Tech News Weekly: Issue 41
Security updates, an overhauled Thunderbird, sneaky Reddit access using RSS and more
News
Operating Systems
Microsoft released security updates for Windows 10 and 11, as well as Windows Server products and other company products on the July 2023 Patch Day. All client and server versions of Windows are affected by at least 5 critical vulnerabilities and dozens of vulnerabilities rated important.
There is only one new issue, and it is not totally new, as it has plagued users some time ago. Microsoft fixed it the last time. The issue affects Windows 11 version 22H2 only, and there only installations that have been made using custom offline media or custom ISO images. The legacy Edge may not be replaced by the Chromium Edge in that case.
The release version of Windows 11 will run out of support in October 2023. Admins who have not updated yet to Windows 11 version 22H2 may want to do so in the coming months to stay supported.
Fedora announced plans to introduce Telemetry in 2024’s Fedora 40 workstation release. The team responsible plans to “enable limited data collection of anonymous Fedora Workstation usage metrics”.
Mobile
Meta’s Threads application has had a great start. It crossed the 70 million user mark in record time, thanks to its Instagram account support that makes signups a matter of tapping on a button.
The Wired has analyzed the privacy policies of Threads, Twitter, Mastadon and some other social services. There are not many surprises: Threads is data hungry and integrated in Meta’s vast network of services.
Privacy concerns have delayed the launch in Europe according to a QZ story.
In case you still want to try it, here is a guide for installing Threads from Europe.
Microsoft implemented a rather strange new feature on Edge for Android. It scans pages for downloadable files, may list them to the user to start downloads with another tap. It is currently only available in development versions of Edge.
It works with PDF files but ignores other popular file types. Apart from the possibility that it is abused by malicious actors to get their malware on user devices, it is also lacking context as only the filenames are listed. This is problematic if the file names do not reveal information about the actual content.
Browser
Mozilla released Firefox 115.0.2 to patch a moderately rated security issues, 2 crashes on Windows, and several non-security issues.
Microsoft has begun privately testing Microsoft Edge for Business. This version of Edge is available for managed devices only at the time and Microsoft highlights the following distinguishing features that may be tested already:
Visually distinct work browser (Natively built-in rich enterprise controls for secure data access and leak prevention powered by Azure AD with refreshed visual treatment)
Enterprise personal browser (to access non-work sites and services without compromising Enterprise safety)
Automatic switching to switch between work and personal browsing using dedicated windows.
Company branding.
Unmanaged BYOPC.
Privacy and Security
Security researchers have discovered malware in more than 100 signed and unsigned Windows drivers. The drivers were certified by Microsoft’s Windows Hardware Developer Program and some date back to April 2021 according to the research.
Microsoft closed the developer accounts and has put the drivers on a blocklist. New versions of Windows Defender as well as the Windows Driver.STL revocation list protect systems from these drivers. The latter requires installing recent Windows updates.
Let’s Encrypt announced an upcoming change to its chain of trust. When the service launched years ago, it had to ensure that its certificates were trusted. To ensure that, it had its intermediate certificates cross-signed by IdenTrust’s DST Root CA X3, which was widely trusted.
Let’s Encrypt became widely trusted over the years, but it had to arrange another cross-sign in late 2021, mostly because of older Android devices. To avoid breakage of websites that used Let’s Encrypt certificates, another cross-sign was arranged.
This cross-sign is running out on September 2024. Devices with Android 7.0 or earlier may run into opening issues at that point if a website uses Let’s Encrypt. Some browsers, including Firefox Mobile, use their own certificate store, and will work without issues because of that.
Two malicious Google Android apps were discovered recently that were distributed via Google’s Play Store. The apps were installed on a minimum of 1.5 million Android devices before detection.
Android users should check if File Recovery & Data Recovery (com.spot.music.filedatecom.spot.music.filedate) or File Manager (com.file.box.master.gkd) are installed on their devices. If they are, they should be removed immediately.
Software Releases and Updates
Thunderbird 115 has been released. It is a major release that features a redesigned interface and many visible and under the hood changes. Automatic updates are not enabled at this point, which means that updates are only available manually by downloading the latest version.
My favorite feature so far is the new Unified Inbox folder, which merges all connected email accounts into a single folder.
Most users may want to wait upgrading to Thunderbird 115. In any event, it is advised to create a backup before upgrading.
Gaming and Entertainment
Popular YouTube third-party app Newpipe is no longer listed on Google due to a DCMA notice. You can still access the site directly by loading https://newpipe.net/. The team is considering taking legal action against the takedown notice.
Other
Article(s)
Geddit for Android restores Reddit access using RSS feeds
Reddit made changes recently that eliminated the majority of third-party applications. While that is not that much of a problem for users who use web browsers to access Reddit, it is a major issue for many users on mobile.
The official Reddit app is terrible and Reddit is pushing users who use mobile browsers towards its application.
Geddit is a simple Android application that restores access, at least to public content on the site. It uses Reddit’s undocumented RSS feed support for that. Public subreddits, users and even domains all have RSS feed support to stay up to date.
Geddit uses RSS and displays the data in its interface. It features a search that includes posts, communities and users, and also an option to subscribe to subreddits, the latter did not work properly on a test machine.
Geddit’s first version was released yesterday and some bugs are to be expected. The first version offers the following set of features:
Support for different post types
Post/User/Subreddit search
Post sharing
Following subreddits
Downloading photos to app gallery
Best/Hot/New/Top/Rising/Controversial sorting
NSFW support
Endless scrolling
So, if you are interested, you may download the latest APK file from the GitHub repository and install it on your Android device.
Mobile users who use RSS Feed readers on their devices may also subscribe to feeds directly by adding .rss to the end of URLS on Reddit. The RSS feed of the subreddit https://www.reddit.com/r/MicrosoftEdge/ is https://www.reddit.com/r/MicrosoftEdge/.rss.
Geddit relies on RSS feed functionality. Reddit could go ahead and turn that off as well in its next user-unfriendly move to gain full control over its platform. For now, RSS works and is a good option to use Reddit on mobile without having to touch the official app.
I tried Android games on PC, so you don’t have to
Google Play Games is available as a Beta for Windows 10 and 11 devices. It allows you to play select Android games on Windows devices. The software does not use the Windows Subsystem for Android, but Google’s own implementation instead.
Playing Android games on Windows may not sound too bad on first glance. Games may be controlled with mouse and keyboard and gameplay may take place on a bigger screen.
As far as system requirements are concerned, Google lists Windows 10 or higher, an Intel UHD Graphics 630 video card or better, 8 Gigabytes of RAM, hardware virtualization and a Windows admin account as the minimum requirements. The feature is available in over 100 regions currently.
Once installed, you need to sign-in to a Google account to start playing games. You will notice immediately that the selection of games is limited. The selection of games includes a good mix of different genres, from the arcade games 1945 Airforce and Bricks Breaker Quest to Genshin Impact, Fallout Shelter or several boardgames.
Each game highlights its rating from the Google Play Store and user comments may be read.
All games are optimized for PC play and most do contain advertisement. Selecting a game for installation and then playing takes just a few clicks with the mouse. Games open in their own window on the screen and you may use mouse and/or keyboard to control them. Controllers do not seem to be supported at this stage.
Controls may be a bit clunky in certain games as you use the mouse to make selections in games but the keyboard, e.g., the arrow keys, for movement in at least some of the games.
There are usually no configuration options, e.g., to remap keys, and only some games offer a few options to change graphics settings.
The experience is not too bad, especially if you don’t like gaming on the smaller Android touchscreens and prefer using a mouse and keyboard. The games are comparable to high-end Flash games and some independent games, not to high-end PC or console games.
Still, I can see some Windows users taking a liking to some of these games. They install quickly, usually in less than 30 seconds, and start immediately. The interface is well designed and there are not any ads to see there. It is beta, and Google being an advertising company, there is a good chance that ads will eventually be displayed to users in the Google Play Games application.
Gameplay may feel weird at times, especially in games where you play with the keyboard only and use the mouse to make selections, but even this is not too bad in most cases.
Downside is that many of them include ads or incentives to watch ads, e.g., to gain ingame currency or time, which many PC games may not like much. There is also the question of privacy, and some usability considerations.
Games may collect user information, users are signed-in to their Google account, which means that Google is also collecting information, and since there are ads, this too relies on information gathered.
Reviews could be more useful if Google would allow Windows gamers to leave them and to filter by these reviews. The reviews by Android users may not apply to the Windows version, especially if they touch on subjects such as touch controls or crashes.
In closing, it is clear that Google launched Google Play Games Beta with a handpicked selection of optimized games to highlight some of the best games on Android. It is move that makes a lot of sense, even though some users may be disappointed that their favorite games are not available yet.
Links
87% MISSING: THE DISAPPEARANCE OF CLASSIC VIDEO GAMES
'Forever chemicals' could be in nearly half of U.S. tap water, a federal study finds
TeleSign secretly profiles half of the world’s mobile phone users