An anonymous reader quotes a report from Ars Technica: Meta continues to hit walls with its heavily scrutinized plan to comply with the European Union's strict online competition law, the Digital Markets Act (DMA), by offering Facebook and Instagram subscriptions as an alternative for privacy-inclined users who want to opt out of ad targeting. Today, the European Commission (EC) announced preliminary findings that Meta's so-called "pay or consent" or "pay or OK" model -- which gives users a choice to either pay for access to its platforms or give consent to collect user data to target ads -- is not compliant with the DMA. According to the EC, Meta's advertising model violates the DMA in two ways. First, it "does not allow users to opt for a service that uses less of their personal data but is otherwise equivalent to the 'personalized ads-based service." And second, it "does not allow users to exercise their right to freely consent to the combination of their personal data," the press release said.

Now, Meta will have a chance to review the EC's evidence and defend its policy, with today's findings kicking off a process that will take months. The EC's investigation is expected to conclude next March. Thierry Breton, the commissioner for the internal market, said in the press release that the preliminary findings represent "another important step" to ensure Meta's full compliance with the DMA. "The DMA is there to give back to the users the power to decide how their data is used and ensure innovative companies can compete on equal footing with tech giants on data access," Breton said. A Meta spokesperson told Ars that Meta plans to fight the findings -- which could trigger fines up to 10 percent of the company's worldwide turnover, as well as fines up to 20 percent for repeat infringement if Meta loses. The EC agreed that more talks were needed, writing in the press release, "the Commission continues its constructive engagement with Meta to identify a satisfactory path towards effective compliance." Meta continues to claim that its "subscription for no ads" model was "endorsed" by the highest court in Europe, the Court of Justice of the European Union (CJEU), last year.

"Subscription for no ads follows the direction of the highest court in Europe and complies with the DMA," Meta's spokesperson said. "We look forward to further constructive dialogue with the European Commission to bring this investigation to a close."

Meta rolled out its ad-free subscription service option last November. "Depending on where you purchase it will cost $10.5/month on the web or $13.75/month on iOS and Android," said the company in a blog post. "Regardless of where you purchase, the subscription will apply to all linked Facebook and Instagram accounts in a user's Accounts Center. As is the case for many online subscriptions, the iOS and Android pricing take into account the fees that Apple and Google charge through respective purchasing policies."

An anonymous reader quotes a report from TechCrunch: Butterflies is a social network where humans and AIs interact with each other through posts, comments and DMs. After five months in beta, the app is launching Tuesday to the public on iOS and Android. Anyone can create an AI persona, called a Butterfly, in minutes on the app. After that, the Butterfly automatically creates posts on the social network that other AIs and humans can then interact with. Each Butterfly has backstories, opinions and emotions.

Butterflies was founded by Vu Tran, a former engineering manager at Snap. Vu came up with the idea for Butterflies after seeing a lack of interesting AI products for consumers outside of generative AI chatbots. Although companies like Meta and Snap have introduced AI chatbots in their apps, they don't offer much functionality beyond text exchanges. Tran notes that he started Butterflies to bring more creativity to humans' relationships with AI. "With a lot of the generative AI stuff that's taking flight, what you're doing is talking to an AI through a text box, and there's really no substance around it," Vu told TechCrunch. "We thought, OK, what if we put the text box at the end and then try to build up more form and substance around the characters and AIs themselves?" Butterflies' concept goes beyond Character.AI, a popular a16z-backed chatbot startup that lets users chat with customizable AI companions. Butterflies wants to let users create AI personas that then take on their own lives and coexist with other. [...]

The app is free-to-use at launch, but Butterflies may experiment with a subscription model in the future, Vu says. Over time, Butterflies plans to offer opportunities for brands to leverage and interact with AIs. The app is mainly being used for entertainment purposes, but in the future, the startup sees Butterflies being used for things like discovery in a way that's similar to Instagram. Butterflies closed a $4.8 million seed round led by Coatue in November 2023. The funding round included participation from SV Angel and strategic angels, many of whom are former Snap product and engineering leaders. Vu says that Butterflies is one of the most wholesome ways to use and interact with AI. He notes that while the startup isn't claiming that it can help cure loneliness, he says it could help people connect with others, both AI and human.

"Growing up, I spent a lot of my time in online communities and talking to people in gaming forums," Vu said. "Looking back, I realized those people could just have been AIs, but I still built some meaningful connections. I think that there are people afraid of that and say, 'AI isn't real, go meet some real friends.' But I think it's a really privileged thing to say 'go out there and make some friends.' People might have social anxiety or find it hard to be in social situations."

Steven Vaughan-Nichols reports via ZDNet: While Linux and open-source software (OSS) are no longer constantly under intellectual property (IP) attacks, the Open Invention Network (OIN) patent consortium still stands guard over its patents. Now, OIN, the largest patent non-aggression community, has expanded its protection once again by updating its Linux System definition. Covering more than just Linux, the Linux System definition also protects adjacent open-source technologies. In the past, protection was expanded to Android, Kubernetes, and OpenStack. The OIN accomplishes this by providing a shared defensive patent pool of over 3 million patents from over 3,900 community members. OIN members include Amazon, Google, Microsoft, and essentially all Linux-based companies.

This latest update extends OIN's existing patent risk mitigation efforts to cloud-native computing and enterprise software. In the cloud computing realm, OIN has added patent coverage for projects such as Istio, Falco, Argo, Grafana, and Spire. For enterprise computing, packages such as Apache Atlas and Apache Solr -- used for data management and search at scale, respectively -- are now protected. The update also enhances patent protection for the Internet of Things (IoT), networking, and automotive technologies. OpenThread and packages such as agl-compositor and kukusa.val have been added to the Linux System definition. In the embedded systems space, OIN has supplemented its coverage of technologies like OpenEmbedded by adding the OpenAMP and Matter, the home IoT standard. OIN has included open hardware development tools such as Edalize, cocotb, Amaranth, and Migen, building upon its existing coverage of hardware design tools like Verilator and FuseSoc.

Keith Bergelt, OIN's CEO, emphasized the importance of this update, stating, "Linux and other open-source software projects continue to accelerate the pace of innovation across a growing number of industries. By design, periodic expansion of OIN's Linux System definition enables OIN to keep pace with OSS's growth." [...] Looking ahead, Bergelt said, "We made this conscious decision not to include AI. It's so dynamic. We wait until we see what AI programs have significant usage and adoption levels." This is how the OIN has always worked. The consortium takes its time to ensure it extends its protection to projects that will be around for the long haul. The OIN practices patent non-aggression in core Linux and adjacent open-source technologies by cross-licensing their Linux System patents to one another on a royalty-free basis. When OIN signees are attacked because of their patents, the OIN can spring into action.

Richard Speed reports via The Register: Privacy campaigner noyb has filed a GDPR complaint regarding Google's Privacy Sandbox, alleging that turning on a "Privacy Feature" in the Chrome browser resulted in unwanted tracking by the US megacorp. The Privacy Sandbox API was introduced in 2023 as part of Google's grand plan to eliminate third-party tracking cookies. Rather than relying on those cookies, website developers can call the API to display ads matched to a user's interests. In the announcement, Google's VP of the Privacy Sandbox initiative called it "a significant step on the path towards a fundamentally more private web."

However, according to noyb, the problem is that although Privacy Sandbox is advertised as an improvement over third-party tracking, that tracking doesn't go away. Instead, it is done within the browser by Google itself. To comply with the rules, Google needs informed consent from users, which is where issues start. Noyb wrote today: "Google's internal browser tracking was introduced to users via a pop-up that said 'turn on ad privacy feature' after opening the Chrome browser. In the European Union, users are given the choice to either 'Turn it on' or to say 'No thanks,' so to refuse consent." Users would be forgiven for thinking that 'turn on ad privacy feature' would protect them from tracking. However, what it actually does is turn on first-party tracking.

Max Schrems, honorary chairman of noyb, claimed: "Google has simply lied to its users. People thought they were agreeing to a privacy feature, but were tricked into accepting Google's first-party ad tracking. "Consent has to be informed, transparent, and fair to be legal. Google has done the exact opposite." Noyb noted that Google had argued "choosing to click on 'Turn it on' would indeed be considered consent to tracking under Article 6(1)(a) of the GDPR."

After announcing a shut down date in February, Google's "GPay" app has officially stopped working for users in the U.S. "Starting on June 4, GPay -- as was the name of the app on Android homescreens -- automatically signed US users out," reports 9to5Google. "Attempting to login again explains how: 'The Google Pay US app is no longer available. You can still tap to pay using the Google Wallet app.'" From the report: Additionally, Google no longer offers peer-to-peer payments in the US. You can use the Google Pay website to view and transfer your balance -- money you've received or rewards -- to a bank account after June. The focus is now on Google Wallet and digitizing everything in your physical wallet. There's no equivalent finance tracking functionality. Meanwhile, "Google Pay" still exists as the name for what you're actually using when making a physical or online purchase with your phone.

Apple has announced that its Messages app will support RCS in iOS 18. From a report: The new standard will replace SMS as the default communication protocol between Android and iOS devices. The move comes after years of taunting, cajoling, and finally, some regulatory scrutiny from the EU. Right now, when people on iOS and Android message each other, the service falls back to SMS -- photos and videos are sent at a lower quality, messages are shortened, and importantly, conversations are not end-to-end encrypted like they are in iMessage. Messages from Android phones show up as green bubbles in iMessage chats and chaos ensues.

When buying a new smartphone, it's important to consider the duration of software updates, as it impacts security and longevity. In a rare public commitment on Monday, thanks to the UK's new Product Security and Telecommunications Infrastructure (PSTI) regulations, Apple said it guarantees a minimum of five years of security updates for the iPhone 15 Pro Max. "In other words, the iPhone 15 is officially guaranteed to receive security updates until September 22, 2028," reports Android Authority. From the report: This, as VP of Engineering for Android Security & Privacy at Google Dave Kleidermacher points out, means that Apple is no longer offering the best security update policy in the industry. Both Samsung and Google guarantee seven years of not just security updates but also Android OS updates for their respective flagship devices, which is two years longer than what Apple guarantees.

To Apple's credit, though, it has long provided more than five years of security updates for its various iPhone devices. Some iPhones have received security updates six or more years after the initial release, which is far more support than the vast majority of Android devices receive. So, while Samsung and Google currently beat Apple in terms of how long they're guaranteeing software support, that doesn't mean iPhone users can't keep their phones for just as long, if not longer. They'll just need to hope Apple doesn't cut off support after the five-year minimum.

An anonymous reader shared a report: Amazon has agreed to acquire key assets of Indian video streaming service MX Player from the local media powerhouse Times Internet, the latest step by the e-commerce giant to make its services and brand popular in smaller cities and towns in the key overseas market.

[...] Times Internet acquired MX Player in 2018 for $140 million. The app, which originated in South Korea, gained immense popularity in India due to its unique local video playback feature. This functionality allows the app to support a wide range of video file formats, making it highly compatible with affordable Android smartphones that are prevalent in developing markets.

UPDATE 6/4/2024: Google has changed its repair policy in response to the controversial clause that was brought to light. Google says it will not keep phones sent in for repair and that it's changing the wording of its ToS agreement to reflect this. Here's a statement from a Google spokesperson: "If a customer sends their Pixel to Google for repair, we would not keep it regardless of whether it has non-OEM parts or not. In certain situations, we won't be able to complete a repair if there are safety concerns. In that case, we will either send it back to the customer or work with them to determine next steps. Customers are also free to seek the repair options that work best for them. We are updating our Terms and Conditions to clarify this."

An anonymous reader quotes a report from Android Authority: Like many other phone makers, Google has a self-repair program for servicing your damaged or malfunctioning Pixel device. As its support site explains, there are options to get repair tools, manuals, and certified parts so you can fix up your Pixel like new. Owners can also choose to simply send their device in to have it repaired professionally. As replacement parts can be expensive, some DIYers choose to use parts from third-party suppliers. But if you go down this route, you may want to avoid sending your device to Google if there's a problem you don't have the skills to fix on your own.

As YouTuber Louis Rossmann discovered, Google's service and repair terms and conditions contain a concerning stipulation. The document states that Google will keep your device if a non-OEM part is found. Apparently, this rule has been in effect since July 19, 2023, as marked on the page. Last week, iFixit said they are parting ways with Samsung because the company "does not seem interested in enabling repair at scale."

A separate report from 404 Media found that Samsung requires independent repair shops to give them the name, contact information, phone identifier, and customer complaint details of everyone who gets their phone repaired at these shops. "Stunningly, it also requires these nominally independent shops to 'immediately disassemble' any phones that customers have brought them that have been previously repaired with aftermarket or third-party parts and to 'immediately notify' Samsung that the customer has used third-party parts," reports 404 Media.

Mishaal Rahman, reporting for AndroidAuthority: Google just unveiled its latest Android Feature Drop earlier today, and it's one of the most exciting feature drops I can remember. The two features I'm most excited about are part of Play Services's new Cross-Device Services module, which brings some Apple Continuity-style magic to your Android devices. For example, the new Instant Hotspot feature lets you connect your Android tablet or Chromebook to your phone's hotspot with a single tap. Instant Hotspot works with phones running Android 11 or newer, with one notable exception: Samsung devices. According to Google, Instant Hotspot will not be available on any Samsung devices. [...] It's not clear exactly why Instant Hotspot isn't available on Samsung devices. The feature is part of Google Play Services, which is available on all Google-certified Android devices, including those from Samsung. It's likely that Samsung opted out of this particular feature, perhaps to encourage users to buy devices within their ecosystem.

Apple is seeking a senior engineer to help build a television and sports app for Android, a sign the company is finally bringing its TV+ service to the rival smartphone platform. From a report: In a job listing published in recent days, Apple said it's looking for someone to lead the development of "fun new features" and "help build an application used by millions to watch and discover TV and sports." The move suggests that the company is looking to gain market share in video streaming -- and is setting aside its rivalry with Android in order to chase additional users. It's rare for Apple to develop software for Google's Android, which competes with its iOS platform. The TV+ service, launched in 2019, is Apple's answer to Netflix or Disney+, and the company has spent heavily on feeding it with original content.

Google is introducing the Gemini AI chatbot to Chromebook Plus models, enhancing features like text rewriting, image editing, and hands-free control. Here are a few of the top new features coming to ChromeOS, as summarized by Wired: The first notable feature is Help Me Write, which works in any text box. Select text in any text box and right-click -- you'll see a box next to the standard right-click context menu. You can ask Google's AI to rewrite the selected text, rephrase it in a specific way, or change the tone. I tried to use it on a few sentences in this story but did not like any of the suggestions it gave me, so your mileage may vary. Or maybe I'm a better writer than Google's AI. Who knows?

Google's bringing the same generative AI wallpaper system you'll find in Android to ChromeOS. You can access this feature in ChromeOS's wallpaper settings and generate images based on specific parameters. Weirdly, you can create these when you're in a video-calling app too. You'll see a menu option next to the system tray whenever the microphone and video camera are being accessed -- tap on it and click "Create with AI" and you can generate an image for your video call's background. I'm not sure why I'd want a background of a "surreal bicycle made of flowers in pink and purple," but there you go. AI!

Here's something a little more useful: Magic Editor in Google Photos. Yep, the same feature that debuted in Google's Pixel 8 smartphones is now available on Chromebook Plus laptops. In the Google Photos app, you can press Edit on a photo and you'll see the option for Magic Editor. (You'll need to download more editing tools to get started.) This feature lets you erase unwanted objects in your photos, move a subject to another area of the frame, and fill in the backgrounds of photos. I successfully erased a paint can in the background of a photo of my dog, and it worked pretty quickly.

Then there's Gemini. It's available as a stand-alone app, and you can ask it to do pretty much anything. Write a cover letter, break down complex topics, ask for travel tips for a specific country. Just, you know, double-check the results and make sure there aren't any hallucinations. If you want to tap into Google's Gemini Advanced model, the company says it is offering 12 months free for new Chromebook Plus owners through the end of the year, so you have some time to redeem that offer. This is technically an upgrade from Google One, and it nets you Gemini for Workspace, 2 terabytes of storage, and a few other perks. New features coming to all Chromebooks include easy setup with Android phones via QR code for sharing Wi-Fi credentials, integration of Google Tasks into the system tray, a Game Dashboard for mapping controls and recording gameplay as GIFs, and a built-in screen recorder tool. Upcoming enhancements also include Hands-Free Control using face gestures, the Help Me Read feature with Gemini for summarizing websites and PDFs, and an Overview screen to manage open browser windows, tabs, and apps.

You can check if your Chromebook is compatible with the Chromebook Plus OS update here.

"The fact it's possible at all is a credit to the ingenuity of the open-source community," writes the blog OMG Ubuntu: Switchroot is an open-source project that allows Android and Linux-based distros like Ubuntu to run on the Nintendo Switch — absolutely not something Nintendo approves of much less supports, endorses, or encourages, etc! I covered the loophole that made this possible back in 2018. Back then the NVIDIA Tegra X1-powered Nintendo Switch was still new and Linux support for much of the console's internal hardware in a formative state (a polite way to say 'not everything worked'). But as the popularity of Nintendo's handheld console ballooned (to understate it) so the 'alternative OS' Switch scene grew, and before long Linux support for Switch hardware was in full bloom...

A number of Linux for Switchroot (L4S) distributions have since been released, designated as Linux for Tegra (L4T) builds. As these can boot from a microSD card it's even possible to dualboot the Switch OS with Linux, which is neat! Recently, a fresh set of L4T Ubuntu images were released based on the newest Ubuntu 24.04 LTS release. These builds work on all Switch versions, from the OG (exploit-friendly) unit through to newer, patched models (where a modchip is required)...

I'm told all of the Nintendo Switch internal hardware now works under Linux, including Wi-Fi, Bluetooth, sleep mode, accelerated graphics, the official dock... Everything, basically. And despite being a 7 year old ARM device the performance is said to remain decent.
"Upstream snafus have delayed the release of builds with GNOME Shell..."

It's "one of the most talked about devices in Silicon Valley," according to tech writer/investor Om Malik.

The company's web site calls it "the computer, de-invented," promising a tablet with "the world's first full-speed paper-like display." But Its founder has structured the company as a Public Benefit Corporation, with its web site describing the eyestrain-relieving tablet as "designed for deep focus and wellbeing. We refuse to accept a future where our devices are exhausting, addictive, and distracting."

Malik writes that Daylight Computer founder Anjan Katta suffers from ADHD, and "wanted something that allowed him few distractions and allowed him to work with intent." What the company has created is a beautiful tablet — about the size of a normal iPad Air. It is just a "little less than white," white, with a gorgeous screen. It is very simple, elegant, and lovely. It has an e-ink screen, and the matte monochrome paper-like display is optimized for reading, writing, and note-taking. It refreshes at 60 frames per second, a pretty big deal for e-ink displays. This different screen technology developed by the company is called LivePaper and it feels as snappy as anything you have experienced on an iPad. This is what puts it a notch above other e-ink tablets. This is precisely why the new Daylight tablet is much less stressful on the eye and easy to use even in direct sunlight. It has 8 GB memory, about 128 GB in-built storage, an 8-core chip, microphones, speakers, and a powerful battery.

There is no camera — thank God!
An ad from the company suggests the tablet "might change the way you think about screens," promising their device is "less distraction. Less addiction. Less eyestrain. Less blue light... Technology that feels a little bit more human, a bit less demanding."

The blog of product designer Arun Venkatesan calls it one of those devices that "signals an exciting new era where we can harness the power of technology without sacrificing our ability to live intentional, balanced lives."

Tom's Guide notes the tablet "is designed to run normal Android apps, and comes pre-installed with apps like Audible, Kindle, Google Docs and more" — and this may be the only the beginning: Based on various podcast interviews we could find of Katta, the DC1 isn't the end goal of the company. Katta wants to see the Live Paper display in all kinds of devices like monitors, laptops and watches.

Is the Daylight DC1 a technology flash in the pan or will we see a wave of Live Paper devices in the future? It'll be interesting to see how this devices truly works once its in people's hands.

A consumer-grade spyware app has been found running on the check-in systems of at least three Wyndham hotels across the United States, TechCrunch reported Wednesday. From the report: The app, called pcTattletale, stealthily and continually captured screenshots of the hotel booking systems, which contained guest details and customer information. Thanks to a security flaw in the spyware, these screenshots are available to anyone on the internet, not just the spyware's intended users.

This is the most recent example of consumer-grade spyware exposing sensitive information because of a security flaw in the spyware itself. It's also the second known time that pcTattletale has exposed screenshots of the devices that the app is installed on. Several other spyware apps in recent years had security bugs or misconfigurations that exposed the private and personal data of unwitting device owners, in some cases prompting action by government regulators. pcTattletale allows whomever controls it to remotely view the target's Android or Windows device and its data, from anywhere in the world. pcTattletale's website says the app "runs invisibly in the background on their workstations and can not be detected."

Android Authority's Mishaal Rahman reports that the group speaker volume controls feature is back in Android 15 Beta 2. "Google intentionally disabled this functionality on Pixel phones back in late 2021 due to a legal dispute with Sonos," reports Rahman. "In late 2023, Google announced it would bring back several features they had to remove, following a judge's overturning of a jury verdict that was in favor of Sonos." From the report: When you create a speaker group consisting of one or more Assistant-enabled devices in the Google Home app, you're able to cast audio to that group from your phone using a Cast-enabled app. For example, let's say I make a speaker group named "Nest Hubs" that consists of my bedroom Nest Hub and my living room Nest Hub. If I open the YouTube Music app, start playing a song, and then tap the cast icon, I can select "Nest Hubs" to start playback on both my Nest Hubs simultaneously.

If I keep the YouTube Music app open, I can control the volume of my speaker group by pressing the volume keys on my phone. This functionality is available no matter what device I use. However, if I open another app while YouTube Music is casting, whether I'm able to still control the volume of my speaker group using my phone's volume keys depends on what phone I'm using and what software version it's running. If I'm using a Pixel phone that's running a software version before Android 15 Beta 2, then I'm unable to control the volume of my speaker group unless I re-open the YouTube Music app. If I'm using a phone from any other manufacturer, then I won't have any issues controlling the volume of my speaker group.

The reason for this weird discrepancy is that Google intentionally blocked Pixel devices from being able to control the volume of Google Home speaker groups while casting. Google did this out of an abundance of caution while they were fighting a legal dispute. [...] With the release of last week's Android 15 Beta 2, we can confirm that Google finally restored this functionality.

Jeremy Allison — Sam (Slashdot reader #8,157) is a Distinguished Engineer at Rocky Linux creator CIQ. This week he published a blog post responding to promises of Linux distros "carefully selecting only the most polished and pristine open source patches from the raw upstream open source Linux kernel in order to create the secure distribution kernel you depend on in your business."

But do carefully curated software patches (applied to a known "frozen" Linux kernel) really bring greater security? "After a lot of hard work and data analysis by my CIQ kernel engineering colleagues Ronnie Sahlberg and Jonathan Maple, we finally have an answer to this question. It's no." The data shows that "frozen" vendor Linux kernels, created by branching off a release point and then using a team of engineers to select specific patches to back-port to that branch, are buggier than the upstream "stable" Linux kernel created by Greg Kroah-Hartman. How can this be? If you want the full details the link to the white paper is here. But the results of the analysis couldn't be clearer.

- A "frozen" vendor kernel is an insecure kernel. A vendor kernel released later in the release schedule is doubly so.

- The number of known bugs in a "frozen" vendor kernel grows over time. The growth in the number of bugs even accelerates over time.

- There are too many open bugs in these kernels for it to be feasible to analyze or even classify them....

[T]hinking that you're making a more secure choice by using a "frozen" vendor kernel isn't a luxury we can still afford to believe. As Greg Kroah-Hartman explicitly said in his talk "Demystifying the Linux Kernel Security Process": "If you are not using the latest stable / longterm kernel, your system is insecure."
CIQ describes its report as "a count of all the known bugs from an upstream kernel that were introduced, but never fixed in RHEL 8." For the most recent RHEL 8 kernels, at the time of writing, these counts are: RHEL 8.6 : 5034 RHEL 8.7 : 4767 RHEL 8.8 : 4594

In RHEL 8.8 we have a total of 4594 known bugs with fixes that exist upstream, but for which known fixes have not been back-ported to RHEL 8.8. The situation is worse for RHEL 8.6 and RHEL 8.7 as they cut off back-porting earlier than RHEL 8.8 but of course that did not prevent new bugs from being discovered and fixed upstream....

This whitepaper is not meant as a criticism of the engineers working at any Linux vendors who are dedicated to producing high quality work in their products on behalf of their customers. This problem is extremely difficult to solve. We know this is an open secret amongst many in the industry and would like to put concrete numbers describing the problem to encourage discussion. Our hope is for Linux vendors and the community as a whole to rally behind the kernel.org stable kernels as the best long term supported solution. As engineers, we would prefer this to allow us to spend more time fixing customer specific bugs and submitting feature improvements upstream, rather than the endless grind of backporting upstream changes into vendor kernels, a practice which can introduce more bugs than it fixes.
ZDNet calls it "an open secret in the Linux community." It's not enough to use a long-term support release. You must use the most up-to-date release to be as secure as possible. Unfortunately, almost no one does that. Nevertheless, as Google Linux kernel engineer Kees Cook explained, "So what is a vendor to do? The answer is simple: if painful: Continuously update to the latest kernel release, either major or stable." Why? As Kroah-Hartman explained, "Any bug has the potential of being a security issue at the kernel level...."

Although [CIQ's] programmers examined RHEL 8.8 specifically, this is a general problem. They would have found the same results if they had examined SUSE, Ubuntu, or Debian Linux. Rolling-release Linux distros such as Arch, Gentoo, and OpenSUSE Tumbleweed constantly release the latest updates, but they're not used in businesses.
Jeremy Allison's post points out that "the Linux kernel used by Android devices is based on the upstream kernel and also has a stable internal kernel ABI, so this isn't an insurmountable problem..."

Google and Samsung used to update smartphone software for only three years. That has changed. From a report: Every smartphone has an expiration date. That day arrives when the software updates stop coming and you start missing out on new apps and security protections. With most phones, this used to happen after about only three years. But things are finally starting to change. The new number is seven. I first noticed this shift when I reviewed Google's $700 Pixel 8 smartphone in October. Google told me that it had committed to provide software updates for the phone for seven years, up from three years for its previous Pixels, because it was the right thing to do.

I was skeptical that this would become a trend. But this year, Samsung, the most profitable Android phone maker, set a similar software timeline for its $800 Galaxy S24 smartphone. Then Google said it would do the same for its $500 Pixel 8A, the budget version of the Pixel 8, which arrived in stores this week. Both companies said they had expanded their software support to make their phones last longer. This is a change from how companies used to talk about phones. Not long ago, tech giants unveiled new devices that encouraged people to upgrade every two years. But in the last few years, smartphone sales have slowed down worldwide as their improvements have become more marginal. Nowadays, people want their phones to endure.

Samsung and Google, the two most influential Android device makers, are playing catch-up with Apple, which has traditionally provided software updates for iPhones for roughly seven years. These moves will make phones last much longer and give people more flexibility to decide when it's time to upgrade. Google said in a statement that it had expanded its software commitment for the Pixel 8A because it wanted customers to feel confident in Pixel phones. And Samsung said it would deliver seven years of software updates, which increase security and reliability, for all its Galaxy flagship phones from now on.

Google is opening up API access to its Google Home smart home platform, allowing app developers to access over 600 million connected devices and tap into the Google Home automation engine. In addition, Google announced that it'll be turning Google TVs into Google Home hubs and Matter controllers. The Verge reports: The Home APIs can access any Matter device or Works with Google Home device, and allows developers to build their own experiences using Google Home devices and automations into their apps on both iOS and Android. This is a significant move for Google in opening up its smart home platform, following shutting down its Works with Nest program back in 2019. [...] The Home APIs are already available to Google's early access partners, and Google is opening up a waitlist for any developer to sign up today. "We are opening up access on a rolling basis so they can begin building and testing within their apps," Anish Kattukaran, head of product at Google Home and Nest, told The Verge. "The first apps using the home APIs will be able to publish to the Play and App stores in the fall."

The access is not just limited to smart home developers. In the blog post, Matt Van Der Staay, engineering director at Google Home, said the Home APIs could be used to connect smart home devices to fitness or delivery apps. "You can build a complex app to manage any aspect of a smart home, or simply integrate with a smart device to solve pain points -- like turning on the lights automatically before the food delivery driver arrives." The APIs allow access to most devices connected to Google Home and to the Google Home structure, letting apps control and manage devices such as Matter light bulbs or the Nest Learning Thermostat. They also leverage Google Home's automation signals, such as motion from sensors, an appliance's mode changing, or Google's Home and Away mode, which uses various signals to determine if a home is occupied. [...]

What's also interesting here is that developers will be able to use the APIs to access and control any device that works with the new smart home standard Matter and even let people set up Matter devices directly in their app. This should make it easier for them to implement Matter into their apps, as it will add devices to the Google Home fabric, so they won't have to develop their own. In addition, Google announced that it's vastly expanding its Matter infrastructure by turning Google TVs into Google Home hubs and Matter controllers. Any app using the APIs would need a Google hub in a customer's home in order to control Matter devices locally. Later this year, Chromecast with Google TV, select panel TVs with Google TV running Android 14 or higher, and some LG TVs will be upgraded to become Google Home hubs.

Additionally, Kattukaran said Google will upgrade all of its existing home hubs -- which include Nest Hub (second-gen), Nest Hub Max, and Google Wifi -- with a new ability called Home runtime. "With this update, all hubs for Google Home will be able to directly route commands from any app built with Home APIs (such as the Google Home app) to a customer's Matter device locally, when the phone is on the same Wi-Fi network as the hub," said Kattukaran. This means you should see "significant latency improvements using local control via a hub for Google Home," he added.

An anonymous reader quotes a report from Ars Technica: Google's I/O conference is still happening, and while the big keynote was yesterday, major Android beta releases have apparently been downgraded to Day 2 of the show. Google really seems to want to be primarily an AI company now. Android already had some AI news yesterday, but now that the code-red requirements have been met, we have actual OS news. One of the big features in this release is "Private Space," which Google says is a place where users can "keep sensitive apps away from prying eyes, under an additional layer of authentication."

First, there's a new hidden-by-default portion of the app drawer that can hold these sensitive apps, and revealing that part of the app drawer requires a second round of lock-screen authentication, which can be different from the main phone lock screen. Just like "Work" apps, the apps in this section run on a separate profile. To the system, they are run by a separate "user" with separate data, which your non-private apps won't be able to see. Interestingly, Google says, "When private space is locked by the user, the profile is paused, i.e., the apps are no longer active," so apps in a locked Private Space won't be able to show notifications unless you go through the second lock screen.

Another new Android 15 feature is "Theft Detection Lock," though it's not in today's beta and will be out "later this year." The feature uses accelerometers and "Google AI" to "sense if someone snatches your phone from your hand and tries to run, bike, or drive away with it." Any of those theft-like shock motions will make the phone auto-lock. Of course, Android's other great theft prevention feature is "being an Android phone." Android 12L added a desktop-like taskbar to the tablet UI, showing recent and favorite apps at the bottom of the screen, but it was only available on the home screen and recent apps. Third-party OEMs immediately realized that this bar should be on all the time and tweaked Android to allow it. In Android 15, an always-on taskbar will be a normal option, allowing for better multitasking on tablets and (presumably) open foldable phones. You can also save split-screen-view shortcuts to the taskbar now.

An Android 13 developer feature, predictive back, will finally be turned on by default. When performing the back gesture, this feature shows what screen will show up behind the current screen you're swiping away. This gives a smoother transition and a bit of a preview, allowing you to cancel the back gesture if you don't like where it's going. [...] Because this is a developer release, there are tons of under-the-hood changes. Google is a big fan of its own next-generation AV1 video codec, and AV1 support has arrived on various devices thanks to hardware decoding being embedded in many flagship SoCs. If you can't do hardware AV1 decoding, though, Android 15 has a solution for you: software AV1 decoding.