https://archive.ph/jphZ9

[Bias alert - NYT usually favors Israel]

By Roger Cohen Nov. 26, 2025

[on-site, in-depth report from Lebanon, with many photos]

Abbas Fakhr al-Din, the soft-spoken mayor of Nabatieh, a city in southern Lebanon, sat beneath a portrait of Ahmad Kahil, a doctor and his predecessor. Dr. Kahil was killed in an Israeli strike on the municipal building on Oct. 16, 2024, that took the lives of 16 people in all. The rubble remains.

I asked Mr. al-Din if he was afraid. “No,” he said. “I have to be with my people through good times and bad.”

Nabatieh and the surrounding area continue to be hit by intermittent Israeli strikes, killing people and heightening the sense that the cease-fire is even less stable than Lebanon’s battered buildings. To the mayor’s eyes, American strategy is devoted solely to support of Israel.

https://archive.ph/nMoBU

SUSE engineer David Sterba submitted the Btrfs pull request for Linux 6.19 on Friday, ahead of the Linux 6.18 stable kernel release that took place on Sunday. This copy-on-write file-system continues seeing some enticing feature work and other improvements for this next version of the Linux kernel.

With the Linux 6.18 kernel Btrfs added experimental support for block sizes greater than the page size. That "BS > PS" work continues being built out in Linux 6.19. The code now supports more operations when not using large folios, like encoded read/write and Btrfs SEND support. Btrfs' native RAID5 / RAID6 support is also now able to handle the block size being greater than the page size.

Fedora stakeholders have been eyeing a nicer experience for NTSYNC usage with Wine and Steam Play by being able to have the NTSYNC kernel module load when it's likely to be used. That approval has now been granted by the Fedora Engineering and Steering Committee (FESCo) for the Fedora 44 release.

NTSYNC has been in the mainline Linux kernel for a while now and the latest Wine 10.xx development builds along with the upcoming Wine 11.0 stable build allow making use of that kernel code for a faster implementation of emulating the Microsoft Windows NT synchronization primitives. But the issue at hand is the NTSYNC kernel module driver isn't auto-loaded when needed and without any users currently outside the likes of Wine or Wine-based software like Steam Play (Proton), there's little use having it unconditionally loaded.

Following yesterday's Linux 6.18 kernel release, GNU Linux-libre 6.18-gnu is out today as the latest release of this free software purist kernel that will drop/block drivers from loading microcode/firmware considered non-free-software and other restrictions in the name of not pushing binary blobs even when needed for hardware support/functionality on otherwise open-source drivers.

With Linux 6.18 there are more upstream kernel drivers dependent upon binary-only firmware/microcode. Among the drivers called out this cycle are the open-source NVIDIA Nova-Core Rust driver as well as the modern Intel Xe driver. Nova-Core is exclusively designed around the NVIDIA GPU System Processor (GSP) usage and thus without its firmware the driver is inoperable. Similarly, with the newer Intel Xe driver depending upon the GuC micro-controller without its firmware the support is also rendered useless.

KDE Connect is a popular cross-platform app that allows you to send files across devices and more - with a security advisory being sent out due to a woops. Noted as CVE-2025-66270, that woops could allow an attacker to entirely skip proper authentication.

An overview of the issue:

Versions of KDE Connect released after March 2025 implement version 8 of the KDE Connect protocol. In this version, the discovery of other devices with KDE Connect on your network involves an additional packet exchange between the two devices. While the first packet is used to determine if a device is paired or not, this additional packet is used to identify the device that is connecting.

The vulnerable implementations of KDE Connect were not checking that the device ID in the first packet and the device ID in the second packet were the same. This could be abused by first sending a device ID of an unpaired device which doesn't require authentication, followed by sending the device ID of a paired device in order to impersonate it.

The vulnerable versions they list are:

KDE Connect desktop >= 25.04 and < 25.12
KDE Connect iOS >= v0.5.2 and < 0.5.4
KDE Connect Android >= v1.33.0 and < 1.34.4
GSConnect >= 59 and < 68
Valent >= v1.0.0.alpha.47 and < v1.0.0.alpha.49

The KDE developers are suggesting you stop using KDE Connect until your Linux distribution releases an update for it, or to manually patch it yourself if you're able to.

See more in the security advisory.

Almost a month after the previous 2.0.17 release, fwupd, an open-source tool designed to simplify firmware updates on Linux-based systems, has reached version 2.0.18.

The release introduces a new MOTD message that appears when a staged update requires a reboot, along with the automatic creation of a reboot-required file. Additionally, the new version also records the system state for each composite emulation and allows USI docking stations to update without requiring a manual replug.

On the bug fixes side, firmware operations now properly detect Intel SPI BIOS lock issues on MTD devices, and systems without SecureBoot support can use UpdateCapsule more reliably. Parsing of UEFI capsule result headers and USB BOS descriptors has been corrected, and firmware deployment on x86_64 systems now uses the appropriate capsule flags.