This week saw the release of the LXQt 2.0 desktop environment, reports 9to5Linux. And besides bringing Qt 6 support (and a new default application menu), it also brings support for the Wayland display protocol to more components: The LXQt development is confident that the next major release, LXQt 2.1, will be fully Wayland compatible. The components that need to be ported to Wayland include ScreenGrab, LXQt Global Shortcuts, LXQt Panel's task-bar and keyboard indicator, some input settings, and settings of monitor, power button, and screen locker.

"Wayland will be the main target for LXQt 2.1.0, as Qt6 was for LXQt 2.0.0" said the devs. "Most Wayland compositors have tools that can be used instead of them, such that an LXQt-Wayland session is already possible for advanced users."
The lightweight Linux distro Lubuntu uses LXQtplace in place of GNOME — and Lubuntu 24.04 LTS will include an optional Wayland session alongside its default Xorg one, according to 9to5Linux:

I said it before and I'll say it again, 2024 is the year of the Wayland desktop... The Lubuntu team plans to support the Xorg session until 2026 to aid users with older GPUs... However, the tables will be turned next year with the Lubuntu 24.10 release, which will be shipping with Wayland by default.

Linux Mint 21.3 is now available to download, reports the blog OMG Obuntu.

It's the first version to offer Wayland support in its Cinnamon desktop: Following a successful bout of bug-busting in last month's beta release, Mint devs have gone ahead and rubber-stamped a stable release. Thus, you can reasonably expect to not encounter any major issues when installing or using it... [I]t's based on Ubuntu 22.04 LTS and continues to use the Linux 5.15 kernel by default, but newer kernels are available to install within the OS...

In my own testing I find Cinnamon's Wayland support to be well-rounded. It's not perfect but I didn't hit any major snafus that prevented me from working (though admittedly I did only attempt 'basic' tasks like web browsing, playing music, and adding applets). However, Cinnamon's Wayland support is in an early state, is not enabled by default, and Linux Mint devs expect it won't be good enough for everyone until the 23.x series (due 2026) at the earliest. Still, try it out yourself and see if it works for you. Select the 'Cinnamon on Wayland (Experimental)' session from the login screen session selector, and then login as normal...

Additionally, the latest version of Mozilla Firefox is pre-installed (as a deb, not a Snap)
Among the new features are a whole new category of desktop add-ons — "Actions" — which upgrade the right-clicking context menu. (So for .iso files there's two new choices: "Verify" or "Make bootable USB stick".)

The article says there's also "a raft of smaller refinements," plus "a bevvy of buffs and embellishments" for Linux Mint's homegrown apps.

Any Linux Mint users reading Slashdot? Share your thoughts or experiences in the comments...

Last January the Register reported that the Budgie desktop environment was planning to switch from using GNOME to Enlightenment. But this week Budgie's project lead David Mohammed and packaging guru Sam Lane "passed on news of a rift — and indeed possible divorce — between Budgie and Enlightenment," the Register reported. "And it's caused by Wayland." The development team of the Budgie desktop is changing course and will work with the Xfce developers toward Budgie's Wayland future...

While Enlightenment does have some Wayland support, in the project's own words this is "still considered experimental and not for regular end users." Mohammed told us... "Progress though towards a full implementation currently doesn't fit into the deemed urgent nature to move to Wayland (Red Hat dropping further X11 development, and questions as to any organisation stepping up, etc.)"

So, instead, Budgie is exploring different ways to build a Wayland-only environment. For now, as we mentioned when looking at Ubuntu's 23.10 release, there's a new windowing library, Magpie. Magpie 0.9 is what the project describes as "a soft-fork of GNOME's mutter at version 43" — the term soft fork meaning it's a temporary means to an end, rather than intended to form an on-going independent continuation.

For the future, though, Mohammed told us... "[T]he Budgie team has been evaluating options to move forward. XFCE are doing some really great work in this area with libxfce4windowing — a compatibility layer bridging Wayland and X11, allowing the move in a logical direction without needing a big-bang approach. To date, most of the current codebase has already been reworked and is ready for a Wayland-only approach without impacting further development and enhancements."
Mohammed later told the Register, "It makes sense for the more dynamic smaller projects to work together where there are shared aims."

Recently the Register pointed out that the new (Debian-based) Raspberry Pi OS 5.0 has "a completely new Wayland desktop environment replacing PIXEL, the older desktop based on LXDE and X.org, augmented with Mutter in its previous release."

And when elementary OS 8 finally arrives, "the development team plans to finally shift to the Wayland display server by default," reports Linux magazine (adding "If you'd like to get early access to daily builds, you can do so by becoming an elementary OS sponsor on GitHub.")

"This is a transition that we have been planning and working towards for several years," writes CEO/co-founder Danielle Foré, "and we're finally in the home stretch... Wayland will bring us improved performance, better app security, and opens the doors to support more complex display setups like mixed DPI multi-monitor setups." There are other things that we're experimenting with, like the possibility of an immutable OS, and there are more mundane things that will certainly happen like shipping Pipewire. You'll also see on the project board that we're looking to replace the onscreen keyboard and it's time to re-evaluate some things like SystemD Boot. You can expect lots more little features to be detailed over the coming months.
Meanwhile, Linux Mint is getting "experimental" Wayland support next month. And also in December, Firefox will let Wayland support be enabled by default.

And last month the Register noted a merge request for GNOME to remove the gnome-xorg.desktop file. "To put this in context, the Fedora project is considering a comparable change: removing or hiding the GNOME on X.org session from the login menu, which is already the plan for the Fedora KDE spin when it moves to KDE version 6, which is still in development."

"The work started on Wayland," the Linux Mint project announced in their monthly newsletter.

An anonymous reader shared this report from 9to5Linux about an upcoming new option in the Ubuntu-based distro: Linux Mint 21.3 [planned for Christmas of 2023] will be the first Linux Mint release to offer a Wayland session, but in an experimental state. The default session will still be the X11 one, but users who want to try Wayland can do so by selecting the "Cinnamon on Wayland" session from the login screen.

"The Wayland session won't be as stable as the default one. It will lack features and it will come with its own limitations. We won't recommend it but you'll be able to give it a shot if you want to and it'll be there for interested people if they want to give us feedback," said Linux Mint project leader Clement Lefebvre.

I said that "2024 is the year of the Wayland desktop", but Clement Lefebvre doesn't think Linux Mint needs Wayland support before 2026... By that time, I believe Xfce will also be fully Wayland compatible so that Linux Mint can fully switch to Wayland by default.
The newsletter says the 2026 target "leaves us two years to identify and to fix all the issues. It's something we'll continue to work on.

"Whenever it happens, assuming it does, we'll consider switching defaults. We'll use the best tools to do the job and provide the best experience. Today that means Xorg. Tomorrow it might mean Wayland. We'll be ready and compatible with both."

Microsoft will deprecate the classic edition of its Azure Virtual Desktop desktop-as-a-service (DaaS) and has given customers three years to keep using the service before they'll need to find an alternative. From a report: The software giant seems to have spent years trying to confuse cloudy DaaS users, as it has offered two products called Azure Virtual Desktop, with varying degrees of integration with Azure.

The "classic" service has a management GUI that's not part of the Azure Portal and isn't addressable with the Azure Resource Manager (ARM), Microsoft's main deployment and management service for its cloud. The successor to Azure Virtual Desktop (AVD) classic is called -- wait for it -- "Azure Virtual Desktop." This from the innovative minds that suddenly and inexplicably renamed Azure Active Directory as "Entra" and kept the name "Active Directory" for on-prem directories.

Slashdot reader Dave Knott writes: John Warnock, co-founder and ex-CEO of Adobe, has died at the age of 82. Under his tenure, Adobe created Postscript, Acrobat, Photoshop, and many other technologies and software products that have become industry standards in publishing, graphic design, video editing, photography and more. A cause of death has not been released; he is survived by his wife, graphic designer Marva Warnock, and his three children
Slashdot covered the death of Adobe co-founder Charles 'Chuck' Geschke in 2021: The company started in co-founder John Warnock's garage in 1982, and was named after the Adobe Creek which ran behind Warnock's home, offering pioneering capabilities in "What you see is what you get" (or WYSIWYG) desktop publishing... [Gizmodo writes] after earning a doctorate from Carnegie Mellon University, Geschke met Warnock while working at the Xerox Palo Alto Research Center, according to the Mercury News.
"In the Spring of 1991 Dr. John Warnock wrote a paper he dubbed 'Camelot' in which the Adobe Systems Co-founder and CEO laid out the foundation for what has become Acrobat/PDF," remembers this 2002 Slashdot post.

And last year Silicon Valley's Computer History Museum publicly released "for the first time, the source code for the breakthrough printing technology, PostScript. We thank Adobe, Inc. for their permission and support, and John Warnock for championing this release.... From the start of Adobe Systems Incorporated (now Adobe, Inc.) exactly forty years ago in December 1982, the firm's cofounders envisioned a new kind of printing press â" one that was fundamentally digital, using the latest advances in computing. Initial discussions by cofounders Chuck Geschke and John Warnock with computer-makers such as Digital Equipment Corporation and Apple convinced them that software was the key to the new digital printing press. Their vision: Any computer could connect with printers and typesetters via a common language to print words and images at the highest fidelity. Led by Warnock, Adobe assembled a team of skillful and creative programmers to create this new language. In addition to the two cofounders, the team included Doug Brotz, Bill Paxton, and Ed Taft. The language they created was in fact a complete programming language, named PostScript, and was released by Adobe in 1984.

By treating everything to be printed the same, in a common mathematical description, PostScript granted abilities offered nowhere else. Text and images could be scaled, rotated, and moved at will, as in the opening image to this essay. Adobe licensed PostScript to computer-makers and printer manufacturers, and the business jumped into a period of hypergrowth....

Today, most printers rely on PostScript technology either directly or through a technology that grew out of it: PDF (Portable Document Format). John Warnock championed the development of PDF in the 1990s, transforming PostScript into a technology that was safer and easier to use as the basis for digital documents, but retaining all the benefits of interoperability, fidelity, and quality.

The Register shares its collection of "signs that Wayland is becoming the favored way to get a GUI on Linux." - The team developing Linux for Apple Silicon Macs said they didn't have the manpower to work on X.org support.

- A year ago, the developers of the Gtk toolkit used by many Linux apps and desktops said that the next version may drop support for X11...

- One of the developers of the Budgie desktop, Campbell Jones, recently published a blog post with a wildly controversial title that made The Reg FOSS desk smile: "Wayland is pretty good, actually." He lays out various benefits that Wayland brings to developers, and concludes: "Primarily, what I've learned is that Wayland is actually really well-designed. The writing is on the wall for X, and Wayland really is the future." Partly as a result of this, it looks likely that the next version of the Budgie desktop, Budgie 11, will only support Wayland, completely dropping support for X11. The team point out that this is not such a radical proposition: there was a proposal to make KDE 6 sessions default to Wayland as long ago as last October...

- The GNOME spin of Fedora has defaulted to Wayland since version 25 in 2017, and the GNOME flavor of Ubuntu since 21.04.

- [T]here's now an experimental effort to get Wayland working on OpenBSD. The effort happened at the recent OpenBSD hackathon in Tallinn, Estonia, and the developer's comments are encouraging. It's already available as part of FreeBSD.

Intel has announced Intel One Mono, a new font catering to "the needs of developers" with an "expressive" monospace for clarity and legibility" It's easier to read, and available for free, with an open-source font license.

Identifying the typographically underserved low-vision developer audience, Frere-Jones Type designed the Intel One Mono typeface in partnership with the Intel Brand Team and VMLY&R, for maximum legibility to address developers' fatigue and eyestrain and reduce coding errors. A panel of low-vision and legally blind developers provided feedback at each stage of design.
The Linux blog OMG! Ubuntu calls the new font "pretty decent," adding that "Between IBM Plex Mono, Hack, Fira Code, and JetBrains Mono I think we Linux users are spoilt for choice when it comes to open-source monospace fonts that look good and work great.

"Still, there's always room for more, right...?" Better yet, it's not only free to download and use but free to edit, and free to redistribute... Overall, I think Intel One Mono looks great, especially in a text editor (GUI or CLI). There's a noticeable upper and lower margin to the font that in dense text situations allows text to breathe, but in some terminal tools, like Neofetch, the gaps can seem a bit too happy.
The Intel One Mono repository on GitHub includes instructions for activating the font in VSCode and Sublime Text, and lists some extra features accessible in some applications and via CSS:

• There is an option for a raised colon, either applied contextually between numbers or activated generally.

• Superior/superscript and inferior/subscript figures are included via their Unicode codepoints, or you can produce them from the default figures via the sups (Superscript), subs (Subscript), and si (Scientific Inferior) features.

• Fraction numerals are similarly available via the numr (Numerator) and dnom (Denominator) features. A set of premade fractions is also available in the fonts.

An anonymous Slashdot reader shared this report from Axios: The Chinese Communist Party "maintained supreme access" to data belonging to TikTok parent company ByteDance, including data stored in the U.S., a former top executive claimed in a lawsuit Friday...

In a wrongful dismissal suit filed in San Francisco Superior Court, Yintao Yu said ByteDance "has served as a useful propaganda tool for the Chinese Communist Party." Yu, whose claim says he served as head of engineering for ByteDance's U.S. offices from August 2017 to November 2018, alleged that inside the Beijing-based company, the CCP "had a special office or unit, which was sometimes referred to as the 'Committee'." The "Committee" didn't work for ByteDance but "played a significant role," in part by "gui[ding] how the company advanced core Communist values," the lawsuit claims... The CCP could also access U.S. user data via a "backdoor channel in the code," the suit states...

In an interview with the New York Times, which first reported the lawsuit, Yu said promoting anti-Japanese sentiment was done without hesitation.
"The allegations come as federal officials weigh the fate of the social media giant in the U.S. amid growing concerns over national security and data privacy," the article adds.

Yu also accused ByteDance of a years-long, worldwide "scheme" of scraping data from Instagram and Snapchat to post on its own services.

The European Organization for Nuclear Research (CERN) on Sunday celebrated the 30th anniversary of releasing the World Wide Web into the public domain. From a report: As the World Wide Web Consortium's brief history of the web explains, in 1989 Tim Berners-Lee - then a fellow at CERN - proposed that the organization adopt "a global hypertext system." His first name for the project was "Mesh." And as the Consortium records, in 1990 Berners-Lee set to work on "a hypertext GUI browser+editor using the NeXTStep development environment. He makes up 'WorldWideWeb' as a name for the program." Berners-Lee's work gathered a very appreciative audience inside CERN, and soon started to attract attention elsewhere. By January 1993, the world had around 50 HTTP servers. The following month, the first graphical browser -- Marc Andreessen's Mosaic -- appeared. Alternative hypertext tools, like Gopher, started to lose their luster. On April 30, 1993, CERN signed off on a decision that the World Wide Web -- a client, server, and library of code created under its roof -- belonged to humanity (the letter was duly stamped on May 3).

"Earth's magnetic environment is filled with a symphony of sound that we cannot hear," NASA wrote this month. When solar winds approach earth, "it causes the magnetic field lines and plasma around Earth to vibrate like the plucked strings of a harp, producing ultralow-frequency waves... a cacophonous operetta portraying the dramatic relationship between Earth and the Sun."

So NASA is now announcing "a new NASA-funded citizen science project called HARP — or Heliophysics Audified: Resonances in Plasmas " that has "turned those once-unheard waves into audible whistles, crunches, and whooshes..." Or, as the Washington Post puts it, "NASA wants your help listening in on the universe."

From NASA's news release: In 2007, NASA launched five satellites to fly through Earth's magnetic "harp" — its magnetosphere — as part of the THEMIS mission (Time History of Events and Macroscale Interactions during Substorms). Since then, THEMIS has been gathering a bounty of information about plasma waves across Earth's magnetosphere. "THEMIS can sample the whole harp," said Michael Hartinger, a heliophysicist at the Space Science Institute in Colorado. "And it's been out there a long time, so it has collected a lot of data."

The frequencies of the waves THEMIS measures are too low for our ears to hear, however. So the HARP team sped them up to convert them to sound waves. By using an interactive tool developed by the team, you can listen to these waves and pick out interesting features you hear in the sounds... Preliminary investigations with HARP have already started revealing unexpected features, such as what the team calls a "reverse harp" — frequencies changing in the opposite way than what scientists anticipated...

"Data sonification provides human beings with an opportunity to appreciate the naturally occurring music of the cosmos," said Robert Alexander, a HARP team member from Auralab Technologies in Michigan. "We're hearing sounds that are literally out of this world, and for me that's the next best thing to floating in a spacesuit."

To start exploring these sounds, visit the HARP website.
"Think listening to years' worth of wave patterns is a job for artificial intelligence? Think again," writes the Washington Post. In a news release, HARP team member Martin Archer of Imperial College London says humans are often better at listening than machines. "The human sense of hearing is an amazing tool," Archer says. "We're essentially trained from birth to recognize patterns and pick out different sound sources. We can innately do some pretty crazy analysis that outperforms even some of our most advanced computer algorithms."

Bleeping Computer warned this week about compromised web sites "that display fake Google Chrome automatic update errors that distribute malware to unaware visitors." The campaign has been underway since November 2022, and according to NTT's security analyst Rintaro Koike, it shifted up a gear after February 2023, expanding its targeting scope to cover users who speak Japanese, Korean, and Spanish. BleepingComputer has found numerous sites hacked in this malware distribution campaign, including adult sites, blogs, news sites, and online stores...

If a targeted visitor browses the site, the scripts will display a fake Google Chrome error screen stating that an automatic update that is required to continue browsing the site failed to install. "An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update," reads the fake Chrome error message. The scripts will then automatically download a ZIP file called 'release.zip' that is disguised as a Chrome update the user should install.

However, this ZIP file contains a Monero miner that will utilize the device's CPU resources to mine cryptocurrency for the threat actors. Upon launch, the malware copies itself to C:\Program Files\Google\Chrome as "updater.exe" and then launches a legitimate executable to perform process injection and run straight from memory. According to VirusTotal, the malware uses the "BYOVD" (bring your own vulnerable driver) technique to exploit a vulnerability in the legitimate WinRing0x64.sys to gain SYSTEM privileges on the device.

The miner persists by adding scheduled tasks and performing Registry modifications while excluding itself from Windows Defender. Additionally, it stops Windows Update and disrupts the communication of security products with their servers by modifying the IP addresses of the latter in the HOSTS file. This hinders updates and threat detection and may even disable an AV altogether.

"The fact remains that Google Chrome is the arbiter of web standards," argues FSF campaigns manager Greg Farough (while adding that Firefox, "through ethical distributions like GNU IceCat and Abrowser, can weaken that stranglehold.")

"Google's deprecation of the JPEG-XL image format in February in favor of its own patented AVIF format might not end the web in the grand scheme of things, but it does highlight, once again, the disturbing amount of control it has over the platform generally." Part of Google's official rationale for the deprecation is the following line: "There is not enough interest from the entire ecosystem to continue experimenting with JPEG-XL." Putting aside the problematic aspects of the term "ecosystem," let us remark that it's easy to gauge the response of the "entire ecosystem" when you yourself are by far the largest and most dangerous predator in said "ecosystem." In relation to Google's overwhelming power, the average web user might as well be a microbe. In supposedly gauging what the "ecosystem" wants, all Google is really doing is asking itself what Google wants...

While we can't link to Google's issue tracker directly because of another freedom issue — its use of nonfree JavaScript — we're told that the issue regarding JPEG-XL's removal is the second-most "starred" issue in the history of the Chromium project, the nominally free basis for the Google Chrome browser. Chromium users came out of the woodwork to plead with Google not to make this decision. It made it anyway, not bothering to respond to users' concerns. We're not sure what metric it's using to gauge the interest of the "entire ecosystem," but it seems users have given JPEG-XL a strong show of support. In turn, what users will be given is yet another facet of the web that Google itself controls: the AVIF format.

As the response to JPEG-XL's deprecation has shown, our rallying together and telling Google we want something isn't liable to get it to change its mind. It will keep on wanting what it wants: control; we'll keep on wanting what we want: freedom.

Only, the situation isn't hopeless. At the present moment, not even Google can stop us from creating the web communities that we want to see: pages that don't run huge chunks of malicious, nonfree code on our computers. We have the power to choose what we run or do not run in our browsers. Browsers like GNU IceCat (and extensions like LibreJS and JShelter> ) help with that. Google also can't prevent us from exploring networks beyond the web like Gemini. What our community can do is rally support behind those free browsers that choose to support JPEG-XL and similar formats, letting the big G know that even if we're smaller than it, we won't be bossed around.

An anonymous reader shares this report from AppleInsider: Apple has allegedly demonstrated its mixed reality headset to its top executives recently, in an attempt to generate excitement for the upcoming platform launch. While executives are keen on the product, others within Apple are not sure it's a home run hit. Eight anonymous current and former employees told the New York Times that they are skeptical about the headset, despite Apple's apparent glossy demonstration of the technology.
Manufacturing has already begun for a June release of the $3,000 headset, insiders say in the Times' article: Some employees have defected from the project because of their doubts about its potential, three people with knowledge of the moves said. Others have been fired over the lack of progress with some aspects of the headset, including its use of Apple's Siri voice assistant, one person said.Even leaders at Apple have questioned the product's prospects. It has been developed at a time when morale has been strained by a wave of departures from the company's design team, including Mr. Ive, who left Apple in 2019 and stopped advising the company last year....

Because the headset won't fit over glasses, the company has plans to sell prescription lenses for the displays to people who don't wear contacts, a person familiar with the plan said. During the device's development, Apple has focused on making it excel for videoconferencing and spending time with others as avatars in a virtual world. The company has called the device's signature application "copresence," a word designed to capture the experience of sharing a real or virtual space with someone in another place. It is akin to what Mark Zuckerberg, Facebook's founder, calls the "metaverse...."

But the road to deliver augmented reality has been littered with failures, false starts and disappointments, from Google Glass to Magic Leap and from Microsoft's HoloLens to Meta's Quest Pro. Apple is considered a potential savior because of its success combining new hardware and software to create revolutionary devices.

Still, the challenges are daunting.

Phoronix reports: While Ubuntu Linux hasn't provided Flatpak support out-of-the-box due to their preference of using their own Snap app packaging/distribution format, Ubuntu flavors/spins have to this point been able to pre-install Flatpak support if they desired. However, for the 23.04 "Lunar Lobster" cycle and moving forward, Ubuntu flavors will no longer be permitted to install Flatpak packages by default.

Flatpak support for Ubuntu and its flavors will remain available in the Ubuntu archive so those wanting to install Flatpak support can easily do so post-install.

This change going into effect with the 23.04 cycle is making it so no Ubuntu flavors will have Flatpak support installed by default / out-of-the-box: they are supposed to center around Debian packages and Snaps for their out-of-the-box packaging support to align with Ubuntu.
From the blog OMG Ubuntu: Ubuntu developers have agreed to stop shipping Flatpak, preinstalled Flatpak apps, and any plugins needed to install Flatpak apps through a GUI software tool in the default package set across all eight of Ubuntu's official flavors, as of the upcoming Ubuntu 23.04 release.

Ubuntu says the decision will 'improve the out-of-the-box Ubuntu experience' for new users by making it clearer about what an "Ubuntu experience" is....

As far as Ubuntu is concerned, only deb and snap software is intrinsic to the 'Ubuntu experience', and that experience now needs to be offered everywhere. Flavor leads (apparently) agree, and have all agreed to mirror regular Ubuntu by not offering Flatpak features in their default install for future releases....

Flatpak will not be uninstalled or removed when user makes the upgrade to Ubuntu 23.04 from a version where Flatpak is already present.

Long-time Slashdot reader destinyland writes: Someone made a Chromium fork... for your terminal. The terminal-based browser Carbonyl "adheres to, and is compatible with modern standards," writes MUO, "meaning that pages behave as they should, and you can even watch streaming video, within the Linux terminal!"

But best of all, "Pages connect and render in an instant—seemingly quicker than a desktop GUI browser, and every page we visited was rendered correctly."
From the article: There are a bunch of good reasons to browse the internet from the comfort of your terminal. It could be that eschewing the bloat of X.org and Wayland, a terminal is all you have. Maybe you like SSHing into remote machines and browsing the internet from there.

Perhaps you, like us, just really, really like terminals.

Whatever the reason, your choices of web browsers have, until recently, been limited, and your experience of the world wide web has been a janky, barely-functional one.... We tested Carbonyl in a range of Linux terminals, including the XFCE terminal. GNOME terminal, kitty, and the glorious Cool Retro Terminal. Carbonyl was smooth, fast, and flawless in all of them.

We even connected to our Raspberry Pi via SSH in CRT, and ran Carbonyl remotely, watching Taylor Swift music videos on YouTube. No problem.
And yes, you can use it to play DOOM.

An anonymous reader quotes a report from Ars Technica: As part of the Apple Lisa's 40th birthday celebrations, the Computer History Museum has released the source code for Lisa OS version 3.1 under an Apple Academic License Agreement. With Apple's blessing, the Pascal source code is available for download from the CHM website after filling out a form. Lisa Office System 3.1 dates back to April 1984, during the early Mac era, and it was the Lisa equivalent of operating systems like macOS and Windows today. The entire source package weighs is about 26MB and consists of over 1,300 commented source files, divided nicely into subfolders that denote code for the main Lisa OS, various included apps, and the Lisa Toolkit development system.

First released on January 19, 1983, the Apple Lisa remains an influential and important machine in Apple's history, pioneering the mouse-based graphical user interface (GUI) that made its way to the Macintosh a year later. Despite its innovations, the Lisa's high price ($9,995 retail, or about $30,300 today) and lack of application support held it back as a platform. A year after its release, the similarly capable Macintosh undercut it dramatically in price. Apple launched a major revision of the Lisa hardware in 1984, then discontinued the platform in 1985. [...] Lisa OS defined important conventions that we still use in windowing OSes today, such as drag-and-drop icons, movable windows, the waste basket, the menu bar, pull-down menus, copy and paste shortcuts, control panels, overlapping windows, and even one-touch automatic system shutdown.

A Canadian systems security consultant discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware. BleepingComputer reports: The malware was discovered by Daniel Milisic, who created a script and instructions to help users nullify the payload and stop its communication with the C2 (command and control) server. The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms. It is unclear if this single device was affected or if all devices from this model or brand include the malicious component.

Milisic believes the malware installed on the device is a strain that resembles 'CopyCat,' a sophisticated Android malware first discovered by Check Point in 2017. This malware was previously seen in an adware campaign where it infected 14 million Android devices to make its operators over $1,500,000 in profits. The analyst tested the stage-1 malware sample on VirusTotal, where it returns only 13 detections out of 61 AV engine scans, classified with the generic term of an Android trojan downloader. [...]

Unfortunately, these inexpensive Android-based TV box devices follow an obscure route from manufacturing in China to global market availability. In many cases, these devices are sold under multiple brands and device names, with no clear indication of where they originate. [...] To avoid such risks, you can pick streaming devices from reputable vendors like Google Chromecast, Apple TV, NVIDIA Shield, Amazon Fire TV, and Roku Stick.

At least three major torrent sites are currently exposing intimate details of their operations to anyone with a web browser. TorrentFreak understands that the sites use a piece of software that grabs brand-new content from other sites before automatically uploading it to their own. A security researcher tried to raise the alarm but nobody will listen. From the report: To get their hands on the latest releases as quickly as possible, [private torrent sites, or private trackers as they're commonly known] often rely on outside sources that have access to so-called 0-Day content, i.e, content released today. The three affected sites seem to have little difficulty obtaining some of their content within minutes. At least in part, that's achieved via automation. When outside suppliers of content are other torrent sites, a piece of software called Torrent Auto Uploader steps in. It can automatically download torrents, descriptions, and associated NFO files from one site and upload them to another, complete with a new .torrent file containing the tracker's announce URL. The management page [here] has been heavily redacted because the content has the potential to identify at least one of the sites. It's a web interface, one that has no password protection and is readily accessible by anyone with a web browser. The same problem affects at least three different servers operated by the three sites in question.

Torrent Auto Uploader relies on torrent clients to transfer content. The three sites in question all use rTorrent clients with a ruTorrent Web UI. We know this because the researcher sent over a whole bunch of screenshots and supporting information which confirms access to the torrent clients as well as the Torrent Auto Uploader software. The image [here] shows redactions on the tracker tab for good reason. In a regular setup, torrent users can see the names of the trackers coordinating their downloads. This setup is no different except that these URLs reference three different trackers supplying the content to one of the three compromised sites.

Rather than publish a sequence of completely redacted screenshots, we'll try to explain what they contain. One begins with a GET request to another tracker, which responds with a torrent file. It's then uploaded to the requesting site which updates its SQL database accordingly. From there the script starts checking for any new entries on a specific RSS feed which is hidden away on another site that has nothing to do with torrents. The feed is protected with a passkey but that's only useful when nobody knows what it is. The same security hole also grants direct access to one of the sites tracker 'bots' through the panel that controls it. Then there's access to 'Staff Tools' on the same page which connect to other pages allowing username changes, uploader application reviews, and a list of misbehaving users that need to be monitored. That's on top of user profiles, the number of torrents they have active, and everything else one could imagine. Another screenshot featuring a torrent related to a 2022 movie reveals the URL of yet another third-party supplier tracker. Some basic queries on that URL lead to even more torrent sites. And from there, more, and more, and more -- revealing torrent passkeys for every single one on the way.