmtpd è che gli utenti che si autenticano per inviare la posta da remoto con un IP dinamiconon vengono bannati e quindi possiamo ora attivare il filtro anche sulla porta 587.
qmail-spp provides plug-in support for qmail-smtpd. It allows you to write external programs and use them to check SMTP command argument validity. The plug-in can trigger several actions, like denying a command with an error message, logging data, adding a header and much more.
Today I played for the first time with an ancient patch for qmail: qmail-spp. I was really impressed for the ease of use and the elegance of its code, which is inserted inside qmail-smtpd.c with a few touches, despite of the many things that it can do when installed and enabled.
It can run a custom plugin in any language and at any level of the smtp session, grabbing the environment variables, writing into stderr or blocking the smtp session with a return error for the sender.
In no time at all I managed to understand its logic and write a small plugin by adapting a c program I wrote for s/qmail a few months ago to check the validity of the recipient.
Of course I decided to add this patch to my combo. I've just modified the way it has to be enabled, just not to bother those who don't want to touch their run scripts. So, while the original patch is enabled by default, I modified things a little bit so that you have to manually enable it by exporting the variable ENABLE_SPP in your run scripts. Therefore the original NOSPP variable is useless.
Ora che abbiamo preparato i filtri antispam dobbiamo addestrare il nostro sistema bayesiano e inviare i report a Razor, Pyzor e Spamcop.
La cosa più ovvia che può venirci in mente di fare a questo punto è forse quella di lanciare sa_learn e spamassassin --report uno dopo l'altro al click sul bottone "Marca come Spam" della webmail Roundcube (vedere i driver cmd_learn e multi_driver del plugin markasjunk), ma questa scelta ha alcuni svantaggi importanti:
il processo di addestramento, la conseguente sincronizzazione del journal e la connessione ai vari network per il reporting può richiedere anche una decina di secondi, un tempo che i nostri utenti non sono disposti ad attendere.
cosa anche più grave, quando essi cliccano sul bottone "Marca come Spam" non è sempre detto che si tratti di un vero messaggo di posta indesiderata. Prendiamo ad esempio il classico caso delle newsletter a cui si sono regolarmente iscritti e che non vogliono più leggere, e che decidono di eliminare etichettandole come spamming anzichè inoltrare una regolare richiesta di cancellazione.
E' qundi più corretto eseguire questi due compiti durante la notte per mezzo di un cronjob (primo problema risolto), processando i soli messaggi di vero spam/ham che l'utente ha consapevolmente copiato in una cartella apposita (secondo problema).
Tired of the nightmares of remotely compiling the kernel with Linux-VServer, a software that I'm pleased with despite of some lack of documentation, these days I was playing with LXC, which is included and supported by Slackware and for which the Linux kernel doesn't need any patching because it already embeds the hacks for LXC containers.
To convert an existing Linux-VServer container in a (eventually unprivileged) LXC container you can follow these steps. I assume that you already know how to create an LXC container; in case you are interested in unprivileged containers take a look to the excellent Chris Willing's guide (a big thanks to him) linked below.
Era ora che riuscissi a liberarmi della vecchia piattaforma Drupal come strumento per questo blog, ma finalmente ho trovato il tempo per migrare il database di Drupal e per riprendere qui la vecchia grafica (solo lo stile, il codice html è mio).
D'altronde, da almeno 15 anni porto avanti lo sviluppo di un mio CMS (basato su php/mariadb), che però originariamente non avevo usato per la mancanza del tempo necessario a costruirmi un tema html.
Ora il sito vive in ambiente Mobile Responsive e soprattutto mi consente di svincolarmi dagli incubi degli aggiormanti di Drupal e dei suoi pacchetti.
La parte sui commenti del presente CMS non è perfettamente collaudata e mi farebbe piacere avere eventualmente dei feedback su ogni problematica, quindi non esitate a scrivermi al riguardo.
It’s our 100th episode spectacular! We look back at some of the memes and themes of our first hundred episodes including our obsession with old hardware, our silly challenges, our move away from custom phone ROMs, our disappointment with Arm desktop Linux, composable/immutable distros, how we’ve changed as people, and more.
To celebrate the 256 milestone we devote the whole episode to explaining why we use ZFS. We explain about data safety, data retention, data portability, and ease of administration.
Mixed gaming news, Google’s AI is seemingly inescapable, SUSE offers Europe-only support, Ubuntu is dropping support for loads of RISC-V boards in favour of future ones, a quick KDE Korner, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
How we access home environments from outside the home network while trying to stay secure using VPNs, Wireguard, overlay VPNs (like Tailscale and Nebula) and reverse proxies. Sean introduces us to Pangolin as an open source alternative middle-ground.
Microsoft offers Windows 10 updates in return for your settings data, Denmark wants to protect against deepfakes using copyright, someone is wrong on the Internet about RAID, and getting a sysadmin job in your late 40s.
Whether we’d live in the country side or the city, the best Christmas presents we got as kids, and our Christmas movie traditions. With Allan from 2.5 Admins, Martin, Mark and Alan from Linux Matters, and Gary from Linux After Dark and Hybrid Cloud Show.
Patrons got this this in their feed two weeks ago.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
Joe can’t decide which distro to use for a proper KDE Plasma test, an easy way to develop Home Assistant integrations, automating lights, fixing the Telegram snap on Wayland, some AI bollocks, and a browser extension to automatically use privacy-preserving versions of big websites.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required. Use code Linux25 for three free months of any Tailscale paid plan.
1Password Extended Access Management
Take the first step to better security for your team by securing credentials and protecting every application — even unmanaged shadow IT.
Learn more at 1password.com/latenightlinux
A vulnerability in sudo brings up concerns about feature-creep, and makes us consider alternatives. Plus Broadcom starts auditing VMware customers, and how to decide which outbound ports to open on a large network’s firewall.
Linux gaming goes from strength to strength but puts off the inevitable death of 32-bit x86, devs are sick of companies expecting free fixes, Creative Commons disappoints on AI, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
How much observability and monitoring is really needed, the tooling people actually use (from Datadog and Grafana Cloud to open source options like Prometheus, Loki, and Tempo), and how to approach observability without overcomplicating things.
Jim is concerned that we might not see another next-gen filesystem that can compete with ZFS, no matter how much we all want one. Plus whether you should switch to third-party firmware on your router.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Making music with code in real time, fancy rsync, an open source real time strategy engine, advanced print debugging, EU-based DNS resolvers, and European government departments moving away from Microsoft and they might stick with Linux and FOSS this time.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Nintendo cuts off Switches that dare to play backed up games, more Microsoft AI exploits, why you shouldn’t regularly spin down hard drives, and securing applications on a home server.
X11 is basically dead (again) and we are quite pleased, the Linux Foundation sets out to fix the WordPress mess and some of us are cynical, custom ROMs for Pixel phones are going to be much more difficult to make, Apple is adding proper OCI containers to macOS, and more.
This episode is sponsored by Tailscale. It’s an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Entroware
This episode is sponsored by Entroware. They are a UK-based company who sells computers with Ubuntu preinstalled. They have configurable laptops, desktops and servers to suit a wide range of Linux users. Check them out and don’t forget to mention us at checkout if you buy one of their great machines.
How we deal with complex projects involving non-technical people as well as developers. How to manage expectations about timing, how to deal with issues, why documenting conversations is important, and more.
SharePoint is exploitable by Microsoft’s AI, NIST proposes a new metric for exploited vulnerabilities, SBCs that look cool for a mini NAS and a router, and setting up a first NAS with 4 disks.
Sports we’d take up if we were less unfit and lazy, whether we listen to our own podcasts, what the best time of day is, and our favourite sci-fi shows. With Allan from 2.5 Admins, and Martin from Linux Matters.
Patrons got this this in their feed two weeks ago.
Go to Nerdy Day Trips² and submit your favourite fascinating places to visit around the world – science museums, observatories, maker spaces, research facilities, and other spots that’ll scratch a curiosity itch.
Mark has been pushing the limits of his Steam Deck playing Avowed.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Redis finally picks the right licence but it’s probably too late, the Ubuntu release process is being modernised, GNOME drops X11 for good and gets a new Executive Director, the Android Desktop mode is officially happening, and Linux Format magazine is no more. Plus a cool Frigate update, auto dark mode in Plasma, and Fender’s new audio workstation is released for Linux.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Some of our hot takes and some from other people. Your OS is a passive gateway to apps and services, OSTree sucks, when you need to reboot Ubuntu is a mystery, stop hiding things from users, Chris needs an “I use Debian by the way” t-shirt, and more.
Google bypasses the usual channels to distrust two certificate authorities, Meta’s new escalation in the privacy arms race, Allan gives us the inside details of a new mixed-disk-size ZFS RAID feature, and moving from UniFi gear to TP-Link.
This article was contributed by Vedrana Vidulin, Head of Responsible AI Unit at Intellias (LinkedIn).
As AI becomes central to smart devices, embedded systems, and edge computing, the ability to run language models locally — without relying on the cloud — is essential. Whether it’s for reducing latency, improving data privacy, or enabling offline functionality, local AI inference opens up new opportunities across industries. LiteLLM offers a practical solution for bringing large language models to resource-constrained devices, bridging the gap between powerful AI tools and the limitations of embedded hardware.
Deploying LiteLLM, an open source LLM gateway, on embedded Linux unlocks the ability to run lightweight AI models in resource-constrained environments. Acting as a flexible proxy server, LiteLLM provides a unified API interface that accepts OpenAI-style requests — allowing you to interact with local or remote models using a consistent developer-friendly format. This guide walks you through everything from installation to performance tuning, helping you build a reliable, lightweight AI system on embedded Linux distribution.
Setup checklist
Before you start, here’s what’s required:
A device running a Linux-based operating system (Debian) with sufficient computational resources to handle LLM operations.
Python 3.7 or higher installed on the device.
Access to the internet for downloading necessary packages and models.
Step-by-Step Installation
Step 1: Install LiteLLM
First, we make sure the device is up to date and ready for installation. Then we install LiteLLM in a clean and safe environment.
Update the package lists to ensure access to the latest software versions:
sudo apt-get update
Check if pip (Python Package Installer) is installed:
pip –version
If not, install it using:
sudo apt-get install python3-pip
It is recommended to use a virtual environment. Check if venv is installed:
dpkg -s python3-venv | grep “Status: install ok installed”
If venv is intalled the output would be “Status: install ok installed”. If not installed:
Use pip to install LiteLLM along with its proxy server component:
pip install ‘litellm[proxy]’
Use LiteLLM within this environment. To deactivate the virtual environment type deactivate.
Step 2: Configure LiteLLM
With LiteLLM installed, the next step is to define how it should operate. This is done through a configuration file, which specifies the language models to be used and the endpoints through which they’ll be served.
Navigate to a suitable directory and create a configuration file named config.yaml:
This configuration maps the model name codegemma to the codegemma:2b model served by Ollama at http://localhost:11434.
Step 3: Serve models with Ollama
To run your AI model locally, you’ll use a tool called Ollama. It’s designed specifically for hosting large language models (LLMs) directly on your device — without relying on cloud services.
To get started, install Ollama using the following command:
curl -fsSL https://ollama.com/install.sh | sh
This command downloads and runs the official installation script, which automatically starts the Ollama server.
Once installed, you’re ready to load the AI model you want to use. In this example, we’ll pull a compact model called codegemma:2b.
ollama pull codegemma:2b
After the model is downloaded, the Ollama server will begin listening for requests — ready to generate responses from your local setup.
Step 4: Launch the LiteLLM proxy server
With both the model and configuration ready, it’s time to start the LiteLLM proxy server — the component that makes your local AI model accessible to applications.
To launch the server, use the command below:
litellm –config ~/litellm_config/config.yaml
The proxy server will initialize and expose endpoints defined in your configuration, allowing applications to interact with the specified models through a consistent API.
Step 5: Test the deployment
Let’s confirm if everything works as expected. Write a simple Python script that sends a test request to the LiteLLM server and save it as test_script.py:
import openai client = openai.OpenAI(api_key=“anything”, base_url=“http://localhost:4000“)response = client.chat.completions.create( model=“codegemma”, messages=[{“role”: “user”, “content”: “Write me a Python function to calculate the nth Fibonacci number.”}])print(response)
Finally, run the script using this command:
python3 ./test_script.py
If the setup is correct, you’ll receive a response from the local model — confirming that LiteLLM is up and running.
Optimize LiteLLM performance on embedded devices To ensure fast, reliable performance on embedded systems, it’s important to choose the right language model and adjust LiteLLM’s settings to match your device’s limitations.
Choosing the Right Language Model
Not every AI model is built for devices with limited resources — some are just too heavy. That’s why it’s crucial to go with compact, optimized models designed specifically for such environments:
DistilBERT – a distilled version of BERT, retaining over 95% of BERT’s performance with 66 million parameters. It’s suitable for tasks like text classification, sentiment analysis, and named entity recognition.
TinyBERT – with approximately 14.5 million parameters, TinyBERT is designed for mobile and edge devices, excelling in tasks such as question answering and sentiment classification.
MobileBERT – optimized for on-device computations, MobileBERT has 25 million parameters and achieves nearly 99% of BERT’s accuracy. It’s ideal for mobile applications requiring real-time processing.
TinyLlama – a compact model with approximately 1.1 billion parameters, TinyLlama balances capability and efficiency, making it suitable for real-time natural language processing in resource-constrained environments.
MiniLM – a compact transformer model with approximately 33 million parameters, MiniLM is effective for tasks like semantic similarity and question answering, particularly in scenarios requiring rapid processing on limited hardware.
Selecting a model that fits your setup isn’t just about saving space — it’s about ensuring smooth performance, fast responses, and efficient use of your device’s limited resources.
Configure settings for better performance
A few small adjustments can go a long way when you’re working with limited hardware. By fine-tuning key LiteLLM settings, you can boost performance and keep things running smoothly.
Restrict the number of tokens
Shorter responses mean faster results. Limiting the maximum number of tokens in response can reduce memory and computational load. In LiteLLM, this can be achieved by setting the max_tokens parameter when making API calls. For example:
import openai client = openai.OpenAI(api_key=“anything”, base_url=“http://localhost:4000“)response = client.chat.completions.create( model=“codegemma”, messages=[{“role”: “user”, “content”: “Write me a Python function to calculate the nth Fibonacci number.”}], max_tokens=500 # Limits the response to 500 tokens)print(response)
Adjusting max_tokens helps keep replies concise and reduces the load on your device. Managing simultaneous requests
If too many requests hit the server at once, even the best-optimized model can get bogged down. That’s why LiteLLM includes an option to limit how many queries it processes at the same time. For instance, you can restrict LiteLLM to handle up to 5 concurrent requests by setting max_parallel_requests as follows:
This setting helps distribute the load evenly and ensures your device stays stable — even during periods of high demand. A Few More Smart Moves
Before going live with your setup, here are two additional best practices worth considering:
Secure your setup – implement appropriate security measures, such as firewalls and authentication mechanisms, to protect the server from unauthorized access.
Monitor performance – use LiteLLM’s logging capabilities to track usage, performance, and potential issues.
LiteLLM makes it possible to run language models locally, even on low-resource devices. By acting as a lightweight proxy with a unified API, it simplifies integration while reducing overhead. With the right setup and lightweight models, you can deploy responsive, efficient AI solutions on embedded systems — whether for a prototype or a production-ready solution.
Summary
Running LLMs on embedded devices doesn’t necessarily require heavy infrastructure or proprietary services. LiteLLM offers a streamlined, open-source solution for deploying language models with ease, flexibility, and performance — even on devices with limited resources. With the right model and configuration, you can power real-time AI features at the edge, supporting everything from smart assistants to secure local processing.
Join Our Community
We’re continuously exploring the future of tech, innovation, and digital transformation at Intellias — and we invite you to be part of the journey.
Visit our Intellias Blog and dive deeper into industry insights, trends, and expert perspectives.
This article was written by Vedrana Vidulin, Head of Responsible AI Unit at Intellias. Connect with Vedrana through her LinkedIn page.
Mozilla kills Pocket and Fakespot, SteamOS is now available for devices other than the Steam Deck, Nextcloud’s Android app was missing key functionality until they made a public stink about it, WSL is now open source, there’s a new open source command-line text editor in Windows, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
1Password Extended Access Management
Take the first step to better security for your team by securing credentials and protecting every application — even unmanaged shadow IT.
Learn more at 1password.com/latenightlinux
Locating people with just a phone call, Google forces a change to Let’s Encrypt certificates, yet another example of a “lifetime” subscription being cut short, connecting drives to a small form factor machine, and managing ssh keys with LDAP.
Martin completes his Fedi-migration from Fosstodon to GoToSocial.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Running an old version of Windows on a Wii for some reason, a nice way to learn programming languages, a couple of very different games, more documentation tools, and moving to a new Mastodon instance.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
We recently talked about the lowest-end hardware we’d be willing to use as a daily desktop machine, but what about headless boxes? It turns out that it depends on what exactly it’s doing and to what extent we have to actively interact with it. Ultimately we could probably use slower hardware than we actually do if it came to it.
TrueNAS drops FreeBSD but there’s a community fork, the elusive ZFS send bug that affected encrypted datasets is finally identified and fixed, why the Raspberry Pi doesn’t make a great NAS, and when to use the zpool checkpoint feature.
It’s the wheel of misfortune! Roughly 50 (mostly) Linux-related things are on the wheel, we take turns spinning it, and we all have to say at least some positive things about the thing we land on. (It makes sense once we start).
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
It’s another hot questions episode. Tabs vs spaces, whether we have imposter syndrome, why software keeps getting heavier, the correct length of functions and files, and what every programmer should know.
Sean tells us about bootable containers and asks for our opinions on how he plans to use them with Kubernetes. He mentions Talos Linux.
Send your questions and feedback to show@hybridcloudshow.com
Insta360 X5 Camera
To get a free invisible selfie stick worth US$24.99 with your purchase, go to store.insta360.com and use the promo code “hybridcloud”, available for the first 30 standard package purchases only.
The basic computer science problems that still remain unsolvable, why you shouldn’t trust AI to tune ZFS (or answer any admin questions), and setting up a check-in system for a group of friends.
Our least favourite fandoms, frivolous things we’d buy, favourite childhood TV shows and movies, and house cleaning hacks. With Amolith, Kevin, and Andy from Linux Dev Time.
Patrons got this this in their feed two weeks ago.
Alan has been using bots, to build bots, that pretend not to be bots.
Martin fell down a rabbit hole filled with keyswitches and keycaps.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth.
Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions like UTMStack, an open source Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) solution, streamlines this complex task by leveraging its built-in log centralization, correlation, and automated compliance evaluation capabilities. This article explores how UTMStack simplifies compliance management by automating assessments, continuous monitoring, and reporting.
Understanding Compliance Automation with UTMStack
UTMStack inherently centralizes logs from various organizational systems, placing it in an ideal position to dynamically assess compliance controls. By continuously processing real-time data, UTMStack automatically evaluates compliance with critical controls. For instance, encryption usage, implementation of two-factor authentication (2FA) and user activity auditing among many others can be evaluated automatically.
Figure 1: Automated evaluation of Compliance framework controls.
Example Compliance Control Evaluations:
Encryption Enforcement: UTMStack continuously monitors logs to identify instances where encryption is mandatory (e.g., data in transit or at rest). It evaluates real-time compliance status by checking log events to confirm whether encryption protocols such as TLS are actively enforced and alerts administrators upon detection of potential non-compliance. The following event, for example would trigger an encryption control failure:
“message”: [{“The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate”.}]
Two-Factor Authentication (2FA): By aggregating authentication logs, UTMStack detects whether 2FA policies are consistently enforced across the enterprise. Compliance is assessed in real-time, and automated alerts are generated if deviations occur, allowing immediate remediation. Taking Office365 as an example, the following log would confirm the use of 2FA in a given use authentication attempt:
User Activity Auditing: UTMStack processes comprehensive activity logs from applications and systems, enabling continuous auditing of user and devices actions. This includes monitoring privileged account usage, data access patterns, and identifying anomalous behavior indicative of compliance risks. This is a native function of UTMSatck and automatically checks the control if the required integrations are configured.
No-Code Compliance Automation Builder
One of UTMStack’s standout features is its intuitive, no-code compliance automation builder. Organizations can easily create custom compliance assessments and automated monitoring workflows tailored to their unique regulatory requirements without any programming experience. This flexibility empowers compliance teams to build bespoke compliance frameworks rapidly that update themselves and send reports on a schedule.
Figure 2: Compliance Framework Builder with drag and drop functionality.
Creating Custom Compliance Checks
UTMStack’s no-code interface allows users to:
Define custom compliance control logic visually.
Establish automated real-time monitoring of specific compliance conditions.
Generate and schedule tailored compliance reports.
This approach significantly reduces the administrative overhead, enabling compliance teams to respond swiftly to evolving regulatory demands.
Unified Compliance Management and Integration
Beyond automation, UTMStack serves as a centralized compliance dashboard, where controls fulfilled externally can be manually declared compliant within the platform. This unified “pane of glass” ensures that all compliance assessments—automated and manual—are consolidated into one comprehensive view, greatly simplifying compliance audits.
Moreover, UTMStack offers robust API capabilities, facilitating easy integration with existing Governance, Risk, and Compliance (GRC) tools, allowing seamless data exchange and further enhancing compliance management.
Sample Use Case: CMMC Automation
For CMMC compliance, organizations must demonstrate rigorous data security, availability, processing integrity, confidentiality, and privacy practices. UTMStack automatically evaluates controls related to these areas by analyzing continuous log data, such as firewall configurations, user access patterns, and audit trails.
Automated reports clearly detail compliance status, including specific control numbers and levels, enabling organizations to proactively address potential issues, dramatically simplifying CMMC assessments and future audits.
Figure 3: CMMC Compliance Control details
Compliance Control Evidence Remediation
When a framework control is identified as compliant, UTMStack automatically gathers the necessary evidence to demonstrate compliance. This evidence includes logs extracted from source systems and a dedicated, interactive dashboard for deeper exploration and analysis. Conversely, if the control evaluation identifies non-compliance, UTMStack employs an AI-driven technique known as Retrieval-Augmented Generation to provide remediation steps to security analysts and system engineers.
Compliance controls for each framework are not only evaluated but also provide dashboards for better understanding and navigation:
Figure 4: Compliance automation dashboards.
API-First Compliance Integration
UTMStack’s API-first approach enables compliance automation workflows to integrate effortlessly into existing IT ecosystems. Organizations leveraging various GRC platforms can easily synchronize compliance data, automate reporting, and centralize compliance evidence, thus minimizing manual data handling and significantly improving accuracy and efficiency.
Summary
Compliance management doesn’t have to be complicated or resource-draining. UTMStack’s open source SIEM and XDR solution simplifies and automates compliance with major standards such as CMMC, HIPAA, PCI DSS, SOC2, GDPR, and GLBA. By continuously monitoring logs, dynamically assessing compliance controls, and providing a user-friendly, no-code automation builder, UTMStack dramatically reduces complexity and enhances efficiency.
Organizations can easily customize and automate compliance workflows, maintain continuous monitoring, and integrate seamlessly with existing compliance tools, making UTMStack an invaluable resource for streamlined compliance management.
Join Our Community
We’re continuously improving UTMStack and welcome contributions from the cybersecurity and compliance community.
GitHub Discussions: Explore our codebase, submit issues, or contribute enhancements.
Discord Channel: Engage with other users, share ideas, and collaborate on improvements.
Your participation helps shape the future of compliance automation. Join us today!
The US government is trying to break up Google which sounds like a great idea, but it is potentially catastrophic news for Mozilla and Firefox. Alex from Open Web Advocacy tells us all about it. But first we talk about blocking ads on the web with Pi-hole, uBlock Origin, and AdGuard public DNS.
Tailscale
This episode is sponsored by Tailscale. It’s an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Entroware
This episode is sponsored by Entroware. They are a UK-based company who sells computers with Ubuntu preinstalled. They have configurable laptops, desktops and servers to suit a wide range of Linux users. Check them out and don’t forget to mention us at checkout if you buy one of their great machines.
Old passwords work for Windows RDP, Broadcom shows why perpetual software licenses aren’t really forever, Windows Server is getting hotpatching, and preventing changes to archived files.
Italian Linux Society ha partecipato alla consultazione pubblica AGCOM 31/25/CONS.
Obiettivo: Libera scelta del modem anche per le connessioni in fibra.
Wikipedia is attacked by Trump lackeys, Bluesky folds under pressure from the Turkish government, Linux YouTube is terrible as usual, Microsoft wants you to use the “proper” VS Code, Intel AI chips aren’t selling well, yet another open source project has to deal with crawlers, TrueNAS goes Linux-only, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Aaron and Shane both recently had a bad experience when buying hard drives, the hardware we picked for our homelabs, why gigabit LANs aren’t quite cutting it anymore, an update on Shane’s janky Kubernetes setup, and more.
Send your questions and feedback to show@hybridcloudshow.com
Insta360 X5 Camera
To get a free invisible selfie stick worth US$24.99 with your purchase, go to store.insta360.com and use the promo code “hybridcloud“, available for the first 30 standard package purchases only.
Crosswalks were comically vulnerable to being hacked, even Google struggles with tiered SSD and HDD storage, some insight into how AI scrapers are using domestic IPs, and creating a ZFS mirror one disk at a time.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Cheap handheld retro gaming, F1 stats in the terminal, running binaries as if they were Python functions, websites that look like TUIs, basic graphics manipulation, strange old audio archives, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence of a shell and the inability to log in via SSH. All configuration of Talos Linux is done through a Kubernetes-like API.
Talos Linux is provided as a set of pre-built images for various environments.
The standard installation method assumes you will take a prepared image for your specific cloud provider or hypervisor and create a virtual machine from it. Or go the bare metal route and load the Talos Linux image using ISO or PXE methods.
Unfortunately, this does not work when dealing with providers that offer a pre-configured server or virtual machine without letting you upload a custom image or even use an ISO for installation through KVM. In that case, your choices are limited to the distributions the cloud provider makes available.
Usually during the Talos Linux installation process, two questions need to be answered: (1) How to load and boot the Talos Linux image, and (2) How to prepare and apply the machine-config (the main configuration file for Talos Linux) to that booted image. Let’s talk about each of these steps.
Booting into Talos Linux
One of the most universal methods is to use a Linux kernel mechanism called kexec.
kexec is both a utility and a system call of the same name. It allows you to boot into a new kernel from the existing system without performing a physical reboot of the machine. This means you can download the required vmlinuz and initramfs for Talos Linux, and then, specify the needed kernel command line and immediately switch over to the new system. It is as if the kernel were loaded by the standard bootloader at startup, only in this case your existing Linux operating system acts as the bootloader.
Essentially, all you need is any Linux distribution. It could be a physical server running in rescue mode, or even a virtual machine with a pre-installed operating system. Let’s take a look at a case using Ubuntu on, but it can be literally any other Linux distribution.
Log in via SSH and install the kexec-tools package, it contains the kexec utility, which you’ll need later:
apt install kexec-tools -y
Next, you need to download the Talos Linux, that is the kernel and initramfs. They can be downloaded from the official repository:
If you have a physical server rather than a virtual one, you’ll need to build your own image with all the necessary firmware using Talos Factory service. Alternatively, you can use the pre-built images from the Cozystack project (a solution for building clouds we created at Ænix and transferred to CNCF Sandbox) – these images already include all required modules and firmware:
Now you need the network information that will be passed to Talos Linux at boot time. Below is a small script that gathers everything you need and sets environment variables:
You can pass these parameters via the kernel cmdline. Use ip= parameter to configure the network using the Kernel level IP configuration mechanism for this. This method lets the kernel automatically set up interfaces and assign IP addresses during boot, based on information passed through the kernel cmdline. It’s a built-in kernel feature enabled by the CONFIG_IP_PNP option. In Talos Linux, this feature is enabled by default. All you need to do is provide a properly formatted network settings in the kernel cmdline.
The first command loads the Talos kernel into RAM, the second command switches the current system to this new kernel.
As a result, you’ll get a running instance of Talos Linux with networking configured. However it’s currently running entirely in RAM, so if the server reboots, the system will return to its original state (by loading the OS from the hard drive, e.g., Ubuntu).
Applying machine-config and installing Talos Linux on disk
To install Talos Linux persistently on the disk and replace the current OS, you need to apply a machine-config specifying the disk to install. To configure the machine, you can use either the official talosctl utility or the Talm, utility maintained by the Cozystack project (Talm works with vanilla Talos Linux as well).
First, let’s consider configuration using talosctl. Before applying the config, ensure it includes network settings for your node; otherwise, after reboot, the node won’t configure networking. During installation, the bootloader is written to disk and does not contain the ip option for kernel autoconfiguration.
Here’s an example of a config patch containing the necessary values:
When you have a lot of configs, you’ll want a convenient way to manage them. This is especially useful with bare-metal nodes, where each node may have different disks, interfaces and specific network settings. As a result, you might need to hold a patch for each node.
To solve this, we developed Talm — a configuration manager for Talos Linux that works similarly to Helm.
The concept is straightforward: you have a common config template with lookup functions, and when you generate a configuration for a specific node, Talm dynamically queries the Talos API and substitutes values into the final config.
Talm includes almost all of the features of talosctl, adding a few extras. It can generate configurations from Helm-like templates, and remember the node and endpoint parameters for each node in the resulting file, so you don’t have to specify these parameters every time you work with a node.
Let me show how to perform the same steps to install Talos Linux using Talm:
First, initialize a configuration for a new cluster:
Talm automatically detects the node address and endpoint from the “modeline” (a conditional comment at the top of the file) and applies the config.
You can also run other commands in the same way without specifying node address and endpoint options. Here are a few examples:
View the node status using the built-in dashboard command:
talm dashboard -f nodes/node1.yaml
Bootstrap etcd cluster on node1:
talm bootstrap -f nodes/node1.yaml
Save the kubeconfig to your current directory:
talm kubeconfig kubeconfig -f nodes/node1.yaml
Unlike the official talosctl utility, the generated configs do not contain secrets, allowing them to be stored in git without additional encryption. The secrets are stored at the root of your project and only in these files: secrets.yaml, talosconfig, and kubeconfig.
Summary
That’s our complete scheme for installing Talos Linux in nearly any situation. Here’s a quick recap:
Use kexec to run Talos Linux on any existing system.
Make sure the new kernel has the correct network settings, by collecting them from the current system and passing via the ip parameter in the cmdline. This lets you connect to the newly booted system via the API.
When the kernel is booted via kexec, Talos Linux runs entirely in RAM. To install Talos on disk, apply your configuration using either talosctl or Talm.
When applying the config, don’t forget to specify network settings for your node, because on-disk bootloader configuration doesn’t automatically have them.
Enjoy your newly installed and fully operational Talos Linux.
Some Synology NAS products will require drives they sold you, doubt is cast on the CVE program, why some FreeBSD packages didn’t appear when they should have, and backing up the keys for encrypted backups.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
We’ve done hot takes episodes in the past but this is different, it’s hot questions. Would we rather have bad managers who can code or good managers who can’t? Too many comments or none? 80 columns or as long as you like? What editor do we use and why?
With increasing numbers of organisations starting to seriously think about moving away from US-owned providers, we dig into the technical challenges of major cloud migrations.
Send your questions and feedback to show@hybridcloudshow.com
IPv4 addresses are worth an awful lot of money, the serious dangers of a seemingly sensible deepfake law, Microsoft is 50 years old, and our thoughts on antivirus on Linux and Windows.
Alan gives a talk about Luddites at Monki Gras 2025
Mark continues developing and names “Bookshelf Buddy”, a self-hosted replacement for the Yoto or Tonie audiobook players.
Martin keeps an eye on his resources with Resources
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Two very different approaches to setting up security cameras, an IDE-like experience for text adventure games, a glimpse of convergence on Pixel phones, a new LTS of the flight sim FlightGear, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Entroware
This episode is sponsored by Entroware. They are a UK-based company who sells computers with Ubuntu and Ubuntu MATE preinstalled. They have configurable laptops, desktops and servers to suit a wide range of Linux users. Check them out and don’t forget to mention us at checkout if you buy one of their great machines.
Two years after we talked about the lowest-end hardware we’d be willing to daily drive, the Web has bogged machines down to the point where our thresholds have gone up significantly. We channel our inner Linux Luddites, but don’t really come up with any solutions.
Jim’s server is getting hammered by AI scrapers and he’s big mad about it, why RCS doesn’t work on Android without Google apps, a complex Google account issue, and how Jim and Allan handle their WireGuard configs.
AI crawlers are causing serious problems for open source projects, an example of disclosure by vagueposting, Zorin does something good and something bad, LibreOffice downloads are doing well, Thunderbird is planning new services, a quick KDE Korner, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Joe accidentally tried vibe coding and it was as much of a disaster as you’d imagine. Amolith has also tried it, and does his best to defend the use of LLMs with development. Kevin and Andy are mostly bemused. We all have concerns about the ethics and environmental issues.
This episode has a bit more bad language than usual.
OpenTelemetry (fondly known as OTel) is an open-source project that provides a unified set of APIs, libraries, agents, and instrumentation to capture and export logs, metrics, and traces from applications. The project’s goal is to standardize observability across various services and applications, enabling better monitoring and troubleshooting.
Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code 25ADMINS to get 50% off your first purchase.
Martin has upgraded his home networking with Deco and YuanLey devices.
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
What if Google hadn’t come along in the late 90s? What would search, mobile devices, and the web in general look like? Plus a musical discovery, and why moving to a new distro just means moving to new little problems to fix.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
The key differences between throughput and latency – and when they matter, the tech that we’d keep if we stopped working in IT, and avoiding bitrot with rsync backups.
Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code 25ADMINS to get 50% off your first purchase.
Home Assistant gets even more credible and sustainable, open source users are entitled, changes in KDE land, Fedora says hello to Plasma and goodbye to X11, Ubuntu looks to drop GNU coreutils, GIMP 3 is out and still has a terrible name, and new Pebble devices will be shipping soon.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Our advice on how to move into a career in software development including making and contributing to projects, advocating for your work, collaborating, avoiding exploitation, learning Git, and loads more.
Shane tells us about the janky Kubernetes homelab that he’s building, and we all laugh at him.
Send your questions and feedback to show@hybridcloudshow.com
SysCloud
Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code HCS to get 50% off your first purchase.
We were asked about automatically decrypting ZFS at boot.
SysCloud
Over 2,000 IT admins already trust SysCloud to protect their SaaS data. Head to SysCloud.com for a 30-day free trial—and for a limited time, use code 25ADMINS to get 50% off your first purchase.
Martin has created smiti18n (pronounced smitten) – A very complete internationalization library for Lua with LÖVE support
Mark has been hard at work Moodling himself silly on the run up to the Moodle 5.0 release
Alan has been wrangling with Django and has worries about contributing large patches to SavannahHQ
You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join:
Tailscale makes creating software-defined networks easy: securely connecting users, services, and devices. Go to tailscale.com/linuxmatters and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Tracking WiFi devices with cheap ESP32 devices, using OSM and Google Maps together, deleting your Twitter data, “3D” images with any camera, forcing Ubuntu to give you all the available updates, efficiently importing photos, counting lines of code, and more.
Tailscale is an easy to deploy, zero-config, no-fuss VPN that allows you to build simple networks across complex infrastructure. Go to tailscale.com/lnl and try Tailscale out for free for up to 100 devices and 3 users, with no credit card required.
Entroware
This episode is sponsored by Entroware. They are a UK-based company who sells computers with Ubuntu and Ubuntu MATE preinstalled. They have configurable laptops, desktops and servers to suit a wide range of Linux users. Check them out and don’t forget to mention us at checkout if you buy one of their great machines.
Accedi
Gear 25.08
to trackball 
and gets a bit carried away with customising them 
Pro Trackball
