Bug or intentional? macOS 15.1 completely removes ability to launch unsigned applications

Many MacOS users are probably used by now to the annoyance that comes with unsigned applications, as they require a few extra steps to launch them. This feature is called Gatekeeper and checks for an Apple Developer ID certificate. Starting with MacOS Sequoia 15, the easy bypassing of this feature with e.g. holding Control when clicking the application icon is now no longer an option, with version 15.1 disabling ways to bypass this completely. Not unsurprisingly, this change has caught especially users of open source software like OpenSCAD by surprise, as evidenced by a range of forum posts and GitHub tickets.

↫ Maya Posch at Hackaday

It seems Apple has disabled the ability for users to bypass application signing entirely, which would be just the next step in the company’s long-standing effort to turn macOS into iOS, with the same, or at least similar, lockdowns and restrictive policies. This would force everyone developing software for macOS to spend €99 per year in order to get their software signed, which may not be a realistic option for a lot of open source software.

Before macOS 15.0, you could ctrl+right-click an unsigned application and force it to run. In macOS 15.0, Apple removed the ability to do this; instead, you had to try and open the application (which would fail), and then open System Settings, go to Privacy & Security, and click the “Open Anyway” button to run the application. Stupidly convoluted, but at least it was possible to run unsigned applications.

In macOS 15.1, however, even this convoluted method no longer seems to be working. When you try and launch an unsigned application in macOS 15.1, you get a dialog that reads The application “Finder” does not have permission to open “(null)”, and no button to open the application anyway appears under Privacy & Security. The wording of the dialog would seem to imply this is a bug, but Apple’s lack of attention to UI detail in recent years means I wouldn’t be surprised if this is intentional.

This means that the only way to run unsigned applications on macOS 15.1 is to completely disable System Integrity Protection and Gatekeeper. To do this, you have to boot into recovery mode, open the terminal, run the command sudo spctl --master-disable, reboot. However, I do not consider this a valid option for 99.9% of macOS users, and having to disable complex stuff like this through recovery mode and several reboots just to launch an application is utterly bizarre.

For those of you still stuck on macOS, I can only hope this is a bug, and not a feature.

Google confirms Android 16 is coming earlier than usual, developer preview begins soon

In a major shift of its release cycle, Google has revealed that Android 16 will be released in Q2 of 2025, confirming my report from late last month. Android 16 is the name of the next major release of the Android operating system, and its release in Q2 marks a significant departure from the norm. Google typically pushes out a new major release of Android in Q3 or Q4, but the company has decided to move next year’s major release up by a few months so more devices will get the update sooner.

↫ Mishaal Rahman at Android Authority

That’s a considerable shake-up of Android’s long-lasting release cadence. The change includes more than just moving up the major Android release, as Google also intends to ship more minor releases of Android throughout the year. The company has already unveiled a rough schedule for Android 16, only weeks after releasing Android 15, with the major Android 16 release coming in the second quarter of 2025, followed by a minor release in the fourth quarter of 2025.

There are two reasons Google is doing this. First, this new release schedule better aligns with when new flagship Android devices are released, so that from next year onwards, they can ship with the latest version of Android of that year preinstalled, instead of last year’s release. This should help bump up the number of users using the latest release. Second, this will allow Google to push out SDK releases more often, allowing for faster bug fixing.

I honestly feel like most users will barely notice this change. Not only is the Android update situation still quite messy compared to its main rival iOS, the smartphone operating system market has also matured quite a bit, and the changes between releases are no longer even remotely as massive as they used to be. Other than Pixel users, I don’t think most people will even realise they’re on a faster release schedule.

Sculpt OS 24.10 released with multi-monitor support

Genode’s rapid development carries on apace. Whilst Genode itself is a so-called OS Framework – the computing version of a rolling chassis that can accept various engines (microkernels) and coachwork of the customer’s choice – they also have an in-house PC desktop system. This flagship product, Sculpt OS, comes out on a bi-annual schedule and Autumn brings us the second for the year, with what has become an almost a customary big advance:

Among the many usability-related topics on our road map, multi-monitor support is certainly the most anticipated feature. It motivated a holistic modernization of Genode’s GUI stack over several months, encompassing drivers, the GUI multiplexer, inter-component interfaces, up to widget toolkits. Sculpt OS 24.10 combines these new foundations with a convenient user interface for controlling monitor modes, making brightness adjustments, and setting up mirrored and panoramic monitor configurations.

↫ Genode website

Sculpt OS 24.10 is available as ready-to-use system image for PC hardware, the PinePhone, and the MNT Reform laptop.

Microsoft just delayed Recall again

Another day, another Windows Recall problem. Microsoft is delaying the feature yet again, this time from October to December.

“We are committed to delivering a secure and trusted experience with Recall. To ensure we deliver on these important updates, we’re taking additional time to refine the experience before previewing it with Windows Insiders,” says Brandon LeBlanc, senior product manager of Windows, in a statement to The Verge. “Originally planned for October, Recall will now be available for preview with Windows Insiders on Copilot Plus PCs by December.”

↫ Tom Warren at The Verge

Making Recall secure, opt-in, and uninstallable is apparently taking more time than the company originally planned. When security, opt-in, and uninstallable are not keywords during your design and implementation process for new features, this is the ungodly mess that you end up with. This could’ve all been prevented if Microsoft wasn’t high on its own “AI” supply.

Torvalds thinks “AI” is 90% marketing, and Google claims 25% of its code is “AI”-generated

Torvalds said that the current state of AI technology is 90 percent marketing and 10 percent factual reality. The developer, who won Finland’s Millennium Technology Prize for the creation of the Linux kernel, was interviewed during the Open Source Summit held in Vienna, where he had the chance to talk about both the open-source world and the latest technology trends.

↫ Alfonso Maruccia at Techspot

Well, he’s not wrong. “AI” definitely feels like a bubble at the moment, and while there’s probably eventually going to be useful implementations people might actually want to actively use to produce quality content, most “AI” features today produce a stream of obviously fake diarrhea full of malformed hands, lies, and misinformation. Maybe we’ll eventually work out these serious kinks, but for now, it’s mostly just a gimmick providing us with an endless source of memes. Which is fun, but not exactly what we’re being sold, and not something worth destroying the planet for even faster.

Meanwhile, Google is going utterly bananas with its use of “AI” inside the company, with Sundar Pichai claiming 25% of code inside Google is now “AI”-generated.

↫ Sundar Pichai

We’re also using AI internally to improve our coding processes, which is boosting productivity and efficiency. Today, more than a quarter of all new code at Google is generated by AI, then reviewed and accepted by engineers. This helps our engineers do more and move faster.

So much here feels wrong. First, who wants to bet those engineers care a whole lot less about the generated code than they do about code they write themselves? Second, who wants to bet that generated code is entirely undocumented? Third, who wants to bet what the additional costs will be a few years from now when the next batch of engineers tries to make sense of that undocumented generated code? Sure, Google might save a bit on engineers’ salaries now, but how much extra will they have to spend to unspaghettify that diarrhea code in the future?

It will be very interesting to keep an eye on this, and check back in, say, five years, and hear from the Google engineers of the future how much of their time is spent fixing undocumented “AI”-generated code. I can’t wait.

GNOME and KDE working on end user-focused “official” Linux distributions, not entirely without risks

It seems the GNOME team is getting quite serious about turning GNOME OS into an end-user focused Linux distribution, similar to a project KDE is working on.

GNOME OS is GNOME’s development, testing, and QA distribution. It’s not designed to be useful as a general-purpose system, and so it hasn’t been the center of attention. However, that makes it a convenient place to experiment, and ultimately through sheer coincidence the GNOME OS team ended up developing something that follows my vision using the same technology that I was. The only real difference was intent: carbonOS was intended for mass adoption, and GNOME OS was not. In essentially every other aspect, the projects had the same roadmap: following Lennart Poettering’s “Fitting Everything Together” proposal, providing a stock GNOME experience, and even using the same build system (BuildStream).

↫ Adrian Vovk

The goal with GNOME OS is to showcase the best GNOME has to offer, built on top of an immutable base system, using Flatpak as the means to install applications. Basically, we’re looking at something very similar to the immutable Fedora GNOME variant, but probably with even less modifications to stock GNOME, and perhaps with few more newer things as default, like perhaps systemd-boot over GRUB. KDE also happens to be working on a very similar project, with many of the same design choices and constraints.

I think this is an excellent idea, for both GNOME and KDE. This allows them to offer users a very focused, simple, and resilient way of showcasing the latest and greatest the two desktop environments have to offer, without having to rely on third-party distributions to not make silly choices or mess things up – for which GNOME and KDE developers then tend to take the heat. Systems like these will, of course, also be a great way for developers to quickly spin up the latest stock versions of GNOME and KDE to test their applications.

Still, there’s also a downside to having official GNOME and KDE distributions. If users find bugs or issues in these desktop environment when running other distributions, like Fedora or Ubuntu, GNOME and KDE developers may be tempted to just shrug them off and point them to the official GNOME and KDE distributions. It works there, so obviously the cause of the bug lies with the unofficial distribution, right? This may be a tempting conclusion, but may not be accurate at all, as the real cause could still lie with GNOME and KDE.

Once such “official” GNOME and KDE Linux distributions exist, the projects run a real risk of only really caring about how well GNOME and KDE work there, while not caring as much, or even at all, how well they run everywhere else. I’m not sure how they intend to prevent this from happening, but from here, I can already see the drama erupting. I hope this is something they take into consideration.

Immutable distributions are not for me, since I prefer the control regular Fedora and RPM gives me, and I don’t want to give that up. It also doesn’t help I really, really don’t like Flatpak as it exists today, which is another major barrier to entry for someone like me, and I assume most OSNews readers. However, there are countless Linux users out there who just want to get stuff done with whatever defaults come with their operating system, and for them, this newly proposed GNOME OS and its KDE counterpart are a great choice.

There’s a reason Valve opted for an Arch-based immutable KDE distribution for the Steam Deck, after all.

Microsoft isn’t secretly installing Recall on your Windows PC

There’s been more controversy regarding Microsoft’s Recall feature for Windows, with people supposedly discovering Recall was being secretly installed on Windows 11 24H2. Furthermore, trying to remove this secretly installed Recall would break Explorer, as it seemed Explorer had a dependency on Recall. Unsurprisingly, this spread like wildfire all across the web, but I didn’t report on it because something about it felt off – reports were sporadic and vague, and there didn’t seem to be any consistency in the various stories.

Well, it turns out that it is a big misunderstanding arising from Microsoft’s usual incompetence.

“Ever since the Recall security fiasco in summer, all insider and production builds lack Recall completely,” explains Windows watcher Albacore, in messages to The Verge. Albacore created the Amperage tool that allowed Recall to run on older Snapdragon chips. The references we’re seeing in current installs of 24H2 are related to Microsoft making it easier for system admins to remove Recall or disable it. “Ironically, Microsoft going out of its way to make [Recall] removal easier is being flipped into AI / spying / whatever hoaxes,” says Albacore.

[…]

“Microsoft has an ungodly complex and long winded system for integrating development changes into a mainline build, parts of the optional-izing work were most likely not merged at once, and thus produce crash loops in very specific scenarios that slipped testing,” explains Albacore.

↫ Tom Warren at The Verge

What this story really highlights is just how little trust Microsoft has left with its very own users. Microsoft has a history of silently and secretely re-enabling features users turned off, re-installing Edge without any user interaction or consent, lots of disabled telemetry features suddenly being turned on again after an update, and so on. Over the years, this has clearly eroded any form of trust users have in Microsoft, so when a story like this hits, users just assume it’s Microsoft doing shady stuff again. Can you blame them?

All of this is made worse by the absolutely dreadfully bad messaging and handling of the Recall feature. The shoddy implementation, the complete lack of security, the severe inability to read the room about the privacy implications of a feature like Recall, combined with the lack of trust mentioned above, and you have a very potent cocktail of misinformation entirely of Microsoft’s own making. I’m not trying to excuse Microsoft here – they themselves are the only ones to blame for stories like these.

I have a feeling we’re going to see a lot more Recall problems.

Australia/Lord_Howe is the weirdest timezone

The standard trope when talking about timezones is to rattle off falsehoods programmers believe about them. These lists are only somewhat enlightening – it’s really hard to figure out what truth is just from the contours of falsehood.

So here’s an alternative approach. I’m gonna show you some weird timezones. In fact, the weirdest timezones. They’re each about as weird as timezones are allowed to get in some way.

↫ Ulysse Carion

The reason why timezones are often weird is not only things like the shape of countries dictating where the actual timezones begin and end, but also because of politics. A lot of politics. The entirety of China runs on Beijing time, even though it covers five geographical timezones. Several islands in the Pacific were forced by their colonisers to run on insanely offset timezones because it made exploiting them easier. Time in Europe is political, too – countries like The Netherlands, Belgium, France, and Spain should really be in the same time zone as the UK, but adopted UTC+1 because it aligns better with the rest of mainland Europe.

Although anything is better than whatever the hell Dutch Time was.

Then there is, of course, daylight savings, which is a whole pointless nightmare in and of itself that should be abolished. Daylight savings rules and exceptions alone cover a ton of the oddities and difficulties with timezones, which is reason enough to get rid of it, aside from all the other possible issues, but a proposal to abolish it in the EU has sadly stalled.

Improving Xwayland window resizing

Speaking of Wayland, one of the most important parts of the transition is Xwayland, which makes sure legacy X applications not yet capable of running under a modern graphics stack can continue to function. Xwayland applications have had this weird visual glitch during resize operations, however, where the opposite side of the window would expand and contract while resizing. KDE developer Vlad Zahorodnii wanted to fix this, and he wrote a very detailed article explaining why, exactly, this bug happens, which takes you deep into the weeds of X and Wayland.

Window resizing in X would be a glitchy mess, if it wasn’t for the X11 protocol to synchronize window repaints during interactive resize, which ensures that the window resize and the application repainting its window contents remain synchronised. This protocol is supported by Kwin and GNOME’s Mutter, so what’s the problem here? Shouldn’t everything just work?

KWin supports the basic frame synchronization protocol, so there should be no visual glitches when resizing X11 windows in the Plasma Wayland session, right? At quick glance, yes, but we forget about the most important detail: Wayland compositors don’t use XCompositeNameWindowPixmap() or xcb_composite_name_window_pixmap() to grab the contents of X11 windows, instead they rely on Xwayland attaching graphics buffers to wl_surface objects, so there is no strict order between the Wayland compositor receiving an XSync request acknowledgement and graphics buffers for the new window size.

↫ Vlad Zahorodnii

Basically, the goal of the fix is to make sure these steps are also synchronised when using Xwayland, and that’s exactly what Zahorodnii has achieved. This makes the resizing X windows under Xwayland look normal and without weird visual glitches, which is a massive improvement to the overall experience of using a Wayland desktop with a few stray X applications. Thanks to this fix, which was made possible with help from Wayland developers, Kwin is now one of the few compositors that correctly synchronises X windows running under Wayland.

KDE has been doing an amazing job moving from X to Wayland, and I don’t think there’s anyone else who has managed to make the transition quite as painless. Not only do KDE developers focus on difficult bugs like this one that many others would just shrug off as acceptable jank, they also made things like the Wayland to X11 Video Bridge, a desktop-agnostic tool to allow things like screen sharing in Teams, Discord, Slack, etc. to work properly on Wayland.

New Raspberry Pi OS switches everyone over to Wayland

The slow rise of Wayland hasn’t really been slow anymore for years now, and today another major part of the Linux ecosystem is making the jump from X to Wayland.

So we made the decision to switch. For most of this year, we have been working on porting labwc to the Raspberry Pi Desktop. This has very much been a collaborative process with the developers of both labwc and wlroots: both have helped us immensely with their support as we contribute features and optimisations needed for our desktop.

After much optimisation for our hardware, we have reached the point where labwc desktops run just as fast as X on older Raspberry Pi models. Today, we make the switch with our latest desktop image: Raspberry Pi Desktop now runs Wayland by default across all models.

↫ Simon Long

Raspberry Pi Desktop already used Wayland on some of the newer models, through the use of Wayfire. However, it turned out Wayfire wasn’t a good fit for the older Pi models, and Wayfire’x development direction would move it even further away from that goal, which is obviously important to the Raspberry Pi Foundation. They eventually settled on using labwc instead, which can also be used on older Pi models. As such, all Pi models will now switch to using Wayland with the latest update to the operating system.

This new update also brings vastly improved touchscreen support, a rewritten panel application that won’t keep removed plugins in memory, a new display configuration utility, and more.

The OSNews 2024 fundraiser: support OSNews to keep it alive

Do you want OSNews to continue to exist? Do you like the selection of news items I manage to scrounge up almost every day? Do you want OSNews free from corporate influence, “AI”-generated nonsense, and the kind of SEO-optimised blogspam we all despise? Consider supporting OSNews financially, so I can keep running the site as an independent entity, free from the forces that make the web shittier every day. There are several ways you can support OSNews.

First, you can become a Patreon. Being an OSNews Patreon means no more ads on OSNews, access to the OSNews Matrix room, and some fancy flair on your comments. The goal is to eventually have enough Patreons supporting us to make us independent even from regular ads, which means we’ll need to hit at least €1500-€2000 a month. Once we achieve that, we will turn off ads for everyone. OSNews is my job, and thus my only source of income, so we can only turn off ads once community support is high enough to do so. This is obviously a long-term goal.

To help us all get there, I’ve added a brand new, even higher Patreon tier. If being a Platinum Patreon isn’t enough for you, you can now move on up and become an Antimatter Patreon for €50/month. You’ll get all the same benefits as the Platinum tier, but on top of that, you can opt to have your name permanently displayed on the frontpage in our sidebar. This tier is really specifically designed for the most hardcore supporters of OSNews, and can even be used as a bit of a marketing tool for yourself.

By the way, I do not know where to go after antimatter. What’s rarer and more expensive than antimatter?

Second, you can make an individual donation to OSNews through Ko-Fi. Recently, my wife, two kids, and I were all hit with, in order, bronchitis, flu, and then a minor cold. With all of us down and out, unable to work, our finances obviously took a bit of a hit. My wife works in home care for the elderly, which isn’t exactly a job with a fair wage, so any time we can’t work it hits us hard. Individual Ko-Fi donations have proven to be lifesavers. As such, I’ve set up a Ko-Fo donation target of €2500, so my wife, kids, and I can build up a bit of a buffer for emergencies. Creating such a buffer will be a huge load off our backs.

Third, we have official OSNews merch! Our merch store is filled with a ton of fun products for the operating system connoisseurs among us, from the basic OSNews T-shirt and mug, to the old-school ASCII-art OSNews T-shirt and sweatshirt, and finally three unique terminal T-shirts showing the terminal of MS-DOS, BeOS, and Mac OS X. Each of the terminal shirts sport the correct colour schemes, text, and fonts. The pricing has been set up in such a way that for each product sold, we receive about $8.

OSNews has always been a passion project for everyone involved, and I’d like to continue that. By making sure we’re independent, free from the forces that are destroying websites left, right, and centre, OSNews can keep doing what it’s always done: report on things nobody else covers, without the pressure to post 45 items about every new iPhone, stupid SEO blogspam nonsense about how to plug in a USB cable or whatever, or “AI”-generated drudgery.

The people making that possible are all of our Patreons, Ko-Fi donors, and merch customers. You have no idea how thankful I am for each and every one of you.

TDE R14.1.3 released, and KDE developers hold impromptu TDE installfest at Akademy 2024

The Trinity Desktop Environment, a fork of the last release in the KDE 3.x series, has just released their latest version, R14.1.3. Despite its rather small version number change, it contains some very welcome new features.

TDE started the process of integrating the XDG Desktop Portal API, which will bring a lot of welcome integration with applications from the wider ecosystem. There’s also a brand new touchpad settings module, which was something I was sorely missing when I tried out TDE a few months ago. Furthermore, there’s of course a ton of bugfixes and improvements, but also things like support for tiling windows, some new theme and colour scheme options, and a lot more.

Not too long ago, when KDE’s Akademy 2024 took place, a really fun impromptu event happened. A number of KDE developers got together – I think in a restaurant or coffee place – and ended up organising an unplanned TDE installation party. Several photos floated around Mastodon of KDE developers using TDE, and after a few fun interactions between KDE and TDE developers on Mastodon, TDE developers ended up being invited to next year’s Akademy. We’ll have to wait and see if the schedules line up, but if any of this can lead to both projects benefiting from some jolly cooperation, it can only be seen as a good thing.

Regardless, TDE is an excellent project with a very clear goal, and they’re making steady progress all the time. It’s not a fast-paced environment chasing the latest and greatest technologies, but instead builds upon a solid foundation, bringing it into modern world where it makes sense. If you like KDE 3.x, TDE is going to be perfect for you.

World’s first Haiku ransomware/malware

There’s many ways to judge if an operating system has made it to the big leagues, and one of the more unpleasant ones is the availability of malware. Haiku, the increasingly capable and daily-driveable successor to BeOS, is now officially a mainstream operating system, as it just had its first piece of malware.

HaikuRansomware is an experimental ransomware project designed for educational and investigative purposes. Inspired by the art of poetry and the challenge of cryptography, this malware encrypts files with a custom extension and provides a ransom note with a poetic touch. This is a proof of concept aimed to push the boundaries of how creative ransomware can be designed.

↫ HaikuRansomware’s GitHub page

Now this is obviously a bit of a tongue-in-cheek, experimental kind of thing, but it’s still something quite unique to happen to Haiku. I’m not entirely sure how the ransomware is supposed to spread, but my guess would be through social engineering. With Haiku being a relatively small project, and one wherein every user runs as root – baron, in BeOS parlance – I’m sure anything run through social engineering can do some serious damage without many guardrails in place. Don’t quote me on that, though, as Haiku may have more advanced guardrails and mitigations in place than classic BeOS did.

This proof-of-concept has no ill intent, and is more intended as an art project to highlight what you can do with encryption and ransomware on Haiku today, and I definitely like the art-focused approach of the author.

What’s new in POSIX 2024 – XCU

As of the previous release of POSIX, the Austin Group gained more control over the specification, having it be more working group oriented, and they got to work making the POSIX specification more modern. POSIX 2024 is the first release that bears the fruits of this labor, and as such, the changes made to it are particularly interesting, as they will define the direction of the specification going forwards. This is what this article is about!

Well, mostly. POSIX is composed of a couple of sections. Notably XBD (Base Definitions, which talk about things like what a file is, how regular expressions work, etc), XSH (System Interfaces, the C API that defines POSIX’s internals), and XCU (which defines the shell command language, and the standard utilities available for the system). There’s also XRAT, which explains the rationale of the authors, but it’s less relevant for our purposes today. XBD and XRAT are both interesting as context for XSH and XCU, but those are the real meat of the specification. This article will focus on the XCU section, in particular the utilities part of that section. If you’re more interested in the XSH section, there’s an excellent summary page by sortix’s Jonas Termansen that you can read here.

↫ im tosti

The weekend isn’t over yet, so here’s some more light reading.

The MIPS ‘ThinkPad’ and the unreleased Commodore HHC-4

Old Vintage Computing Research, by the incredibly knowledgeable Cameron Kaiser, is one of the best resources on the web about genuinely obscure retrocomputing, often diving quite deep in topics nobody else covers – or even can cover, considering how rare some of the hardware Kaiser covers is. I link to Old VCR all the time, and today I’ve got two more great articles by Kaiser for you.

First, we’ve got the more well-known – relatively speaking – of the two devices covered today, and that’s the MIPS ThinkPad, officially known as the IBM WorkPad z50. This was a Windows CE 2.11 device powered by a NEC VR4120 MIPS processor, running at 131 Mhz, released in 1999. Astute readers might note the WorkPad branding, which IBM also used for several rebranded Palm Pilots. Kaiser goes into his usual great detail covering this device, with tons of photos, and I couldn’t stop reading for a second. There’s so much good information in here I have no clue what to highlight, but since OSNews has OS in the name, this section makes sense to focus on:

The desktop shortcuts are pre-populated in ROM along with a whole bunch of applications. The marquee set that came on H/PC Pro machines was Microsoft Pocket Office (Pocket Word, Pocket Excel, Pocket Access and Pocket PowerPoint), Pocket Outlook (Calendar, Contacts, Inbox and Tasks) and Pocket Internet Explorer, but Microsoft also included Calculator, InkWriter (not too useful on the z50 without a touch screen), Microsoft Voice Recorder, World Clock, ActiveSync (a la Palm HotSync), PC Link (direct connect, not networked), Remote Networking, Terminal (serial port and modem), Windows Explorer and, of course, Solitaire. IBM additionally licensed and included some of bSquare’s software suite, including bFAX Pro for sending and receiving faxes with the softmodem, bPRINT for printing and bUSEFUL Backup Plus for system backups, along with a battery calibrator and a Rapid Access quick configuration tool. There is also a CMD.EXE command shell, though it too is smaller and less functional than its desktop counterpart.

↫ Old Vintage Computing Research

Using especially these older versions of Windows CE is a wild experience, because you can clearly tell Microsoft was trying really hard to make it look and feel like ‘normal’ Windows, but as anyone who used Windows CE back then can attest, it was a rather poor imitation with a ton of weird limitations and design decisions borne from the limited hardware it was designed to run on. I absolutely adore the various incarnations of Windows CE and associated graphical shells it ran – especially the PocketPC days – but there’s no denying it always felt quite clunky.

Moving on, the second Old VCR article I’m covering today is more difficult for me to write about, since I am too young to have any experience with the 8 bit era – save for some experience with the MSX platform as a wee child – so I have no affinity for machines like the Commodore 64 and similar machines from that era. And, well, this article just so happens to be covering something called the Commodore HHC-4.

Once upon a time (and that time was Winter CES 1983), Commodore announced what was to be their one and only handheld computer, the Commodore HHC-4. It was never released and never seen again, at least not in that form. But it turns out that not only did the HHC-4 actually exist, it also wasn’t manufactured by Commodore — it was a Toshiba.

Like Superman had Clark Kent, the Commodore HHC-4 had a secret identity too: the Toshiba Pasopia Mini IHC-8000, the very first portable computer Toshiba ever made. And like Clark Kent was Superman with glasses, compare the real device to the Commodore marketing photo and you can see that it’s the very same machine modulo a plastic palette swap. Of course there’s more to the story than that.

↫ Old Vintage Computing Research

Of course, Kaiser hunted down an IHC-8000, and details his experiences with the little handheld, calculator-like machine. It turns out it’s most likely using some unspecified in-house Toshiba architecture, running at a few hundred kHz, and it’s apparently quite sluggish. It never made it to market in Commodore livery, most likely because of its abysmal performance. The amount of work required to make this little machine more capable and competitive probably couldn’t be recouped by its intended list price, Kaiser argues.

A brief history of Mac firmware

Firmware, software that’s intimately involved with hardware at a low level, has changed radically with each of the different processor architectures used in Macs.

↫ Howard Oakley

A quick but still detailed overview of the various approach to Mac firmware Apple has employed over the years, from the original 68k firmware and Mac OS ROMs, to the modern Apple M-specific approach.

What can Windows 10 users do once support ends in October 2025?

There’s a date looming on the horizon for the vast majority of Windows users. While Windows 11 has been out for a long time now, most Windows users are using Windows 10 – about 63% – while Windows 11 is used by only about 33% of Windows users. In October 2025, however, support for Windows 10 will end, leaving two-thirds of Windows users without the kind of updates they need to keep their system secure and running smoothly. Considering Microsoft is in a lot of hot water over its security practices once again lately, this must be a major headache for the company.

The core of the problem is that Windows 11 has a number of very strict hardware requirements that are mostly entirely arbitrary, and make it impossible for huge swaths of Windows 10 users to upgrade to Windows 11 even if they wanted to. And that is a problem in and of itself too: people don’t seem to like Windows 11 very much, and definitely prefer to stick to Windows 10 even if they can upgrade. It’s going to be quite difficult for Microsoft to convince those people to upgrade, which likely won’t happen until these people buy a new machine, which in turn in something that just isn’t necessary as often as it used to be.

That first group of users – the ones who want to upgrade, but can’t – do have unofficial options, a collection of hacks to jank Windows 11 into installing on unsupported hardware. This comes with a number of warnings from Microsoft, so you may wonder how much of a valid option this really is. Ars Technica has been running Windows 11 on some unsupported machines for a while, and concludes that while it’s problem-free in day-to-day use, there’s a big caveat you won’t notice until it’s time for a feature update. These won’t install without going through the same hacks you needed to use when you first installed Windows 11 and manually downloading the update in question.

This essentially means you’ll need to repeat the steps for doing a new unsupported Windows 11 install every time you want to upgrade. As we detail in our guide, that’s relatively simple if your PC has Secure Boot and a TPM but doesn’t have a supported processor. Make a simple registry tweak, download the Installation Assistant or an ISO file to run Setup from, and the Windows 11 installer will let you off with a warning and then proceed normally, leaving your files and apps in place.

Without Secure Boot or a TPM, though, installing these upgrades in place is more difficult. Trying to run an upgrade install from within Windows just means the system will yell at you about the things your PC is missing. Booting from a USB drive that has been doctored to overlook the requirements will help you do a clean install, but it will delete all your existing files and apps.

↫ Andrew Cunningham at Ars Technica

The only way around this that may work is yet another hack, which tricks the update into thinking it’s installing Windows Server, which seems to have less strict requirements. This way, you may be able to perform an upgrade from one Windows 11 version to the next without losing all your data and requiring a fresh installation. It’s one hell of a hack that no sane person should have to resort to, but it looks like it might be an inevitability for many.

October 2025 is going to be a slaughter for Windows users, and as such, I wouldn’t be surprised to see Microsoft postponing this date considerably to give the two-thirds of Windows users more time to move to Windows 11 through their regular hardware replacements cycles. I simply can’t imagine Microsoft leaving the vast majority of its Windows users completely unprotected.

Spare a thought for our Windows 10-using friends. They’re going to need it.

A deep dive into Linux’s new mseal syscall

If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we’ll explain what this syscall is, including how it’s different from prior memory protection schemes and how it works in the kernel to protect virtual memory. We’ll also describe the particular exploit scenarios that mseal helps stop in Linux userspace, such as stopping malicious permissions tampering and preventing memory unmapping attacks.

↫ Alan Cao

The goal of mseal is to, well, literally seal a part of memory and protect its contents from being tampered with. It makes regions of memory immutable so that while a program is running, its memory contents cannot be modified by malicious actors. This article goes into great detail about this new feature, explains how it works, and what it means for security in the Linux kernel.

Excellent light reading for the weekend.

Contractors training Amazon, Meta and Microsoft’s AI systems left without pay after Appen moves to new platform

One-third of payments to contractors training AI systems used by companies such as Amazon, Meta and Microsoft have not been paid on time after the Australian company Appen moved to a new worker management platform.

Appen employs 1 million contractors who speak more than 500 languages and are based in 200 countries. They work to label photographs, text, audio and other data to improve AI systems used by the large tech companies and have been referred to as “ghost workers” – the unseen human labour involved in training systems people use every day.

↫ Josh Taylor at The Guardian

It’s crazy that if you peel back the layers on top of a lot of tools and features sold to us as “artificial intelligence”, you’ll quite often find underpaid workers doing the labour technology companies are telling us are done by computers running machine learning algorithms. The fact that so many of them are either deeply underpaid or, as in this case, not even paid at all, while companies like Google, Apple, Microsoft, and OpenAI are raking in ungodly amounts of profits, is deeply disturbing. It’s deeply immoral on so many levels, and just adds to the uncomfortable feeling people have with “AI”.

Again I’d like to reiterate I’m not intrinsically opposed to the current crop of artificial intelligence tools – I just want these mega corporations to respect the rights of artists, and not use their works without permission to earn immense amounts of money. On top of that, I don’t think it should be legal for them to lie about how their tools really work under the hood, and the workers who really do the work claimed to be done by “AI” to be properly paid. Is any of that really too much to ask?

Fix these issues, and I’ll stop putting quotation marks around “AI”.

Microsoft improves Windows’ update experience, and announces support for MIDI 2.0 and a new audio driver for professionals

Windows 11, version 24H2 represents significant improvements to the already robust update foundation of Windows. With the latest version, you get reduced installation time, restart time, and central processing unit (CPU) usage for Windows monthly updates. Additionally, enhancements to the handling of feature updates further reduce download sizes for most endpoints by extending conditional downloads to include Microsoft Edge. Let’s take a closer look at these advancements.

↫ Steve DiAcetis at the Windows IT Pro Blog

Now this is the kind of stuff we want to see in new Windows releases. Updating Windows feels like a slow, archaic, and resource-intensive process, whereas on, say, my Fedora machines it’s such an effortless, lightweight process I barely even notice it’s happening. This is an area where Windows can make some huge strides that materially affect people – Windows updates are a meme – and it’s great to see Microsoft working on this instead of shoving more ads onto Windows users’ desktops.

In this case, Microsoft managed to reduce installation time, make reboots faster, and lower CPU and RAM usage through a variety of measures roughly falling in one of three groups: improved parallel processing, faster and optimised reading of update manifests, and more optimal use of available memory. We’re looking at some considerable improvements here, such as a 45% reduction in installation time, 15-25% less CPU usage, and more. Excellent work.

On a related note, at the Qualcomm Snapdragon Summit, Microsoft also unveiled a number of audio improvements for Windows on ARM that will eventually also make their way to Windows on x86. I’m not exactly an expert on audio, but from what I understand the Windows audio stack is robust and capable, and what Microsoft announced today will improve the stack even further. For instance, support for MIDI 2.0 is coming to Windows, with backwards compatibility for MIDI 1.0 devices and APIs, and Microsoft worked together with Yamaha and Qualcomm to develop a new USB Audio Class 2 Driver.

In the company’s blog post, Microsoft explains that the current USB Audio Class 2 driver in Windows is geared towards consumer audio applications, and doesn’t fulfill the needs of professional audio engineers. This current driver does not support the standard professional software has standardised on – ASIO – forcing people to download custom, third-party kernel drivers to get this functionality. That’s not great for anybody, and as such they’re working on a new driver.

The new driver will support the devices that our current USB Audio Class 2 driver supports, but will increase support for high-IO-count interfaces with an option for low-latency for musician scenarios. It will have an ASIO interface so all the existing DAWs on Windows can use it, and it will support the interface being used by Windows and the DAW application at the same time, like a few ASIO drivers do today. And, of course, it will handle power management events on the new CPUs.

↫ Pete Brown at the Dev Blogs

The code for this driver will be published as open source on GitHub, so that anyone still opting to make a specialised driver can use Microsoft’s code to see how things are done. That’s a great move, and one that I think we’ll be seeing more often from Microsoft. This is great news for audio professionals using Windows.