Thom Holwerda Archive
The headline sets the stage, and the article delivers. This was the most interesting bug I’ve encountered for a while. I initially had a hard time believing that a bug like this would directly tie to a specific OS release, but I was proven completely wrong. At the end of the day, it was a simple bug in San Andreas and this function should have never worked right, and yet, at least on PC it hid itself for two decades. This is an interesting lesson in compatibility: even changes to the stack layout of the internal implementations can have compatibility implications if an application is bugged and unintentionally relies on a specific behavior. This is also not the first time I encountered issues like this: regular visitors might remember Bully: Scholarship Edition which famously broke on Windows 10, for very similar reasons. Just like in this case, Bully should have never worked properly to begin with, but instead, it got away with making incorrect assumptions for years, before changes in Windows 10 finally made it run out of luck. ↫ Adrian Zdanowicz Incredible story.
One of the strong points of Linux has always been how solid the experience of installing and managing software is. Contrarily to what happens in the Windows and macOS world, software on Linux is obtained through something called a package manager, a piece of software that manages any piece of software the user installs, as well as its dependencies, automatically. ↫ Luca Bramè at Libre.News It truly is. I can’t imagine using any operating system that relies (almost) exclusively on me going out to individual websites to download random installers or disk images, all with their own unique update mechanisms I need to keep track of, that eat up resources and interrupt my workflow. The combination of Fedora’s repository’s with the odd Copr or Flatpak package – all managed transparently through KDE’s Discover – is effectively perfect. I never have to manually install anything, nor do I ever have to rely on tarballs like back in the dark ages. Dealing with a Windows or macOS machine is a nightmare compared to this. Managing applications on those operating systems feels hopelessly archaic and outdated, and I have no idea how users tolerate that kind of nonsense. They’ve got a dozen or more updaters running in the background, cluttering up the system tray and eating resources, or whenever they open an application they get an annoying popup interrupting their work to ask them to update. It’s barbaric and user-hostile, and nobody should be dealing with that in 2025. It’s also highly unlikely things will ever improve for Windows or macOS users, since any attempt to bolt a package manager into them invariably fails. The official Windows and macOS application stores have been abject failures in more ways than one, and tools like winget are just glorified download managers that run regular installers in silent mode – incredibly crude and only really good for batch-downloading some installers. The Linux world is far from perfect, but they nailed application management early on, and the competition has basically sat still ever since.
The fines weren’t the only Digital Markets Act news coming from this fine continent today. The European Commission also closed its investigation into Apple’s user choice obligations under the DMA, and while Apple has made good progress in a few areas, the EC states Apple is still acting illegally in a variety of others. First, the good news for Apple: the European Commission is happy with Apple’s changes regarding browser choice, the ability to remove preinstalled iOS applications, and the ability to change a whole bunch of default settings that are all locked outside of the EU. These are valuable and welcome changes, and I’m glad the European Union, the European Parliament, and the Commission have forced Apple to become less hostile to European consumers. Second, there’s the bad news for Apple. Under the DMA, Apple is obligated to allow for third-party application stores, and the ability for users to download and install applications directly from the internet. In this area, Apple is still breaking European Union law. The Commission takes the preliminary view that Apple failed to comply with this obligation in view of the conditions it imposes on app (and app store) developers. Developers wanting to use alternative app distribution channels on iOS are disincentivised from doing so as this requires them to opt for business terms which include a new fee (Apple’s Core Technology Fee). Apple also introduced overly strict eligibility requirements, hampering developers’ ability to distribute their apps through alternative channels. Finally, Apple makes it overly burdensome and confusing for end users to install apps when using such alternative app distribution channels. ↫ European Commission press release This outcome was entirely expected, and pretty much everyone – except Apple’s PR attack dogs – knew Apple’s malicious compliance, fees, and onerous hurdles were going to be a hard sell. I’m glad the European Commission seems unimpressed with Trump’s sabre-rattling about the EU’s consumer protection laws, and is continuing to whip US tech companies in line, making sure they stop violating our consumer protection laws. Since these are the outcomes of a preliminary investigation, Apple now has the chance to argue its case.
The European Commission has levied fines against both Apple and Facebook for violating the Digital Markets Act. Apple has to pay a €500 million fine, and Facebook a €200 million fine. Apple is breaking EU law by not allowing application developers to inform users of other offers outside the App Store. The Commission found that Apple fails to comply with this obligation. Due to a number of restrictions imposed by Apple, app developers cannot fully benefit from the advantages of alternative distribution channels outside the App Store. Similarly, consumers cannot fully benefit from alternative and cheaper offers as Apple prevents app developers from directly informing consumers of such offers. The company has failed to demonstrate that these restrictions are objectively necessary and proportionate. ↫ European Commission press release Not only is Apple ordered to pay the €500 million fine, they also have to remove any and all of the illegal restrictions they put in place. Facebook, meanwhile, was fined for not offering an equally functional services but without combining user data from different services. The company did offer a choice between paying and not paying – whereby the latter involved data collection and combination – but this model violated the DMA. The Commission found that this model is not compliant with the DMA, as it did not give users the required specific choice to opt for a service that uses less of their personal data but is otherwise equivalent to the ‘personalised ads’ service. Meta’s model also did not allow users to exercise their right to freely consent to the combination of their personal data. ↫ European Commission press release Facebook did later amend their model to make it compliant with the DMA, and so the fine only covers the few months Facebook was violating EU law. Fun additional note: the EC also mentions that the Facebook Marketplace is no longer a gatekeeper service under the DMA, since its user numbers has dropped below the threshold. Facebook seems to be having some engagement issues in Europe, and you love to hear it. Both companies are required to pay and comply within 60 days, or further periodic penalty payments will be levied.
Linux on IBM Z and IBM LinuxONE use the s390x hardware architecture to run various Linux distributions, including SUSE Linux Enterprise Server (SLES), Red Hat Enterprise Linux (RHEL), and Ubuntu. Tens of thousands of software packages are tested and distributed through these projects, and various community distributions. ↫ Elizabeth K. Joseph at the IBM community website Various Linux distributions are available for the s390x architecture, but physical access to such hardware from IBM is, of course, relatively limited. As such, it’s great that IBM tests a variety of open source packages for Linux on s390x, and details the results. If you go to this table, you’ll find the detailed list of tested packages, which mostly focuses on development and enterprise software. IBM also offers virtual machine access to s390x hardware, and you can get such access for free for 120 days, allowing you to test Red Hat, SUSE, and Ubuntu on IBM Z and IBM LinuxONE. This could definitely make for a fun weekend project to mess around with.
Remember the odd inetpub folder that seemingly randomly appeared on people’s root drives after installing a Windows 11 update? Everybody assumed it was something left over from an update script, and that the folder was safe to remove. Well, it turns out that’s not the case, as the empty folder is actually a crucial part of a security fix for a serious vulnerability. Initially undocumented in the official release notes, the empty and seemingly inactive inetpub folder led to user speculation about whether it was a leftover artifact from development or a bug. Microsoft has since clarified that the folder is intentional and part of a critical security improvement. The change addresses CVE-2025-21204, a vulnerability that allowed local attackers to exploit symbolic link (symlink) attacks via Windows Update, potentially granting unauthorized access to protected system files or directories. As part of the fix, the system pre-creates certain directories — including C:\inetpub — to harden the update process and mitigate such attacks. ↫ Cyberdom If you’ve already removed the folder, you can reinstall the April 2025 cumulative update to restore the folder, or you can wait for next month’s update roll-up, which will also restore the folder. This lone, empty folder at your Windows PC’s root is apparently a crucial part of the security of your computer, but since it took Microsoft a while to publish release notes, nobody knew where it was coming from. The idea that a random, empty folder usually associated with IIS could be part of a vulnerability mitigation didn’t cross anybody’s mind at the time, especially since random folders appearing at a Windows PC’s root aren’t exactly uncommon or out of the ordinary. The consensus seems to be that creating this folder is a pretty clever form of mitigation, despite feeling so hacky. I’m assuming Microsoft’s engineers are capable, and that making the folder in question impossible to delete or somehow hidden is simply not an option and would break the vulnerability mitigation, but that doesn’t change the fact that this looks like a really crude hack that should be solved in a more elegant way.
Ars Technica took a look at how the current version of Windows Recall works, including the improvements Microsoft made since the initial security nightmare of a rollout, and concludes: Recall continues to demand an extraordinary level of trust that Microsoft hasn’t earned. However secure and private it is—and, again, the version people will actually get is much better than the version that caused the original controversy—it just feels creepy to open up the app and see confidential work materials and pictures of your kid. You’re already trusting Microsoft with those things any time you use your PC, but there’s something viscerally unsettling about actually seeing evidence that your computer is tracking you, even if you’re not doing anything you’re worried about hiding, even if you’ve excluded certain apps or sites, and even if you “know” that part of the reason why Recall requires a Copilot+ PC is because it’s processing everything locally rather than on a server somewhere. ↫ Andrew Cunningham at Ars Technica Way back in 1996, Mercedes-Benz unveiled the A-Class, a small, practical car that purported to be more premium than cheaper, similarly-sized cars from other brands. The car had a big problem, though – it was unusually narrow and tall, and because of it, it famously failed spectacularly at the “moose test”, in which a car has to suddenly swerve around a “moose” on the road. The car simply toppled over, and after initially denying the problem, Mercedes recalled every single A-Class sold and added a variety of mitigations like electronic stability control and suspension changes. As far as I can recall, it fixed the issue. To this day, however, I cannot look at an A-Class, even the modern ones which look like normal hatchbacks and bear effectively zero resemblance to the original, quirky A-Class from 1996, and not think of the failed moose test and the recall. I know the modern A-Class won’t fail that test, and I know it’s an infinitely safer car than the original one, but my brain still makes that connection every time I see one. A lot of people my age, whether they’re into cars or not, seem to remember this recall, because the original A-Class was such a unique and recognisable vehicle at the time, especially coming from Mercedes. My point is – Recall will face this same issue. No matter how secure Microsoft makes it, no matter how much they claim and prove it only runs locally, no matter how hard they try and hammer on the fact data never leaves your PC, people will always think of that initial botched rollout, and all the accurate reporting that Recall was a nightmare. And it just so happens that the skepticism is warranted, and hopefully keeps people from using this corporate Trojan horse.
We’d like to thank our outgoing sponsor, Nova Custom, for sponsoring OSNews! Nova Custom, based in The Netherlands, makes laptops focused on privacy, customisation, and freedom. Nova Custom laptops ship with either Linux, Windows, or no operating system, and they’re uniquely certified for Qubes OS (the V54 model will be certified soon), the ultra-secure and private operating system. On top of that, Nova Custom laptops come with Dasharo coreboot firmware preinstalled, which is completely open source, instead of a proprietary BIOS. Nova Custom can also disable the Intel Management Engine for you, and you can opt for Dasharo coreboot+Heads for the ultimate in boot security. Nova Custom offers visual customisations, too, including engraving a logo or text of your choice on the metal screen lid and/or palmrest and adding your own boot logo. They also offer privacy customisations like removing the microphone and webcam, installing a privacy screen, and more. A small touch I personally appreciate: Nova Custom offers a long, long list of keyboard layouts, as well as the option to customise the super key. Nova Custom products enjoy 3 years of warranty, as well as updates and spare parts for at least seven years after the launch of a product, which includes everything from motherboard replacements down to sets of screws. Nova Custom laptops can be configured with a wide variety of Intel processor options, as well as a choice between integrated Intel GPUs or Nvidia laptop GPUs. Thanks once again to Nova Custom for sponsoring OSNews – for a little longer than anticipated due to our weird RSS/captcha issues.
Only a few weeks ago, I linked to Cameron Kaiser’s excellent deep dive into the DEC Professional 380 running PRO/VENIX, and now we have a follow-up. Fortunately, today we have AI we have many more excellent and comprehensive documents on the subject, and more importantly, we’ve recently brought back up an oddball platform that doesn’t have networking either: our DEC Professional 380 running the System V-based PRO/VENIX V2.0, which you met a couple articles back. The DEC Professionals are a notoriously incompatible member of the PDP-11 family and, short of DECnet (DECNA) support in its unique Professional Operating System, there’s officially no other way you can get one on a network — let alone the modern Internet. Are we going to let that stop us? ↫ Cameron Kaiser No. The answer is always no. If you’ve ever wanted to know what’s involved in setting up a custom TCP/IP stack using serial on a 40 year old UNIX workstation, your very specific desires are hereby met.
I love the Kate Text editor. I use it for pretty much all the programming projects I do. Kate has been around for long time now, about 20 years! At least earliest blog post for it I could find was written in 2004. I wanted to go over my workflow with it, why I like it so much and hopefully get more people to try it out. ↫ Akseli Lahtinen Programmers and developers tend to be very set in their ways and have their preferred workflows – which profession doesn’t, honestly – and since there’s such a wide variety of developer and programming tools out there, it feels like every single developer’s workflow and setup is entirely unique. Akseli Lahtinen, KDE developer and allround awesome person, details his setup using Kate, the venerable and feature-rich text editor from the KDE project. As someone who can’t program, I can’t really compare his workflow to my own, but what I found interesting while reading his post is that there’s quite a bit of overlap between my previous work as a translator and his work as a developer. While the contents of each individual view inside his Kate window are obviously different, the setup of windows and tools I had when translating looked very similar. This shouldn’t be surprising to me – after all, both translating and developing requires multiple work surfaces, language plugins, formatting tools, tons of keyboard shortcuts, and a whole load of browser tabs, PDF files, and other documents to find just the right translation or the perfect term, as well as a ton of background to make sure you understand the topic you’re translating about. Y’all have no idea how much I know about the deepest complex inner-workings and processes of some of the largest organisations in the world, just because I needed to study them and had access to their internal documentation and software. I also read and studied way too many complex contracts, European law, and technical studies into medicine and healthcare treatments, and I guess developers and programmers do the same thing – just focusing on different subjects. What’s the best way to do this thing in the programming language I’m using? How does this library I want to integrate work? What are the API endpoints for this service I want to use? It’s really not that different from translating, and that never really dawned on me until now.
“Synology-branded drives will be needed for use in the newly announced Plus series, with plans to update the Product Compatibility List as additional drives can be thoroughly vetted in Synology systems,” a Synology representative told Ars by email. “Extensive internal testing has shown that drives that follow a rigorous validation process when paired with Synology systems are at less risk of drive failure and ongoing compatibility issues.” Without a Synology-branded or approved drive in a device that requires it, NAS devices could fail to create storage pools and lose volume-wide deduplication and lifespan analysis, Synology’s German press release stated. Similar drive restrictions are already in place for XS Plus and rack-mounted Synology models, though work-arounds exist. ↫ Kevin Purdy at Ars Technica I’m honestly surprised it’s taken Synology this long to start nickle-and-diming its users. I’m sure the “Synology-branded” drives will carry substantial markups over regular drives, despite the drives being otherwise identical. Charging insane markups for expansion options is a tried-and-true way to increase your margins, with Apple being the classic example of charging insane prices for basic RAM or SSD upgrades. I think most of us here on OSNews could easily build our own NAS, as it’s not a particularly complex project. The various software options could be a bit more complicated to navigate, but I don’t think it’s insurmountable for most of us. Normal, average people, though, would most likely do best to just buy an off-the-shelf NAS for their storage and local back-up needs, and it’s those kind of people who Synology is aiming this policy at. They’ll be easily fooled into thinking Synology-branded drives are somehow special, and not just a generic drive with a fancy sticker. This is how the world works, but that doesn’t make it any less unpleasant.
Only a few weeks ago we talked about Blue95, a Fedora-based distribution focused on bringing the Windows 95 look to the Linux world by integrating a set of existing Windows 95 Xfce themes. Since Fedora 42 has just been released, the Blue95 project also pushed out a new release, called Blue95 Topanga. It brings with it all the improvements from Fedora 42, but also goes a step further be integrating new applications to further add to the Windows 95 vibe. First, there’s Winblues Paint, a faithful recreation of Windows 95’s Paint, using jspaint.app. Second, they’ve recreated the classic Plus! experience with Chicago95 Plus!, a tool that allows you to take any existing Windows 95/98/ME/XP theme and apply it as-is on Xfce. Topanga also further improves the theming experience with custom Windows 95 icons for LibreOffice as well as custom themes for Audacious and Flatpost, a desktop-agnostic Flatpak client. I adore that this project aims to be more than just a vessel for the existing Chicago95 theme, and in fact goes so far as to create its own applications. I hope this continues from here on out and doesn’t fizzle out.
LXQt, the Qt-based alternative to KDE as Xfce is the GTK-based alternative to GNOME, has released version 2.2.0. LXQt is in the middle of its transition to Wayland, and as such, this release brings a number of fixes and improvements for Wayland, like improved multi-display support and updated compatibility with Wayland compositors. Beyond all the Wayland work, LXQt Power Management now supports power profiles, text rendering in QTerminal and QTermWidget has been improved, the file manager PCManFM-Qt has received a whole slew of new features, and there’s the usual smaller bug fixes and changes.
Google acted illegally to maintain a monopoly in some online advertising technology, a federal judge ruled on Thursday, adding to legal troubles that could reshape the $1.86 trillion company and alter its power over the internet. Judge Leonie Brinkema of the U.S. District Court for the Eastern District of Virginia said in a 115-page ruling that Google had broken the law to build its dominance over the largely invisible system of technology that places advertisements on pages across the web. The Justice Department and a group of states had sued Google, arguing that its monopoly in ad technology allowed the company to charge higher prices and take a bigger portion of each sale. ↫ David McCabe at The New York Times Google has come under fire from all sides in the United States, being declared an abusive monopoly in two different court cases covering search and now online advertising. In this case, Google controls 87% of the online advertising market in the US, which clearly confers monopoly power onto the company. No actual remedies have been proposed yet in this case, though, but breaking up the company is on the table. Google isn’t the only company facing antitrust court cases in the US, as Amazon and Apple, too, have the US government breathing down their necks. All three of these companies have overtly been trying to buy the favour of the new regime in Washington, but so far, without any success. I doubt we’ll get as far as a breakup, but I definitely think that’s the only real way we’ll ever get proper market forces at work again in the technology market. Not that any of us are really “consumers” in this online ad business, but of course, monopoly pricing still affects us through higher prices for the goods being advertised. If companies are forced to accept Google’s higher pricing for online ads, those costs will definitely be offloaded to consumers. As such, even breaking up a monopoly that doesn’t seem to affect us personally can still improve our lives by lowering prices.
ActiveX is a powerful technology that enables rich interactions within Microsoft 365 applications, but its deep access to system resources also increases security risks. Starting this month, the Windows versions of Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Visio will have a new default configuration for ActiveX controls: Disable all controls without notification. ↫ Zaeem Patel at the Microsoft 365 Insider Blog Be honest: did any of you know ActiveX was still a thing? Heck, when was the last time you even thought of ActiveX? This technology acted a replacement for Windows’ COM and OLE 2.0, and was used to make controls in a whole slew of Microsoft applications. ActiveX controls from one application could also be embedded into another, like showing a toolbar from Word inside an image editor. ActiveX has several major downsides, the two biggest of which are its relative lack of portability, and most of all, its atrocious security record. I’m genuinely surprised it’s taken them this long to actively, fully disable the technology by default.
A decade ago, I published a book on privacy “Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance.” In the book, and since then, in articles and speeches, I have been dispensing advice to people on how to protect their privacy. But my advice did not envision the moment we are in – where the government would collaborate with a tech CEO to strip-mine all of our data from government databases and use it to pursue political enemies. In the parlance of cybersecurity, I had the wrong “threat model,” which is a fancy way of describing the risks I was seeking to mitigate. I had not considered that the United States might be swept into the rising tide of what scholars call “competitive authoritarianism” – authoritarian regimes that retain some of the trappings of democracy, such as elections, but use the power of the state to crush any meaningful dissent. ↫ Julia Angwin Democracy is not nearly as much of a given as many people think, and in this day and age, where massive amounts of Americans’ data and personal information are collected and stored by the very corporations supporting the Trump regime, Americans have to think very differently about where digital threats actually come from. Nothing protects any American – or anyone visiting America – from ending up in an El Salvadorian concentration camp. Plan accordingly.
I’m not entirely sure how to link to this properly, but what we have here is a simple, to-the-point text file describing some of the benefits of Slackware, the oldest still maintained Linux distribution. It’s still run by Patrick Volkerding, and focuses on conservative choices and simplicity over ease. I doubt I have to explain the benefits of Slackware to the average OSNews reader, but this simple little text file does serve as a great marketing tool. The fact it’s a simple little text file is so very Slackware. I love it.
CISA says the U.S. government has extended MITRE’s funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE and CWE programs was set to expire today, April 16, potentially leading to widespread disruption across the cybersecurity industry. ↫ Sergiu Gatlan at BleepingComputer Elect clowns, live in a circus.
As some of you may have noticed, we’ve been having some issues with captchas. The powers that be – which isn’t me, I don’t know anything about web development – are looking into it, and once we’ve pinpointed the problem we’ll get it fixed. It’s annoying us too, so we want this resolved as quickly as possible. OSNews readers just trying to visit the site to read some tech stuff should not be subjected to selecting squares with buses or crosswalks. Our apologies for the annoyance, and I’ll update this post once the issue’s been resolved.
Fedora 42 has been released, bringing with it a major policy change: the Fedora KDE version now has the same status as the GNOME version. This means that Fedora KDE will be getting the same promotion, website space, and potential blocker status as the GNOME version. For now, the naming is a bit weird – Fedora Workstation for GNOME, Fedora KDE Plasma Desktop for KDE – but they intend to fix this down the line. Feodra 42 also brings with it a brand new installation interface, which replaces the old one with a newer, step-by-step wizard-style interface. Anaconda is now also a native Wayland application, instead of running in Xorg. This release also marks the official availability of the Fedora COSMIC spin, bringing System76’s Rust-based COSMIC desktop on the same footing as Xfce, LXQt, and others. Another cool addition is FEX for those of us running Fedora on ARM. Fedora now provides FEX, a fast emulator that allows one to run x86 and x86-64 binaries on an AArch64 Linux host. FEX requires a number of supporting components, including a RootFS image, and integration with muvm to support 16k page-size hosts. The purpose of this Change is to integrate FEX itself and its supporting components into Fedora Linux, to provide a delightful out-of-box experience for users that want to run x86 and x86-64 binaries on their aarch64 systems. This also includes integration into the AArch64 Fedora KDE spin as a non-blocking component of the spin. ↫ Fedora 42 release notes You can download and install Fedora 42, or if you’re already a Fedora user, you can upgrade through your graphical update utility or the command line using DNF.
