linux

679 Articles

How To Better Enjoy VR On Linux

May 6, 2026 by 18 Comments

Linux folks are used to having to roll many of their own solutions, and better Linux desktop usability is a goal of the WayVR project, which aims to provide desktop control and app launching from within a VR session.

VR applications can already stream from Linux to standalone headsets with projects like WiVRn (check out this WiVRn setup guide for a fuller understanding), but what WayVR does is let one launch programs and access desktop screens within VR. Put another way, instead of the headset being limited to acting as a pseudo-monitor that only receives the output of an already-running VR application, the headset and controllers can now be used to interact with one’s computer as if one were physically sitting at it. Controls and user interface are highly flexible and help users to do anything they need — including clicking, typing, and launching applications. It’s a considerable step forward for convenience and general usability.

Naturally, when it comes to using a computer from within VR there is plenty of unexplored territory regarding user interfaces. It’s fertile ground for experimentation in everything from DIY headsets to ways to input text without a keyboard, so if you enjoy working on the frontiers of such things, it’s a good scene to dive into.

This Week In Security: Annoyed Researchers, Dangling DNS, And Hacks That Could Have Been Worse

April 24, 2026 by 13 Comments

The author of the BlueHammer exploit, which was released earlier this month and addressed in the last Patch Tuesday, continues to be annoyed with the responses from the Microsoft security research and vulnerability response team, and has released another Windows zero-day attack against Windows Defender.

The RedSun exploit targets a logic and timing error in Windows Defender, convincing it to install the target file in the system, instead of quarantining the file and protecting the system. Not, generally, what you would hope would happen.

Since the RedSun attack requires local access in the first place, it seems unlikely Microsoft will release an out-of-sequence patch for it, however with public code available, we can probably expect to see malware leveraging it to establish higher permissions on an infected system.

Releasing exploits out of spite feels like a return to the late 1990s, and I almost don’t hate it.

University Domains Hijacked

Reported in Bleeping Computer, a group tracked as “Hazy Hawk” has been hijacking unmaintained DNS records of universities and government institutions to serve ad click spam.

The attack seems simple and doesn’t even require compromising the actual institution, using dangling DNS “CNAME” records. A “CNAME” entry in DNS acts essentially as an alias, pointing one domain name at another, which can be used to provide content from an official domain that is hosted on a cloud service where the IP address of the service might change.

A DNS “A” (or “AAAA” if you speak IPv6) record points a hostname – like “foo.example.com” – to an IP address – like “1.1.1.1”. A “CNAME” record points a hostname to another hostname, like “foo.some_cloud_host.com”. Scanning “high value” domains (like Ivy League universities) for “CNAME” records which point to expired domains (or domains on cloud hosted providers which no longer exist) lets anyone able to register that domain (or create an account with the proper naming scheme on the cloud host) to post any content they wish, and still appear to be the original name.

At least 30 educational institutions have been impacted, along with several government agencies including the CDC.

Continue reading “This Week In Security: Annoyed Researchers, Dangling DNS, And Hacks That Could Have Been Worse”

New Linux Kernel Rules Put The Onus On Humans For AI Tool Usage

April 14, 2026 by 17 Comments

It’s fair to say that the topic of so-called ‘AI coding assistants’ is somewhat controversial. With arguments against them ranging from code quality to copyright issues, there are many valid reasons to be at least hesitant about accepting their output in a project, especially one as massive as the Linux kernel. With a recent update to the Linux kernel documentation the use of these tools has now been formalized.

The upshot of the use of such Large Language Models (LLM) tools is that any commit that uses generated code has to be signed off by a human developer, and this human will ultimately bear responsibility for the code quality as well as any issues that the code may cause, including legal ones. The use of AI tools also has to be declared with the Assisted-by: tag in contributions so that their use can be tracked.

When it comes to other open source projects the approach varies, with NetBSD having banished anything tainted by ‘AI’, cURL shuttering its bug bounty program due to AI code slop, and Mesa’s developers demanding that you understand generated code which you submit, following a tragic slop-cident.

Meanwhile there are also rising concerns that these LLM-based tools may be killing open source through ‘vibe-coding’, along with legal concerns whether LLM-generated code respects the original license of the code that was ingested into the training model. Clearly we haven’t seen the end of these issues yet.

Hackaday Links Column Banner

Hackaday Links: April 12, 2026

April 12, 2026 by 4 Comments

At this point, we’ll assume you already know that four humans took a sightseeing trip around the Moon and made their triumphant return to Earth on Friday. Even if you somehow avoided hearing about it through mainstream channels, we kept a running account of the mission’s highlights stuck to the front page of the site for the ten days that the crew was in space.

On the assumption that you might be a bit burned out with space news at this point, we won’t bring up it up in this post… other than to point out that excitement for the lunar flyby has driven the number of simultaneous players of Kerbal Space Program to its highest count ever — nearly 20,000 armchair astronauts spent this weekend trying to cobble together their own rocket in honor of the Artemis II mission.

With so many folks focused on the Moon it would be the perfect time for a company to sneak out some bad news, which is perhaps why Amazon picked this week to announce they would be dropping support for Kindles released before 2012. Presumably there aren’t too many first and second generation Kindles still out there in the wild, but the 2012 cutoff does mean the first iteration of the Paperwhite will be one of the devices being put out to pasture come May 20th.

Continue reading “Hackaday Links: April 12, 2026”

A hex dump of the first iteration of the small ELF file

How Small Can A Linux Executable Be?

March 31, 2026 by 39 Comments

With ever increasing sizes of various programs (video games being notorious for this), the question of size optimization comes up more and more often. [Nathan Otterness] shows us how it’s done by minifying a Linux “Hello, World!” program to the extreme.

A naive attempt at a minimal hello world in C might land you somewhere about 12-15Kb, but [Nathan] can do much better. He starts by writing everything in assembly, using Linux system calls. This initial version without optimization is 383 bytes. The first major thing to go is the section headers; they are not needed to actually run the program. Now he’s down to 173 bytes. And this is without any shenanigans!

A hexdump of the final ELF file, significantly smaller than the original
The final tiny ELF file

The first shenanigans are extreme code size optimizations: by selecting instructions carefully (and in a way a C compiler never would), he shaves another 16 bytes off. But the real shenanigans begin when he starts looking for spaces in the ELF header that he can clobber while the program is still accepted by Linux: now he can move his already tiny x86_64 code into these “vacant” spaces in the ELF and program headers for a final tiny ELF file weighing in at just 120 bytes.

P.S.: We know it is possible to make this smaller, but leave this as an exercise to the viewer.

Linux Fu: UPNP A Port Mapping Odyssey

March 23, 2026 by 7 Comments

If you’ve ever run a game server or used BitTorrent, you probably know that life is easier if your router supports UPnP (Universal Plug and Play). This is a fairly old tech — created by a standards group in 1999 — that allows a program to open an incoming port into your home network. Of course, most routers let you do this manually, but outside of the Hackaday universe, most people don’t know how to log into their routers, much less how to configure an open UDP port.

I recently found myself using a temporary setup where I could not access the router directly, but I needed some open ports. That got me thinking: if a program can open a port using UPnP, why can’t I? Turns out, of course, you can. Maybe.

Caveats

The first thing, of course, is that you need your firewall open, but that’s true no matter how you open up the router. If the firewall is in the router, then you are at the mercy of the router firmware to realize that if UPnP opens something up, it needs to open the firewall, too.

Continue reading “Linux Fu: UPNP A Port Mapping Odyssey”

Remotely Unlocking An Encrypted Hard Disk

March 6, 2026 by 23 Comments

Can you remotely unlock an encrypted hard disk? [Jyn] needed to unlock their home server after it rebooted even if they weren’t home. Normally, they used Tailscale to remote in, but you can’t use tailscale to connect to the machine before the hard drive decrypts, right? Well, you can, sort of, and [Jyn] explains how.

The entertaining post points out something you probably knew, but never thought much about. When your Linux box boots, it starts a very tiny compressed Linux in RAM. On [Jyn’s] machine using Arch, this is the initramfs.

That’s not news, but because it is an actual limited Linux system (including systemd), you can add tools to it. In this case, adding dropbear (an ssh server) and Tailscale to the limited boot-time Linux.

Continue reading “Remotely Unlocking An Encrypted Hard Disk”