The Tor Project: Today the Tor Project, a global non-profit developing tools for online privacy and anonymity, and Tails, a portable operating system that uses Tor to protect users from digital surveillance, have joined forces and merged operations. Incorporating Tails into the Tor Project's structure allows for easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats. In short, coming together will strengthen both organizations' ability to protect people worldwide from surveillance and censorship.

Countering the threat of global mass surveillance and censorship to a free Internet, Tor and Tails provide essential tools to help people around the world stay safe online. By joining forces, these two privacy advocates will pool their resources to focus on what matters most: ensuring that activists, journalists, other at-risk and everyday users will have access to improved digital security tools.

In late 2023, Tails approached the Tor Project with the idea of merging operations. Tails had outgrown its existing structure. Rather than expanding Tails's operational capacity on their own and putting more stress on Tails workers, merging with the Tor Project, with its larger and established operational framework, offered a solution. By joining forces, the Tails team can now focus on their core mission of maintaining and improving Tails OS, exploring more and complementary use cases while benefiting from the larger organizational structure of The Tor Project.

This solution is a natural outcome of the Tor Project and Tails' shared history of collaboration and solidarity. 15 years ago, Tails' first release was announced on a Tor mailing list, Tor and Tails developers have been collaborating closely since 2015, and more recently Tails has been a sub-grantee of Tor. For Tails, it felt obvious that if they were to approach a bigger organization with the possibility of merging, it would be the Tor Project.

An anonymous reader quotes a report from TechCrunch: Microsoft today revealed Correction, a service that attempts to automatically revise AI-generated text that's factually wrong. Correction first flags text that may be erroneous -- say, a summary of a company's quarterly earnings call that possibly has misattributed quotes -- then fact-checks it by comparing the text with a source of truth (e.g. uploaded transcripts). Correction, available as part of Microsoft's Azure AI Content Safety API (in preview for now), can be used with any text-generating AI model, including Meta's Llama and OpenAI's GPT-4o.

"Correction is powered by a new process of utilizing small language models and large language models to align outputs with grounding documents," a Microsoft spokesperson told TechCrunch. "We hope this new feature supports builders and users of generative AI in fields such as medicine, where application developers determine the accuracy of responses to be of significant importance." Experts caution that this tool doesn't address the root cause of hallucinations. "Microsoft's solution is a pair of cross-referencing, copy-editor-esque meta models designed to highlight and rewrite hallucinations," reports TechCrunch. "A classifier model looks for possibly incorrect, fabricated, or irrelevant snippets of AI-generated text (hallucinations). If it detects hallucinations, the classifier ropes in a second model, a language model, that tries to correct for the hallucinations in accordance with specified 'grounding documents.'"

Os Keyes, a PhD candidate at the University of Washington who studies the ethical impact of emerging tech, has doubts about this. "It might reduce some problems," they said, "But it's also going to generate new ones. After all, Correction's hallucination detection library is also presumably capable of hallucinating." Mike Cook, a research fellow at Queen Mary University specializing in AI, added that the tool threatens to compound the trust and explainability issues around AI. "Microsoft, like OpenAI and Google, have created this issue where models are being relied upon in scenarios where they are frequently wrong," he said. "What Microsoft is doing now is repeating the mistake at a higher level. Let's say this takes us from 90% safety to 99% safety -- the issue was never really in that 9%. It's always going to be in the 1% of mistakes we're not yet detecting."

An anonymous reader quotes a report from Ars Technica: California Gov. Gavin Newsom vetoed a bill that would have required makers of web browsers and mobile operating systems to let consumers send opt-out preference signals that could limit businesses' use of personal information. The bill approved by the State Legislature last month would have required an opt-out signal "that communicates the consumer's choice to opt out of the sale and sharing of the consumer's personal information or to limit the use of the consumer's sensitive personal information." It would have made it illegal for a business to offer a web browser or mobile operating system without a setting that lets consumers "send an opt-out preference signal to businesses with which the consumer interacts."

In a veto message (PDF) sent to the Legislature Friday, Newsom said he would not sign the bill. Newsom wrote that he shares the "desire to enhance consumer privacy," noting that he previously signed a bill "requir[ing] the California Privacy Protection Agency to establish an accessible deletion mechanism allowing consumers to request that data brokers delete all of their personal information." But Newsom said he is opposed to the new bill's mandate on operating systems. "I am concerned, however, about placing a mandate on operating system (OS) developers at this time," the governor wrote. "No major mobile OS incorporates an option for an opt-out signal. By contrast, most Internet browsers either include such an option or, if users choose, they can download a plug-in with the same functionality. To ensure the ongoing usability of mobile devices, it's best if design questions are first addressed by developers, rather than by regulators. For this reason, I cannot sign this bill." Vetoes can be overridden with a two-thirds vote in each chamber. The bill was approved 59-12 in the Assembly and 31-7 in the Senate. But the State Legislature hasn't overridden a veto in decades. "It's troubling the power that companies such as Google appear to have over the governor's office," said Justin Kloczko, tech and privacy advocate for Consumer Watchdog, a nonprofit group in California. "What the governor didn't mention is that Google Chrome, Apple Safari and Microsoft Edge don't offer a global opt-out and they make up for nearly 90 percent of the browser market share. That's what matters. And people don't want to install plug-ins. Safari, which is the default browsers on iPhones, doesn't even accept a plug-in."

ZDNet's Steven Vaughan-Nichols reports: After 20 years, Real-Time Linux (PREEMPT_RT) is finally -- finally -- in the mainline kernel. Linus Torvalds blessed the code while he was at Open Source Summit Europe. [...] The real-time Linux code is now baked into all Linux distros as of the forthcoming Linux 6.12 kernel. This means Linux will soon start appearing in more mission-critical devices and industrial hardware. But it took its sweet time getting here. An RTOS is a specialized operating system designed to handle time-critical tasks with precision and reliability. Unlike general-purpose operating systems like Windows or macOS, an RTOS is built to respond to events and process data within strict time constraints, often measured in milliseconds or microseconds. As Steven Rostedt, a prominent real-time Linux developer and Google engineer, put it, "Real-time is the fastest worst-case scenario." He means that the essential characteristic of an RTOS is its deterministic behavior. An RTOS guarantees that critical tasks will be completed within specified deadlines. [...]

So, why is Real-Time Linux only now completely blessed in the kernel? "We actually would not push something up unless we thought it was ready," Rostedt explained. "Almost everything was usually rewritten at least three times before it went into mainline because we had such a high bar for what would go in." In addition, the path to the mainline wasn't just about technical challenges. Politics and perception also played a role. "In the beginning, we couldn't even mention real-time," Rostedt recalled. "Everyone said, 'Oh, we don't care about real-time.'" Another problem was money. For many years funding for real-time Linux was erratic. In 2015, the Linux Foundation established the Real-Time Linux (RTL) collaborative project to coordinate efforts around mainlining PREEMPT_RT.

The final hurdle for full integration was reworking the kernel's print_k function, a critical debugging tool dating back to 1991. Torvalds was particularly protective of print_k --He wrote the original code and still uses it for debugging. However, print_k also puts a hard delay in a Linux program whenever it's called. That kind of slowdown is unacceptable in real-time systems. Rostedt explained: "Print_k has a thousand hacks to handle a thousand different situations. Whenever we modified print_k to do something, it would break one of these cases. The thing about print_k that's great about debugging is you can know exactly where you were when a process crashed. When I would be hammering the system really, really hard, and the latency was mostly around maybe 30 microseconds, and then suddenly it would jump to five milliseconds." That delay was the print_k message. After much work, many heated discussions, and several rejected proposals, a compromise was reached earlier this year. Torvalds is happy, the real-time Linux developers are happy, print_K users are happy, and, at long last, real-time Linux is real.

Apple's iPadOS 18 update is no longer available after some iPad Pro owners found that it bricked their devices. MacRumors reports: There are reports on Reddit from iPad Pro users who had an interruption in the installation process, leading to an iPad that refused to turn on. A total replacement was required for affected users. Not all M4 iPad Pro owners have had an issue installing the update, and it could be linked to installing the new iOS 17.7 update before installing iOS 18. Apple will make the software available again when the underlying problem has been addressed.

"New malicious software packages tied to the North Korean Lazarus Group were observed posing as a Python coding skills test for developers seeking a new job at Capital One, but were tracked to GitHub projects with embedded malware," reports SC magazine: Researchers at ReversingLabs explained in a September 10 blog post that the scheme was a follow-on to the VMConnect campaign that they first identified in August 2023 in which developers were lured into downloading malicious code via fake job interviews.
More details from The Hacker News These packages, for their part, have been published directly on public repositories like npm and PyPI, or hosted on GitHub repositories under their control. ReversingLabs said it identified malicious code embedded within modified versions of legitimate PyPI libraries such as pyperclip and pyrebase... It's implemented in the form of a Base64-encoded string that obscures a downloader function, which establishes contact with a command-and-control server in order to execute commands received as a response.

In one instance of the coding assignment identified by the software supply chain firm, the threat actors sought to create a false sense of urgency by requiring job seekers to build a Python project shared in the form of a ZIP file within five minutes and find and fix a coding flaw in the next 15 minutes. This makes it "more likely that he or she would execute the package without performing any type of security or even source code review first," Zanki said, adding "that ensures the malicious actors behind this campaign that the embedded malware would be executed on the developer's system."
Tom's Hardware reports that "The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS. This is a good time to refer to PEP 668 which enforces virtual environments for non-system wide Python installs."

More from The Hacker News Some of the aforementioned tests claimed to be a technical interview for financial institutions like Capital One and Rookery Capital Limited, underscoring how the threat actors are impersonating legitimate companies in the sector to pull off the operation. It's currently not clear how widespread these campaigns are, although prospective targets are scouted and contacted using LinkedIn, as recently also highlighted by Google-owned Mandiant.

An anonymous Slashdot reader writes: Haiku (the MIT-licensed operating system, inspired by BeOS) has released its fifth beta for Haiku R1.

Some new features include improved UI color management, improved dark mode coloring, Tracker improvements, TUN/TAP support for VPN connections, TCP throughput improvements, performance optimizations, UFS2 (BSD's filesystem) read-only support, new FAT filesystem driver, improved hardware support, improved POSIX compliance, improved performance, and more.
Slashdot has been covering the fate of the BeOS since 2000 (as well as the short-lived derivative project ZETA — and Haiku).

And now "With a history of over two decades and previously known as OpenBeOS, today's Haiku is pushing forward..." writes the site NotebookCheck: Haiku is a spiritual successor to BeOS, with a focus on a clean and user-friendly design paired with low system requirements. The minimum system requirements are still an Intel Pentium II/AMD Athlon CPU or better, at least 384 MB RAM, an 800x600 screen, and at least 3GB storage. It works on both 32-bit and 64-bit x86 PCs, and the 32-bit version can run many unmodified BeOS applications. It might be the best desktop open-source operating system not based on Linux or Unix... It works well in a virtual machine like VirtualBox or UTM.

An anonymous reader quotes a report from Ars Technica: Researchers still don't know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries. Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.

Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections. "At the moment, the source of the TV boxes' backdoor infection remains unknown," Thursday's post stated. "One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access." The following device models infected by Vo1d are: [R4, TV BOX, KJ-SMART4KVIP].

One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What's more, Doctor Web said it's not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models. Further, while only licensed device makers are permitted to modify Google's AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user. "These off-brand devices discovered to be infected were not Play Protect certified Android devices," Google said in a statement. "If a device isn't Play Protect certified, Google doesn't have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety."

Users can confirm if their device runs Android TV OS via this link and following the steps here.

wiredmikey shares a report from SecurityWeek: Microsoft on Tuesday raised an alarm for in-the-wild exploitation of a critical flaw in Windows Update, warning that attackers are rolling back security fixes on certain versions of its flagship operating system. The Windows flaw, tagged as CVE-2024-43491 and marked as actively exploited, is rated critical and carries a CVSS severity score of 9.8/10. Redmond's documentation of the bug suggests a downgrade-type attack similar to the 'Windows Downdate' issue discussed at this year's Black Hat conference. Microsoft's bulletin reads: "Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024 -- KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability."

To protect against this exploit, Microsoft says Windows users should install this month's Servicing stack update (SSU KB5043936) and the September 2024 Windows security update (KB5043083), in that order.

Apple plans to release the next versions of iOS, iPadOS, macOS, and watchOS to the general public on September 16, the company announced via its website following its iPhone-centric product event earlier today. From a report: We should also see updates for tvOS and the HomePod operating system on the same date. The new releases bring a number of new features and refinements to Apple's platforms: better texting with Android devices thanks to support for the RCS standard, iPhone Mirroring that allows you to interact with your iPhone via your Mac, more UI customization options for iPhones and iPads, and other improvements besides. What won't be included in these initial releases is any hint of Apple Intelligence, the batch of generative AI and machine learning features that Apple announced at its Worldwide Developers Conference in June. Apple is testing some of the Apple Intelligence features in betas of iOS 18.1, iPadOS 18.1, and macOS 15.1, updates that will be released later this fall.

"If you're plugged into KDE social media, you probably see a lot of requests for donations..." writes KDE developer Nate Graham on his personal blog. But "We know that the fraction of people who subscribe to these channels is small, so there's a huge number of people who may not even know they can donate to KDE, let alone that donations are critically important to its continued existence..." From 6.2 onwards, Plasma itself will show a system notification asking for a donation once per year, in December. The idea here is to get the message that KDE really does need your financial help in front of more eyeballs — especially eyeballs not currently looking at KDE's public-facing promotion efforts... [W]e tried our best to minimize the annoying-ness factor: It's small and unobtrusive, and no matter what you do with it (click any button, close it, etc) it'll go away until next year. It's implemented as a KDE Daemon (KDED) module, which allows users and distributors to permanently disable it if they like. You can also disable just the popup on System Settings' Notifications page, accessible from the configure button in the notification's header.

Ultimately the decision to do this came down to the following factors:

— We looked at FOSS peers like Thunderbird and Wikipedia which have similar things (and in Wikipedia's case, the message is vastly more intrusive and naggy). In both cases, it didn't drive everyone away and instead instead resulted in a massive increase in donations that the projects have been able to use to employ lots of people.

- KDE really needs something like this to help our finances grow sustainably in line with our userbase and adoption by vendors and distributors.
The blog post also answers the question: what are you going to do with all that money? This is a question the KDE e.V. board of directors as a whole would need to answer, and any decision on it will be made collectively. But as one of the five members on that board, I can tell you my personal answer and the one that as your representative, I'd advocate for. It's basically the platform I ran on two years ago: extend an offer of full-time employment to our current people, and hire even more! I want us to end up with paid QA people and distro developers, and even more software engineers. I want us to fund the creation of a next-generation KDE OS we can offer directly to institutions looking to switch to Linux, and a hardware certification program to go along with it. I want us to to extend our promotional activities and outreach to other major distros and vendors and pitch our software to them directly. I want to see Ubuntu, Red Hat Enterprise Linux, and SUSE Linux Enterprise Desktop ship Plasma by default. I want us to use this money to take over the world — with freedom, empowerment, and kindness.

These have been dreams for a long time, and throughout KDE we've been slowly moving towards them over the years. With a lot more money, we can turbocharge the pace! If that stuff sounds good, you can start with a donation today.
A reaction from GamingOnLinux: I think it is fair for KDE to expose that they need funding and asking that from inside the UI would not hurt for a software that delivered so much for free (as in freedom and as in "gratis").
Linux magazine points out that other new features for 6.2 "include the ability to block apps from inhibiting sleep mode, a new 'fill' mode for wallpaper, an overhauled System Settings Accessibility page, and the usual slew of bug fixes."

The Register reports that Google "recently rewrote the firmware for protected virtual machines in its Android Virtualization Framework using the Rust programming language." And they add that Google "wants you to do the same, assuming you deal with firmware."

A post on Google's security blog by Android engineers Ivan Lozano and Dominik Maier promises to show "how to gradually introduce Rust into your existing firmware," adding "You'll see how easy it is to boost security with drop-in Rust replacements, and we'll even demonstrate how the Rust toolchain can handle specialized bare-metal targets."

This prompts the Register to quip that easy "is not a term commonly heard with regard to a programming language known for its steep learning curve." Citing the lack of high-level security mechanisms in firmware, which is often written in memory-unsafe languages such as C or C++, Lozano and Maier argue that Rust provides a way to avoid the memory safety bugs like buffer overflows and use-after-free that account for the majority of significant vulnerabilities in large codebases. "Rust provides a memory-safe alternative to C and C++ with comparable performance and code size," they note. "Additionally it supports interoperability with C with no overhead."
At one point the blog post explains that "You can replace existing C functionality by writing a thin Rust shim that translates between an existing Rust API and the C API the codebase expects." But their ultimate motivation is greater security. "Android's use of safe-by-design principles drives our adoption of memory-safe languages like Rust, making exploitation of the OS increasingly difficult with every release."

And the Register also got this quote from Lars Bergstrom, Google's director of engineering for Android Programming Languages (and chair of the Rust Foundation's board of directors). "At Google, we're increasing Rust's use across Android, Chromium, and more to reduce memory safety vulnerabilities. We're dedicated to collaborating with the Rust ecosystem to drive its adoption and provide developers with the resources and training they need to succeed.

"This work on bringing Rust to embedded and firmware addresses another critical part of the stack."

Google's Android Earthquake Alerts System, initially launched in 2020, is now available in all 50 U.S. states and 6 territories. Droid Life reports: For users in California, Oregon and Washington, users will continue to have their alerts powered by the ShakeAlert system, utilizing traditional seismometers to detect earthquakes. For all out states and supported territories, "this expansion uses the built-in accelerometers in Android phones to bring another layer of preparedness and potentially life-saving information to people across every state," the company explained in a blog post.

Using the accelerometer to sense vibrations and an apparent earthquake, the system quickly analyzes the crowdsourced data to determine if an earthquake is occurring. Google says it has been working with many experts to continue the system's improvement. Depending on the severity of the earthquake, you'll get two types of notifications. A little pop up on your screen if it's pretty weak with light shaking or a complete screen takeover for moderate to extreme shaking. These are called Take Action alerts, complete with the classic drop, cover, and hold instructions.

Google has released Android 15 for developers, with support for Pixel phones expected in the coming weeks. The update will roll out to compatible devices from Samsung, Motorola, OnePlus, and other manufacturers in the following months.

Key features of Android 15 include single-tap passkeys, theft detection, improved multitasking for large-screen devices, and app access limitations. The update also enhances TalkBack, Android's screen reader, with Gemini AI integration for audio descriptions of images. Google is expanding its Circle to Search feature with song identification capabilities and extending earthquake alerts to all U.S. states and six territories. The alerts use data from Android devices' accelerometers to detect potential seismic activity, complementing traditional seismometer readings in states with access to the USGS ShakeAlert system.

Microsoft's Windows 11 operating system has surpassed Windows 10 usage for Steam users for the first time since its launch in 2021. From a report: Windows 10 has been holding strong in recent years, despite Microsoft's plans to end support for Windows 10 in October 2025. There are now signs that Windows 11 adoption is finally heading in the right direction for Microsoft. Steam hardware survey data for August puts Windows 11 usage at 49 percent, an increase of more than 3 percent over the previous figure in July of nearly 46 percent. Windows 10 usage has dipped by around 3 percent to 47 percent, while macOS and Linux Steam usage has largely remained the same during August.

Samsung Electronics said it will provide Tizen OS updates for its newer TVs for at least seven years, starting with models released in March this year and some 2023 models. Business Korea reports: [Yoon Seok-woo, President of Samsung Electronics' Visual Display Business Division] emphasized that the seven-year free upgrade for Tizen applied to AI TVs would help Samsung widen the market share gap with Chinese competitors. Tizen, an in-house developed OS, has been applied to over 270 million Samsung smart TVs as of last year, making it the world's largest smart TV platform and a key player in leading the Internet of Things (IoT) era. "AI TV will act as the hub of the AI home, connecting other AI appliances like refrigerators and air conditioners," Yoon explained. "We will expand the AI home era by enabling users to monitor and control peripheral devices through the TV even when it is off or when the user is away." This connectivity is a key differentiator from Chinese competitors, according to Yoon.

In the first half of this year, Samsung Electronics maintained the top spot in the global TV market with a 28.8% market share by revenue. However, the combined market share of Chinese companies TCL and Hisense has reached 22.1%, indicating fierce competition.

Android Authority's Mishaal Rahman reports: Security vulnerabilities are lurking in most of the apps you use on a day-to-day basis; there's just no way for most companies to preemptively fix every possible security issue because of human error, deadlines, lack of resources, and a multitude of other factors. That's why many organizations run bug bounty programs to get external help with fixing these issues. The Google Play Security Reward Program (GPSRP) is an example of a bug bounty program that paid security researchers to find vulnerabilities in popular Android apps, but it's being shut down later this month. Google announced the Google Play Security Reward Program back in October 2017 as a way to incentivize security searchers to find and, most importantly, responsibly disclose vulnerabilities in popular Android apps distributed through the Google Play Store. [...]

The purpose of the Google Play Security Reward Program was simple: Google wanted to make the Play Store a more secure destination for Android apps. According to the company, vulnerability data they collected from the program was used to help create automated checks that scanned all apps available in Google Play for similar vulnerabilities. In 2019, Google said these automated checks helped more than 300,000 developers fix more than 1,000,000 apps on Google Play. Thus, the downstream effect of the GPSRP is that fewer vulnerable apps are distributed to Android users.

However, Google has now decided to wind down the Google Play Security Reward Program. In an email to participating developers, such as Sean Pesce, the company announced that the GPSRP will end on August 31st. The reason Google gave is that the program has seen a decrease in the number of actionable vulnerabilities reported. The company credits this success to the "overall increase in the Android OS security posture and feature hardening efforts."

Phoronix's Michael Larabel benchmarked AMD's latest Ryzen 9 9950X in several different Linux distros and found that the Zen 5 chip performs up to 16% faster with the Intel-optimized Clear Linux distro. Here's an excerpt from the report: The Linux distributions for this round of testing on the AMD Ryzen 9 9950X included Arch Linux, CachyOS, Clear Linux, Fedora Workstation 40, Ubuntu 24.04 LTS, and a recent daily snapshot of Ubuntu 24.10 in its current development form. Intel's Clear Linux is the one most interesting for looking at on the new AMD Zen 5 hardware. While there hasn't been so much Clear Linux news in recent times, it remains the most well optimized x86_64 Linux distribution out of the box. Clear Linux makes use of compiler function multi versioning, performance-minded defaults, aggressive compiler CFLAGS/CXXFLAGS defaults, optional AVX-512 usage for more libraries, and many other patches and optimizations in the name of delivering the greatest x86_64 Linux performance. And while not Intel's focus, it works typically on AMD hardware too. [...]

Using the same Ryzen 9 9950X system, all of these Linux distributions were tested in their default / out-of-the-box state. [...] When taking the geometric mean of 59 benchmarks run across all of the Linux distributions on this AMD Ryzen 9 9950X system, Intel's Clear Linux easily took the crown. Ubuntu 24.04 LTS -- which was used for all of the Ryzen 9000 series Linux testing so far on Phoronix -- was the slowest. Tapping Intel's Clear Linux netted a 16% improvement on top of the performance offered by Ubuntu 24.04 LTS! Ubuntu 24.04 with the Ryzen 9000 series was already looking great generationally, but as shown today the performance can be even better with further software optimizations.

The Arch Linux powered CachyOS that is tuned out-of-the-box with a similar aim to Clear Linux also performed great. CachyOS was 7% faster than Ubuntu 24.04 LTS based on the geo mean and 3% faster than upstream Arch Linux itself. For different workloads though the CachyOS advantage over Arch Linux varied from a minimal difference to quite significant advantages. From the performance of PHP and Python scripts atop Clear Linux to compiling various server and HPC minded software, Intel's Clear Linux -- and a commendable second place for CachyOS -- were showing that even greater performance can be achieved on the AMD Ryzen 9 9950X. Even for devoted Ubuntu Linux users, these results did show some nice advantages of the upcoming Ubuntu 24.10 release over Ubuntu 24.04 LTS thanks to the GCC 14 compiler. Ubuntu 24.10 performance is also still subject to change since the current daily ISOs haven't yet moved past the Linux 6.8 kernel while Ubuntu 24.10 in October will be shipping with Linux 6.11.

Ars Technica's Dan Goodwin writes: Last Tuesday, loads of Linux users -- many running packages released as early as this year -- started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: "Something has gone seriously wrong." The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot, the industry standard for ensuring that devices running Windows or other operating systems don't load malicious firmware or software during the bootup process. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday. [...]

With Microsoft maintaining radio silence, those affected by the glitch have been forced to find their own remedies. One option is to access their EFI panel and turn off secure boot. Depending on the security needs of the user, that option may not be acceptable. A better short-term option is to delete the SBAT Microsoft pushed out last Tuesday. This means users will still receive some of the benefits of Secure Boot even if they remain vulnerable to attacks that exploit CVE-2022-2601. The steps for this remedy are outlined here (thanks to manutheeng for the reference).

TV manufacturers are shifting their focus from hardware sales to viewer data and advertising revenue. This trend is driven by declining profit margins on TV sets and the growing potential of smart TV operating systems to generate recurring income. Companies like LG, Samsung, and Roku are increasingly prioritizing ad sales and user tracking capabilities in their TVs, ArsTechnica reports. Automatic content recognition (ACR) technology, which analyzes viewing habits, is becoming a key feature for advertisers. TV makers are partnering with data firms to enhance targeting capabilities, with LG recently sharing data with Nielsen and Samsung updating its ACR tech to track streaming ad exposure. This shift raises concerns about privacy and user experience, as TVs become more commercialized and data-driven. Industry experts predict a rise in "shoppable ads" and increased integration between TV viewing and e-commerce platforms. The report adds: With TV sales declining and many shoppers prioritizing pricing, smart TV players will continue developing ads that are harder to avoid and better at targeting. Interestingly, Patrick Horner, practice leader of consumer electronics at analyst Omdia, told Ars that smart TV advertising revenue exceeding smart TV hardware revenue (as well as ad sale margins surpassing those of hardware) is a US-only trend, albeit one that shows no signs of abating. OLED has become a mainstay in the TV marketplace, and until the next big display technology becomes readily available, OEMs are scrambling to make money in a saturated TV market filled with budget options. Selling ads is an obvious way to bridge the gap between today and The Next Big Thing in TVs.

Indeed, with companies like Samsung and LG making big deals with analytics firms and other brands building their businesses around ads, the industry's obsession with ads will only intensify. As we've seen before with TV commercials, which have gotten more frequent over time, once the ad genie is out of the bottle, it tends to grow, not go back inside. One side effect we're already seeing, Horner notes, is "a proliferation of more TV operating systems." While choice is often a good thing for consumers, it's important to consider if new options from companies like Amazon, Comcast, and TiVo actually do anything to notably improve the smart TV experience for owners.

And OS operators' financial success is tied to the number of hours users spend viewing something on the OS. Roku's senior director of ad innovation, Peter Hamilton, told Digiday in May that his team works closely with Roku's consumer team, "whose goal is to drive total viewing hours." Many smart TV OS operators are therefore focused on making it easier for users to navigate content via AI.