Welcome to mintCast

the Podcast by the Linux Mint Community for All Users of Linux

This is Episode 474!

Recorded on Sunday, December 7, 2025

in need of a nap, im Joe; … Moss; On time for once, I’m Bill. mic’d up, I’m Majid; … Eric; …Do they know it’s Xmas, I’m Charles; allergic to adverts, I’m Jim

— Play Standard Intro —

• First up in the news: Mint Monthly News – November, and a variety of other items
• In security and privacy: Cloudfare goes down and Charles finds out that Shai-Hulud returns from Arrakis

• And finally, the feedback and a couple of suggestions
• Please remember if you want to follow along with our discussions, the full show notes for this episode are linked in the show’s description at mintcast.org/show-notes

— Play News Transition Bumper —

The News

20 minutes

• Mint Monthly News – November 2025
  • From the Mint blog by Clem (via londoner)
  • Cinnamon Menu
  • The new Cinnamon menu received symbolic category icons.
  • This was made possible thanks to the new XApp Symbolic Icons (XSI) initiative.
  • Linux Mint 22.3 ‘Zena’
  • The codename for Linux Mint 22.3 is Zena.
  • We covered some of the new features included in 22.3 on this blog:
    • System information tool
    • System admin tool
    • New Cinnamon menu
    • Wayland-compatible keyboard/IM handling
    • Improved on-screen keyboard
  • There are many more… the ability to pause file operations in Nemo, or snapshots in Timeshift, text messaging in Warpinator, Always-on night light, template management, per-app panel notification indicators… etc.
  • We’re very close to a release now. Most of the projects have been tagged and packaged in 22.3’s repositories.
  • We’re preparing a BETA release for the first half of this month.
    
• Mozilla Unveils Plans for New ‘AI Window’ Browsing Mode in Firefox, Opens Signups – Majid
• KDE Plasma 6.8 Desktop Environment to Drop the X11 Session and Go Wayland-Only – Majid
• Windows 11 Growth Slows As Millions Stick With Windows 10 – Majid
• FreeBSD 15 trims legacy fat and revamps how OS is built

• Ownership of Digital Content Is an Illusion Unless You Self‑Host -?Jim
• The Last Video Rental Store Is Your Public Library – ?Jim
• Jellyfin does hardware transcoding for free, and Plex wants $250 to match it
• Mad Men’s 4K debut botched by HBO Max streaming episode with visible crewmembers – ?Jim
• Netflix Buys Warner Bros. including HBO & HBO Max for $83 Billion
• Cloudflare blames Friday outage on borked React2shell fix Charles
• Emulating PC games on Android is easier than ever, and you can thank Valve – Joe

• Steam’s maker, Valve, has been playing a huge role in Windows emulation on Android.
• Valve has funded projects such as Fex emulator and Proton, which allow Windows games to run on Android more easily.
• Fex and Proton also form the basis for GameHub, a popular Windows emulator for Android.

— Play Security Transition Bumper —

Security and Privacy

10 minutes

• Shai-Hulud worm returns, belches secrets to 25K GitHub repos – Charles

Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days.

NPM-short for Node Package Manager, is a package manager for the JavaScript programming language, primarily used with Node.js.

Summary:

– A self-propagating malware targeting npm, called “Shai-Hulud,” is active again, affecting over 25,000 developer accounts within three days.

– This campaign compromised packages from major sources like Zapier and Postman, allowing unauthorized access to AWS, Azure, and GitHub credentials.

– The malware installs via tampered npm packages and executes code to harvest credentials during installation.

– First detected in September, the new attacks began on November 21, resurfacing with minor adjustments to spread during the pre-install phase, increasing risk exposure.

– GitHub is working to delete compromised repositories, but the spreading rate poses cleanup challenges.

– Organizations are advised to clear npm caches, rotate credentials, and investigate for any signs of compromise.

-This recurrence pushes from ongoing problems with vulnerable npm packages and is prompting enhanced security measures from both GitHub and npm.

• Twins who hacked State Dept hired to work for gov again, now charged with deleting databases (And then they asked an AI to help cover their tracks)

Two brothers, Muneeb and Sohaib Akhter, were indicted for conspiring to delete nearly 100 US government databases after being fired from their jobs as federal contractors at Opexus.

The brothers allegedly planned the database deletion during their termination call and utilized AI to help cover their tracks and find necessary commands.

Muneeb, still connected to the network, deleted 96 government databases, including those related to Homeland Security and FOIA requests, within minutes of being fired.

Sohaib attempted to re-enter the network but was blocked due to deactivated access credentials.

The brothers have a prior history of hacking, pleading guilty in 2015 to offenses involving the US State Department and a cosmetics company, resulting in prison sentences.

Sohaib allegedly stated in an email that he was fired after his past crimes were discovered, highlighting concerns about Opexus hiring “uncleared personnel” with access to sensitive data.

Opexus stated they are cooperating with authorities and have taken steps to improve security following the incident.

Muneeb faces a potential maximum sentence of 45 years plus mandatory minimums for aggravated identity theft, while Sohaib faces a maximum of six years.

Both brothers remain in custody awaiting detention hearings.

The deleted databases contained sensitive information, including investigative files and records related to Freedom of Information Act matters.

— Play Vibrations Transition Bumper —

Vibrations from the Ether

20 minutes (~5 minutes each)

• Hank
  • Thanks again for an always interesting ‘cast.
  • The comments about swapping the boot drive to another PC reminded me of something do to facilitate swapping media. It’s irksome to have the IP address assigned according to the MAC address on the network device. This was particularly irksome when I swap Raspberry Pis and SD cards for different projects. I now spoof the MAC using a systemd link file to provide a MAC address that stays with the installation regardless of what host the storage is swapped to. I use the following templates for Ethernet and WiFi link files because matching the driver requires less effort than matching the H/W MAC address:
  • Ethernet:
  • [Match]
  • Driver=macb bcmgenet r8152 r8169 e1000e
  • [Link]
  • MACAddress=
  • WiFi:
  • [Match]
  • Driver=rtl8xxxu brcmfmac rtl8192cu mt7601u
  • [Link]
  • MACAddress=
  • WRT disk space, for Debian and derivative hosts try ‘sudo apt clean’ to clean out the package cache. I ran into this when a Lite RpiOS install filled up an 8GB SD card. This command brought disk usage down below 50%. I’d be surprised if it would make that much difference on a 128GB install, but it’s easy to try. Otherwise judicious use of the ‘du’ CLI command should help to identify the culprit. If it could talk, it would tell me to clean up my ~/Downloads directory. 😀
  • best,
  • And I forgot to include the Systemd Link file description: https://www.freedesktop.org/software/systemd/man/latest/systemd.link.html

— Play Check This Transition Bumper —

Check This Out

10 minutes

• Clone like a boss – Veronica Explains

Housekeeping & Announcements

• Thank you for listening to this episode of mintCast!
• If you see something that you think we should be talking about, tell us!

Send us email at [email protected]

Join us live on Youtube

Post at the mintCast subreddit

Chat with us on Discord and Telegram

Or post directly at https://mintcast.org

• Next Episode – 2 pm US Central time on Sunday, December 21, 2025.
• Get mintCast converted to your time zone
• Next Saturday we will host a Roundtable Live Stream. Please come and join us using the Discord voice channel at 2 pm US Central time on Saturday, December 13, 2025.
• Get the Roundtable Live Stream converted to your time zone
• Livestream information is at mintcast.org/livestream

Wrap-up

• Joe – Tllts.org,  linuxlugcast.com, [email protected], Buy Joe a coffee
• Moss – Full Circle Weekly News, [email protected], Mastodon @[email protected], occasionally on HPR
• Bill – [email protected], Bill_H on Discord, @[email protected] on Mastodon, also checkout the other podcast I am on, Linux OTC (with Eric & Majid).
• Majid – [email protected] @[email protected], Atypical.doctor on Instagram and Threads and The Atypical Doctor Podcast and also Linux OTC.
• Eric – I can be reached by email at [email protected].
• Charles – [email protected], Mr PDX on Discord
• Jim– [email protected], GNU2Linux on Discord, The Linux Shortcut on YouTube

Before we leave, we want to make sure to acknowledge some of the people who make mintCast possible:

• Bill for our audio editing and for hosting the server which runs our website, website maintenance, and the NextCloud server on which we host our show notes and raw audio
• Archive.org for hosting our audio files
• Hobstar for our logo, initrd for the animated Discord logo
• Londoner for our time syncs and various other contributions
• The Linux Mint development team for the fine distro we love to talk about <Thanks, Clem … and co!>

— Play Closing Music and Standard Outro —