Today, we are introducing the next feature update to Windows 10, version 21H1. As people continue to rely on Windows more than ever to work, learn and have fun, we understand the importance of providing the best possible update experience to help people and organizations stay protected and productive. It is a responsibility we do not take lightly and why for the first time an H1 (first half of the calendar year) feature update release will be delivered in an optimized way using servicing technology, while continuing our semi-annual feature update cadence. In today’s blog I will cover details on how we plan to service the release, its scope, and next steps. Since I’ve lost track of the Windows release process and everything feels random and messy, I’m just going to say nothing at all.
If Microsoft had its way, Office 2021 probably wouldn’t be news at all—the Redmond giant would almost certainly prefer that everyone simply subscribe to Microsoft 365, pay a small monthly or annual fee, and get new features and fixes as they’re rolled out. For many if not most Office users, the subscription-based service is the most convenient way to get Office, even when they want to use it as locally installed software rather than doing their work in the browser and in the cloud. For the rest of us—and for those who don’t want to put up with the Byzantine procedures necessary to install Microsoft 365 apps on Remote Desktop Servers—there’s Office 2019 now, and there will be Office 2021 later this year. There will also be a new Office LTSC (Long Term Service Channel), which trades a 10 percent price hike for a guarantee of longer support periods… longer than the consumer version of Office 2021, that is. A new version of Microsoft Office used to be big news in the late ’90s and early 2000s. Now, with Office 365, LibreOffice, Google Docs, and several more than capable older standalone versions of Office, it feels like most people just don’t care anymore.
The KDE team has released Plasma 5.21, and this is one hell of a release. They’ve paid a lot of attention to presentation for this release, with visual improvements in both first and third party applications, including a new main menu (the old menu, as well as the basic cascading menu, are of course still available if you want them). On the application front, Plasma 5.21 introduces the System Monitor, a brand new resource and task manager that gives you all the information you’d ever need on your running system – and in true KDE fashion, it includes the ability to create your own personalised pages with just the information you need. Another big focus was Wayland: We have extensively refactored the compositing code in KWin and the changes should reduce latency throughout all compositing operations. We have also added a control in the compositing settings so you can choose whether you prefer lower latency or smoother animations. In addition, we have also added support for mixed-refresh-rate display setups on Wayland, e.g. you can have one screen refreshing at 144Hz and another at 60Hz, which is ideal for improving work-stations with multiple monitors. Preliminary support for multiple GPUs was also added on Wayland. There’s much more in this release, and I’m excited to try it out.
Go 1.16 has been released. The new embed package provides access to files embedded at compile time using the new //go:embed directive. Now it is easy to bundle supporting data files into your Go programs, making developing with Go even smoother. You can get started using the embed package documentation. Carl Johnson has also written a nice tutorial, “How to use Go embed”. Go 1.16 also adds macOS ARM64 support (also known as Apple silicon). Since Apple’s announcement of their new arm64 architecture, we have been working closely with them to ensure Go is fully supported; see our blog post “Go on ARM and Beyond” for more. More details can be found in the release notes.
Sailfish OS has moved into its fourth generation with the release of Sailfish OS 4.0.1 Koli. On a high-level Sailfish 4 includes several security and functionality updates, the long-awaited browser update, redesigned daily usage flow of key applications, as well as a rebooted developer experience. In particular we’re proud to boast full-scale OS-level Mobile Device Management (MDM) to enable easy and manageable end-to-end trusted corporate and governmental sector deployments. There are also a bunch of other new additions, including Android 9 app support, app sandboxing, and QR code scanning, along with improved notifications, events view, contact management and more.
VSI has made available OpenVMS V9.0-G for x86. This is the first x86 release of the year, and seventh overall, and it’s another good one with more functionality, VMware support, and a number of improvements. VSI also added five additional EAK testers (approaching 50 in all) and there may be a few more in the coming days. The porting process is progressing nicely.
Fortnite creator Epic Games has taken its fight against Apple to European Union antitrust regulators, escalating its dispute with the iPhone maker over its App Store payment system and control over app downloads. At this point I’m surprised it took them this long.
I normally deal with Linux machines. Linux is what I know and it’s what I’ve been using since I was in college. A friend of mine has been coaxing me into trying out FreeBSD, and I decided to try it out and see what it’s like. Here’s some details about my experience and what I’ve learned. Exactly what it says on the tin – and may I just say that the design and colour scheme of the website in question is extremely pleasant to the eyes.
Unikraft is a comprehensive toolchain and library operating system which builds highly specialized unikernels, software bundles that consist of a target application along with just the operating system primitives and libraries features it needs to run. Unikraft breaks the status quo of building unikernels manually, providing an automated toolchain that builds tailored unikernels that meet your (and your application’s) needs. We haven’t been paying a lot of attention to the concept of unikernels on OSNews, and I’m not sure why – possibly because they’re outside of the comfort one of a lot of people, including myself.
Last week, we mentioned that the extremely popular open source video player VLC is getting a brand-new interface in its upcoming 4.0 release, expected to debut later this year. VLC 4.0 isn’t ready for prime time use yet—but because the program is open source, adventurous users can grab nightly builds of it to take a peek at what’s coming. The screenshots we’re about to show come from the nightly build released last Friday—20210212-0431. VLC is an incredibly popular application, so any major user interface overhaul like this is sure to lead to a lot of bikeshedding.
Remember that story from two years ago, about how China had supposedly infiltrated the supply chain of Supermicro? The story was denied by American intelligence agencies and the CEOs of Apple and Amazon, but today, Bloomberg posted a follow-up piece with more sources, both anonymous and named, that the story was, in fact, real, and probably a lot bigger, too. The article lists several attacks that have taken place, all using hardware from Supermicro. Each of these distinct attacks had two things in common: China and Super Micro Computer Inc., a computer hardware maker in San Jose, California. They shared one other trait; U.S. spymasters discovered the manipulations but kept them largely secret as tthey tried to counter each one and learn more about China’s capabilities. Bloomberg is clearly sticking by and expanding its story, so this means it’s their and their sources’ word against that of giant corporations and American intelligence agencies, and we all know giant corporations and American intelligence agencies never lie. Right?
I recently came across SerenityOS when it was featured in hxp CTF and then on LiveOverflow’s YouTube channel. SerenityOS is an open source operating system written from scratch by Andreas Kling and now has a strong and active community behind it. If you’d like to learn a bit more about it then the recent CppCast episode is a good place to start, as well as all of the fantastic videos by Andreas Kling. Two of the recent videos were about writing exploits for a typed array bug in javascript, and a kernel bug in munmap. The videos were great to watch and got me thinking that it would be fun to try and find a couple of bugs that could be chained together to create a full chain exploit such as exploiting a browser bug to exploit a kernel bug to get root access. You don’t get articles like this very often – exploiting a small hobby operating system? Sure, why not.
This document proposes a mechanism for running unmodified Linux programs on Fuchsia. The programs are run in userspace process whose system interface is compatible with the Linux ABI. Rather than using the Linux kernel to implement this interface, we will implement the interface in a Fuchsia userspace program, called starnix. Largely, starnix will serve as a compatibility layer, translating requests from the Linux client program to the appropriate Fuchsia subsystem. Many of these subsystems will need to be elaborated in order to support all the functionality implied by the Linux system interface. As we expand the universe of software we wish to run on Fuchsia, we are encountering software that we wish to run on Fuchsia that we do not have the ability to recompile. For example, Android applications contain native code modules that have been compiled for Linux. In order to run this software on Fuchsia, we need to be able to run binaries without modifying them. Just more signs that Google has big plans for Fuchsia. With Google it’s always difficult to assess if they’ll go through with it, but I think they intend for Fuchsia to become the base operating system across Chrome OS, Android, their smart devices like Google Home, and everything else they might one day make. The project is too wide and deep to be anything else.
In the tests that matter, most noticeably the 3D rendering tests, we’re seeing a 3% speed-up on the Threadripper Pro compared to the regular Threadripper at the same memory frequency and sub-timings. The core frequencies were preferential on the 3990X, but the memory bandwidth of the 3995WX is obviously helping to a small degree, enough to pull ahead in our testing, along with the benefit of having access to 8x of the memory capacity as well as Pro features for proper enterprise-level administration. The downside of this comparison is the cost: the SEP difference is +$1500, or another 50%, for the Threadripper Pro 3995WX over the regular Threadripper 3990X. With this price increase, you’re not really paying +50% for the performance difference (ECC memory also costs a good amount), but the feature set. Threadripper Pro is aimed at the visual effects and rendering market, where holding 3D models in main memory is a key aspect of workflow speed as well as full-scene production. Alongside the memory capacity difference, having double the PCIe 4.0 lanes means more access to offload hardware or additional fast storage, also important tools in the visual effects space. Threadripper Pro falls very much into the bucket of ‘if you need it, this is the option to go for‘. AMD is entirely in a league of its own with these processors. I keep repeating it, but AMD’s comeback is one of the most remarkable stories in the history of technology.
Suing technology firms when they mess up is already hard, especially over privacy violations. Now, Facebook, Google, and the trade groups representing all the big tech firms are asking the Supreme Court to make it even harder for class actions to pursue cases against them. Facebook, Google, and all the others submitted a filing (PDF) to the Supreme Court this week basically arguing that if you cannot prove the specific extent to which their screwup injured you, you should not have any grounds to be part of a lawsuit against them. They are already pretty much invulnerable, but of course, they want even more protections than their sheer size, wealth, influence, and monopoly positions already give them. How surprising.
The beta for the upcoming 5.21 release of the KWinFT projects is now available. It contains a monumental rewrite of KWinFT’s windowing logic. Read on for an overview of the changes and why this rewrite was necessary. KWinFT is such a poster child for open source development. Someone wasn’t happy with KWin, a core aspect of their desktop, and put their money where their mouth is and forked it into something that they think is better. I wouldn’t be surprised to see parts of KWinFT, or even the project as a whole, make its way to become KDE’s default window manager.
There are well documented security flaws in GSM, and publicly available tools to exploit them. At the same time, it has become considerably cheaper and easier to analyze GSM traffic over the past few years. Open source tools such as gr-gsm have matured, and the community has developed methods for capturing the GSM spectrum without the need for expensive SDR radios. With less than $100 and a weekend it’s possible to capture and analyze GSM traffic. With some extra effort it’s possible to decrypt your own traffic, and depending on how your mobile provider has set up their network it may even be possible for somebody else to illegally decrypt traffic they don’t own. GSM is terrifying.
hello (also known as helloSystem) is a desktop system for creators with focus on simplicity, elegance, and usability. Its design follows the “Less, but better” philosophy. It is intended as a system for “mere mortals”, welcoming to switchers from the Mac. FreeBSD is used as the core operating system. With PC-BSD gone, it’s nice to see others step in to fill the void. This particular project was founded by Simon Peter, who also started AppImage and PureDarwin, so there’s quite a bit of pedigree here. It’s still in development and not yet ready for general use.
You think you can escape my ire today, Google? You’re no better than Apple. Case in point: Google is in hot water after banning the Google account of Andrew Spinks, the lead developer of the hit indie game Terraria. The YouTube account of Spinks’ game dev company, Re-Logic, was hit with some kind of terms-of-service violation, resulting in Google banning Spinks’ entire Google account, greatly disrupting his company’s ability to do business. After three fruitless weeks of trying to get the situation fixed, Spinks announced that his company will no longer do business with Google and that the upcoming Stadia version of Terraria is canceled. “I will not be involved with a corporation that values their customers and partners so little,” Spinks said. “Doing business with you is a liability.” This is, sadly, a very common occurrence. Google has a long history of blocking accounts for no reason at all, without giving the affected people any recourse since the company effectively has no customer service department. These cases can be absolutely devastating, causing people to lose photos, emails, access to their business financials, and god knows what else. We at OSNews use what was once called Google Apps for Your Domain (launched in 2006), only for us to be grandfathered into GSuite, which is now called Workplaces, which has led to a lot of frustration for me since GSuite accounts are locked out of a ton of Google services for no particular reason, and there’s no way to convert an existing Google account from one type to another. We were never asked if we wanted to be converted to the much more limited GSuite accounts. Google just did it. In any event, I have been pondering if we should switch to something else, but it’d be a lot of work I’d be putting on the plate of someone else – OSNews’ owner.
Mobile app developer Kosta Eleftheriou has a new calling that goes beyond software development: taking on what he sees as a rampant scam problem ruining the integrity of Apple’s App Store. Eleftheriou, who created the successful Apple Watch keyboard app FlickType, has for the last two weeks been publicly criticizing Apple for lax enforcement of its App Store rules that have allowed scam apps, as well as apps that clone popular software from other developers, to run rampant. These apps enjoy top billing in the iPhone marketplace, all thanks to glowing reviews and sterling five-star ratings that are largely fabricated, he says. I’ve been saying it for ten years: the application store model is fundamentally broken, because the owner of the application store benefits from people gaming and cheating the system. In this case, Apple profits from every scam application or subscription sold, and since the App Store constitutes a huge part of Apple’s all-important services revenue, Apple has no incentive to really tackle issues like this. Here’s what going to happen, based on my immutable pattern recognition skills: there will be more press outcry over this developer’s specific issue until Apple eventually sends out a public apology statement and sort-of addresses this specific issue. American tech media – which are deeply embedded in Apple’s ecosystem and depend on being in Apple’s good graces – will praise Apple’s response, and claim the situation has been resolved. Their next batch of review units and press invites from Apple are on their way. And a few weeks or months later, another developer suffers from the same or similar issues, rinse, repeat. The problem is not individual App Store rules or App Store reviewers having a bad day – the paradigm itself is fundamentally broken, and until the tech industry and us as users come to terms with that, these repetitive stories will keep popping up, faux press outrage and all.
Submitted by 
Submitted by