OSnews

One unfortunate fact of my life is that I have to deal with an obscure database whose macOS drivers require the addition of a directory to DYLD_LIBRARY_PATH for their Python driver to find them. To make matters worse, Apple’s CLI tools strip that variable away as part of macOS’s System Integrity Protection (SIP) before running a command. Given that DYLD_* environment variables are a known attack vector for Mac malware, that’s a good thing in general. However, sometimes one needs a workaround to get the job done. Some of this made sense to me.

Your T95 is infected with malware pre-installed, ready to do whatever the C2 servers decide. Yes, malware from Amazon straight to your door! If they insist on selling these devices they really should add an “Includes Malware” category in the Android TV section. I find it absolutely baffling that Amazon is full of sketchy garbage like this, and nobody really seems to care. Amazon itself, lawmakers, consumers – everybody just takes it for granted?

Ars reports: It’s the end of the line for Windows 7 and Windows 8.1. These older versions of Windows (plus Windows RT) stop receiving all security updates today, over a decade after their original releases. Microsoft will also stop providing Microsoft Edge browser updates for these operating systems in a few days, and the remaining third-party apps that still work will eventually follow suit (Google Chrome support, most notably, ends early next month). Windows 7 support for most people actually ended three years ago, but businesses that still used it could pay for up to three years of additional support while they transitioned to Windows 10 or 11. That window has now closed, and Microsoft isn’t offering a paid support option for Windows 8.1. Run an unspported operating system, or invite more ads and spyware. Tough call.

So the Japanese market had very specific requirements, that PCs could not fulfill in the early DOS days. You couldn’t just replace the character ROM on your PC and make it display Japanese text (IBM did later develop the 5550 and the JX, a derivative of the PCjr, specifically for the Japanese market, and later, they developed the DOS/V variant, which added support for Japanese text to their PS/2 line, using standard VGA hardware, which by now had caught up in terms of resolution). Instead, Japanese companies jumped into the niche of developing business machines for the home market. Most notably NEC. In 1981 they introduced the PC-8800 series, an 8-bit home computer based on a Z80 CPU and BASIC. In 1982, the PC-9800 series followed, a more high-end 16-bit business-oriented personal computer based on an 8086 CPU and MS-DOS. These families of machines became known as PC-88 and PC-98 respectively (Note that the ‘PC’ name here is not a reference to IBM, as NEC had already released the PC-8000 series in 1979). I love these machines.

Several weeks ago, we published an article detailing five not-so-great features coming soon to Windows 11. Recommended websites in the Start menu (introduced in build 25247) appear in the list as arguably one of Microsoft’s worst ideas. Luckily, the company has decided to backtrack that controversial change. Those unhappy with Windows 11 showing more ads on the Start menu will be glad to learn that developers removed recommended websites in the latest preview build. A bit of positive news on the ads-in-Windows front for once.

Last year, Ubuntu developers pushed to remove Zsys from Ubuntu’s Ubiquity installer. This is an integral tool Ubuntu created to make it easier to manage and maintain ZFS-based installations. In a bug report they bluntly noted that ‘priority changes’ in the desktop team meant Zsys was no longer something they want to “advertise using”. As of writing, Zsys remains available in the Ubuntu archives but development of it isn’t looking healthy. Canonical’s contributions effectively fall off a cliff circa April 2021 based on GitHub commits, with only a trivial tweak made in April of last year. Daily builds for the upcoming Ubuntu 23.04 release come with a brand-new installer that has been built using Flutter to Canonical’s exact needs. But guess what this new Ubuntu installer does not include? An option to install Ubuntu on the ZFS file system. I thought the Linux world had settled on Btrfs as the “ZFS-like” file system for the platform, and had no idea Canonical had even been working on giving users the option to install to ZFS. With Btrfs already being the default on e.g. Fedora for a while now, it seems that is a better route to go for Ubuntu and other distributions than trying to make ZFS work.

At CES today, Sony gave a look at its latest PlayStation 5 gaming controller, but this one is very different from its previous designs. Aimed at lowering the barrier of entry for players with disabilities, Project Leonardo for the PS5 is a highly customizable controller kit that has been developed with help from organizations such as AbleGamers, SpecialEffect and Stack Up. The unique-looking controller does not have an official name nor a price attached to it yet, but Sony gave an in depth look at its features today. The unique design is said to help players with limited motor control, letting them use the controller for long periods and be accurate without much difficulty. This is very similar to Microsoft’s Xbox Adaptive Controller, and a very welcome product for those with disabilities.

DragonFly version 6.4 is the next step in the 6.x release series. This version has hardware support for type-2 hypervisors with NVMM, an amdgpu driver, the experimental ability to remote-mount HAMMER2 volumes, and many other changes. The details of all commits between the 6.2 and 6.4 releases are available in the associated commit messages for 6.4.0. The downloads are ready.

Google’s keynote at the RISC-V Summit was all about bold proclamations, though. Lars Bergstrom, Android’s director of engineering, wants RISC-V to be seen as a “tier-1 platform” in Android, which would put it on par with Arm. That’s a big change from just six months ago. Bergstrom says getting optimized Android builds on RISC-V will take “a lot of work” and outlined a roadmap that will take “a few years” to come to fruition, but AOSP started to land official RISC-V patches back in September. Another vote of confidence for RISC-V.

It’s 2023, and Windows 11 is finally a mature operating system that most people would be happy to use. Sun Valley has finally arrived, and it’s all about a long overdue reinvestment in design under Panos Panay’s leadership. But is it enough? Let’s take a look. For the purpose of this research, I used Windows 11 build 25267, which as of now is the latest Insider Dev build. Death, taxes, and new windows theme layers.

Vanilla OS has released its first version. Vanilla OS is an immutable desktop Linux distribution that brings some interesting new technologies to the table, such as the Apx package manager. By default, Apx provides a container based on your Linux distribution (Ubuntu 22.10 for Vanilla OS 22.10) and wraps all commands from the distribution’s package manager (apt for Ubuntu). Nevertheless, you can install packages from other package distributions. For example, using the --aur flag, a new container based on Arch Linux will be created. Here, apx will manage the packages from the AUR (Pacman and yay), tightly integrating them with the host system. Using the --dnf flag with apx will create a new container based on Fedora Linux. Here, apx will manage packages from Fedora’s DNF repository, tightly integrating them with the host system. Another tentpole technology is ABRoot, which brings atomicity to this distribution. Atomicity is the ability to perform a specific operation in a way where if it fails, nothing will be changed and if it succeeds, the changes will be applied in their entirety. ABRoot achieves this by transacting between 2 root file systems: A and B. Let’s make an example. Let’s say you want to install a new package. ABRoot will check which partition is the present root partition (i.e A), then it will mount an overlay on top of it and perform the transaction. If the transaction succeeds, the overlay will be merged with the future root partition (i.e B). On your next boot, the system will automatically switch to the new root partition (B). In case of failure, the overlay will be discarded and the system will boot normally, without any changes to either partition. Vanilla OS looks incredibly interesting, and I’m definitely keeping an eye on it.

A rant about “year of Linux on the desktop” from a tired old man. I’ve been part of the Linux community since before Linux was called Linux. Over the years there’s been many people telling me directly that Linux is silly or wrong or imperfect, or that free and open source software is foolish or pointless. A lot more people have, of course, pontificated along those lines in public, and not directed it at me. I’m not claiming to be targeted at that, but I’ve been around and active for long enough that things accumulate. It’s the end of a long year for me, and I though I’d let off some steam myself. Hence this rant. Over time, the goal posts of success keep being moved by the naysayers. I’m too tired to dig up all important milestones and dates, or references, but here’s highlights of the timeline as I have experienced it (years may be a little off). The most popular operating system in the world by a huge margin, and yet, it still gets ridiculed by users of platforms that still have to manually install drivers and update applications by hand while getting spied on left, right, and centre. Strange times we live in.

WuMgr (Update Manager for Windows) is a tool to manage updates of Microsoft products on the Windows operating system. It uses the “Windows Update Agent API” to identify as well as download and install missing updates. It allows the user fine control of updates on modern (Windows 10) operating system versions, comparable to what windows 7 and 8.1 offered. This functionality should be included in Windows by default, and the fact that it isn’t is just one of the many laughable deficiencies Windows is riddled with. And speaking of laughable deficiencies in Windows, a third party user interface to the optional and limited winget package “manager” has recently been updated.

We are excited to announce the release of Formula Suggestions and Formula by Example for Excel web users – a couple exciting capabilities designed to help save you time and learn more about Excel formulas as you use them. Also for web users are suggested links, IMAGE function, and a new search bar in the queries pane. For Windows users, a new keyboard shortcut is available to open the Power Query editor, and Insiders users on Windows can now get data from dynamic arrays and create nested Power Query data types to better organize your data. There’s this whole massive community of wizards out there, and their school of magic is Excel. It baffles me what people can do with this program, yet it’s often ridiculed and ignored despite the sheer skill needed to get the most out of it.

Several months ago I had a go at producing a high resolution 256-color driver for Windows 3.1. The effort was successful but is not yet complete. Along the way I re-learned many things I had forgotten, and learned several new ones. This blog entry is based on notes I made during development. There’s tons of lessons to re-learn when focusing on older platforms, whether as a mere user exploring or reminiscing, or as a developer trying to deal with all the constraints and limitations these old systems bring to the table. I’m glad it’s being documented, because the older these platforms get, the less we’ll remember about them.

This week I received a new 12th Gen Intel laptop from Framework. And like with any new piece of hardware I get these days, my first instinct was to put NixOS on it. But I wasn’t just content with firing up the NixOS installer and getting to work. Oh no no no. You see, I knew there was a better way. I didn’t now exactly what that better way looked like just yet, but I could feel in my bones that it existed. So I did what I usually do when I suspect there’s a better way of doing something in Nix land and pinged Mic92. What you’ll read in the rest of this post is the result of our conversations. NixOS seems incredibly cool, but at the same time, it also seems obtuse and complex, and like any Linux system, it has its share of problems, too. I’m just not entirely sure if it’s of any value to most regular desktop Linux users, or if it is almost exclusively aimed at developers. Since NixOS seems to be popping up in comments all over the web, I’m trying to keep an eye on it and understand what, exactly, it offers over competing products.

The HP LaserJet III laser printer from 1990 used the “Printer Command Language” PCL 5 by default, but could be upgraded with the “HP PostScript Cartridge Plus” cartridge, which contained 2 MB of ROM with Adobe’s PostScript Level 2 rasterizer. Let’s look at the ROM contents and some of its hidden gems. With how printers have become the butt of jokes, it’s easy to forget they were sometimes kind of cool and had interesting technologies, features, and even expansions. The article has a follow-up, as well.

The fourth beta for Haiku R1 over a year and a half of hard work to improve Haiku’s hardware support and its overall stability, and to make lots more software ports available for use. Over 400 bugs and enhancement tickets have been resolved for this release. There’s a lot here to talk about. The improved support for HiDPI looks amazing, and definitely a must-have in today’s world of 4K displays. There’s lots of new and improved drivers, including a new compatibility layer for OpenBSD WiFi drivers, a new NTFS driver, and more. The number of ports has increased by a lot thanks to X11, Gtk+, and even Wayland compatibility – Inkscape, GIMP, GNOME Web, and more. Wine has also been ported to Haiku, using a Haiku-native windowing and input backend. And much, much more. Pretty good way to start Christmas.

With that initial explanation out of the way, in 2022 I’ve been getting my Chumby working with the mainline Linux kernel and slowly trying to submit fixes upstream for issues as I find them. To be clear, I’m not trying to get the stock Chumby software working with the new kernel. That’s likely impossible. The stock software is heavily dependent on Flash which is a dead end. I’m just getting the new kernel running well enough so that I can develop my own custom software for it. I’m going to write a few posts about that process and some of the fun challenges I had to overcome. This first post in the series will talk about some of the work I did with U-Boot. If you’re into Linux kernel development, there’s massive number of devices out there running outdated kernels you could be updating for fun, in your spare time.

Around a year ago, I started working on emulating an iPod Touch 1G using the QEMU emulation software. After months of reverse engineering, figuring out the specifications of various hardware components, and countless debugging runs with GDB, I now have a functional emulation of an iPod Touch that includes display rendering and multitouch support. The emulated device runs the first firmware ever released by Apple for the iPod Touch: iPhoneOS 1.0, build 3A101a. The emulator runs iBoot (the bootloader), the XNU kernel and then executes Springboard. This is quite impressive.

Reports have indicated that Microsoft is planning to release a new Windows version every three years like it was in the times of Windows Vista and Windows 7. However, Microsoft doesn’t want Windows 11 to become boring or unexciting. Microsoft wants to keep Windows 11 constantly updated with “Moment” and some “feature” updates. Microsoft has reportedly scrapped the original Sun Valley 3 project and Windows 11 will receive Windows 11 23H2 based on the existing version 22H2, similar to enablement package updates for Windows 10. Microsoft wants to release a new Windows in 2024 (Windows 12? We don’t know yet). Version. Moment updates. Feature updates. Enablement package updates. 22H2 and 23H2. Cumulative updates. Main development channel. Windows 11 2022 Update. Windows 11 Build 25262. But sure, I am the idiot for not being able to keep track of this nomenclature diarrhea.

Red Hat and Fedora engineers are plotting a path to supporting Unified Kernel Images (UKI) with Fedora Linux and for the Fedora 38 release in the spring they are aiming to get their initial enablement in place. Unified Kernel Images have been championed by the systemd folks for better securing and trusting Linux distributions. Unified kernel images are a combination of the kernel image, initrd, and UEFI stub program all distributed as one. This seems like a fairly no-brainer move, and I’m sure there will be agreement and jolly cooperation on this step forward from all involved in the Linux community.

The Mac Pro is one of the few remaining Intel Macs with no Apple Silicon replacement ready to go, even though we’re a little past the two-year deadline that CEO Tim Cook originally set for the transition in summer 2020 (and to be fair, it has been a hard-to-predict couple of years). Bloomberg’s Mark Gurman reports that Apple continues to work on a new version of the Mac Pro, alongside other as-yet-unreplaced Intel Macs like the higher-end Mac mini and the 27-inch iMac, but that a planned “M2 Extreme” chip that would have powered the Apple Silicon Mac Pro has “likely” been canceled. Waiting for news in the face of uncertainty isn’t new to Mac Pro holdouts; it has been a constant for the last decade-plus. It has been a very long time since the Mac Pro was updated on anything close to a predictable cadence, especially if you don’t count partial refreshes like the 2012 Mac Pro tower or the addition of new GPU options to the 2019 model. And each of the last two updates—the “trash can” Mac Pro in 2013 and the reforged “cheese grater” version from 2019—have reflected a total shift in design and strategy. At this point, I’d like Apple to decide: either commit to a consistent strategy or vision for the Mac Pro and its place in the lineup or retire it. It sure has been a rough time for Mac Pro buyers. The reality of it is that desktop PCs – Apple or otherwise – just aren’t really all that popular anymore compared to laptops, and this probably doubly counts for the very high end. Selling Mac Pros by the thousands simply doesn’t make a whole lot of sense compared to the numbers Apple’s other computers are shipping at.

As of year 2004, Dr. Gary Kildall’s operating system called CP/M was approaching 30 years old. I decided then to describe that history on my Web site, before it was lost. I worked on that through 2008; and updated my notes since. See my DRI home page for links to Web pages about that event, and about about persons, companies and developments related to Digital Research and/or CP/M in the S-100 and microcomputer world of the 1970’s. This Web page provides some ideas about how to get and “run” CP/M today, or past alternatives to CP/M, in the 21st century. I should really set up a CP/M environment to experience what it’s like – when I first started using computers, it had already lost out to DOS.

Tonight’s story time: the Power Macintosh that wouldn’t make any sound in BeOS R5, how I figured out the problem, and how I hacked the sound driver to fix it. OSNews bait, 100%.

This is a community-run resource to help you fix the Windows Update service on earlier versions of Windows. Since Windows XP was discontinued in 2014, followed by Windows 7 in 2020, Microsoft’s support for their earlier OSes has significantly dwindled. As XP and earlier don’t officially support modern security improvements, such as the SHA256 hash algorithm required by modern SSL and Authenticode certificates as of 2019, much of the internet has become inaccessible to these devices. Adding insult to injury, Microsoft actively removed many downloads for XP and earlier versions in 2020. In effect, working with these OSes is now incredibly difficult. Windows Update provides many optional and recommended updates, in addition to drivers for your system, but Windows XP and 2000 can only install critical security updates through the built-in Automatic Updates feature. Legacy Update revives the original Windows Update website – the only way to see and install every update available for your system. This is very cool for virtual machines and old boxes you may have lying around for use with legacy software or games.

Nearly two years after the release of Xfce 4.16, here comes another major update to one of the oldest and lightest desktop environments for GNU/Linux distributions, Xfce 4.18. Xfce 4.18 is packed with lots of new features and improvements to the file manager, panel, plugins, and other core components. For example, the Thunar file manager now features not one but two image preview side panes, a new Split View, recursive search, and finally lets you undo or redo basic file operations. It also contains fixes for HiDPI, which was a major sticking point for my when I tried 4.16. Can’t wait to see how much it has improved.

As part of a larger story about Apple’s plans to allow third-party app stores on the iPhone and iPad in EU countries, Bloomberg‘s Mark Gurman claimed that Apple is also considering removing its requirement for iPhone and iPad web browsers to use WebKit, the open source browser engine that powers Safari. Well, well, well. The EU might actually force Apple to turn iOS into a real operating system.

The Verge, reporting on a paywalled story from Bloomberg: Apple is planning to let users install alternative app stores on iOS, according to a report from Bloomberg. The shift would be a remarkable change from the company, which has famously only allowed iPhone and iPad users to download apps from the App Store. The plans are reportedly being spurred on by the EU’s Digital Markets Act (DMA), which is meant to enact “rules for digital gatekeepers to ensure open markets” when its restrictions become a requirement in 2024, according to a press release. The law means that Apple will not only have to allow third-party app stores but sideloading as well, where users can install software downloaded from the web. Apple executives have previously called the ability to sideload software “a cybercriminal’s best friend” in response to the act. I’m glad at least one government is doing something to address the blatant abuse of power in the tech industry. This is a major concession by Apple, and one that will have massive consequences. Users will regain a lot of control over their Apple devices, and developers harmed by Apple’s random and opaque “rules” and application thereof will now have alternatives to explore. On top of that, this will force the App Store to compete on merit, something it has never had to do before, and it will enable applications Apple would never allow to come to iOS. And of course, if you’re not interested in any of this – don’t add any third party stores, and don’t sideload. If this is tied to EU Apple hardware, there’s going to be a thriving grey market of people importing EU Apple devices into the US.

Creating the PiRS232 and playing with the Pi over serial has been leading towards an idea – I wanted to create a small, battery powered device, a sidecar that I could carry with my Psion and use as portable Linux terminal. I also managed to turn it into an Internet gateway, leading to some interesting experiences. The idea was straightforward: take a Pi Zero, add an RS232 board that already handles the null modem side, add a Lipo battery, power management and charging, and print a case for it. It’s taken a few months from initial idea to final design, but I’m happy the result, it’s usable and practical, and you can build one too. This is incredibly cool.

Back in the ’90s and very early 2000s, a whole market segment of computers existed that we don’t really talk about anymore today: the UNIX workstation. They were non-x86 machines running one of the many commercial UNIX variants, and were used for the very high end of computing. They were expensive, unique, different, and quite often incredibly overengineered. Countless companies made and sold these UNIX workstation. SGI was a big player in this market, with their fancy, colourful machines with MIPS processors running IRIX. There was also Sun Microsystems (and Oracle in the tail end), selling ever more powerful UltraSPARC workstations running Solaris. Industry legend DEC sold Alpha machines running Digital UNIX (later renamed to Tru64 UNIX when DEC was acquired by Compaq in 1998). IBM of course also sold UNIX workstations, powered by their PowerPC architecture and AIX operating system. As x86 became ever more powerful and versatile, and with the rise of Linux as a capable UNIX replacement and the adoption of the NT-based versions of Windows, the days of the UNIX workstations were numbered. A few years into the new millennium, virtually all traditional UNIX vendors had ended production of their workstations and in some cases even their associated architectures, with a lacklustre collective effort to move over to Intel’s Itanium – which didn’t exactly go anywhere and is now nothing more than a sour footnote in computing history. Approaching roughly 2010, all the UNIX workstations had disappeared. Development of MIPS, UltraSPARC (for workstations), Alpha, and others had all been wound down, and with a few exceptions, the various commercial UNIX variants started to languish in extended support purgatory, and by now, they’re all pretty much dead (save for Solaris). Users and industries moved on to x86 on the hardware side, and Linux, Windows, and in some cases, Mac OS X on the software side. I’ve always been fascinated by these UNIX workstations. They were this mysterious, unique computers running software that was entirely alien to me, and they were impossibly expensive. Over the years, I’ve owned exactly one of these machines – a Sun Ultra 5 running Solaris 9 – and I remember enjoying that little machine greatly. I was a student living in a tiny apartment with not much money to spare, but back in those days, you couldn’t load a single page on an online auction website without stumbling over piles of Ultra 5s and other UNIX workstations, so they were cheap and plentiful. Even as my financial situation improved and money wasn’t short anymore, my apartment was still far too small to buy even more computers, especially since UNIX workstations tended to be big and noisy. Fast forward to the 2020s, however, and everything’s changed. My house has plenty of space, and I even have my own dedicated office for work and computer nonsense, so I’ve got more than enough room to indulge and buy UNIX workstations. It was time to get back in the saddle. But soon I realised times had changed. Over the past few years, I have come to learn that If you want to get into buying, using, and learning from UNIX workstations today, you’ll run into various problems which can roughly be filed into three main categories: hardware availability, operating system availability, and third party software availability. I’ll walk through all three of these and give some examples that I’ve encountered, most of them based on the purchase of a UNIX workstation from a vendor I haven’t mentioned yet: Hewlett Packard. Hardware availability: a tulip for a house The first place most people would go to in order to buy a classic UNIX workstation is eBay. Everyone’s favourite auction site and online marketplace is filled with all kinds of UNIX workstations, from the ’80s all the way up to the final machines from the early 2000s. You’ll soon notice, however, that pricing seems to have gone absolutely – pardon my Gaelic – absolutely batshit insane. Are you interested in a Sun Ultra 45, from 2005, without any warranty and excluding shipping? That’ll be anywhere from €1500 to €2500. Or are you more into SGI, and looking to buy a a 175 Mhz Indigo 2 from the mid-’90s? Better pony up at least €1250. Something as underpowered as a Sun Ultra 10 from 1998 will run for anything between €700 and €1300. Getting something more powerful like an SGI Fuel? Forget about it. Going to refurbishers won’t help you much either. Just these past few days I was in contact with a refurbisher here in Sweden who is charging over €4000 for a Sun Ultra 45. For a US perspective, a refurbisher like UNIX HQ, for instance, has quite a decent selection of machines, but be ready to shell out $2000 for an IBM IntelliStation POWER 285 running AIX, $1300 for a Sun Blade 2500, or $2000-$2500 for an SGI Fuel, to list just a few. Of course, these prices are without shipping or possible customs fees. It will come as no surprise that shipping these machines is expensive. Shipping a UNIX workstation from the US – where supply is relatively ample – to Europe often costs more than the computer itself, easily doubling your total costs. On top of that, there’s the crapshoot lottery of customs fees, which, depending on the customs official’s mood, can really be just about anything. I honestly have no idea why pricing has skyrockted as much as it has. Machines like these were far, far cheaper only 5-10 years ago, but it seems something happened that pushed them up – quite a few of them are definitely not rare, so I doubt rarity is the cause. Demand can’t exactly be high either, so I doubt there’s so many people buying these that they’re forcing the price to go up. I do have a few theories, such as some machines being absolutely required in some specific niche somewhere and sellers just sitting on them until one breaks and must be replaced, whatever the cost,

Google is working on upgrading its Nest Audio smart speaker to run on the company’s own Fuchsia operating system. For the last few years, Google has been steadily working on switching its Nest Hub smart displays from running on “Cast OS” to the company’s in-house OS, Fuchsia. The original Nest Hub was the first to make the jump in 2021, and the Nest Hub Max made a similar move earlier this year. In all likelihood, the Nest Hub 2nd Gen should get its Fuchsia update soon too. The slow, deliberate, and calculated rollout of Fuchsia continues.

Intel recently announced a big driver update for their Arc GPUs on Windows, because their DirectX 9 performance wasn’t as good as it could have been. Turns out, they’re using code from the open source DXVK which is part of Steam Play Proton. DXVK translates Direct3D 9, Direct3D 10 and Direct3D 11 to Vulkan. Primarily written for Wine, the Windows compatibility layer, which is what Proton is made from (Proton is what the majority of games on Steam Deck run through). However, it also has a Native implementation for Linux and it can be used even on Windows too. So it’s not a big surprise to see this. Heck, even NVIDIA use DXVK for RTX Remix. Windows gamers benefiting from open source technology for gaming on Linux. My my, the turntables!

The story of PostScript has many different facets. It is a story about profound changes in human literacy as well as a story of trade secrets within source code. It is a story about the importance of teams, and of geometry. And it is a story of the motivations and educations of engineer-entrepreneurs. The Computer History Museum is excited to publicly release, for the first time, the source code for the breakthrough printing technology, PostScript. We thank Adobe, Inc. for their permission and support, and John Warnock for championing this release. There’s definitely progress being made when it comes to open sourcing old software, but we’ve still got a long, long way to go for this to become the norm – as it should be.

End-to-end encryption is coming to most of iCloud with a new optional feature called Advanced Data Protection, according to Apple’s announcement on Wednesday. Previously, 14 data categories within iCloud were protected. This new feature brings that count to 23, including photos, notes, voice memos, reminders, Safari bookmarks, and iCloud backups of the contents of your devices. Not everything is encrypted in this way, though. Critically, calendar and mail are untouched here. Apple says they are not covered “because of the need to interoperate with the global email, contacts, and calendar systems.” Good step, and something every cloud provider ought to be offering.

FreeBSD 12.4 has been released. This is a maintenance release of the older stable branch, and contains the usual package updates, bug fixes, and other relatively minor changes.

This release features work-in-progress OpenGL 2.1 and OpenGL ES 2.0 support for all current Apple M-series systems. That’s enough for hardware acceleration with desktop environments, like GNOME and KDE. It’s also enough for older 3D games, like Quake3 and Neverball. While there’s always room for improvement, the driver is fast enough to run all of the above at 60 frames per second at 4K. Please note: these drivers have not yet passed the OpenGL (ES) conformance tests. There will be bugs! Increasingly impressive work.

As you may already have noticed we have released new ISO and USB images for OpenIndiana Hipster some days ago. As usual we have received many updates via illumos-gate, eg. the latest Intel and AMD CPU microcode updates, the latest time zone changes and lots of enhancements for BHyVe and the internal SMB server. Does anybody still legitimately use any of the variants of Solaris? It certainly had a moment in the final days of Sun, but ever since Oracle got their hands on it it’s been pretty much strangled to death, it seems.

Ars Technica: Guess what has happened! Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware. The post is just a list of the keys, but running each one through APKMirror or Google’s VirusTotal site will put names to some of the compromised keys: Samsung, LG, and Mediatek are the heavy hitters on the list of leaked keys, along with some smaller OEMs like Revoview and Szroco, which makes Walmart’s Onn tablets. These companies somehow had their signing keys leaked to outsiders, and now you can’t trust that apps that claim to be from these companies are really from them. To make matters worse, the “platform certificate keys” that they lost have some serious permissions. I tend to not really focus on security issues, because more often than not they amount to baseless scaremongering for clicks (or worse, to scare people into buying antivirus software), but this one seems possibly serious enough to warrant attention. I’m just not entirely sure how bad this can actually turn out to be, and the vague statements from Samsung, Google, and other sure aren’t helping in cleaning up the confusion.

Traditionally, updates on Linux systems are controlled by the user. You get an icon in the system tray that looks important; you click on it; it asks you if you want to install updates; you say “yes” or “no”; updates are applied, or not; when you next restart any applications that you have running that were updated, the new version is picked up. Data isn’t lost, because updates don’t restart the application. You can (and do) update the Linux kernel in this way, and your computer just stays up (usually running on the old version of the kernel until you next restart.) Mechanisms have been added over time to allow auto updates to take place for critical security patches (“unattended upgrades”) but these have typically to be opt in. And again, they don’t restart running applications. Snap breaks this contract. The update channel for Snap is independent from the KDE updater (on Kubuntu), and seemingly the Gnome updater (on Ubuntu). If you consent to applying updates from the general system tray “updates needed” notification, Snap updates are not included; they’re not even listed in the pending notifications from the system tray. Snap updates only happen when the Snap updater is running, either if the application is not running or after the period of time required to force updates has expired. Snap updates happen without consent. I would really, really suggest moving away from Ubuntu, and opting for the countless better alternatives instead, like Fedora (the best desktop, in my view), Linux Mint (a great desktop, but a bit more conservative than Fedora), any of the Arch derivatives (for bleeding edge and tons of fooling around with AUR), or Void (for those of us with taste). Or any, any of the others. Ubuntu just does not seem to have its users’ best interests at heart, and Snap is the best example of that.

This is a problem for all of us. Most people who can afford one have bought their iPhone or iPad already. The programmers already have their MacBooks. And while everyone will need to buy replacements at some point, that’s a steady-state or at best low-growth business. When Apple says more, it means the Wall Street kind of “more”: a hockey stick of growth. Which means, Apple needs to find growth outside its usual business. And these days, that means: advertising. And online advertising requires: surveillance. And a surveillance-enabled ad business leads, inevitably, to deceiving customers. It’s already happening, and like the boiling frog (which is not actually how it works – the frog will definitely jump out if it’s being slowly boiled; the tiny detail not part of most retellings is that the researcher had removed the frogs’ brains), Apple users are slowly being prepped for slaughter.

In Android 13, about 21% of all new native code (C/C++/Rust) is in Rust. There are approximately 1.5 million total lines of Rust code in AOSP across new functionality and components such as Keystore2, the new Ultra-wideband (UWB) stack, DNS-over-HTTP3, Android’s Virtualization framework (AVF), and various other components and their open source dependencies. These are low-level components that require a systems language which otherwise would have been implemented in C++. To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code. We don’t expect that number to stay zero forever, but given the volume of new Rust code across two Android releases, and the security-sensitive components where it’s being used, it’s a significant result. It demonstrates that Rust is fulfilling its intended purpose of preventing Android’s most common source of vulnerabilities. Historical vulnerability density is greater than 1/kLOC (1 vulnerability per thousand lines of code) in many of Android’s C/C++ components (e.g. media, Bluetooth, NFC, etc). Based on this historical vulnerability density, it’s likely that using Rust has already prevented hundreds of vulnerabilities from reaching production. These numbers don’t lie.

So there you have it: recommending idly Secure Boot for all systems requiring intermediate security level accomplishes nothing, except maybe giving more work to system administrators that are recompiling their kernel, while offering exactly no measurable security against many threats if UEFI Administrative password and MOK Manager passwords are not set. This is especially true for laptop systems where physical access cannot be prevented for obvious reasons. For servers in colocation, the risk of physical access is not null. And finally for many servers, the risk of a rogue employee somewhere in the supply chain, or the maintenance chain cannot be easily ruled out. The author makes a compelling case, but my knowledge on this topic is too limited to confidently present this article as a good one. I’ll leave it to those among us with more experience on this subject to shoot holes in the article, or to affirm it.

As you look around for a new social media platform, I implore you, only use one that is a part of the World Wide Web. If posts in a social media app do not have URLs that can be linked to and viewed in an unauthenticated browser, or if there is no way to make a new post from a browser, then that program is not a part of the World Wide Web in any meaningful way. Consign that app to oblivion. Yep.

“Raspberry Pi boards are hard to get, probably also next year,” says Andreas Spiess, single-board enthusiast and YouTuber, in his distinctive Swiss accent. He’s not wrong. Spiess says he and his fellow Pi devotees need “a strategy to survive” without new boards, so he suggests looking in one of the least captivating, most overlooked areas of computing: used, corporate-minded thin client PCs. Spiess’ Pi replacements, suggested and refined by many of his YouTube commenters and Patreon subscribers, are Fujitsu Futros, Lenovo ThinkCentres, and other small systems (some or all of which could be semantically considered “thick clients” or simply “mini PCs,” depending on your tastes and retro-grouch sensibilities). They’re the kind of systems you can easily find used on eBay, refurbished on Amazon Renewed, or through other enterprise and IT asset disposition sources. They’re typically in good shape, given their use and environment. And compared to single-board enthusiast systems, many more are being made and replaced each year. A project I want to undertake is set up an UltraSPARC machine, and then tie several Sun Rays to them. I also want to mess around with using Linux as the host for several thin clients – they’re so cheap, and it seems like they’re really fun to mess around with.

There is still a long road ahead! The UAPI that we are using right now is still a prototype, and there are a lot of new features that need to be added or redesigned in order to support a full Vulkan driver in the future. Since Linux mandates that the UAPI needs to remain stable and backwards compatible across versions (unlike macOS), that means that the kernel driver will not be heading upstream for many months, until we have a more complete understanding of the GPU rendering parameters and have implemented all the new design features needed by Vulkan. The current UAPI also has performance limitations… it can’t even run GPU rendering concurrently with CPU processing yet! And of course there is still a lot of work to do on the userspace side, improving conformance and performance and adding support for more GL extensions and features! Some features like tesselation and geometry shaders are very tricky to implement (since they need to be partially or fully emulated), so don’t expect full OpenGL 3.2+ for quite a long time. This article is a detailed look at the work done by Asahi Lina to create a Linux GPU driver for Apple’s M1, after Alyssa Rosenzweig reverse engineered the M1 GPU on macOS. This is a tour de force of excellence, and every current and future M1/M2 Linux user should be thankful for the amazing work these people are doing.

Highlights of this release include initial gesture support with double-tap to wake for selected devices, improvements to fingerprint unlock by allowing more backoff time between read retries, as well as support for media buttons on headsets for most Ubuntu Phone devices. In addition, the Ubuntu Touch OTA-24 update adds support for handling the sms:// URL scheme for properly opening the Messaging app, adds Full HD 1080p support to the Aethercast implementation, improves SMS and MMS support, and adds various performance tweaks to the Mir-Android-Platform. I’m kind of surprised the current releases are still based on Ubuntu 16.04 – that’s quite an old release. They are working on upgrading the base to 20.04, and the switchover should happen relatively soon.

Yes, I am playing Dope Wars on a Palm Pilot inside my iPhone. It’s thanks to The Internet Archive, which is once again launching a giant collection of software you can instantly play on any web browser, up to and including your touchscreen-equipped phone. There are currently 565 classic Palm apps in all, including games, widgets, and even free trials from both the greyscale and color eras. This is probably the easiest way to experience Palm OS applications now. I will still opt for any of my dozen or so real devices, but having so many applications safe and sound on the Archive is amazingly awesome.

Multi-factor authentication is ripe for disruption. SMS 2FA is inherently defective. Phone authenticators get stolen. Security tokens get lost. But just try misplacing a Commodore SX-64. And any thief who tries to grab it and run gets a free hernia truss from the prison infirmary. I want to see someone carry an SX-64 into a coffee shop to authenticate something. Please.

I occasionally do talks about curl. In these talks I often include a few slides that say something about curl’s coverage and presence on different platforms. Mostly to boast of course, but also to help explain to the audience how curl has manged to reach its ten billion installations. Curl is literally everywhere – even on another planet.