As part of our commitment to user safety, Google Workspace will no longer support the sign-in method for third-party apps or devices that require users to share their Google username and password. This antiquated sign-in method, known as Less Secure Apps (LSAs), puts users at an additional risk since it requires sharing Google Account credentials with third-party apps and devices that can make it easier for bad actors to gain unauthorized access to your account. Instead, you’ll need to use the option to Sign-In with Google, which is a safer and more secure way to sync your email to other apps. Sign-in with Google leverages industry standard and more secure OAuth method of authentication already used by the vast majority of third-party apps and devices. ↫ Google Workspace Updates What this means is that “all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP” will no longer work. Crucial to note, however, is that App Passwords will continue to work, which is good news, because without App Passwords, older IMAP email clients without OAuth support, such as the ones often used on legacy or minor operating systems, would cease to work with Gmail.
On March 15, 2010, I started a new job at Google. The fourteen years since that day feel like a century. The title of my announcement was Now A No-Evil Zone and, OK, I can hear the laughing from ten timezones away. I tried, then, to be restrained, but there are hardly words to describe how happy and excited I was. I had escaped from the accretion disk the former Sun Microsystems was forming around Oracle, that blackest of holes. And Google, in 2010, was the coolest place in the world to work. Let me quote myself from a little bit further into that piece, on the subject of Google: “I’m sure that tendrils of stupidity and evil are even now finding interstitial breeding grounds whence they will emerge to cause grief.” Well, yeah. This is in my mind these days as I’m on a retired-Googlers mailing list where the current round of layoffs is under discussion and, well, it really seems like the joy has well and truly departed the Googleplex. ↫ Tim Bray The honeymoon phase with the technology sector is well and long over, and we’re deep into an unhappy, unpleasant, joyless marriage now – and the fault lies entirely with the big technology companies themselves. They promised they’d change the world for the better, but they lied – and still lie – about the price.
What follows is a letter from Hans Reiser to myself, which he wrote some two months back, and has asked me to publish, with his thoughts on the deprecation of ReiserFS from the Linux kernel. I have transcribed it to the best of my ability. Plaintext email may not be the best way to read it, as such, I have also made available PDF and HTML versions of the letter. ↫ Fredrick R. Brennan Hans Reiser is the creator of the ReiserFS file system, which used to be a serious contender for the Linux file system you’d use in the early 2000s. In 2006, Hans Reiser murdered his wife, and is currently serving a prison sentence for this crime. Hopefully, after he completes his prison sentence, he can become a contributing member of society once again, if the professionals and specialists involved in such matters deem him capable of doing so. The long letter mentioned here was actually quite a fascinating read, and details his abrasive behaviour in the Linux world, the design of ReiserFS and its place in the ecosystem at the time, and his thoughts on the removal of ReiserFS from the Linux kernel.
Broadcom’s brutal assault on VMware’s product suite continues, with the company’s new owner this week confirming that it is sunsetting a massive 56 VMware products and platforms – as investors said this week that they anticipated a “tectonic shift” in the infrastructure market as a result. In a January 15 advisory VMware confirmed tersely that it was taking a sweeping range of products to “End of Availability” and that “these products are no longer available for purchase” – although most remain advertised enthusiastically, for now, on slick corporate website pages. ↫ Ed Targett The list of products is a thing to behold, for sure. I don’t think I’ve ever seen that many enterprise products together in one list, and I once spent weeks scouring and dealing with HPE.
The Chrome team is excited to announce that WebGPU is now enabled by default in Chrome 121 on devices running Android 12 and greater powered by Qualcomm and ARM GPUs. Support will gradually expand to encompass a wider range of Android devices, including those running on Android 11 in a near future. This expansion will be dependent on further testing and optimization to ensure a seamless experience across a broader range of hardware configurations. ↫ François Beaufort Mind you, this is about WebGPU, not WebGL.
I always liked small laptops and phones – but for some reason they fell out of favor of manufacturers (“bigger is more better”). Now if one wanted to get tiny laptop – one of the few opportunities would have been to fight for old Sony UMPC’s on ebay which are somewhat expensive even today. Recently Raspberry Pi/CM4-based tiny laptops started to appear – especially clockwork products are neat, but they are not foldable like a laptop. When in summer of 2023 Sipeed announced Lichee Console 4A based on RISC-V SoC – I preordered it immediately and in early January I finally received it. Results of my testing, currently uncovered issues are below. ↫ Mikhail Svarichevsky I want one of these.
AI code assistants have emerged as powerful tools that can aid in the software development life-cycle and can improve developer productivity. Unfortunately, such assistants have also been found to produce insecure code in lab environments, raising significant concerns about their usage in practice. In this paper, we conduct a user study to examine how users interact with AI code assistants to solve a variety of security related tasks. Overall, we find that participants who had access to an AI assistant wrote significantly less secure code than those without access to an assistant. Participants with access to an AI assistant were also more likely to believe they wrote secure code, suggesting that such tools may lead users to be overconfident about security flaws in their code. To better inform the design of future AI-based code assistants, we release our user-study apparatus and anonymized data to researchers seeking to build on our work at this link. ↫ Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh I’m surprised somewhat randomly copying other people’s code into your program – violating their licenses, to boot – leads to crappier code. Who knew!
Since the last article on the text-based IDEs of old, I’ve been meaning to write about the GCC port to DOS, namely DJGPP. As I worked on the draft for that topic, I realized that there is a ton of ground to cover to set the stage so I took most of the content on memory management out and wrote this separate post. This article is a deep dive on how DOS had to pull out tricks maximize the use of the very limited 1 MB address space of the 8086. Those tricks could exist because of the features later introduced by the 80286 and the 80386, but these were just clutches to paper over the fact that DOS could not leverage the real improvements provided by protected mode. ↫ Julio Merino The DOS memory story is a string of hacks upon hacks that somehow managed to work – and that still work today.
Google has detailed more of the changes it’s implementing to comply with the European Union’s Digital Markets Act. We already covered the changes to linked services, but Google is also changing how results related to shopping and booking results are displayed. We will introduce dedicated units that include a group of links to comparison sites from across the web, and query shortcuts at the top of the search page to help people refine their search, including by focusing results just on comparison sites. For categories like hotels, we will also start testing a dedicated space for comparison sites and direct suppliers to show more detailed individual results including images, star ratings and more. These changes will result in the removal of some features from the search page, such as the Google Flights unit. ↫ Oliver Bethell Google is also releasing its promised Google Takeout API, allowing developers to programmatically deal with users wanting to take their data out of Google to another service. This one in particular I’m interested in, since I’m curious if, say, a competing email service will make it easier and automatic to move away from Gmail.
Made to run natively on all modern operating systems and browsers, Ruffle brings Flash content back to life with no extra fuss. ↫ Ruffle website It’s using Rust and WASM, making it supposedly safer than the real Flash PLayer ever was, and of course, it’s open source too. Their most recent progress report details just how far along this project already is.
Recently, the oldest known versions of DOS were uploaded to the internet, and Michal Necasek dove into the floppy images. Even after more than 40 years(!), old software releases and pre-releases can still surface. In the case of 86-DOS 0.11 and 0.34 it’s practically a miracle, since there were probably never very many copies in existence. For the first time since the early 1980s, FAT formatted floppies with the primordial 16-byte directory entry format have come to light. The old 16-byte directory entries were gone by 86-DOS 1.0 in April 1981 and of course never appeared in any public PC DOS release. These prehistoric versions of 86-DOS allow us to fill in further missing pieces in the puzzle of DOS origins. It is fascinating to follow how DOS developed from almost nothing to a multi-million dollar business in the course of just a few years. ↫ Michal Necasek It started out so humbly. Yet, here we are, in 2024, and variants of DOS still have their uses in certain niches. An incredible legacy, for sure.
We show that content on the web is often translated into many languages, and the low quality of these multi-way translations indicates they were likely created using Machine Translation (MT). Multi-way parallel, machine generated content not only dominates the translations in lower resource languages; it also constitutes a large fraction of the total web content in those languages. We also find evidence of a selection bias in the type of content which is translated into many languages, consistent with low quality English content being translated en masse into many lower resource languages, via MT. Our work raises serious concerns about training models such as multilingual large language models on both monolingual and bilingual data scraped from the web. ↫ Brian Thompson, Mehak Preet Dhaliwal, Peter Frisch, Tobias Domhan, Marcello Federico As a translator myself, this is entirely unsurprising. Translating is a craft, a skill, and much like with any other craft, you get what you pay for. If you pay your translator(s) a good rate, you get a good translation. If you pay your translator(s) a shit rate, you get a shit translation. If you pay nothing, you get nothing. I’m definitely seeing more and more people in my industry integrate machine translations, but so far, it’s not been an actual issue – I have no qualms about accepting a job where I take a machine-translated text and whip it into shape and turn it into a human-readable, quality translation… As long as people pay me a reasonable rate for it. Working from a machine translation is often quicker and easier, so the going rate obviously reflects that. The quality of machine translations is absolutely atrocious, however, and the idea of relying on it for texts other people – customers, clients, employees, etc. – are actually supposed to read and work from is terrifying. Google Translate is an effective tool for personal use, but throwing, I don’t know, your product’s manual at it and dumping the unedited result onto your customers is borderline criminal. Pay nothing, get nothing.
Netscape Composer was my first introduction to web development. As a kid, I created my first web pages using it. Those pages never made it online, but I proudly carried them around on a floppy disk to show them off on family members’ and friends’ computers. This is likely how I got the understanding that websites are just made of files. Using Netscape Composer also taught me basic web vocabulary, such as “page” and “hyperlink”. Of course, the web landscape has evolved immensely since then. I was curious to try out that dated software again and see what its limitations were, and what the code it produces looks like from a 2024 perspective. The first thing I needed was a goal. I decided to try and reproduce the home page of my personal website as closely as the application allowed it. That seemed like a sensible aim as my website has a rather minimalistic design, with very little that should be completely out of reach for an antiquated tool. ↫ Pier-Luc Brault What a fun exercise.
I recently bought a Macbook because more and more people are asking me how to use Nix in certain situations under MacOS. In this article, we walk through installing Nix on MacOS and see how pleasant the experience is these days. After that, we show how to go declarative on MacOS with nix-darwin to enable compilation for Linux and Intel Macs, as well as some other nice features. ↫ Jacek Galowicz You can’t click on a single link without tripping over people talking about nix.
As a platform, we strive to help developers responsibly build new businesses and reach wider audiences across a variety of content types and genres. In response to strong demand, in 2021 we began onboarding a wider range of real-money gaming (RMG) apps in markets with pre-existing licensing frameworks. Since then, this app category has continued to flourish with developers creating new RMG experiences for mobile. ↫ Karan Gambhir, director of “Global Trust and Safety Partnerships” at Google “Real-money gaming” is the most obvious and blatant rebranding of “gambling” I have ever seen. Google, this is gambling. You’re making it easier for scumbags to target the poor and swindle them out of the little money they have. This is a shameless attempt at increasing Google’s revenue by making it easier to scam people into gambling. Everything about this post – and (mobile) gambling – is disgusting.
In contrast to that minimal experience, Google was seemingly working to bring the full might of Chrome to Fuchsia. To observers, this was yet another signal that Google intended for Fuchsia to grow beyond the smart home and serve as a full desktop operating system. After all, what good is a laptop or desktop without a web browser? Fans of the Fuchsia project have anticipated its eventual expansion to desktop since Fuchsia was first shown to run on Google’s Pixelbook hardware. However, in the intervening time – a period that also saw significant layoffs in the Fuchsia division – it seems that Google has since shifted Fuchsia in a different direction. The clearest evidence of that move comes from a Chromium code change (and related bug tracker post) published last month declaring that the “Chrome browser on fuchsia won’t be maintained.” ↫ Kyle Bradshaw at 9To5Google Up until a few years ago, every indication was that Google had big plans for Fuchsia, from “workstation” builds to porting Chrome to developers using Fuchsia for Google Meet calls, and lots of other improvements, changes, and additions that pointed squarely at Fuchsia being prepped for use on more than just the Nest Hub devices. We’re about a year later now, and everything has changed. The workstation builds have been discontinued, the Fuchsia team was hit harder by the Google layoffs than other teams, and now the Chrome port has been deprecated. All signs now point to Fuchsia being effectively a dead end beyond its use on Hub devices. At least Google had the decency to kill this before it released it.
Welcome to my comprehensive guide on recording audio and desktop screen on OpenBSD. In this blog post, I’m excited to share my personal setup and approach to efficiently capturing high-quality audio and video on one of the most secure and stable operating systems available. Whether you’re a professional content creator, a developer looking to record tutorials, or simply an OpenBSD enthusiast, this guide is tailored to help you navigate the intricacies of screen recording in this unique environment. Alongside this step-by-step tutorial, I’ve also included a practical YouTube video to demonstrate the quality and effectiveness of the recordings you can achieve with this setup. So, let’s dive in and explore the world of audio and video recording on OpenBSD! ↫ Rafael Sadowski The BSD world needs more of these kinds of guides and articles. I feel like the various BSDs have so much to offer to desktop users, especially now that there is a reasonable contingent of Linux users who aren’t happy with the spread of things like systemd and Wayland, but the fact of the matter is that the BSDs are not as focused on desktop and laptop use as Linux has been. That’s not a dig at BSD developers – BSD focuses on different things – but it does mean that people interested in using BSD on desktops and laptops need a bit more assistance.
We are trying out opening Copilot automatically when Windows starts on widescreen devices with some Windows Insiders in the Dev Channel. This can be managed via Settings > Personalization > Copilot. Note that this is rolling out so not all Insiders in the Dev Channel will see this right away. ↫ Amanda Langowski, Brandon LeBlanc at the official Windows blog You will use the copyright infringement tool, Windows user.
Chinese authorities recently said they’re using an advanced encryption attack to de-anonymize users of AirDrop in an effort to crack down on citizens who use the Apple file-sharing feature to mass-distribute content that’s outlawed in that country. According to a 2022 report from The New York Times, activists have used AirDrop to distribute scathing critiques of the Communist Party of China to nearby iPhone users in subway trains and stations and other public venues. A document one protester sent in October of that year called General Secretary Xi Jinping a “despotic traitor.” A few months later, with the release of iOS 16.1.1, the AirDrop users in China found that the “everyone” configuration, the setting that makes files available to all other users nearby, automatically reset to the more contacts-only setting. Apple has yet to acknowledge the move. Critics continue to see it as a concession Apple CEO Tim Cook made to Chinese authorities. ↫ Dan Goodin at Ars Technica The most damning aspect of this story is that Apple has been aware of this vulnerability in AirDrop since 2019, and has not addressed it in any way. The use of AirDrop by dissidents in China to spread critique of the Chinese government has been well-known, so it’s not entirely unreasonable to conclude that Apple has been weary of closing this security vulnerability in order to not offend China – as further evidenced by the sudden changes to AirDrop as mentioned above. What’s going to be interesting now is what Apple is going to do about this. Are they going to finally address this security hole, and thereby risking offending China? Will it fix the hole, but only in non-totalitarian countries? Will it just leave it open? Whatever they do, they’ll end up offending someone.
The Digital Markets Act (DMA) is an EU law that takes effect on March 6, 2024. As a result of the DMA, in the EU, Google offers you the choice to keep certain Google services linked. ↫ Google’s support site So what does linking services really do for you? When linked, these services can share your data with each other and with all other Google services for certain purposes. For example, linked Google services can work together to help personalize your content and ads, depending on your settings. It doesn’t seem like unlinking will mean much, but but at least the option is there now – but only for EU/EEA citizens.
