cm0002

Amazon recently announced pretty heavy job cuts, and it seems they're pulling back on video game funding with New World: Aeternum no longer being supported. In the Amazon announcement they noted "an overall reduction in our corporate workforce of approximately 14,000 roles". Ouch.

Why? They don't actually say exactly why in the announcement, but of course it's AI-related:

Some may ask why we’re reducing roles when the company is performing well. Across our businesses, we're delivering great customer experiences every day, innovating at a rapid rate, and producing strong business results. What we need to remember is that the world is changing quickly. This generation of AI is the most transformative technology we’ve seen since the Internet, and it's enabling companies to innovate much faster than ever before (in existing market segments and altogether new ones). We’re convinced that we need to be organized more leanly, with fewer layers and more ownership, to move as quickly as possible for our customers and business.

While it hasn't been properly publicly announced yet, GOG Patrons is a new system launched by GOG to hopefully pull in more people to donate. This isn't the first time GOG have asked for people to donate, as back in June they added a donation form to the checkout page but this goes one step further.

The main point of the GOG Patrons program appears to be directly supporting their game preservations efforts as part of the official GOG Preservation Program. Not to paywall anything on the GOG store, just as an additional way to support GOG directly.

At the Linux Security Summit Europe (LSS EU), Scott Constable and Sebastian Österlund gave a talk on an enhancement to a control-flow integrity (CFI) protection that was added to the kernel several years ago. The "FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking" mechanism was merged for Linux 6.2 in early 2023 to harden the kernel against CFI attacks of various sorts, but needed some fixes and enhancements more recently. The talk looked at the CFI vulnerability problem, FineIBT, and an enhanced version that is hoped to be able to unify all of the disparate hardware and software mitigations to address both regular and speculative CFI vulnerabilities

If you’ve hopped between Linux distributions as much as I have, you know that each major family of distros introduces you to a different package manager. At first, it can feel a bit daunting (apt on Debian/Ubuntu, dnf on RHEL/Fedora, pacman on Arch, and zypper on openSUSE), but these tools all serve the same purpose of installing and updating software.

After using Linux for years (across everything from Debian to Arch-based systems), I’ve grown comfortable with all of them. Even niche distros like Slackware, Gentoo, and Void. In this post, I’ll break down the major package managers, how they differ, and what it’s like to use each one. We’ll also touch on the universal package formats (Snap and Flatpak) that aim to work across distributions, and lastly mention a few niche package management systems. Let’s dive in!

This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. The bugs can be triggered by an attacker controlling a local unprivileged process. Their security implications were confirmed via a proof of concept that achieves kernel read and write primitives.

The NVIDIA Open source driver

Back in 2022, NVIDIA started distributing the Linux Open GPU Kernel Modules. Since 2024, using these modules is officially "the right move" for both consumer and server hardware. The driver provides multiple kernel modules, the bugs being found in nvidia.ko and nvidia-uvm.ko. They expose ioctls on device files, most of them being accessible to unprivileged users. These ioctls are meant to be used by NVIDIA's proprietary userland binaries and libraries. However, using the header files provided in the kernel modules repository as a basis, it's possible to make direct ioctl calls.

Fedora 43 had been planning for an early final target release date of 21 October. Unfortunately, that's not going to happen as a "No-Go" was declared at the Fedora Linux 43 release meeting.

While years ago Fedora Linux was notorious for its release delays in order to address blocker bugs, more recently they have managed to be rather on-point for releases. In fact, recently they have begun hitting early release targets a week before their actual planned target release dates. But for Fedora 43, that early release target isn't happening.