Bram Molenaar, the original author, maintainer, release manager, and benevolent dictator for life of vim has passed away today. His family announced his passing through a message using Molenaar’s account. :q
Pixel Binary Transparency responds to a new wave of attacks targeting the software supply chain—that is, attacks on software while in transit to users. These attacks are on the rise in recent years, likely in part because of the enormous impact they can have. In recent years, tens of thousands of software users from Fortune 500 companies to branches of the US government have been affected by supply chain attacks that targeted the systems that create software to install a backdoor into the code, allowing attackers to access and steal customer data. One way Google protects against these types of attacks is by auditing Pixel phone firmware (also called “factory images”) before release, during which the software is thoroughly checked for backdoors. Upon boot, Android Verified Boot runs a check on your device to be sure that it’s still running the audited code that was officially released by Google. Pixel Binary Transparency now expands on that function, allowing you to personally confirm that the image running on your device is the official factory image—meaning that attackers haven’t inserted themselves somewhere in the source code, build process, or release aspects of the software supply chain. Additionally, this means that even if a signing key were compromised, binary transparency would flag the unofficially signed images, deterring attackers by making their compromises more detectable. I’m sure thus greatly benefits the six people who have a Pixel phone.
Google resisted pleas to extend the lifetime of Chromebooks set to expire as of this June and throughout the summer. Thirteen Chromebook models have met their death date since June 1 and won’t receive security updates or new features from Google anymore. But that hasn’t stopped the Chromebooks from being listed for sale on sites like Amazon for the same prices as before. Take the Asus Chromebook Flip C302. It came out in 2018, and on June 1—about five years later—it reached its automatic update expiration (AUE) date. But right now, you can buy a “new,” unused Flip C302 for $550 from Amazon or $820 via Walmart’s Marketplace (providing links for illustrative purposes; please don’t buy these unsupported laptops). That’s just one of eight Chromebooks that expired since June while still being readily available on Amazon. The listings don’t notify shoppers that the devices won’t receive updates from Google. Completely and utterly unacceptable. Not only should these Chromebooks be supported for much longer than just a measly five years, they obviously should not be sold as new past their expiration date. I hope mandated long software/update support timelines are next on the European Union’s consumer protection shopping list, because the way these megacorporations treat the hardware they sell is absurd.
Arm is facing down its biggest competition ever, with the up-and-coming RISC-V architecture threatening to unseat it as the CPU at the center of almost every portable device. Now, one of Arm’s biggest customers is trying out RISC-V, as Qualcomm is getting involved in a joint venture dedicated to the architecture. The joint venture doesn’t have a name yet, but Qualcomm, NXP, Nordic Semiconductor, Bosch, and memory giant Infineon are all teaming up to form a new company that Qualcomm’s press release says is “aimed at advancing the adoption of RISC-V globally by enabling next-generation hardware development.” At first, the group will be focused on automotive uses, with an “eventual expansion” to IoT and mobile, Qualcomm’s biggest market. Statements of intent are easily written, so let’s hope this is more than a fart in the wind.
While casually looking for updates in the Microsoft Store, I noticed a new update for Cortana after a long time. But, instead of improving things, the latest update caused the app to stop working on Windows 11. This shouldn’t surprise anyone, considering that Microsoft’s assistant hasn’t received a single feature update in the past two years Microsoft has finally killed Cortana on Windows 11 – its Windows Phone-era assistant that debuted on desktop with Windows 10. Cortana app was the tech giant’s response to Siri in 2014, and Microsoft published a series of advertisements targeting Apple’s powerful assistant. Did anyone even use this feature? It always felt like an awful “me too!” feature trying to be edgy.
A chrultrabook is a modified Chromebook designed to run Windows, Linux, or even macOS by utilizing MrChromebox coreboot firmware. The purpose of this site is to provide comprehensive and user-friendly documentation on hardware, firmware, and operating systems. This is a cool project to make it easy to run Windows, regular desktop Linux, or even macOS on your Chromebook. Excellent documentation, too.
Supporting the open web requires saying no to WEI, and having Google say no as well. It’s not a good policy. It’s not a good idea. It’s a terrible idea that takes Google that much further down the enshittification curve. Even if you can think of good reasons to try to set up such a system, there is way too much danger that comes along with it, undermining the very principles of the open web. It’s no surprise, of course, that Google would do this, but that doesn’t mean the internet-loving public should let them get away with it. Fin.
Microsoft has accidentally leaked its internal “StagingTool” app that is used by employees to enable secret unreleased Windows 11 features. The software giant typically tests experimental or hidden Windows 11 features in public builds of the operating system, but Windows enthusiasts have until now had to rely on third-party tools to get access to secret features that Microsoft hasn’t yet enabled for all testers. StagingTool is a command line app that lets you toggle feature IDs that enable certain unreleased parts of Windows 11. It’s particularly useful for when Microsoft uses A/B testing for features, where only a small subset of Windows Insiders will get access to a feature before Microsoft rolls it out more broadly to testers. Useful, but similar third-party tools already exist, such as ViVe.
About Chromebooks reports: After covering Google’s effort to separate the Chrome browser from ChromeOS for over two years, it appears more of you will get to experience it. The project is called Lacros, and it uses the Linux browser for ChromeOS instead of the integrated browser. The idea is that browser updates can be pushed quicker to Chromebooks instead of waiting for a full ChromeOS update. Based on recent code changes I spotted, ChromeOS 116 may bring the Lacros browser to more Chromebooks with a wider release. This seems like a no-brainer move, and may help improve the version of Chrome running on Linux.
Have you ever wanted to do more with your phone, like setting up a Webserver or a Node.js server and running a web app directly on your phone? Or doing some coding on the go? Yes, I have too. With Termux, you can run a full Linux Desktop on your Android device, and here’s how. Even without resorting to a full X desktop, Termux is oretty great. I’m not really a terminal user, so for me it’s just for the novelty of it all, but it certainly seems to work very well on my Galaxy S21.
Microsoft Edge has slowly crept its way up as one of the more popular web browsers people use every day, especially on Windows 11. In 2022, it even overtook Safari as the second-most-popular browser in the world behind Chrome (although it has since dropped back to third). Despite running on Chromium, the same engine as Chrome, it has a lot of features even Chrome lacks, like collections and shopping features that can help you save money. And, of course, there’s the recent rise of Bing Chat. There’s a reason why I use it every day on some of the best laptops I review, And even with all this popularity, it still feels like Microsoft is trying too hard with Edge. The company has gotten way too aggressive with its web browser recently, and it’s very concerning to see this behavior. Microsoft really wants you to try the browser no matter what, so it puts it in so many areas of Windows 11. The concept of my operating system “pushing” anything on me, as is the norm on Windows and macOS, is entirely foreign to me these days. Fedora or Linux Mint aren’t advertising their services in the settings application, or pushing their browser through pop-ups or by secretly changing the default browset setting, or whatever other sleazeball tactics Microsoft and Apple are up to these days. I don’t understand how people put up with that nonsense.
Windows has some pretty amazing backwards compatibility. In many cases, you can run ancient 32-bit Win32 applications just fine on your current system. However, there’s one issue: If you ever tried to run a 16-bit application from the Windows 3.x days, any 64-bit Windows version (starting from Windows XP) will refuse to run the application with an error message indicating that you should ask the vendor for a compatible version. On the other hand, the modern 32-bit versions of Windows run these applications just fine. Thanks to two amazing open-source projects, you can bring back 16-bit compatibility to the 64-bit Windows era. This one’s from 2022, but apparently, I never mentioned it here on OSNews.
Speaking of fun little tools: Paginator is a desktop pager for EWMH-compliant X11 window managers. Paginator provides a graphical interface displaying the current configuration of all desktops, allowing the user to change the current desktop or the current active window with the mouse. Exactly what it says on the tin, and adds some usability to the desktop pager concept to something like Window Maker.
You know neofetch, the little tool that shows you some nicely formatted system information in your terminal? Even though I find Archey 4 vastly superior, neofetch is still cool and often serves as an inspiration for people to create similar fun tools for other platforms. In this case – DOS, through dosfetch. That’s really all there’s to it – it’s just a fun little toy for a classic operating system.
Originally conceived as an alternative firmware for the TS100, this firmware has evolved into a complex soldering iron control firmware. The firmware implements all of the standard features of a ‘smart’ soldering iron, with lots of little extras and tweaks. I highly recommend reading the installation guide fully when installing on your iron. And after install just explore the settings menu. An alternative operating system for your soldering iron. Good times.
UBPorts has released the second update for the Ubuntu Touch version based on Focal Fossa. In this new version, the System Settings application has been improved in various places, the physical camera button now works (on devices that have one, I presume), and a whole load of bugs have been fixed. Device support has also improved, with the F(x)tec Pro1 X, Fairphone 3, and Vollaphone X23 now being supported by the Focal releases.
Overall, the Authority found the commitments proposed by Google to be adequate to address the competition concerns. The group, in fact, presented a package of three commitments, two of which envisage supplementary solutions to Takeout – the service Google makes available to end users for backing up their data – to facilitate the export of data to third-party operators. The third commitment offers the possibility to start testing, prior to its official release, a new solution – currently under development – that will allow direct data portability from service to service, for third-party operators authorised by end users who so request, in relation to data provided by the users themselves or generated through their activity on Google’s online search engine and YouTube platform. The Italian competition authority has effectively forced Google to improve its Google Takeout tool, making it easier for users to not only take out their data, but also to migrate it to other services without having to manually export and import. If, in the near future, wherever you may live, you discover it’s become easier to move away from Google services, tank this case (and many others). This case is based on the GDPR, the Europan Union privacy law corporatists (and Facebook advocates) want you to equate to cookie popups, to scare you into thinking privacy laws – any laws, really – that target big companies are scary, ineffective, and out to hurt you. However, almost all of the cookie popups you see today are universally not in compliance with the GDPR, and are not mandated by the GDPR at all. The best way for a website or company to avoid cookie popups (even compliant ones), is to… Not share user data with third parties. Whenever you see a cookie popup (even a compliant one) don’t blame the EU or the GDPR – blame the website or company for shipping your data off to some ad provider or analytics service. Stop and think about why your data is being shared with third parties. And yes, that includes us, this website, OSNews.
If you’ve ever heard someone refer to a TV remote as a “clicker,” it’s because of Robert Adler’s 1956 creation. The elegant Star Trek-esque gadget pioneered a durable, clicky action for controlling gadgets and a simplicity of form that has since been naively abandoned. When Zenith first started experimenting with wireless remote controls, it used beams of light that the television could receive to communicate a command, eventually debuting the Flash-Matic in 1955. It only took a year in the market for this idea to be abandoned due to its sensitivity to full-spectrum light from the sun and lightbulbs. So Zenith’s engineers tried an even simpler approach that didn’t require batteries at all, using sound instead of light. This is from well before my time – and I have no idea if devices like this even ever made it to The Netherlands, where I’m originally from – but this is such a cool solution to the technical problem they were facing. I had no idea early remote controls were sound-based.
Alpine Linux remains one of the most popular lightweight Linux distributions built atop musl libc and Busybox. Alpine Linux has found significant use within containers and the embedded space while now sadly the most prolific maintainer of packages for the Linux distribution has decided to step down from her roles. Alice “psykose” who is easily responsible for the highest number of commits per author over the past year has decided to step down from maintaining her packages. This could be a massive hit to Alpine Linux. This distribution is definitely quite popular in its niche, and it always has way better package support than you’d expect from a small distribution like this. I wish Alice all the best, though, and hope for the project itself that the workload can be spread out among other maintainers.
One of the interesting and odd thing Google does is roast itself (and others) over security issues. In this year’s Year in Review of 0-days exploited in-the-wild, Google took particular aim at the Android ecosystem for being so bad at getting patches on users’ devices that Android doesn’t even need 0-days to be exploited in the first place. These gaps between upstream vendors and downstream manufacturers allow n-days – vulnerabilities that are publicly known – to function as 0-days because no patch is readily available to the user and their only defense is to stop using the device. While these gaps exist in most upstream/downstream relationships, they are more prevalent and longer in Android. This is a great case for attackers. Attackers can use the known n-day bug, but have it operationally function as a 0-day since it will work on all affected devices. The Android update problems are not just limited to devices not receiving updates to new major Android versions – it also extends to the monthly Android security patches that somehow need to make it to users’ devices. My Galaxy S21 has been getting these updates consistently, sometimes even before Pixel devices get them, but many, many devices never get these at all, or only sporadically. The Android update problem is by far the biggest problem in the Android ecosystem, and despite Google and OEMs promising to do better every year, we’re still far, far from where we should be.
