An anonymous reader quotes a report from Ars Technica: Researchers have discovered a never-before-seen framework that infects Linux machines with a wide assortment of modules that are notable for the range of advanced capabilities they provide to attackers. The framework, referred to as VoidLink by its source code, features more than 30 modules that can be used to customize capabilities to meet attackers' needs for each infected machine. These modules can provide additional stealth and specific tools for reconnaissance, privilege escalation, and lateral movement inside a compromised network. The components can be easily added or removed as objectives change over the course of a campaign.

VoidLink can target machines within popular cloud services by detecting if an infected machine is hosted inside AWS, GCP, Azure, Alibaba, and Tencent, and there are indications that developers plan to add detections for Huawei, DigitalOcean, and Vultr in future releases. To detect which cloud service hosts the machine, VoidLink examines metadata using the respective vendor's API. Similar frameworks targeting Windows servers have flourished for years. They are less common on Linux machines. The feature set is unusually broad and is "far more advanced than typical Linux malware," said researchers from Checkpoint, the security firm that discovered VoidLink. Its creation may indicate that the attacker's focus is increasingly expanding to include Linux systems, cloud infrastructure, and application deployment environments, as organizations increasingly move workloads to these environments. "VoidLink is a comprehensive ecosystem designed to maintain long-term, stealthy access to compromised Linux systems, particularly those running on public cloud platforms and in containerized environments," the researchers said in a separate post. "Its design reflects a level of planning and investment typically associated with professional threat actors rather than opportunistic attackers, raising the stakes for defenders who may never realize their infrastructure has been quietly taken over."

The researchers note that VoidLink poses no immediate threat or required action since it's not actively targeting systems. However, defenders should remain vigilant.

BrianFagioli writes: Wine 11.0 has officially landed, wrapping up a year of development with more than 6,000 code changes and a broad set of upgrades that touch gaming, desktop behavior, and long-standing architectural work. The biggest milestone is the completion of the new WoW64 model, which is now considered fully supported and allows 32-bit and even 16-bit applications to run in a cleaner way inside 64-bit prefixes. Wine also gains support for the NTSYNC kernel module now bundled in Linux 6.14, which cuts overhead from thread synchronization and should deliver observable performance benefits in games and multi-threaded applications. A single unified wine binary now replaces the old wine64 launcher, and several system behaviors align more closely with modern Windows, including syscall numbering and NT reparse points.

Graphics and desktop integration received more polish, including deeper Vulkan support (up to API 1.4.335), hardware-accelerated H.264 decoding through Direct3D, and further improvements to Wine's Wayland driver, which now supports clipboard operations, IMEs, and shaped windows. X11 users gain better window activation and fullscreen handling, and legacy DirectX features continue to expand under Wine's Vulkan renderer. Device support also moves forward, with better joystick handling, improved Bluetooth visibility and pairing, and working TWAIN scanning on 64-bit apps. Broad multimedia updates, DirectMusic refinements, .NET/XNA improvements, and developer-facing tools round out a release that appears focused on smoothing sharp edges rather than introducing flashy experiments. As always, source is live now and distro packages are rolling out.

Linus Torvalds has started experimenting with vibe coding, using Google's Antigravity AI to generate parts of a small hobby project called AudioNoise. "In doing so, he has become the highest-profile programmer yet to adopt this rapidly spreading, and often mocked, AI-driven programming," writes ZDNet's Steven Vaughan-Nichols. Fro the report: [I]t's a trivial program called AudioNoise -- a recent side project focused on digital audio effects and signal processing. He started it after building physical guitar pedals, GuitarPedal, to learn about audio circuits. He now gives them as gifts to kernel developers and, recently, to Bill Gates.

While Torvalds hand-coded the C components, he turned to Antigravity for a Python-based audio sample visualizer. He openly acknowledges that he leans on online snippets when working in languages he knows less well. Who doesn't? [...] In the project's README file, Torvalds wrote that "the Python visualizer tool has been basically written by vibe-coding," describing how he "cut out the middle-man -- me -- and just used Google Antigravity to do the audio sample visualiser." The remark underlines that the AI-generated code met his expectations well enough that he did not feel the need to manually re-implement it. Further reading: Linus Torvalds Says Vibe Coding is Fine For Getting Started, 'Horrible Idea' For Maintenance

A year ago the Steam Survey showed a 2.29% marketshare for Linux. Last May it reached 2.69%, its highest level since 2018. November saw another all-time high of 3.2%.

But December brought a surprise, reports Phoronix: Back on the 1st Valve published the Steam Survey results for December 2025 and they put the Linux gaming marketshare at 3.19%, a 0.01% dip from November. But now the December results have been revised... [and] put the Linux marketshare at 3.58%, a 0.38% increase over November. Valve didn't publish any explanation for the revision but occasionally they do put out monthly revised data. This is easily an all-time high... both in percentage terms and surely in absolute terms too.

An anonymous reader shared this report from It's FOSS: Jenny Guanni Qu, a researcher at [VC fund] Pebblebed, analyzed 125,183 bugs from 20 years of Linux kernel development history (on Git). The findings show that the average bug takes 2.1 years to find. [Though the median is 0.7 years, with the average possibly skewed by "outliers" discovered after years of hiding.] The longest-lived bug, a buffer overflow in networking code, went unnoticed for 20.7 years! [But 86.5% of bugs are found within five years.]

The research was carried out by relying on the Fixes: tag that is used in kernel development. Basically, when a commit fixes a bug, it includes a tag pointing to the commit that introduced the bug. Jenny wrote a tool that extracted these tags from the kernel's git history going back to 2005. The tool finds all fixing commits, extracts the referenced commit hash, pulls dates from both commits, and calculates the time frame. As for the dataset, it includes over 125k records from Linux 6.19-rc3, covering bugs from April 2005 to January 2026. Out of these, 119,449 were unique fixing commits from 9,159 different authors, and only 158 bugs had CVE IDs assigned.
It took six hours to assemble the dataset, according to the blog post, which concludes that the percentage of bugs found within one year has improved dramatically, from 0% in 2010 to 69% by 2022. The blog post says this can likely be attributed to:

• The Syzkaller fuzzer (released in 2015)

• Dynamic memory error detectors like KASAN, KMSAN, KCSAN sanitizers

• Better static analysis

• More contributors reviewing code

But "We're simultaneously catching new bugs faster AND slowly working through ~5,400 ancient bugs that have been hiding for over 5 years."

They've also developed an AI model called VulnBERT that predicts whether a commit introduces a vulnerability, claiming that of all actual bug-introducing commits, it catches 92.2%. "The goal isn't to replace human reviewers but to point them at the 10% of commits most likely to be problematic, so they can focus attention where it matters..."

Gentoo Linux posted its 2025 project retrospective this week. Some interesting details: Mostly because of the continuous attempts to force Copilot usage for our repositories, Gentoo currently considers and plans the migration of our repository mirrors and pull request contributions to Codeberg. Codeberg is a site based on Forgejo, maintained by a non-profit organization, and located in Berlin, Germany. Gentoo continues to host its own primary git, bugs, etc infrastructure and has no plans to change that...

We now publish weekly Gentoo images for Windows Subsystem for Linux (WSL), based on the amd64 stages, see our mirrors. While these images are not present in the Microsoft store yet, that's something we intend to fix soon...

Given the unfortunate fracturing of the GnuPG / OpenPGP / LibrePGP ecosystem due to competing standards, we now provide an alternatives mechanism to choose the system gpg provider and ease compatibility testing...

We have added a bootstrap path for Rust from C++ using Mutabah's Rust compiler mrustc, which alleviates the need for pre-built binaries and makes it significantly easier to support more configurations. Similarly, Ada and D support in gcc now have clean bootstrap paths, which makes enabling these in the compiler as easy as switching the useflags on gcc and running emerge.
Other interesting statistics for the year:

• Gentoo currently consists of 31,663 ebuilds for 19,174 different packages.
• For amd64 (x86-64), there are 89 GBytes of binary packages available on the mirrors.
• Gentoo each week builds 154 distinct installation stages for different processor architectures and system configurations, with an overwhelming part of these fully up-to-date.
• The number of commits to the main ::gentoo repository has remained at an overall high level in 2025, with a slight decrease from 123,942 to 112,927.
• The number of commits by external contributors was 9,396, now across 377 unique external authors.

Thanks to long-time Slashdot reader Heraklit for sharing the 2025 retrospective.

Is there a trend? This week four different articles appeared on various tech-news sites with an author bragging about switching to Linux.

"Greetings from the year of Linux on my desktop," quipped the Verge's senior reviews editor, who finally "got fed up and said screw it, I'm installing Linux."

They switched to CachyOS — just like this writer for the videogame magazine Escapist: I've had a fantastic time gaming on Linux. Valve's Windows-to-Linux translation layer, Proton, and even CachyOS' bundled fork have been working just fine. Of course, it's not perfect, and there's been a couple of instances where I've had to problem-solve something, but most of the time, any issues gaming on Linux have been fixed by swapping to another version of Proton. If you're deep in online games like Fortnite, Call of Duty, Destiny 2, GTAV or Battlefield 6, it might not be the best option to switch. These games feature anti-cheats that look for versions of Windows or even the heart of the OS, the kernel, to verify the system isn't going to mess up someone's game....

CachyOS is thankfully pre-packed with Nvidia drivers, meaning I didn't have to dance around trying to find them.... Certain titles will perform worse than their counterparts, simply due to how the bods at Nvidia are handling the drivers for Linux. This said, I'm still not complaining when I'm pushing nearly 144fps or more in newer games. The performance hit is there, but it's nowhere near enough to stave off even an attempt to mess about with Linux.

Do you know how bizarre it is to say it's "nice to have a taskbar again"? I use macOS daily for a lot of my work, which uses a design baked back in the 1990s through NeXT. Seeing just a normal taskbar that doesn't try to advertise to me or crash because an update killed it for some reason is fantastic. That's how bad it is out there right now for Windows.
"I run Artix, by the way," joked a senior tech writer at Notebookcheck (adding "There. That's out of the way...") I dual-booted a Linux partition for a few weeks. After a Windows update (that I didn't choose to do) wiped that partition and, consequently, the Linux installation, I decided to go whole-hog: I deleted Windows 11 and used the entire drive for Linux...

Artix differs from Arch in that it does not use SystemD as its init system. I won't go down the rabbit hole of init systems here, but suffice it to say that Artix boots lightning quick (less than 10 seconds from a cold power on) and is pretty light on system resources. However, it didn't come "fully assembled..." The biggest problem I ran into after installing Artix on the [MacBook] Air was the lack of wireless drivers, which meant that WiFi did not work out of the box. The resolution was simple: I needed to download the appropriate WiFi drivers (Broadcom drivers, to be exact) from Artix's main repository. This is a straightforward process handled by a single command in the Terminal, but it requires an internet connection... which my laptop did not have. Ultimately, I connected a USB-to-Ethernet adapter, plugged the laptop directly into my router, and installed the WiFi drivers that way. The whole process took about 10 minutes, but it was annoying nonetheless.

For the record, my desktop (an AMD Ryzen 7 6800H-based system) worked flawlessly out-of-the-box, even with my second monitor's uncommon resolution (1680x1050, vertical orientation). I did run into issues with installing some packages on both machines. Trying to install the KDE desktop environment (essentially a different GUI for the main OS) resulted in strange artifacts that put white text on white backgrounds in the menus, and every resolution I tried failed to correct this bug. After reverting to XFCE4 (the default desktop environment for my Artix install), the WiFi signal indicator in the taskbar disappeared. This led to me having to uninstall a network manager installed by KDE and re-linking the default network manager to the runit services startup folder. If that sentence sounds confusing, the process was much more so. It has been resolved, and I have a WiFi indicator that lets me select wireless networks again, but only after about 45 minutes of reading manuals and forum posts.

Other issues are inherent to Linux. Not all games on Steam that are deemed Linux compatible actually are. Civilization III Complete is a good example: launching the game results in the map turning completely black. (Running the game through an application called Lutris resolved this issue.) Not all the software I used on Windows is available in Linux, such as Greenshot for screenshots or uMark for watermarking photos in bulk. There are alternatives to these, but they don't have the same features or require me to relearn workflows... Linux is not a "one and done" silver bullet to solve all your computer issues. It is like any other operating system in that it will require users to learn its methods and quirks. Admittedly, it does require a little bit more technical knowledge to dive into the nitty-gritty of the OS and fully unlock its potential, but many distributions (such as Mint) are ready to go out of the box and may never require someone to open a command line...

[T]he issues I ran into on Linux were, for the most part, my fault. On Windows or macOS, most problems I run into are caused by a restriction or bug in the OS. Linux gives me the freedom to break my machine and fix it again, teaching me along the way. With Microsoft's refusal (either from pride or ignorance) to improve (or at least not crapify) Windows 11 despite loud user outrage, switching to Linux is becoming a popular option. It's one you should consider doing, and if you've been thinking about it for any length of time, it's time to dive in.
And tinkerer Kevin Wammer switched from MacOS to Linux, saying "Linux has come a long way" after more than 30 years — but "Windows still sucks..."

Linus Torvalds has weighed in on an ongoing debate within the Linux kernel development community about whether documentation should explicitly address AI-generated code contributions, and his position is characteristically blunt: stop making it an issue. The Linux creator was responding to Oracle-affiliated kernel developer Lorenzo Stoakes, who had argued that treating LLMs as "just another tool" ignores the threat they pose to kernel quality. "Thinking LLMs are 'just another tool' is to say effectively that the kernel is immune from this," Stoakes wrote.

Torvalds disagreed sharply. "There is zero point in talking about AI slop," he wrote. "Because the AI slop people aren't going to document their patches as such." He called such discussions "pointless posturing" and said that kernel documentation is "for good actors." The exchange comes as a team led by Intel's Dave Hansen works on guidelines for tool-generated contributions. Stoakes had pushed for language letting maintainers reject suspected AI slop outright, arguing the current draft "tries very hard to say 'NOP.'" Torvalds made clear he doesn't want kernel documentation to become a political statement on AI. "I strongly want this to be that 'just a tool' statement," he wrote.

An anonymous reader shared this report from the Linux news site Linuxiac: Archboot, a guided, user-friendly, menu-driven installer for Arch Linux that automates much of the traditional manual installation process (while still allowing advanced users to intervene when needed), has added the COSMIC desktop environment as a new selectable option. The change is part of Archboot's development cycle leading up to the 2026.01 release and is already available in the latest tagged builds. With COSMIC now integrated, users can boot an Archboot ISO and choose the desktop to either perform a full Arch Linux installation or start a live session for testing and recovery.

Phoronix's Michael Larabel is "reliving some of the best moments for Fedora Linux in 2025" by highlighting the year's most popular news around the distro. Throughout 2025, Fedora continued to lead upstream Linux innovation with bold changes like Wayland-only GNOME, newer kernels, architecture cleanups, and experimental features -- while openly grappling with controversial shifts such as dropping 32-bit support and modernizing long-standing subsystems.

"Fedora Linux this year continued in punctually shipping the very latest upstream Linux innovations from the freshest Wayland components to Linux kernel features and continuing to leverage other improvements in the open-source world," writes Larabel. "Fedora enjoyed the successful Fedora 42 and Fedora 43 releases this year, including going with Wayland-noly GNOME and further phasing of 32-bit packages. Fedora's KDE spin continued improving too and the Red Hat sponsored Linux distribution enjoyed a wealth of other improvements this year."

Phoronix reports on "an exciting post-Christmas patch series out on the Linux kernel mailing list" proposing "a new runtime standby ABI that is similar in nature to the 'Modern Standby' functionality found with Microsoft Windows..." Modern Standby is a low-power mode on Windows 11 for letting systems remain connected to the network and appear "sleeping" but will allow for instant wake-up for notifications, music playback, and other functionality. The display is off, the network remains online, and background tasks can wake-up the system if needed with Microsoft Modern Standby...

"This series introduces a new runtime standby ABI to allow firing Modern Standby firmware notifications that modify hardware appearance from userspace without suspending the kernel," [according to the email about the proposed patch series]. "This allows userspace to set the inactivity state of the device so that it looks like it is asleep (e.g., flashing the power button) while still being able to perform basic computations..."

Those interested can see the RFC patch series for the work in its current form, in particular the documentation patch outlines the proposed /sys/power/standby interface.

NVIDIA has been "gradually dropping support for older videocards," notes Hackaday, "with the Pascal (GTX 10xx) GPUs most recently getting axed."

"What's more surprising is the terrible way that this is being handled by certain Linux distributions, with Arch Linux currently a prime example.?" On these systems, updating the OS with a Pascal, Maxwell or similarly unsupported GPU will result in the new driver failing to load and thus the user getting kicked back to the CLI to try and sort things back out there. This issue is summarized by [Brodie Robertson] in a recent video.
"Users with GTX 10xx series and older cards must switch to the legacy proprietary branch to maintain support," explains an announcement on the Arch Linux mailing list. But Hackaday points out that using the legacy option "breaks Steam as it relies on official NVIDIA dependencies, which requires an additional series of hacks to hopefully restore this functionality.

"Fortunately the Arch Wiki provides a starting point on what to do."

Phoronix's Michael Larabel writes: An interesting anecdote from this month's Linux Plumbers Conference in Tokyo is that Meta (Facebook) is using the Linux scheduler originally designed for the needs of Valve's Steam Deck... On Meta Servers. Meta has found that the scheduler can actually adapt and work very well on the hyperscaler's large servers. [...]

The presentation at LPC 2025 by Meta engineers was in fact titled "How do we make a Steam Deck scheduler work on large servers." At Meta they have explored SCX_LAVD as a "default" fleet scheduler for their servers that works for a range of hardware and use-cases for where they don't need any specialized scheduler. They call this scheduler built atop sched_ext as "Meta's New Default Scheduler."

LAVD they found to work well across the growing CPU and memory configurations of their servers, nice load balancing between CCX/LLC boundaries, and more. Those wishing to learn more about Meta's use and research into SCX-LAVD can find the Linux Plumbers Conference presentation embedded below along with the slide deck (PDF).

Linux's share of the desktop market has climbed to as much as 11% by one count, but that figure includes Chromebooks, and the traditional Linux desktop remains hamstrung by the same fragmentation that killed Unix decades ago. Steven J. Vaughan-Nichols, writing in The Register, argues that the proliferation of Linux desktops -- more than a dozen significant interfaces exist today, and DistroWatch lists "upwards of a hundred" -- makes it nearly impossible for ordinary users to know where to start.

Linus Torvalds has long agreed with this hypothesis. "We have way too many desktops," Vaughan-Nichols notes, summarizing Torvalds' position. The deeper issue lies in software delivery: traditional package managers like DEB and RPM "simply don't scale for the desktop," forcing distro builders to constantly rebuild programs for their specific environments. Containerized solutions like Flatpaks, Snaps and AppImages should solve this by bundling dependencies into universal packages, but the Linux community remains divided over which to adopt.

Linux Mint, for instance, refuses Snap because "Canonical has too much control over the Snap store." Hardware support further complicates this challenges, the veteran journalist writes. While Dell sells Ubuntu machines and specialist vendors like System76 and TUXEDO Computers cater to enthusiasts, "none of them make it easy" for mainstream buyers, and no major OEM strongly backs Linux. Torvalds has pointed to Chromebooks and Android as the model: Linux won on smartphones because "there's a single, unified platform with a unified way to install programs."

An anonymous reader shared this report from the site It's FOSS: Linux gives you plenty of ways to install software: native distro packages, Flatpak, Snap, AppImage, source builds, even curl-piped installers. The catch is that each one solves a different problem, yet none of them fully eliminates the "works here, breaks there" reality across all distros. Package Forge (PkgForge) is a new project with a narrower mission: deliver truly distro-independent portable applications that run the same way across systems....

It's not a new packaging format in and of itself, nor is it trying to replace AppImages. Instead, it's an ecosystem that publishes portable packages and static binaries in curated repositories, paired with a package manager designed to install and manage them. One of the ways PkgForge stands out from some portable app efforts on Linux is its focus on accessible documentation and a security-minded distribution model. The project primarily delivers prebuilt binary packages, keeps transparent build logs, and relies on checksum verification. This helps reduce the spread of ad-hoc install scripts and the need for local compilation, which has long been a common pattern when downloading Linux software directly (and still is for many projects today).

To make life easier for the end-user, the project maintains its own frontend, called Soar... which you can use like an additional package manager, and let it handle installation, updates, and system integration. It also allows you to search for apps and utilities without having to dig through the repos online. Alternatively, you can search the PkgForge repos manually, and download and manage individual portable packages on your own. This is preferable if you're building a portable toolkit on a USB drive, testing a single app temporarily, or simply want full control over where files live...

Even if it doesn't replace Flatpak, Snap, or AppImage, it helps give definition to what a more flexible, truly distro-independent future for portable Linux apps could look like.