GNOME 49 released 17 Sep 2025, 10:33 pm

GNOME 49 has been released, and it’s got a lot of nice updates, improvements, and fixes for everyone. GNOME 49 finally replaces the ageing Totem video player with Showtime, and Evince, GNOME’s document viewer, is replaced by the new Papers. Both of these new applications bring a modern GTK4 user interface to replace their older GTK3 counterparts. Papers supports a ton of both document-oriented as well as comic book formats, and has annotation features.

We’ve already touched on the extensive accessibility improvements in GNOME Calendar, but other applications have been improved as well, such as Maps, Software, and Web. Software’s improvements focus on improving the application’s performance, especially when dealing with Flatpaks from Flathub, while Web, GNOME’s web browser, comes with improved ad blocking and optional regional blocklists, better bookmark management, improved security features, and more.

The remote desktop experience also saw a lot of work, with multitouch input support, extended virtual monitors, and relative mouse input. For developers, GNOME 49 comes with the new GTK 4.20, the latest version of Glib, and Libadwaita 1.8, released only a few days ago. It brings a brand new shortcuts information dialog as its most user-facing feature, on top of a whole bunch of other, developer-oriented features.

GNOME 49 will find its way to your distribution of choice soon enough.

Installing and using Debian with my decades-old genuine DEC vt510 serial terminal 17 Sep 2025, 8:32 pm

It’s 2025, and yes, you can still install and run a modern Linux distribution like Debian through a real hardware terminal.

While I have used a terminal with the Pi, I’ve never before used it as a serial console all the way from early boot, and I have never installed Debian using the terminal to run the installer. A serial terminal gives you a login prompt. A serial console gives you access to kernel messages, the initrd environment, and sometimes even the bootloader.

This might be fun, I thought.

↫ John Goerzen at The Changelog

It seems Debian does a lot of the correct configurations for you, but there’s still a few things you’ll need to manually change, but none of it seems particularly complicated. Once the installation is completed, you have a system that’s completely accessible and usable from a hardware terminal, which, while maybe not particularly important in this day and age of effortless terminal emulators, is still quite a cool thing to have.

Haiku vastly improves git status performance 17 Sep 2025, 11:33 am

Another month, another summary of changes in Haiku, the BeOS-inspired operating system. The main focus this past month has been improving the performance of git status, which has been measurably worse on Haiku than on Linux running on similar hardware. This work has certainly paid off, as the numbers demonstrate.

The results are clearly more than worth the trouble, though: in one test setup with git status in Haiku’s buildtools repository (which contains the entirety of the gcc and binutils source code, among other things – over 160,000 files) went from around 33 seconds with a cold disk cache, to around 20 seconds; and with a hot disk cache, from around 15 seconds to around 2.5 seconds.

This is still a ways off from Linux (with a similar setup in the same repository, git status there with a hot disk cache takes only 0.3 seconds). Performance on Haiku will likely be measurably faster on builds without KDEBUG enabled, but not by that much. Still, this is clearly a significant improvement over the way things were before now.

↫ Haiku Activity & Contract Report, August 2025

There’s more than this, of course, such as initial support for Intel’s Apollo Lake GPU in the Intel modesetting driver, improvements to USB disk performance, a reduction in power usage when in KDL, and much, much more.

Why is the name of the Microsoft Wireless Notebook Presenter Mouse 8000 hard-coded into the Bluetooth drivers? 17 Sep 2025, 10:26 am

Some time ago, people noticed that buried in the Windows Bluetooth drivers is the hard-coded name of the Microsoft Wireless Notebook Presenter Mouse 8000. What’s going on there? Does the Microsoft Wireless Notebook Presenter Mouse 8000 receive favorable treatment from the Microsoft Bluetooth drivers? Is this some sort of collusion?

No, it’s not that.

↫ Raymond Chen

So, what is the actual problem? It’s a funny one: an encoding mistake. The device local name string for a device needs to be encoded in UTF-8, and that’s where the developers of the Microsoft Wireless Notebook Presenter Mouse 8000 made a mistake. The string contains a registered trademark symbol – ® – but they encoded it in code page 1252, which not only isn’t allowed, but gets rejected completely.

So, Windows’ Bluetooth drivers have a table that contains the wrong name for a driver, accompanied by the right name to use. This mouse is the only entry.

Java 25 released 17 Sep 2025, 10:15 am

Java 25 has been released.

JDK 25, the reference implementation of Java 25, is now Generally Available. We shipped build 36 as the second Release Candidate of JDK 25 on 15 August, and no P1 bugs have been reported since then. Build 36 is therefore now the GA build, ready for production use.

↫ Java 25/JDK 25 release announcement

If you want to dive into the details about this new release, feel free to peruse the long, long list of improvements and changes.

A months of ad-free OSNews: we’re closing in on the fundraising goal, and need your help to get there 15 Sep 2025, 10:11 pm

It’s been a little over a month since OSNews went completely ad-free for everyone. I can say the support has been overwhelming, with the accompanying fundraiser currently sitting at 67% of the €5000 goal! Of course things slowed down a bit after the initial week of one donation after the next, so I’m throwing out this reminder that without your support, OSNews can’t exist – doubly so now that I’ve removed any and all advertising. Help us reach that 100%!

So, what can you do to support OSNews?

• You can donate to the OSNews Ko-Fi fundraiser and help reach that 100%.
• You can become an OSNews Patreon!
• You can buy our merch – it’s pretty awesome stuff.

By being entirely free from the corrupting influence of advertising, I have even less desire to chase views, entrap users with slop content, game search engines with shitty SEO spam, or turn on the taps of “AI”-generated trash to spew forth as much “articles” and thus views as possible. This also means that OSNews is one of the few technology news websites remaining that is not part of a massive corporate media conglomerate, so there’s no pressure from “corporate” to go easy on advertisers or write favourable stuff about corporate’s friends.

You’d be surprised to learn how many technology sites out there are not independent.

The response to OSNews no longer having any advertising has been overwhelmingly positive – unsurprisingly – and that has taken away any reservations I might have had about taking this step. In a world where so many websites are disappearing, turning into corporate mouthpieces, or becoming glorified content farms, OSNews can keep on doing what it does, independent of any outside influence, thanks to the countless contributions from all of you.

Thank you.

Apple releases version 26 of all of its operating systems 15 Sep 2025, 9:36 pm

It’s release day for all of Apple’s operating systems, so if you’re fully or only partway into the ecosystem, you’ve got some upgrades ahead of you. Version 26 for macOS, iOS and iPadOS, watchOS, tvOS, visionOS, and HomePod Software have all been released today, so if you own any device running any of these operating system, it’s time to head on over to the update section of the settings application and wait for that glass to slowly and sensually liquefy all over your screens.

Do put a sock on the doorknob.

Writing an operating system kernel from scratch in Zig 15 Sep 2025, 9:30 pm

I recently implemented a minimal proof of concept time-sharing operating system kernel on RISC-V. In this post, I’ll share the details of how this prototype works. The target audience is anyone looking to understand low-level system software, drivers, system calls, etc., and I hope this will be especially useful to students of system software and computer architecture.

[…]

Finally, to do things differently here, I implemented this exercise in Zig, rather than traditional C. In addition to being an interesting experiment, I believe Zig makes this experiment much more easily reproducible on your machine, as it’s very easy to set up and does not require any installation (which could otherwise be slightly messy when cross-compiling to RISC-V).

↫ Uros Popovic

This is not the first, and certainly not the last, operating system implemented from scratch as a teaching exercise, both for the creator itself, as well as for others wanting to follow along. This time it’s developed for RISC-V, and in an interesting twist, programmed in Zig (no Rust for once!).

Microsoft to force-install Copilot onto Windows PCs with Office 365 installed 15 Sep 2025, 8:31 pm

And the beatings continue until “AI” improves. Except if you live in the European Union/EEA, that is.

Windows devices with the Microsoft 365 desktop client apps will automatically install the Microsoft 365 Copilot app. This app installation takes place in the background and would not disrupt the user. This app installation will start in Fall 2025.

↫ Microsoft support document

Basically, if you have Microsoft 365 desktop applications installed – read my article about some deep Microsoft lore to figure out what that means – Microsoft is going to force-install all the Copilot stuff onto your computer, whether you like it or not. Thanks to more robust consumer protection legislation in the European Union/EEA, like the Digital Markets Act and Digital Services Act, this force-install will not take place there. Administrators managing Office 365 deployments get an option to opt-out through the Microsoft 365 Apps admin center, but I’m not sure if regular users can use this method as well.

Remember, when you’re using Windows (or macOS, for that matter), you don’t own your computer. Plan accordingly.

The idea of /usr/sbin has failed in practice 15 Sep 2025, 2:02 pm

It may be arcane knowledge to most users of UNIX-like systems today, but there is supposed to be a difference between /usr/bin and /usr/sbin; the latter is supposed to be for “system binaries”, not needed by most normal users. The Filesystem Hierarchy Standard states that sbin directories are intended to contain “utilities used for system administration (and other root-only commands)”, which is quite vague when you think about it. This has led to UNIX-like systems basically just winging it, making the distinction almost entirely arbitrary.

For a long time, there has been no strong organizing principle to /usr/sbin that would draw a hard line and create a situation where people could safely leave it out of their $PATH. We could have had a principle of, for example, “programs that don’t work unless run by root”, but no such principle was ever followed for very long (if at all). Instead programs were more or less shoved in /usr/sbin if developers thought they were relatively unlikely to be used by normal people. But ‘relatively unlikely’ is not ‘never’, and shortly after people got told to ‘run traceroute’ and got ‘command not found’ when they tried, /usr/sbin (probably) started appearing in $PATH.

↫ Chris Siebenmann

As such, Fedora 42 unifies /usr/bin and /usr/sbin, which is kind of a follow-up to the /usr merge, and serves as a further simplification and clean-up of the file system layout by removing divisions and directories that used to make sense, but no longer really do. Decisions like these have a tendency to upset a small but very vocal group of people, people who often do not even use the distribution implementing the decisions in question in the first place. My suggestions to those people would be to stick to distributions that more closely resemble classic UNIX.

Or use a real UNIX.

Anyway, these are good moves, and I’m glad most prominent Linux distributions are not married to decisions made in the ’70s, especially not when they can be undone without users really noticing anything.

Google decides to significantly harm Android security to please lazy OEMs 15 Sep 2025, 1:34 pm

Google continues putting nails in the coffin that is the Android Open Source Project. This time, they’re changing the way they handle security updates to appease slow, irresponsible Android OEMs, while screwing over everyone else. The basic gist is that instead of providing monthly security updates for OEMs to implement on their Android devices, Google will now move to a quarterly model, publishing only extremely severe issues on a monthly basis.

The benefit for OEMs is that for most vulnerabilities, they get three months to distribute (most) fixes instead of just one month, but the downsides are also legion. Vulnerabilities will now be out in the wild for three months instead of just one, and while they’re shared with OEMs “privately”, we’re talking tends of thousands of pairs of eyes here, so “privately” is a bit of a misnomer. The dangers are obvious; these vulnerabilities will be leaked, and they will be abused by malicious parties.

Another massive downside related to this change is that Google will now no longer be providing the monthly patches as open source within AOSP, instead only releasing the quarterly patch drops as open source. This means exactly what you think it does: no more monthly security updates from third-party ROMs, unless those third-party ROMs choose to violate the embargo themselves and thus invite all sorts of problems.

Extending the patch access window from one month to three is absolutely insane. Google should be striving to shorten this window as much as possible, but instead, they’re tripling it in length to create a false sense of security. OEMs can now point at their quarterly security updates and claim to be patching vulnerabilities as soon as Google publishes them, while in fact, the unpatched vulnerabilities will have been out in the wild for months by that point.

This change is irresponsible, misguided, and done only to please lazy, shitty OEMs to create a false sense of security for marketing purposes.

China is selling its Great Firewall censorship tools to countries around the world 15 Sep 2025, 8:13 am

We’re all aware of the Chinese Great Firewall, the tool the Chinese government uses for mass censorship and for safeguarding and strengthening its totalitarian control over the country and its population. It turns out that through a Chinese shell company called Geedge Networks, China is also selling the Great Firewall to other totalitarian regimes around the world. Thanks to a massive leak of 500 GB of source code, work logs, and internal communication records, we now have more insight into how the Great Firewall works than ever before, leading to in-depth reports like this one from InterSecLab.

The findings are chilling, but not surprising. First and foremost, Geedge is selling the Great Firewall to a variety of totalitarian regimes around the world, namely Kazakhstan, Ethiopia, Pakistan, Myanmar, and another unidentified country. These governments can then ask Geedge to make specific changes and ask them to focus on specific capabilities to further enhance the functionality of the Great Firewall, but what it can already do today is bad enough.

The suite of products offered by Geedge Networks allow a client government unprecedented access to internet user data and enables governments to use this data to police national and regional networks. These capabilities include deep packet inspection for advanced classification, interception, and manipulation of application and user traffic; monitoring the geographic location of mobile subscribers in real time; analyzing aggregated network traffic in specific areas, such as during a protest or event; flagging unusual traffic patterns as suspicious; creating tailored blocking rules to obstruct access to a website or application (such as a VPN (Virtual Private Network) or circumvention tool); throttling traffic to specific services; identifying individual internet users for accessing websites or using circumvention tools or VPNs; assigning individual internet users reputation scores based on their online activities; and infecting users with malware through in-path injection.

↫ The Internet Coup: A Technical Analysis on How a Chinese Company is Exporting The Great Firewall to Autocratic Regimes

Internet service providers participate in the implementation of the suite of tools, either freely or by force, and since the tools are platform-agnostic it doesn’t matter which platforms people are using in any given country, making international sanctions effectively useless. It also won’t surprise you that Geedge steals both proprietary and open source code, without regards for licensing terms. Furthermore, China is allowing provinces and regions within its borders to tailor and adapt the Great Firewall to their own local needs, providing a blueprint for how to export the suite of tools to other countries.

With quite a few countries sliding ever further towards authoritarianism, I’m sure even places not traditionally thought of as totalitarian are lustfully looking at the Chinese Great Firewall, wishing they had something similar in their own countries.

Everything about Psion, in one place 15 Sep 2025, 7:32 am

Celebrate classic Psion machines with us, from the original Organiser, through the Series 3 and Series 5, all the way to the netBook. Get help with your classic palmtop computer, or help to develop software and hardware that will bring these devices into the 21st Century.

↫ Psion Community website

A brand new one-stop shop for everything related to keeping Psion machines going. A library of all the software, lists of all the ROM images, tons of development resources, and much more.

Java 25’s new CPU-time profiler 15 Sep 2025, 7:27 am

More than three years in the making, with a concerted effort starting last year, my CPU-time profiler landed in Java with OpenJDK 25. It’s an experimental new profiler/method sampler that helps you find performance issues in your code, having distinct advantages over the current sampler. This is what this week’s and next week’s blog posts are all about. This week, I will cover why we need a new profiler and what information it provides; next week, I’ll cover the technical internals that go beyond what’s written in the JEP. I will quote the JEP 509 quite a lot, thanks to Ron Pressler; it reads like a well-written blog post in and of itself.

↫ Johannes Bechberger

There’s also a third entry detailing queue sizing, and a fourth entry going into the removal of redundant synchronisation.

“UTF-8 is a brilliant design” 13 Sep 2025, 8:50 pm

The first time I learned about UTF-8 encoding, I was fascinated by how well-thought and brilliantly it was designed to represent millions of characters from different languages and scripts, and still be backward compatible with ASCII.

[…]

Designing a system that scales to millions of characters and still be compatible with the old systems that use just 128 characters is a brilliant design.

↫ Vishnu Haridas

On a slightly related note, if you are ever bothered or annoyed by text online rendering as unknown squares, you most likely are just missing the proper fonts to render them. At least on most Linux and BSD systems, all you need to do is install the entire set of Noto fonts, including those for every single non-Latin script. Assuming your package manager has sane naming conventions, it’ll most likely come down to something like sudo dnf install google-noto* or whatever your system’s install package command is, and after installing a whole slew of font files, your system will now be able to render virtually every script under the sun.

After installing this massive font set, you can do things like write and render in hieroglyphics, write Ea-nāṣir‘s name the way it’s supposed to, and render all kinds of other scripts and symbols without ever having to look at one of those blank squares ever again.

How open is “open-source” VTubing? 12 Sep 2025, 11:19 pm

I’m not really into the niche of “virtual YouTubers” – people who post YouTube videos and/or stream using a virtual avatar – but to each their own, and if this technology enables people to remain anonymous while doing what they love on YouTube or Twitch, I’m all for it. Since these virtual avatars also do things like face-tracking, there’s a whole cottage industry of software tools to make this all work, but Adrian “asie” Siekierka decided to take a look at where the training data used to make such face-tracking work actually comes from.

One day, some years ago, I decided to look at the data used to train OpenSeeFace. OpenSeeFace is the most popular open source face tracking solution for virtual YouTubers. It is supported by both open source and commercial model rendering tools; in particular, VTube Studio allows using it as an option for webcam tracking.

↫ Adrian “asie” Siekierka

The results of the investigation are not exactly great. Much of the data used by OpenSeeFace comes with serious restrictions on commercial use, and many of the underlying datasets contain images that you would need consent for from the people inside the image to actually use. On top of that, a lot of these data sets seem to have just scraped the internet for images of faces without asking anyone of the people in those images for consent, which raises a whole number of troubling issues.

I find this a very interesting topic of discussion, if only because you’d be hard-pressed to argue that the average cartoon-esque virtual avatars even remotely resemble real human faces, so it’s not like you’re going to suddenly run into your own face somewhere on YouTube or Twitch, but plastered into another person. On the other hand, the underlying datasets still contain a ton of people’s faces without those people’s consent, and even for those that did give consent, there’s often a commercial use restriction which earning revenue on YouTube or Twitch might violate.

It’s a fascinating microcosm of a whole slew of issues we’re dealing with right now, neatly contained in a relatively small niche.