A months of ad-free OSNews: we’re closing in on the fundraising goal, and need your help to get there 15 Sep 2025, 10:11 pm

It’s been a little over a month since OSNews went completely ad-free for everyone. I can say the support has been overwhelming, with the accompanying fundraiser currently sitting at 67% of the €5000 goal! Of course things slowed down a bit after the initial week of one donation after the next, so I’m throwing out this reminder that without your support, OSNews can’t exist – doubly so now that I’ve removed any and all advertising. Help us reach that 100%!

So, what can you do to support OSNews?

• You can donate to the OSNews Ko-Fi fundraiser and help reach that 100%.
• You can become an OSNews Patreon!
• You can buy our merch – it’s pretty awesome stuff.

By being entirely free from the corrupting influence of advertising, I have even less desire to chase views, entrap users with slop content, game search engines with shitty SEO spam, or turn on the taps of “AI”-generated trash to spew forth as much “articles” and thus views as possible. This also means that OSNews is one of the few technology news websites remaining that is not part of a massive corporate media conglomerate, so there’s no pressure from “corporate” to go easy on advertisers or write favourable stuff about corporate’s friends.

You’d be surprised to learn how many technology sites out there are not independent.

The response to OSNews no longer having any advertising has been overwhelmingly positive – unsurprisingly – and that has taken away any reservations I might have had about taking this step. In a world where so many websites are disappearing, turning into corporate mouthpieces, or becoming glorified content farms, OSNews can keep on doing what it does, independent of any outside influence, thanks to the countless contributions from all of you.

Thank you.

Apple releases version 26 of all of its operating systems 15 Sep 2025, 9:36 pm

It’s release day for all of Apple’s operating systems, so if you’re fully or only partway into the ecosystem, you’ve got some upgrades ahead of you. Version 26 for macOS, iOS and iPadOS, watchOS, tvOS, visionOS, and HomePod Software have all been released today, so if you own any device running any of these operating system, it’s time to head on over to the update section of the settings application and wait for that glass to slowly and sensually liquefy all over your screens.

Do put a sock on the doorknob.

Writing an operating system kernel from scratch in Zig 15 Sep 2025, 9:30 pm

I recently implemented a minimal proof of concept time-sharing operating system kernel on RISC-V. In this post, I’ll share the details of how this prototype works. The target audience is anyone looking to understand low-level system software, drivers, system calls, etc., and I hope this will be especially useful to students of system software and computer architecture.

[…]

Finally, to do things differently here, I implemented this exercise in Zig, rather than traditional C. In addition to being an interesting experiment, I believe Zig makes this experiment much more easily reproducible on your machine, as it’s very easy to set up and does not require any installation (which could otherwise be slightly messy when cross-compiling to RISC-V).

↫ Uros Popovic

This is not the first, and certainly not the last, operating system implemented from scratch as a teaching exercise, both for the creator itself, as well as for others wanting to follow along. This time it’s developed for RISC-V, and in an interesting twist, programmed in Zig (no Rust for once!).

Microsoft to force-install Copilot onto Windows PCs with Office 365 installed 15 Sep 2025, 8:31 pm

And the beatings continue until “AI” improves. Except if you live in the European Union/EEA, that is.

Windows devices with the Microsoft 365 desktop client apps will automatically install the Microsoft 365 Copilot app. This app installation takes place in the background and would not disrupt the user. This app installation will start in Fall 2025.

↫ Microsoft support document

Basically, if you have Microsoft 365 desktop applications installed – read my article about some deep Microsoft lore to figure out what that means – Microsoft is going to force-install all the Copilot stuff onto your computer, whether you like it or not. Thanks to more robust consumer protection legislation in the European Union/EEA, like the Digital Markets Act and Digital Services Act, this force-install will not take place there. Administrators managing Office 365 deployments get an option to opt-out through the Microsoft 365 Apps admin center, but I’m not sure if regular users can use this method as well.

Remember, when you’re using Windows (or macOS, for that matter), you don’t own your computer. Plan accordingly.

The idea of /usr/sbin has failed in practice 15 Sep 2025, 2:02 pm

It may be arcane knowledge to most users of UNIX-like systems today, but there is supposed to be a difference between /usr/bin and /usr/sbin; the latter is supposed to be for “system binaries”, not needed by most normal users. The Filesystem Hierarchy Standard states that sbin directories are intended to contain “utilities used for system administration (and other root-only commands)”, which is quite vague when you think about it. This has led to UNIX-like systems basically just winging it, making the distinction almost entirely arbitrary.

For a long time, there has been no strong organizing principle to /usr/sbin that would draw a hard line and create a situation where people could safely leave it out of their $PATH. We could have had a principle of, for example, “programs that don’t work unless run by root”, but no such principle was ever followed for very long (if at all). Instead programs were more or less shoved in /usr/sbin if developers thought they were relatively unlikely to be used by normal people. But ‘relatively unlikely’ is not ‘never’, and shortly after people got told to ‘run traceroute’ and got ‘command not found’ when they tried, /usr/sbin (probably) started appearing in $PATH.

↫ Chris Siebenmann

As such, Fedora 42 unifies /usr/bin and /usr/sbin, which is kind of a follow-up to the /usr merge, and serves as a further simplification and clean-up of the file system layout by removing divisions and directories that used to make sense, but no longer really do. Decisions like these have a tendency to upset a small but very vocal group of people, people who often do not even use the distribution implementing the decisions in question in the first place. My suggestions to those people would be to stick to distributions that more closely resemble classic UNIX.

Or use a real UNIX.

Anyway, these are good moves, and I’m glad most prominent Linux distributions are not married to decisions made in the ’70s, especially not when they can be undone without users really noticing anything.

Google decides to significantly harm Android security to please lazy OEMs 15 Sep 2025, 1:34 pm

Google continues putting nails in the coffin that is the Android Open Source Project. This time, they’re changing the way they handle security updates to appease slow, irresponsible Android OEMs, while screwing over everyone else. The basic gist is that instead of providing monthly security updates for OEMs to implement on their Android devices, Google will now move to a quarterly model, publishing only extremely severe issues on a monthly basis.

The benefit for OEMs is that for most vulnerabilities, they get three months to distribute (most) fixes instead of just one month, but the downsides are also legion. Vulnerabilities will now be out in the wild for three months instead of just one, and while they’re shared with OEMs “privately”, we’re talking tends of thousands of pairs of eyes here, so “privately” is a bit of a misnomer. The dangers are obvious; these vulnerabilities will be leaked, and they will be abused by malicious parties.

Another massive downside related to this change is that Google will now no longer be providing the monthly patches as open source within AOSP, instead only releasing the quarterly patch drops as open source. This means exactly what you think it does: no more monthly security updates from third-party ROMs, unless those third-party ROMs choose to violate the embargo themselves and thus invite all sorts of problems.

Extending the patch access window from one month to three is absolutely insane. Google should be striving to shorten this window as much as possible, but instead, they’re tripling it in length to create a false sense of security. OEMs can now point at their quarterly security updates and claim to be patching vulnerabilities as soon as Google publishes them, while in fact, the unpatched vulnerabilities will have been out in the wild for months by that point.

This change is irresponsible, misguided, and done only to please lazy, shitty OEMs to create a false sense of security for marketing purposes.

China is selling its Great Firewall censorship tools to countries around the world 15 Sep 2025, 8:13 am

We’re all aware of the Chinese Great Firewall, the tool the Chinese government uses for mass censorship and for safeguarding and strengthening its totalitarian control over the country and its population. It turns out that through a Chinese shell company called Geedge Networks, China is also selling the Great Firewall to other totalitarian regimes around the world. Thanks to a massive leak of 500 GB of source code, work logs, and internal communication records, we now have more insight into how the Great Firewall works than ever before, leading to in-depth reports like this one from InterSecLab.

The findings are chilling, but not surprising. First and foremost, Geedge is selling the Great Firewall to a variety of totalitarian regimes around the world, namely Kazakhstan, Ethiopia, Pakistan, Myanmar, and another unidentified country. These governments can then ask Geedge to make specific changes and ask them to focus on specific capabilities to further enhance the functionality of the Great Firewall, but what it can already do today is bad enough.

The suite of products offered by Geedge Networks allow a client government unprecedented access to internet user data and enables governments to use this data to police national and regional networks. These capabilities include deep packet inspection for advanced classification, interception, and manipulation of application and user traffic; monitoring the geographic location of mobile subscribers in real time; analyzing aggregated network traffic in specific areas, such as during a protest or event; flagging unusual traffic patterns as suspicious; creating tailored blocking rules to obstruct access to a website or application (such as a VPN (Virtual Private Network) or circumvention tool); throttling traffic to specific services; identifying individual internet users for accessing websites or using circumvention tools or VPNs; assigning individual internet users reputation scores based on their online activities; and infecting users with malware through in-path injection.

↫ The Internet Coup: A Technical Analysis on How a Chinese Company is Exporting The Great Firewall to Autocratic Regimes

Internet service providers participate in the implementation of the suite of tools, either freely or by force, and since the tools are platform-agnostic it doesn’t matter which platforms people are using in any given country, making international sanctions effectively useless. It also won’t surprise you that Geedge steals both proprietary and open source code, without regards for licensing terms. Furthermore, China is allowing provinces and regions within its borders to tailor and adapt the Great Firewall to their own local needs, providing a blueprint for how to export the suite of tools to other countries.

With quite a few countries sliding ever further towards authoritarianism, I’m sure even places not traditionally thought of as totalitarian are lustfully looking at the Chinese Great Firewall, wishing they had something similar in their own countries.

Everything about Psion, in one place 15 Sep 2025, 7:32 am

Celebrate classic Psion machines with us, from the original Organiser, through the Series 3 and Series 5, all the way to the netBook. Get help with your classic palmtop computer, or help to develop software and hardware that will bring these devices into the 21st Century.

↫ Psion Community website

A brand new one-stop shop for everything related to keeping Psion machines going. A library of all the software, lists of all the ROM images, tons of development resources, and much more.

Java 25’s new CPU-time profiler 15 Sep 2025, 7:27 am

More than three years in the making, with a concerted effort starting last year, my CPU-time profiler landed in Java with OpenJDK 25. It’s an experimental new profiler/method sampler that helps you find performance issues in your code, having distinct advantages over the current sampler. This is what this week’s and next week’s blog posts are all about. This week, I will cover why we need a new profiler and what information it provides; next week, I’ll cover the technical internals that go beyond what’s written in the JEP. I will quote the JEP 509 quite a lot, thanks to Ron Pressler; it reads like a well-written blog post in and of itself.

↫ Johannes Bechberger

There’s also a third entry detailing queue sizing, and a fourth entry going into the removal of redundant synchronisation.

“UTF-8 is a brilliant design” 13 Sep 2025, 8:50 pm

The first time I learned about UTF-8 encoding, I was fascinated by how well-thought and brilliantly it was designed to represent millions of characters from different languages and scripts, and still be backward compatible with ASCII.

[…]

Designing a system that scales to millions of characters and still be compatible with the old systems that use just 128 characters is a brilliant design.

↫ Vishnu Haridas

On a slightly related note, if you are ever bothered or annoyed by text online rendering as unknown squares, you most likely are just missing the proper fonts to render them. At least on most Linux and BSD systems, all you need to do is install the entire set of Noto fonts, including those for every single non-Latin script. Assuming your package manager has sane naming conventions, it’ll most likely come down to something like sudo dnf install google-noto* or whatever your system’s install package command is, and after installing a whole slew of font files, your system will now be able to render virtually every script under the sun.

After installing this massive font set, you can do things like write and render in hieroglyphics, write Ea-nāṣir‘s name the way it’s supposed to, and render all kinds of other scripts and symbols without ever having to look at one of those blank squares ever again.

How open is “open-source” VTubing? 12 Sep 2025, 11:19 pm

I’m not really into the niche of “virtual YouTubers” – people who post YouTube videos and/or stream using a virtual avatar – but to each their own, and if this technology enables people to remain anonymous while doing what they love on YouTube or Twitch, I’m all for it. Since these virtual avatars also do things like face-tracking, there’s a whole cottage industry of software tools to make this all work, but Adrian “asie” Siekierka decided to take a look at where the training data used to make such face-tracking work actually comes from.

One day, some years ago, I decided to look at the data used to train OpenSeeFace. OpenSeeFace is the most popular open source face tracking solution for virtual YouTubers. It is supported by both open source and commercial model rendering tools; in particular, VTube Studio allows using it as an option for webcam tracking.

↫ Adrian “asie” Siekierka

The results of the investigation are not exactly great. Much of the data used by OpenSeeFace comes with serious restrictions on commercial use, and many of the underlying datasets contain images that you would need consent for from the people inside the image to actually use. On top of that, a lot of these data sets seem to have just scraped the internet for images of faces without asking anyone of the people in those images for consent, which raises a whole number of troubling issues.

I find this a very interesting topic of discussion, if only because you’d be hard-pressed to argue that the average cartoon-esque virtual avatars even remotely resemble real human faces, so it’s not like you’re going to suddenly run into your own face somewhere on YouTube or Twitch, but plastered into another person. On the other hand, the underlying datasets still contain a ton of people’s faces without those people’s consent, and even for those that did give consent, there’s often a commercial use restriction which earning revenue on YouTube or Twitch might violate.

It’s a fascinating microcosm of a whole slew of issues we’re dealing with right now, neatly contained in a relatively small niche.

SkiftOS: a hobby operating system with its own kernel, UI, browser engine, and more 12 Sep 2025, 10:15 pm

Who doesn’t love a desktop-oriented hobby operating system to start off the weekend?

SkiftOS is a hobbyist operating system built from the ground up with a focus on modularity, simplicity, and modern design principles. Driven by a dissatisfaction with the fragmented user experiences prevalent in contemporary operating systems, SkiftOS strives for deep integration and a cohesive aesthetic. This project is a labor of love—an artistic pursuit rather than a commercial product.

↫ SkiftOS gitHub page

Reading through the GitHub page and SkiftOS’ actual website, it reminds me so, so much of the desktop-oriented hobby operating systems of the early 2000s, like AtheOS, SkyOS, and others. It has its own microkernel, C++ core library, package manager, reactive UI framework, an entire desktop environment, and even a browser engine. This operating system is remarkably complete in the features that it already offers, especially considering its hobby status.

The desktop environment is called Hideo, and it’s remarkably beautiful when you consider we’re talking about a hobby operating system. It comes with a variety of applications, too, mostly covering the basics we’ve come to expect from a desktop operating system, like a text editor, archive manager, task manager, image viewer, media player, a file manager, and so on. Meanwhile, the browser engine is called Vaev and is highly experimental, but its existence illustrates just how broad this project really is.

I haven’t been able to find some time to run it yet, but if you’re interested, they advise you to run it using qemu. While running it on real hardware is technically possible, it’s not advisable due to the alpha state of the operating system.

You can actually stop Windows Explorer from flashbanging you in dark mode 12 Sep 2025, 11:35 am

One of the most annoying things I encountered while trying out Windows 11 a few months ago was the utterly broken dark mode; broken since its inception nine years ago, but finally getting some fixes. One of the smaller but downright disturbing issues with dark mode on Windows 11 is that when Explorer is in dark mode, it will flash bright white whenever you open a new window or a new tab. It’s like the operating system is throwing flashbangs at you every time you need to do some file management.

Luckily, it turns out there’s a fix, as Neowin details.

Windows 11 is turning four in a couple of months, but Microsoft still has not fixed this annoying and, for some people, legitimately life-threatening bug (there is a reason why we have seizure warnings in games, movies, etc). As such, users have to take things into their hands and come up with custom solutions. One such solution is a simple Windhawk mod that fixes what a nearly four-trillion-dollar company still won’t figure out.

↫ Taras Buria at Neowin

This made me check out Windhawk, and it seems like an awesome project for people forced to use Windows. It is basically a package manager for various small mods, fixes, and changes for Windows, allowing you to mix and match exactly what you need. This way, you can easily fix the little niggles that bother you, all from a central location.

The list of available mods is quite long already, and browsing through it, I’ve already seen quite a few things I’d be applying in a heartbeat if I were to be using Windows. Every mod comes with its source code included, ensuring you can check that it does exactly what it says it will do, and of course, you can contribute your own mods as well.

Apple’s assault on standards 11 Sep 2025, 2:14 pm

We often focus on Google’s detrimental effects on the web, but in doing so, we often tend to forget the other major player who is quite possibly even more damaging to the web than Google can even dream to be.

Without a counterweight, network effects allow successful tech firms to concentrate wealth and political influence. This power allows them to degrade potential competitive challenges, enabling rent extraction for services that would otherwise be commodities. This mechanism operates through (often legalised) corruption of judicial, regulatory, and electoral systems. When left to fester, it corrodes democracy itself.

Apple has deftly used a false cloak of security and privacy to move the internet, and web in particular, toward enclosure and irrelevance. This post makes the case for why Apple should be considered a corrupted, and indeed incompetent, autocrat in our digital lives. It continues to abusing a unique form of monopoly to extract rents, including on the last remnants of open ecosystems it tolerates.

Worse, Apple’s centralisation through the App Store entrenches the positions of peer big tech firms, harming the prospects of competitors in turn. Apple have been, over the course of many years, poisonous to internet standards and the moral commitments of that grand project.

↫ Alex Russell at Infrequently Noted

I have nothing more to add.

Windows/386’s check for buggy 386 chips survived until Windows 8.1 10 Sep 2025, 10:27 pm

A version of Windows that’s often overlooked, and often probably entirely unknown, is Windows/386. When Microsoft released 2.x, they did so in two very different variants: Windows/286 and Windows/386. The former would run on anything from a 8088 and up, but wouldn’t make use of any of the new features of the 386, while the latter, as its name implies, was optimised for the 386 and introduced a ton of advanced features to the platform. Windows/386 laid the groundwork for the much more successful Windows 3.x and 9x, but weirdly enough, it’s never really been studied all that well to understand how it works and what it’s doing under the hood.

That has changed now, as Will “CaptainWillStarblazer” Klees, whom we already know for his amazing work to allow RISC Win32 applications to run on x86, has delved deep into Widnows/386 with a ton of reverse-engineering to uncover many of its secrets. There’s so many amazing findings in here, I honestly have no idea where to even start or what to highlight, so I’m picking two things that I think are quite entertaining.

First, Windows/386 does a number of checks to determine if your PC can run it, and one of the checks it does concerns “defending against early buggy 386 steppings”. It turns out that this exact check for buggy steppings in early 386 processors survived in Windows all the way up until Windows 8.1, which is wild to think about.

A second fascinating finding is that a crucial component of Windows/386 finds its origins in an unusual place: Xenix, Microsoft’s UNIX implementation.

Finally, it begins loading the Virtual DOS Machine Manager (VDMM) into memory from the file WIN386.386. This file is not an OS/2 Linear Executable like the 386 files from later versions of Windows (that format did not yet exist), rather it is the 32-bit x.out executable format from Xenix-386 (thank you, Michal Necasek!), which makes sense as it was the only 32-bit executable format that Microsoft would have a linker for at the time (and interoperated well with Microsoft’s OMF-based tools, such as MASM).

↫ Will “CaptainWillStarblazer” Klees at Virtually Fun

There’s a fun detail about the 386 version of Xenix: it was ported to the 386 by a company we all came to hate deeply: SCO. The technology world is far smaller than we often seem to think. Apparently Xenix for the 386 was the first fully 32bit operating system for the x86 architecture, illustrating that once, a long, long time ago, SCO was an actually capable, innovative company.

The work by Klees and his extremely detailed write-up are a joy to read, so head on over and have some fun.

Deluxe Paint on the Commodore Amiga 10 Sep 2025, 5:22 pm

VisiCalc on the Apple II. Lotus 1-2-3 on the IBM PC. Aldus PageMaker on the Macintosh. Deluxe Paint on the Amiga. The computer industry loves a “killer app,” that unique piece of software that compels consumers to purchase new computer hardware just for the privilege of running it. I can personally attest to Deluxe Paint as it compelled even my technophobic mother to buy into its potential.

↫ Christopher Drum

Even though I knew what Deluxe Paint for the Amiga was, I never really delved any deeper into what, exactly, it was capable of. Drum does a great job setting up an emulated Amiga environment to go back in time to his childhood, and see what it’s like to use Deluxe Paint today, in 2025. It turns out it can do things I never thought it could, like create 3D perspective effects, with optional antialiasing even (even though the latter takes multiple minutes to render).

In fact, it even has tools to create animations, allowing you to brush across different frames automatically, or even create movement paths in a 3D space by defining start and endpoints for a brush movement. Combine all of these tools, and you can create things like animated doors opening and closing with a clear 3D effect. It’s quite neat.

It’s no secret the Amiga was far ahead of its time, but it’s still awe-inspiring to see it in action like this.