Running a Plan 9 network on OpenBSD 27 Mar 2026, 7:40 pm

This guide describes how you can install a Plan 9 network on an OpenBSD machine (it will probably work on any unix machine though). The authentication service (called “authsrv” on Plan 9) is provided by a unix version: authsrv9. The file service is provided by a program called “u9fs”. It comes with Plan 9. Both run from inetd. The (diskless) cpu server is provided by running qemu, booted from only a floppy (so without local storage). Finally, the terminal is provided by the program drawterm. The nice thing about this approach is that you can use all your familiar unix tools to get started with Plan 9 (e.g. you can edit the Plan 9 files with your favorite unix editor). I’m assuming you have read at least something about Plan 9, for example the introduction paper Plan 9 from Bell Labs.

↫ Mechiel Lukkien

If you’re running OpenBSD, you’re already doing something better than everyone else, and if you want to ascend to the next level, this is a great place to start. Of course, the final level, where you leave your earthly roots behind and become a being of pure enlightened energy, is running Plan 9 on real hardware as the universe intended, but let’s not put the cart before the horse.

One day, all of humanity will just be an endless collection of interconnected cosmic Plan 9 servers, more plentiful than the stars in the known universe.

Will “AI” chatbots be the tobacco of the future? 27 Mar 2026, 7:30 pm

Towards the end of 2024, Dennis Biesma decided to check out ChatGPT. The Amsterdam-based IT consultant had just ended a contract early. “I had some time, so I thought: let’s have a look at this new technology everyone is talking about,” he says. “Very quickly, I became fascinated.”

Biesma has asked himself why he was vulnerable to what came next. He was nearing 50. His adult daughter had left home, his wife went out to work and, in his field, the shift since Covid to working from home had left him feeling “a little isolated”. He smoked a bit of cannabis some evenings to “chill”, but had done so for years with no ill effects. He had never experienced a mental illness. Yet within months of downloading ChatGPT, Biesma had sunk €100,000 (about £83,000) into a business startup based on a delusion, been hospitalised three times and tried to kill himself.

↫ Anna Moore at The Guardian

These stories are absolutely heart-wrenching, and it doesn’t just happen to people who have had a history of mental illness or other things you might associate with priming someone for “falling for” an “AI” chatbot. Just a few years in, and it’s already clear that these tools pose a real danger to a group of people of indeterminate size, and proper research into the causes is absolutely warranted and needed. On top of that, if there’s any evidence of wrongdoing from the companies behind these chatbots – intentionally making them more addictive, luring people in, ignoring established dangers, covering up addiction cases, etc. – lawsuits and regulation are definitely in order.

Only yesterday, Facebook and Google lost a landmark trial in the US, ruling the companies intentionally made social media as addictive as possible, thereby destroying a person’s life in the process. Countless similar lawsuits are underway all over the world, and I have a feeling that in a few years to decades, we’ll look at unregulated, rampant social media the same way we look at tobacco now.

Perhaps “AI” chatbots will join their ranks, too.

Microsoft removes trust for drivers signed with the cross-signed driver program 27 Mar 2026, 7:18 pm

Today, we’re excited to announce a significant step forward in our ongoing commitment to Windows security and system reliability: the removal of trust for all kernel drivers signed by the deprecated cross-signed root program. This update will help protect our customers by ensuring that only kernel drivers that the Windows Hardware Compatibility Program (WHCP) have passed and been signed can be loaded by default. To raise the bar for platform security, Microsoft will maintain an explicit allow list of reputable drivers signed by the cross-signed program. The allow list ensures a secure and compatible experience for a limited number of widely used, and reputable cross-signed drivers. This new kernel trust policy applies to systems running Windows 11 24H2, Windows 11 25H2, Windows 11 26H1, and Windows Server 2025 in the April 2026 Windows update. All future versions of Windows 11 and Windows Server will enforce the new kernel trust policy.

↫ Peter Waxman at the Windows IT Pro Blog

The cross-signed root program was discontinued in 2021, and ran since the early 2000s, so I think it’s fair to no longer automatically assume such possibly old and outdated drivers are still to be trusted.

Windows 95 defenses against installers that overwrite a file with an older version 26 Mar 2026, 11:01 pm

I’ll never grow tired of reading about the crazy tricks the Windows 95 development team employed to make the user experience as seamless as they could given the constraints they were dealing with. During the 16bit Windows days, application installers could replace system components with newer versions if such was necessary. Installers were supposed to do a version check, but many of them didn’t follow this guidance. When moving to Windows 95, this meant installers ended up replacing Windows 95 system components with Windows 3.x versions, which wasn’t exactly a goods thing.

So, they came up with a solution.

Windows 95 worked around this by keeping a backup copy of commonly-overwritten files in a hidden C:\Windows\SYSBCKUP directory. Whenever an installer finished, Windows went and checked whether any of these commonly-overwritten files had indeed been overwritten. If so, and the replacement has a higher version number than the one in the SYSBCKUP directory, then the replacement was copied into the SYSBCKUP directory for safekeeping. Conversely, if the replacement has a lower version number than the one in the SYSBCKUP directory, then the copy from SYSBCKUP was copied on top of the rogue replacement.

↫ Raymond Chen

All of this happened entirely silently, and neither the installers nor the user had any idea this was happening. The Windows 95 team tried other solutions, like just making it impossible to replace system components with older versions entirely, but that caused many installers to break. Some installers apparently even went rogue and would create a batch file that would replace the system components upon a reboot, before Windows 95 could perform its silent fixes. Wild.

I used Windows 95 extensively, and had no idea this was a thing.

US regulator bans imports of new foreign-made routers, citing security concerns 26 Mar 2026, 10:41 pm

The U.S. Federal Communications Commission said on Monday it was banning the import of all ​new foreign-made consumer routers, the latest crackdown on Chinese-made electronic gear over ‌security concerns.

China is estimated to control at least 60% of the U.S. market for home routers, boxes that connect computers, phones, and smart devices to the internet.

↫ David Shepardson at Reuters

I’m sure the American public will be thrilled to find out yet another necessity has drastically increased in price.

Apple discontinues the Mac Pro with no plans for future hardware 26 Mar 2026, 10:34 pm

It’s the end of an era: Apple has confirmed to 9to5Mac that the Mac Pro is being discontinued. It has been removed from Apple’s website as of Thursday afternoon. The “buy” page on Apple’s website for the Mac Pro now redirects to the Mac’s homepage, where all references have been removed.

Apple has also confirmed to 9to5Mac that it has no plans to offer future Mac Pro hardware.

↫ Chance Miller at 9To5Mac

If a Mac Pro falls in the back of the Apple Store and there’s no one around to hear it, does it make a sound?

The reports of age verification in Linux are greatly exaggerated, for now 25 Mar 2026, 9:07 pm

Several US states, the country of Brazil, and I’m sure other places in the world have enacted or are planning to enact laws that would place the burden of age verification of users on the shoulders of operating system makers. The legal landscape is quite fragmented at this point, and there’s no way to tell which way these laws will go, with tons of uncertainties around to whom these laws would apply, if it targets accounts for application store access or the operating system as a whole, what constitutes an operating system in the first place, and many more. Still, these laws are already forcing major players like Apple to implement sharing self-reported age brackets with application developers (at least in iOS), so there’s definitely something happening here.

In recent weeks, the open source world has also been confronted with the first consequences of these laws, as both systemd and xdg-desktop-portal have responded to operating system-level age verification laws in, among other places, California and Colorado, by adding birthDate to userdb (on systemd’s side) and developing an age verification portal (on xdg-desktop-portal’s side) for use by Flatpaks. The age verification portal would then use the value set in usrdb’s birthDate as its data source. The value in birthDate would only be modifiable by an administrator, but can be read by users, applications, and so on.

Crucially, this field is entirely optional, and distributions, desktop environments, and users are under zero obligation to use it or to enter a truthful value. In fact, contrary to countless news items and comments about these additions, nothing about this even remotely constitutes as “age verification”, as nothing – not the government, not the distribution or desktop environments, not the user – has to or even can verify anything. If these changes make it to your distribution, you don’t have to suddenly show your government ID, scan your face, or link your computer to some government-run verification service, or even enter anything anywhere in the first place.

Furthermore, while the xdg-desktop-portal’s proposals are still fluid and subject to change, consensus seems to be to only share age brackets with applications, instead of full birth dates or specific ages – assuming anything has even been entered in the birthDate field in the first place. Even if your Linux distribution and/or desktop environment implements everything needed to support these changes and expose them to you in a nice user interface, everything about it is optional and under your full control. The field is of the same type as the existing fields emailAddress, realName, and location, which are similarly entirely optional and can be left empty if desired.

Taken in isolation, then, as it currently stands, there’s really not much meat to these changes at all. The primary reason to implement these changes is to minimally comply with the new laws in California, Colorado, Brazil, and other places, and it’s understandable why the people involved would want to do so. If they do not, they could face lawsuits, fines, or worse, and I don’t know about you, but I wouldn’t want to be on the receiving end of the western world’s most incompetent justice system. Aside from that, these changes make it possible to build robust parental controls, which isn’t mentioned in the original commits to systemd, but is clearly the main focal point of xdg-desktop-portal’s proposal.

This all seems well and good, but given today’s political climate in the United States, as well as the course of history, that “as it currently stands” is doing a lot of heavy lifting. Rightfully so, a lot of people are worried about where this could lead. Sure, today these are just inconsequential, optional changes in response to what seems to be misguided legislation, but what happens once these laws are tightened, become more demanding, and start requiring a lot more than just a self-reported age bracket?

In Texas, for instance, H.B. 1131 requires any commercial entity, including websites, that contains more than one-third “sexual material harmful to minors” to implement age verification tools using things like government-issued IDs or bank transaction data to verify visitors’ ages before allowing them in. The UK has a similar law on the books, too. It’s not difficult to imagine how some other law will eventually shift this much stricter, actual age verification from websites and applications into operating systems instead. What will systemd’s and xdg-desktop-portal’s developers do, then? Will they comply as readily then as they do now?

This is a genuine worry, especially if you already belong to a group targeted by the current US administration, or were face-scanned by ICE at a protest. Large groups of especially religious extremists consider anything that’s LGBTQ+ to be “sexual material harmful to minors”, even if it’s just something normal like a gay character in a TV show. It’s not hard to imagine how age verification laws, especially if they force age verification at the operating system level, can become weaponised to target the LGBTQ+ community, other minorities, and people protesting the Trump regime.

You may think this won’t affect you, since you’re using an open source operating system like desktop Linux or one of the BSDs, and surely they are principled enough to ignore such dangerous laws and simply not comply at all, right? Sadly, here’s where the idealism and principles of the open source world are going to meet the harsh boot of reality; while open source software has a picturesque image of talented youngsters hacking away in their bedrooms, the reality is that most of the popular open source operating systems are actually hugely complex operations that require a ton of funding, and that funding is often managed by foundations. And guess where most popular Linux distributions’ and BSD variants’ foundations are located?

Developers from all over the world may contribute to Debian, but all of its financials and trademarks are managed by Software in the Public Interest, domiciled in New York State. Fedora is part of Red Hat, owned by IBM, and we all know IBM. Arch Linux’ donations are also managed by Software in the Public Interest. The Gentoo Foundation is domiciled in New Mexico. The FreeBSD Foundation is domiciled in Boulder, Colorado. The NetBSD Foundation is domiciled in Delaware. Ubuntu is a Canonical product, a company headquartered in London, UK, a country with strict age verification laws for websites and applications. Hell, even Haiku, Inc. is domiciled in New York State. I could go on, but you get the gist: all of these projects manage their donations, financials, trademarks, and related issues in the United States (or the UK for Ubuntu).

It’s relatively easy for these projects to take a principled stance against the relatively limited age verification laws that exist today, but what about if and when these laws are expanded to infiltrate the very operating systems we use? It’s easy to resist the boot when it’s pressing down on some porn website or a sex worker’s OnlyFans page, but once that same boot is pressing down on your own throat? That’s a whole different story. Will Debian, FreeBSD, or Fedora still stand their ground when the organisations managing their donations, finances, and trademarks become the target of lawsuits or the US justice system, because they refuse to implement age verification?

I sincerely doubt it.

And this is why I am of two minds about this issue. On the one hand, I fully understand that the various developers involved with these efforts want to make sure they follow the law and avoid getting fined – or worse – especially since compliance requires so little at this time. On top of that, these changes make it possible to implement a fairly robust set of parental controls in a centralised way, keeping the data involved where it makes sense, so it also brings a number of benefits for users. There really isn’t anything to worry about when looking at these changes in isolation.

On the other hand, though, I also understand the fears and worries from people who see these changes as the first capitulation to age verification, nicely making the bed for much stricter age verification laws I’m sure certain parts of the political compass are already dreaming about. With so many Linux distributions, BSD variants, and even alternative operating systems having their legal domiciles in the United States, it’s not unreasonable to assume they’re going to fold under any possible legal pressure that comes with such laws.

I’m not rushing to replace my Fedora KDE installations with something else at this point, but I’m definitely going to explore my options on at least one of my machines and go from there, so I at least won’t be caught with my pants down in the future. The world isn’t ending, age verification hasn’t come to Linux, but we’d all do well to remain skeptical and prepare for when it does make its way into our open source operating systems.

Windows native application development is a mess 23 Mar 2026, 3:13 pm

Usually, when developers or programmers write articles about their experiences developing for a platform they have little to no experience with, the end result usually comes down to “they do things differently, therefor it is bad actually”, which is deeply unhelpful. This article, though, is from a longtime Windows user and developer, but one who hasn’t had to work on native Windows development for a long time now. When he decided to write his own native Windows application to scratch a personal itch, it wasn’t a great experience.

While I followed the Windows development ecosystem from the sidelines, my professional work never involved writing native Windows apps. (Chromium is technically a native app, but is more like its own operating system.) And for my hobby projects, the web was always a better choice. But, spurred on by fond childhood memories, I thought writing a fun little Windows utility program might be a good retirement project.

Well. I am here to report that the scene is a complete mess. I totally understand why nobody writes native Windows applications these days, and instead people turn to Electron.

↫ Domenic Denicola

Denicola decided to try and use the latest technologies and best practices from Microsoft regarding Windows development, and basically came away aghast at just how shot of an experience it really is. I’m not a developer, but you don’t need to be to grasp the severity of the situation after following his development timeline and reading about his struggles.

If this is truly representative of the Windows application development experience, it’s really no surprise just how few new, quality Windows applications there are, and why even Microsoft’s own Windows developers resort to things like React for the Start menu to enabler faster and easier iteration.

This is a complete dumpster fire.

Java Sun SPOTs (Small Programable Object Technology) 23 Mar 2026, 2:52 pm

These were Sun microcontrollers that run Squawk Java ME directly on metal with gc and all the bells and whistles, created by Sun Microsystems in 2005.

The feature mesh networking and tcp/ip and multitasking. Even the drivers are java just like Java OS.

They run a command and control server by default and there’s graphical network builders and deployment managers (Solarium) they also do some more esoteric stuff like process migration.

↫ Penny

I have no use for these but I want them. They would’ve made an excellent addition to my Sun article. There’s still a detailed tutorial and informational website up about these things, too.

The OpenBSD init system and boot process 23 Mar 2026, 2:44 pm

In recent weeks, systemd has both embraced slopcoding and laid the groundwork for age verification built right into systemd-based Linux distributions, there’s definitely been an uptick in people talking about alternative init systems. If you want to gain understanding in a rather classic init system, OpenBSD’s is a great place to start.

OpenBSD has a delightfully traditional init system, which makes it a great place to start learning about init systems. It’s simple and effective. There’s a bit of a counter movement in the IT and FOSS worlds rebelling against hyperscaler solutions pushing down into everyone’s practices. One of the rallying cries I’ve been seeing is to remind people that You Can Just Do Things™ on the computer. The BSD init system, and especially OpenBSD’s is something of a godparent to this movement. init(8) just runs a shell script to start the computer, and You Can Just Do Things™ in the script to get them to happen on boot.

↫ Overeducated-Redneck.net

My main laptop is currently in for warranty repairs, but once it returns, I intend to set it up with either OpenBSD or a Linux distribution without systemd (most likely Void) to see how many systems I can distance from systemd without giving myself too much of a headache (I’m guessing my gaming machine will remain on systemd-based Fedora). I’m not particularly keen on slopcoding and government-mandated age verification inside my operating systems, and I’m definitely feeling a bit of a slippery slope underneath my feet.

I have my limits.

Microsoft finally makes a few concrete promises about Windows 11 improvements 20 Mar 2026, 11:02 pm

Earlier this year, Microsoft openly acknowledged the sorry state of Windows 11, and made vague promises about possible improvements somewhere in the near future, but stayed away from making any concrete promises. Today, the company published a blog post with some more details, including some actual concrete, tangible changes it’s going to implement over the coming two months.

In coming builds, you’ll be able to move the taskbar to any side of the screen, instead of it being locked to the bottom, thereby reintroducing a feature present since Windows 95. They’re also scaling back their obsession with ramming “AI” in every corner of Windows, and will be removing Copilot integrations from Snipping Tool, Photos, Widgets, and Notepad. Furthermore, and this is a big one among Windows users I’m sure, Windows Update will be placed under user control once again, allowing them to ignore updates, postpone them indefinitely, reboot without applying updates, and so on. These are the tangible improvements we’ll be able to point to and say the company kept their word, and they all feel like welcome changes.

There’s also a few promises that feel far more vague and less tangible, like the ever-present, long-running promise to “improve File Explorer”. I feel like Microsoft’s been promising to fix their horrible file manager for years now, without much to show for it, so I hope this time will be different. The company also wants to improve Widgets, the Windows Insider Program, and the Feedback Hub application. These all feel less tangible, and will be harder to quantify and benchmark.

Beyond these first round of improvements that we’re supposed to be seeing over the coming two months, Microsoft also promises to implement wider improvements across the board, with the usual suspects like better performance, quicker application launches, improved reliability, lower memory usage, and so on. They also promise to move more core Windows user interface components to WinUI 3, including the Start menu, which is currently written in React. Windows Search is another common pain point among Windows users, and here, Microsoft promises to improve its performance and clearly separate local from online results (but no word on making search exclusively local).

There’s some more details in the blog post, but overall, it sounds great. However, words without actions are about as meaningful as a White House statement on the war with Iran, so seeing is believing.

Google to introduce overly onerous hoops to prevent “sideloading” 19 Mar 2026, 11:51 pm

When Google said they were going to require verification from every single Android developer that would end the ability to install applications from outside of the Play Store (commonly wrongfully referred to as “sideloading”), it caused quite a backlash. The company then backtracked a little bit, and said they would come up with an “advanced flow” to make sure installing applications from outside of the Play Store remained possible. Well, Google has detailed this “advanced flow”, and as everyone expected, it’s such a massive list of onerous hoops to jump through they might as well just lock Android down to the Play Store and get it over with.

First, if a developer is verified, you can download their applications to your device and install them the same way you can do now. Second, developers with “limited distribution accounts”, such as students or hobby projects, can share their applications with up to 20 devices without verification. Third, and this is where the fun starts, we have unverified developers – basically what all Android developers sharing applications outside of the Play Store are now.

Here’s the full “advanced flow” as described by Google to allow you to install an application from an unverified developer:

• Enable developer mode in system settings: Activating this is simple. This prevents accidental triggers or “one-tap” bypasses often used in high-pressure scams.

• Confirm you aren’t being coached: There is a quick check to make sure that no one is talking you into turning off your security. While power users know how to vet apps, scammers often pressure victims into disabling protections.

• Restart your phone and reauthenticate: This cuts off any remote access or active phone calls a scammer might be using to watch what you’re doing.

• Come back after the protective waiting period and verify: There is a one-time, one-day wait and then you can confirm that this is really you who’s making this change with our biometric authentication (fingerprint or face unlock) or device PIN. Scammers rely on manufactured urgency, so this breaks their spell and gives you time to think.

• Install apps: Once you confirm you understand the risks, you’re all set to install apps from unverified developers, with the option of enabling for 7 days or indefinitely. For safety, you’ll still see a warning that the app is from an unverified developer, but you can just tap “Install Anyway.”

↫ Matthew Forsythe at the Android Developers Blog

Setting aside the fact that developer verification is, in and of itself, a massive problem, I’m kind of okay with a few scary warnings, a disclaimer, and perhaps a single reboot to enable installing applications outside of the Play Store – a few things to make normal people shrug their shoulders and not bother. However, adding enabling developer mode and a goddamn 24-hour waiting period is batshit insanity, and clearly has the intention of discouraging everyone, effectively locking Android to the Play Store.

Android is already basically an entirely locked-down, closed-source platform, and once this “advanced flow” comes into force, there’s virtually no difference between iOS and Android, especially for us Europeans who get similarly onerous anti-user nonsense when trying to install alternative application stores on iOS. I see no reason to buy Android over iOS at this point – might as well get the faster phone with better update support.

You can make Linux syscalls in a Windows application, apparently 19 Mar 2026, 9:10 pm

What happens if you make a Linux syscall in a Windows application?

So yeah, you can make Linux syscalls from Windows programs, as long as they’re running under Wine. Totally useless, but the fact that such a Frankenstein monster of a program could exist is funny to me.

↫ nicebyte at gpfault.net

The fact that this works is both surprising and unsurprising at the same time.

GNOME 50 released 18 Mar 2026, 10:23 pm

The GNOME team has released GNOME 50, the latest version of what is probably the most popular open source desktop environment. It brings fine-grained parental controls, and the groundwork for web filtering so that in future releases, parents and guardians can set content filters for children. Our own kids are still way too young to have access to computers and the internet, but I’m not sure I’ll ever resort to these kinds of tools when the time comes. I didn’t have any such controls imposed upon me as a child on the early internet, but then, you can’t really compare the ’90s internet to that of today.

The Orca screen reader received a lot of attention in GNOME 50, with a new preference window, both global and per-application settings, and much more. There’s also a brand new reduced motion setting, which will tame the animations in the user interface. Document annotation has been overhauled and modernised, and the file manager has been optimised across the board for better performance and lower memory usage.

Remote Desktop also saw a lot of work in GNOME 50. It’s now hardware-accelerated using VA-API and Vulkan, and thanks to HiDPI support, the session will properly adapt to the screen being used. Kerberos Authentication support has been added, and you can now use the remote webcam locally. There’s way more here, like improved support for variable-refresh rates and fractional scaling, HDR screen sharing, fixes for weird NVIDIA driver nonsense, and much, much more.

As always, GNOME 50 will find its way to your distribution soon enough.

Introducing Duranium: an immutable variant of postmarketOS 18 Mar 2026, 9:14 pm

PosrtmarketOS, the Linux ‘distribution’ for mobile devices, now also has an immutable variant, called Duranium.

Duranium is an immutable variant of postmarketOS, built around the idea that your device should just work, and keep working. You shouldn’t need to know what a terminal is to keep your device running.

“Immutable” means the core operating system is read-only and can’t be modified while it’s running. System updates are applied as complete, verified images rather than individual packages. Either the new image works, or the system falls back to the previous one automatically. No partially-applied state. No debugging audio when you need to make a phone call and no fussing with a broken web browser when you just want to doomscroll cat photos. It also means developers can reproduce the exact state of a user’s device, making it much easier to track down and fix issues.

↫ Clayton Craft on the postmarketOS blog

Duranium is built around the various functionalities and tooling provided by systemd, meaning the project didn’t have to reinvent the wheel. It works similarly to other immutable distributions, in that images for the base are downloaded and installed as a whole, with the preferred application installation method being Flatpak. Security-wise, Duranium uses dm-verity to protect /usr, cryptographically verifying data as it’s read. The image simply won’t boot if anything’s been tampered with. LUKS2 is used to encrypt mutable user and operating system data and configuration on the root file system.

Duranium is still under heavy development, but it makes sense to implement something like this now, since in the world of mobile devices, this has become the norm. I’m glad postmarketOS is taking these steps, and I sincerely hope I’ll eventually be able to use a postmarketOS device with KDE’s Plasma mobile shell at some point in the near future in my day-to-day life. This requires both postmarketOS to improve as well as for the regulatory landscape to break the duopoly on banking and government applications held by Android and iOS, and with the state of the US government as it is, this might actually be something Europe’s interested in achieving.

Sudo ported to DOS 18 Mar 2026, 9:01 pm

DOS didn’t have sudo yet. This gross oversight has been addressed.

SUDO examines the environment for the COMSPEC variable to find the default command interpreter, falling back to C:\COMMAND.COM if not set. The interpreter is then executed in unprotected real mode for full privileges.

↫ SUDO for DOS’ Codeberg page

A vital tool, for sure.