Weekly Tech Insights: Issue 17
Welcome to issue 17 of the Weekly Tech Insights report. Feel free to subscribe below, it is free and takes less than a minute.
Table of Contents
News
Windows
Linux / FreeBSD
Mobile
Browser
Privacy and Security
Software Updates
Gaming
Other
Articles
Password managers are great, but their defaults may be lacking
Whether you like it or not, AI is coming to Search Engines
Software review of the Week
Winget-AutoUpdate
Links
News
Windows
Microsoft is testing ReFS support in development builds of Windows 11. It looks as if the file system will be officially supported in future releases of the operating system.
Windows 11 virtual machine images for development now include Windows 11 version 22H2. They expire automatically on April 12, 2023 and are provided as VMWare, Hyper-V, VirtualBox and Parallels images.
Windows 11 users who want to test the updated Notepad app may follow Ashwin’s guide to do so. Notepad features tabs then on stable versions of Windows 11.
Linux / FreeBSD
Wine 8.0, an open source application to run Windows apps on Linux, is now available. The release features full PE support, which “is an important milestone on the road to supporting various features such as copy protection, 32-bit applications on 64-bit hosts, Windows debuggers, x86 applications on ARM, etc”. The full release notes are available here.
Mobile
Browser
Microsoft is testing a new Split Screen feature in development editions of Microsoft Edge. It allows Edge users to display two websites or pages side-by-side in a single tab in Microsoft’s web browser.
Edge users who want to give it a try need to load edge://flags/#edge-split-screen in the browser’s address bar and set the experiment to Enabled. A new Split icon is added to the toolbar after the restart of the browser.
Speaking of Microsoft Edge, there is an increase in user complaints regarding the creation of shortcuts on the desktop of Windows systems. You can check out my guide on disabling the policy, so that no new shortcuts are created by the browser.
Google released an update for its Chrome Stable web browser that addresses six security issues. The issues do not appear to be exploited in the wild currently, but it is still recommended to update as soon as possible.
Phoronix ran several browser benchmarks on Ubuntu Linux in Firefox and Chrome. The conclusion was that Chrome was “holding strong on Linux on the performance department”.
Firefox users who want to remove the new unified extensions button find instructions to do so here.
Privacy and Security
There is still fallout from last year’s LastPass leak. GoTo, of which LastPass is an affiliate, just updated information on its website regarding the breach.
According to the published information, the threat actor did manage to exfiltrate “encrypted backups from a third-party cloud storage service” related to the company’s products Central, Pro, join.me, Hamachi, and RemotelyAnywhere.
If that would not be bad enough, GoTo revealed that the threat actor managed to obtain an encryption key “for a portion of the encrypted backups”. The information that is in the backups may include “account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information” according to the update.
Bitwarden, maker of the password management solution of the same name, acquired Passwordless.dev this week to strengthen its position in the passwordless authentication field.
The startup company, founded in 2020, created an API framework to minimize “complexities for developers seeking to build passkeys and FIDO2 WebAuthn features such as Face ID, fingerprint, and Windows Hello” according to Bitwarden.
Privacy Tests updated its web browser privacy test this week. It checks hundreds of parameters and reveals how good, or bad, browsers protect users against certain privacy leaks or attacks. The open source test is developed by a Brave employee, which should be kept in mind.
Wladimir Palant published an analysis of Bitwarden’s server-side iterations this week. He concluded that the iterations count was too low in the past and that the recently improved number of iterations on the server-side, 350,000, is still below the recommendation of 600,000 iterations by OWASP. The new count is also only available for new accounts, but not old accounts.
CheckPoint published a brand phishing report for the fourth quarter of 2022. The top 5 phishing brands of the quarter, according to the company, are Yahoo, DHL, Microsoft, Google and Linkedin.
Technology is getting better and better at detecting people using WiFi.
Researchers at Carnegie Mellon University developed a method for detecting the three dimensional shape and movements of human bodies in a room, using only WiFi routers.
Software Updates
WinRAR 6.20 is the first major release of the popular compression software. It features several improvements and a few bug fixes. Notable are performance and repair improvements under certain conditions.
RSS Guard, an open source RSS reader, fetches RSS feed updates much faster in the latest 4.3.0 version thanks to parallelization support.
Gaming
Other
Twitter updated its developer terms recently to ban third-party apps and clients effectively.
Microsoft and OpenAI announced an extension of partnership.
DeepL Write is a new tool by DeepL, best known for its translation service, that aims to improve writing. It is available as a beta release currently that supports German and English only.
Interesting video by Alessandro Castellani, Thunderbird product design manager, about the future of Thunderbird and the challenges the team faced and is still facing.
Articles
Password managers are great, but their defaults may be lacking
When it comes to staying secure and sane online, many computer users rely on password managers for their accounts. Password managers require just a single password or other form of authentication, e.g., with a hardware device. They may be used to generate and store an unlimited number of passwords, and are considered essential by most security experts.
The two main types of password managers differ in data storage for the most part. Local password managers store the encrypted password database on the local device. Cloud-based password managers put the database file in the cloud. The latter makes it easier to access a single database file from any device, the former is better protected when server infrastructure of the company that is hosting the file is attacked.
LastPass suffered such a breach recently, and the fallout meant that users had to change account passwords and their master passwords as a preemptive protective measure.
Most password managers support a wide range of security features, settings and options. Default configurations may not be ideal from a security point of view, as developers may favor usability at times over security benefits.
A recent article on PC World highlights one setting that may fall be affected by this. Passwords may be copied to the Clipboard of the operating system; this is an essential feature, as the automatic filling out of password fields may not be supported by all sites and apps.
The workflow has the user copy the password to the clipboard and then paste it into the sign-in field in the app or on the site.
Some password managers clear the Clipboard automatically after a certain amount of time, others do not. PC World argues that this may be a security issue, as other apps or users may access the information.
KeePass, which is my favorite password manager, clears the Clipboard after 12 seconds. Bitwarden, Keeper, NordPass and may some other password managers do not. An option to expire passwords copied to the clipboard is supported, however. Users find the option in the application’s settings. Bitwarden, for example, calls it clear clipboard under options.
There may be other settings that sacrifice security for usability. Password managers may not lock themselves after inactivity or may use weak defaults in the password generator.
It is a good idea to go through the settings of the password manager to make sure that it is configured correctly. Yes, usability may suffer a bit,
Whether you like it or not, AI is coming to Search Engines
The public release of ChatGPT has started an AI craze that has taken the online world by storm. ChatGPT, for those unaware is a language model that has been trained for dialogue specifically.
It works similarly to chatbots, but is not as limited to returning information based on certain keywords in requests.
Extensions popped up quickly that added ChatGPT responses to search engines, but this was just the beginning.
Microsoft announced plans to integrate AI into its Bing Search Engine and to invest into OpenAI, the company that created ChatGPT and related products.
Google, reportedly, consulted the company’s founders recently and it looks as if the company plans to test a chatbot like AI in search this year.
Brendan Eich, CEO of Brave Software Inc, revealed this week that AI is coming to Brave Search soon. It will provide summaries with sources at the top of the results on Brave Search.
There is also Neeva Search, which introduced AI into the company’s search engine this week.
AI is an umbrella term that is used for technology that learns on its own. Machine learning, natural language processing, neural networks or deep learning technologies fall into this category.
Integration of a language model offers certain advantages but also risks. Advantages may include:
Provide answers directly in the search results.
A deeper understanding of the user’s request and improved results as a consequence.
A response that uses one or multiple sources.
So, the main idea is that the response quality improves through the use of AI.
There may also be disadvantages:
Learning needs to be ongoing to include new information and content. ChatGPT, for example, does not know anything about 2022 and beyond as learning ended in 2021.
Information are not necessarily accurate or correct, and there is often no verification.
Google, as the world leader in search and advertising, is under more scrutiny than a startup or even Microsoft with its Bing search engine.
2023 is the year of AI in search. Whether Google or Microsoft will indeed add AI components permanently to search, or limit the components to certain fields, to better control the outputs, is open for debate.
What is clear is that Internet users will find more and more AI components added to search and other products on the Internet, and maybe also locally on their devices.
Software review of the Week
Winget-AutoUpdate is a helper application for winget. Winget is a useful command line utility that may be used to install, uninstall and update software on Windows.
What makes it quite interesting is the ability to use it to check most installed programs for updates and run these updates.
The operation is manual, and Winget-AutoUpdate changes that. It notifies the users about updates on a daily basis to install them. The app features a blocklist to exclude apps or use an allowlist exclusively to monitor specific apps for updates only.
The open source application may be useful for some users. While I would not recommend using it to monitor all installed apps, it can be useful in keeping certain apps up to date.