Bcachefs "pitches itself as a filesystem that 'doesn't eat your data'," writes the open source/Linux blog It's FOSS. Although it was last October that Bcachefs developer Kent Overstreet was restricted from participating in the Linux 6.13 kernel development cycle (after ending a mailing list post with "Get your head examined. And get the fuck out of here with this shit.")

And now with the upcoming Linux kernel 6.17 release, Linus Torvalds has decided to drop Bcachefs support, they report, "owing to growing tensions" with Overstreet: The decision follows a series of disagreements over how fixes and changes for it were submitted during the 6.16 release cycle... Kent filed a pull request to add a new feature called "journal-rewind". It was meant to improve bcachefs repair functionality, but it landed during the release candidate (RC) phase, a time usually reserved for bug fixes, not new features, as Linus pointed out. [Adding "I remain steadfastly convinced that anybody who uses bcachefs is expecting it to be experimental. They had better."]

Theodore Ts'o, a long-time kernel developer and maintainer of ext4, also chimed in, saying that Kent's approach risks introducing regressions, especially when changes affect sensitive parts of a filesystem like journaling. He reminded Kent that the rules around the merge window have been a long-standing consensus in the kernel community, and it's Linus's job to enforce them. After some more back and forth, Kent pushed back, arguing that the rules around the merge window aren't absolute and should allow for flexibility, even more so when user data is at stake. He then went ahead and resubmitted the patch, citing instances from XFS and Btrfs where similar fixes made it into the kernel during RCs. Linus merged it into his tree, but ultimately decided to drop Bcachefs entirely in the 6.17 merge window.

To which Kent responded by clarifying that he wasn't trying to shut Linus out of Bcachefs' decisions, stressing that he values Linus's input...
This of course follows the great Torvalds-Overstreet "filesystem people never learn" throwdown back in April.

An anonymous reader quotes a report from SecurityWeek: Hundreds of printer models from Brother and other vendors are impacted by potentially serious vulnerabilities discovered by researchers at Rapid7. The cybersecurity firm revealed on Wednesday that its researchers identified eight vulnerabilities affecting multifunction printers made by Brother. The security holes have been found to impact 689 printer, scanner and label maker models from Brother, and some or all of the flaws also affect 46 Fujifilm Business Innovation, five Ricoh, six Konica Minolta, and two Toshiba printers. Overall, millions of enterprise and home printers are believed to be exposed to hacker attacks due to these vulnerabilities.

The most serious of the flaws, tracked as CVE-2024-51978 and with a severity rating of 'critical', can allow a remote and unauthenticated attacker to bypass authentication by obtaining the device's default administrator password. CVE-2024-51978 can be chained with an information disclosure vulnerability tracked as CVE-2024-51977, which can be exploited to obtain a device's serial number. This serial number is needed to generate the default admin password. "This is due to the discovery of the default password generation procedure used by Brother devices," Rapid7 explained. "This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device's unique serial number, during the manufacturing process."

Having the admin password enables an attacker to reconfigure the device or abuse functionality intended for authenticated users. The remaining vulnerabilities, which have severity ratings of 'medium' and 'high', can be exploited for DoS attacks, forcing the printer to open a TCP connection, obtain the password of a configured external service, trigger a stack overflow, and perform arbitrary HTTP requests. Six of the eight vulnerabilities found by Rapid7 can be exploited without authentication. Brother has patched most of the flaws, but CVE-2024-51978 requires a new manufacturing process to fully resolve, which will apply only to future devices.

Disabling Intel graphics security mitigations in GPU compute stacks for OpenCL and Level Zero can yield a performance boost of up to 20%, prompting Ubuntu's Canonical and Intel to disable these mitigations in future Ubuntu packages. Phoronix's Michael Larabel reports: Intel does allow building their GPU compute stack without these mitigations by using the "NEO_DISABLE_MITIGATIONS" build option and that is what Canonical is looking to set now for Ubuntu packages to avoid the significant performance impact. This work will likely all be addressed in time for Ubuntu 25.10. This NEO_DISABLE_MITIGATIONS option is just for compiling the Intel Compute Runtime stack and doesn't impact the Linux kernel security mitigations or else outside of Intel's "NEO" GPU compute stack. Both Intel and Canonical are in agreement with this move and it turns out that even Intel's GitHub binary packages for their Compute Runtime for OpenCL and Level Zero ship with the mitigations disabled due to the performance impact. This Ubuntu Launchpad bug report for the Intel Compute Runtime notes some of the key takeaways. There is also this PPA where Ubuntu developers are currently testing their Compute Runtime builds with NEO_DISABLE_MITIGATIONS enabled for disabling the mitigations.

Threads now has 350 million users — but this week a strange bug affected some Threads accounts (on both desktop and mobile). "One user's post will get repeated over and over again..." explains TechCrunch, "as though every user on your feed is saying the same thing." "Siri, unsubscribe me from 2025," one Threads user wrote, per a screenshot from social media expert Alexa Heinrich. But then, everyone else on Heinrich's feed appeared to be echoing the same cheugy joke...

While it's not yet clear what caused the bug, Meta Communications Director Andy Stone responded to app researcher Jane Manchun Wong's post about the issue. "Whoops, well that clearly shouldn't have happened! We're working on getting it fixed now," Stone said.
I thought the bug was only affecting user feeds (and not replies). But either way, Wong came up with the perfect comeback.

"Whoops, well that clearly shouldn't have happened! We're working on getting it fixed now."

Microsoft has disabled Windows Hello's ability to authenticate users in low-light environments through a recent security update that now requires both infrared sensors and color cameras to verify faces. The change forces the system to see a visible face through the webcam before completing authentication with IR sensors.

Windows Hello earlier relied solely on infrared sensors to create 3D facial scans, allowing the feature to work in complete darkness similar to iPhone's Face ID. Microsoft pushed the dual-camera requirement to address a spoofing vulnerability in the biometric system.

Microsoft's latest Windows 11 preview builds contain a bug that replaces the operating system's startup sound with Windows Vista's iconic boot chime from 2006. Microsoft acknowledged the bug in its release notes -- describing it as a "delightful blast from the past" -- and said it was working on a fix.

It's no longer a hypothetical question, writes the Washington Post. "In recent years, scientists have devised powerful genetic tools that may be able to eradicate mosquitoes and other pests once and for all."

But along with the ability to fight malaria, dengue, West Nile virus and other serious diseases, "the development of this technology also raises a profound ethical question: When, if ever, is it okay to intentionally drive a species out of existence...?" When so many wildlife conservationists are trying to save plants and animals from disappearing, the mosquito is one of the few creatures that people argue is actually worthy of extinction. Forget about tigers or bears; it's the tiny mosquito that is the deadliest animal on Earth. The human misery caused by malaria is undeniable. Nearly 600,000 people died of the disease in 2023, according to the World Health Organization, with the majority of cases in Africa... But recently, the Hastings Center for Bioethics, a research institute in New York, and Arizona State University brought together a group of bioethicists to discuss the potential pitfalls of intentionally trying to drive a species to extinction. In a policy paper published in the journal Science last month, the group concluded that "deliberate full extinction might occasionally be acceptable, but only extremely rarely..."

It's unclear how important malaria-carrying mosquitoes are to broader ecosystems. Little research has been done to figure out whether frogs or other animals that eat the insects would be able to find their meals elsewhere. Scientists are hotly debating whether a broader "insect apocalypse" is underway in many parts of the world, which may imperil other creatures that depend on them for food and pollination... Instead, the authors said, geneticists should be able to use gene editing, vaccines and other tools to target not the mosquito itself, but the single-celled Plasmodium parasite that is responsible for malaria. That invisible microorganism — which a mosquito transfers from its saliva to a person's blood when it bites — is the real culprit.
A nonprofit research consortium called Target Malaria has genetically modified mosquitoes in their labs (which get core funding from the Gates Foundation and from Open Philanthropy, backed by Facebook co-founder Dustin Moskovitz and his wife). ), and hopes to deploy them in the wild within five years...

unixbhaskar shares a report from Phoronix: The X86_NATIVE_CPU Kconfig build time option has been merged for the Linux 6.16 merge window as an easy means of enforcing "-march=native" compiler behavior on AMD and Intel processors to optimize your kernel build for the local CPU architecture/family of your system. For those wanting to "-march=native" your Linux kernel build on AMD/Intel x86_64 processors, the new CONFIG_X86_NATIVE_CPU option can be easily enabled for setting that compiler option on your local kernel builds.

The CONFIG_X86_NATIVE_CPU option is honored if compiling the Linux x86_64 kernel with GCC or LLVM Clang when using Clang 19 or newer due to a compiler bug with the Linux kernel on older compiler versions. In addition to setting the "-march=native" compiler option for the Linux kernel C code, enabling this new Kconfig build option also sets "-Ctarget-cpu=native" for the kernel's Rust code too. "It seems interesting though," comments unixbhaskar. "If the detailed benchmark shows some improvement with the option selected, then distros might start to adopt it for their flavor."

Earlier this month app developer Guilherme Rambo had a warning for iPhone users: If you try to send an audio message using the Messages app to someone who's also using the Messages app, and that message happens to include the name "Dave and Buster's", the message will never be received.

In case you're wondering, "Dave and Buster's" is the name of a sports bar and restaurant in the United States... [T]he recipient will only see the "dot dot dot" animation for several seconds, and it will then eventually disappear. They will never get the audio message.
"The issue was first spotted on the podcast Search Engine..." according to an article in Fortune: Rambo's explanation of the curiosity goes like this.

"When you send an audio message using the Messages app, the message includes a transcription of the audio. If you happen to pronounce the name 'Dave and Buster's' as someone would normally pronounce it, almost like it's a single word, the transcription engine on iOS will recognize the brand name and correctly write it as 'Dave & Buster's' (with an ampersand)," he begins. So far, so good." [But ampersands have special meaning in HTML/XHTML...] And, as MacRumors puts it: "The parsing error triggers Apple's BlastDoor Messages feature that protects users from malicious messages that might rely on problematic parsing, so ultimately, the audio message fails to send."
To solve the mystery, Rambo "plugged the recipient device into my Mac and captured the logs right after the device received the problematic message." Their final thoughts... Since BlastDoor was designed to thwart hacking attempts, which frequently rely on faulty data parsing, it immediately stops what it's doing and just fails. That's what causes the message to get stuck in the "dot dot dot" state, which eventually times out, and the message just disappears. On the surface, this does sound like it could be used to "hack" someone's iPhone via a bad audio message transcription, but in reality what this bug demonstrates is that Apple's BlastDoor mechanism is working as designed.

Many bad parsers would probably accept the incorrectly-formatted XHTML, but that sort of leniency when parsing data formats is often what ends up causing security issues. By being pedantic about the formatting, BlastDoor is protecting the recipient from an exploit that would abuse that type of issue.

Valve's SteamOS 3.7.8 update brings official support for AMD-powered handhelds like Lenovo's Legion Go and Asus' ROG Ally, along with a new "Steam OS Compatible" library tab and key bug fixes. Other features include a battery charge limit, updated graphics drivers, and a shift to Plasma 6.2.5. Polygon reports: Valve outlines two requirements for the third-party devices not explicitly named in the update to run SteamOS on the handheld: they must be AMD-powered and have an NVMe SSD. Specific instructions for installing the operating system have been updated and listed here.

Before this huge update, players had to use an alternative like Bazzite to achieve a similar SteamOS experience on their devices. The new update also piggybacks off of Valve expanding the Steam Deck Verified categorization system to "any device running SteamOS that's not a Steam Deck" in mid-May. To make matters sweeter, a SteamOS-powered version of the Lenovo Legion Go S is scheduled to release on May 25. You can learn more about SteamOS 3.7.8 here.

During this year's annual Pwn2Own contest, two researchers from Palo Alto Networks demonstrated an out-of-bounds write vulnerability in Mozilla Firefox, reports Cyber Security News, "earning $50,000 and 5 Master of Pwn points." And the next day another participant used an integer overflow to exploit Mozilla Firefox (renderer only).

But Mozilla's security blog reminds users that a sandbox escape would be required to break out from a tab to gain wider system access "due to Firefox's robust security architecture" — and that "neither participating group was able to escape our sandbox..." We have verbal confirmation that this is attributed to the recent architectural improvements to our Firefox sandbox which have neutered a wide range of such attacks. This continues to build confidence in Firefox's strong security posture.
Even though neither attack could escape their sandbox, "Out of abundance of caution, we just released new Firefox versions... all within the same day of the second exploit announcement." (Last year Mozilla responded to an exploitable security bug within 21 hours, they point out, even winning an award as the fastest to patch.)

The new updated versions are Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1 and Firefox for Android. "Despite the limited impact of these attacks, all users and administrators are advised to update Firefox as soon as possible...." To review and fix the reported exploits a diverse team of people from all across the world and in various roles (engineering, QA, release management, security and many more) rushed to work. We tested and released a new version of Firefox for all of our supported platforms, operating systems, and configurations with rapid speed....

Our work does not end here. We continue to use opportunities like this to improve our incident response. We will also continue to study the reports to identify new hardening features and security improvements to keep all of our Firefox users across the globe protected.

Last August a Microsoft security update broke dual-booting Windows 11 and Linux systems, remembers the blog Neowin. Distros like Debian, Ubuntu, Linux Mint, Zorin OS, and Puppy Linux were all affected, and "a couple of days later, Microsoft provided a slightly lengthy workaround that involved tweaking around with policies and the Registry in order to fix the problem."

The update "was meant to address a GRUB bootloader vulnerability that allowed malicious actors to bypass Secure Boot's safety mechanisms," notes the It's FOSS blog. "Luckily, there's now a proper fix for this, as Microsoft has quietly released a new patch on May 13, 2025, addressing the issue nine months after it was first reported... Meanwhile, many dual-boot users were left with borked setups, having to use workarounds or disable Secure Boot altogether."

Thursday was Rust's 10-year anniversary for its first stable release. "To say I'm surprised by its trajectory would be a vast understatement," writes Rust's original creator Graydon Hoare. "I can only thank, congratulate, and celebrate everyone involved... In my view, Rust is a story about a large community of stakeholders coming together to design, build, maintain, and expand shared technical infrastructure." It's a story with many actors:

- The population of developers the language serves who express their needs and constraints through discussion, debate, testing, and bug reports arising from their experience writing libraries and applications.

- The language designers and implementers who work to satisfy those needs and constraints while wrestling with the unexpected consequences of each decision.

- The authors, educators, speakers, translators, illustrators, and others who work to expand the set of people able to use the infrastructure and work on the infrastructure.

- The institutions investing in the project who provide the long-term funding and support necessary to sustain all this work over decades.

All these actors have a common interest in infrastructure.
Rather than just "systems programming", Hoare sees Rust as a tool for building infrastructure itself, "the robust and reliable necessities that enable us to get our work done" — a wide range that includes everything from embedded and IoT systems to multi-core systems. So the story of "Rust's initial implementation, its sustained investment, and its remarkable resonance and uptake all happened because the world needs robust and reliable infrastructure, and the infrastructure we had was not up to the task." Put simply: it failed too often, in spectacular and expensive ways. Crashes and downtime in the best cases, and security vulnerabilities in the worst. Efficient "infrastructure-building" languages existed but they were very hard to use, and nearly impossible to use safely, especially when writing concurrent code. This produced an infrastructure deficit many people felt, if not everyone could name, and it was growing worse by the year as we placed ever-greater demands on computers to work in ever more challenging environments...

We were stuck with the tools we had because building better tools like Rust was going to require an extraordinary investment of time, effort, and money. The bootstrap Rust compiler I initially wrote was just a few tens of thousands of lines of code; that was nearing the limits of what an unfunded solo hobby project can typically accomplish. Mozilla's decision to invest in Rust in 2009 immediately quadrupled the size of the team — it created a team in the first place — and then doubled it again, and again in subsequent years. Mozilla sustained this very unusual, very improbable investment in Rust from 2009-2020, as well as funding an entire browser engine written in Rust — Servo — from 2012 onwards, which served as a crucial testbed for Rust language features.
Rust and Servo had multiple contributors at Samsung, Hoare acknowledges, and Amazon, Facebook, Google, Microsoft, Huawei, and others "hired key developers and contributed hardware and management resources to its ongoing development." Rust itself "sits atop LLVM" (developed by researchers at UIUC and later funded by Apple, Qualcomm, Google, ARM, Huawei, and many other organizations), while Rust's safe memory model "derives directly from decades of research in academia, as well as academic-industrial projects like Cyclone, built by AT&T Bell Labs and Cornell."

And there were contributions from "interns, researchers, and professors at top academic research programming-language departments, including CMU, NEU, IU, MPI-SWS, and many others." JetBrains and the Rust-Analyzer OpenCollective essentially paid for two additional interactive-incremental reimplementations of the Rust frontend to provide language services to IDEs — critical tools for productive, day-to-day programming. Hundreds of companies and other institutions contributed time and money to evaluate Rust for production, write Rust programs, test them, file bugs related to them, and pay their staff to fix or improve any shortcomings they found. Last but very much not least: Rust has had thousands and thousands of volunteers donating years of their labor to the project. While it might seem tempting to think this is all "free", it's being paid for! Just less visibly than if it were part of a corporate budget.

All this investment, despite the long time horizon, paid off. We're all better for it.
He looks ahead with hope for a future with new contributors, "steady and diversified streams of support," and continued reliability and compatability (including "investment in ever-greater reliability technology, including the many emerging formal methods projects built on Rust.")

And he closes by saying Rust's "sustained, controlled, and frankly astonishing throughput of work" has "set a new standard for what good tools, good processes, and reliable infrastructure software should be like.

"Everyone involved should be proud of what they've built."

It's been a mobile-only game for decades. Then a little more than a week ago Infinity Nikkireleased its 1.5 update (which introduced multiplayer and customization options) and launched the game on Steam.

But it "didn't go over as planned," writes the worker-owned gaming site Aftermath, citing some very negative reactions on Reddit. (Some players say that in response the game's publisher is now even censoring the word "boycott" on its official forums and community spaces...) Infinity Nikki players were immediately incensed by a bevy of bugs and general game instability, and made even more angry by several baffling changes to both the story and its monetization structure... Players globally are vowing to stay off the game until Infold Games addresses their concerns, including at least one Infinity Nikki creator who is part of the game's partner program... [T]he Chinese Infinity Nikki community — as well as others — has been flooding Steam with negative reviews of the game... [T]he complaints are also impacting Infinity Nikki's review score on the Google Play Store... The company said it's working to fix the patch's performance issues, which have caused game-breaking bugs for some players....

[T]he Infinity Nikki team also gave players some free currency, but there's been problems there, too: Players say Infold had a bug in this distribution, which awarded players too much free currency. Instead of letting players keep that — it was Infold's mistake, after all — they deducted the currency, some of which players had already spent, putting them in the negative. But the community is looking for more from the studio; it wants an acknowledgement of the "dumpster fire" of a situation, as one Infinity Nikki player told Aftermath, but also wants some of the biggest problems reversed... Beyond the problematic monetization strategy, players Aftermath spoke with said they're also pissed off at a major change to the start of the game... Infold Games removed the game's original start with the update; the new intro drops players into Infinity Nikki with little context and a new, unexplained character who is supposed to be a guide as Nikki is dropped into intergalactic limbo.
While the spend-to-upgrade-your-character model has always been inherently predatory, as one player put it, the new update pushed the system "much too far for a lot of players," according to the article — "something made more egregious by the numerous bugs and strange gameplay changes." The article now describes some players as "upset that the trust they've given Infold Games thus far has been broken."

"Infold Games has not responded to a request for comment."

An anonymous reader quotes a report from Ars Technica: Broadcom has been sending cease-and-desist letters to owners of VMware perpetual licenses with expired support contracts, Ars Technica has confirmed. Following its November 2023 acquisition of VMware, Broadcom ended VMware perpetual license sales. Users with perpetual licenses can still use the software they bought, but they are unable to renew support services unless they had a pre-existing contract enabling them to do so. The controversial move aims to push VMware users to buy subscriptions to VMware products bundled such that associated costs have increased by 300 percent or, in some cases, more. Some customers have opted to continue using VMware unsupported, often as they research alternatives, such as VMware rivals or devirtualization.

Over the past weeks, some users running VMware unsupported have reported receiving cease-and-desist letters from Broadcom informing them that their contract with VMware and, thus, their right to receive support services, has expired. The letter [PDF], reviewed by Ars Technica and signed by Broadcom managing director Michael Brown, tells users that they are to stop using any maintenance releases/updates, minor releases, major releases/upgrades extensions, enhancements, patches, bug fixes, or security patches, save for zero-day security patches, issued since their support contract ended.

The letter tells users that the implementation of any such updates "past the Expiration Date must be immediately removed/deinstalled," adding: "Any such use of Support past the Expiration Date constitutes a material breach of the Agreement with VMware and an infringement of VMware's intellectual property rights, potentially resulting in claims for enhanced damages and attorneys' fees." [...] The cease-and-desist letters also tell recipients that they could be subject to auditing: "Failure to comply with [post-expiration reporting] requirements may result in a breach of the Agreement by Customer[,] and VMware may exercise its right to audit Customer as well as any other available contractual or legal remedy."

An anonymous reader quotes a report from Ars Technica: An update to Roku OS has resulted in colors looking washed out in HDR content viewed on Roku apps, like Disney+. Complaints started surfacing on Roku's community forum a week ago. On May 1, a company representative posted that Roku was "investigating the Disney Plus HDR content that was washed out after the recent update." However, based on user feedback, it seems that HDR on additional Roku apps, including Apple TV+ and Netflix, are also affected. Roku's representative has been asking users to share their experiences so that Roku can dig deeper into the problem. [...]

Roku hasn't provided a list of affected devices, but users have named multiple TCL TV models, at least one Hisense, and one Sharp TV as being impacted. We haven't seen any reports of Roku streaming sticks being affected. One forum user claimed that plugging a Roku streaming stick into a Roku TV circumvented the problem. Forum user Squinky said the washed-out colors were only on Disney+. However, other users have reported seeing the problem across other apps, including Max and Fandango. [...] Users have noted that common troubleshooting efforts, like restarting and factory resetting their TVs and checking for software updates, haven't fixed the problem.

The problems appear to stem from the Roku OS 14.5 update, which was issued at the end of April. According to the release notes, the update is available for all Roku TV models from 2014 on, except for models 65R648, 75R648, and 75U800GMR. Roku streaming sticks also received the update. Per Roku, the software update includes "various performance optimizations, bug fixes, and improvements to security, stability." Other additions include a "new personalized row of content within the Live TV Guide" and upgrades to Roku OS' daily trivia, voice control, and discovery capabilities. "I'm surprised more people aren't complaining because it makes a ton of shows simply unwatchable. Was looking forward to Andor, and Tuesday night [was] ruined," posted forum user noob99999, who said the problem was happening on "multiple apps," including Amazon Prime Video. "I hope the post about imminent app updates are correct because in the past, Roku has taken forever to correct issues."

With its Start menu-style application launcher and its bottom-of-the-screen taskbar, KDE Plasma is a "nice" and "traditional" desktop environment that's "also highly customizable," notes It's FOSS News.

But there's a change coming... In contrast to other desktop environments, KDE offers a long-term support release (LTS) of Plasma, where bug fixes and security updates are provided for an extended period, with no new major changes being introduced. However, that is no longer the case now. Shared by Nate Graham, a prominent contributor within the KDE community, KDE has decided to stop working on LTS releases of Plasma, shifting its focus on extending support for the bug-fix and feature releases instead.

The reasoning behind this move is multi-faceted, with factors such as inconsistent expectations from the community, developers' reluctance to work on older versions, and the lack of consistency in LTS support for Frameworks and Gear apps... I believe this move will provide Plasma users with a better Linux desktop experience, thanks to the extended bug-fix period, which will enhance the stability of each release.
From Graham's blog post: It's no secret that our Plasma LTS ("Long-Term Support") product isn't great. It really only means we backport bug-fixes for longer than usual — usually without even testing them, since no Plasma developers enjoy living on or testing old branches. And there's no corresponding LTS product for Frameworks or Gear apps, leaving a lot of holes in the LTS umbrella. Then there's the fact that "LTS" means different things to different people; many have an expansive definition of the term that gives them expectations of stability that are impossible to meet.

Our conclusion was that the fairly limited nature of the product isn't meeting anyone's expectations, so we decided to not continue it. Instead, we'll lengthen the effective support period of normal Plasma releases a bit by adding on an extra bug-fix release, taking us from five to six.

We also revisited the topic of reducing from three to two Plasma feature releases per year, with a much longer bug-fix release schedule. It would effectively make every Plasma version a sort of mini-LTS, and we'd also try to align them with the twice-yearly release schedules of Kubuntu and Fedora.

However, the concept of "Long-Term Support" doesn't go away just because we're not giving that label to any of our software releases anymore. Really, it was always a label applied by distros anyway — the distros doing the hard work of building an LTS final product out of myriad software components that were never themselves declared LTS by their own developers. It's a lot of work.

So we decided to strengthen our messaging that users of KDE software on LTS distros should be reporting issues to their distro, and not to KDE. An LTS software stack is complex and requires a lot of engineering effort to stabilize; the most appropriate people to triage issues on LTS distros are the engineers putting them together. This will free up time among KDE's bug triagers and developers to focus on current issues they can reproduce and fix, rather than wasting time on issues that can't be reproduced due to a hugely different software stack, or that were fixed months or years ago yet reported to us anyway due to many users' unfamiliarity with software release schedules and bug reporting.

Some patches for Linux 6.15-rc4 (updating the kernel driver for the Bcachefs file system) triggered some "straight-to-the-point wisdom" from Linus Torvalds about case-insensitive filesystems, reports Phoronix.

Bcachefs developer Kent Overstreet started the conversation, explaining how some buggy patches for their case-insensitive file and folder support were upstreamed into the Bcachefs kernel driver nearly two years ago: When I was discussing with the developer who did the implementation, I noted that fstests should already have tests. However, it seems I neglected to tell him to make sure the tests actually run... It is _not_ enough to simply rely on the automated tests. You have to have eyes on what your code is doing.
Overstreet added "There's a story behind the case insensitive directory fixes, and lessons to be learned." To which Torvalds replied.... "No."

"The only lesson to be learned is that filesystem people never learn."

Torvalds: Case-insensitive names are horribly wrong, and you shouldn't have done them at all. The problem wasn't the lack of testing, the problem was implementing it in the first place. The problem is then compounded by "trying to do it right", and in the process doing it horrible wrong indeed, because "right" doesn't exist, but trying to will make random bytes have very magical meaning.

And btw, the tests are all completely broken anyway. Last I saw, they didn't actually test for all the really interesting cases — the ones that cause security issues in user land. Security issues like "user space checked that the filename didn't match some security-sensitive pattern". And then the shit-for-brains filesystem ends up matching that pattern *anyway*, because the people who do case insensitivity *INVARIABLY* do things like ignore non-printing characters, so now "case insensitive" also means "insensitive to other things too"....

Dammit. Case sensitivity is a BUG. The fact that filesystem people *still* think it's a feature, I cannot understand. It's like they revere the old FAT filesystem _so_ much that they have to recreate it — badly.
And this led to a very lively back-and-forth discussion.

Slashdot's summary of the highlights:

Cursor AI users recently encountered an ironic AI failure when the platform's support bot falsely claimed a non-existent login restriction policy. Co-founder Michael Truell apologized for the issue, clarified that no such policy exists, and attributed the mishap to AI hallucination and a session management bug. The Register reports: Users of the Cursor editor, designed to generate and fix source code in response to user prompts, have sometimes been booted from the software when trying to use the app in multiple sessions on different machines. Some folks who inquired about the inability to maintain multiple logins for the subscription service across different machines received a reply from the company's support email indicating this was expected behavior. But the person on the other end of that email wasn't a person at all, but an AI support bot. And it evidently made that policy up.

In an effort to placate annoyed users this week, Michael Truell co-founder of Cursor creator Anysphere, published a note to Reddit to apologize for the snafu. "Hey! We have no such policy," he wrote. "You're of course free to use Cursor on multiple machines. Unfortunately, this is an incorrect response from a front-line AI support bot. We did roll out a change to improve the security of sessions, and we're investigating to see if it caused any problems with session invalidation." Truell added that Cursor provides an interface for viewing active sessions in its settings and apologized for the confusion.

In a post to the Hacker News discussion of the SNAFU, Truell again apologized and acknowledged that something had gone wrong. "We've already begun investigating, and some very early results: Any AI responses used for email support are now clearly labeled as such. We use AI-assisted responses as the first filter for email support." He said the developer who raised this issue had been refunded. The session logout issue, now fixed, appears to have been the result of a race condition that arises on slow connections and spawns unwanted sessions.

Wine 10.6 has been released, featuring a new lexer within its Command Processor (CMD), support for the PBKDF2 algorithm to its Bcrypt implementation, and improved metadata handling in WindowsCodecs. According to Phoronix, the update also includes 27 known bug fixes that address issues with Unity games, Alan Wake, GDI+, and various other games and applications.

You can see all the changes and download the relesae via WineHQ.org GitLab.