AlmaLinux describes itself as "an open-source, community-driven project that intends to fill the gap left by the demise of the CentOS stable release." And now AlmaLinux "has announced their beta release of their CentOS/RHEL 8 fork," writes Slashdot reader juniorkindergarten.

AlmaLinux will be getting $1 million a year in development funding from CloudLinux (the company behind CloudLinux OS, a CentOS clone with over 200,000 active server instances). Their CEO stresses that AlmaLinux "is built with CloudLinux expertise but will be owned and governed by the community. We intend to deliver this forever-free Linux distribution this quarter." And they've committed to supporting it through 2029.

Their press release touts AlmaLinux as "a 1:1 binary compatible fork of RHEL 8, with an effortless migration path from CentOS to AlmaLinux. Future RHEL releases will also be forked into a new AlmaLinux release."

From the AlmaLinux blog: We've collected community feedback and built our new beta release around what you would expect from an enterprise-level Linux distribution...inspired by the community and built by the engineers and talent behind CloudLinux. Visit https://almalinux.org to download the Beta images.

With the Beta release deployed, we'd like to ask the community to be involved and provide feedback. We aim to build a Linux distribution entirely from community contributions and feedback. During AlmaLinux Beta, we ask for assistance in testing, documentation, support and future direction for the operating system. Together, we can build a Linux distribution that fills the gap left by the now unsupported CentOS distribution.
On Wednesday they'll be hosting a live QA webinar with the AlmaLinux team. And there's also a small AlmaLinux forum on Reddit.

A British security researcher has discovered this week that a recent security flaw in the Sudo app also impacts the macOS operating system, and not just Linux and BSD, as initially believed. From a report: The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users. Qualys researchers discovered that they could trigger a "heap overflow" bug in the Sudo app to change the current user's low-privileged access to root-level commands, granting the attacker access to the whole system. The only condition to exploit this bug was that an attacker gain access to a system, which researchers said could be done by either planting malware on a device or brute-forcing a low-privileged service account. In their report last week, Qualys researchers said they only tested the issue on Ubuntu, Debian, and Fedora. They said that are UNIX-like operating systems are also impacted, but most security researchers thought the bug might impact BSD, another major OS that also ships with the Sudo app.

VideoLAN, in a blog post: The VideoLAN project and the VideoLAN non-profit organization are happy to celebrate today the 20th anniversary of the open-sourcing of the project. VideoLAN originally started as a project from the Via Centrale Reseaux student association, after the successful Network 2000 project. But the true release of the project to the world was on 1st of February 2001, the Ecole Centrale Paris director, Mr. Gourisse, allowed the open-sourcing of the whole VideoLAN project under the GNU GPL. This open sourcing concerned all the software developed by the VideoLAN project, including VideoLAN Client, VideoLAN Server, VideoLAN Bridge, VideoLAN Channel Switcher, but also libraries to decode DVDs, like libdca, liba52 or libmpeg2. At that time, this was a risky decision for the Ecole Centrale Paris, and the VideoLAN project is very grateful.

Since then, the project evolved to become a French non-profit organization, and continued developing numerous solutions around the free software multimedia world. Today, VLC media player is used regularly by hundreds of millions of users, and has been downloaded more than 3.5 billion times over the years. VLC is today available on Windows, macOS, Linux, Android (including TV and Auto versions), iOS (and AppleTV), OS/2 and BSD. Over the years, around 1000 volunteers worked to make VLC a reality.

Google has started rolling out Chrome OS 88. The update includes a couple of enhancements, the most notable of which is a new screen saver you can use to get more functionality out of your computer's lock screen. Engadget reports: By enabling the feature, your Chromebook will be able to display images from your Google Photos library, including those you've organized into specific albums. You can also choose from a selection of default images put together by Google. If you use the Google Photos functionality built into the Pixel Stand and Nest Hub, you'll have a good idea of how the screen saver works.

The lock screen also displays the time and local weather and provides you with easy to access media controls so you can pause or play a song. You'll find your WiFi and battery status on the bottom right corner and the option to sign out from your account if you want. You enable the feature by digging into the settings menu of Chrome OS and finding your way to the Personalization section. Once enabled, it will turn on when the operating system detects that your device has been idle for some time. The update also introduces a feature that allows you to use your pin or fingerprint, instead of a password, to log into websites that support the WebAuthn standard.

Google released Chrome 88 this week — and besides improving its dark mode support, they removed support for both Adobe Flash and FTP.

PC World calls it "the end of two eras." The most noteworthy change in this update is what's not included. Chrome 88 lays Adobe Flash and the FTP protocol to rest. RIP circa-2000 Internet.

Neither comes as a surprise, though it's poetic that they're being buried together. Adobe halted Flash Player downloads at the end of 2020, making good on a promise made years before, and began blocking Flash content altogether a couple weeks later. Removing Flash from Chrome 88 is just Google's way of flushing the toilet.

On the other hand, FTP isn't dead, but it is now for Chrome users. The File Transport Protocol has helped users send files across the Internet for decades, but in an era of prolific cloud storage services and other sharing methods, its use has waned. Google started slowly disabling FTP support in Chrome 86, per ZDNet, and now you'll no longer be able to access FTP links in the browser. Look for standalone FTP software instead if you need it, such as FileZilla.

That's not all. Mac users should be aware that Chrome 88 drops support for OS X 10.10 (OS X Yosemite). Yosemite released in 2014 and received its last update in 2017...

But Google killing Flash and FTP might be the footnotes that hit old-school web users in the feels.
Chrome 88 will also block non-encrypted downloads originating from an encrypted page, the article reports. And the Verge notes Chrome also offers less intrusive website permission requests (as an experimental feature enabled from chrome://flags/#permission-chip ), while Bleeping Computer describes Chrome 88's new experimental feature for searching through all your open tabs.

And Chrome's blog points out some additional features under the hood: Chrome 88 will heavily throttle chained JavaScript timers for hidden pages in particular conditions. This will reduce CPU usage, which will also reduce battery usage. There are some edge cases where this will change behavior, but timers are often used where a different API would be more efficient, and more reliable.

We have learned that Brad Cox, computer scientist known mostly for creating the Objective-C programming language with his business partner Tom Love, died on January 2, 2021 at his residence. He was 76. From a Legacy.com post: Brad was born on May 2, 1944 in Fort Benning, Georgia, to the late Nancy Hinson Cox and Dewey McBride Cox of Lake City, South Carolina. Brad grew up on the family's dairy farm in South Carolina but found himself most interested in science. After graduating from Lake City High School, he received his Bachelor of Science Degree in Organic Chemistry and Mathematics from Furman University, and his Ph.D. from the Department of Mathematical Biology at the University of Chicago, and worked on an early form of neural networks. He soon found himself more interested in computers and got a job at International Telephone and Telegraph (ITT) and later joined Schlumbeger -- Doll Research Labs, and ultimately formed his own Connecticut startup, Productivity Products International (PPI) later named Stepstone.

Among his first known software projects, he wrote a PDP-8 program for simulating clusters of neurons. He worked at the National Institutes of Health and Woods Hole Oceanographic Institute before moving into the software profession. Dr. Cox was an entrepreneur, having founded the Stepstone Company together with Tom Love for releasing the first Objective-C implementation. Stepstone hoped to sell "ICPaks" and Dr. Cox focused on building his ICPak libraries and hired a team to continue work on Objective-C, including Steve Naroff. The late Steve Jobs', NeXT, licensed the Objective-C language for it's new operating system, NEXTSTEP. NeXT eventually acquired Objective- C from Stepstone. Objective-C continued to be the primary programming language for writing software for Apple's OS X and iOS.

Wine 6.0 has been released today and contains over 8,300 changes, according to its full release notes. Windows Central reports: The new release of version 6.0 has thousands of changes, but Wine's website highlights some of the biggest improvements: Core modules in PE format; Vulkan backend for WineD3D; DirectShow and Media Foundation support; and Text console redesign. The full release notes for Wine 6.0 explain that the core DLLs, which include NTDLL, KERNEL32, GDI32, and USER32 are now built in the Portable Executable (PE) format. As a result, people should see improvements for certain copy protection schemes.

The update also includes a new mechanism to associate a Unix library with the PE module. This change makes it so systems can call Unix libraries from PE when trying to perform a function that can't be handled by Win32 APIs. Wine 6.0 also includes an experimental Vulkan rendered that translates Direct3D shaders to SPIR-V shaders. In another change related to Direct3D, the Direct3D graphics card database now recognizes more graphics cards and includes updated driver versions.

The state of Florida's former Covid-19 data manager was arrested today.

After her firing in May of 2020, Rebekah Jones had become a critic of the state's publicly-available information, even setting up her own online dashboard of Covid-19 case data. The state suspected her of being the person who'd illegally accessed the state's emergency alert health system in December to urge Health Department employees to speak up about the coronavirus, and state police obtained a warrant for a raid on her home during which they'd seized her computers and cellphones.

Jones later called the raid a "sham" to retaliate against her for not altering the state's COVID-19 data. This weekend on Twitter, Jones emphasized that the police found zero evidence during their raid to connect her to that message. She also argues that the newer allegation "was issued the day after a Tallahassee judge told police that if they're not investigating a crime, they had to return my equipment."

During that raid "police did find documents I received/downloaded from sources in the state, or something of that nature..." Jones posted Saturday. "[I]t isn't clear at this point what exactly they're saying I had that I shouldn't have had, but an agent confirmed it has nothing to do with the subject of the warrant."

The Tampa Bay Times reports: Jones announced Saturday on Twitter that she learned of the warrant and plans to turn herself in on Sunday. The Florida Department of Law Enforcement confirmed there is a warrant for Jones' arrest but said it cannot disclose what charges she faces until she is in custody.

Agency spokesman Gretl Plessinger said in an email to the Tampa Bay Times that "agents have been working with her attorney to have her turn herself in..."

Jones said she and her attorney were not told what she's being prosecuted for, just that she faces one criminal charge...
"The agent told my lawyer there would be only one charge," Jones tweeted on Saturday, "but emphasized that speaking out or going to the media may result in police 'stacking' additional charges."

UPDATE (1/18/2021): Monday in court prosecutors asked that Jones be banned from the internet, and be required to wear a GPS monitor — but a judge rejected the request (according to a local news report cited by the Orlando Sentinel). The warrant alleges that on Nov. 10, Jones downloaded a file equivalent to between 600 and 700 sheets of paper, containing contact information for about 19,182 Floridians. The file contained names, organizations, titles, home counties as well as personal phone numbers and emails, the warrant states.

On her Twitter account, Jones said the charge was retaliation for her criticisms of the state's COVID-19 response and claimed the charge had nothing to do with the original search warrant at her home last month...

The agency said the message was sent from an IP address that matched Jones' address, according to the warrant. Agents seized a desktop computer from Jones' home during the search, and a forensic analysis revealed she downloaded the file containing the information, the warrant reads.

The charge is a third-degree felony.

Just ahead of its launch for commercial PC-like devices, an install image of Windows 10X for single screens has leaked, giving us an early peek at Microsoft's new OS. And yes, it's just like Chrome OS. From a report: Let's just get that out of the way. Microsoft has been working for years on a Chromebook competitor, but it has been largely unsuccessful. Windows 10 S, which was originally called Windows 10 Cloud, was Terry Myerson's approach, and that, of course, crashed and burned, in part because it looked identical to Windows 10 but couldn't run downloaded Windows 10 desktop applications. And now we have Windows 10X. Microsoft tried to hide its true intent with this product by pretending last year that it was aimed at a new generation of dual-display PCs, but the software giant really created 10X to compete with Chrome OS on inexpensive single-display PCs. So after failing to get its container-based Windows desktop application compatibility solution to work, Microsoft scaled back and repositioned Windows 10X as was originally intended: It will now ship only on new traditional PCs aimed at education and other commercial markets.

Google published a six-part report this week detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices. From a report: The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks, Google said. "One server targeted Windows users, the other targeted Android," Project Zero, one of Google's security teams, said in the first of six blog posts. Google said that both exploit servers used Google Chrome vulnerabilities to gain an initial foothold on victim devices. Once an initial entry point was established in the user's browsers, attackers deployed an OS-level exploit to gain more control of the victim's devices. The exploit chains included a combination of both zero-day and n-day vulnerabilities, where zero-day refers to bugs unknown to the software makers, and n-day refers to bugs that have been patched but are still being exploited in the wild.

Apple has removed a controversial feature from the macOS operating system that allowed 53 of Apple's own apps to bypass third-party firewalls, security tools, and VPN apps installed by users for their protection. From a report: Known as the ContentFilterExclusionList, the list was included in macOS 11, also known as Big Sur. The exclusion list included some of Apple's biggest apps, like the App Store, Maps, and iCloud, and was physically located on disk at: /System/Library/Frameworks/NetworkExtension.framework/Versions/Current/Resources/Info.plist.

Its presence was discovered last October by several security researchers and app makers who realized that their security tools weren't able to filter or inspect traffic for some of Apple's applications. Security researchers such as Patrick Wardle, and others, were quick to point out at the time that this exclusion risk was a security nightmare waiting to happen. They argued that malware could latch on to legitimate Apple apps included on the list and then bypass firewalls and security software.

When a user attempts to load a Flash game or content in a browser such as Chrome, the content now fails to load and instead displays a small banner that leads to the Flash end-of-life page on Adobe's website. While this day has long been coming, with many browsers disabling Flash by default years ago, it is officially the end of a 25-year era for Flash, first introduced by Macromedia in 1996 and acquired by Adobe in 2005. Mac Rumors reports: "Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems," the page reads. Adobe has instructions for uninstalling Flash on Mac, but note that Apple removed support for Flash outright in Safari 14 last year.

Adobe first announced its plans to discontinue Flash in 2017. "Open standards such as HTML5, WebGL, and WebAssembly have continually matured over the years and serve as viable alternatives for Flash content," the company explained. Adobe does not intend to issue Flash Player updates or security patches any longer, so it is recommended that users uninstall the plugin.

Charlotte Web writes: With Linux 5.10 having shipped as the latest Long Term Support (LTS) release to be maintained for at least the next five years, a discussion has begun over dropping a number of old and obsolete CPU platform support currently found within the mainline kernel. For many of the architectures being considered for removal they haven't seen any new commits in years but as is the case once proposals are made for them to be removed there are often passionate users wanting the support to be kept.

Bleeping Computer reports: NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software. The vulnerabilities expose Windows and Linux machines to attacks leading to denial of service, escalation of privileges, data tampering, or information disclosure.

All these security bugs require local user access, which means that potential attackers will first have to gain access to vulnerable devices using an additional attack vector. Following successful exploitation of one of the vulnerabilities patched today, attackers can easily escalate privileges to gain permissions above the default ones granted by the OS.

Slashdot reader the_newsbeagle shares an article from IEEE Spectrum: Many associate XPrize with a $10-million award offered in 1996 to motivate a breakthrough in private space flight. But the organization has since held other competitions related to exploration, ecology, and education. And in November, they launched the Pandemic Response Challenge, which will culminate in a $500,000 award to be split between two teams that not only best predict the continuing global spread of COVID-19, but also prescribe policies to curtail it...

For Phase 1, teams had to submit prediction models by 22 December... Up to 50 teams will make it to Phase 2, where they must submit a prescription model... The top two teams will split half a million dollars. The competition may not end there. Amir Banifatemi, XPrize's chief innovation and growth officer, says a third phase might test models on vaccine deployment prescriptions. And beyond the contest, some cities or countries might put some of the Phase 2 or 3 models into practice, if Banifatemi can find adventurous takers.

The organizers expect a wide variety of solutions. Banifatemi says the field includes teams from AI strongholds such as Stanford, Microsoft, MIT, Oxford, and Quebec's Mila, but one team consists of three women in Tunisia. In all, 104 teams from 28 countries have registered. "We're hoping that this competition can be a springboard for developing solutions for other really big problems as well," Miikkulainen says. Those problems include pandemics, global warming, and challenges in business, education, and healthcare. In this scenario, "humans are still in charge," he emphasizes. "They still decide what they want, and AI gives them the best alternatives from which the decision-makers choose."

But Miikkulainen hopes that data science can help humanity find its way. "Maybe in the future, it's considered irresponsible not to use AI for making these policies," he says.
For the Covid-19 competition, Banifatemi emphasized that one goal was "to make the resulting insights available freely to everyone, in an open-source manner — especially for all those communities that may not have access to data and epidemiology divisions, statisticians, or data scientists."

Microsoft is building a universal Outlook client for Windows and Mac that will also replace the default Mail & Calendar apps on Windows 10 when ready. This new client is codenamed Monarch and is based on the already available Outlook Web app available in a browser today. From a report: Project Monarch is the end-goal for Microsoft's "One Outlook" vision, which aims to build a single Outlook client that works across PC, Mac, and the Web. Right now, Microsoft has a number of different Outlook clients for desktop, including Outlook Web, Outlook (Win32) for Windows, Outlook for Mac, and Mail & Calendar on Windows 10. Microsoft wants to replace the existing desktop clients with one app built with web technologies. The project will deliver Outlook as a single product, with the same user experience and codebase whether that be on Windows or Mac. It'll also have a much smaller footprint and be accessible to all users whether they're free Outlook consumers or commercial business customers. I'm told the app will feature native OS integrations with support for things like offline storage, share targets, notifications, and more. I understand that it's one of Microsoft's goals to make the new Monarch client feel as native to the OS as possible while remaining universal across platforms by basing the app on the Outlook website.

The reason why the Windows UI has a 32GB limit on the formatting of FAT32 volumes is because retired Microsoft engineer Dave Plummer "said so." The confession comes "in the latest of a series of anecdotes hosted on his YouTube channel Dave's Garage," reports The Register. From the report: In the closing years of the last century, Plummer was involved in porting the Windows 95 shell to Windows NT. Part of that was a redo of Windows Format ("it had to be a replacement and complete rewrite since the Win95 system was so markedly different") and, as well as the grungy lower-level bits going down to the API, he also knocked together the classic, stacked Format dialog over the course of an hour of UI creativity. As he admired his design genius, he pondered what cluster sizes to offer the potential army of future Windows NT 4.0 users. The options would define the size of the volume; FAT32 has a set maximum number of clusters in a volume. Making those clusters huge would make for an equally huge volume, but at a horrifying cost in terms of wasted space: select a 32-kilobyte cluster size and even the few bytes needed by a "Hello World" file would snaffle the full 32k.

"We call it 'Cluster Slack'," explained Plummer, "and it is the unavoidable waste of using FAT32 on large volumes." "How large is too large? At what point do you say, 'No, it's too inefficient, it would be folly to let you do that'? That is the decision I was faced with." At the time, the largest memory card Plummer could lay his hands on for testing had an impossibly large 16-megabyte capacity. "Perhaps I multiplied its size by a thousand," he said, "and then doubled it again for good measure, and figured that would more than suffice for the lifetime of NT 4.0. I picked the number 32G as the limit and went on with my day."

While Microsoft's former leader may have struggled to put clear water between himself and the infamous "640K" quote of decades past, Plummer was clear that his decision process was aimed at NT 4.0 and would just be a temporary thing until the UI was revised. "That, however, is a fatal mistake on my part that no one should be excused for making. With the perfect being the enemy of the good, 'good enough' has persisted for 25 years and no one seems to have made any substantial changes to Format since then..." ... However, as Plummer put it: "At the end of the day, it was a simple lack of foresight combined with the age-old problem of the temporary solution becoming de-facto permanent."

Microsoft is planning a "sweeping visual rejuvenation of Windows" that is designed to signal to users of the operating system that "Windows is BACK." From a report: That's according to a job listing posted by Microsoft recently, advertising for a software engineering role in the Windows Core User Experiences team: "On this team, you'll work with our key platform, Surface, and OEM partners to orchestrate and deliver a sweeping visual rejuvenation of Windows experiences to signal to our customers that Windows is BACK and ensure that Windows is considered the best user OS experience for customers." Microsoft quietly removed references to this "sweeping visual rejuvenation" this morning, after several Windows enthusiasts spotted the job listing over the weekend.

Long-time programmer/researcher/former MIT research fellow Jonathan Edwards writes a blog called "Alarming Development: Dispatches from the User Liberation Front."

He began the new year by arguing that software "is eating the world. But progress in software technology itself largely stalled around 1996." Slashdot reader tonique summarizes Edwards' argument: In 1996 there were "LISP, Algol, Basic, APL, Unix, C, Oracle, Smalltalk, Windows, C++, LabView, HyperCard, Mathematica, Haskell, WWW, Python, Mosaic, Java, JavaScript, Ruby, Flash, Postgress [sic]". After that we're supposed to have achieved "IntelliJ, Eclipse, ASP, Spring, Rails, Scala, AWS, Clojure, Heroku, V8, Go, React, Docker, Kubernetes, Wasm".

Edwards's main thesis is that the Internet boom around 1996 caused this slowdown because programmers could get rich quick. Then smart and ambitious people moved into Silicon Valley, and founded startups. But you can't do research at a startup due to time and money constraints. Today only "megacorps" like Google, Facebook, Apple and Microsoft are supposedly able to do relevant research because of their vast resources.

Computer science wouldn't help, either, because "most of our software technology was built in companies" and because computer science "strongly disincentivizes risky long-range research". Further, according to Edwards, the aversion to risk and "hyper-professionalization of Computer Science" is part of a larger and worrisome trend throughout the whole field and all of western civilisation.
Edwards' blog post argues that since 1996 "almost everything has been cleverly repackaging and re-engineering prior inventions. Or adding leaky layers to partially paper over problems below. Nothing is obsoleted, and the teetering stack grows ever higher..."

"[M]aybe I'm imagining things. Maybe the reason progress stopped in 1996 is that we invented everything. Maybe there are no more radical breakthroughs possible, and all that's left is to tinker around the edges. This is as good as it gets: a 50 year old OS, 30 year old text editors, and 25 year old languages.

"Bullshit. No technology has ever been permanent. We've just lost the will to improve."

Ed Bott, writing at ZDNet: With a heartfelt nod to Monty Python, Windows 7 would like you all to know that it's not dead yet. A year after Microsoft officially ended support for its long-running OS, a small but determined population of PC users would rather fight than switch. How many? No one knows for sure, but that number has shrunk substantially in the past year. On the eve of Microsoft's Windows 7 end-of-support milestone, I consulted some analytics experts and calculated that the owners of roughly 200 million PCs worldwide would ignore that deadline and continue running their preferred OS. That was, admittedly, a rough estimate. During the holiday lull at the end of 2020, I decided to go back and run the latest version of those analytics reports. They tell a consistent story.

Let's start with the United States Government Digital Analytics Program, which reports a running, unfiltered total of visitors to U.S. websites over the previous 90 days. One of the datasets includes a report of visits from all PCs running any version of Windows, which makes it an ideal proxy for this question. At the end of December 2019, 75.8% of those PCs were running Windows 10, 18.9% were still on Windows 7, and a mere 4.6% were sticking with the unloved Windows 8.x. A year later, as December 2020 draws to a close, the proportion of PCs running Windows 10 has gone up 12%, to 87.8%; the Windows 7 count has dropped by more than 10 points, to 8.5%, and the population of Windows 8.x holdouts has shrunk even further, to a minuscule 3.4%. (The onetime champion of PC operating systems, Windows XP, is now nearly invisible, with its device count adding up to a fraction of a rounding error.)