Ars Technica reports on what happened when researchers at the University of Guelph in Ontario, Canada, left laptops overnight at 12 computer repair shops — and then recovered logs after receiving their repairs: The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device....

The amount of snooping may actually have been higher than recorded in the study, which was conducted from October to December 2021. In all, the researchers took the laptops to 16 shops in the greater Ontario region. Logs on devices from two of those visits weren't recoverable. Two of the repairs were performed on the spot and in the customer's presence, so the technician had no opportunity to surreptitiously view personal data. In three cases, Windows Quick Access or Recently Accessed Files had been deleted in what the researchers suspect was an attempt by the snooping technician to cover their tracks....

The vast majority of repair shops provide no privacy policy and those that do have no means of enforcing them. Even worse, repair technicians required a customer to surrender their login password even when it wasn't necessary for the repair needed. These findings came from a separate part of the study, in which the researchers brought an Asus UX330U laptop into 11 shops for a battery replacement. This repair doesn't require a technician to log in to the machine, since the removal of the back of the device and access to the device BIOS (for checking battery health) is all that's needed. Despite this, all but one of the repair service providers asked for the credentials to the device OS anyway.

When the customer asked if they could get the repair without providing the password, three refused to take the device without it, four agreed to take it but warned they wouldn't be able to verify their work or be responsible for it, one asked the customer to remove the password, and one said they would reset the device if it was required.

Frederick P. Brooks Jr., whose innovative work in computer design and software engineering helped shape the field of computer science, died on Thursday at his home in Chapel Hill, N.C. He was 91. His death was confirmed by his son, Roger, who said Dr. Brooks had been in declining health since having a stroke two years ago. The New York Times reports: Dr. Brooks had a wide-ranging career that included creating the computer science department at the University of North Carolina and leading influential research in computer graphics and virtual reality. But he is best known for being one of the technical leaders of IBM's 360 computer project in the 1960s. At a time when smaller rivals like Burroughs, Univac and NCR were making inroads, it was a hugely ambitious undertaking. Fortune magazine, in an article with the headline "IBM's $5,000,000,000 Gamble," described it as a "bet the company" venture.

Until the 360, each model of computer had its own bespoke hardware design. That required engineers to overhaul their software programs to run on every new machine that was introduced. But IBM promised to eliminate that costly, repetitive labor with an approach championed by Dr. Brooks, a young engineering star at the company, and a few colleagues. In April 1964, IBM announced the 360 as a family of six compatible computers. Programs written for one 360 model could run on the others, without the need to rewrite software, as customers moved from smaller to larger computers. The shared design across several machines was described in a paper, written by Dr. Brooks and his colleagues Gene Amdahl and Gerrit Blaauw, titled "Architecture of the IBM System/360." "That was a breakthrough in computer architecture that Fred Brooks led," Richard Sites, a computer designer who studied under Dr. Brooks, said in an interview.

But there was a problem. The software needed to deliver on the IBM promise of compatibility across machines and the capability to run multiple programs at once was not ready, as it proved to be a far more daunting challenge than anticipated. Operating system software is often described as the command and control system of a computer. The OS/360 was a forerunner of Microsoft's Windows, Apple's iOS and Google's Android. At the time IBM made the 360 announcement, Dr. Brooks was just 33 and headed for academia. He had agreed to return to North Carolina, where he grew up, and start a computer science department at Chapel Hill. But Thomas Watson Jr., the president of IBM, asked him to stay on for another year to tackle the company's software troubles. Dr. Brooks agreed, and eventually the OS/360 problems were sorted out. The 360 project turned out to be an enormous success, cementing the company's dominance of the computer market into the 1980s. "Fred Brooks was a brilliant scientist who changed computing," Arvind Krishna, IBM's chief executive and himself a computer scientist, said in a statement. "We are indebted to him for his pioneering contributions to the industry."

Dr. Brooks published a book in 1975 titled, "The Mythical Man-Month: Essays on Software Engineering." It was "a quirky classic, selling briskly year after year and routinely cited as gospel by computer scientists," reports the Times.

Frederick Brooks, the famed computer architect who discovered the software tar pit and designed OS/360, died Thursday. He also debunked the concept of the Mythical Man-Month in his book, writing: "Adding manpower to software project that is behind schedule delays it even longer."

A true icon, who won the Turing Award in 2000, Brooks was one of the great thinkers in computing. Industry tributes are pouring in the celebration of his contribution and life.

Further reading: His interview with Grady Booch for Computer History Museum [PDF].

Thursday the Kudelski Group's cybersecurity division released "a tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes."

"Each volume is encrypted with a different secret key, scrambled across the empty space of an underlying existing storage medium, and indistinguishable from random noise when not decrypted." Even if the presence of the Shufflecake software itself cannot be hidden — and hence the presence of secret volumes is suspected — the number of volumes is also hidden. This allows a user to create a hierarchy of plausible deniability, where "most hidden" secret volumes are buried under "less hidden" decoy volumes, whose passwords can be surrendered under pressure. In other words, a user can plausibly "lie" to a coercive adversary about the existence of hidden data, by providing a password that unlocks "decoy" data.

Every volume can be managed independently as a virtual block device, i.e. partitioned, formatted with any filesystem of choice, and mounted and dismounted like a normal disc. The whole system is very fast, with only a minor slowdown in I/O throughput compared to a bare LUKS-encrypted disk, and with negligible waste of memory and disc space.

You can consider Shufflecake a "spiritual successor" of tools such as Truecrypt and Veracrypt, but vastly improved. First of all, it works natively on Linux, it supports any filesystem of choice, and can manage up to 15 nested volumes per device, so to make deniability of the existence of these partitions really plausible.
"The reason why this is important versus "simple" disc encryption is best illustrated in the famous XKCD comic 538," quips Slashdot reader Gaglia (in the original submission. But the big announcement from Kudelski Security Research calls it "a tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes.

"Shufflecake is FLOSS (Free/Libre, Open Source Software). Source code in C is available and released under the GNU General Public License v3.0 or superior.... The current release is still a non-production-ready prototype, so we advise against using it for really sensitive operations. However, we believe that future work will sensibly improve both security and performance, hopefully offering a really useful tool to people who live in constant danger of being interrogated with coercive methods to reveal sensitive information.

More than two dozen Lenovo notebook models are vulnerable to malicious hacks that disable the UEFI secure-boot process and then run unsigned UEFI apps or load bootloaders that permanently backdoor a device, researchers warned on Wednesday. From a report: At the same time that researchers from security firm ESET disclosed the vulnerabilities, the notebook maker released security updates for 25 models, including ThinkPads, Yoga Slims, and IdeaPads. Vulnerabilities that undermine the UEFI secure boot can be serious because they make it possible for attackers to install malicious firmware that survives multiple operating system reinstallations.

Short for Unified Extensible Firmware Interface, UEFI is the software that bridges a computer's device firmware with its operating system. As the first piece of code to run when virtually any modern machine is turned on, it's the first link in the security chain. Because the UEFI resides in a flash chip on the motherboard, infections are difficult to detect and remove. Typical measures such as wiping the hard drive and reinstalling the OS have no meaningful impact because the UEFI infection will simply reinfect the computer afterward. ESET said the vulnerabilities -- tracked as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432 -- "allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS." Secure boot uses databases to allow and deny mechanisms. The DBX database, in particular, stores cryptographic hashes of denied keys. Disabling or restoring default values in the databases makes it possible for an attacker to remove restrictions that would normally be in place.

Linux magazine explores how to breath fresh life into old Android devices: Every mobile device needs its own Android build because of numerous drivers that are not available in the source code. The need to maintain every version of Android for every mobile device means that many manufacturers eventually stop supporting updates. Often, smartphones or tablets that still work perfectly can no longer be used without worry because the manufacturer has simply ceased to offer bug fixes and security updates....

The LineageOS project, the successor to the CyanogenMod project, which was discontinued in 2016, proves that it is not impossible to keep these devices up-to-date. Unpaid volunteers at LineageOS do the work that many manufacturers do not want to do: They combine current Android releases with the required device-specific drivers.

The LineageOS project (Figure 1) provides Android systems with a fresh patch status every month for around 300 devices. The builds are released weekly, unless there is a problem during the build. The Devices page on the LineageOS Wiki provides the details of whether a LineageOS build is available for your smartphone or tablet....

I recommend the LineageOS project as the first port of call for anyone who wants to protect an older smartphone or tablet that is no longer maintained and doesn't receive Google security patches. The LineageOS derivatives LineageOS for MicroG and /e/OS make it even easier to enjoy a Google-free smartphone without too many restrictions.
The article also describes how to use TWRP to flash a manufacturer-independent recovery system (while also creating a restoreable backup of the existing system) as an alternative to LineageOS's own recovery tools.

And it even explains how to unlock the bootloader — although there may be other locks set up separately by the manufacturer. "Some manufacturers require you to register the device to unlock it, and then — after telling you that the warranty is now void — they hand over a code. Others refuse to unlock the device altogether."

Thanks to Slashdot reader DevNull127 for submitting the article.

Much of the Windows world has yet to adopt Microsoft's latest desktop operating system more than a year after it launched, according to figures for October collated by Statcounter. From a report: Just 15.44 percent of PCs across the globe have installed Windows 11, meaning it gained 1.83 percentage points in a month. This compares to the 71.29 percent running Windows 10, which fell marginally from 71.88 percent in September. Windows 7 is still hanging on with a tenuous grip, in third place with 9.61 percent, Windows 8.1 in fourth with 2.45 percent, plain old Windows 8 with 0.69 percent, and bless its heart, Windows XP with 0.39 percent because of your extended family. In total, Windows has almost 76 percent of the global desktop OS market followed by OS X with 15.7 percent and Linux with 2.6 percent. Android comprised 42.37 percent of total operating system market share, with Windows trailing on 30.11 percent, iOS on 17.6 percent, OS X on 6.24 percent, and Linux on 1.04 percent.

Slashdot reader Soul_Predator writes: Vanilla OS is Ubuntu on stock GNOME, with on-demand immutability and package selection freedom. It is currently a beta project, with a stable release planned for the next month.
"The first-time setup process is a breeze to experience," writes It's FOSS News, applauding how it lets uses choose and enable Flatpak/Snap/AppImage.

Overall, a package manager that installs applications utilizing a container, getting the ability to choose your package managers, on-demand immutability, and vanilla GNOME make it seem like a good deal to keep an eye on... I'd say it is a project that I believe a lot of users will appreciate.

You can download the ISO by joining its Discord channel for now. The ISO is not yet publicly available to all. Take a look at its documentation if you are curious. However, as per the roadmap, they plan to have a release candidate soon enough.

Nearly six years after the Pebble smartwatch was purchased by Fitbit and discontinued, a new Pebble app for Android has been released by the Rebble Alliance, a group that has kept Pebble viable for its users since Fitbit shut down Pebble's servers in mid-2018," writes Ars Technica's Kevin Purdy. "Pebble version 4.4.3 makes the app 64-bit so it can work on the mostly 64-bit Pixel 7 and similar Android phones into the future. It also restores a caller ID function that was hampered on recent Android versions." From the report: Most notably, the app is "signed using the official Pebble keys," with Google Fit integration maintained, but isn't available through Google's Play Store. Google acquired Fitbit for $2.1 billion, making it the steward of Pebble's remaining IP and software pieces. Katharine Berry, a key Rebble coder and leader, works on Wear OS at Google and was one of the first to tweet news of the new update, "four years after 4.4.2." That was the last Play Store update to the Pebble app from Pebble developers, one that freed up many of the app's functions to be replaced by independent servers.

That's exactly where Rebble picked up, providing web services to Pebble watches, including (for paying subscribers) voice dictation. But those services still relied on the core Pebble app to connect the watch and smartphone. If Android did make the leap to a 64-bit-only OS, it could have left Pebble/Rebble users in the lurch. Berry's post on r/pebble offers "thanks to Google for providing us with one last update!" This is, to be sure, not the typical outcome of products that have been acquired by Google, even if second-hand.

According to Protocol, Amazon and Google have struck a deal in recent months that allows Fire TV models to be produced by Android TV partners. From the report: As a result of that deal, Amazon has been able to work with a number of consumer electronics companies -- including not only TCL, but also Xiaomi and Hisense -- to vastly expand the number of available smart TVs running Fire TV OS. All of these companies were previously barred from doing so under licensing terms imposed by Google. The agreement may also alleviate some of the pressure Google has been feeling as regulators around the world have investigated its Android platform. However, some experts are skeptical a singular deal will address the overarching concerns with Google's operation and licensing of Android to third parties.

The deal between Amazon and Google resolves a yearslong dispute over licensing restrictions Google imposes on hardware manufacturers that make Android-based phones, TVs, and other devices. In order to gain access to Google's officially sanctioned version of Android as well as the company's popular apps like Google Maps and YouTube, manufacturers have to sign a confidential document known as the Android Compatibility Commitment. The ACC prevents manufacturers from also making devices based on forked versions of Android not compatible with Google's guidelines. The ACC, which was previously known as the Anti-Fragmentation Agreement, had long been an open secret in industry circles. Its full impact on the smart TV space became public when Protocol reported terms of the agreement in March of 2020 and outlined how the policy effectively barred companies like TCL from making smart TVs running any forked version of Android, including Amazon's Fire TV OS.

Google has been justifying these policies by pointing to the harmful consequences of Android fragmentation, positing that the rules assured developers and consumers that apps would run across all Android-based devices. However, the crux of Google's requirements is that they apply across device categories. By making a Fire TV-based smart TV, TCL would have effectively risked losing access to Google's Android for its smartphone business -- a risk the company, and many of its competitors that develop both smartphones and TVs, weren't willing to take. At the time, both Google and Amazon declined to comment on the dispute. However, Amazon was a lot more forthcoming when it talked to Indian regulators for a wide-ranging probe into Google's Android policies. "Given the breadth of the anti-fragmentation obligations, Amazon has also experienced significant difficulties in finding [original equipment manufacturer] partners to manufacture smart TVs running its Fire OS," the company's Indian subsidiary told regulators in a submission that was included in last week's report. Amazon told regulators that "at least seven" manufacturers had told the company they weren't able to make Fire TV-based smart TVs because of Google's restrictions.

"In several cases, the OEM has indicated that it cannot work with Amazon despite a professed desire to do so in connection with smart TVs," Amazon said in its submission. "In others, the OEM has tried and failed to obtain 'permission' from Google."

An anonymous reader shares a report: Last week, the Competition Commission of India published a damning report, alleging that Google was preventing major TV manufacturers from adopting Amazon's Fire TV operating system. This Thursday, Amazon announced that TCL, one of the manufacturers at the center of the dispute, is releasing two TV sets running its Fire TV software in Europe this fall. The unveiling of the two TV models is the direct result of a deal Google and Amazon struck in recent months, Protocol has learned from a source close to one of the parties involved in the agreement. As a result of that deal, Amazon has been able to work with a number of consumer electronics companies -- including not only TCL, but also Xiaomi and Hisense -- to vastly expand the number of available smart TVs running Fire TV OS. All of these companies were previously barred from doing so under licensing terms imposed by Google.

An anonymous reader shares a report: Microsoft is still struggling to learn what exactly it takes to be a successful Android manufactuer. The company's first self-branded Android phones, the dual-screened Surface Duo and Surface Duo 2, have tried to resurrect Microsoft's mobile ambitions after the death of Windows Phone. They leave a lot to be desired, though, and the first version went through some embarrassing fire sales. An ongoing knock against the devices has also been Microsoft's very slow OS updates. Unlike, say, Windows and Windows Update, Google's expensive and labor-intensive Android update process puts the responsibility for updates on the hardware seller, and a big part of being a good Android OEM is how quickly you can navigate this complicated process. Microsoft is proving to not be good at this.

This week, Microsoft announced the Surface Duo and Surface Duo 2 are finally getting Android 12L, an OS update that came out in March. That puts that company at a more than seven-month update time, which is worst-in-class for a flagship device, especially for one costing the $1,499 Microsoft is charging for the Duo 2. The company took a prolonged 14 months to ship Android 11 to the Surface Duo, so at least it's improving!

Starting with macOS Ventura, released this week, the built-in Preview app on Mac no longer supports PostScript (.ps) and Encapsulated PostScript (.eps) files, according to a new Apple support document. MacRumors reports: Preview can still be used to open these files on macOS Monterey and earlier. Apple did not provide a reason for the change. Apple recommends using other third-party Mac apps that can view or convert PostScript files. It also remains possible to print .ps and .eps files by dragging them into a Mac's printer queue [...].

Developed by Adobe in the 1980s, the .ps and .eps file formats were once widely used for desktop publishing/printing purposes. PostScript was the basis of rendering on the NeXT operating system, and was mostly replaced by the PDF format in Mac OS X.

An anonymous reader quotes a report from Ars Technica: Generically, passkeys refer to various schemes for storing authenticating information in hardware, a concept that has existed for more than a decade. What's different now is that Microsoft, Apple, Google, and a consortium of other companies have unified around a single passkey standard shepherded by the FIDO Alliance. Not only are passkeys easier for most people to use than passwords; they are also completely resistant to credential phishing, credential stuffing, and similar account takeover attacks.

On Monday, PayPal said US-based users would soon have the option of logging in using FIDO-based passkeys, joining Kayak, eBay, Best Buy, CardPointers, and WordPress as online services that will offer the password alternative. In recent months, Microsoft, Apple, and Google have all updated their operating systems and apps to enable passkeys. Passkey support is still spotty. Passkeys stored on iOS or macOS will work on Windows, for instance, but the reverse isn't yet available. In the coming months, all of that should be ironed out, though.

Passkeys work almost identically to the FIDO authenticators that allow us to use our phones, laptops, computers, and Yubico or Feitian security keys for multi-factor authentication. Just like the FIDO authenticators stored on these MFA devices, passkeys are invisible and integrate with Face ID, Windows Hello, or other biometric readers offered by device makers. There's no way to retrieve the cryptographic secrets stored in the authenticators short of physically dismantling the device or subjecting it to a jailbreak or rooting attack. Even if an adversary was able to extract the cryptographic secret, they still would have to supply the fingerprint, facial scan, or -- in the absence of biometric capabilities -- the PIN that's associated with the token. What's more, hardware tokens use FIDO's Cross-Device Authentication flow, or CTAP, which relies on Bluetooth Low Energy to verify the authenticating device is in close physical proximity to the device trying to log in. "Users no longer need to enroll each device for each service, which has long been the case for FIDO (and for any public key cryptography)," said Andrew Shikiar, FIDO's executive director and chief marketing officer. "By enabling the private key to be securely synced across an OS cloud, the user needs to only enroll once for a service, and then is essentially pre-enrolled for that service on all of their other devices. This brings better usability for the end-user and -- very significantly -- allows the service provider to start retiring passwords as a means of account recovery and re-enrollment."

In other words: "Passkeys just trade WebAuthn cryptographic keys with the website directly," says Ars Review Editor Ron Amadeo. "There's no need for a human to tell a password manager to generate, store, and recall a secret -- that will all happen automatically, with way better secrets than what the old text box supported, and with uniqueness enforced."

If you're eager to give passkeys a try, you can use this demo site created by security company Hanko.

It's a major Apple update day, as the company is rolling out new versions of its iPhone, iPad and Mac operating systems. While iPhone users at large have already had a taste of iOS 16, this will be the first time that most folks will get their hands on iPadOS 16 and macOS Ventura. From a report: Apple delayed the release of iPadOS 16 amid reports suggesting it needed more time to polish up the Stage Manager multitasking feature (which we felt was unrefined in an early iPadOS 16 beta). In fact, Apple said it was skipping a public release of iPadOS 16 and going straight to version 16.1 -- just in time for the company's latest iPad Pro and entry-level iPad shipping this week.

The latest version of the iPad operating system will include many of the same updates as iOS 16, including significant changes to Mail, Safari, Messages and other key apps. There are more collaboration-centric features, while the Weather and Clock apps are finally coming to iPad. External display support for Stage Manager will arrive within the next couple of months. Also later this year, Apple will release a collaborative productivity iPad app called Freeform. It seems like a souped-up whiteboard where users can sketch out ideas with Apple Pencil. The company says you'll be able to attach just about any kind of file to the canvas, including images, videos, audio, PDFs, documents and URLs, and preview the content inline.

A leaker has claimed that Apple is working on a version of macOS exclusive for the M2 iPad Pro, with it expected at some point in 2023. Apple Insider reports: Leaker Majin Bu's sources have shared that Apple is working on a "smaller" version of macOS exclusively for the M2 iPad Pro. It is said to be codenamed Mendocino and will be released as macOS 14 in 2023. Testing is being done with a 25% larger macOS UI so it is suitable for touch. However, apps run on the product would still be iPad-optimized versions, not macOS ones.

It isn't clear why Apple would move the iPad to a macOS interface in a half-step like this. Those clamoring for macOS on iPad do so for the software more than the interface. [...] The other possible explanation is this wasn't macOS at all. Apple could be working to bring iPadOS even closer to macOS by adding a Menu Bar and other Mac-like interactions. It already introduced a Mac windowing feature in iPadOS 16 called Stage Manager, this could be the next iteration. Majin Bu also suggests that the exclusivity to M2 iPad Pro could be a marketing push. If the feature is only available on that iPad, more people would buy it.

An anonymous reader quotes a report from BetaNews: Slack developer Felix Rieseberg released Windows 95 as an Electron app four years ago, updating it shortly afterwards to allow it to run gaming classics like Doom. Now he rolls out a new version which can run on any Windows, Mac or Linux system. Based on the Electron framework, Rieseberg's Windows 95 is written entirely in JavaScript, so it doesn't run as smoothly as it would if it was a native app, but you shouldn't let that put you off.

This is the second update of the year, which brings it up to version 3.1.1 and includes two important changes:

- Upgraded from Electron v18 to Electron v21 (and with it, Chrome and Node.js)
- Upgraded v86 (sound is back!)

The earlier update (in June) brought the software up to 3.0.0 and introduced the following changes:

- Upgraded from Electron v11 Electron v18 (and with it, Chrome and Node.js)
- Upgraded v86 (now using WASM)
- Upgraded various smaller dependencies
- Much better scaling on all platforms
- On Windows, the link to OSFMount was broken and is now fixed.
- On Windows, you can now see a prettier installation animation.
- On Windows, windows95 will have a proper icon in the Programs & Features menu. You can download the latest version of the Windows 95 app for Windows, macOS, and Linux at their respective links.

Longtime Slashdot reader lazyeye writes: The 53rd release of OpenBSD, version 7.2, has officially been released. Support for new platforms such as the Ampere Altra, Apple M2 chip, and support for Lenovo ThinkPad x13s and other machines using the Qualcomm Snapdragon 8cx Gen 3 (SC8280XP) SoC are now included, along with various kernel improvements. The announcement with all the details are available at the link [here] from the openbsd-announce mailing list.

A new report from The Information details more changes Google CEO Sundar Pichai's budget cuts are having across the company, with some divisions surviving and others getting ominous resource cuts. From a report: First, we have news that the hardware division, other than losing laptops, seems mostly safe. Google's biggest Android partner, Samsung, is in decline in many established markets, and Apple is hitting an all-time high in US market share last quarter. The report says Google views Apple as more of a problem than it has in the past, thanks to worries that regulators might shut down the usual multi-billion-dollar Google/Apple agreement to put Google Search on iPhones. If iPhones stop showing Google ads, the rise of Apple and fall of Samsung is one of the few things that could actually be a major problem for Google's revenue.

According to the report, Google views itself as the solution to this problem. As a hedge against what the report calls the "further decline" of Samsung, Google is "doubling down" on its investment in Pixel hardware. Google is apparently doing this by "moving product development and software engineering staff working on features for non-Google hardware to work on Google-branded devices." The goal here is to not spend more money, so Google is apparently sacrificing partner devices to focus on the Pixel division. So what projects are seeing cuts? Google TV is one, with the report saying: "Executives also have discussed moving some product managers working on Google TV software for television sets" to Wear OS and the Pixel Tablet. This is the only OS called out as specifically receiving less OS development. A lot of this report seems to focus on cuts to Google Assistant's support for specific form factors, which is strange since Google Assistant is more or less the same on every platform. The whole point of the Assistant is one reliable, predictable voice assistant that lives everywhere, and it's not clear what platform-specific support needs to be done other than whipping up an app that can receive audio and read back results.

Last Friday, Google announced the release of KataOS, a security-minded operating system focused on embedded devices running ambient machine learning workloads. As Phoronix notes, it uses the Rust programming language and is "built atop the seL4 microkernel as its foundatin." From Google's Open-Source Blog: As the foundation for this new operating system, we chose seL4 as the microkernel because it puts security front and center; it is mathematically proven secure, with guaranteed confidentiality, integrity, and availability. Through the seL4 CAmkES framework, we're also able to provide statically-defined and analyzable system components. KataOS provides a verifiably-secure platform that protects the user's privacy because it is logically impossible for applications to breach the kernel's hardware security protections and the system components are verifiably secure. KataOS is also implemented almost entirely in Rust, which provides a strong starting point for software security, since it eliminates entire classes of bugs, such as off-by-one errors and buffer overflows.

The current GitHub release includes most of the KataOS core pieces, including the frameworks we use for Rust (such as the sel4-sys crate, which provides seL4 syscall APIs), an alternate rootserver written in Rust (needed for dynamic system-wide memory management), and the kernel modifications to seL4 that can reclaim the memory used by the rootserver. KataOS code is being worked on via GitHub under the AmbiML umbrella.