The GNOME team has released GNOME 50, the latest version of what is probably the most popular open source desktop environment. It brings fine-grained parental controls, and the groundwork for web filtering so that in future releases, parents and guardians can set content filters for children. Our own kids are still way too young to have access to computers and the internet, but I’m not sure I’ll ever resort to these kinds of tools when the time comes. I didn’t have any such controls imposed upon me as a child on the early internet, but then, you can’t really compare the ’90s internet to that of today.

The Orca screen reader received a lot of attention in GNOME 50, with a new preference window, both global and per-application settings, and much more. There’s also a brand new reduced motion setting, which will tame the animations in the user interface. Document annotation has been overhauled and modernised, and the file manager has been optimised across the board for better performance and lower memory usage.

Remote Desktop also saw a lot of work in GNOME 50. It’s now hardware-accelerated using VA-API and Vulkan, and thanks to HiDPI support, the session will properly adapt to the screen being used. Kerberos Authentication support has been added, and you can now use the remote webcam locally. There’s way more here, like improved support for variable-refresh rates and fractional scaling, HDR screen sharing, fixes for weird NVIDIA driver nonsense, and much, much more.

As always, GNOME 50 will find its way to your distribution soon enough.

PosrtmarketOS, the Linux ‘distribution’ for mobile devices, now also has an immutable variant, called Duranium.

Duranium is an immutable variant of postmarketOS, built around the idea that your device should just work, and keep working. You shouldn’t need to know what a terminal is to keep your device running.

“Immutable” means the core operating system is read-only and can’t be modified while it’s running. System updates are applied as complete, verified images rather than individual packages. Either the new image works, or the system falls back to the previous one automatically. No partially-applied state. No debugging audio when you need to make a phone call and no fussing with a broken web browser when you just want to doomscroll cat photos. It also means developers can reproduce the exact state of a user’s device, making it much easier to track down and fix issues.

↫ Clayton Craft on the postmarketOS blog

Duranium is built around the various functionalities and tooling provided by systemd, meaning the project didn’t have to reinvent the wheel. It works similarly to other immutable distributions, in that images for the base are downloaded and installed as a whole, with the preferred application installation method being Flatpak. Security-wise, Duranium uses dm-verity to protect /usr, cryptographically verifying data as it’s read. The image simply won’t boot if anything’s been tampered with. LUKS2 is used to encrypt mutable user and operating system data and configuration on the root file system.

Duranium is still under heavy development, but it makes sense to implement something like this now, since in the world of mobile devices, this has become the norm. I’m glad postmarketOS is taking these steps, and I sincerely hope I’ll eventually be able to use a postmarketOS device with KDE’s Plasma mobile shell at some point in the near future in my day-to-day life. This requires both postmarketOS to improve as well as for the regulatory landscape to break the duopoly on banking and government applications held by Android and iOS, and with the state of the US government as it is, this might actually be something Europe’s interested in achieving.

Once again, social media giants Facebook and TikTok have been caught red-handed.

More than a dozen whistleblowers and insiders have laid bare how the companies took risks with safety on issues including violence, sexual blackmail and terrorism as they battled for users’ attention.

An engineer at Meta, which owns Facebook and Instagram, described how he had been told by senior management to allow more “borderline” harmful content – which includes misogyny and conspiracy theories – in user’s feeds to compete with TikTok.

“They sort of told us that it’s because the stock price is down,” the engineer said.

↫ Marianna Spring and Mike Radford at the BBC

Meta, TikTok, and Twitter are criminal enterprises, and their executives should be trembling in court instead of scheming on yachts. Their role in legitimising far-right extremism will eventually catch up to them, and once that happens, no yacht is going to keep them safe.

Modern kernel anti-cheat systems are, without exaggeration, among the most sophisticated pieces of software running on consumer Windows machines. They operate at the highest privilege level available to software, they intercept kernel callbacks that were designed for legitimate security products, they scan memory structures that most programmers never touch in their entire careers, and they do all of this transparently while a game is running. If you have ever wondered how BattlEye actually catches a cheat, or why Vanguard insists on loading before Windows boots, or what it means for a PCIe DMA device to bypass every single one of these protections, this post is for you.

↫ Adrián Díaza

I hate that we need proprietary rootkits just to play competitive multiplayer games – we can chalk this up to a few sad people ruining the experience for everyone else, as so often happens. I have a dedicated parts bin Windows box just to play League of Legends (my one vice alright, nobody’s perfect) so I don’t really care if it has a proprietary rootkit running in the background as there’s not a single bit of valuable data on that machine, but for most people, that’s not realistic.

Virtually every League of Legends player hands over control of their entire computer to a proprietary rootkit developed and deployed by a company from China, whereas players of other popular online multiplayer games must install rootkits from companies from the United States. If anyone inside the governments of these countries ever wants to implement a backdoor in dozens (hundreds?) of millions of Windows machines, this is the way to go.

It’s an absolutely bizarre situation.

Java 26 delivers thousands of improvements that boost developer productivity, simplify the language, and help developers integrate AI and cryptography functionality into their applications. To help developers further streamline and enhance their development initiatives, Oracle is also announcing the new Java Verified Portfolio, which provides developers with a curated set of Oracle-supported tools, frameworks, libraries, and services, including commercial support for JavaFX, a Java-based UI framework, and Helidon, a Java framework for microservices. In addition, Oracle intends to align Helidon’s release cadence with Java releases and propose Helidon as an OpenJDK project.

↫ Oracle’s Java 26 press release

Oracle’s press releases lists the most important JDK Enhancement Proposals in this release, as do the release notes and the project page at OpenJDK. In addition, Java developer Hanno Embregts published a detailed blog post that dives deeper into this new release.

Since many of the platforms and conventions that came to dominate computing came from the western world, we never give it a second thought that virtually everything related to programming is written in English using the English alphabet. However, there’s no real reason behind arriving at this point other than convention and the course of history – with the right tooling, you could program a computer in whatever language or alphabet (or other writing system!) you desire.

For example, what about programming in Korean, using Hangul?

Han is a statically-typed, compiled programming language where every keyword is written in Korean. It compiles to native binaries through LLVM IR and also ships with a tree-walking interpreter for instant execution. The compiler toolchain is written entirely in Rust.

↫ Han’s GitHub page

Han is written entirely in Korean, and uses the genius and easy-to-learn Hangul script. Hangul was developed by King Sejong the Great in the middle of the 15th century, to replace the Chinese-based characters used to write Korean up until that point. Since it was specifically designed to be easy to learn by scholars and the general public of the time alike to promote literacy, the Hangul alphabet is stupidly easy to learn; I managed to teach myself the Hangul alphabet in an single afternoon a decade or so ago. Obviously, do note that learning Hangul (an alphabet) isn’t the same thing as learning Korean (a language).

One of my favourite aspects of Hangul is that it combines the letters making up a syllable into single structured syllable blocks, which gives it its unique look and makes it quite easy to grasp – you’ll quickly start recognising common syllables. On top of that, it’s said that the individual Hangul consonants mimic the shape of speech organs (tongue, throat, etc.), which, once you see it, you can’t unsee, further aiding in remembering what letters sound like. If you have an afternoon to kill, it’s certainly a fun thing to learn.

Regardless, it’s very welcome to see efforts like this, if only to remember that programming being an Anglophone affair is but an accident, not a law of nature.

What if you have a very modern machine that is entirely UEFI-only, meaning it has no compatibility support module and thus no way of enabling a legacy BIOS mode? Well, install a CSM as an EFI application, of course!

CSMWrap is an EFI application designed to be a drop-in solution to enable legacy BIOS booting on modern UEFI-only (class 3) systems. It achieves this by wrapping a Compatibility Support Module (CSM) build of the SeaBIOS project as an out-of-firmware EFI application, effectively creating a compatibility layer for traditional PC BIOS operation.

↫ CSMWrap’s GitHub page

The need for this may not be immediately obvious, but here’s the problem: if you want to run an older operating system that absolutely requires a traditional BIOS on a modern machine that only has UEFI without any CSM options (a class 3-machine), you won’t be able to boot said operating system. CSMWrap is a possible solution, as it leverages innate EFI capabilities to run a CSM as an EFI application, thereby adding the CSM functionality back in. All you need to do is drop CSMWrap into /efi/boot on the same drive the operating system that needs BIOS to boot is on, and UEFI will list it as a bootable operating system.

It does come with some limitations, however. For instance, one logical core of your processor will be taken up by CSMWrap and will be entirely unavailable to the booted BIOS-based operating system. In other words, this means you’re going to need a processor with at least more than one logical processor (e.g., even a single-core machine with hyperthreading will work). It’s also suggested to add a legacy-capable video card if you’re using an operating system that doesn’t support VESA BIOS extensions (e.g. anything older than NT).

This is an incredibly neat idea, and even comes with advantages over built-in CSMs, since many of those are untested and riddled with issues. CSMWrap uses SeaBIOS, which is properly tested and generally a much better BIOS than whatever native CSMs contain. All in all, a great project.

SMF is the illumos system for managing traditional Unix services (long-lived background processes, usually). It’s quite rich in order to correctly accommodate a lot of different use cases. But it sometimes exposes that complexity to users even when they’re trying to do something simple.

[…]

In this post, I’ll walk through an example using a demo service and the svcprop(1) tool to show the details.

↫ Dave Pacheco

Soalris’ system management facility or SMF is effectively Solaris’ systemd, and this article provides a deeper insight into one of its features: properties. While using SMF and its suite of tools and commands for basic tasks is rather elementary and easy to get into – even I can do it – once you start to dive deeper into what is can do, things get complex and capable very fast.

I will not pass up an opportunity to make you talk about Plan 9, so let’s focus on Acme.

Acme is remarkable for what it represents: a class of application that leverages a simple, text-based GUI to create a compelling model of interacting with all of the tools available in the Unix (or Plan 9) environment. Cox calls it an “integrating development environment,” distinguishing it from the more hermetic “integrated development environment” developers will be familiar with. The simplicity of its interface is important. It is what has allowed Acme to age gracefully over the past 30 or so years, without the constant churn of adding support for new languages, compilers, terminals, or color schemes.

↫ Daniel Moch

While the article mentions you can use Acme on UNIX, to really appreciate it you have to use it on Plan 9, which today most likely means 9front. Now, I am not the kind of person who can live and breathe inside 9front – you need to be of a certain mindset to be able to do so – but even then I find that messing around with Plan 9 has given me a different outlook on UNIX. In fact, I think it has helped me understand UNIX and UNIX-like systems better and more thoroughly.

If you’re not sure if Plan 9 is something that suits you, the only real way to find out is to just use it. Fire up a VM, read the excellent documentation at 9front, and just dive into it. Most of you will just end up confused and disoriented, but a small few of you will magically discover you possess the right mindset.

Just do it.

I’m feeling kind of nostalgic today so I thought I’d write Hello, world! in Z80 assembly for the ZX Spectrum! The last time I wrote any Z80 assembly was when I was 14 so around 36 years ago! I may be a little rusty!

↫ Old Man By the Sea

It’s easy to tell the world hello in BASIC, but a bit more involved in Z80 assembly.

Now let’s go live to Amazon for the latest updates about this developing story.

Amazon’s ecommerce business has summoned a large group of engineers to a meeting on Tuesday for a “deep dive” into a spate of outages, including incidents tied to the use of AI coding tools.

The online retail giant said there had been a “trend of incidents” in recent months, characterized by a “high blast radius” and “Gen-AI assisted changes” among other factors, according to a briefing note for the meeting seen by the FT.

Under “contributing factors” the note included “novel GenAI usage for which best practices and safeguards are not yet fully established.”

↫ Rafe Rosner-Uddin at Ars Technica

Oh boy.

Back in 2023, John Earnest created a fun drawing application called WigglyPaint. The thing that makes WigglyPaint unique is that it automatically applies what artists call the line boil effect to anything you draw, making it seem as if everything is wiggling (hence the name). Even if you’re not aware of the line boil effect, you’ve surely encountered it several times in your life. The tool may seem simple at first glance, but as Earnest details, he’s put quite a lot of thought into the little tool.

WigglyPaint was well-received, but mostly remained a curiosity – that is, until artists in Asia picked up on it, and the popularity of WigglyPaint positively exploded from a few hundred into the millions. The problem, though, is that basically nobody is actually using WigglyPaint: they’re all using slopcoded copycats.

The sites are slop; slapdash imitations pieced together with the help of so-called “Large Language Models” (LLMs). The closer you look at them, the stranger they appear, full of vague, repetitive claims, outright false information, and plenty of unattributed (stolen) art. This is what LLMs are best at: quickly fabricating plausible simulacra of real objects to mislead the unwary. It is no surprise that the same people who have total contempt for authorship find LLMs useful; every LLM and generative model today is constructed by consuming almost unimaginably massive quantities of human creative work- writing, drawings, code, music- and then regurgitating them piecemeal without attribution, just different enough to hide where it came from (usually). LLMs are sharp tools in the hands of plagiarists, con-men, spammers, and everyone who believes that creative expression is worthless. People who extract from the world instead of contributing to it.

It is humiliating and infuriating to see my work stolen by slop enthusiasts, and worse, used to mislead artists into paying scammers for something that ought to be free.

↫ John Earnest

There’s a huge amount of slopcoded WrigglyPaint ripoffs out there, and it goes far beyond websites, too. People are putting slopcoded ripoffs in basic webviews, and uploading them en masse to the Play Store and App Store. None of these slopcoded ripoffs actually build upon WrigglyPaint with new ideas or approaches, there’s no creativity or innovation; it’s just trash barfed up by glorified autocomplete built upon mass plagiarism and theft, “made” by bottom feeders who despise creativity, art, and originality.

You know how when you go to IKEA or whatever other similar store to buy picture frames, they have these stock photos of random people in them? I wonder if “AI” enthusiasts understand you’re supposed to replace those with pictures that actually have meaning to you.

While FreeBSD 15.x may be getting all the attention, the FreeBSD 14.x branch continues to be updated for the more conservative users among us. FreeBSD 14.4 has been released today, and brings with it updated versions of OpenSSH, OpenZFS, and Bhyve virtual machines can now share files with their host over 9pfs – among other things, of course.

While IBM’s OS/2 technically did die, its development was picked up again much later, first through eComStation, and later, after money issues at its parent company Mensys, through ArcaOS. eComStation development stalled because of the money issues and has been dead for years; ArcaOS picked up where it left off and has been making steady progress since its first release in 2017. Regardless, the developers behind both projects develop OS/2 under license from IBM, but it’s unclear just how much they can change or alter, and what the terms of the agreement are.

Anyway, ArcaOS 5.1.2 has just been released, and it seems to be a rather minor release. It further refines ArcaOS’ support for UEFI and GPT-based disks, the tentpole feature of ArcaOS 5.1 which allows the operating system to be installed on a much more modern systems without having to fiddle with BIOS compatibility modes. Looking at the list of changes, there’s the usual list of updated components from both Arca Noae and the wider OS/2 community. You’ll find the latest versions of of the Panorama graphics drivers, ACPI, USB, and NVMe drivers, improved localisation, newer versions of the VNC server and viewer, and much more.

If you have an active Support & Maintenance subscription for ArcaOS 5.1, this update is free, and it’s also available at discounted prices as upgrades for earlier versions. A brand new copy of ArcaOS 5.1.x will set you back $139, which isn’t cheap, but considering this price is probably a consequence of what must be some onerous licensing terms and other agreements with IBM, I doubt there’s much Arca Noae can do about it.