RSS Channel:
OSAlert
Exploring the Future of Computing
Generator:
https://wordpress.org/?v=6.5.5
Docs:
http://blogs.law.harvard.edu/tech/rss
Google extends Linux kernel support to keep Android devices secure for longer
Android, like many other operating systems, uses the open-source Linux kernel. There are several different types of Linux kernel releases, but the type that’s most important to Android is the long-term support (LTS) one, as they’re updated regularly with important bug fixes and security patches. Starting in 2017, the support lifetime of LTS releases of Linux was extended from two years to six years, but early last year, this extension was reversed. Fortunately, Google has announced that moving forward, they’ll support their own LTS kernel releases for four years. Here’s why that’s important for the security of Android devices. ? Mishaal Rahman at Android Authority I fully support the Linux kernel maintainers dropping the LTS window from six to two years. The only places where such old kernels were being used were embedded devices and things like smartphones vendors refused to update to newer Android releases, and it makes no sense for kernel maintainers to be worrying about that sort of stuff. If an OEM wants to keep using such outdated kernels, the burden should be on that OEM to support that kernel, or to update affected devices to a newer, supported kernel. It seems Google, probably wisely, realised that most OEMs weren’t going to properly upgrade their devices and the kernels that run on them, and as such, the search giant decided to simply create their own LTS releases instead, which will be supported for four years. Google already maintains various Android-specific Linux kernel branches anyway, so it fits right into their existing development model for the Android Linux kernel. Some of the more popular OEMs, like Google itself or Samsung, have promised longer support life cycles for new Android versions on their devices, so even with this new Android-specific LTS policy, there’s still going to be cases where an OEM will have to perform a kernel upgrade where they didn’t have to before with the six year LTS policy. I wonder if this is going to impact any support promises made in recent years.
https://www.osnews.com/story/140185/google-extends-linux-kernel-support-to-keep-android-devices-secure-for-longer/#comments
Mozilla opts to extended Windows 7/8/8.1 support
Among them, Byron Jourdan, Senior Director, Product Management of Mozilla, under the Reddit username ComprehensiveDoor643 revealed that Mozilla plans to support Firefox on Windows 7 for longer. When asked separately about whether it also included Windows 8 and 8.1 too, Jourdan added that it was certainly the plan, though for how long the extended support would last was still undecided. ? Sayan Sen at Neowin Excellent move by Mozilla. I doubt there’s that many new features and frameworks in Windows 10 or 11 that are absolutely essential to Firefox working properly, so assuming it can gracefully disable any possible Windows 10/11-exclusive features, it should be entirely possible to use Firefox as an up-to-date, secure, and capable browser on Windows 7/8.x. Windows 7 and 8.x users still make up about 2.7% of Windows users worldwide, and with Windows’ popularity, that probably still translates to millions and millions of people. Making sure these people have access to a safe and secure browser is a huge boon, and I’m very happy Mozilla is going to keep supporting these platforms as best they can, at least for now. For those of us who already consider especially Windows 7 a retrocomputing platform – I sure do – this is also great news, as any retro box or VM we load up with it will also get a modern browser. Just excellent news all around.
https://www.osnews.com/story/140183/mozilla-opts-to-extended-windows-7-8-8-1-support/#comments
No more boot loader: please use the kernel instead
Most people are familiar with GRUB, a powerful, flexible, fully-featured bootloader that is used on multiple architectures (x86_64, aarch64, ppc64le OpenFirmware). Although GRUB is quite versatile and capable, its features create complexity that is difficult to maintain, and that both duplicate and lag behind the Linux kernel while also creating numerous security holes. On the other hand, the Linux kernel, which has a large developer base, benefits from fast feature development, quick responses to vulnerabilities and greater overall scrutiny. We (Red Hat boot loader engineering) will present our solution to this problem, which is to use the Linux kernel as its own bootloader. Loaded by the EFI stub on UEFI, and packed into a unified kernel image (UKI), the kernel, initramfs, and kernel command line, contain everything they need to reach the final boot target. All necessary drivers, filesystem support, and networking are already built in and code duplication is avoided. ? Marta Lewandowska I’m not a fan of GRUB. It’s too much of a single point of failure, and since I’m not going to be dual-booting anything anyway I’d much rather use something that isn’t as complex as GRUB. Systemd-boot is an option, but switching over from GRUB to systemd-boot, while possible on my distribution of choice, Fedora, is not officially supported and there’s no guarantee it will keep working from one release to the next. The proposed solution here seems like another option, and it may even be a better option – I’ll leave that to the experts to discuss. It seems like to me that the ideal we should be striving for is to have booting the operating system become the sole responsibility of the EUFI firmware, which usually already contains the ability to load any operating system that supports UEFI without explicitly installing a bootloader. It’d be great if you could set your UEFI firmware to just always load its boot menu, instead of hiding it behind a function key or whatever. We made UEFI more capable to address the various problems and limitations inherent in BIOS. Why are we still forcing UEFI to pretend it still has the same limitations?
https://www.osnews.com/story/140181/no-more-boot-loader-lease-use-the-kernel-instead/#comments
Design and build the next version of OSAlert
Despite being live since 1997, OSAlert has had fairly few redesigns in the grand scheme of things. If my memory serves me correctly, we’ve had a grand total of 6 designs, and we’re currently on version 6, introduced about 5 years ago because of unpleasant reasons. It’s now 2024, and for a variety of reasons, we’re looking to work towards version 7 of our almost 30 year old website, and we need help. I have a very clear idea of what I want OSAlert 7 to be like – including mockups. The general goals are making the site visually simpler, reducing our dependency on WordPress extensions, and reducing the complexity of our theme and website elements to make it a bit easier for someone like me to change small things without breaking anything. Oh and a dark mode that works. Note that we’re not looking to change backends or anything like that – WordPress will stay. If you have the WordPress, design, and developer skills to make something like this a reality, and in the process shape the visual identity of one of the oldest continuously running technology news websites in the world, send me an email.
https://www.osnews.com/story/140175/design-and-build-the-next-version-of-osnews/#comments
Getting the most out of TWM, X11’s default window manager
Graham’s TWM page has been around for like two decades or so and still isn’t even remotely as old as TWM itself, and in 2021 they published an updated version with even more information, tips, and tricks for TWM. The Tab Window Manager finds its origins in the lat 1980s, and has been the default window manager for the X Windowing System for a long time, now, too. Yet, few people know it exists – how many people even know X has a default window manager? – and even fewer people know you can actually style it, too. OK, so TWM is fairly easy to configure but alot of people, upon seeing the default config, scream ‘Ugh, thats awful!’ and head off to the ports tree or their distro sources in search of the latest and greatest uber desktop environment. There are some hardcore TWM fans and mimimalists however who stick around and get to liking the basic feel of TWM. Then they start to mod it and create their own custom dekstop. All part of the fun in Unix :). ? Graham’s TWM page I’ll admit I have never used TWM properly, and didn’t know it could be themed at all. I feel very compelled to spend some time with it now, because I’ve always liked the by-now classic design where the right-click desktop menu serves as the central location for all your interactions with the system. There are quite a few more advanced, up-to-date forks of TWM as well, but the idea of sticking to the actual default X window manager has a certain charm. I almost am too afraid to ask, because the answer on OSAlert to these sorts of questions is almost always “yes” – do we have any TWM users in the audience? I’m extremely curious to find out if TWM actually has a reason to exist at this point, or if, in 2024, it’s just junk code in the X.org source repository, because I’m looking at some of these screenshots and I feel a very strong urge to give it a serious go.
https://www.osnews.com/story/140172/getting-the-most-out-of-twm-x11s-default-window-manager/#comments
A brief summary of click-to-raise and drag-and-drop interaction on X11 and Wayland
The goal is to be able to drag an icon from a background window without immediately raising that window and obscuring the drop target window when using the click-to-focus mode. This is a barebones description of what needs to happen. It assumes familiarity with code, protocols, etc. as needed. ? Quod Video The articles describes how to get there using both X and Wayland, and it’s clear there’s still quite a bit of work to do. At least on my KDE Wayland setups, the way it works now is that when I click to drag an icon from a lower Dolphin window to a higher one, it brings the lower window forward, but then, when I hover for a bit over the other window, it brings it back up. Of course, this only works if the destination window remains at least partially visible, which might not always be the case. For usability’s sake, there needs to be an option to start a drag operation from one window to the next without altering the Z-order.
https://www.osnews.com/story/140170/a-brief-summary-of-click-to-raise-and-drag-and-drop-interaction-on-x11-and-wayland/#comments
Android 15 could include a desktop mode — but what for?
If there was ever a “will they, won’t they?” love story in mobile computing, it’s definitely Google’s on and off again relationship with Android’s desktop mode. There have been countless hints, efforts, and code pertaining to the mythical desktop mode for Android, but so far, Google has never flipped the switch and made it available. It’s 2024, Android 15 development is in full swing, and it seems Google and Android’s desktop mode are dating again. This past spring, Google added DisplayPort support to the Pixel 8 and Pixel 8 Pro in a Feature Drop update, allowing for easy wired connections to external monitors. Then, tinkering in Android 14 QPR3 Beta 2.1, Mishaal Rahman was able to get a new desktop interface up and running, complete with Android apps running in resizeable floating windows. It’s not confirmed that Android 15 will ship with a built-in desktop mode, but the bones are there. It does make me wonder, though: why? What would a desktop interface add to Android? ? Taylor Kerns at Android Police I’m actually fairly convinced Android could, indeed, serve as an excellent desktop operating system, but without any official backing by Google, it’s always been a massive hack to use Android with a mouse and keyboard. It’s not so much the hardware support – it’s all there – but rather the software support, and the clunky way common Android UI tasks feel when performing them with a mouse. I’ve installed Android desktop ‘distributions’ countless times, and the third-party hacks they use, like clunky taskbars and custom menus and so on, make for a horrid user experience. Samsung DEX seems to be the only somewhat successful attempt at adding a desktop mode to Android, but it can’t be installed on any regular PC or laptop, and requires cumbersome cabling or expensive docks, making it more of a curiosity than a true desktop mode in the sense most of us are thinking of. This feature needs to come from Google itself, and it needs to be something third parties can use in their ROMs and x86 builds so we can truly use Android on a desktop. I don’t believe that’s going to happen, though. It’s clear Google is more interested in pushing Chrome OS for desktop and laptop use, and it seems more likely that any desktop mode that gets added to Android is going to be similar in nature to DEX – something you can only use by hooking up your phone to a display and configuring wireless input devices. Cool, but not exactly something that will turn Android into a desktop contender.
https://www.osnews.com/story/140167/android-15-could-include-a-desktop-mode-but-what-for/#comments
Breaking: comment editing is back
I’ve just confirmed with, well, myself, that comment editing on OSAlert finally works again. We’re finally free. Our trying times are behind us, and we can begin to rebuild. Stay safe out there, and be kind to each other.
https://www.osnews.com/story/140164/breaking-comment-editing-is-back/#comments
Google is bringing Fuchsia OS to Android devices, but not in the way you’d think
To evolve Fuchsia beyond smart home devices, Google has been working on projects such as Starnix to run unmodified Linux binaries on Fuchsia devices. In addition, since late April of this year, Google has been working on a new project called “microfuchsia” that aims to make Fuchsia bootable on existing devices via virtualization. Microfuchsia, according to Google, is a Fuchsia OS build that targets virtual machines and is designed to be bootable in virtualization solutions such as QEMU and pKVM. ? Mishaal Rahman at Android Authority The goal here might be, according to Mishaal Rahman, might be to use this new microfuchsia thing to replace the stripped-down Android version that’s currently being used inside Android’s pKVM to run certain secured workloads. Relevant patches have been submitted to both the Fuchsia and Android side of things for this very purpose. At this point, it really seems that Google’s grand ambitions with Fuchsia simply didn’t survive the massive employee culling, with leadership probably reasoning that Android and Chrome OS are good enough, and that replacing them with something homegrown and possibly more suited – speculation, of course – simply isn’t worth the investment in both time and money. It probably makes sense from a financial standpoint, but it’s still sad.
https://www.osnews.com/story/140162/google-is-bringing-fuchsia-os-to-android-devices-but-not-in-the-way-youd-think/#comments
Apple bows to Russian censorship once more, removes VPN apps from Russian App Store
A few weeks ago, I broke the news that Mozilla had removed several anti-censorship Firefox extensions from its store in Russia, and a few days later I also broke the news they reversed course on their decision and reinstated the extensions. Perhaps not worthy of a beauty prize, as a Dutch saying goes, but at least the turnaround time was short, and they did the right thing in the end. Well, let’s see how Apple is going to deal with the exact same situation. Novaya Gazeta Europe reports that bowing under pressure from the same Russian censors that targeted Mozilla, the company has removed a whole slew of VPN applications used by Russians to evade the stringent totalitarian censorship laws in the warmongering nation. Apple has removed several apps offering virtual private network (VPN) services from the Russian AppStore, following a request from Roskomnadzor, Russia’s media regulator, independent news outlet Mediazona reported on Thursday. The VPN services removed by Apple include leading services such as ProtonVPN, Red Shield VPN, NordVPN and Le VPN. Those living in Russia will no longer be able to download the services, while users who already have them on their phones can continue using them, but will be unable to update them. ? Novaya Gazeta Europe Apple has a long history of falling in line with the demands from dictators and totalitarian regimes, and Russia is no stranger to telling Apple what to do. Earlier this year, Apple was ordered to remove an application developed by the team of the murdered opposition figure Alexey Navalny, and of course, Apple rolled over and complied. Much like Apple’s grotesque suck-up behaviour in China, This stands in stark contrast to Apple’s whining, complaining, and tantrums in the European Union. It seems Apple finds it more comfortable to operating under dictators than in democracies.
https://www.osnews.com/story/140159/apple-bows-to-russian-censorship-once-more-removes-vpn-apps-from-russian-app-store/#comments
Psion OPL: when we owned our devices
We talked about Psion last week, and we’re talking about Psion again this week. This time, Kian Ryan highlights a very important capability of Psion’s devices, a capability that’s entirely absent from today’s mobile devices: a built-in IDE and dedicated programming language so you can write code and build applications, including ones with a graphical user interface, right on the device. All Psion devices could run OPL, either preinstalled on the device or via a DATAPAK memory card. It’s a BASIC-esque programming language, and while you could develop OPL programs on your PC in DOS, Psion devices also shipped with an IDE preinstalled so you could get just as much done on the device itself. Back then, this wasn’t particularly unique, but these days, mobile devices have become so locked-down and dumb that developing applications on-device is basically a non-starter. Which can’t be said about my current mobile. My mobile is a great device to consume content on, but it has no built in tools to extend its functionality. If I want to build an application for it, I have to use another computer to download a build environment, build the application, sign it, and then transfer the packaged app to my phone. On the Psion, all the tools are right there, on my home screen. It does feel like we’re missing an opportunity here. ? Kian Ryan They’re entirely right, of course. Our current mobile devices are faster and technically more capable than ever, but extending the functionality of your smartphone using the smartphone itself by writing and compiling code on it is far more cumbersome than it was in the past. Even my Psion Organiser II LZ64, from 1986, has OPL on it, and if I took the time to relearn the basic BASIC I once knew, I could probably still program something useful on it today, almost 40 years later, without being gatekept by anyone, and without needing any other device. That’s something quite magical that we’ve lost, and that’s sad.
https://www.osnews.com/story/140155/psion-opl-when-we-owned-our-devices/#comments
Moving to an RTOS on the RP2040
I’ve been working on a bunch of small projects involving microcontrollers. Currently a lot of them are based around the Raspberry Pi Pico boards because I like the development experience of those a lot. They have a decent SDK and cheap hardware to get started and the debugger works with gdb/openocd so it just integrates in all IDEs that support that. One of my current projects is making a fancy hardware controller for a bunch of video equipment I use. The main things that will be controlled are two PTZ cameras (those are cameras that have motors to move them). One stationary camera and the video switching equipment that that’s hooked up to. ? Martijn Braam There’s more to building something like this than connecting up hardware components – there’s also software that needs to be taken care of. In this case, the author is weighing several real-time operating systems for use in the project, namely FreeRTOS, NuttX, and Zephyr. If you’re working on a similar project, this article may help in choosing the RTOS that’s right for you.
https://www.osnews.com/story/140153/moving-to-an-rtos-on-the-rp2040/#comments
David Rosenthal on the X Windowing System’s 40th birthday
David Rosenthal, one of the primary contributors to the X Windowing System, has published an awesome blog post about the recent 40 year anniversary of X, full of details about the early days of X development, as well as the limitations they had to deal with, the choices they had to make, and the environment in which they were constrained. Once at Sun I realized that it was more important for the company that the Unix world standardized on a single window system than that the standard be Sun’s NeWS system. At C-MU I had already looked into X as an alternative to the Andrew window system, so I knew it was the obvious alternative to NeWS. Although most of my time was spent developing NeWS, I rapidly ported X version 10 to the Sun/1, likely the second port to non-DEC hardware. It worked, but I had to kludge several areas that depended on DEC-specific hardware. The worst was the completely DEC-specific keyboard support. Because it was clear that a major redesign of X was needed to make it portable and in particular to make it work well on Sun hardware, Gosling and I worked with the teams at DEC SRC and WRL on the design of X version 11. Gosling provided significant input on the imaging model, and I designed the keyboard support. As the implementation evolved I maintained the Sun port and did a lot of testing and bug fixing. All of which led to my trip to Boston to pull all-nighters at MIT finalizing the release. ? David Rosenthal They were clearly right. During those days, the UNIX world was using a variety of windowing systems, all tied to various companies and platforms. Standardising virtually the entire UNIX world on X aided in keeping UNIX compatible-ish even in the then-new graphical era, and X’s enduring existence to this very day is evidence of the fact they made a lot of right choices early on. Rosenthal also explains why one of the main alternatives to X, Sun’s PostScript-based NeWS, which was also co-developed by Rosenthal, didn’t win out over X. It had several things working against its adoptions and popularisation, such as Sun requiring a license fee for the source code, its heftier system requirements, and the fact it was more difficult to program for. After trying to create what Rosenthal describes as a “ghastly kludge” by combining NeWS and X into Xnews, Sun eventually killed it altogether. Of course, this wouldn’t be restrospective of X without mentioning Wayland. We and Jobs were wrong about the imaging model, for at least two reasons. First, early on pixels were in short supply and applications needed to make the best use of the few they were assigned. They didn’t want to delegate control to the PostScript interpreter. Second, later on came GPUs with 3D imaging models. The idea of a one-size-fits-all model became obsolete. The reason that Wayland should replace X11 is that it is agnostic to the application’s choice of imaging model. ? David Rosenthal This is about as close to a blessing from the original X Windowing System developers you’re ever going to get, but Rosenthal does correctly note that XWayland is a thing, and since not every application is going to be rewritten to support Wayland, X will most likely be around for a long time to come. In fact, he looks towards the future, and predicts that we’ll definitely be celebrating 50 years of X, and that yes, people will still be using it by then.
https://www.osnews.com/story/140149/david-rosenthal-on-the-x-windowsing-systems-40th-birthday/#comments
Cloudflare lets customers block AI bots, scrapers and crawlers with a single click
It seems the dislike for machine learning runs deep. In a blog post, Cloudflare has announced that blocking machine learning scrapers is so popular, they decided to just add a feature to the Cloudflare dashboard that will block all machine learning scrapers with a single click. We hear clearly that customers don’t want AI bots visiting their websites, and especially those that do so dishonestly. To help, we’ve added a brand new one-click to block all AI bots. It’s available for all customers, including those on the free tier. To enable it, simply navigate to the Security > Bots section of the Cloudflare dashboard, and click the toggle labeled AI Scrapers and Crawlers. ? Cloudflare blog According to Cloudflare, 85% of their customers block machine learning scrapers from taking content from their websites, and that number definitely does not surprise me. People clearly understand that multibillion dollar megacorporations freely scraping every piece of content on the web for their own further obscene enrichment while giving nothing back – in fact, while charging us for it – is inherently wrong, and as such, they choose to block them from doing so. Of course, it makes sense for Cloudflare to try and combat junk traffic, so this is one of those cases where the corporate interests of Cloudflare actually line up with the personal interests of its customers, so making blocking machine learning scrapers as easy as possible benefits both parties. I think OSAlert, too, makes use of Cloudflare, so I’m definitely going to ask OSAlert’ owner to hit that button. Cloudflare further details that a lot of people are blocking crawlers run by companies like Amazon, Google, and OpenAI, but completely miss far more active crawlers like those run by the Chinese company ByteDance, probably because those companies don’t dominate the “AI” news cycle. Then there’s the massive number of machine learning crawlers that just straight-up lie about their intentions, trying to hide the fact they’re machine learning bots. We fear that some AI companies intent on circumventing rules to access content will persistently adapt to evade bot detection. We will continue to keep watch and add more bot blocks to our AI Scrapers and Crawlers rule and evolve our machine learning models to help keep the Internet a place where content creators can thrive and keep full control over which models their content is used to train or run inference on. ? Cloudflare blog I find this particularly funny because what’s happening here is machine learning models being used to block… Machine learning models. Give it a few more years down the trajectory we’re currently on, and the internet will just be bots reading content posted by other bots.
https://www.osnews.com/story/140146/cloudflare-lets-customers-block-ai-bots-scrapers-and-crawlers-with-a-single-click/#comments
Some sanity for C and C++ development on Windows
The article’s from 2021, but I think it’s still worth discussing. A hard reality of C and C++ software development on Windows is that there has never been a good, native C or C++ standard library implementation for the platform. A standard library should abstract over the underlying host facilities in order to ease portable software development. On Windows, C and C++ is so poorly hooked up to operating system interfaces that most portable or mostly-portable software — programs which work perfectly elsewhere — are subtly broken on Windows, particularly outside of the English-speaking world. The reasons are almost certainly political, originally motivated by vendor lock-in, than technical, which adds insult to injury. This article is about what’s wrong, how it’s wrong, and some easy techniques to deal with it in portable software. ? Chris Wellons As someone who doesn’t know how to code or program, articles like these are always difficult to properly parse. I understand the primary problem the article covers, but what I’m curious about is how much of this problem is personal – skill issue – and how much of it is a widely held belief by Windows developers and programmers. I know there’s quite a few of you in our audience, so I’d love to hear from you how you feel about this. The author also authored his on fix, something called libwinsane, which I’m also curious about – is this the only solution, or are there more options out there?
https://www.osnews.com/story/140142/some-sanity-for-c-and-c-development-on-windows/#comments
Redox secures more funding deals, gives UI small makeover, and more
Another month, another report from the Redox team. The Rust-based operating system saw another active month, including getting a whole bunch of new funding deals for specific features, such as adding UNIX-style signals to Redox, as well as the further development of Termion, a Redox project that is “a pure Rust, bindless library for low-level handling, manipulating and reading information about terminals”. Furthermore, the default user interface Orbital got a small makeover with new colours and a new default wallpaper, and there’s the usual documentation and website improvements. More substantial are doubling the performance of RedoxFS by improving the speed of block reads and writes, and changes in how the xHCI drivers works to drastically reduce CPU usage. The PCI/PCIe and x86 VirtIO drivers has also been improved, and you can now do userspace debugging using the GNU Debugger from outside the VM. There’s a lot more, so head on over to read the whole thing.
https://www.osnews.com/story/140139/redox-secures-more-funding-deals-gives-ui-small-makeover-and-more/#comments