Starting in Windows 11, version 22H2, Enhanced Phishing Protection in Microsoft Defender SmartScreen helps protect Microsoft school or work passwords against phishing and unsafe usage on sites and apps. We are trying out a change starting with this build where users who have enabled warning options for Windows Security under App & browser control > Reputation-based protection > Phishing protection will see a UI warning on unsafe password copy and paste, just as they currently see when they type in their password. This actually seems like a cool and useful feature. The basic gist – which is a bit unclear from the short blurb above – seems to be that if, e.g., a child using a school account copies and pastes that school account password to use somewhere else, this feature will warn them about it. Usefulness of warning dialogs aside, I can see this being quite useful in large organisations.
Turns out Intel’s NUC line is not going to die after all. Today, Intel announced it has agreed to a term sheet with ASUS, a global technology solution provider, for an agreement to manufacture, sell and support the Next Unit of Compute (NUC) 10th to 13th generations systems product line, and to develop future NUC systems designs. If you’re into Intel NUCs, Asus is the way to go now.
The contractors are the invisible backend of the generative AI boom that’s hyped to change everything. Chatbots like Bard use computer intelligence to respond almost instantly to a range of queries spanning all of human knowledge and creativity. But to improve those responses so they can be reliably delivered again and again, tech companies rely on actual people who review the answers, provide feedback on mistakes and weed out any inklings of bias. It’s an increasingly thankless job. Six current Google contract workers said that as the company entered a AI arms race with rival OpenAI over the past year, the size of their workload and complexity of their tasks increased. Without specific expertise, they were trusted to assess answers in subjects ranging from medication doses to state laws. Documents shared with Bloomberg show convoluted instructions that workers must apply to tasks with deadlines for auditing answers that can be as short as three minutes. That’s the reality of “artificial intelligence” – the same reality it always seems to be in Silicon Valley: thousands and thousands of exploited workers behind the scenes running around like ants keeping the illusion of futurism alive for meager pay.
Together with the open source software community, GitHub has been working to support EU policymakers to craft the Cyber Resilience Act (CRA). The CRA seeks to improve the cybersecurity of digital products (including the 96 percent that contain open source) in the EU by imposing strict requirements for vendors supplying products in the single market, backed by fines of up to €15 million or 2.5% of global revenue. This goal is welcome: security is too often an afterthought when shipping a product. But as written it threatens open source without bolstering resilience. Even though the CRA, as part of a long-standing line of EU ‘open’ strategy, has an exemption for open source software developed or supplied outside the course of a commercial activity, challenges in defining the scope have been the focus of considerable community activity. Three serious problems remain with the Parliament text set for the industry (‘ITRE’) committee vote on July 19. These three problems are set out below. Absent dissent, this may become the final position without further deliberation or a full Parliament plenary vote. We encourage you to share your thoughts with your elected officials today. The three problems are substantial for open source projects. First, if an open source project receives donations and/or has corporate developers working on it, it would be regulated by the CRA and thus face a huge amount of new administrative rules and regulations to follow that would no doubt be far too big a burden for especially smaller projects or individual developers. On top of that, the CRA, as it currently stands, also intends to mess with the disclosure process for vulnerabilities in a way that doesn’t seem to actually help. These three problems are big, and could have far-reaching consequences for open source.
The Interactive Advertising Bureau, one of the biggest names in online advertising, held some sort of corporate event or whatever in January of this year, and the IAB CEO, David Cohen, held a speech there to rally the troops. Apparently, those of us who are fighting back against the online advertising industry? We’re “extremists”. Extremists are winning the battle for hearts and minds in Washington D.C. and beyond. We cannot let that happen. These extremists are political opportunists who’ve made it their mission to cripple the advertising industry and eliminate it from the American economy and culture. This guy, who uses double spaces after a period and hence is already on my shitlist, just gave us an amazing creed.
The Framework Laptop 16, available for preorder today starting at $1,699 prebuilt, is one of the most exciting notebooks we’ve ever seen. When it ships in Q4, the modular computer company’s first gaming laptop will let you swap practically every component — not just memory and storage, but each and every individual port, the motherboard, the battery, the speakers, you name it. Framework seems to be making it, despite the ridicule. There’s more and more companies taking repairability seriously, and the EU, too, is flexing its legal muscle in this area. We’re getting there. Slowly.
The biggest changes last month were a series of commits by waddlesplash, all related to the user_mutex API and the consumers of it. This API is the kernel portion of the implementation of basically anything related to mutexes or locks in userland, including pthread_mutex, pthread_cond, pthread_barrier, unnamed semaphores (via sem_open), rwlocks, and more. It bears some resemblance in concept to Linux’s futex API, but is very different in both design and implementation. This month’s activity report contains a detailed description of what these commits actually entail, but as OSNews regulars will know, I’m not at all qualified to tell you what it all means. Other changes this month that my limited brain can actually comprehend are work done to make Haiku partially buildable using gcc 13, more RISC-V and ARM improvements, and a whole lot more.
There’s a specter looming over the realm of Mastodon, and it’s the ghost of computing’s past. A loose group of retro computing hobbyists have taken it upon themselves to build Mastodon clients for various operating systems. Developing web clients using the technology of the 80’s and 90’s is a challenge, but the following projects have proven that their devs are up to the task! Should we find ourselves in the unlikely scenario where an apocalypse happens, people can still post to Mastodon using retro PCs. This is an impressive list, and demonstrates the skill and dedication you can find in the retrocomputing community.
Android 14 introduces a number of new features for app stores, including an “update ownership” API that lets an app store claim ownership over an app it installs. If any other app store tries to push an update to that app, Android will throw up a dialog asking you what they want to do. The dialog asks you if you want to “update this app from ” since “this app normally receives updates from ” and warns that “by updating from a different source, you may receive future updates from any source on your phone.” You can choose to cancel or update anyway, which is good since it means one app store can’t lock you out of getting app updates from somewhere else. When taken in isolation, I think this dialog is a good addition to Android – I personally see no issues with informing users of the very valid risk that come with installing applications from outside the Play Store, especially ones coming from random websites (and not from APKMirror or F-droid or similar, more well-known sources). There are real risks associated with doing so, and it’s a good idea to warn people of this in the highly unlikely event they both accidentally download a random APK and open it to install it. However, the ‘when’ clause is doing a lot of heavy lifting here. Google has been slowly locking Android down for years now, and it’s not unreasonable to assume that this is simply yet another stop along the way in that process. I don’t think Google will ever fully remove sideloading from Android, but they sure will do whatever they can to make it as hard, cumbersome, annoying, and frustrating as possible.
The availability of support for various apps and drivers (for various hardware and software) is crucial for the general adoption of any general purpose operating system like Redox OS. Some of us developers are working on improving the core of Redox OS (like the Kernel), which should create a solid base on which high quality native drivers and apps can be created with ease. Some others are working on porting (and adapting) various open source drivers and apps (written for other OSes) such that they can work with Redox OS. This work is super important and helps Redox OS progress forward. But in the meanwhile, there’s a potential shortcut to enabling wide driver and app support for Redox OS, without having to manually port and adapt drivers to Redox OS. (which can be helpful, both today and in the future). The shortcut, in simple words, is to use our Host machine running Redox OS, to run a Virtual Machine with another OS (Linux/Windows) as the guest, and then cleverly use the drivers and apps that can run on that guest OS to help coverup the missing drivers and apps on Redox OS. This is not a novel solution, but it is quite clever and ingenious. I’m wondering how this would impact performance, and if stability suffers from going through several layers like this. There’ll be a more detailed post with technical details of the implementation later on, so keep an eye out for that one.
A year ago, we compiled a model list of Macs spanning over two decades, complete with their launch dates, discontinuation dates, and all the available information about the macOS updates each model received. We were trying to answer two questions: How long can Mac owners reasonably expect to receive software updates when they buy a new computer? And were Intel Macs being dropped more aggressively now that the Apple Silicon transition was in full swing? The answer to the second question was a tentative “yes,” and now that we know the official support list for macOS Sonoma, the trendline is clear. The only thing this article makes clear is that if Apple truly cared about its customers, it would post exactly how much longer each Mac is planned to be supported.
Collapse OS (which we talked about 4 years ago) has a successor. Dusk OS is a 32-bit Forth and big brother to Collapse OS. Its primary purpose is to be maximally useful during the first stage of civilizational collapse, that is, when we can’t produce modern computers anymore but that there’s still many modern computers still around.
We talked about Chimera Linux before – it’s a unique coupling of the Linux kernel with a FreeBSD userland, musl, the package manager from Alpine Linux, and dinit. The project recently entered the alpha stage, and while not ready for everyday use, Wesley Moore still decided to try and give it a go. So far my experience has actually been better than I expected. Since I installed it I have not rebooted back into Arch. This isn’t the first time I’ve run a desktop musl system and I was prepared to encounter incompatible software more often than I did. Flatpak really helps fill the gaps there. As the alpha announcement suggested, I have run into the odd bug here and there but for the most part the system is remarkably polished and stable. I plan to keep using it as the primary OS on my laptop, including its Framework 13 AMD replacement that should arrive Q4 2023. That’s good news. Chimera is one of the more interesting operating system projects out there, and it’s headed by the same person who used to run the Void Linux for POWER hardware project, so there’s some real pedigree here.
As a former BeOS user and fan(atic), I consider myself quite knowledgeable on the subject, but as I was watching the latest Micheal MJD video about BeOS, I learned something new I had never heard of before. It’s common knowledge that Be actively tried to court x86 OEMs to bundle BeOS alongside Windows in a dual-boot configuration. However, these efforts fell apart as soon as Microsoft caught wind of it and Redmond sent representatives to these OEMs to, shall we say, politely discourage them from doing so. I thought this is where this story ended – the OEMs ghosted Be, and no PC with BeOS preinstalled ever shipped. But in his video, Micheal MJD mentions that at least one OEM did actually ship BeOS preinstalled alongside Windows – Hitachi. However, while the company technically shipped BeOS, it still wanted to appease Microsoft’s goons representatives, and so Hitachi just… Disabled the special boot loader that would’ve allowed users to pick BeOS at boot. BeOS was technically installed and took up a part of the hard drive of every one of these machines shipped, but unless you followed a set of detailed instructions posted by Be online, using a BeOS boot floppy, you wouldn’t be able to actually boot into BeOS. Trying to find more information about this, I ended up at the article archive of Scot Hacker, author of, among other things, The BeOS Bible. In 2001, Hacker wrote the post “He who controls the boot loader“, in response to the news that Be had been acquired by Palm: In the 1998-1999 timeframe, ready to prime the pump with their desktop offering, Be offered BeOS for free to any major computer manufacturer willing to pre-install BeOS on machines alongside Windows. Although few in the Be community ever knew about the discussions, Gassée says that Be was engaged in enthusiastic discussions with Dell, Compaq, Micron, and Hitachi. Taken together, pre-installation arrangements with vendors of this magnitude could have had a major impact on the future of Be and BeOS. But of the four, only Hitachi actually shipped a machine with BeOS pre-installed. The rest apparently backed off after a closer reading of the fine print in their Microsoft Windows License agreements. Hitachi did ship a line of machines (the Flora Prius) with BeOS pre-installed, but made changes to the bootloader — rendering BeOS invisible to the consumer — before shipping. Apparently, Hitachi received a little visit from Microsoft just before shipping the Flora Prius, and were reminded of the terms of the license. Be was forced to post detailed instructions on their web site explaining to customers how to unhide their hidden BeOS partitions. It is likely that most Flora Prius owners never even saw the BeOS installations to which they were entitled. So clearly, this information has been out there since at least 2001 – I had just never heard of it. There’s countless references to Hacker’s article out there as well, so it’s not like it’s some deeply hidden secret nobody was aware of. I, of course, dove into our own archives and… For the love of KDL, we even linked to Hacker’s article. I wasn’t working for OSNews at the time – this was about 4-5 years before I came on as Managing Editor – but I find it highly entertaining this was already part of OSNews lore. In any event, I’m wondering if this makes Hitachi the only OEM to have ever shipped a computer with BeOS preinstalled. Several Mac clone makers put a BeOS installation CD in the box of their machines, but I don’t think any of them ever shipped machines with BeOS preinstalled. Even if they did, Hitachi would still be the only x86 OEM to have ever shipped BeOS preinstalled, and that, too, is incredibly noteworthy. Of course, I now have to try and find a working example of this Hitachi Flora Prius computer line. They were apparently only sold in Japan, so the odds of finding one anywhere seem slim, at best. It doesn’t help that most people who bought one of these had no idea BeOS was installed or what BeOS even was, so the historical significance was lost on them. I also think these weren’t particularly noteworthy computers otherwise – most likely one of the many dime-a-dozen beige boxes sold all over the world. Searches on eBay and Japanese auction sites yield no results. We really need to find a working example of a Hitachi Flora Prius with BeOS preinstalled. We need to image its hard drive for posterity on Archive.org, and I want to see it running – either on YouTube or in real life, I don’t care. This is a piece of computing history that needs to be preserved.
As you may have noticed, I used the word copyrighted for the title of this story. And it’s not without reason. I think this story could have been fairly decent even without the copyright part, so before we get to the nitty gritty stuff – I can 100% confirm that Brave lets you ingest copyrighted material through their Brave Search API, to which they also assign you “rights”. Time and time again, Brave gets caught doing slimy things. Just don’t use Brave. There are far, far better and more ethical alternatives.
This is a list of software and ideas developed or maintained by the OpenBSD project, sorted in order of approximate introduction. Some of them are explained in detail in our research papers. That’s an impressive list.
As some of us learned in the last week, it’s easy to uninstall a troublesome Rapid Security Response (RSR). Several naturally asked why that isn’t possible with a macOS update, pointing out that it was available and worryingly popular between High Sierra and Catalina 10.15.2, since when the ability has been lost. The answer is as straightforward as you’d expect: the updates themselves, as well as the update process, have become more complicated than they used to be, and rollback would be difficult to implement. As such, the advice for those unhappy with a new macOS version is as simple as it is disruptive: For those who decide that they want to roll back a macOS update on an Apple silicon Mac, by far the simplest procedure is to back the Mac up fully, put it into DFU mode, use Configurator 2 to restore the IPSW image for the previous version of macOS including its firmware, then to migrate the backup to that fresh boot disk. That also caters for all problems that may have arisen with the update. Apple always moves forwards, never backwards – even when you might want to.
Onyx Boox has just done something exciting; they have taken a page from the Hisense playbook and released a dedicated e-reader with the familiar candy bar shape as a smartphone, except it is a dedicated e-reader. You can do phone calls with this unit and talk to people on Facebook Messenger, Whatsapp or WeChat with dual microphones. However, it does not support SIM cards or eSim, and you must be on a WIFI connection to do anything useful. The most significant advantage of the Onyx Boox Palma is carrying an e-reader around with you in your pocket; you can’t do this with the vast majority of e-readers on the market. The Palma is available as a pre-order for $249; when it launches, the price will go up to $279.99.Only a small batch of units are available as a first come, first serve basis and will ship out sometime in August 2023. I don’t really have a use for something like this, but the price is interesting, and if it can indeed do smooth scrolling as they claim, I might actually be interested out of sheer curiosity. It’s kind of like if Apple released an iPod Touch, but with an e-ink display.
Microsoft ended Windows Server 2003’s Mainstream Support on July 13, 2010, and Extended Support on July 14, 2015. This means it would no longer provide security updates, technical support, or software updates for this server-based operating system. Windows Server 2003 is probably my favourite Windows release. I never liked Windows XP, and Server 2003, with its updated codebase and various fixes compared to XP, provided a more solid alternative at the time. There was this whole cottage industry of people aiding each other in converting Windows Server 2003 into a more desktop-friendly operating system through reactivating services, installing additional components, applying registry changes, and so on. It was a bit of work post-install, but once done, you had a more stable, more solid, and safer “version” of Windows XP. At least, that was the theory. I have no idea if this was actually true, or if a fully updated Windows XP installation was, in fact, functionally equivalent and that Server 2003 provided zero material benefit.
In case you missed it, Red Hat announced they will no longer be providing the means for downstream clones to continue to be 1:1 binary copies of Red Hat Enterprise Linux (RHEL). Very quickly, both Jack and I shared some initial thoughts, but we intentionally took our time deciding the next right step for AlmaLinux OS. After much discussion, the AlmaLinux OS Foundation board today has decided to drop the aim to be 1:1 with RHEL. AlmaLinux OS will instead aim to be Application Binary Interface (ABI) compatible. For a typical user, this will mean very little change in your use of AlmaLinux. Red Hat-compatible applications will still be able to run on AlmaLinux OS, and your installs of AlmaLinux will continue to receive timely security updates. The most remarkable potential impact of the change is that we will no longer be held to the line of “bug-for-bug compatibility” with Red Hat, and that means that we can now accept bug fixes outside of Red Hat’s release cycle. While that means some AlmaLinux OS users may encounter bugs that are not in Red Hat, we may also accept patches for bugs that have not yet been accepted upstream, or shipped downstream. I wonder just how much consumers care about the strict 1:1 with RHEL. With this change to AlmaLinux, we’re about to find out.
