Solène Rapenne, who writes a lot about and contributes to operating systems like OpenBSD and Qubes OS, has published a primer about what, exactly, Qubes OS is. I like to call Qubes OS a meta operating system, because it is not a Linux / BSD / Windows based OS: its core is Xen (some kind of virtualization enabled kernel). Not only it’s Xen based, but by design it is meant to run virtual machines, hence the name “meta operating system” which is an OS meant to run many OSes make sense to me. ↫ Solène Rapenne Rapenne explains the various ways in which isolated virtual machines are used in Qubes OS, and it’s easy to see just how secure Qubes OS’ way of doing things is. At the same time, it seems quite cumbersome to me as a regular user, and I don’t think I’m up for dealing with all of that. If you do security research, handle private or classified data, are a whistleblower or an investigative journalist, thoug, Qubes seems like a natural choice. Interesting to note is that Rapenne used to use OpenBSD for her security work, but moved to Qubes OS because its virtual machine infrastructure is far more robust, and hardware support is better, as well.
In October 1997 you could have bought a PowerBook 3400c running up to a 240MHz PowerPC 603e for $6500 , which was briefly billed as the world’s fastest laptop, or you could have bought this monster new to the market, the RDI PrecisionBook running up to a 160MHz (later 180MHz) PA-7300LC starting at $12,000 . Both provided onboard Ethernet, SCSI and CardBus PCMCIA slots. On the other hand, while the 3400c had an internal media bay for either a floppy or CD-ROM, both external options on the PrecisionBook, the PrecisionBook gave you a 1024×768 LCD (versus 800×600 on the 3400c), a bigger keyboard, at least two 2.5″ hard disk bays and up to 512MB of RAM (versus 144MB) — and HP-UX. And, through the magic of Apple’s official Macintosh Application Environment, you could do anything on it an HP PA-RISC workstation could do and run 68K Mac software on it at the same time. Look at the photograph and see: on our 160MHz unit we’ve got HP-UX 11.00 CDE running simultaneously with a full Macintosh System 7.5.3 desktop. Yes, only a real Power Mac could run PowerPC software back then, but 68K software was still plentiful and functional. Might this have been a viable option to have your expensive cake and eat it too? We’ll find out and run some real apps on it (including that game we must all try running), analyze its performance and technical underpinnings, and uncover an unusual artifact of its history hidden in the executable. ↫ Cameron Kaiser at Old Vintage Computing Research I actually have Apple’s Macintosh Application Environment installed and running on my PA-RISC machines, and it’s incredible just how well-made and complete it really is. You get a full Mac desktop and its applications, excellent integration with the host, file sharing between host and client, and so much more. Running it on newer versions of HP-UX than it was originally intended for does lead to the odd issue here and there, but due to HP-UX’ excellent backwards compatibility, it all just works. It has created this odd situation that my 2004 HP c8000 machine, with two of the fastest dual-core PA-RISC processors ever made, will most likely be the fastest machine I’ll ever officially run classic Mac OS on. Sure, you can use other emulators not created and blessed by Apple and run classic Mac OS on much faster hardware, but if you want to stick to official, supported methods of running the classic Mac OS, it doesn’t get much faster than this.
Guest post by Morgan
2025-08-03
Internet
AWS: Not even once. This prominent Ruby developer lost his entire test environment – which, ironically, was pivotal to AWS’ own infrastructure – because of a rogue team within AWS itself that apparently answers to no one and worked hard to cover up a dumb mistake. On July 23, 2025, AWS deleted my 10-year-old account and every byte of data I had stored with them. No warning. No grace period. No recovery options. Just complete digital annihilation. This is the story of a catastrophic internal mistake at AWS MENA, a 20-day support nightmare where I couldn’t get a straight answer to “Does my data still exist?”, and what it reveals about trusting cloud providers with your data. ↫ Abdelkader Boudih Nightmare scenario doesn’t even begin to describe what happened here.
Security isn’t exactly a strong point of X11, and improving it is one of the main reasons why Wayland is such a vast improvement over X11. Just one of the many examples of X11 being inherently insecure is that keyloggers are entirely trivial on X11, because keylogger functionality is effectively built into it. Of course, this isn’t exactly news, and as Peter Hofmann details, there is an old X11 extension that adds somewhat rudimentary security to X11: the X11 SECURITY extension. This extension is part of every X.org installation, but it hasn’t seen any meaningful work in a long, long time. What it does is allow you to do is set X11 clients as “trusted” and “untrusted”, where untrusted clients cannot interact with tusted ones. This provides some basic security – it actually prevents keylogging! – but only very basic, as Hoffman notes: The thing is that it’s immediately clear that this extension — in its current state — is not the answer to “X11 is insecure”: You only have two classes, trusted and untrusted. That’s not enough. For example: When you run your browser as untrusted, you can’t simultaneously run some sandboxed program (Snap, Flatpak, …) in a meaningful way, because those two clients can spy on each other again. You want a proper per-client isolation instead. Sandboxing plays an important role here. If you run programs “the traditional way” (i.e., full access to the filesystem and network), then an attacker can do all kinds of things and X11 keylogging is just one of a million concerns. ↫ Peter Hofmann but it also happens to break a lot of things, and many applications simply don’t work with it at all. Oddly enough, Firefox has no issues with it, and will happily run in untrusted mode. The biggest problem, however, is that untrusted clients only have access to exactly two other X11 extensions, which leads to a whole host of problems, like no scaling, broken keyboard layouts, no 3D acceleration, and so on. On top of all of that, it breaks clipboard functionality, as anything copied in an untrusted client cannot be pasted anywhere else. As such, Hoffman concludes: In its current state, I’d say the SECURITY extension is “somewhat useful”, but more work would have to be done. Both in X.Org and in the clients. You would have to come up with a new clipboard protocol, for example. And the list goes on. (See where I’m going with this?) It’s not that simple. ↫ Peter Hofmann Since pretty much nobody adopted it when this extension came out in the ’90s, and it hasn’t seen much work since, the amount of work that would be required to bring it up to modern standards would be astronomical, and trying to get clients to adopt it would probably prove fruitless considering Wayland already exists, and offers all of the potential security benefits and then some. People often claim it would be “easy” to modernise X11, but just this one particular issue – security, kind of important – shows just how quickly the X11 house of cards comes crashing down if you try to do anything to drag it out of its ’80s and ’90s mindset.
Patchwork is a 64-bit monolithic NON-POSIX operating system for the x86_64 architecture that rigorously follows a “everything is a file” philosophy. Built from scratch in C it takes many ideas from Unix, Plan9, DOS and others while simplifying them and sprinkling in some new ideas of its own. ↫ PatchworkOS GitHub page Patchwork is a surprisingly advanced operating system considering it’s a hobby project. It has multithreading with a constant-time scheduler, fully preemptive mutitasking, SMP, file-based IPC (including pipes, shared memory, sockets and Plan9 inspired “signals” called notes), and much more. It also uses a Linux-style VFS and has a custom C standard library. On top of that, there’s a modular window manager that supports themes, in which everything is a window, and so much more. It supports x86_64, but only supports running in RAM. It’s licensed under the MIT license.
Claude Code has considerably changed my relationship to writing and maintaining code at scale. I still write code at the same level of quality, but I feel like I have a new freedom of expression which is hard to fully articulate. Claude Code has decoupled myself from writing every line of code, I still consider myself fully responsible for everything I ship to Puzzmo, but the ability to instantly create a whole scene instead of going line by line, word by word is incredibly powerful. ↫ Orta Therox Oh sweet Summer child. As a former translator, I can tell you that’s how it starts. As time goes on, your clients or your manager will demand more and more code from you. You will stop checking every line to meet the deadlines. Maybe you just stop checking the boilerplate at first, but it won’t stay that way. As pressure to be more “productive” mounts, you’ll start checking fewer and fewer lines. Before you know it, your client or manager will just give you entire autogenerated swaths of code, and your job will be to just go over it, making sure it kind of works. Before long, you realise there are fewer and fewer of you. Younger and less-skilled “developers” can quickly go over autogenerated code just as well as you do – but they’re way cheaper. You see the quality of the code you sign off on deteriorate rapidly, but you have no time, and not enough pay, to rewrite the autogenerated code. It works, kind of, and that will have to be enough. The autogenerated codebases you’re supposed to be checking and fixing are so large now, you’re no longer even really checking anything anymore. Quick, cursory glances, that’s all you have time for and can afford. Documentation and commenting code went out the window a long time ago, and every line of code scrolling across your screen is more tech debt you don’t care about, because it’s not your code anyway. And then it hits you. There’s no skill here. There’s no art here. You’re no longer a programmer. There’s no career prospects. Scrolling past shitty autogenerated code day in, day out, without the time or pay to wrangle it into something to be proud of, is the end of the line for you. Speak up about it, and you’ll be replaced by someone cheaper. The first time I was given a massive pile of autotranslated text to revise, without enough time and pay to ensure I was delivering a quality product, I quit and left the translation industry instantly. Like programming, translating is part skill, part art, and I didn’t get two university degrees in language and translation just to deliver barely passable trash. I took pride in my work, and I wasn’t going to let anyone put my name under a garbage product. Programmers, you’re next. Will you have the stones to stand by your art?
Wayback has been barely announced, and the first version 0.1 has barely left git, but it’s already time for version 0.2. It won’t surprise you to find out this isn’t some massive release, and you’d be right. It really only addresses a few very small bugs, while the developers also take the opportunity to highlight Wayback is now available on Gentoo GURU and Nixpkgs.
If there’s one thing Microsoft is good at, it’s creating weird variants of Windows with odd names that tech media talk about for like a day, after which everyone, especially Microsoft, forgets they even exist. Usually, these weird Windows variants are the result of either legal requirements, or, more commonly, of perceived threats to Windows’ dominance on the desktop. An example of the former are the various “N” editions of Windows, while an example of the latter is the one we’re talking about today: Windows 11 SE. I honestly had completely forgotten Windows 11 SE existed, and most likely you did, too. Windows 11 SE was (one of) Microsoft’s response(s) to the growing popularity of Chromebooks in schools, and as such, this Windows variant omitted a bunch of features for performance and distraction reasons, stored files in OneDrive instead of locally, was locked down so only administrators could control which applications could be used, and so on. In fact, unless specifically whitelisted, Windows 11 SE would not run any Win32 or UWP applications – everything had to be either a PWA or a website. Notably, it was only available in combination with a few specific devices. The past tense in the preceding paragraph should be a dead giveaway of what’s happening. Yes, Microsoft just cancelled the whole thing, after being on the market for only a few years. Microsoft will not release a feature update after Windows 11 SE, version 24H2. Support for Windows 11 SE—including software updates, technical assistance, and security fixes—will end in October 2026. While your device will continue to work, we recommend transitioning to a device that supports another edition of Windows 11 to ensure continued support and security. ↫ Windows 11 SE support document In other words, if your school fell for Microsoft’s sales pitch for Windows 11 SE, you’re kind of screwed after October 2026, because Windows 11 SE only shipped on specific, low-cost, low-powered devices. You’d think other variants of Windows 11 will more or less run on those, too, but if not – or far too slowly – your school is now sitting on a pile of e-waste. Anybody want to run a betting pool for the Windows variant Microsoft will cancel next?
Late last year, we talked about Bismuth, a virtual machine being developed by Eniko Fox, one of the developers of the awesome game Kitsune Tails. Part of a operating systems development side project, Bismuth is a VM (think Java Virtual Machine, not VMware) on top of Fox’ custom kernel, designed specifically to run programs in a sandbox. The first article detailed the origins of Bismuth, and the second article delved into memory safety, sandboxing, and more. We’re a few months down the line now, and Fox recently published another article in the series, this time explaining how a hello world-program works in Bismuth. This is the third in a series of posts about a virtual machine I’m developing as a hobby project called Bismuth. I’ve talked a lot about Bismuth, mostly on social media, but I don’t think I’ve done a good job at communicating how you go from some code to a program in this VM. In this post I aim to rectify that by walking you through the entire life cycle of a hello world Bismuth program, from the highest level to the lowest. ↫ Eniko Fox There’s a ton of detail here, and at the end you’ll have a pretty solid grip on how Bismuth works.
Servo is unique for a few other reasons, too. It’s managed by the Linux Foundation Europe with decisions made by a technical steering committee, not a big tech company. One of the main goals is to be an “embeddable web rendering engine,” meaning it’s not just for browsers—it could be a replacement for Electron or the Android WebView. Servo is also the first completely new browser engine in decades, so it’s taking lessons learned from mainstream browsers while building a new foundation. ↫ Corbin Davenport At the moment, as Davenport notes, Servo is far from ready to be a daily driver browser engine. Tons of websites’ rendering is broken and some crash the browser altogether, and performance is nowhere near that of the other browser engines. This makes perfect sense, as Servo is still in heavy development, and there’s no massive corporation with endless money (and ulterior motives) backing it. Still, out of all the various attempts at wrestling control away from Blink and WebKit, I feel like Servo’s the one with the most promise in the long term.
When someone has a plumbing emergency, they’re not flipping through a phone book; they’re Googling for help nearby. That’s why local SEO matters more than ever for plumbing businesses. If your name doesn’t show up in those local searches, you’re missing out on jobs that could’ve been yours. Thankfully, getting found online isn’t as hard as it sounds. With the right strategies in place, you can turn online visibility into real, paying customers. Start with Google Business Profile Optimization One of the first steps in digital marketing for plumbers is claiming and optimizing your Google Business Profile. This is what appears when someone searches for “plumber near me,” and it’s packed with potential. Add your business hours, contact details, services, and plenty of photos. Encourage happy customers to leave reviews, and always reply to them. Reviews help boost your ranking and show potential customers that you’re responsive and trustworthy. Keeping this profile updated is a small task with a big impact. Use Location-Based Keywords Across Your Website People don’t just search for “plumber.” They look up phrases like “drain cleaning in ” or “emergency plumber near .” That’s why location-based keywords are so important. They help your business appear in searches that are specific to your service area. Add these keywords to your homepage, service pages, image alt texts, and meta descriptions. This tells Google exactly where you work and what you offer. It also helps visitors know right away that you serve their area, which builds instant trust. Create Service Pages for Each Location You Cover If you work in multiple towns or neighborhoods, create a separate service page for each one. These pages should mention the area name in the title, headers, and throughout the text. Include unique content for each page to prevent duplication. For example, instead of a single generic service page, create separate pages for “Water Heater Repair in ” and “Toilet Installation in .” This enhances your local reach, making it easier for potential customers to locate you. Plus, it boosts your SEO by showing relevance in each area you serve. Earn Backlinks from Local Websites Backlinks, links from other websites to yours, are like digital referrals. Local backlinks are even more valuable when you’re trying to establish a strong presence in a specific area. You can earn these by sponsoring community events, listing your business in local directories, or being featured in neighborhood blogs. Write guest posts, connect with local bloggers, or ask your suppliers to mention your business online. Each backlink signals to search engines that your site is trustworthy and relevant. And the more relevant the site linking to you, the better your SEO will be. Publish Helpful, Local-Focused Content Regularly One of the best parts of digital marketing for plumbers is using content to their advantage. Writing blog posts about common plumbing problems, seasonal maintenance tips, or FAQs can boost your visibility and show that you know your stuff. Focus on local topics, such as how to protect pipes during your area’s winter or the local water issues people commonly face. Make your content conversational and easy to understand. When people find helpful answers on your site, they’re more likely to remember your name when they need a plumber. Fresh content also keeps your site active, which Google loves. Showing up in local searches doesn’t have to be complicated. It’s about being clear, helpful, and consistent online. Focus on the basics: a solid Google Business Profile, smart keyword use, and content that speaks to the people you serve. Local SEO is one of the most effective ways to ensure your plumbing business appears when and where it matters most.
Getting hardware to run AmigaOS 4.1 or MorphOS on isn’t always easy, cheap, or even possible in the first place. Luckily, there’s now an incredibly easy and straightforward way to emulate these two operating systems: Kyvos, developed by George Sokianos. Kyvos is a user-friendly frontend for Qemu, designed to streamline the creation of AmigaOS 4 and MorphOS emulated environments on Linux, macOS, and Windows. Pronounced “kee-vos,” this name is inspired by the Greek word “κύβος,” meaning cube, symbolizing these virtual systems running within the host OS. Setting up an AmigaOS 4 or MorphOS system is effortless with Kyvos—just a few clicks, and you’re ready to go. A helpful wizard guides users in locating or downloading necessary dependencies, including Qemu and 7zip binaries. ↫ George Sokianos Of course, nothing is stopping you from following guides online to build your own Qemu virtual machine and associated complex command to start it, but Kyvos takes all that work out of your hands and makes it incredibly easy, all wrapped in a nice graphical user interface. It’s available for Linux, Windows, and macOS. All you need is Kyvos – which is free, but Ko-Fi donations are appreciated – and a copy of either AmigaOS 4.1 Final Edition or MorphOS. Based on a toot by Hyperion, the developers of AmigaOS 4.1, you need the version for the AmigaOne board specifically, which will set you back about €30 for a boxed copy (I’ve asked if there are any download versions for sale as well). A copy of MorphOS costs about €79, and can be bought from inside MorphOS after installation. Note that you can also use MorphOS without a license, but it will slow down its performance after about 30 minutes until you reboot. I’m stoked to try this out, as I’ve been wanting to review both of these operating systems again, since my previous reviews of Amiga OS 4 (from 2009) and MorphOS (also from 2009) are horribly outdated at this point. MorphOS on old Apple PowerPC hardware just doesn’t cut it – believe me, I’ve tried – and AmigaOS 4 hardware is quite expensive and outdated at this point. Until – and let’s face it, if – the Mirari comes out, easy emulation through Qemu might be an option.
Stuck at the bottom of NVIDIA’s announcement of its latest graphics driver update is a section about the company’s plan for Windows 10 support. As we all know, Windows 10 will become end-of-life in October of this year, and like so many others, NVIDIA needs to deal with this. Before we get to Windows 10, though, NVIDIA also reminds users that a few very popular GPU generations will no longer receive driver updates after October of this year. The company notes that GPUs based on the Maxwell, Pascal, and Volta architectures will Game Ready Driver in October 2025, after which they’ll only get quarterly security updates for another three years. These three architectures roughly correspond to the GeForce GTX 7xx, 9xx, and 10xx series and their mobile counterparts, as well as a few other higher-end cards from the same generations. The full list is available to see if your GPU will receive its last driver update in a few months. As for Windows 10 support, the company notes: Also, we’re extending Windows 10 Game Ready Driver support for all GeForce RTX GPUs to October 2026, a year beyond the operating system’s end-of-life, to ensure users continue to receive the latest day-0 optimizations for new games and apps. ↫ Andrew Burnes at nvidia.com Considering half of Windows users are still using Windows 10, this is probably the correct policy by NVIDIA. Ideally this support would last even longer than just that one year, but with a company like NVIDIA you kind of have to take what you can get, because generous they are not.
BlueOS kernel is written in Rust, featuring security, lightweight, and generality. It is compatible with POSIX interfaces and supports Rust’s standard library. ↫ BlueOS kernel GitHub page This is the kernel for the BlueOS operating system, developed by Vivo, a Chinese consumer electronics company. Sadly, all of the websites and documentation for BlueOS are written in Mandarin, making it virtually impossible to really get a grip on what they’re developing, and I certainly don’t trust Google Translate or whatever enough to give me a proper, trustworthy, and accurate translation. I hope the company either hires some translators, or perhaps enthusiasts with the right skillset can provide some more insight over the coming years. It seems similar to Huawei’s HarmonyOS Next, and it’s apparently shipping on one of Vivo’s smartwatches.
Last week-end, I was invited to the UNIX Social Camp in Dijon, France to talk about the reasons I still use OpenBSD these days and why should others do so; or at least, have a look at OpenBSD. ↫ Joel Carnat Here’s my short pitch as to why you should use OpenBSD: it’s the closest you’ll get to a traditional, classic UNIX, while still using a modern and maintained operating system. OpenBSD just makes sense, and every time I run into some issue or I want to know how something in OpenBSD works, the answers always make me go “well that makes sense”. That’s rare in modern computing, and we need to cherish it.
Are you still using LinkedIn, the website where failed tech startup entrepreneurs go to die and “AI” influencers try to sell you on the latest version of the chatbot Florpium like a Utah mom trying to sell leggings that are totally not an MLM? If you are, and the other ten thousand reasons not to use the website incarnation of an ad for a personal injury lawyer along I-11 in Henderson, Nevada, weren’t enough, Microsoft just handed you another one. LinkedIn removed transgender-related protections from its policy on hateful and derogatory content. The platform no longer lists “misgendering or deadnaming of transgender individuals” as examples of prohibited conduct. While “content that attacks, denigrates, intimidates, dehumanizes, incites or threatens hatred, violence, prejudicial or discriminatory action” is still considered hateful, addressing a person by a gender and name they ask not be designated by is not anymore. Similarly, the platform removed “race or gender identity” from its examples of inherent traits for which negative comments are considered harassment. That qualification of harassment is now kept only for behaviour that is actively “disparaging another member’s perceived gender”, not mentioning race or gender identity anymore. ↫ Matti Schneider at the Open Terms Archive Microsoft joined the chorus of pathetic, spineless US tech companies bowing to far-right extremism long ago, and this is just another sign that Microsoft, like so many other US tech companies, is pulling an IBM. They did learn from the best, after all, and it doesn’t surprise me one bit that all of these CEOs click their heels like the good little brownshirts that they are. Anyway, LinkedIn has no value to anyone with even a gram of self-respect, and Microsoft’s other products are such utter trash they basically have to make you upgrade at the barrel of a gun. For those using their products – do you hate yourself that much? You deserve so much more.
Adjusted for the inevitable progress of time, the Common Desktop Environment or CDE is the best desktop environment of all time, and no, I will not be taking question at this time. OpenBSD wasn’t yet graced by CDE’s presence, but this is currently changing as the first commit for porting CDE to OpenBSD has appeared. It’s still rough around the edges and very slightly tested. I wouldn’t use is as a daily driver, it’s old unsecure code but it’s fun if you want to bring back memories. ↫ Antoine at the openbsd-ports mailing list On top of that, this being the initial commit also means there’s probably bugs and other issues lurking in the code, so caution is definitely advised.
Microsoft is finally changing the way Task Manager reports CPU utilisation to make it consistent across the different tabs. So apparently this has been gradually rolling out to the 34 different Windows 11 beta dev preview testing alpha release candidate service pack 4 channels since early this year, but then stopped the roll-out to fix some issues. These issues seem fixed now, as the roll-out restarted this week. It”s an important change that I think y’all will care about. From the original announcement of the change back in February: We are beginning to roll out a change to the way Task Manager calculates CPU utilization for the Processes, Performance, and Users pages. Task Manager will now use the standard metrics to display CPU workload consistently across all pages and aligning with industry standards and third-party tools. For backward compatibility, a new optional column called CPU Utility is available (hidden by default) on the Details tab showing the previous CPU value used on the Processes page. ↫ Amanda Langowski and Brandon LeBlanc at the Windows Blogs Before this change, Task Manager’s Processes tab didn’t take the number of processor cores into account when calculating PCU usage, so you could see a process at 100% CPU usage even if it was only using one core. These new changes standardise CPU usage reporting across all tabs, taking the number of CPU cores into account properly. Rejoice.
RISC-V has been supported in the upstream Linux kernel since 2017. But without a common hardware baseline, ensuring compatibility across builds and distros hasn’t been easy. The ecosystem was in need of a compelling, clearly defined hardware target – something both software and hardware teams could rally around to produce silicon capable of running stable, enterprise-grade software. This target arrived in October 2024 with the ratification of the application-class RVA23 Profile – RISC-V-speak for a baseline configuration, similar to microarchitecture feature levels in x86. The culmination of years of progress, RVA23 brings together the work done to shape the ISA and standardize key extensions such as vector, bit manipulation and hypervisor. ↫ James De Vile at RISC-V International’s blog Such a standard, stable baseline is incredibly welcome, and RISC-V working to have everything part of the upstream Linux kernel is crucial. Having to deal with out-of-tree patches and drivers and specific builds for specific boards is a nightmare – look at Linux on ARM – and hinders adoption of RISC-V.
This release includes some Ext4 performance improvements; XFS support for large atomic writes; support for USB audio offload; support for zero-copy send TCP payloads from DMABUF memory; various futex improvements; initial support for Intel Trusted Domain Extensions; automatic weighted interleaved memory allocation policy; support for sending coredumps over an AF_UNIX socket, and make easier to build your kernel optimized for your local CPU. As always, there are many other features, new drivers, improvements and fixes. ↫ KernelNewbies: Linux 6.16 You’ll get it eventually, usually when the first few point releases iron out any troubling issues.
