Brief items
Security
Covert web-to-app tracking via localhost on Android
The "Local Mess" GitHub repository is dedicated to the disclosure of an Android tracking exploit used by (at least) Meta and Yandex.
While there are subtle differences in the way Meta and Yandex bridge web and mobile contexts and identifiers, both of them essentially misuse the unvetted access to localhost sockets. The Android OS allows any installed app with the INTERNET permission to open a listening socket on the loopback interface (127.0.0.1). Browsers running on the same device also access this interface without user consent or platform mediation. This allows JavaScript embedded on web pages to communicate with native Android apps and share identifiers and browsing habits, bridging ephemeral web identifiers to long-lived mobile app IDs using standard Web APIs.
This backdoor, the use of which has evidently stopped since its disclosure, allow tracking of users across sites regardless of cookie policies or use of incognito browser modes.
Kernel development
Kernel release status
The current development kernel is 6.16-rc1, released on June 8. Linus said:
I think we had a fairly normal merge window, although I did get the feeling that there were a few more "late straggler" pull requests than usual. Not to a huge degree, but there was definitely an upward bump at the end of the second week.But on the whole, all the stats look pretty normal.
Stable updates: 6.15.2, 6.14.11, and 6.12.33 were released on June 10. Note that this is the end of the line for the 6.14.x updates; Greg Kroah-Hartman explained the timing of this move:
If you notice, this has happened a bit more "early" than previous end-of-life announcements. Normally, after -rc1 is out there is a TON of stable patches happening due to the changes that come into the merge-window that were marked for stable backports but didn't get into Linus's release before -final. As some people have objected to this large influx being added to a stable kernel that is just about to go end-of-life, let's try marking this end-of-life a bit earlier to see how it goes.
Quote of the week
The BUG_ON() thing was introduced in 2.5.0, and initially came from debug code in the block layer rewrite.— Linus TorvaldsAnd in that particular context, it actually made sense: this was new code that changed the block elevator, and if that code got it wrong, you were pretty much *guaranteed* disk corruption.
But then it became a pattern. And I think that pattern is basically never good.
I really think that the *ONLY* situation where BUG() is valid is when you absolutely *know* that corruption will happen, and you cannot continue.
Very much *not* some kind of "this is problematic, and who knows what corruption it might cause". But "I *know* I can't continue without major system because the hardware is broken sh*t".
In other words, don't use it. Ever. Unless you can explain exactly why without any handwaving.
Distributions
/e/OS 3.0 released
Version 3.0 of the privacy-centric, open-source mobile operating system has been released. Notable changes in this release include improved privacy tools, a "find my device" feature, and more. LWN looked at /e/OS in March.FreeBSD laptop support update
The FreeBSD Foundation has announced a report for work completed in April to improve FreeBSD support for laptops. This includes installer updates, improved suspend/resume behavior, as well as progress on a port of Linux 6.7 and 6.8 graphics drivers to drm-kmod. A roadmap for the FreeBSD laptop work is also available.
Ubuntu 25.10 to drop support for GNOME on Xorg
Jean Baptiste Lallement, a member of Canonical's desktop team, has announced that Ubuntu will drop support for GNOME on X11 in the 25.10 ("Questing Quokka") release set for October. GNOME plans to remove X11 support in GNOME 49, which is scheduled for September, so Ubuntu is looking to be proactive:
Ubuntu 25.10 is the last interim release before our next LTS (Ubuntu 26.04). By moving now, we give developers and users a full cycle to adapt before the next LTS, align with GNOME 49 and reduce fragmentation while simplifying our support matrix heading into the LTS.
Fedora decided in early May to drop X11 support for GNOME in Fedora 43, which is also due in October.
Development
Netdev 0x19 videos and slides are live
The Netdev 0x19 conference was held in Zagreb, Croatia from March 10 through March 13. The organizers announced today that the videos and slides for all sessions are now online. Topics from the conference include IRQ suspension, the future of SO_TIMESTAMPING, remote TCP connection offloading, and more.
Development quote of the week
— GlyphMost recently, at time of writing, there have been a spate of "the genAI discourse is bad" articles, almost exclusively written from the perspective of, not boosters exactly, but pragmatically minded (albeit concerned) genAI users, wishing for the skeptics to be more pointed and accurate in our critiques. This is anti-anti-genAI content. [...]
But if you're going to talk about how bad the genAI conversation is, without even mentioning huge categories of problem like "climate impact" or "disinformation" even once, I honestly don't know what conversation you're even talking about. This is peak "make up a guy to get mad at" behavior, which is especially confusing in this circumstance, because there's an absolutely huge crowd of actual people that you could already be mad at.
The people writing these pieces have historically seemed very thoughtful to me. Some of them I know personally. It is worrying to me that their critical thinking skills appear to have substantially degraded specifically after spending a bunch of time intensely using this technology which I believe has a scary risk of degrading one's critical thinking skills. Correlation is not causation or whatever, and sure, from a rhetorical perspective this is "post hoc ergo propter hoc" and maybe a little "ad hominem" for good measure, but correlation can still be concerning.
Miscellaneous
20 Years of the Open Invention Network
The Open Invention Network (OIN) is celebrating its 20th anniversary.
The central feature of the OIN community is a patent cross-license that covers core Open Source functionality and expands in parallel with the growth of Open Source technology. As growth in Open Source has accelerated, OIN has proactively expanded the scope of the OIN license's benefit by including more than 4,500 software components and platforms in its Linux System definition, which comprises the list of Open Source code and associated functionality in OIN's patent cross-license.
LWN's first look at OIN was this article by Pamela Jones in late 2005.
Page editor: Daroc Alden
Next page:
Announcements>>