ActiveX is a powerful technology that enables rich interactions within Microsoft 365 applications, but its deep access to system resources also increases security risks.

Starting this month, the Windows versions of Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Visio will have a new default configuration for ActiveX controls: Disable all controls without notification.

↫ Zaeem Patel at the Microsoft 365 Insider Blog

Be honest: did any of you know ActiveX was still a thing? Heck, when was the last time you even thought of ActiveX? This technology acted a replacement for Windows’ COM and OLE 2.0, and was used to make controls in a whole slew of Microsoft applications. ActiveX controls from one application could also be embedded into another, like showing a toolbar from Word inside an image editor.

ActiveX has several major downsides, the two biggest of which are its relative lack of portability, and most of all, its atrocious security record. I’m genuinely surprised it’s taken them this long to actively, fully disable the technology by default.

A decade ago, I published a book on privacy “Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance.” In the book, and since then, in articles and speeches, I have been dispensing advice to people on how to protect their privacy. But my advice did not envision the moment we are in – where the government would collaborate with a tech CEO to strip-mine all of our data from government databases and use it to pursue political enemies.

In the parlance of cybersecurity, I had the wrong “threat model,” which is a fancy way of describing the risks I was seeking to mitigate. I had not considered that the United States might be swept into the rising tide of what scholars call “competitive authoritarianism” – authoritarian regimes that retain some of the trappings of democracy, such as elections, but use the power of the state to crush any meaningful dissent.

↫ Julia Angwin

Democracy is not nearly as much of a given as many people think, and in this day and age, where massive amounts of Americans’ data and personal information are collected and stored by the very corporations supporting the Trump regime, Americans have to think very differently about where digital threats actually come from.

Nothing protects any American – or anyone visiting America – from ending up in an El Salvadorian concentration camp. Plan accordingly.

CISA says the U.S. government has extended MITRE’s funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.

[…]

The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE and CWE programs was set to expire today, April 16, potentially leading to widespread disruption across the cybersecurity industry.

↫ Sergiu Gatlan at BleepingComputer

Elect clowns, live in a circus.

As some of you may have noticed, we’ve been having some issues with captchas. The powers that be – which isn’t me, I don’t know anything about web development – are looking into it, and once we’ve pinpointed the problem we’ll get it fixed. It’s annoying us too, so we want this resolved as quickly as possible. OSNews readers just trying to visit the site to read some tech stuff should not be subjected to selecting squares with buses or crosswalks.

Our apologies for the annoyance, and I’ll update this post once the issue’s been resolved.

EXWM (Emacs X Window Manager) is a full-featured tiling X window manager for Emacs built on top of XELB.

↫ exwm GitHub page

It supports both tiling and stacking windows, dynamic workspaces, RandR, a system tray, and a lot more. XELB stands for X protocol Emacs Lisp Binding, and it’s a “pure Elisp implementation of X11 protocol based on the XML description files from XCB project”.

Isaac Marovitz, the developer of Whiskey, a frontend for Apple’s Game Porting Toolkit and Wine, has decided to throw in the towel. The developer is advising users to buy CrossOver instead, which provides the same service. The reasoning behind their decision seems sound, and are actually quite noble and considerate.

First and foremost, it’s the usual problem lone developers run into: they lost interest in the project, and to make matters worse, they’re only a student and simply lack the time to keep working on a project they’re simply not really into anymore. Running a complicated project like this on your own, unpaid, while also having to study is hard at the best of times, and if you’re also not interested in it anymore it quickly becomes a massive burden.

The second reason is that originally, Whiskey was just supposed to be a frontend for Wine on the Mac, without actually making any changes to Wine itself. The release of Apple’s Game Porting Toolkit changed the game, though, and all of a sudden Whiskey ended up shipping not just a nice frontend, but also custom versions of Wine. Marovitz states he doesn’t have the required knowledge and expertise to work on Wine, and as such, can’t contribute back to Wine and CrossOver, which feels bad.

By contrast, Whisky is based on CrossOver, but we don’t produce any bespoke fixes. I, quite frankly, do not have the requisite skills or time to do so. As a result, the amount that Whisky as a whole contributes to Wine is practically zero. This is not a fair trade, and continuing this parasitic relationship could easily harm CrossOver’s continued profitability and the existence of Wine on Mac as a whole.

↫ Isaac Marovitz

Wine, of course, has a ton of funding behind it these days, especially from Valve, but Valve’s interest lies solely and exclusively on Linux. While all of Valve’s funds and the work of Wine developers does benefit the Mac, much of the Wine on Mac work is done by CrossOver. I find it incredibly honest and respectful of Marovitz to make it clear he doesn’t want to leech off other people’s work without providing anything in return.

So, Whiskey is no more, but for the few Mac users who want to play Windows games on their Mac, CrossOver exists as a refuge that should work just fine.

The effort to ensure that open-source software is reproducible has been gathering steam over the years, and gaining traction with major Linux distributions. Debian, for example, has been working toward reproducible builds for more than a decade; it can now produce official live CDs of the current stable release that are reproducible. Fedora started on the path much later, but it has progressed far enough that the project is now considering a change proposal for the Fedora 43 development cycle, expected to be released in October, with a goal of making 99% of Fedora’s package builds reproducible. So far, reaction to the proposal seems favorable and focused primarily on how to achieve the goal—with minimal pain for packagers—rather than whether to attempt it.

↫ Joe Brockmeier at LWN.net

In the case of individual packages, reproducibility means that if you set up a build environment at home according to Fedora’s specifications, you can create an exact, bit-by-bit identical copy of a package. This is important because it can help detect and guard against supply chain attacks like the infamous xz backdoor attempt that was thwarted only by mere luck.

As the LWN article notes, however, it’s impossible for Fedora to achieve the original “bit-by-bit” part of the definition because of how RPMs are built. RPMs include the signature inside the RPM, and a few other metadata bits are problematic as well. The actual contents of an RPM – the thing you actually install, run, and use – meet the definition of “bit-by-bit”, though. By this point, Fedora has pretty much done all it can through its own infrastructure when it comes to reproducibility, which has brought the project to 90% of packages being reproducible.

It’s going to be up to the individual package maintainers and software developers to get to the desired goal of 99% by Fedora 43, though. To ensure package maintainers take this issue seriously, a change proposal has been proposed to treat reproducibility issues as bugs, with a degree of wiggle room for now (think should instead of must). It’s only a proposal for now, but it’s looking like it will make it.

The excellent – as always – LWN article has a lot more detail about both the proposes changes as well as the various points of view.

Yep. I regret to inform you all that, as of January 2025, I am a Mac user: I bought a Mac. I have betrayed the penguin.

[…]

So, how did such an icon of early 2000s Apple fall into my grubby hands? Well, it all started with the Wii U. I’m not joking.

↫ Loganius

That’s one heck of an excuse to get a PowerPC G4 – needing to do Linux kvm hacking to fix a bug. While getting the PowerMac G4 they bought all set up and working properly for development purposes, someone else fixed the bug in question in the meantime. Such is the way of open source development.

Regardless, as far as classic computers go, PowerPC Macs are a great way to enter the wider hobby of retrocomputing. They’re widely available, incredibly cheap, and offer a ton of variety when it comes to supported operating systems, working with everything from classic Mac OS to Mac OS X, from Linux to the BSDs, down to more exotic awesome stuff like MorphOS. Their popularity also ensures a steady stream of replacement parts, expertise, and community support.

I have a 1.25Ghz 17″ PowerBook G4 for MorphOS, and a snow white iBook G3 for Mac OS 9.2.2, and I’ll never get rid of them.

Over 15 years ago, I wrote about the launch of a Paint.NET clone for Linux, called Pinta, written in GTK. That was merely version 0.1, and over time, it’s become somewhat of a staple for many Linux users. The project just released version 3, which is a major revision, moving the application over to GTK4 and Libadwaita.

Built on the robust GTK 4 toolkit and the sleek Libadwaita, Pinta 3.0 brings a redesigned user interface that’s faster, more responsive, and more efficient than ever. Linux users will also benefit from improved system utility integration. On top of all this, new effects and the return of add-ins—previously disabled due to technical constraints—promise to bring even more creative possibilities.

↫ Pinta 3.0 release announcement

Aside from the new user interface and return of add-ins, virtually every aspect of the application seems to have been touched in one way or another. We’ve got improved performance for both the UI and the application’s functionality, better gesture and touch support, redesigned and adaptive toolboxes, improved keyboard support, new effects, and much, much more. Like its original inspiration Paint.NET, Pinta sits between a basic image editor like Microsoft Paint and much more advanced tools like Photoshop and GIMP, and it seems this new release sticks to that position in the market.

You can download Pinta 3.0 for Linux, Windows, and macOS, and it will surely find its way to your distribution’s repository soon enough.

One thing I love about Python is how it comes with its very own built-in zen. In moments of tribulations, when I am wrestling with crooked code and tangled thoughts, I often find solace in its timeless wisdom.

↫ Susam Pal

I can’t program and know nothing about Python, but this still made me laugh.

Yesterday we had SDL2 for the classic Mac OS, today we have modern SSL/TLS for the classic Mac OS.

This is a C89/C90 port of MbedTLS for Mac System 7/8/9. It works, and compiles under Metrowerks Codewarrior Pro 4.

This is a basic app that performs a GET request on whatever is in api.h, and prints the result out to the text box (with a lot of debug information, of course). The idea of this project was to build an ‘app’ of sorts for 640by480, my ‘instagram clone for vintage digital cameras’. The idea would be to login, post images, view images, and read comments. I would need HTTPS for that, so here we are: a port of MbedTLS for the classic mac.

↫ MacSSL GitHub page

It’s remarkable what tenacity can achieve.

I’ve long lost the ability to keep track of whatever’s happening in the Amiga community, and personally I tend to just focus on tracking MorphOS and AROS as best I can. The remnants of the real AmigaOS, and especially who owns, maintains, and develops which version, are mired in legal battles and ownership limbo, and since I can think of about a trillion things I’d rather do than keep track of the interpersonal drama by reading various Amiga forums, I honestly didn’t even realise there’s been a development in the Hyperion Entertainment situation.

Hyperion Entertainment is the Belgian company who has been developing both AmigaOS 4 and 3.1/3.2 for a while now, but the company’s largest shareholder, Ben Hermans BV, went bankrupt, causing its shares to be annulled as prescribed under Belgian law. This happened well over a decade ago, but only earlier this year, in January, was the situation resolved for Hyperion: a new director, Timothy De Groote, was appointed by the remaining shareholders, who also instructed Hyperion to continue development of Amiga OS.

In addition, a few days ago, Hyperion released Update 3 for AmigaOS 3.2, adding a bunch of fixes and improvements to AmigaOS 3.2.2. It brings various updates to ReAction classes, a new custom menu for TextEditor users can customise with macros, a new KickStart 3.2.3 ROM, and many more smaller updates and fixes. The update is free for existing users. AmigaOS 3.2 is available for classic Amigas.

This month’s security updates for Windows 11 create a new empty folder on drive C. It is called “inetpub,” and it does not contain any extra folders or files. Its properties window shows 0 bytes in size and that it was created by the system itself. Neowin checked a bunch of Windows 11 PCs with the April 2025 security updates installed, and all of them had inetpub on drive C.

↫ Taras Buria at Neowin

So this folder, inetpub, is most likely coming from Microsoft’s Internet Information Services, the company’s web server. IIS is part of Windows, but inactive by default, and it seems some buggy update script somewhere forgot to remove the folder or created it by accident. Regardless, it seems you can remove it without any issue, so if you see it on your Windows’ root drive, just delete it any be on your merry way.

Still though, something about this seems odd, right? Internet Information Services as a core product hasn’t been updated since 2018 when version 10 came out, which doesn’t necessarily mean specific Windows updates might not have changed it since then, but it doesn’t exactly inspire confidence. The Internet Information Services’ website also hasn’t been updated in ages, and is broken in places, further adding to the feeling IIS seems to be mostly abandoned, only kept going as part of Windows updates because it’s, well, part of Windows.

I’m not trying to insinuate there’s anything nefarious or dangerous going on with this silly folder glitch or anything; I was just surprised to see such an outdated, seemingly abandoned web server suite still being a default part of Windows today.

IBM today announced the IBM z17, the next generation of the company’s iconic mainframe, fully engineered with AI capabilities across hardware, software, and systems operations. Powered by the new IBM Telum II processor, IBM z17 expands the system’s capabilities beyond transactional AI capabilities to enable new workloads.

↫ IBM z17 press release

Alongside this brand new behemoth of a computer, IBM also announced z/OS 3.2, the next version of its mainframe operating system, which brings with it even more “AI” buzzwords and features. z/OS 3.2 is slated for release later in 2025. It it is highly unlikely any one of us will ever get to interact with any of this hardware or software.