ActiveX disabled by default in Microsoft 365 17 Apr 2025, 4:53 pm

ActiveX is a powerful technology that enables rich interactions within Microsoft 365 applications, but its deep access to system resources also increases security risks.

Starting this month, the Windows versions of Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and Microsoft Visio will have a new default configuration for ActiveX controls: Disable all controls without notification.

↫ Zaeem Patel at the Microsoft 365 Insider Blog

Be honest: did any of you know ActiveX was still a thing? Heck, when was the last time you even thought of ActiveX? This technology acted a replacement for Windows’ COM and OLE 2.0, and was used to make controls in a whole slew of Microsoft applications. ActiveX controls from one application could also be embedded into another, like showing a toolbar from Word inside an image editor.

ActiveX has several major downsides, the two biggest of which are its relative lack of portability, and most of all, its atrocious security record. I’m genuinely surprised it’s taken them this long to actively, fully disable the technology by default.

A threat model for opposing authoritarianism 17 Apr 2025, 7:46 am

A decade ago, I published a book on privacy “Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance.” In the book, and since then, in articles and speeches, I have been dispensing advice to people on how to protect their privacy. But my advice did not envision the moment we are in – where the government would collaborate with a tech CEO to strip-mine all of our data from government databases and use it to pursue political enemies.

In the parlance of cybersecurity, I had the wrong “threat model,” which is a fancy way of describing the risks I was seeking to mitigate. I had not considered that the United States might be swept into the rising tide of what scholars call “competitive authoritarianism” – authoritarian regimes that retain some of the trappings of democracy, such as elections, but use the power of the state to crush any meaningful dissent.

↫ Julia Angwin

Democracy is not nearly as much of a given as many people think, and in this day and age, where massive amounts of Americans’ data and personal information are collected and stored by the very corporations supporting the Trump regime, Americans have to think very differently about where digital threats actually come from.

Nothing protects any American – or anyone visiting America – from ending up in an El Salvadorian concentration camp. Plan accordingly.

What makes Slackware different? 16 Apr 2025, 10:07 pm

I’m not entirely sure how to link to this properly, but what we have here is a simple, to-the-point text file describing some of the benefits of Slackware, the oldest still maintained Linux distribution. It’s still run by Patrick Volkerding, and focuses on conservative choices and simplicity over ease. I doubt I have to explain the benefits of Slackware to the average OSNews reader, but this simple little text file does serve as a great marketing tool.

The fact it’s a simple little text file is so very Slackware. I love it.

CISA extends funding to ensure ‘no lapse in critical CVE services’ 16 Apr 2025, 10:00 pm

CISA says the U.S. government has extended MITRE’s funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.

[…]

The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE and CWE programs was set to expire today, April 16, potentially leading to widespread disruption across the cybersecurity industry.

↫ Sergiu Gatlan at BleepingComputer

Elect clowns, live in a circus.

The captchas have become sentient: we’re working on fixing the captcha issue 15 Apr 2025, 10:54 pm

As some of you may have noticed, we’ve been having some issues with captchas. The powers that be – which isn’t me, I don’t know anything about web development – are looking into it, and once we’ve pinpointed the problem we’ll get it fixed. It’s annoying us too, so we want this resolved as quickly as possible. OSNews readers just trying to visit the site to read some tech stuff should not be subjected to selecting squares with buses or crosswalks.

Our apologies for the annoyance, and I’ll update this post once the issue’s been resolved.

Fedora 42 released 15 Apr 2025, 7:41 pm

Fedora 42 has been released, bringing with it a major policy change: the Fedora KDE version now has the same status as the GNOME version. This means that Fedora KDE will be getting the same promotion, website space, and potential blocker status as the GNOME version. For now, the naming is a bit weird – Fedora Workstation for GNOME, Fedora KDE Plasma Desktop for KDE – but they intend to fix this down the line.

Feodra 42 also brings with it a brand new installation interface, which replaces the old one with a newer, step-by-step wizard-style interface. Anaconda is now also a native Wayland application, instead of running in Xorg. This release also marks the official availability of the Fedora COSMIC spin, bringing System76’s Rust-based COSMIC desktop on the same footing as Xfce, LXQt, and others.

Another cool addition is FEX for those of us running Fedora on ARM.

Fedora now provides FEX, a fast emulator that allows one to run x86 and x86-64 binaries on an AArch64 Linux host. FEX requires a number of supporting components, including a RootFS image, and integration with muvm to support 16k page-size hosts. The purpose of this Change is to integrate FEX itself and its supporting components into Fedora Linux, to provide a delightful out-of-box experience for users that want to run x86 and x86-64 binaries on their aarch64 systems. This also includes integration into the AArch64 Fedora KDE spin as a non-blocking component of the spin.

↫ Fedora 42 release notes

You can download and install Fedora 42, or if you’re already a Fedora user, you can upgrade through your graphical update utility or the command line using DNF.

exwm: Emacs X Windows Manager 15 Apr 2025, 3:27 pm

EXWM (Emacs X Window Manager) is a full-featured tiling X window manager for Emacs built on top of XELB.

↫ exwm GitHub page

It supports both tiling and stacking windows, dynamic workspaces, RandR, a system tray, and a lot more. XELB stands for X protocol Emacs Lisp Binding, and it’s a “pure Elisp implementation of X11 protocol based on the XML description files from XCB project”.

Whiskey developer throws in the towel, suggests to just buy CrossOver instead 15 Apr 2025, 2:42 pm

Isaac Marovitz, the developer of Whiskey, a frontend for Apple’s Game Porting Toolkit and Wine, has decided to throw in the towel. The developer is advising users to buy CrossOver instead, which provides the same service. The reasoning behind their decision seems sound, and are actually quite noble and considerate.

First and foremost, it’s the usual problem lone developers run into: they lost interest in the project, and to make matters worse, they’re only a student and simply lack the time to keep working on a project they’re simply not really into anymore. Running a complicated project like this on your own, unpaid, while also having to study is hard at the best of times, and if you’re also not interested in it anymore it quickly becomes a massive burden.

The second reason is that originally, Whiskey was just supposed to be a frontend for Wine on the Mac, without actually making any changes to Wine itself. The release of Apple’s Game Porting Toolkit changed the game, though, and all of a sudden Whiskey ended up shipping not just a nice frontend, but also custom versions of Wine. Marovitz states he doesn’t have the required knowledge and expertise to work on Wine, and as such, can’t contribute back to Wine and CrossOver, which feels bad.

By contrast, Whisky is based on CrossOver, but we don’t produce any bespoke fixes. I, quite frankly, do not have the requisite skills or time to do so. As a result, the amount that Whisky as a whole contributes to Wine is practically zero. This is not a fair trade, and continuing this parasitic relationship could easily harm CrossOver’s continued profitability and the existence of Wine on Mac as a whole.

↫ Isaac Marovitz

Wine, of course, has a ton of funding behind it these days, especially from Valve, but Valve’s interest lies solely and exclusively on Linux. While all of Valve’s funds and the work of Wine developers does benefit the Mac, much of the Wine on Mac work is done by CrossOver. I find it incredibly honest and respectful of Marovitz to make it clear he doesn’t want to leech off other people’s work without providing anything in return.

So, Whiskey is no more, but for the few Mac users who want to play Windows games on their Mac, CrossOver exists as a refuge that should work just fine.

Why is there a “small house” in IBM’s Code Page 437? 15 Apr 2025, 1:05 am

There’s a small house ( ⌂ ) in the middle of IBM’s infamous character set Code Page 437. “Small house”—that’s the official IBM name given to the glyph at code position 0x7F, where a control character for “Delete” (DEL) should logically exist. It’s cute, but a little strange. I wonder, how did it get there? Why did IBM represent DEL as a house, of all things?

↫ Heikki Lotvonen

Don’t waste any time here, and go read the article. It’s immediately become one of my favourite reads of all time.

Fedora change aims for 99% package reproducibility 15 Apr 2025, 12:42 am

The effort to ensure that open-source software is reproducible has been gathering steam over the years, and gaining traction with major Linux distributions. Debian, for example, has been working toward reproducible builds for more than a decade; it can now produce official live CDs of the current stable release that are reproducible. Fedora started on the path much later, but it has progressed far enough that the project is now considering a change proposal for the Fedora 43 development cycle, expected to be released in October, with a goal of making 99% of Fedora’s package builds reproducible. So far, reaction to the proposal seems favorable and focused primarily on how to achieve the goal—with minimal pain for packagers—rather than whether to attempt it.

↫ Joe Brockmeier at LWN.net

In the case of individual packages, reproducibility means that if you set up a build environment at home according to Fedora’s specifications, you can create an exact, bit-by-bit identical copy of a package. This is important because it can help detect and guard against supply chain attacks like the infamous xz backdoor attempt that was thwarted only by mere luck.

As the LWN article notes, however, it’s impossible for Fedora to achieve the original “bit-by-bit” part of the definition because of how RPMs are built. RPMs include the signature inside the RPM, and a few other metadata bits are problematic as well. The actual contents of an RPM – the thing you actually install, run, and use – meet the definition of “bit-by-bit”, though. By this point, Fedora has pretty much done all it can through its own infrastructure when it comes to reproducibility, which has brought the project to 90% of packages being reproducible.

It’s going to be up to the individual package maintainers and software developers to get to the desired goal of 99% by Fedora 43, though. To ensure package maintainers take this issue seriously, a change proposal has been proposed to treat reproducibility issues as bugs, with a degree of wiggle room for now (think should instead of must). It’s only a proposal for now, but it’s looking like it will make it.

The excellent – as always – LWN article has a lot more detail about both the proposes changes as well as the various points of view.

“I bought a Mac” 14 Apr 2025, 9:24 pm

Yep. I regret to inform you all that, as of January 2025, I am a Mac user: I bought a Mac. I have betrayed the penguin.

[…]

So, how did such an icon of early 2000s Apple fall into my grubby hands? Well, it all started with the Wii U. I’m not joking.

↫ Loganius

That’s one heck of an excuse to get a PowerPC G4 – needing to do Linux kvm hacking to fix a bug. While getting the PowerMac G4 they bought all set up and working properly for development purposes, someone else fixed the bug in question in the meantime. Such is the way of open source development.

Regardless, as far as classic computers go, PowerPC Macs are a great way to enter the wider hobby of retrocomputing. They’re widely available, incredibly cheap, and offer a ton of variety when it comes to supported operating systems, working with everything from classic Mac OS to Mac OS X, from Linux to the BSDs, down to more exotic awesome stuff like MorphOS. Their popularity also ensures a steady stream of replacement parts, expertise, and community support.

I have a 1.25Ghz 17″ PowerBook G4 for MorphOS, and a snow white iBook G3 for Mac OS 9.2.2, and I’ll never get rid of them.

The subjective charms of Objective-C 14 Apr 2025, 9:10 pm

To argue that Objective-C resembles a metaphysically divine language, or even a good language, is like saying Shakespeare is best appreciated in pig latin. Objective-C is, at best, polarizing. Ridiculed for its unrelenting verbosity and peculiar square brackets, it is used only for building Mac and iPhone apps and would have faded into obscurity in the early 1990s had it not been for an unlikely quirk of history. Nevertheless, in my time working as a software engineer in San Francisco in the early 2010s, I repeatedly found myself at dive bars in SoMa or in the comments of HackerNews defending its most cumbersome design choices.

↫ Gabriel Nicholas at Wired

I’ll just step back and let y’all handle this one.

Pinta 3.0 brings major GTK4 overhaul 13 Apr 2025, 12:52 am

Over 15 years ago, I wrote about the launch of a Paint.NET clone for Linux, called Pinta, written in GTK. That was merely version 0.1, and over time, it’s become somewhat of a staple for many Linux users. The project just released version 3, which is a major revision, moving the application over to GTK4 and Libadwaita.

Built on the robust GTK 4 toolkit and the sleek Libadwaita, Pinta 3.0 brings a redesigned user interface that’s faster, more responsive, and more efficient than ever. Linux users will also benefit from improved system utility integration. On top of all this, new effects and the return of add-ins—previously disabled due to technical constraints—promise to bring even more creative possibilities.

↫ Pinta 3.0 release announcement

Aside from the new user interface and return of add-ins, virtually every aspect of the application seems to have been touched in one way or another. We’ve got improved performance for both the UI and the application’s functionality, better gesture and touch support, redesigned and adaptive toolboxes, improved keyboard support, new effects, and much, much more. Like its original inspiration Paint.NET, Pinta sits between a basic image editor like Microsoft Paint and much more advanced tools like Photoshop and GIMP, and it seems this new release sticks to that position in the market.

You can download Pinta 3.0 for Linux, Windows, and macOS, and it will surely find its way to your distribution’s repository soon enough.

Elliptical Python programming 12 Apr 2025, 10:34 pm

One thing I love about Python is how it comes with its very own built-in zen. In moments of tribulations, when I am wrestling with crooked code and tangled thoughts, I often find solace in its timeless wisdom.

↫ Susam Pal

I can’t program and know nothing about Python, but this still made me laugh.

Windows Recall returns, and its companion feature does not keep data on-device 12 Apr 2025, 12:25 am

Remember Windows Recall, the Windows feature that would take a screenshot of your desktop every three seconds, stored them in a database, and then let you search through them at later dates? The feature has been hobbled by implementation problems, security issues, and privacy troubles, and has been released in preview and pulled since its original unveiling. Well, it’s back in testing now for users of the Release Preview Channel.

As you use your Copilot+ PC throughout the day working on documents or presentations, taking video calls, and context switching across activities, Recall will take regular snapshots and help you find things faster and easier. When you need to find or get back to something you’ve done previously, open Recall and authenticate with Windows Hello.

↫ Windows Insider blog

The “AI” magic (meaning, OCR and image recognition, but with sparkles) runs locally, on device, and supposedly, the collected screenshots and data extracted from them never leave your device – at least, for now. The tech industry has a long history of relegating its promises, so excuse me if I don’t have a ton of faith in this data remaining on a Windows PC for too long into the future.

Case in point, a related Windows Copilot feature: Copilot Vision. This is very similar to Windows Recall, but instead of taking automating screenshots every few seconds, you can invoke it manually so that Copilot will “read” the current contents of your desktop, applications, and so on, allowing you to ask questions, get help, and so on. The kicker, however, is that while the screenshots and resulting data from Recall supposedly remains on your machine, whatever Copilot Vision does is done on Microsoft’s servers. In other words, a feature very similar to Windows Recall is already sending your personal, private data to Microsoft.

I’m sorry, but I just don’t think Windows Recall will remain “on-device” for very long. The temptation to hoover that data up into the giant advertising machine is too great, and there’s no way in hell Microsoft will be able to resist it.

MacSSL: a port of Mbed-TLS for the classic Mac OS 7/8/9 11 Apr 2025, 9:35 pm

Yesterday we had SDL2 for the classic Mac OS, today we have modern SSL/TLS for the classic Mac OS.

This is a C89/C90 port of MbedTLS for Mac System 7/8/9. It works, and compiles under Metrowerks Codewarrior Pro 4.

This is a basic app that performs a GET request on whatever is in api.h, and prints the result out to the text box (with a lot of debug information, of course). The idea of this project was to build an ‘app’ of sorts for 640by480, my ‘instagram clone for vintage digital cameras’. The idea would be to login, post images, view images, and read comments. I would need HTTPS for that, so here we are: a port of MbedTLS for the classic mac.

↫ MacSSL GitHub page

It’s remarkable what tenacity can achieve.