SELinux and AppArmor are the two most popular mandatory access control (MAC) systems for Linux, limiting what actions installed applications can take. MAC serves as an important security layer, limiting the damage a rogue or malicious application can do.

Tumbleweed has traditionally relied on AppArmor for its MAC implementation, but the distro is now moving to SELinux, as is the downstream SUSE Linux Enterprise (SLE) and openSUSE Leap 16.

“Users installing openSUSE Tumbleweed via the ISO image will see SELinux in enforcing mode as default option in the installer,” wrote SELinux Security Engineer Cathy Hu in an email announcement. “If the user prefers to use AppArmor instead of SELinux, they are able to change the selection to AppArmor manually in the installer.”

The project’s blog said existing users will be able to continue using AppArmor, and new users can still select it during the installation process, but SELinux is expected to bring a greater level of security.

Tumbleweed has used AppArmor as its default LSM. This marks a shift in the default Mandatory Access Control (MAC) system for new installations as SELinux replaces AppArmor as the default choice. SELinux will be enabled in enforcing mode by default only for new installations. Existing installations will not be affected by the change and will retain the option to select AppArmor during installation if they prefer.

The switch to install SELinux by default is going through implementation and aligns with a decision to grow adoption of SELinux for both SUSE and openSUSE. It’s expected to increase security by confining more services by default. SELinux is known for its rich security features and widespread use in enterprise environments.

The move is expected to bring tighter access controls to Tumbleweed. Users may encounter bugs or issues, but openQA tests for Tumbleweed have played a key role in identifying and resolving potential problems in the early adoption phase.

SELinux is traditionally used by Red Hat and derivative distros, while AppArmor is used by Debian, Ubuntu, and their derivatives. AppArmor is generally seen as easier to use, but SELinux has more configuration options, greater flexibility, and a higher degree of security.

openSUSE distros already have an outstanding reputation for security, with the the developers implementing several hardening options few other distros use. The change to SELinux will only improve that security even more.

Microsoft has long maintained that Windows 11 would leave many PCs behind, thanks to its strict TPM 2.0 requirement. As a result, hundreds of millions of PCs are destined for the landfill, many of them fairly recent models with years of life left. The company appeared to soften its stance in mid-December, even providing instructions on how to install Windows 11 on unsupported machines, even if the company did not recommend doing so.

This PC doesn’t meet the minimum system requirements for running Windows 11 – these requirements help ensure a more reliable and higher quality experience. Installing Windows 11 on this PC is not recommended and may result in compatibility issues. If you proceed with installing Windows 11, your PC will no longer be supported and won’t be entitled to receive updates. Damages to your PC due to lack of compatibility aren’t covered under the manufacturer warranty. By selecting Accept, you are acknowledging that you read and understand this statement.

Despite receiving praise for its reversal, Microsoft appears to be doing yet another about-face, this time doubling down on its opposition to Windows 11 on unsupported hardware. First spotted by Neowin, the Microsoft support page no longer discusses installing Windows 11 outside of officially supported hardware.

To make matters even worse for users with older computers, Microsoft appears to be taking measures against third-party tools that are designed to help users install Windows 11 on their unsupported machines. Also spotted by Neowin, Microsoft is now flaggin the Flyby11 utility as malware, blocking it from running. Ironically, Flyby11 utilizes the same Registry tweak that Microsoft’s not deleted instructions initially provided.

Flyby11’s GitHub release notes makes clear that users can safely ignore the malware warning and proceed with the installation.

Important Notes: Microsoft does not officially support this method, but it still works as expected

The app is now flagged as PUA:Win32/Patcher by Microsoft Defender. You can safely ignore this if you wish to proceed with the upgrade. I will contact Microsoft to verify whether this is an official classification or a false positive

Microsoft’s change of heart is an unfortunate development for users with older—and some not so older—hardware, and will see million of PCs prematurely thrown out.

Windows 11 represents one of the biggest jumps in system requirements in Windows’ history. Because Microsoft requires PCs have a Trusted Platform Module (TPM) version 2.0. Unfortunately, many current PCs, including relatively recent ones, do not have TPM 2.0.

Until recently, Microsoft was holding fast to its decision to enforce the TPM 2.0 requirement, despite the fact that it would result in hundreds of millions of PCs ending up in the landfill.

In a recent support article, Microsoft is apparently reversing course, providing installation instructions to users with unsupported computers. Microsoft warns that installing Windows 11 on unsupported hardware could lead to problems, but provides instructions nonetheless.

Installing Windows 11 on a device that doesn’t meet Windows 11 minimum system requirements isn’t recommended. If Windows 11 is installed on ineligible hardware, you should be comfortable assuming the risk of running into compat

A device might malfunction due to these compatibility or other issues. Devices that don’t meet these system requirements aren’t guaranteed to receive updates, including but not limited to security updates.

Microsoft will even display a warning when a user proceeds with the install.

This PC doesn’t meet the minimum system requirements for running Windows 11 – these requirements help ensure a more reliable and higher quality experience. Installing Windows 11 on this PC is not recommended and may result in compatibility issues. If you proceed with installing Windows 11, your PC will no longer be supported and won’t be entitled to receive updates. Damages to your PC due to lack of compatibility aren’t covered under the manufacturer warranty. By selecting Accept, you are acknowledging that you read and understand this statement.

While there are definitely some limitations with installing Windows 11 on unsupported hardware, it’s still good news that Microsoft is relaxing its stance and allowing users to proceed. The reversal will hopefully save millions of PCs of prematurely ending up in landfills.

After multiple delays, Microsoft has begun rolling out Windows Recall to Windows Insiders. Unfortunately, the feature continues to be plagued with issues, including not performing its basic functionality of saving snapshots.

The Verge’s Tom Warren posted about the issue on Bluesky.

anyone else having issues with Recall? I can’t get it to save snapshots at all

Based on the responses to Warren’s post, it seems many users are still not overly enthused with the feature, with some pointing out the cybersecurity nightmare it poses.

Recall takes screenshots of everything the user does, making them searchable via natural language prompts. Unfortunately, the initial implementation had major security issues. While Microsoft has worked to address them, cybersecurity experts fear the tech could still pose a significant risk. If nothing else, the plethora of data stored by Recall will be a high-value target for bad actors.

Ultimately, if Microsoft is having trouble getting Recall’s basic functionality working, it doesn’t bode well for the feature’s future.

Broadcom purchased VMware in late 2023, and wasted no time dramatically increasing prices for existing customers. AT&T filed a lawsuit against Broadcom, alleging breach of contract after the company wanted to charge AT&T 1,050% more. There have been additional reports of other companies, some with tens of thousands of VMware virtual machines, migrating to competing products in response to Broadcom’s tactics.

According to The Register, Beeks Group is the latest to migrate away from VMware following a 10x price increase. Interestingly, Beeks was another company with tens of thousands of VMware VMs, to the tune of more than 20,000 in 20 datacenters.

Matthew Cretney, Beeks head of production, told the outlet that Beeks received a bill for 10x what it had traditionally paid VMware. At the same time, the company’s clients said that VMware was not longer critical to their operation, freeing Beeks to explore alternatives.

Ultimately, the fintech company settled on OpenNebula, an open-source solution that can use a number of hypervisors, although KVM is often the preferred choice. The migration was not without its challenges, as code that relied on VMware APIs had to be rewritten to target OpenNebula. Nonetheless, relying on an open-source solution ensures that Beek will never face this issue again.

As The Register points out, Beeks joins the likes of Geico, John Deere, Computershare, and Boyd Gaming in migrating away from VMware due to Broadcom’s tactics. While Broadcom is well known for squeezing every last penny of profit out of products, it’s tactics may end up destroying VMware’s value.

Microsoft has dropped some unwelcome news for system admins, with the company announcing it is deprecating the Windows Server Update Services (WSUS) feature.

Microsoft made the announcement as part of a list of features that have been removed or deprecated in the Windows Server 2025 preview.

Windows Server Update Services (WSUS) is no longer actively developed, all the existing capabilities and content continue to be available for your deployments.

The company’s Nir Froimovici said the move was made in an effort to simplify Windows management.

As part of our vision for simplified Windows management from the cloud, Microsoft has announced deprecation of Windows Server Update Services (WSUS). Specifically, this means that we are no longer investing in new capabilities, nor are we accepting new feature requests for WSUS. However, we are preserving current functionality and will continue to publish updates through the WSUS channel. We will also support any content already published through the WSUS channel.

Needless to say, the news is not sitting well with some admins. Eric Siron, a Microsoft MVP, acknowledged that WSUS has not received much love in recent years, but said deprecating it didn’t seem like the right solution.

Agreed that WSUS is a horrifically underdeveloped nightmare. But, this is not the answer. The answer is modernizing WSUS or replacing it. There’s nothing wrong with having better tools in Azure with an attached price tag. The problem comes from emptying the niche that WSUS occupies.

People need to stop thinking about this as, “I will approach this news on my systems with…” That’s not the problem. Of course, you will come up with a solution that works, and of course you will keep your systems patched. That’s not the point.

Siron points out the potential security implications of WSUS being deprecated, and the increased risk sensitive information will become vulnerable to hackers.

Realize right now that there is a 100% chance that one or more of these organizations has your personal information, credit card numbers, health records, all kinds of things. As soon as WSUS goes away, there’s a 100% chance that your data will wind up on a system that the organization didn’t want to pay to patch, somebody in subordinate.IT.company failed to properly beg someone in IT.company to patch, or OOPSIE somebody didn’t check the monthly patch result on. The risk is bad enough with WSUS. Again, look up Melissa and SQL Slammer. I forgot MSBlast, that one had a patch available before it was ever exploited, too, and still caused all kinds of drama. Anyway, the point is that it doesn’t have to be a system that you’re responsible for to become your problem.

The end of WSUS is a gift to attackers.

It’s clear that Microsoft wants to move people to Azure and its cloud services, but deprecating something like WSUS without providing a replacement solution may end up causing significant headaches down the road.

ActiveX has a long history of posing a security risk within Windows and Office. In its ongoing effort to improve the security of its products, Microsoft is disabling ActiveX controls by default, as described in the Microsoft 365 Message Center.

ActiveX will be disabled by default in Office 2024, affecting Word, Excel, PowerPoint, and Visio. This change occurs in October 2024 for Office 2024 and begins in April 2025 for Microsoft 365 apps. Users can re-enable ActiveX by adjusting Trust Center Settings, the registry, or group policy settings.

The company describes how the change will impact organizations.

Users will no longer be able to create or interact with ActiveX objects in Office documents when this change is implemented. Some existing ActiveX objects will still be visible as a static image, but it will not be possible to interact with them.

Microsoft outlines how to change the setting back, for those companies that need ActiveX controls.

In the Trust Center Settings dialog, under ActiveX Settings, select the Prompt me before enabling all controls with minimal restrictions* option.

In the registry, set HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Security\DisableAllActiveX to 0 (REG_DWORD).

Set the Disable All ActiveX group policy setting to 0.

CentOS was a popular community Linux distro based on Red Hat Enterprise Linux (RHEL), maintaining full compatibility with its parent distro. Eventually, Red Hat took over the project, killing the distro and ending support for the most recent CentOS 8 much sooner than anyone expected. The older, but more popular, CentOS 7 was slated to go end-of-life (EOL) on June 30, 2024.

Like many companies that relied on CentOS, LinkedIn had to decide on a migration path to move its various systems to a supported Linux distro. Given how much ill will Red Hat created within the Linux community, and among organization that relied on CentOS, it’s not surprising that LinkedIn looked for a non-Red Hat solution. Given that LinkedIn is owned by Microsoft, it’s even less surprising the company opted to go with Microsoft’s Azure Linux distro.

Nonetheless, as LinkedIn’s Ievgen Priadka, Sweekar Pinto, and Bubby Rayber point out in a blog post, moving to Azure Linux helped the company meet two critical goals:

The move to Azure Linux supported two critical goals: providing a modern, secure operating system to reliably serve over 1 billion LinkedIn members worldwide; and delivering innovative new AI-powered features to members faster. Beyond these goals, other critical factors in our decision were cost-effectiveness, customization, scalability, community support, and compliance.

The team then goes on to outline the lengthy process undertaken to ensure a smooth transition, including planning, pilot programs, infrastructure preparation, onboarding teams, data migration, and more. Almost immediately, LinkedIn began to notice improved deployment speed, as well as other benefits, from the move to Azure Linux.

Azure Linux offered our teams a sense of familiarity mixed with novelty. Our core team delivered a series of prototype hosts, which came with a pre-set operating system, to our pilot teams. These hosts helped the teams get accustomed to the new OS, experiment with it, and enjoy the experience of discovering a modern operating system.

The core team also extended personalized, in-depth assistance to help internal partner teams develop compatible software packages and set up operating system components according to the unique needs of different applications. To prepare engineers for the transition to Azure Linux OS, we shared insights from the pilot programs during technical talks, team meetings and casual office conversations.

The transition significantly improved our deployment speed and system reliability, directly enhancing our ability to innovate and respond to market demands. The seamless integration with familiar tools boosted productivity, while extensive support from Azure Linux support team helped us minimize downtime. As a result, we’ve strengthened trust and confidence in our engineering capabilities across our organization, which helps us make the case for future technological advancements and gives us a competitive edge in our operations.

The company touts the “community-driven innovation” along with its relationship with Microsoft as keys to pulling off a successful migration.

The migration of LinkedIn’s fleet to Azure Linux was a strategic decision that entailed numerous considerations and challenges. Its successful execution yielded substantial benefits ranging from cost savings to enhanced security and flexibility. We achieved both critical goals: provide a modern, secure operating system to reliably serve LinkedIn members worldwide; and deliver innovative new AI-powered features to members faster.

By embracing open-source solutions, LinkedIn, in partnership with Microsoft, harnessed the power of community-driven innovation and unlocked new levels of efficiency, agility, and competitiveness. Nevertheless, careful planning, comprehensive training and ongoing support were essential to making the transition smooth and maximizing the long-term value of the migration.

LinkedIn’s entire blog post is very detailed, well worth a read, and provides valuable insights other companies can benefit from when planning a similar OS migration.

Google Cloud has unveiled its latest innovations, aimed at helping companies unify database, analytics and AI.

Google Cloud is the third leading cloud provider, behind AWS and Microsoft Azure. The company is particularly viewed as a good option for machine learning development, and has strong support for open source software.

The company’s latest tools will go a long way toward improving its stand even further, with Dataplex, Datastream and Analytics Hub.

Dataplex is designed to “centrally manage, monitor and govern your data across data lakes, data warehouses and data marts, and make this data securely accessible to a variety of analytics and data science tools.”

Datastream, currently available in preview, helps “move and synchronize data between heterogeneous databases, storage and applications reliably to support real-time analytics, database replication and event-driven architectures with Datastream, our serverless change data capture (CDC) and replication service.”

Analytics Hub is designed to make it easy to “access and share valuable datasets and analytics assets (think BigQuery ML models, Looker Blocks, data quality recipes, etc.) across any organizational boundary.” Those interested will need to sign up for preview access.

The company’s latest tools should go a long way toward helping its customers make the most of their data, as well as AI applications.

Linux distros and desktop environments have been moving toward Wayland, X11’s more modern and secure replacement for years, with the last year seeing a marked acceleration. Fedora has long had a reputation of pushing new technologies forward, and already defaults to Wayland, so it’s no surprise that it would be among the first to stop installing X11 by default.

The change was proposed on the Fedora working group mailing list by Jens Petersen:

I was wondering if we should not stop installing gnome-session-xsession by default in F40 Workstation. I guess if we want to do that it should really happen before the Beta release.
Alternatively it could be done more formally as a Fedora Change for F41, and first in Rawhide.

After quite a bit of discussion, it was decided that Fedora 40’s release was too close to make such a big change, so it was pushed to Fedora 41, as Peterson confirmed two days ago:

Fedora Workstation WG discussed this today and we agreed we should do this for Fedora 41,
since it is really too late already for F40 and it should really be handled as a System Wide Change anyway.

Those whose workflows still depend on X11 will be able to install it from the repos.

Containers are packages containing all the apps, code, libraries and dependencies necessary to run. Containers can be easily moved from one host to another, without worrying about the underlying OS and environment. Containers can also be managed to prevent any one app or process from hogging a system’s resources, making them the ideal way to scale cloud, hosting and IT systems.

Bottlerocket is a new Linux distribution that AWS designed and optimized specifically to work with containers.

“Bottlerocket reflects much of what we have learned over the years,” writes Jeff Barr, Chief Evangelist for AWS. “It includes only the packages that are needed to make it a great container host, and integrates with existing container orchestrators. It supports Docker image and images that conform to the Open Container Initiative (OCI) image format.

“Instead of a package update system, Bottlerocket uses a simple, image-based model that allows for a rapid & complete rollback if necessary. This removes opportunities for conflicts and breakage, and makes it easier for you to apply fleet-wide updates with confidence using orchestrators such as EKS.

“In addition to the minimal package set, Bottlerocket uses a file system that is primarily read-only, and that is integrity-checked at boot time via dm-verity. SSH access is discouraged, and is available only as part of a separate admin container that you can enable on an as-needed basis and then use for troubleshooting purposes.”

AWS is launching a public preview of the OS and inviting others to try it.

Mark Sunday, CIO of Oracle, discussed the increasing need for enterprises to take a holistic, comprehensive, and automated approach towards information security in an interview with Michael Krigsman of CXOTALK:

Security is Increasingly a Big Part of the Discussion

It’s really been interesting to see the dramatic change in the awareness around security. Quite frankly, the threats have gotten much greater. Security is increasingly a big part of the discussion. If I look at the one area that my organization has increased year on year on year, it’s what we’re investing in security. We’re the norm in that. We’re not the exception. Then also the increased sophistication of the threats, the increased sophistication of the tooling, and so forth required, is putting more and more focus on this. It really becomes job one.

I think that boards have now become aware and that they are accountable to assure that the people, the processes, the technology, that all the steps that one needs to do in order to ensure the integrity, confidentially, privacy, and security, of not only a customer’s data, the company’s data, but in fact the employees data as well.

Security is Not Just the Role of the CIO

Security is getting its place at the table, whether it’s within the IT organizations, at the corporate level, or at the board level. Security has always been something that’s been out there, something that we’ve had to take into account, but more recently there have certainly been more high profile incidents that have highlighted just what the impact of security can have. But also it’s been highlighted that you need to have the focus that security is not just the role of the CIO, not just the role of the CISO, but it’s everyone’s responsibility.

It begins with making people aware of what they need to do, what the threats and the vulnerabilities are, and what their role is in defending against that. Security needs to be built into every line of code we write, every configuration we enable, every computer that we manage the configuration asset the patching level on and the updates on. It affects essentially most roles within the organization.

Every Enterprise Has the Security it Deserves

Just given the scale, size, complexity, and the opportunity for human error, you really need to take a holistic, comprehensive, and automated approach towards how you deal with configuration management, change management, and vulnerability management. All of these are key aspects. It’s very difficult if it’s done you know manually. You have to look at a comprehensive program that allows you to simplify, standardize, centralize, and automate all the aspects of how you deal with those things that you know could expose your company to security and privacy concerns.

Every Enterprise has the security it deserves. It begins at the very top. It truly begins with the board, CEO, the Executive Committee, to set the culture and to ensure that the people, process, technology, and the governance processes are in place to ensure the security of customers, companies, and employees information.

Related Articles:

Huge Volume of IoT Data Managed via AI Creates Real Value, Says Oracle VP

Oracle CEO: Applications Market Changes Significantly As It Moves to Cloud

Oracle CEO: Three Big Things in the Gen 2 Cloud… Security, Security, Security

The developers announced the OpenCore 1.0 release on GitHub, paving the way for users to install macOS Sonoma on Macs that would otherwise be left out in the cold.

With the release of OpenCore Legacy Patcher 1.0.0, we’re proud to announce macOS Sonoma support! And with it, 83 unsupported Mac models will be able to run Apple’s latest OS!

With it, we’ve finally made the jump to 1.0.0! Going forward, we’ll be following the semantic versioning system to help streamline releases.

With macOS Sonoma, we spent many months working tirelessly to get these old machines running. And because of the sheer number of different hardware we support and the challenges of working on a closed-source operating system, not all features are currently available.

Users interested in OpenCore can learn more here.

Cloudflare is one of the leading content delivery networks (CDN), used by companies in a range of industries. The company’s Richard Boulton said it originally built its platform on native Linux services, but outlined some of the challenges the company faced:

The structure of the code limits the ease of making changes. While some changes are easy to make, other things run into surprising limits due to the underlying platform. For example, it is not possible to perform I/O in many parts of the code which handle HTTP response processing, leading to complex workarounds to preload resources in case they are needed.

Deploying updates to the software is high risk, so is done slowly and with care. Massive improvements have been made in the past years to our processes here, but it’s not uncommon to have to wait a week to see changes reach production, and changes tend to be deployed in large batches, making it hard to isolate the effect of each change in a release.

Finally, the code has a modular structure, but once in production there is limited isolation and sandboxing, so tracing potential side effects is hard, and debugging often requires knowledge of the whole system, which takes years of experience to obtain.

Boulton says the company is taking a cautious approach to the rebuild, tackling those parts of its infrastructure that make the most sense to swap out:

Our systems are a lot more complicated than they were in 2013. The approach we’re taking is one of gradual change. We will not rebuild our systems as a new, standalone reimplementation. Instead, we will identify separable parts of our systems, where we can have a concrete benefit in the immediate future, and migrate these to new architectures. We’ll then learn from these experiences, feed them back into improving our platform and tooling, and identify further areas to work on.

Modularity of our code is of key importance; we are designing a system that we expect to be modified by many teams. To control this complexity, we need to introduce strong boundaries between code modules, allowing reasoning about the system to be done at a local level, rather than needing global knowledge.

The entire blog post is extremely detailed and a recommended read for anyone interested in better understanding the ins and outs of CDN infrastructure design.

According to Hacker News, six of the vulnerabilities are rated Critical and 32 are Important. The most important is CVE-2023-29336, which is being actively exploited in the wild, although just how much is still unknown:

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

All users should update immediately to protect their systems.

In a blog post outlining Microsoft’s Windows roadmap, the company says there will be no more major updates to Windows 10:

As documented on the Windows 10 Enterprise and Education and Windows 10 Home and Pro lifecycle pages, Windows 10 will reach end of support on October 14, 2025. The current version, 22H2, will be the final version of Windows 10, and all editions will remain in support with monthly security update releases through that date. Existing LTSC releases will continue to receive updates beyond that date based on their specific lifecycles.

For organizations that want to remain on Windows 10 as long as they can, the company recommends updating to the 22H2 release as soon as possible to continue to get the latest security and bug fixes.

• We highly encourage you to transition to Windows 11 now as there won’t be any additional Windows 10 feature updates.
• If you and/or your organization must remain on Windows 10 for now, please update to Windows 10, version 22H2 to continue receiving monthly security update releases through October 14, 2025. See how you can quickly do this via a servicing enablement package in How to get the Windows 10 2022 Update.

Wing Security analyzed more than 550 companies to gain insight into the state of SaaS application usage. A disturbing issue was the prevalence of “Shadow IT,” a term used for when employees use apps and services that are not provided or vetted by the company’s IT department.

According to the study, in large part as a result of Shadow IT, “in a staggering 84% of companies, employees were using an average of 3.5 SaaS applications that were breached in the past 3 months.”

Wing Security attributes this to the decentralized, easy access to SaaS apps:

This occurs because of the decentralized and ungoverned nature of SaaS applications. When an employee needs a quick fix to a problem or a tool to help them do their job, chances are they will “Google it” and find a SaaS application, often a free one or with a free version, to help them. These “quick fixes” often completely by-pass company procedures. It is important to keep in mind that as small and benign as an application may seem, it can still be connected (with high permissions) to one of the organization’s major SaaS applications such as Salesforce, Slack, Zoom and others.

Another major concern was the number of data permissions apps had, including apps that were not even in use. According to the company, some “76% of all permissions that were given to applications by the users were not in use for over 30 days.”

In many cases, the need for SaaS applications is in question, with a slight majority of such apps only being used by a single employee. According to Wing Security, “55% of SaaS applications are used by only one employee, raising questions about their necessity – and making it unlikely that they were known and protected by the security team.”

Another major concern is outside access. According to the company, “20% of SaaS users to be external to the organization. These are contractors, freelancers or agencies that your employees work with and have received access to your SaaS applications.”

SaaS use is on the rise, with many companies seeing it as a way to keep costs down while scaling to meet demand. Unfortunately, it appears the industry still has a long way to go before SaaS deployment matches the security of other options.

LinuxONE Bare Metal Servers are based on the s390x processor architecture. The company says that customers “can select from a set of pre-configured profiles with corresponding amounts of memory and storage to run workloads that are highly performant on the LinuxONE platform.”

IBM has been transforming itself into a hybrid cloud company, and the new LinuxONE servers fit perfectly into that model. The servers can be deployed on-site or off, giving customers the necessary flexibility to meet their needs.

Flexible consumption options are available in both an on-premises and off-premises environment. Companies choose to use LinuxONE for a variety of Linux-based workloads, such as database scalability or application modernization with Red Hat OpenShift Container Platform.

IBM also emphasizes the environmental benefits of using LinuxONE Bare Metal Servers.

LinuxONE is designed to help support green IT efforts. For example, consolidating Linux workloads on five IBM LinuxONE Emperor 4 systems instead of running them on compared x86 servers under similar conditions can reduce energy consumption by 75%, space by 50% and the CO2e footprint by over 850 metric tons annually.

Interested parties can get started via the IBM Bare Metal Servers provisioning page, or learn more via the documentation.

Nextcloud is the open source cloud platform that provides powerful alternatives to commercial products. EU governments, ever eager to reduce reliance on Big Tech, are increasingly looking to the platform as an option. In fact, the European Data Protection Supervisor recently migrated to Nextcloud:

Open Source Software offers data protection-friendly alternatives to commonly used large-scale cloud service providers that often imply the transfer of individuals’ personal data to non-EU countries. Solutions like this may therefore minimise reliance on monopoly providers and detrimental vendor lock-in. By negotiating a contract with an EU-based provider of cloud services, the EDPS is delivering on its commitments, as set out in its 2020-2024 Strategy, to support EUIs in leading by example to safeguard digital rights and process data responsibly.”

Wojciech Wiewiórowski, EDPS

The upcoming end of SharePoint Server support has created a situation where governments are eager to avoid vendor lock-in, making Nextcloud an even more appealing proposition.

As a result, Nextcloud has received a significant increase in interest from EU governments, with German state Schleswig-Holstein already making the switch from SharePoint to Nextcloud, and many others beginning to follow suit.

Nextcloud’s initiative to offer a digitally sovereign, open-source alternative to Microsoft Sharepoint is to be welcomed. That’s why we work together with Nextcloud to optimize Nextcloud Tables.

Ralf Sutorius, Leitender IT-Architekt, Stadt Köln

It’s a refreshing turn of events to see a powerful, open source alternative gain more widespread use.

According to Windows Latest, the problem has been going on for months, but seems to be impacting the most recent security and essential updates. It is impacting some optional updates as well.

KB5022303, the mandatory security update and essential for Windows 11 users, is failing with mysterious error messages, with 0x800f0831 being the most common error code. This bug is also hitting KB5022360, which is the latest optional update for Windows 11.

While failed updates are bad enough, cryptic error messages that do not provide any assistance make it that much more difficult to troubleshoot.

While Microsoft is aware of the situation, there has been no word yet on a possible fix.