Tag:

linux

Tech

Update Linux Now As 9-Year-Old Root Hack Confirmed, CISA Warns Users

by Chief Editor
written by Chief Editor

The Era of Invisible Exploits: What Copy Fail Teaches Us About Linux Security

For years, the prevailing narrative has been that Linux is the “secure” alternative to Windows. Whereas its architecture offers distinct advantages, the emergence of CVE-2026-31431—colloquially known as Copy Fail—serves as a stark reminder that no kernel is impenetrable. When a vulnerability allows an attacker to gain root access using just 732 bytes of code, the conversation shifts from if a system can be breached to how quickly it can be patched.

The Copy Fail bug is particularly insidious due to the fact that it targets a logic flaw in the Linux kernel’s authencesn cryptographic template. This allows an unprivileged user to trigger a controlled 4-byte write into the page cache of any readable file. In simpler terms, it turns a low-level system function into a master key for the entire OS.

Did you know? The Copy Fail vulnerability is so potent that it is described as being perfectly reliable and remains completely invisible to traditional endpoint detection systems, according to Jason Soroko, a senior fellow at Sectigo.

The Decline of Traditional EDR and the Rise of Kernel Observability

One of the most alarming aspects of CVE-2026-31431 is its ability to bypass traditional Endpoint Detection and Response (EDR) tools. Because the exploit operates at such a low level of the kernel, the “footprints” it leaves are nearly nonexistent to software looking for typical malware patterns.

This signals a broader trend in cybersecurity: the move toward Kernel Observability. We are likely to see a surge in the adoption of eBPF (Extended Berkeley Packet Filter) technology, which allows developers to run sandboxed programs in the Linux kernel without changing kernel source code. This provides the granular visibility needed to catch “invisible” logic bugs before they lead to full system compromise.

For organizations relying on public-facing Linux servers, the strategy must evolve from perimeter defense to deep-system monitoring. As noted by Noelle Murata, COO at Xcape, Inc, public-facing servers and developer workstations are the primary targets because they provide the initial access required to trigger these types of exploits.

The Rust Revolution: Solving Logic Bugs at the Root

The Copy Fail vulnerability underscores a systemic issue: routine, low-level system functions can introduce critical weaknesses when handled at scale. This is precisely why the integration of the Rust programming language into the Linux kernel is no longer just an experiment—it is a necessity.

From Instagram — related to Solving Logic Bugs, Root The Copy Fail

Unlike C, which has been the bedrock of Linux development, Rust is designed for memory safety. By eliminating entire classes of memory-related bugs (such as buffer overflows and certain logic errors), the industry is attempting to “bake in” security rather than patching it after the fact. The trend moving forward will be the aggressive replacement of legacy C code in critical kernel paths with memory-safe alternatives.

“The issue underscores a broader and more urgent concern: even routine, low-level system functions can introduce critical security weaknesses when not handled correctly at scale.” David Brumley, chief AI and science officer at Bugcrowd

The Zero-Day Economy vs. Responsible Disclosure

The discovery of Copy Fail by researchers at Theori highlights the precarious balance of the “bug market.” Many critical vulnerabilities are never reported to vendors; instead, they are sold to private brokers or nation-states.

How to update and upgrade your kali linux machine #linux #kalilinux #hacking #cybersecurity

According to David Brumley of Bugcrowd, vulnerabilities of this magnitude tend to sell on the broker market for the price of a house. This financial incentive creates a dangerous environment where the most powerful exploits remain secret until they are used in a massive attack.

The future of OS security depends on the growth of transparent, high-reward bug bounty programs. When the incentive to disclose responsibly outweighs the incentive to sell to a broker, the entire digital ecosystem becomes more resilient. You can learn more about these dynamics by exploring the CISA Known Exploited Vulnerabilities (KEV) Catalog, where Copy Fail was added within 24 hours of disclosure.

Pro Tip: To mitigate the risk of kernel-level exploits, implement the principle of least privilege (PoLP). Ensure that no application running on a public-facing server has more permissions than absolutely necessary. This limits an attacker’s ability to execute the unprivileged code required to trigger a vulnerability like CVE-2026-31431.

Future-Proofing Your Linux Infrastructure

While updating your distribution is the immediate priority, long-term resilience requires a shift in architecture. We are seeing a trend toward Micro-segmentation and Immutable Infrastructure, where servers are not patched in place but are instead replaced entirely with updated images.

This approach reduces the “drift” in configuration and ensures that every instance of a server is running the latest, most secure kernel. For those managing legacy systems, kernels older than 2017 remain immune to Copy Fail because they predate the specific memory optimization commit that introduced the flaw—though running such outdated kernels introduces a host of other security risks.

For a deeper dive into securing your environment, check out our comprehensive Linux Security Hardening Guide.

Frequently Asked Questions

What is the Copy Fail vulnerability?
Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel’s cryptographic template that allows an unprivileged local user to gain root access by writing to the page cache of readable files.

Which Linux versions are affected?
Most major Linux distributions shipped since 2017 are impacted. Systems running kernels from before 2017 are generally immune to this specific flaw.

Can my antivirus detect a Copy Fail attack?
Traditional endpoint detection systems often fail to see this exploit because it occurs at a low kernel level and does not follow typical malware signatures.

How do I fix this vulnerability?
The only effective mitigation is to update your Linux kernel to the latest version provided by your distribution vendor.

Stay Ahead of the Next Zero-Day

Cyber threats evolve faster than software patches. Join our community of security professionals to get real-time alerts and deep-dive analyses on the vulnerabilities that matter.

Subscribe to the Security Brief

Or share your thoughts in the comments below: Are you moving toward Rust or eBPF for your kernel security?

0 comments
0 FacebookTwitterPinterestEmail
Sport

Max for Move: run RNBO patches on Ableton Move – like Granulator III

by Chief Editor
written by Chief Editor

Ableton Move Reimagined: RNBO Takeover and the Future of DIY Music Hardware

The Ableton Move is undergoing a radical transformation, thanks to the integration of Cycling ’74’s RNBO. What was once a standalone sketchpad instrument is now poised to become a fully customizable hardware platform for Max/RNBO patches. This isn’t about plugins or running software on a computer; it’s about a complete “takeover,” turning Move into a dedicated hardware interface for your own creations.

Unlocking Move’s Potential with RNBO

RNBO allows Max-style patches to be exported as portable code, running on targets like web browsers, plugins, Raspberry Pi, and now, the Ableton Move. This opens up exciting possibilities for musicians and developers alike. The “takeover” mode provides full access to Move’s controls – buttons, pads, knobs, lights, and even the display – offering a level of interactivity previously unavailable.

Beyond Granulator III: A Platform for Innovation

While the initial demonstration features Robert Henke’s iconic Granulator III running seamlessly on Move, the potential extends far beyond. The ability to build custom instruments, effects, and sequencers directly onto the hardware is a game-changer for DIY music creation. The Move’s form factor – portable and equipped with pressure-sensitive pads – makes it an ideal platform for performance and experimentation.

How RNBO Move Takeover Works

Getting started is surprisingly straightforward. After updating Move to version 1.5.1 or later, users install the RNBO .swu file through Move Manager. Switching between RNBO takeover mode and standard Move functionality is quick and straightforward, facilitated by the power button and Move settings menu. On the Max side, Move appears as an export target within RNBO, allowing for seamless patch deployment.

Deep Dive: Control and Customization

RNBO Move Takeover offers granular control over the hardware. Developers can access input from pads and buttons (including velocity and aftertouch), encoder values, LED control, and even the display for custom visualizations. The system as well supports OSC navigation and I/O connections, including MIDI and audio. Crucially, a few controls are reserved for navigation within the RNBO environment, ensuring a smooth user experience.

Pro Tip: The RNBO web editor allows for interactive modification of graphs while connected to Move, providing immediate feedback and streamlining the development process.

The RNBO Ecosystem and Future Implications

RNBO isn’t a direct replacement for Max, but rather a complementary environment designed for portability and embedded applications. It shares similarities with Max but offers a streamlined workflow for targeting specific hardware platforms. This opens up possibilities for creating unified projects that can run across desktop, mobile, and embedded devices.

Patchworks and the DIY Community

Cycling ’74 is providing examples and templates to encourage experimentation. These include a no-input mixer emulation and a simplified Casio CZ-101 synth. The ability to draw to the display using User Views adds another layer of customization, allowing developers to create unique visual interfaces for their patches. The open-source nature of RNBO OSC Runner and RNBO Move Control further fosters community collaboration.

Did you recognize? The Move’s USB-C host port allows for connection to other controllers, expanding the possibilities for input and control within RNBO patches.

Frequently Asked Questions

  • What is RNBO? RNBO is a library and toolchain from Cycling ’74 that allows Max-style patches to be exported as portable code for various platforms.
  • Is RNBO Move Takeover stable? Currently in experimental alpha, it’s actively being developed and feedback is encouraged.
  • What are the system requirements? Ableton Move (version 1.5.1 or later), Max, and RNBO licenses are required for exporting patches.
  • Can I apply the Move sequencer with RNBO patches? Not currently, but it’s a potential area for future development.

The integration of RNBO with Ableton Move represents a significant step forward for DIY music hardware. By empowering users to create custom instruments and effects directly on the device, it unlocks a new level of creative potential. As the technology matures and the community grows, we can expect to observe even more innovative applications emerge, solidifying Move’s position as a versatile and powerful platform for musical expression.

Learn more about RNBO Move Takeover

0 comments
0 FacebookTwitterPinterestEmail
Tech

CrackArmour flaws in AppArmour risk Linux root access

by Chief Editor
written by Chief Editor

CrackArmor: The Looming Threat to Linux Security and the Future of Kernel Hardening

A critical set of vulnerabilities, dubbed “CrackArmor,” has been discovered in AppArmor, a widely used Linux kernel security module. Affecting systems since 2017, these flaws allow unprivileged local users to potentially gain root access and compromise container isolation. The discovery, made by Qualys researchers, impacts over 12.6 million enterprise Linux instances and signals a need for heightened vigilance and proactive security measures.

Understanding the Confused Deputy Problem

At the heart of CrackArmor lies a “confused deputy” vulnerability. This occurs when a low-privilege user can manipulate a trusted process into performing actions it shouldn’t be authorized to do. In this case, attackers exploit pseudo-files within the /sys/kernel/security/apparmor/ directory – specifically, the .load, .replace, and .remove interfaces – to alter AppArmor profiles. This manipulation can bypass user-namespace restrictions and potentially execute arbitrary code within the kernel.

Why AppArmor Matters: A Widespread Security Layer

AppArmor is a crucial component of the Linux security landscape. It functions as a mandatory access control system, enforcing security policies on applications. Enabled by default on major distributions like Ubuntu, Debian, and SUSE, it’s likewise heavily utilized in cloud and container environments for host hardening and workload confinement. The widespread adoption of AppArmor means the potential impact of CrackArmor is substantial.

The Ripple Effect: Containers, Namespaces, and Denial of Service

The vulnerabilities aren’t limited to privilege escalation. CrackArmor also introduces risks to container and namespace boundaries. Attackers could potentially create more permissive namespaces, weakening isolation in environments where unprivileged user namespaces are restricted. Certain removal operations can exhaust the kernel stack, potentially leading to a denial-of-service and system crashes.

Beyond Immediate Patching: A Shift in Security Thinking

While kernel updates are the primary remediation, the CrackArmor discovery highlights a broader issue: the limitations of relying solely on default security assumptions. As Dilip Bachwani, CTO at Qualys, stated, “CrackArmor proves that even the most entrenched protections can be bypassed without admin credentials.” This necessitates a re-evaluation of security postures and a move towards more proactive and layered defenses.

Future Trends in Kernel Security

The CrackArmor vulnerabilities are likely to accelerate several key trends in kernel security:

  • Increased Focus on Runtime Security: Traditional security measures often focus on static analysis and perimeter defenses. CrackArmor demonstrates the need for robust runtime security solutions that can detect and prevent malicious activity even after a system has been compromised.
  • Enhanced Mandatory Access Control (MAC) Systems: The flaws in AppArmor will likely drive further development and refinement of MAC systems like SELinux and AppArmor, focusing on preventing confused deputy attacks and strengthening profile integrity.
  • Zero-Trust Architectures: The principle of “never trust, always verify” is becoming increasingly significant. Zero-trust architectures, which assume that no user or device is inherently trustworthy, can help mitigate the impact of vulnerabilities like CrackArmor.
  • Automated Vulnerability Management: The scale of the CrackArmor impact (over 12.6 million systems) underscores the need for automated vulnerability management tools that can quickly identify and prioritize systems requiring patching.
  • Supply Chain Security: The long-standing nature of these vulnerabilities (existing since 2017) raises concerns about the security of the software supply chain. Greater scrutiny of code contributions and more rigorous testing are essential.

Pro Tip:

Regularly monitor the /sys/kernel/security/apparmor/ directory for unexpected changes. This can serve as an early indicator of potential exploitation attempts.

FAQ

What is AppArmor?
AppArmor is a Linux kernel security module that enforces mandatory access control policies on applications.

What is CrackArmor?
CrackArmor is a set of nine vulnerabilities discovered in AppArmor that could allow an unprivileged local user to gain root access.

How can I protect my systems from CrackArmor?
Apply the latest kernel updates provided by your Linux distribution. Prioritize patching for internet-facing assets.

Does CrackArmor affect containers?
Yes, CrackArmor can compromise container isolation, potentially allowing attackers to escape from containers.

Are CVE identifiers available for these vulnerabilities?
Not yet. CVE assignment typically follows fixes landing in stable kernel releases.

What should I do if I suspect my system has been compromised?
Review system logs, investigate any unusual activity, and consider performing a full system scan with a reputable security tool.

Where can I find more information about CrackArmor?
Refer to the Qualys advisory: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root

Did you know? The CrackArmor vulnerabilities have existed since 2017, highlighting the importance of continuous security monitoring and proactive patching.

Stay informed about the latest security threats and best practices. Explore our other articles on kernel security and vulnerability management to strengthen your defenses.

0 comments
0 FacebookTwitterPinterestEmail
Tech

SlimeVR Butterfly Trackers – nRF52833-based, ultra-slim, full-body VR trackers offer up to 48h battery life (Crowdfunding)

by Chief Editor
written by Chief Editor

SlimeVR Butterfly Trackers: The Future of Affordable, Wireless Full-Body Tracking is Here

Rotterdam-based SlimeVR is poised to disrupt the virtual reality landscape with its new Butterfly Trackers. These ultra-slim, open-hardware trackers promise to deliver a comfortable and affordable full-body tracking (FBT) experience, eliminating the need for cumbersome base stations or complex setups. The trackers are designed for a wide range of applications, including VR gaming, VTubing, and motion capture.

Beyond Base Stations and Wires: How SlimeVR Butterfly Trackers Work

Unlike traditional FBT systems that rely on external base stations, SlimeVR Butterfly Trackers utilize Inertial Measurement Units (IMUs) to track absolute rotation. Each tracker transmits data wirelessly via a custom 2.4 GHz protocol to a dedicated USB dongle, supporting up to 10 trackers simultaneously. This innovative approach removes the limitations of space and setup complexity associated with older technologies. The system doesn’t require Wi-Fi or Bluetooth, addressing concerns about latency and interference.

Engineering Marvel: Comfort and Performance in a 7mm Package

SlimeVR has prioritized comfort with the Butterfly Tracker’s design. Weighing less than 10 grams and measuring under 7mm thick, these trackers are designed to be worn discreetly under clothing. The “butterfly” split design, with the PCB and 90 mAh battery positioned side-by-side and connected by a flexible bridge, contours to the body for a more natural and comfortable fit. Despite their little size, the trackers boast an impressive battery life of over 48 hours on a single charge, utilizing USB-C for convenient recharging.

Technical Specifications: A Deep Dive

The Butterfly Trackers are built around the Nordic nRF52833 wireless MCU, featuring an Arm Cortex-M4F microcontroller running at 64 MHz. They offer a 100-200 Hz refresh rate and latency of less than 15ms. Key specifications include:

  • Wireless MCU: Nordic nRF52833
  • Memory: 128 kB RAM, 512 kB flash
  • Connectivity: 2.4 GHz proprietary wireless (ESB protocol)
  • Sensor: 6-axis IMU (TDK ICM-45686)
  • Battery: 90 mAh (48+ hours active use)
  • Dimensions: 56 x 35 x 7 mm

Software Ecosystem: From Firmware to Full-Body Integration

SlimeVR’s ecosystem extends beyond the hardware. The trackers run on Smol Slime firmware, originally a community-led project designed to optimize power efficiency. The SlimeVR Server, available for Windows, macOS, Linux, and Android, acts as the central processing unit, combining data from the trackers and using forward kinematics to calculate body position based on user height and proportions. Integration with popular VR platforms is achieved through the OpenVR Driver, allowing seamless compatibility with SteamVR. Support for OSC protocol enables direct connection to standalone headsets.

From Gaming to Motion Capture: Versatile Applications

The SlimeVR Butterfly Trackers unlock a wide range of possibilities. They are compatible with VR games like VRChat, enabling full-body tracking for enhanced immersion. VTubers can leverage the trackers for more expressive and engaging streams, and motion capture artists can utilize them for recording BVH files for use in programs like Blender. The system’s ability to track movement without occlusion – meaning clothes or body parts won’t block the signal – further expands its potential applications.

Availability and Pricing

The SlimeVR Butterfly Trackers are currently available for pre-order on Crowd Supply, with shipping scheduled for August 31, 2026. Pricing starts at $279 for the Core Set (6 trackers + dongle), with options for larger sets and accessories, including a charging dock.

Frequently Asked Questions

  • Do SlimeVR Trackers require base stations? No, they do not. They utilize IMUs for tracking and do not rely on external base stations.
  • Can the trackers be used under clothing? Yes, their slim design and flexible interconnect make them comfortable to wear under clothing.
  • What is the battery life of the trackers? The trackers offer over 48 hours of active use on a single charge.
  • How many trackers can be connected? The system supports up to 10 trackers connected to a single dongle.
  • What platforms are supported? The SlimeVR Server is available for Windows, macOS, Linux, and Android.

Explore more about SlimeVR and the Butterfly Trackers on the official website and GitHub repositories.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Intel Arc B390 Panther Lake iGPU Impresses in Linux Performance Tests

by Chief Editor
written by Chief Editor

Intel Arc B390 iGPU Challenges AMD on Linux: A Novel Era for Integrated Graphics?

Intel’s integrated graphics solutions are making significant strides, particularly on Linux. Recent benchmarks reveal the Arc B390 iGPU, found in the Intel Core Ultra X7 358H processor, consistently outperforms the AMD Radeon 890M in many key tests. This shift signals a potential turning point for integrated graphics performance on the Linux platform.

Performance Gains Across the Board

Testing conducted by Phoronix using Mesa 26.0 drivers on Ubuntu 26.04 demonstrates a clear advantage for the Intel Arc B390. In gaming, the B390 iGPU surpassed the Radeon 890M in all titles except Counter-Strike 2 and Quake II RTX. Hitman 3 showcased a particularly dramatic improvement, with the Arc B390 achieving over 50% more FPS at 1920×1200 resolution with low settings.

Beyond gaming, the Arc B390 excelled in 3DMark benchmarks. It scored 20% higher than the Radeon 890M in 3DMark Wild Life Extreme and demonstrated dominance in OpenGL, Vulkan and Vulkan Ray Tracing benchmarks within GravityMark. Unigine Superposition, Valley, and Heaven benchmarks also showed the Arc B390 consistently ahead by at least 30%.

Efficiency Considerations

While the Intel Arc B390 generally delivers superior performance, the AMD Radeon 890M remains competitive in terms of efficiency. The benchmarks suggest a trade-off between raw power and power consumption, offering users a choice based on their priorities.

The Rise of Xe3 Architecture

These performance gains are largely attributed to Intel’s new Xe3 architecture. The Core Ultra X7 358H features an Arc B390 iGPU, and early benchmarks on Windows hinted at this potential. The Linux results now confirm that Intel is delivering on its promise of improved integrated graphics capabilities.

Did you grasp? Intel’s Panther Lake processors, like the Core Ultra X7 358H, utilize a combination of P-cores, E-cores, and LP-cores to optimize performance and efficiency.

Implications for Linux Gaming and Development

The improved performance of Intel’s integrated graphics on Linux is a boon for both gamers and developers. It opens up possibilities for more accessible and enjoyable gaming experiences without the need for dedicated graphics cards. It provides developers with a more powerful platform for testing and optimizing their applications.

Pro Tip: Keeping your graphics drivers up-to-date is crucial for maximizing performance and stability. Regularly check for updates from your distribution’s package manager or Intel’s website.

Looking Ahead: Future Trends in Integrated Graphics

The competition between Intel and AMD in the integrated graphics space is likely to intensify. We can expect to observe further advancements in architecture, driver optimization, and power efficiency. The focus will likely shift towards delivering desktop-class gaming experiences on integrated graphics, blurring the lines between integrated and discrete solutions.

The success of Intel’s Arc B390 on Linux also highlights the importance of open-source drivers and community collaboration. The Mesa project plays a vital role in enabling optimal performance for Intel’s graphics solutions on Linux, and continued investment in this area will be essential for future progress.

FAQ

Q: What is the Intel Arc B390?
A: It’s an integrated GPU found in Intel Core Ultra processors, like the X7 358H, utilizing the Xe3 architecture.

Q: How does the Arc B390 compare to the AMD Radeon 890M?
A: The Arc B390 generally outperforms the Radeon 890M in gaming and 3DMark benchmarks on Linux, though the 890M is competitive in efficiency.

Q: What is Mesa?
A: Mesa is an open-source implementation of the OpenGL, Vulkan, and other graphics APIs, crucial for graphics performance on Linux.

Q: What operating system was used for these tests?
A: Ubuntu 26.04 was used for the testing, along with Linux Kernel version 6.19 and Mesa 26.0 drivers.

What are your thoughts on the future of integrated graphics? Share your opinions in the comments below!

0 comments
0 FacebookTwitterPinterestEmail
Tech

Samsung Galaxy S26: Linux Terminal Support Finally Coming? | One UI 8.5 & Android 16 QPR2 Details

by Chief Editor
written by Chief Editor

For years, Android users have looked on with a touch of envy as Pixel phone owners enjoyed the power of a built-in Linux terminal. That gap is finally closing. Samsung, the world’s leading smartphone manufacturer, is poised to bring a full Linux environment to its Galaxy devices, starting with the anticipated Galaxy S26 series. This isn’t just a feature for tech enthusiasts; it signals a broader trend towards more powerful, versatile mobile computing.

The Android Virtualization Framework: The Key to Unlocking Linux on Samsung

The roadblock to Linux on Samsung phones wasn’t a lack of desire, but a technical limitation. Previous versions of Android lacked the necessary system-level support. The game-changer is the Android Virtualization Framework (AVF), introduced with Android 16 QPR2. AVF allows for the creation of virtualized environments, enabling the seamless running of operating systems like Linux without compromising the core Android experience. Samsung’s One UI 8.5, based on Android 16 QPR2, finally provides the foundation for this functionality.

Evidence surfaced recently when Android Authority uncovered log files from the Galaxy S26 Ultra confirming the presence of AVF. This isn’t speculation; it’s a direct indication that Samsung is actively integrating Linux support into its upcoming flagship. The implications are significant, potentially transforming Galaxy phones into portable development workstations and offering users unprecedented control over their mobile devices.

Beyond the S26: Will Older Samsung Devices Get the Linux Treatment?

The burning question now is whether Samsung will extend Linux Terminal support to existing devices running One UI 8.5. While there’s no official word yet, the possibility is certainly there. Flagship models like the Galaxy S25 Ultra, Galaxy Z Fold 7, and even the ambitious Galaxy Z TriFold boast the hardware necessary to handle a Linux environment effectively. Offering the feature to these devices would be a significant win for Samsung, demonstrating a commitment to long-term software support and user empowerment.

Samsung is expected to officially unveil One UI 8.5 with the Galaxy S26 series on February 25, 2025, with a wider rollout to eligible devices following shortly after. This update isn’t just about Linux; it’s a comprehensive overhaul of the user experience, bringing a host of visual and functional improvements. Check out this video for a detailed look at what One UI 8.5 has to offer.

The Rise of Mobile Development and the Demand for Linux

The inclusion of Linux on Samsung devices isn’t happening in a vacuum. There’s a growing demand for mobile development capabilities. More and more developers are looking to code and test applications directly on their smartphones, and Linux provides a familiar and powerful environment for doing so. This trend is fueled by the increasing complexity of mobile apps and the need for cross-platform compatibility. According to a recent Stack Overflow survey, over 50% of developers use Linux as their primary development operating system.

Beyond development, Linux opens up a world of possibilities for power users. From running specialized server applications to accessing advanced command-line tools, the potential applications are vast. This move by Samsung aligns with a broader industry trend towards blurring the lines between mobile and desktop computing.

Did you know?

The Android Virtualization Framework isn’t limited to just Linux. It theoretically allows for the virtualization of other operating systems as well, opening the door to even more possibilities in the future.

Future Trends: What’s Next for Mobile Operating Systems?

Samsung’s embrace of Linux is a sign of things to come. We can expect to see other Android manufacturers follow suit, driven by the demand for more powerful and versatile mobile devices. Here are a few key trends to watch:

  • Increased Virtualization: AVF will become more sophisticated, allowing for the seamless running of multiple virtualized environments.
  • Desktop-Class Applications: We’ll see more desktop-class applications ported to Android, taking advantage of the increased processing power and virtualization capabilities.
  • Enhanced Security: Virtualization provides an additional layer of security, isolating applications and protecting the core operating system.
  • AI-Powered Development Tools: AI will play a growing role in mobile development, automating tasks and providing intelligent code suggestions.

FAQ

Q: Will my older Samsung phone get Linux Terminal?
A: There’s no official confirmation yet, but it’s possible, especially for recent flagship models with capable hardware.

Q: What is the Android Virtualization Framework (AVF)?
A: AVF is a technology that allows Android devices to run virtualized environments, enabling the execution of other operating systems like Linux.

Q: What are the benefits of running Linux on my phone?
A: Linux provides a powerful development environment, access to advanced tools, and increased control over your device.

Samsung’s move to embrace Linux is a pivotal moment for the Android ecosystem. It’s a clear indication that mobile devices are evolving beyond simple communication tools and becoming powerful, versatile computing platforms. Stay tuned to Sammobile for the latest updates and in-depth analysis.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Shadow AI assistant Clawdbot raises workplace risks

by Chief Editor
written by Chief Editor

The Rise of ‘Shadow AI’: How Unsanctioned Tools Like Clawdbot Are Reshaping Corporate Security

A recent report from Token Security Labs has revealed a startling trend: employees are increasingly adopting personal AI assistants – often without IT’s knowledge. Their analysis found Clawdbot (also known as Moltbot) is currently active within 22% of their customer organizations. This isn’t an isolated incident; it’s a symptom of a larger shift towards “shadow AI,” where powerful AI tools operate outside traditional security perimeters.

What is ‘Shadow AI’ and Why is it a Problem?

Shadow AI refers to the use of AI applications and services within an organization that haven’t been vetted or approved by the IT or security teams. Clawdbot, a locally-run AI assistant connecting to popular messaging apps like Slack, WhatsApp, and Microsoft Teams, exemplifies this. While offering convenience – calendar management, email responses, file access – it introduces significant risks. The core issue? Broad access to sensitive data coupled with lax security practices.

Consider this scenario: an employee uses Clawdbot on their personal laptop, connecting it to corporate Slack. Suddenly, confidential internal discussions, files, and even credentials are potentially accessible outside the company’s secure network. This bypasses crucial data loss prevention (DLP) controls and audit trails, making it difficult to detect and respond to breaches.

Did you know? A 2023 Gartner report estimated that 30% of organizations will experience “shadow IT” related security incidents by 2024, and AI tools are rapidly becoming a major component of this risk.

The Security Risks: Plaintext Credentials and Exposed APIs

Token Security’s investigation uncovered alarming security vulnerabilities. Clawdbot stores credentials in plaintext, meaning anyone with access to the user’s device can easily view them. Furthermore, researchers like Jamieson O’Reilly have discovered hundreds of publicly accessible Clawdbot instances with open admin dashboards, exposing API keys, OAuth tokens, and conversation histories. In some cases, remote code execution was even possible.

The lack of default sandboxing – explicitly acknowledged in Clawdbot’s documentation – further exacerbates the problem. This means the AI assistant operates with significant system access, increasing the potential damage from a successful attack. Prompt injection, where malicious instructions are embedded within seemingly harmless inputs, also poses a threat when the tool processes emails, documents, and web pages.

Beyond Clawdbot: The Expanding Landscape of Personal AI

Clawdbot is just the tip of the iceberg. The proliferation of open-source Large Language Models (LLMs) and user-friendly interfaces is making it easier than ever for employees to deploy personal AI assistants. Tools like LM Studio and Ollama allow users to run powerful models locally, further blurring the lines between personal and corporate data.

This trend is fueled by a genuine desire for increased productivity. Employees are seeking ways to automate tasks, streamline workflows, and gain a competitive edge. However, without proper guidance and security measures, these efforts can inadvertently create significant vulnerabilities.

What Can Organizations Do? A Proactive Approach

Addressing the challenge of shadow AI requires a multi-faceted approach:

  • Discovery and Visibility: Monitor network traffic for patterns associated with AI assistant activity. Scan endpoints for the presence of directories like “.clawdbot”.
  • Permission and Access Control: Regularly review OAuth grants and API tokens connected to critical systems. Revoke unauthorized integrations.
  • Clear Policies: Establish clear policies regarding the use of personal AI agents, outlining acceptable use cases and security requirements.
  • Approved Alternatives: Provide employees with secure, enterprise-grade AI tools that offer the functionality they need while maintaining IT oversight.

Pro Tip: Implement a robust security awareness training program to educate employees about the risks associated with shadow AI and the importance of following security protocols.

The Future of AI Security: Zero Trust and Continuous Monitoring

Looking ahead, the rise of shadow AI will likely accelerate the adoption of zero-trust security models. This approach assumes that no user or device is inherently trustworthy and requires continuous verification before granting access to resources.

Continuous monitoring and threat detection will also become increasingly critical. Organizations will need to leverage AI-powered security tools to identify and respond to anomalous activity associated with shadow AI applications. The focus will shift from simply blocking these tools to understanding how they are being used and mitigating the associated risks.

Furthermore, expect to see increased collaboration between security vendors and AI developers to build more secure and responsible AI solutions. This includes incorporating privacy-preserving techniques, robust access controls, and comprehensive audit logging.

FAQ: Shadow AI and Your Organization

  • What is the biggest risk of shadow AI? The biggest risk is the potential for data breaches and unauthorized access to sensitive information due to lack of security controls and visibility.
  • How can I detect shadow AI in my organization? Monitor network traffic, scan endpoints, and review OAuth grants and API tokens.
  • Should I completely ban the use of personal AI assistants? A complete ban may not be practical or effective. Instead, focus on providing secure alternatives and establishing clear policies.
  • What is OAuth? OAuth (Open Authorization) is a standard protocol that allows users to grant third-party applications access to their data without sharing their passwords.

The emergence of shadow AI is a wake-up call for organizations. Ignoring this trend is not an option. By proactively addressing the risks and embracing a security-first approach, businesses can harness the power of AI while protecting their valuable assets.

Want to learn more about securing your organization against emerging AI threats? Explore our comprehensive security solutions or subscribe to our newsletter for the latest insights.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Marathon Anti-Cheat All But Rules Out Linux Gamers for Upcoming Shooter

by Chief Editor
written by Chief Editor

Monday, January 19th 2026

    <img class="newsicon" src="https://tpucdn.com/images/news/tux-v1768462076.png" srcset="https://tpucdn.com/images/news/tux-v1768462076.png 125w, https://tpucdn.com/images/news/[email protected] 250w" sizes="68px" alt="" width="68" height="68" title="Linux"/>






<div class="text p">
    <h2>The Growing Rift: Anti-Cheat, Linux Gaming, and the Steam Deck</h2>
    <p>The launch of Valve’s Steam Deck has undeniably accelerated the demand for Linux gaming support. Developers are increasingly recognizing the potential of this growing user base. However, a significant hurdle remains: anti-cheat software. The recent news surrounding <a href="https://www.techpowerup.com/345368/marathon-launches-on-march-5-new-gameplay-footage-shown-in-pre-order-trailer" target="_blank">Marathon</a>’s impending launch and its decision to utilize BattlEye highlights a critical tension within the gaming industry.</p>

    <h3>Kernel-Level Anti-Cheat: A Necessary Evil?</h3>
    <p>BattlEye, like many modern anti-cheat systems, operates at the kernel level. This provides deep system access, crucial for detecting and preventing cheating. However, this very access is what creates incompatibility issues with Linux distributions, including SteamOS, the operating system powering the Steam Deck. While BattlEye *has* a Linux compatibility mode, implementation is entirely at the developer’s discretion.</p>

    <p>Bungie’s <a rel="nofollow" href="https://www.gamingonlinux.com/anticheat/vendor/battleye/" target="_blank">Destiny 2</a> serves as a stark example. Despite BattlEye being utilized, Linux support remains absent. This suggests a calculated decision, potentially driven by the perceived workload of supporting Linux or concerns about a higher incidence of cheating on the platform – a claim often debated within the Linux gaming community.</p>

    <h3>Linux Market Share: A Slow but Steady Climb</h3>
    <p>Despite these challenges, the Linux gaming market is steadily growing. The latest <a href="https://www.techpowerup.com/344662/first-amd-radeon-rx-9000-series-gpu-appears-in-steam-survey-rankings" target="_blank">Steam Survey</a> data indicates Linux now accounts for 3.8% of the total Steam user base, a continued upward trend.  While still a minority, this represents a significant and increasingly valuable segment of the gaming population.  Windows 11, meanwhile, experienced a 0.56% decrease in market share, suggesting a potential shift in user preferences.</p>

    <div class="imgcontainer"><a href="https://www.techpowerup.com/img/iMSxnRr3DigfbddD.jpg" target="_blank" data-width="1707" data-height="960" data-fancybox="g345375"><img src="https://tpucdn.com/img/iMSxnRr3DigfbddD_thm.jpg" width="231" height="130" alt=""/></a> <a href="https://www.techpowerup.com/img/dWQYJBPTs4vDB4uO.jpg" target="_blank" data-width="1932" data-height="766" data-fancybox="g345375"><img src="https://tpucdn.com/img/dWQYJBPTs4vDB4uO_thm.jpg" width="328" height="130" alt=""/></a></div>

    <h2>Future Trends: Navigating the Anti-Cheat Landscape</h2>
    <p>The situation with Marathon isn’t an isolated incident. It’s indicative of broader trends that will likely shape the future of gaming on Linux and the Steam Deck.</p>

    <h3>The Rise of Proton and Compatibility Layers</h3>
    <p>Valve’s Proton compatibility layer has been instrumental in bringing countless Windows games to Linux. However, anti-cheat remains a major stumbling block. Future development of Proton will likely focus heavily on circumventing or working *with* anti-cheat systems, a complex and ongoing battle.  Expect to see more sophisticated techniques employed to maintain compatibility without compromising security.</p>

    <h3>Developer Responsibility and Community Pressure</h3>
    <p>Ultimately, the onus falls on developers to prioritize Linux support.  Community pressure, as seen with vocal discussions on platforms like <a rel="nofollow" href="https://www.gamingonlinux.com/" target="_blank">GamingOnLinux</a> and Reddit, can be a powerful force.  Developers who actively embrace Linux compatibility are likely to reap the rewards of a loyal and growing user base.</p>

    <h3>Alternative Anti-Cheat Solutions</h3>
    <p>The industry may see a shift towards anti-cheat solutions designed with Linux compatibility in mind from the ground up.  Currently, most established anti-cheat systems were built for Windows.  New entrants could potentially disrupt the market by offering more inclusive solutions.  Easy Anti-Cheat, for example, has shown more willingness to work with Linux, though challenges remain.</p>

    <h3>Hardware-Level Security</h3>
    <p>Looking further ahead, hardware-level security features integrated into CPUs and GPUs could offer a more robust and platform-agnostic approach to anti-cheat. This would reduce the reliance on kernel-level software, potentially resolving compatibility issues and enhancing overall system security. AMD and Intel are both investing in technologies that could contribute to this future.</p>

    <small class="story-sources">
    Sources:
            <a href="https://store.steampowered.com/app/3065800/Marathon/" target="_blank" rel="nofollow">Marathon on Steam</a>,                <a href="https://www.gamingonlinux.com/anticheat/vendor/battleye/" target="_blank" rel="nofollow">GamingOnLinux</a>,                <a href="https://areweanticheatyet.com/" target="_blank" rel="nofollow">AreWeAntiCheatYet?</a>          </small>

    <section class="related">


</section>

<h2>FAQ: Anti-Cheat and Linux Gaming</h2>
<ul>
    <li><b>Why doesn't every game work on Linux?</b> Kernel-level anti-cheat software is often incompatible with Linux distributions.</li>
    <li><b>What is Proton?</b> Proton is a compatibility layer developed by Valve that allows many Windows games to run on Linux.</li>
    <li><b>Will anti-cheat ever be fully compatible with Linux?</b> It's a complex challenge, but ongoing development of Proton and potential new anti-cheat solutions offer hope for improved compatibility.</li>
    <li><b>What can I do to support Linux gaming?</b>  Voice your support to developers, participate in the community, and consider purchasing games that offer native Linux support.</li>
</ul>

<div class="pro-tip">
    <b>Pro Tip:</b> Check <a href="https://www.protondb.com/" target="_blank" rel="nofollow">ProtonDB</a> before purchasing a game to see how well it runs on Linux and if any workarounds are available.
</div>
0 comments
0 FacebookTwitterPinterestEmail
Tech

DDoS Attack on Arch Linux: Situation Resolved?

by Chief Editor
written by Chief Editor

The Future of Open Source Security: What the Arch Linux DDoS Attack Tells Us

The recent Distributed Denial-of-Service (DDoS) attacks targeting Arch Linux servers, while seemingly resolved, offer a stark reminder of the vulnerabilities inherent in open-source projects. As the digital landscape becomes increasingly complex, understanding these threats and anticipating future trends is crucial. Let’s delve into what we can learn from the Arch Linux incident and what the future holds for open-source security.

The Evolving Threat Landscape: Beyond the Basics

The Arch Linux attack, which targeted the main website, Arch User Repository (AUR), and forums, wasn’t an isolated incident. It reflects a growing trend. Cyberattacks are becoming more sophisticated and frequent, targeting not only large corporations but also smaller, community-driven projects. These attacks aren’t just about disruption; they can be used for data theft, malware distribution, or simply to damage a project’s reputation. This is the new normal.

One critical aspect is the move beyond simple volumetric attacks, such as the one potentially deployed against Arch Linux. Attackers are increasingly leveraging application-layer attacks, which are harder to detect and mitigate. These attacks target vulnerabilities in specific applications or services, making them more effective and stealthy. This means projects need more sophisticated defenses.

Did you know?
According to recent reports, DDoS attacks have increased in both frequency and size. The average attack size has grown, meaning more robust infrastructure is required to maintain uptime.

Strengthening Defenses: Best Practices for Open Source Projects

The response of the Arch Linux maintainers, including working with their hosting provider and evaluating Anti-DDoS services, provides valuable lessons. The path forward for all open-source projects involves a multi-layered approach to security.

  • Proactive Vulnerability Management: Regularly audit and patch vulnerabilities, even if they appear minor. Consider implementing a bug bounty program to incentivize ethical hackers to find and report security flaws.
  • DDoS Mitigation Strategies: Utilize a content delivery network (CDN) to distribute traffic and absorb attacks. Implement rate limiting and other mitigation techniques to identify and block malicious traffic.
  • Community Engagement: Build a strong community. Encourage users to report suspicious activity and contribute to security enhancements. Encourage active participation and transparency, like what Arch Linux has already done.
  • Security Audits: Regular independent security audits of code and infrastructure can identify weaknesses before attackers do.

Pro Tip:
Consider using automated tools for security scanning and vulnerability assessment. There are many open-source and commercial tools available that can automate many of these tasks.

The Role of the Community: Collaboration and Support

Open source thrives on community. The Arch Linux team recognized the importance of the community during the attacks, asking for patience and thanking users for their support. This support is vital not only during an attack but also in the long term.

Community members can play a vital role in security:

  • Reporting Vulnerabilities: Be diligent about reporting security issues.
  • Contributing Code: Help develop and maintain security patches and improvements.
  • Supporting Each Other: Share knowledge and best practices on secure coding and system administration.

The Arch Linux Security Team is a great resource that shares vulnerability reports and security advice. Open source projects benefit when communities are proactive and take cybersecurity seriously.

The Future: Trends to Watch

The landscape of cyberattacks is constantly changing. Several trends will likely define the future of open-source security:

  • Increased Automation: Attackers will use automation tools to identify vulnerabilities and launch attacks. This requires defensive automation.
  • Supply Chain Attacks: Attacks will target the open-source projects themselves, and they’ll try to inject malicious code or compromise dependencies.
  • AI-Powered Threats: Artificial intelligence will empower attackers to create even more sophisticated attacks, including those targeting authentication systems.

Staying informed and adaptable is key. Open-source projects need to prepare for an increasingly hostile environment.

FAQ: Addressing Common Questions

Q: What is a DDoS attack?

A: A Distributed Denial-of-Service (DDoS) attack attempts to make an online service unavailable by overwhelming it with traffic from multiple sources.

Q: Why are open-source projects targeted?

A: Open-source projects are often seen as vulnerable due to their reliance on volunteer efforts and potentially smaller budgets. Also, attacks on open-source projects can have a widespread impact.

Q: How can I help protect an open-source project?

A: Report security vulnerabilities, contribute code, share security best practices, and support the project through donations or community participation.

Call to Action

What are your thoughts on the future of open-source security? Share your insights and experiences in the comments below. Let’s collaborate to build a more secure digital landscape for everyone. Consider subscribing to our newsletter for more in-depth articles.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Dateisystem Bcachefs: Linux Kernel Einbau Bestätigt

by Chief Editor
written by Chief Editor

Nach wiederholten Unstimmigkeiten mit dem Entwickler des Dateisystem Bcachefs hat Linus Torvalds den Bcachefs-Code von Linux nun als “extern gewartet” deklariert. Die Kennzeichnung ist ein Novum – und da der Erfinder und leitende Entwickler des Kernels sie nicht näher erläutert hat, ist unklar, was sie genau bedeutet. Der gemeinhin erwartete und von Torvalds mehrfach in Aussicht gestellte Rauswurf der in Linux als experimentell geltenden Bcachefs-Unterstützung ist damit aber allem Anschein vorerst vom Tisch.

Bcachefs in Linux: What’s Next for the “Externally Maintained” File System?

The recent declaration by Linus Torvalds, marking the Bcachefs file system code in Linux as “externally maintained,” has sent ripples through the open-source community. What exactly does this mean for users and the future of Bcachefs? Let’s delve into the implications and potential scenarios.

No Immediate Code Removal

The “externally maintained” designation implies that the existing Bcachefs code within the Linux kernel won’t undergo major changes for the time being. This means it will remain at the state of Linux version 6.16. Torvalds has opted not to integrate the updates submitted by Bcachefs developer Kent Overstreet for the upcoming version 6.17.

However, users already utilizing Bcachefs can safely upgrade to 6.17 and subsequent kernel versions. This approach avoids a “regression” – a step back in functionality – which Torvalds strongly disapproves of in Linux development.

The implications of Torvalds’ status change are unclear.

(Source: heise medien)

Caution Advised with “Externally Maintained” Bcachefs

Kernel updates should function without issues, at least as long as users and distributions do not employ kernels with newer Bcachefs code, maintained independently by Overstreet. This newer code, or associated userspace tools, could potentially introduce incompatible changes to file system structures.

If this were to occur, the official kernel’s Bcachefs code might refuse to mount the file system. It is possible, though improbable, that someone could act as an intermediary, taking the newer Bcachefs code from Overstreet and submitting it to Torvalds for inclusion and maintenance. This path, however, is fraught with difficulty.

A former Bcachefs co-developer, who seemed willing to take on this role, left the Bcachefs project following a disagreement with Overstreet.

The Root of the Disagreements

One source of friction between Kent Overstreet and Torvalds stemmed from Overstreet’s repeated submissions of significant changes for inclusion during the stabilization phase of new kernel versions. Torvalds viewed these changes as potentially risky, necessitating a delay until the development phase of the subsequent version. This development model has been managed smoothly by hundreds of other kernel developers for decades.

Overstreet has also clashed with other kernel developers over various aspects of Bcachefs development, for example, altering Linux kernel code maintained by them without proper coordination or even without their knowledge. Disputes with Overstreet also occurred more than a decade ago during his work on Bcache, the SSD hard drive caching solution. He later moved onto Bcachefs, without establishing a successor for Bcache.

A “Pro Tip” for users: It is crucial to carefully consider the source and version of Bcachefs code, especially if you are not a seasoned Linux developer. Using incompatible versions could lead to data integrity issues.

The patch description regarding the new status of Bcachefs and insights from the kernel community suggest that Torvalds made the decision in consultation with other key Linux developers. It remains to be seen how this step will affect the Linux ecosystem.

Major distributions like Debian, Fedora, and openSUSE are expected to continue using the Bcachefs code already included in Linux or to completely disable it in their kernels. Integrating Overstreet’s newer Bcachefs code is unlikely, as it would complicate maintenance. Moreover, more kernel developers will probably refuse to address bug reports submitted by users of these distributions, as such modifications could easily introduce errors that should not occur with the official kernel. Some smaller distributions may, however, embrace it to specifically attract Bcachefs enthusiasts.

Bcachefs: Potential Future Trends

So, what does the future hold for Bcachefs? Despite the current situation, it’s still a file system with promising features. Let’s explore some possible paths:

Community-Driven Development

Without direct integration into the main kernel branch, Bcachefs development could become more community-driven. Enthusiasts might step up to maintain and improve the file system. This approach relies heavily on community support and the availability of dedicated developers.

Did you know? The Linux kernel is one of the most collaboratively developed software projects in the world, with contributions from thousands of developers globally.

Independent Distributions and Use Cases

Smaller, specialized Linux distributions might embrace Bcachefs more readily, catering to users who actively seek its features. These distributions could target specific use cases, like high-performance computing or specific storage solutions.

Real-life Example: Consider a small team building a high-performance storage appliance. Bcachefs could be a good choice given its design goals for performance and reliability.

Forking and Alternative Implementations

In a more extreme scenario, Bcachefs could be forked. This would create a separate file system with its own development path, potentially diverging significantly from Overstreet’s original vision. However, forking involves significant effort, and its success depends on attracting a dedicated development team and user base.

Impact on Storage Technology

Bcachefs’s development, regardless of its direct integration, influences how storage technologies evolve in Linux. The pursuit of enhanced performance, reliability, and scalability are key drivers in the design of all modern file systems. The lessons learned in Bcachefs development will contribute to advances in other areas, such as faster data access and improved data integrity, even if Bcachefs itself doesn’t become a mainstream file system.

Frequently Asked Questions (FAQ)

Here are some common questions about Bcachefs and its current status:

Q: What does “externally maintained” mean for Bcachefs?

A: It means the Bcachefs code in the Linux kernel will likely not receive significant updates from the main kernel maintainers for the foreseeable future.

Q: Can I still use Bcachefs?

A: Yes, if you’re using the version included in the Linux kernel, it should continue to work. However, using newer, independently maintained versions comes with risks.

Q: Will Bcachefs ever be fully integrated into the Linux kernel?

A: That’s uncertain. It depends on the resolution of issues between Torvalds and Overstreet, and the future of Bcachefs development.

Q: Is Bcachefs safe to use?

A: Use Bcachefs with caution. If you are not experienced with Linux development, ensure that you stick to the versions included in official kernel releases. Always back up your data before experimenting with file systems, especially experimental ones.


(dmk)

0 comments
0 FacebookTwitterPinterestEmail
Newer Posts
Older Posts