Libreboot is a distribution of coreboot "aimed at replacing the proprietary BIOS firmware contained by most computers."

So then what exactly is GNU Boot? Its home page explains... In November 2022, Libreboot began to include non-libre code. We have made repeated efforts to continue collaboration with those developers to help their version of Libreboot remain libre, but that was not successful. Now we've stepped forward to stand up for freedom, ours and that of the wider community, by maintaining our own version — a genuinely libre Libreboot, that after some hurdles gave birth to this project: GNU Boot.
But today, Phoronix writes: While priding itself on being "100% free", last December [GNU Boot] had to drop some motherboard support and CPU code after discovering they were shipping some files that are non-free by their free software standards. Today they announced another mistake in having inadvertently been shipping additional non-free code.

GNU Boot discovered an issue with non-free code affecting not only them but also some of the Linux distributions that pride themselves on being fully free software / 100% open-source. This latest snafu they say is "more problematic" than their prior non-free code discover due to impacting the free software Linux distributions too. The issue at hand though comes down to test data contained within the archive and that containing non-free code in the form of microcode, BIOS bits, and Intel Management Engine firmware.
"We also contacted Replicant..." according to the announcement, "a free Android distro that also ships vboot source code." And in addition, "We had to re-release all the affected tarballs." (Which at this point is three release candidates...)

"Google is developing a Linux terminal app for Android," reports the blog Android Authority. "The Terminal app can be enabled via developer options and will install Debian in a virtual machine.

"This app is likely intended for Chromebooks but might also be available for mobile devices, too." While there are ways to run some Linux apps on Android devices, all of those methods have some limitations and aren't officially supported by Google. Fortunately, though, Google is finally working on an official way to run Linux apps on Android... This Terminal app is part of the Android Virtualization Framework (AVF) and contains a WebView that connects to a Linux virtual machine via a local IP address, allowing you to run Linux commands from the Android host...

A set of patches under the tag "ferrochrome-dev-option" was recently submitted to the Android Open Source Project that adds a new developer option called Linux terminal under Settings > System > Developer options. This new option will enable a "Linux terminal app that runs inside the VM," according to its proposed description. Toggling this option enables the Terminal app that's bundled with AVF...

Google is still working on improving the Terminal app as well as AVF before shipping this feature... What's particularly interesting about the patch that adds these settings is that it was tested on "tangorpro" and "komodo," the codenames for the Pixel Tablet and Pixel 9 Pro XL respectively. This suggests that the Terminal app won't be limited to Chromebooks like the new desktop versions of Chrome for Android.

Microsoft will offer direct game purchases through its Xbox app for Android starting November, following a U.S. court ruling against Google's app store monopoly. The move allows Microsoft to circumvent Google's revenue cut on in-app purchases and signals renewed focus on mobile gaming, bolstered by its recent $75.4 billion Activision Blizzard acquisition.

In a new 32-page filing (PDF), the Department of Justice indicated that it was considering a possible breakup of Google as an antitrust remedy for its search and advertising monopoly. The remedies necessary to "prevent and restrain monopoly maintenance could include contract requirements and prohibitions; non-discrimination product requirements; data and interoperability requirements; and structural requirements," the department said in the filing. CNBC reports: The DOJ also said it was "considering behavioral and structural remedies that would prevent Google from using products such as Chrome, Play, and Android to advantage Google search and Google search-related products and features -- including emerging search access points and features, such as artificial intelligence -- over rivals or new entrants."

Additionally, the DOJ suggested limiting or prohibiting default agreements and "other revenue-sharing arrangements related to search and search-related products." That would include Google's search position agreements with Apple's iPhone and Samsung devices -- deals that cost the company billions of dollars a year in payouts. The agency suggested one way to do this is requiring a "choice screen," which could allow users to pick from other search engines. Such remedies would end "Google's control of distribution today" and ensure "Google cannot control the distribution of tomorrow."

A U.S. federal judge has mandated significant changes to Google's Android app store operations. Judge James Donato's ruling in Epic v. Google requires Google to allow rival app stores within its Play Store and grant them access to its app catalog for three years, beginning November 2024.

The order prohibits Google from requiring its payment system for Play Store apps and permits developers to inform users about alternative payment methods. Google is also barred from offering incentives for app launch exclusivity or sharing app revenue with potential app store competitors. The ruling restricts Google from providing financial perks to device makers and carriers for Play Store exclusivity.

Google is developing a version of Chrome for Android that supports browser extensions, a feature long absent from mobile versions, AndroidAuthority reports. The report adds: Specifically, the company is experimenting with "desktop" builds of Chrome for Android. These "desktop" builds are currently intended for Chromebooks as they transition to use more parts of Android, but there's hope the work will benefit mobile devices, too.

An anonymous reader shared this post from the blog It's FOSS It has been more than two years since K-9 Mail (an open-source email client for Android) joined the Mozilla Thunderbird project. Instead of making a new mobile app from scratch, Mozilla decided to convert K-9 Mail slowly into the new Thunderbird Android app.

While we have known about it for some time now, we finally have something to test: Thunderbird for Android (Beta). Mozilla is looking for users to test it and plans a stable release at the end of October. The new Thunderbird app is now available on the Play Store as a beta version for user testing. So, we are closer to the stable launch than ever before.
The article includes a few screenshots of the app...

"For the functionality side, you can expect things like light/dark theme, email signature, unified inbox, ability to enable/disable contact pictures, threaded view, and opt out of data usage collection for privacy..."

An anonymous reader shared this report from Engadget: Three new theft protection features that Google announced earlier this year have reportedly started rolling out on Android. The tools — Theft Detection Lock, Offline Device Lock and Remote Lock — are aimed at giving users a way to quickly lock down their devices if they've been swiped, so thieves can't access any sensitive information. Android reporter Mishaal Rahman shared on social media that the first two tools had popped up on a Xiaomi 14T Pro, and said some Pixel users have started seeing Remote Lock.

Theft Detection Lock is triggered by the literal act of snatching. The company said in May that the feature "uses Google AI to sense if someone snatches your phone from your hand and tries to run, bike or drive away." In such a scenario, it'll lock the phone's screen.
The Android reporter summarized the other two locking features in a post on Reddit:

• Remote Lock "lets you remotely lock your phone using just your phone number in case you can't sign into Find My Device using your Google account password."

• Offline Device Lock "automatically locks your screen if a thief tries to keep your phone disconnected from the Internet for an extended period of time."

"All three features entered beta in August, starting in Brazil. Google told me the final versions of these features would more widely roll out this year, and it seems the features have begun expanding."

"Pig Butchering Alert: Fraudulent Trading App targeted iOS and Android users."

That's the title of a new report released this week by cybersecurity company Group-IB revealing the official Apple App Store and Google Play store offered apps that were actually one part of a larger fraud campaign. "To complete the scam, the victim is asked to fund their account... After a few seemingly successful trades, the victim is persuaded to invest more and more money. The account balance appears to grow rapidly. However, when the victim attempts to withdraw funds, they are unable to do so."

Forbes reports: Group-IB determined that the frauds would begin with a period of social engineering reconnaissance and entrapment, during which the trust of the potential victim was gained through either a dating app, social media app or even a cold call. The attackers spent weeks on each target. Only when this "fattening up" process had reached a certain point would the fraudsters make their next move: recommending they download the trading app from the official App Store concerned.

When it comes to the iOS app, which is the one that the report focussed on, Group-IB researchers said that the app remained on the App Store for several weeks before being removed, at which point the fraudsters switched to phishing websites to distribute both iOS and Android apps. The use of official app stores, albeit only fleetingly as Apple and Google removed the fake apps in due course, bestowed a sense of authenticity to the operation as people put trust in both the Apple and Google ecosystems to protect them from potentially dangerous apps.
"The use of web-based applications further conceals the malicious activity," according to the researchers, "and makes detection more difficult." [A]fter the download is complete, the application cannot be launched immediately. The victim is then instructed by the cybercriminals to manually trust the Enterprise developer profile. Once this step is completed, the fraudulent application becomes operational... Once a user registers with the fraudulent application, they are tricked into completing several steps. First, they are asked to upload identification documents, such as an ID card or passport. Next, the user is asked to provide personal information, followed by job-related details...

The first discovered application, distributed through the Apple App Store, functions as a downloader, merely retrieving and displaying a web-app URL. In contrast, the second application, downloaded from phishing websites, already contains the web-app within its assets. We believe this approach was deliberate, since the first app was available in the official store, and the cybercriminals likely sought to minimise the risk of detection. As previously noted, the app posed as a tool for mathematical formulas, and including personal trading accounts within an iOS app would have raised immediate suspicion.
The app (which only runs on mobile phones) first launches a fake activity with formulas and graphics, according to the researchers. "We assume that this condition must bypass Apple's checks before being published to the store. As we can see, this simple trick allows cybercriminals to upload their fraudulent application to the Apple Store." They argue their research "reinforces the need for continued review of app store submissions to prevent such scams from reaching unsuspecting victims". But it also highlights "the importance of vigilance and end-user education, even when dealing with seemingly trustworthy apps..."

"Our investigation began with an analysis of Android applications at the request of our client. The client reported that a user had been tricked into installing the application as part of a stock investment scam. During our research, we uncovered a list of similar fraudulent applications, one of which was available on the Google Play Store. These apps were designed to display stock-related news and articles, giving them a false sense of legitimacy."

"Can you believe that we've been demanding user freedom since 1985?" asks a new blog post at FSF.org: Today, we're celebrating our thirty-ninth anniversary, the "lace year," which represents the intertwined nature and strength of our relationship with the free software community. We wouldn't be here without you, and we are so grateful for everyone who has stood with us, advocating for a world where complete user freedom is the norm and not the exception.

As we celebrate our anniversary and reflect on the past thirty-nine years, we feel inspired by how far we've come, not only as a movement but as an organization, and the changes that we've gone through. While we inevitably have challenges ahead, we feel encouraged and eager to take them on knowing that you'll be right there with us, working for a free future for everyone. Here's to many more years of fighting for user freedom!
Their suggestions for celebrating include:

• Try a fully free distribution of GNU/Linux or help someone else give it a try

• Learn how to encrypt your emails and opt out of bulk surveillance

• Take a small step with big impact and swap out one nonfree program with one that's truly free

• If you have an Android phone, download F-Droid, which is a catalogue of hundreds of free software applications

• Wish us happy birthday on social media. [Which for the FSF is Mastodon, PeerTube, and GNU social.]

• Join a Free Software Directory (FSD) meeting, which we host every Friday from 16:00 to 19:00 UTC.

• Become an associate member or gift a membership to a friend

• Donate $39 to help support free software advocacy

• Print off stickers of our 39th birthday cake

• Change your desktop background to an early-2000s-cyberspace-inspired image of our former front desk. (And then switch out your browser theme to match your new desktop background.)

And to help with the celebrations they share a free video teaching the basics of SuperCollider (the free and open source audio synthesis/algorithmic composition software). The video appears on FramaTube, an instance of the decentralized (and ActivityPub-federated) Peertube video platform, supported by the French non-profit Framasoft and powered by WebTorrent, using peer-to-peer technology to reduce load on individual servers.

First announced in 2018, Samsung's "One UI" software is expanding to all the company's major tech products in 2025. 9to5Google reports: At its annual developer conference, Samsung announced that "One UI" is the new name for the company's software experiences across "major product lines." This specifically includes TVs and home appliances. Samsung says: "In addition, the company announced that it will integrate the software experience of its major product lines -- from mobile devices to TVs and home appliances -- under the name One UI next year. By providing a cohesive product experience and committing to software upgrades for up to seven years, Samsung will continue to bring innovation for its customers."

There's no word on how, if at all, this will affect software design or features, but the cohesive branding and the announcement mentioning that it will "integrate the software experience" implies we'll see similar designs across the company's portfolio, at least eventually. Samsung also announced that One UI 7, its next Android update, would be delayed to 2025 with a beta "before the end of the year" during the same keynote.

An anonymous reader quotes a report from 404 Media: Somewhere over the streets of San Francisco's Mission, a microphone sits surveilling ... for banger songs. Bop Spotter is a project by technologist Riley Walz in which he has hidden an Android phone in a box on a pole, rigged it to be solar powered, and has set it to record audio and periodically sends it to Shazam's API to determine which songs people are playing in public. Walz describes it as ShotSpotter, but for music. "This is culture surveillance. No one notices, no one consents. But it's not about catching criminals," Walz's website reads. "It's about catching vibes. A constant feed of what's popping off in real-time."

ShotSpotter, of course, is the microphone-based, "gunshot detection" surveillance company that cities around the country have spent millions of dollars on. ShotSpotter is often inaccurate, and sometimes detects things like fireworks or a car backfiring as gunshots. Chicago, one of ShotSpotter's biggest clients, is finally allowing its contract with the company to end. Bop Spotter, on the other hand, is designed to figure out what cool music people are blasting from their cars or as they walk down the street. "I am a chronic Shazam-er. Most songs I listen to come from first hearing them at a party, store, or on the street," Walz told 404 Media. "Years ago I had the thought that it'd be cool to Shazam 24/7 from a fixed location, and I recently learned about ShotSpotter, and thought it'd be amusing to do what they do with music instead of gunshots. Was a great weekend project."

Walz said that the phone itself is rigged to a solar panel, and that it records audio in 10-minute blocks while in airplane mode. "Then it connects to WiFi to send the file to my server, which then split it into 20-second chunks that get passed to Shazam's API. The device doesn't Shazam directly, that would use way too much power. Probably $100 of parts," he said. BopSpotter's website has a constant feed of songs it hears, as well as links to play the songs in Spotify or Apple Music. As I'm writing this, BopSpotter has picked up "Not Like Us" by Kendrick Lamar, "The Next Episode" by Dr. Dre, and "Never Gonna Give You Up" by Rick Astley (a Rick Roll already?) among dozens of songs in the last few hours. The site also has a constant feed of the device's power levels. So far in three days, it has detected 380 songs. "I thought the solar panel would be annoying but it provides 4 times more power than the phone needs," Walz said. "The hardest part was scoping out which pole to actually put it up on. I had to balance finding a busy location where lots of music could be picked up, with enough sunlight, and good connection to a public wifi network."

Walz didn't say where exactly the phone is located.

Nintendo has convinced Ryujinx's lead developer to shut down the project. According to The Verge, the Switch emulator's download page is empty and its GitHub is gone. The Verge reports: "Yesterday, gdkchan was contacted by Nintendo and offered an agreement to stop working on the project, remove the organization and all related assets he's in control of," writes developer and moderator ripinperiperi on Discord. "While awaiting confirmation on whether he would take this agreement, the organization has been removed, so I think it's safe to say what the outcome is." The rest of ripinperiperi's message is a eulogy for the project, including a pair of videos showing the Ryujinx team's progress on iOS and Android ports of the Nintendo Switch emulator, among other core changes -- ones that will now presumably never ship.

Nintendo would not confirm or deny to The Verge that it made a deal with the developer. Instead, Nintendo spokesperson Eddie Garcia mysteriously pointed me to the Entertainment Software Association's head of public affairs Aubrey Quinn -- who said she couldn't speak on behalf of Nintendo.

Ars Technica's Dan Goodin reports: Five years ago, researchers made a grim discovery -- a legitimate Android app in the Google Play market that was surreptitiously made malicious by a library the developers used to earn advertising revenue. With that, the app was infected with code that caused 100 million infected devices to connect to attacker-controlled servers and download secret payloads. Now, history is repeating itself. Researchers from the same Moscow, Russia-based security firm reported Monday that they found two new apps, downloaded from Play 11 million times, that were infected with the same malware family. The researchers, from Kaspersky, believe a malicious software developer kit for integrating advertising capabilities is once again responsible. [...]

The researchers found Necro in two Google Play apps. One was Wuta Camera, an app with 10 million downloads to date. Wuta Camera versions 6.3.2.148 through 6.3.6.148 contained the malicious SDK that infects apps. The app has since been updated to remove the malicious component. A separate app with roughly 1 million downloads -- known as Max Browser -- was also infected. That app is no longer available in Google Play. The researchers also found Necro infecting a variety of Android apps available in alternative marketplaces. Those apps typically billed themselves as modified versions of legitimate apps such as Spotify, Minecraft, WhatsApp, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. People who are concerned they may be infected by Necro should check their devices for the presence of indicators of compromise listed at the end of this writeup.

Microsoft has launched a new Windows app that serves as a hub for streaming Windows environments from services like Windows 365 and Azure Virtual Desktop. However, it's limited to Microsoft work and school accounts with "no signs that Microsoft plans to support consumer accounts," notes The Verge's Tom Warren. From the report: This new unified app has been in testing for nearly a year, and includes a customizable home screen, multi-monitor support, and USB redirection so you can use local devices like webcams, storage devices, and printers as if they were plugged directly into a cloud PC. This Windows app is limited to Microsoft work and school accounts, as it's primarily designed for existing users of Remote Desktop clients for Windows and other operating systems to move to. Microsoft has had similar apps for connecting to PCs remotely in Windows for decades, including the Remote Desktop Connection app that still ships as part of Windows 11. These apps, including the new Windows one, are useful for connecting to work PCs from a personal laptop or PC. The Windows app is available from the Microsoft Store and Apple App Store. An Android version enters public preview mode today.

Google is updating its Password Manager to allow users to sync passkeys across multiple devices, including Windows, macOS, Linux, and Android, with iOS and ChromeOS support coming soon. Engadget reports: Once saved, the passkey automatically syncs across other devices using Google Password Manager. The company says this data is end-to-end encrypted, so it'll be pretty tough for someone to go in and steal credentials. [...] Today's update also brings another layer of security to passkeys on Google Password Manager. The company has introduced a six-digit PIN that will be required when using passkeys on a new device. This would likely stop nefarious actors from logging into an account even if they've somehow gotten ahold of the digital credentials. Just don't leave the PIN number laying on a sheet of paper directly next to the computer.

Apple's VP of camera software engineering Jon McCormack has affirmed the company's commitment to traditional photography in an interview, contrasting with Google's "memories" approach for Pixel cameras. (A Google executive said last month of the AI usage in the pictures Pixel smartphone owners take: "What some of these edits do is help you create the moment that is the way you remember it, that's authentic to your memory and to the greater context, but maybe isn't authentic to a particular millisecond.") The Verge: I asked Apple's VP of camera software engineering Jon McCormack about Google's view that the Pixel camera now captures "memories" instead of photos, and he told me that Apple has a strong point of view about what a photograph is -- that it's something that actually happened. It was a long and thoughtful answer, so I'm just going to print the whole thing:

"Here's our view of what a photograph is. The way we like to think of it is that it's a personal celebration of something that really, actually happened.

"Whether that's a simple thing like a fancy cup of coffee that's got some cool design on it, all the way through to my kid's first steps, or my parents' last breath, It's something that really happened. It's something that is a marker in my life, and it's something that deserves to be celebrated.

"And that is why when we think about evolving in the camera, we also rooted it very heavily in tradition. Photography is not a new thing. It's been around for 198 years. People seem to like it. There's a lot to learn from that. There's a lot to rely on from that.

"Think about stylization, the first example of stylization that we can find is Roger Fenton in 1854 -- that's 170 years ago. It's a durable, long-term, lasting thing. We stand proudly on the shoulders of photographic history." Further reading: 'There is No Such Thing as a Real Picture,' Says Samsung Exec.

Google said in a blog post today it will begin labeling AI-generated and AI-edited image search results later this year. Digital Trends reports: The company will flag such content through the "About this image" window and it will be applied to Search, Google Lens, and Android's Circle to Search features. Google is also applying the technology to its ad services and is considering adding a similar flag to YouTube videos, but will "have more updates on that later in the year," per the announcement post.

Google will rely on Coalition for Content Provenance and Authenticity (C2PA) metadata to identify AI-generated images. That's an industry group Google joined as a steering committee member earlier in the year. This "C2PA metadata" will be used to track the image's provenance, identifying when and where an image was created, as well as the equipment and software used in its generation.

Apple today is rolling out iOS 18, introducing support for Rich Communications Services (RCS) to enhance messaging between iPhone and Android devices with features like typing indicators, read receipts, and higher resolution media. "However, there continues to be no end-to-end encryption (E2EE), with work towards that between Android and iOS continuing," notes 9to5Google. The feature will be enabled by default on iPhones with major U.S. carriers supported, but smaller MVNOs are not yet included.

Google's describes their new Gemini-powered foldable phone as "an epic display of Google AI" (also calling it "unfoldgettable").

The Android Authority blog says the phone is "impressive," "incredibly thin" — and, at $1,800, expensive.

But long-time Slashdot reader mprindle notes some complaints from the YouTube channel JerryRigEverything ("known for in-depth testing of phones and other devices".) The blog 9to5Google summarizes some of the video's findings: - When exposed to dirt and sand, we hear the hinge start grinding since there's no dust protection...

- A closed bend test reveals no problems for the Pixel 9 Pro Fold, but the issues arise when it's open and bent from the back. Despite the left/right back panels meeting and covering the spine of the hinge, "there doesn't appear to be a whole lot of resistance."
"Not sure why Google thought it was a good idea to put an antenna line right here at the weakest point in an already thin frame," the video notes (arguing it's "like putting an exhaust port in the Death Star...")

But they also tell their 8.8 million subscribers that "One cool thing that Google has done is that they've made every single part of this metal frame from recycled aluminum." And "Out of the box, I'm already a huge fan of how it looks," the video begins. "It feels amazing, and folds completely shut and appears like the hardware has finally caught up to the folding form factor to where it looks just natural."

One thing to note... "Moving to the inner display, I start to get the vibe that when Google says 'super durable', they mean 'regular durable', since the inner display is made from the same soft flexible plastic that we've seen on every folding phone so far, which scratches at level two. Even fingernails can leave very permanent marks on the center screen. This is absolutely normal for a folding phone, though, and really not too big of a deal if you take care it, making sure there are no bits of dust or dirt in the screen when you close it will go a long way to keeping things pristine, since there's not a lot of room between the two halves."

iFixit makes an interesting observation: "Over half of the phone's internal area is occupied by the lithium polymer battery cells!" (They've also created another teardown video available on YouTube.)

"There's no denying that the inner screens are delicate and prone to damage," according to an accompanying iFixit blog post, "and the mechanical nature of the hinge mechanism provides additional avenues for dust and liquid ingress that may eventually become a problem."

But it also applauds "the less obvious repairability wins, from repair guides and a detailed Bill of Materials to spare parts that are available without malicious restrictions... [T]he Pixel team has gone to great lengths to support your right to repair the device you paid for and own" — and from Day One. There's really only a single criticism I'd direct at the Pixel 9 Fold from my own disassembly experience: the battery removal tabs. These tabs simply do not work, with or without the application of heat. They are flimsy and break often, require a second pair of hands to secure the device, and they fail to cut through adhesive reliably. Whether they should even try to cut through adhesive is debatable. Stretch release adhesive might age and break over time but at least they give you a chance at removing the adhesive. Pull tabs don't even work when the adhesive is brand new, they literally have no redeeming qualities when compared to other battery release mechanisms. Even the more robust pull tabs Samsung uses in its phones work better than this, though they aren't necessarily the easiest to use either.

As for the device itself, it prompted one of my colleagues — an iPhone user since forever — to say "this is nice, I'd switch to Android for this"... Setting aside the downsides of owning a foldable smartphone, I am excited to see Google and the Pixel team devoting so much time and energy towards improving the overall repairability of the device. The effort is seen and appreciated by device owners and as a technician, I look forward to seeing how manufacturers will continue to innovate for repairability.
Slashdot reader mprindle reminds us that when it comes to waterproofing, the JerryRigEverything video "noted that the footnotes say the device is rated IP68 yet the Sim tray is rated at IPx8."