Hello TUXEDO Fans and Open-Source Enthusiasts!
TUXEDO OS is getting a new foundation: In the future, we will use Debian Testing instead of Ubuntu LTS as the base. With this change, we are creating the foundation for more flexible development, reducing maintenance efforts, and gaining more freedom in package management. In addition, system snapshots with Btrfs and Snapper will become part of TUXEDO OS.
To mark KDE’s 30th anniversary, the Adopt an App initiative is making a comeback. The program allows supporting members to specifically support their favorite applications and help advance the development of Free Software. Donations benefit KDE e. V. and help fund infrastructure, events, and the long-term development of numerous KDE projects.
Of course, this edition also includes the latest updates for TUXEDO OS. In addition, we introduce our App of the Week, Keysmith – a practical authenticator for two-factor logins. We also take a look at CLIAMP, a modern open-source music player that makes it easy to enjoy your music directly from the terminal.
Enjoy reading,
The TUXEDO OS Team
Note: With the TWIX series, we keep you up to date with the latest developments around TUXEDO OS. We also introduce interesting applications and share practical tips and tricks for the KDE desktop and TUXEDO OS. At the same time, TWIX thrives on your feedback. We always welcome your suggestions, topic ideas, and proposals for improvement. Feel free to join the discussion in our TWIX thread on Reddit , where you can reach us directly. Of course, you are also welcome to contact us via any of our other social media channels.
Latest TUXEDO OS News
A New Foundation for TUXEDO OS
TUXEDO OS is getting a new foundation: We are moving away from Ubuntu and adopting Debian Testing as the base of our distribution. This gives us a more flexible platform for our hybrid release model, simplifies the delivery of up-to-date software, and increases our independence from decisions surrounding Ubuntu, Snap, and future technical developments.
For users, the overall experience will remain largely unchanged. New features include Btrfs with Snapper for automatic system snapshots and rollback capabilities. A public beta phase will precede the final release, while the transition will require a fresh installation. You can find all background information and technical details in our detailed blog post .
Updates in TUXEDO OS
tuxedo-drivers 4.22.3
Fixed Fedora 44 test compatibility.
Updated SPC integration and resolved multiple issues with generated files.
Switched CI to the new tag-based workflow.
Fixed DKMS post-installation errors in Debian chroot environments.
Release Notes tuxedo-drivers 4.22.3
tuxedo-yt6801 1.0.31–8
Fixed package tests for Fedora 44.
Resolved RPM upgrade issues.
Removed leftover files from previous post_remove and post_upgrade scripts.
Simplified installation by removing obsolete file-linking logic.
Blacklisted the upstream driver to prevent conflicts.
Updated SPC integration and CI configuration format.
Release Notes tuxedo-yt6801 1.0.31–8
tuxedo-calamares-configuration 4.4.2
Updated oem-config-prepare scripts (4.4.1).
Backported Snap-related changes for Ubuntu Noble (4.4.2).
fai 2.5.4
Moved TUXEDO Control Center installation to Calamares on Ubuntu Noble.
Firefox 152.0.5
Chromium 150.0.7871.114
KDE App of the Week: Keysmith Generates 2FA Codes Locally
Anyone who needs a two-factor authentication code for a quick login often reaches for their smartphone. With Keysmith, KDE offers a native alternative for both Plasma Desktop and Plasma Mobile. The lightweight application generates one-time passwords directly on your device and integrates seamlessly into existing 2FA workflows.
HOTP and TOTP, Local and Straightforward
Keysmith supports the two widely used standards HOTP and TOTP for hash-based and time-based one-time passwords. New accounts can be added in just a few steps, after which the application manages all entries in a clear, easy-to-navigate list. The current authentication code can be copied to the clipboard with a single click.
Technically, Keysmith is built with KDE’s Kirigami framework using C++ and QML. This provides a consistent user experience across desktop systems and mobile devices. Since its initial release in 2019, the application has been actively developed and now follows KDE’s regular release cycle.
When adding a new account, Keysmith lets you choose between time-based TOTP and hash-based HOTP one-time passwords for two-factor authentication.
A useful addition in the latest release is support for QR code scanning. New accounts can now be set up directly with the camera, eliminating the need to manually enter long authentication keys. This is particularly convenient on Plasma Mobile. During our testing, camera access worked reliably on TUXEDO OS.
Deliberately Minimalist and Fully Local
Keysmith follows a deliberately minimalist approach by focusing exclusively on securely generating 2FA codes without adding cloud-based features. Unlike solutions such as Google Authenticator, which offer synchronization across multiple devices, Keysmith stores all authentication data exclusively on the local system.
This approach benefits users who prefer not to entrust their authentication data to a cloud service. At the same time, the lack of online synchronization means that backups of stored secrets must be managed manually. If you are part of the KDE ecosystem and prefer an open source offline solution, Keysmith is well worth a look.
Keysmith is licensed under GPL-3.0-or-later and can be installed on TUXEDO OS either as a native package through Discover or alternatively as a Flatpak.
Info: Are you interested in Plasma development and want to know what new features are planned and which programs have been recently updated? You can find a detailed overview in the weekly column This week in Plasma by KDE developer Nate Graham.
TUXEDO OS Tips & Tricks: Music in the Terminal with CLIAMP
Anyone who spends a lot of time in the terminal should take a look at CLIAMP. The open-source music player comes with a modern text-based interface and visually resembles classic music players such as Winamp, while running entirely inside the terminal. In addition to local MP3, FLAC, or Ogg files, CLIAMP supports numerous streaming services such as Navidrome, Jellyfin, Plex, Spotify, Qobuz, and YouTube Music. Podcasts and more than 30,000 internet radio stations can also be played directly from the console.
Despite its terminal-based interface, you do not have to sacrifice convenience. CLIAMP offers a 10-band equalizer, various visualizations, song lyrics, gapless playback, and MPRIS support. This allows the player to be controlled using multimedia keys on the keyboard or tools such as playerctl . If you use multiple computers, you can even control a running player remotely from a second terminal.
Installation on TUXEDO OS
CLIAMP is currently not available in the TUXEDO OS repositories or in most other Linux distributions. Arch Linux users can conveniently install the program via the AUR. On TUXEDO OS, you can either download the installation script from the project website or the precompiled binary from the GitHub releases and copy it, for example, to ~/.local/bin . The player is then immediately available.
With cliamp setup , you can configure the desired music sources afterwards. The assistant supports, among others, Navidrome, Plex, Jellyfin, Emby, Spotify Premium, Qobuz, NetEase Cloud Music, and YouTube Music. It guides you through the login process, checks the connection, and automatically adds the required settings to the configuration under ~/.config/cliamp without overwriting existing options.
The integrated setup assistant connects CLIAMP with numerous music services and automatically saves the required settings in the local configuration.
Music from almost any source
After the first launch, CLIAMP initially displays the integrated radio sources. In addition to Lofi, Synthwave, and EDM, the radio function also lets you choose from more than 30,000 internet radio stations. Use the Tab key to switch between the sections, open the radio source, and start the search with Shift +7 (that is, /). This allows you to quickly find public broadcasters and private stations from Germany or abroad.
CLIAMP provides access to more than 30,000 internet radio stations. The integrated search quickly finds stations from Germany and many other countries.
CLIAMP becomes even more interesting when combined with your own music or media server such as Navidrome or Jellyfin . If you have configured Navidrome, for example, switch directly to your library with Shift +N . There you can browse your artists, albums, or tracks without leaving the terminal. For Spotify, a dedicated view is available with Shift +S . Local music folders, podcasts, or individual HTTP streams can also be played in the same way.
With a connection to Navidrome, you can access your personal music collection, artists, albums, and playlists directly from the terminal.
Keyboard shortcuts make operation easier
CLIAMP can be operated almost entirely using the keyboard. Press Ctrl +K from the main view to open an overview of all keyboard shortcuts. The Y key displays synchronized lyrics, Ctrl +V switches between different visualizations, and E cycles through equalizer presets such as Rock, Jazz, or Bass Boost. If you frequently listen to audiobooks or podcasts, the square brackets adjust the playback speed. After a short learning period, operating the player becomes surprisingly quick and intuitive.
CLIAMP also offers more than you might initially expect from a terminal application when it comes to managing your own music collection. Playlists can be imported and exported in M3U, M3U8, or PLS format, recently played tracks are logged automatically, and if desired, Ctrl +S saves the currently playing song directly to the music folder. Users who want to extend the player can also develop their own Lua plugins or use existing extensions from the community.
Whether on the desktop, via SSH on a server, or inside a tiling window manager: CLIAMP impressively demonstrates that a modern music player does not need to hide behind a graphical interface. Anyone who already spends most of their working day in the terminal may quickly find it difficult to live without this player.
Ubuntu Security Updates
The Ubuntu security updates listed here are generally incorporated directly into TUXEDO OS. Some updates are only available from Ubuntu for a fee and are therefore not made available to the community until a later date. Unfortunately, we have no control over this:
USN-8525–1: curl vulnerabilities : Several security issues were fixed in curl.
IDs: CVE-2026–11352, CVE-2026–7168, CVE-2024–8096 + 7 others
Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS
USN-8523–1: libsoup vulnerabilities : Several security issues were fixed in libsoup.
IDs: CVE-2026–2369, CVE-2026–5119
Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS
USN-8522–1: LibRaw vulnerabilities : Several security issues were fixed in LibRaw.
IDs: CVE-2026–24450, CVE-2026–20884, CVE-2026–5342 + 3 others
Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS
USN-8521–1: Libidn vulnerability : Libidn could be made to crash or expose sensitive information if it received specially crafted input.
IDs: CVE-2026–57053
Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS
USN-8519–1: Go Cryptography vulnerabilities : Go Cryptography could be made to crash if it received specially crafted network traffic.
IDs: CVE-2025–22869, CVE-2025–47913
Affects: Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS
USN-8492–4: Linux kernel (Raspberry Pi) vulnerabilities : Several security issues were fixed in the Linux kernel.
IDs: CVE-2026–45960, CVE-2026–43313, CVE-2026–43262 + 296 others
Affects: Ubuntu 24.04 LTS
USN-8518–1: mailcap vulnerability : mailcap could allow applications to escape sandbox restrictions.
IDs: CVE-2026–10037
Affects: Ubuntu 26.04 LTS, Ubuntu 25.10, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS
USN-8517–1: ClamAV vulnerabilities : Several security issues were fixed in ClamAV.
IDs: CVE-2026–20215, CVE-2026–20243, CVE-2026–20244 + 4 others
Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS
USN-8516–1: Apache HTTP Server vulnerabilities : Several security issues were fixed in Apache HTTP Server.
IDs: CVE-2026–44119, CVE-2026–48913, CVE-2026–44631 + 9 others
Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS
USN-8515–1: Addressable vulnerability : Addressable could be made to consume resources and cause a denial of service if it received specially crafted input.
IDs: CVE-2026–35611
Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS
USN-8512–1: Gzip vulnerabilities : Several security issues were fixed in Gzip.
IDs: CVE-2026–41992, CVE-2026–41991
Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS
USN-8511–1: socat vulnerabilities : Several security issues were fixed in socat.
IDs: CVE-2024–54661, CVE-2026–56123
Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS
USN-8510–1: tar vulnerability : tar could be made to overwrite files.
IDs: CVE-2025–45582
Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS
USN-8509–1: Python vulnerabilities : Several security issues were fixed in Python.
IDs: CVE-2026–9669, CVE-2026–6019, CVE-2026–3644 + 15 others
Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS
USN-8506–1: Request Tracker vulnerabilities : Several security issues were fixed in Request Tracker.
IDs: CVE-2026–44231, CVE-2026–44230, CVE-2026–6841 + 4 others
Affects: Ubuntu 26.04 LTS, Ubuntu 24.04 LTS, Ubuntu 22.04 LTS
USN-8505–1: Parsl vulnerability : Parsl could be made to expose sensitive information over the network.
IDs: CVE-2026–21892
Affects: Ubuntu 24.04 LTS
USN-8492–3: Linux kernel (Raspberry Pi Real-time) vulnerabilities : Several security issues were fixed in the Linux kernel.
IDs: CVE-2026–43314, CVE-2026–43248, CVE-2026–45974 + 296 others
Affects: Ubuntu 24.04 LTS
USN-8508–1: Linux kernel (NVIDIA) vulnerabilities : Several security issues were fixed in the Linux kernel.
IDs: CVE-2026–46325, CVE-2025–71141, CVE-2026–31478 + 81 others
Affects: Ubuntu 24.04 LTS