BSD, GNU/Linux Distributions and Operating Systems

posted by Roy Schestowitz on Jun 18, 2026

• BSD

  • Unicorn Media ☛ FreeBSD Launches AI-Assisted Project to Find and Fix Vulnerabilities

    With fresh funding from the 'Linux' Foundation’s Alpha Omega initiative, FreeBSD is turning to Hey Hi (AI) tools and paid security staff to hunt vulnerabilities across its codebase.

  • The Argus Blog ☛ A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack

    OpenBSD's sppp_pap_input function used attacker-controlled length fields as the bcmp comparison length for credential validation. Sending zero-length name and password fields caused bcmp to return 0 unconditionally, bypassing PAP authentication entirely. The vulnerability was introduced in 1999 and survived for 27 years before being fixed.

    OpenBSD's sppp(4) subsystem handles synchronous PPP links, the backbone of PPPoE connectivity. When a peer connects, the PPP handshake can require PAP (Password Authentication Protocol) credentials before the link reaches STATE_OPENED. The check that decides whether to accept or reject those credentials has been broken since it was first imported into the OpenBSD source tree in July 1999.

    This is a story about a one-line bug that lived for 27 years.

• Arch Family

  • To Make Things Easier, CachyOS Opted for a New GUI Package Manager

    There are a couple of graphical package managers for Arch-based distros, but CachyOS opted for a new one in C#.

  • OSTechNix ☛ Things to Do After Installing Arch Linux: Complete Guide (2026)

    If you chose the minimal installation type when installing Arch Linux, there is no desktop, no sound server, and no AUR access. You are left at a login prompt.

    Since this is a minimal base system, you need to complete some essential post-installation steps to transform it from a bare TTY into a fully functional workstation.

    The following are the essential first steps for a minimal Arch Linux system: [...]

• Canonical/Ubuntu Family

  • Ubuntu ☛ Validating real-world skills through Canonical Academy

    Self-paced or instructor-led courses offer certificates of participation that acknowledge time spent rather than competence demonstrated. Meanwhile, traditional professional certifications often rely on dense, theoretical, multiple-choice formats. These are expensive, time-consuming, and they leave both the candidate and the employer unsure if real-world capability was actually proven. Even respected hands-on exams can suffer from diminishing industry relevance if their subject matter fails to update alongside modern, remote-first workflows.

  • Ubuntu ☛ Virtualized Android comes to Anbox Cloud

    “With virtualized Android in Anbox Cloud, developers can now run complete Android system images on cloud and bare-metal infrastructure such as Google Cloud C4A-metal.”  says Cedric Gegout, Canonical VP of Products. “This gives engineering teams a new way to industrialize Android: consistent environments, repeatable pipelines, higher density, and infrastructure that can be managed like any other cloud-native workload.”