Memory safe languages in Android 13

In Android 13, about 21% of all new native code (C/C++/Rust) is in Rust. There are approximately 1.5 million total lines of Rust code in AOSP across new functionality and components such as Keystore2, the new Ultra-wideband (UWB) stack, DNS-over-HTTP3, Android’s Virtualization framework (AVF), and various other components and their open source dependencies. These are low-level components that require a systems language which otherwise would have been implemented in C++.

[…]

To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code.

We don’t expect that number to stay zero forever, but given the volume of new Rust code across two Android releases, and the security-sensitive components where it’s being used, it’s a significant result. It demonstrates that Rust is fulfilling its intended purpose of preventing Android’s most common source of vulnerabilities. Historical vulnerability density is greater than 1/kLOC (1 vulnerability per thousand lines of code) in many of Android’s C/C++ components (e.g. media, Bluetooth, NFC, etc). Based on this historical vulnerability density, it’s likely that using Rust has already prevented hundreds of vulnerabilities from reaching production.

These numbers don’t lie.

Secure Boot: this is not the protection we are looking for

So there you have it: recommending idly Secure Boot for all systems requiring intermediate security level accomplishes nothing, except maybe giving more work to system administrators that are recompiling their kernel, while offering exactly no measurable security against many threats if UEFI Administrative password and MOK Manager passwords are not set. This is especially true for laptop systems where physical access cannot be prevented for obvious reasons. For servers in colocation, the risk of physical access is not null. And finally for many servers, the risk of a rogue employee somewhere in the supply chain, or the maintenance chain cannot be easily ruled out.

The author makes a compelling case, but my knowledge on this topic is too limited to confidently present this article as a good one. I’ll leave it to those among us with more experience on this subject to shoot holes in the article, or to affirm it.

Used thin client PCs are an unsexy, readily available Raspberry Pi alternative

“Raspberry Pi boards are hard to get, probably also next year,” says Andreas Spiess, single-board enthusiast and YouTuber, in his distinctive Swiss accent. He’s not wrong. Spiess says he and his fellow Pi devotees need “a strategy to survive” without new boards, so he suggests looking in one of the least captivating, most overlooked areas of computing: used, corporate-minded thin client PCs.

Spiess’ Pi replacements, suggested and refined by many of his YouTube commenters and Patreon subscribers, are Fujitsu Futros, Lenovo ThinkCentres, and other small systems (some or all of which could be semantically considered “thick clients” or simply “mini PCs,” depending on your tastes and retro-grouch sensibilities). They’re the kind of systems you can easily find used on eBay, refurbished on Amazon Renewed, or through other enterprise and IT asset disposition sources. They’re typically in good shape, given their use and environment. And compared to single-board enthusiast systems, many more are being made and replaced each year.

A project I want to undertake is set up an UltraSPARC machine, and then tie several Sun Rays to them. I also want to mess around with using Linux as the host for several thin clients – they’re so cheap, and it seems like they’re really fun to mess around with.

Tales of the M1 GPU

There is still a long road ahead! The UAPI that we are using right now is still a prototype, and there are a lot of new features that need to be added or redesigned in order to support a full Vulkan driver in the future. Since Linux mandates that the UAPI needs to remain stable and backwards compatible across versions (unlike macOS), that means that the kernel driver will not be heading upstream for many months, until we have a more complete understanding of the GPU rendering parameters and have implemented all the new design features needed by Vulkan. The current UAPI also has performance limitations… it can’t even run GPU rendering concurrently with CPU processing yet!

And of course there is still a lot of work to do on the userspace side, improving conformance and performance and adding support for more GL extensions and features! Some features like tesselation and geometry shaders are very tricky to implement (since they need to be partially or fully emulated), so don’t expect full OpenGL 3.2+ for quite a long time.

This article is a detailed look at the work done by Asahi Lina to create a Linux GPU driver for Apple’s M1, after Alyssa Rosenzweig reverse engineered the M1 GPU on macOS. This is a tour de force of excellence, and every current and future M1/M2 Linux user should be thankful for the amazing work these people are doing.

Ubuntu Touch OTA-24 released for Ubuntu Phone users

Highlights of this release include initial gesture support with double-tap to wake for selected devices, improvements to fingerprint unlock by allowing more backoff time between read retries, as well as support for media buttons on headsets for most Ubuntu Phone devices.

In addition, the Ubuntu Touch OTA-24 update adds support for handling the sms:// URL scheme for properly opening the Messaging app, adds Full HD 1080p support to the Aethercast implementation, improves SMS and MMS support, and adds various performance tweaks to the Mir-Android-Platform.

I’m kind of surprised the current releases are still based on Ubuntu 16.04 – that’s quite an old release. They are working on upgrading the base to 20.04, and the switchover should happen relatively soon.

The Internet Archive just put 565 Palm Pilot apps in your web browser

Yes, I am playing Dope Wars on a Palm Pilot inside my iPhone. It’s thanks to The Internet Archive, which is once again launching a giant collection of software you can instantly play on any web browser, up to and including your touchscreen-equipped phone. There are currently 565 classic Palm apps in all, including games, widgets, and even free trials from both the greyscale and color eras.

This is probably the easiest way to experience Palm OS applications now. I will still opt for any of my dozen or so real devices, but having so many applications safe and sound on the Archive is amazingly awesome.

Mac OS 9 on an unmodified Wii

Via Hackaday:

We’re used to the so-called “Hackintoshes”, non-Apple hardware running MacOS. One we featured recently was even built into the case of a Nintendo Wii. But Dandu has gone one better than that, by running MacOS on an unmodified Wii, original Nintendo hardware (French, Google Translate link).

How has this seemingly impossible task been achieved? Seasoned Mac enthusiasts will remember the days when Apple machines used PowerPC processors, and the Wii uses a PowerPC chip that’s a close cousin of those used in the Mac G3 series of computers. Since the Wii can run a Linux-based OS, it can therefore run Mac-on-Linux, providing in theory an environment in which it can host one of the PowerPC versions of MacOS.

So it’s not really running MacOS 9.2.2 directly on the hardware, but it’s close enough. Impressive work.

Apple is becoming an ad company despite privacy claims

Apple currently brings in roughly $4 billion from advertising and is forecasted to bring in as much as $30 billion by 2026. While these amounts are an order of magnitude smaller than the $210 billion Google made from its ad services, they represent a change in philosophy for Apple, which only earned around $300 million for ads in 2017.

This new emphasis on advertising also undermines Apple’s claims about privacy with its App Tracking Transparency (ATT) feature and its “Privacy. That’s iPhone” ad campaign. In fact, it appears ATT may have been more about blocking competitors than protecting user privacy. Since Apple introduced ATT, its ad revenue has skyrocketed, leading German regulators to investigate Apple to see if it’s abusing its power.

Apple has one of the most valuable repositories of credit card information and user behaviour data in the world, and after years of sanctimonious lying about how much they care about privacy, all bets are off now. iOs is already infested with ads, and it’s only going to get worse.

It’s not like you’re going to switch platforms anyway at this point.

MusicStudio: a Music/SFX editor for Commodore 64

Music Studio is a Windows-based SID music creator software. For an accurate C64 sound, it utilises the newest RESID-FP emulation available, both old (6581) and new (8580) SID chips. MS2 is capable of creating 1x speed tunes and many SID chip parameters can be edited directly using the various commands. Classic and new C64 sounds can be created with envelope parameters that can be set up in few simple steps.

While I’m sure purists will greatly prefer real hardware, the cold and harsh truth is that the number of real, authentic Commodore 64 models is slowly running out, and there’s only so many Adrian Blacks in the world capable of repairing the few that can actually be repaired. Emulation – even for specific features of the C64 such as its sound capabilities – will make the C64 immortal.

Intel officially introduces pay-as-you-go chip licensing

Intel has officially revealed its Intel On Demand program (opens in new tab) that will activate select accelerators and features of the company’s upcoming Xeon Scalable Sapphire Rapids processor. The new pay-as-you-go program will allow Intel to reduce the number of SKUs it ships while still capitalizing on the technologies it has to offer. Furthermore, its clients will be able to upgrade their machines without replacing actual hardware or offering additional services to their clients.

Intel’s upcoming Intel’s 4th Generation Xeon Scalable Sapphire Rapids processors are equipped with various special-purpose accelerators and security technologies that all customers do not need at all times. To offer such end-users additional flexibility regarding investments, Intel will deliver them to buy its CPUs with those capabilities disabled but turn them on if they are needed at some point. The Software Defined Silicon (SDSi) technology will also allow Intel to sell fewer CPU models and then enable its clients or partners to activate certain features if needed (to use them on-prem or offer them as a service).

On the one hand, in a perfect world where people and companies are fair, this seems like a great idea – it allows you to buy one processor (or, in the datacentre case, one batch of processors) and then unlock additional features and capabilities as your needs change. Sadly, the world is not perfect and people and companies are not fair, so this is going be ripe for abuse.

We all know it.

Redox OS 0.8.0 released

We have a lot to show since the 0.7.0 release! This release, care has been taken to ensure real hardware is working, i686 support has been added, features like audio and preliminary multi-display support have been enabled, and the boot and install infrastructure has been simplified and made more robust. I highly recommend skimming through the changes listed below before jumping into the images, if you want more details. It is also recommended to read through the Redox OS book if you want more information on how to build and use Redox OS.

Redox OS is written in Rust, and created and maintained by System76 Principal Engineer Jeremy Soller. There’s a ton of changes in this release – far too many to list here – and while native installation is possible, there’s always going to be struggles with hardware support for any alternative operating system.

Atlas: third party Windows ISO for gaming

Atlas is a Windows version designed for gamers. Atlas users can enjoy higher framerate, lowered input delay & latency. Great for people on a low-end system, or high-end gaming machine.

I had no idea people still did this – create custom versions of Windows ISOs and try to pawn them off as something special. The legality of this is more than dubious, of course, and you can probably achieve the same results with some of the countless scripts that are out there that also remove services, telemetry and pointless applications.

The Windows Subsystem for Linux in the Microsoft Store is now generally available on Windows 10 and 11

Today the Windows Subsystem for Linux (WSL) in the Microsoft Store is dropping its “Preview” label and becomes generally available with our latest release! We are also making the Store version of WSL the default for new users who run wsl --install and easily upgradeable by running wsl --update for existing users. Using the Store version of WSL allows you to get updates to WSL much faster compared to when it was a Windows component.

In response to the WSL community’s requests, WSL in the Store will now also be available on Windows 10 in addition to Windows 11. So, Windows 10 users will also be able to enjoy all of the latest features for WSL including systemd and Linux GUI app support!

I obviously have no hard data on this, but I feel like WSL is actually quite popular among developers, as it gives Windows users easy access to a very popular tool chain and development platform. I don’t know just how transferable knowledge and experience gained through WSL is to “real” Linux, but it seems close enough.

Improving Firefox on Windows stability with this one weird trick

The first computer I owned shipped with 128 KiB of RAM and to this day I’m still jarred by the idea that applications can run out of memory given that even 15-year-old machines often shipped with 4 GiB of memory. And yet it’s one of the most common causes of instability experienced by users and in the case of Firefox the biggest source of crashes on Windows.

A detailed technical explanation of why Windows’s memory management – and only Windows’s – is causing so many crashes for Firefox, as well as a solution they found to address the problem.

Asahi Linux November 2022 progress report

Time for another overdue progress report! This month’s update is packed with new hardware support, new features, and fixes for longstanding pain points, as well as a new bleeding-edge kernel branch with long-awaited support for suspend and the display controller!

Asahi Linux is the project bringing Linux to Apple’s M1 and M2 platform, and they continue to make great strides. I’m still skeptical about how wise it is to buy expensive hardware you have zero control over to run an operating system not explicitly endorsed, but y’all are smart enough to make those calls on your own.

DOS/4GW and Protected Mode

We’ll start our conversation by saying that DOS/4GW is a DOS extender. That means DOS/4GW is a program responsible for adding some useful stuff on top of the vanilla DOS kernel you have installed on your system. And look, I know this does not really answer anything yet, but we’ll get there.

Let’s begin our journey trying to understand why DOS needs extending in the first place.

I definitely remember seeing DOS/4GW a lot when playing MS-DOS games back in the ’90s, but I had entirely forgotten about it. This article is from 2021, and explains what it is, and why it was needed.