ISO 27001 is like that careful lawyer who never says exactly what they mean – it tells you what needs to be achieved, not how to do it. When it comes to logging, this is particularly telling: Control A.12.4.2 simply states that “logging information and logging facilities shall be protected against tampering and unauthorized access.” Period. How? That’s your problem to solve. ↫ Rafael Sadowski It turns out OpenBSD has a few relatively simple tools to make logs immutable, in a way that not even root can delete or modify them, or change any of the logging schedules. Reading through the blog post, you don’t even need a ton of intricate knowledge to set this up, thanks mostly to just how much innate sense OpenBSD tends to make, and how excellent the documentation is. I have no need for this level of security, but if you do, you can set this up in a few minutes.
With both Exchange 2016 and 2019 going out of support in October 2025, we have heard from some of our customers that they have started their migrations to Exchange Subscription Edition (SE) but might need a few extra months of Security Updates (SU) for their Exchange 2016 / 2019 servers while they are finalizing their migrations. We are announcing that we now have a solution for such customers. Starting on August 1st, 2025, customers can contact their Microsoft account team to get information about and purchase an additional 6-month Extended Security Update (ESU) for their Exchange 2016 / 2019 servers. Your account teams will have information related to per server cost and additional details on how to purchase and receive ESUs, starting August 1st, 2025. ↫ The Exchange Team blog Microsoft is clearly in a place where a lot of their software released over the past ten years or so just kind of works, and people just don’t feel as strong of a need to upgrade to newer versions, especially not if those newer versions come with complex subscriptions. It must be a strange position to be in for Microsoft.
Tilck is an educational monolithic kernel designed to be Linux-compatible at binary level. It runs on i686 and RISCV64 at the moment. Project’s small-scale and simple design makes it the perfect playground for playing in kernel mode while retaining the ability to compare how the very same usermode bits run on the Linux kernel as well. That’s a rare feature in the realm of educational kernels. Because of that, building a program for Tilck requires just a gcc-musl toolchain from bootlin.com. Tilck has no need to have its own set of custom written applications, like most educational kernels do. It just runs mainstream Linux programs like the BusyBox suite. While the Linux-compatibility and the monolithic design might seem a limitation from the OS research point of view, on the other side, such design bring the whole project much closer to real-world applications in the future, compared to the case where some serious (or huge) effort is required to port pre-existing software on it. Also, nothing stops Tilck from implementing custom non-Linux syscalls that aware apps might take advantage of. ↫ Tilck GitHub page Tilck implements about 100 Linux syscalls, and is not focused on replacing the Linux kernel or even becoming a generic desktop or server operating system. It supports both i686 and RISC-V, has support for FAT, and a whole slew of other features. It can run a number of console and even a few framebuffer applications, but don’t expect things like X11 to work, or to ever work.
Do you have a Windows XP retro virtual machine or, god forbid, run Windows XP on your primary machine? You’re going to need a sort-of up-to-date browser, and it turns out Mypal68 offers just that. Terrible name aside, it’s Firefox 68 ported to and maintained to run on Windows XP SP3; SP2 and lower are not supported, but some people do seem to have some success getting it to run on those. There are issues, of course: there’s a 1.5GB memory limit, and the browser will crash when it reaches that limit, and 64bit builds simpy don’t work at all, so there’s only a 32bit build. Version 74.1.0 was released a few days ago, but that version number doesn’t actually mean the browser is now based on Firefox 74; they had to change the reported version number for extension compatibility. I’m currently setting up a dedicated Proxmox PC for retro virtual machines, and Windows XP will obviously be one of them. I’m definitely going to try this out.
When it comes to open hardware, choices are not exactly abundant. Truly open source hardware – open down to the firmware level of individual components – that also has acceptable performance is rare, with one of the few options being the Talos II and Blackbird POWER9 workstations from Raptor Computing Systems (which I reviewed). Another option that can be fully open source with the right configuration are the laptops made by MNT, which use the ARM architecture (which I also reviewed). Both of these are excellent options, but they do come with downsides; the Talos II/Blackbird are expensive and getting a bit long in the tooth (and a possible replacement is at least a year away), and the MNT Reform and Pocket Reform simply aren’t for everyone due to their unique and opinionated design. Using an architecture other than x86 also simply isn’t an option for a lot of people, ruling out POWER9 and ARM hardware entirely. In the x86 world, it’s effectively impossible to avoid proprietary firmware blobs, but there are companies out there trying to build x86 laptops that try to at least minimise the reliance on such unwelcome blobs. One of these companies is NovaCustom, a Dutch laptop (and now desktop!) OEM that sells x86 computers that come with Dasharo open firmware (based on coreboot) and a strong focus on privacy, open source, customisability, and repairability. NovaCustom sent over a fully configured NovaCustom V54 laptop, so let’s dive into what it’s like to configure and use an x86 laptop with Dasharo open firmware and a ton of unique customisation options. Hardware configuration I opted for the 14″ laptop model, the V54, since the 16″ V65 is just too large for my taste. NovaCustom offers a choice between a 1920×1200 60Hz and a 2880×1800 120Hz panel, and I unsurprisingly chose the latter. This higher-DPI panel strikes a perfect balance between having a 4K panel, which takes a lot more processing power to drive, and a basic 1080p panel, which I find unacceptable on anything larger than 9″ or so. The refresh rate of 120Hz is also a must on any modern display, as anything lower looks choppy to my eyes (I’m used to 1440p/280Hz on my gaming PC, and 4K/160Hz on my workstation – I’m spoiled). The display also gets plenty bright, but disappointingly, the V54 does not offer a touch option. I don’t miss it, but I know it’s a popular feature, so be advised. While the V54 can be equipped with a dedicated mobile RTX 4060 or 4070 GPU, I have no need for such graphical power in a laptop, so I stuck with the integrated Intel Arc GPU. Note that if you do go for the dedicated GPU, you’ll lose the second M.2 slot, and the laptop will gain some weight and thickness. I did opt for the more powerful CPU option with the Intel Intel Core Ultra 7 155H, which packs 6 performance cores (with hyperthreading), 8 efficiency cores, and 2 low-power cores, for a total of 16 cores and 22 threads maxing out at 4.8Ghz. Unless you intend to do GPU-intensive work, this combination is stupid fast and ridiculously powerful. Throw in the 32GB of DDR5 5600MHz RAM in a dual-channel configuration (2×16, replaceable) and a speedy 7.400 MB/s (read)/6.500 MB/s (write) 1TB SSD, and I sometimes feel like this is the sort of opulence Marie Antoinette would indulge herself in if she were alive today. It won’t surprise you to learn that with this configuration, you won’t be experiencing any slowdowns, stuttering, or other performance issues. Ports-wise, the V54 has a USB-C port (3.2 Gen 2), a Thunderbolt 4 port (with Display Alt Mode supporting DP 2.1), a USB-A port (3.2 Gen 2) and a barrel power jack on the right side, a combo audio jack, USB-A port (3.2 Gen 1), microSD card slot, and a Kensington lock on the left, and an Ethernet and HDMI port on the back. Especially the Ethernet port is such a welcome affordance in this day and age, and we’ll get back to it since we need it for Dasharo. The trackpad is large, smooth, and pleasant to use – for a diving board type trackpad, that is. More and more manufacturers are adopting the Apple-style haptic trackpads, which I greatly prefer, but I suspect there might be some patent and IP shenanigans going on that explain why uptake of those in the PC space hasn’t exactly been universal. If you’re coming from a diving board trackpad, you’ll love this one. If you’re coming from a haptic trackpad, it’s a bit of a step down. A standout on the V54 is the keyboard. The keys are perfectly spaced, have excellent travel, a satisfying, silent click, and they are very stable. It’s an absolute joy to type on, and about as good as a laptop keyboard can be. On top of that, at least when you opt for the US-international keyboard layout like I do, you get a keyboard that actually properly lists the variety of special characters on its keys. This may look chaotic and messy to people who don’t need to use those special characters, but as someone who does, this is such a breath of fresh air compared to all those modern, minimalist keyboards where you end up randomly mashing key combinations to find that one special character you need. Considering my native Dutch uses diacritics, and my wife’s native Swedish uses the extra letters å, ä, and ö (they’re letters!), this is such a great touch. The keyboard also has an additional layer for a numeric pad, as well as the usual set of function keys you need on a modern laptop, including a key that will max out the fan speed in case you need it (the little fan glyph on my keyboard seems double-printed, though, which is a small demerit). I especially like the angry moon glyph on the sleep key. He’s my grumpy friend and I love him. Of course, the
Did you know KDE has a television-focused user interface? It’s been languishing for a while now, but a recent week-long effort by KDE developer Devin has brought a lot of new life into the project. I have been a long time Plasma Mobile contributor, but I have always had a keen interest in having Linux on my TV! I have noticed that in the past few months, the Plasma Bigscreen project has had some interest from people wanting to contribute, but there have not been any active KDE developers working on the project. Since I have some time off school (having just graduated university), I decided to take a swing at improving the project for a week. ↫ Devin, KDE developer It turned out to be one hell of a productive week, because the list of improvements achieved in that one week is kind of amazing. Lots of overhauls of the visual design, a new search view, complete redesign of the settings panels, and a lot more. The idea of running a KDE Plasma-based interface on my TVs sounds incredibly appealing, and I hope the project can make even more progress.
Haiku also survived another month of development, so it’s time for another roundup of what they’ve been doing. Considering it’s the height of Summer, it’s no surprise the list of changes is a bit shorter, consisting mostly of smaller bugfixes and minor improvements. A few standout changes are that cursors can now be properly scaled in HiDPI, the iprowifi3945 driver from FreeBSD has been replaced by the OpenBSD one because it performs better, and several improvements to how colour schemes work. waddlesplash refactored how control edge (borders, etc.) colors are computed inside HaikuControlLook (the class that renders UI controls under the default appearance), cleaning up a lot of convoluted computations. He also fixed some color handling in the progress bar control, and then along with nephele, refactored how control colors are used and computed across the system. The “Control background” color in Appearance preferences now has a new default and is much more properly used across the Interface Kit; under the default colors, renderings should be basically the same as before, but for users on “dark mode” or other custom color schemes, it will now be much easier to pick control colors. ↫ waddlesplash on the Haiku website There’s more, of course, so be sure to read the whole thing.
Late last year, Mishaal Rahman reported that Google was going to merge ChromeOS and Android, and it seems Google itself has now confirmed that’s exactly what’s happening. “I asked because we’re going to be combining ChromeOS and Android into a single platform, and I am very interested in how people are using their laptops these days and what they’re getting done,” Samat explained. ↫ Lance Ulanoff at TechRadar I’m definitely interested to see what using Android across desktops, laptops, tablets, martphones, and smartwatches is going to be like. The same applications on all those form factors? So many have tried, and as many have failed. I just don’t think Google has what it takes.
The latest alpha of the upcoming Blender 5.0 release comes with High Dynamic Range (HDR) support for Linux on Wayland which will, if everything works out, make it into the final Blender 5.0 release on October 1, 2025. The post on the developer forum comes with instructions on how to enable the experimental support and how to test it. If you are using Fedora Workstation 42, which ships GNOME version 48, everything is already included to run Blender with HDR. All that is required is an HDR compatible display and graphics driver, and turning on HDR in the Display Settings. ↫ Sebastian Wick It’s interesting to note that Blender on Windows won’t be getting HDR support, and that’s because Windows’ HDR support is subpar compared to Wayland on Linux, and requires a ton more work which the Blender team isn’t going to do. It seems the Wayland developers made all the right choices when it comes to HDR support. Needless to say, X11 doesn’t have HDR support. The design of the Wayland color-management protocol, and the resulting active color-management paradigm of Wayland compositors was a good choice, making it easy for developers to do the right thing, while also giving them more control if they so chose. ↫ Sebastian Wick Weird. I was told Wayland was an unusable mess.
Tribblix, the illumos distribution that aims to provide a retro feel with modern components, has just released a new update, Milestone 37. At the system level, the max PID is now 99999, so you may see larger PIDs. Usernames exceeding 8 characters are now accepted without warnings. Files with dates after the Y2038 transition are now permitted on ZFS. Notable default version updates: the default Java is now JDK21, postgres is now v17, go is now v1.24, and ruby is v3.4. ↫ Tribblix Milestone 37 release notes See the full list of changes for all the various updated components.
On Windows, there’s an option to show the seconds on the taskbar clock, but it comes with a warning that it might reduce battery life if you switch it on. LTT Labs decided to look into this to see just how much of a thing this really is, and they concluded that yes, it does actually affect battery life. They saw a drop of about 5%-15%, depending on configuration. In percentage terms, the drops weren’t massive. For most people, it probably won’t make or break your day. But if you’re on a long flight, running low on battery, or trying to squeeze out every last bit of endurance, it’s not entirely nothing either. ↫ Woolly Door at LTT Labs I mean, having the second tick away on the click would drive me up the wall when I’m trying to use my computer, but I’m sure quite a few among you do enable the seconds display on your own setups (Windows or otherwise). I’m curious to see if the same battery life reduction is measurable on KDE, GNOME, or macOS.
What if you want to use Wayland, but prefer Window Maker, which is restricted to legacy X11? Enter wlmaker, or Wayland Maker, a Wayland compositor that reproduces the look and feel of Window Maker. It’s lightweight, very configurable through human-readable configuration files, supports dockable applications, and more. It’s actually packaged in FreeBSD and a number of Linux distributions, including Ubuntu and Debian (Fedora’s package is outdated), but of course, you can compile it yourself, too.
In recent weeks and months, you may have noticed that when accessing some websites, you see a little progress bar and a character, performing some sort of check. You’ve most likely encountered Anubis, a tool to distinguish real human browser users from “AI” content crawlers that are causing real damage and harm. It turns out Anubis is quite effective at what it does, but it did come with a limitation: it required JavaScript to be enabled. Well, no more. One of the first issues in Anubis before it was moved to the TecharoHQ org was a request to support challenging browsers without using JavaScript. This is a pretty challenging thing to do without rethinking how Anubis works from a fundamentally low level, and with v1.20.0, Anubis finally has support for running without client-side JavaScript thanks to the Meta Refresh challenge. ↫ Xe Iaso Before this new non-JS challenge, users who disabled client-side JavaScript or browsers which don’t support JavaScript were straight-up blocked from passing Anubis’ test, meaning they couldn’t access the website Anubis was protecting from “AI” scraper abuse. This is now no longer the case.
I’m hardly a “networking” or system admin expert. Even still, I’ve always been interested in the concept of building out my own home router with OpenBSD. It seemed so “hacky” and cool! The problem is that most of the tutorials I stumble across on the internet seem so daunting. I normally read through the guides (maybe even poke around the core man docs for a bit as well) but always end up returning to my default ISP setup. But that all changes today! Best of all, you can come along for the ride! ↫ Bradley Taunt Exactly what it says on the tin.
It’s become almost impossible to avoid the “AI” evangelists spreading the gospel of how “AI” tools are helping them work faster and get more stuff done in less time, but do any of those claims have any basis in reality? Should we really be firing countless people and replace them with “AI” tools? Should we spend god knows how much money on “AI” tools and force employees to use them? Well… When developers are allowed to use AI tools, they take 19% longer to complete issues—a significant slowdown that goes against developer beliefs and expert forecasts. This gap between perception and reality is striking: developers expected AI to speed them up by 24%, and even after experiencing the slowdown, they still believed AI had sped them up by 20%. ↫ Joel Becker, Nate Rush, Beth Barnes, and David Rein We’re very much in the early days of proper research into the actual effectiveness and real-world benefits of “AI” tools for all kinds of professions, so a study like this definitely isn’t a smoking gun, but it does fly in the face of the tech companies and their evangelists shoving “AI” down our collective throat. With how much these tools get even the most basic stuff wrong, with how often they lie and make stuff up, I just can’t imagine them speeding up as many tasks as people claim they do. At the same time, “AI” tools do definitely have a place for very specific tasks, and I think that studies like these will look different for every single profession and even every single task within a profession. It’s going to be incredibly hard or even impossible to come to a “theory of everything” on the effectiveness and usefulness of “AI” tools. It won’t be until this idiotic hype dies down before we can have a grounded, honest, fact-based discussion about which “AI” tools make sense where.
James Heppell, representing Open Web Advocacy, published an article detailing his experience attending DMA compliance workshop in Brussels, in which members of the public can ask questions of companies who have products designated as gatekeepers under the DMA. After attending the Apple one, he concludes: As a final thought, I called this article “Apple Vs The Law” primarily in reference to the rule of law, about how it should be applied equally and fairly against all, no matter the size and influence of your company. I think some of these gatekeepers – above all Apple, do a lot to undermine this process, in some places genuinely damaging trust in democracy. Going out of their way to paint the DMA law and the EU as overstepping and extreme hurts its reputation, as does the invented rhetoric about it being the “great risk to privacy ever imposed to government” (China?), or that they’re “acting without experts in the field”. Similarly for the number of covertly funded and supported lobbying groups that they bring to regulators all around the world. And the constant pressure from the US administration to not enforce the DMA – helped in no small part by these gatekeepers. These money-driven practices – which in many ways mirror the propaganda typically produced by authoritarian regimes like Russia, seriously hurt all democracies that they come in to touch with, and is a kind of behaviour that should make Apple, and any other group involved, ashamed of themselves. ↫ James Heppell Sometimes I wonder if us Europeans wouldn’t simply be better off without these lying, scheming, law-breaking American technology companies. Yes, there’s be a bit of a shock and a chaotic scrambling as newcomers fill the void, but I think I’d prefer that over the illegal behaviours that are clearly endemic in US technology companies. As a EU citizen, I’m not even afforded 0.01% of the kind of silk glove, patient, and cooing treatment these corporations get when they break the law, and it highlights once more just how tiered justice really is. I think the EU would, in the long term, be better off without the likes of Apple, Google, Microsoft, Amazon, and Facebook routinely and repeatedly breaking our laws. Rip that festering, rotting band-aid off and endure the chaos for a few years while European newcomers fill the void in a beautiful explosion of competition and innovation. Do we really want to be tied to these corporations that clearly despise us?
There’s quite a few ways to mess around with home automation, with the most popular communication methods being things like ZigBee, plain Wi-Fi, and so on. One of the more promising new technologies is Thread, and Dennis Schubert decided to try and use it for a new homebrew project he was working on. After diving into the legalese of the matter, though, he discovered that Thread is a complete non-starter due to excessive mandatory membership fees without any exceptions for non-commercial use. To summarize: if you’re a hobbyist without access to some serious throwaway money to join the Thread Group, there is no way to use Thread legally – the license does not include an exception for non-commercial uses. If you’re like me and want to write a series of blog posts about how Thread works, there’s also no legal way. A commercial membership program for technology stacks like Thread isn’t new; it’s somewhat common in that space. Same with requiring certifications for your commercial products if you want to use a logo like the “Works with Thread” banner. And that’s fine with me. If you’re selling a commercial electronics product, you have to go through many certification processes anyway, so that seems fair. But having a blanket ban on implementations, even for non-commercial projects, is absolutely bonkers. This means that no hobbyist should ever get close to it, and that means that the next generation of electrical engineers and decision-makers don’t get to play around with the tech before they enter the industry. But of course, that doesn’t really matter to the Thread Group: their members list includes companies like Apple, Google, Amazon, Nordic, NXP, and Qualcomm – they can just force Thread into being successful by making sure it’s shipped in the most popular “home hubs”. So it’s just us that get screwed over. Anyway, if you planned to look at Thread… well, don’t. You’re not allowed to use it. ↫ Dennis Schubert So you can buy Thread dev kits to create your own devices at home, but even such non-commercial use is not allowed. The situation would be even more complex for anyone trying to sell a small batch of fun devices using Thread, because they’d first have to fork over the exorbitant yearly membership fee. What this means is that Thread is a complete non-starter for anyone but an established name, which is probably exactly why the big names are pushing it so hard. They want to control our home automation just as much as everything else, and it seems like Thread is their foot in the door. Be advised.
To better support you and provide earlier, more consistent access to in-development features, we are announcing a significant evolution in our pre-release program. Moving forward, the Android platform will have a Canary release channel, which will replace the previous developer preview program. This Canary release channel will function alongside the existing beta program. This change is designed to provide a more streamlined and continuous opportunity for you to try out new platform capabilities and provide feedback throughout the entire year, not just in the early months of a new release cycle. ↫ Dan Galpin on the Android Developers Blog This new Canary channel is intended for developers, and you can expect a ton of bugs and breaking changes. Updates are basically streamed continuously over the air, but not all changes will make it to a final release of Android (as in, they can be pulled definitively). You can join the new channel with any supported Pixel device, but going back to a beta or final release will require a full wipe.
The year is 2013 and I am hopping mad. systemd is replacing my plaintext logs with a binary format and pumping steroids into init and it is laughing at me. The unix philosophy cries out: is this the end of Linux (or, as many are calling it, GNU plus Linux)? The year is 2025 and I’m here to repent. Not only is systemd a worthy successor to traditional init, but I think that it deserves a defense for what it’s done for the landscape – especially given the hostile reception it initially received (and somehow continues to receive? for some reason?). No software is perfect – except for TempleOS – but I think that systemd has largely been a success story and proven many dire forecasts wrong (including my own). I was wrong! ↫ Tyler Langlois The article goes into detail on a number of awesome features, niceties, and clever things systemd has, and they’re legion. Even as a mere user, I like systemd, as every time I have had to or wanted to interact with it, it’s been a joy to use, with excellent documentation making it remarkably easy even for someone like me to get into it without doing any damage or breaking anything. Every time I read up on system’d more advanced features, I’m surprised by how well thought out and implemented it all seems to be. I’ve experienced several major leaps forward in the Linux world that made using Linux on my computers easier and more reliable, and the adoption of systemd stands among them as one of the biggest leaps forward desktop Linux has ever made. The idea of going back to a random piles of non-standardized init scripts with nebulous dependencies from varying sources and wildly different levels of quality seems like a complete nightmare to me. There’s a lot of charm in doing things ‘the old way’, and I’m not saying you’re wrong for wanting an init system that tries to do less, or that’s easier to read and parse for you, or whatever, but that doesn’t mean systemd is bad, evil, or part of a Red Hat conspiracy to kill Linux.
In Chrome, Skia is used to render paint commands from Blink and the browser UI into pixels on your screen, a process called rasterization. Skia has powered Chrome Graphics since the very beginning. Skia eventually ran into performance issues as the web evolved and became more complex, which led Chrome and Skia to invest in a GPU accelerated rasterization backend called Ganesh. Over the years, Ganesh matured into a solid highly performant rasterization backend and GPU rasterization launched on all platforms in Chrome on top of GL (via ANGLE on Windows D3D9/11). However, Ganesh always had a GL-centric design with too many specialized code paths and the team was hitting a wall when trying to implement optimizations that took advantage of modern graphics APIs in a principled manner. This set the stage for the team to rethink GPU rasterization from the ground up in the form of a new rasterization backend, Graphite. Graphite was developed from the start to be principled by having fewer and more comprehensible code paths. This forward looking design helps take advantage of modern graphics APIs like Metal, Vulkan and D3D12 and paradigms like compute based path rasterization, and is multithreaded by default. ↫ Michael Ludwig and Sunny Sachanandani at the Chromium Blog The level of complexity in browsers and their rendering engines blows my mind every time I read about it. When I first got access to the internet, it consisted of static pages with text and still images, but now browser engines are almost as complex as entire operating systems. Not all of that progress has been good – boy has a lot of it not been good – but we’re stuck with it now, and thus people making browsers have to deal with stuff like this. If you ever wonder why there really only are two browser engines in the world – Google’s Blink and Apple’s WebKit – this is your answer. Who in their right mind wants to develop something like this from scratch and compete with Google and Apple?
