Month: March 2023

Enlarge / At least the acropalypse.app tool has a pretty sweet logo. (credit: acropalypse.app)

Back in 2018, Pixel phones gained a built-in screenshot editor called "Markup" with the release of Android 9.0 Pie. The tool pops up whenever you take a screenshot, and tapping the app's pen icon gives you access to tools like crop and a few colored drawing pens. That's very handy assuming Google's Markup tool actually does what it says, but a new vulnerability points out the edits made by this tool weren't actually destructive! It's possible to uncrop or unredact Pixel screenshots taken during the past four years.

The bug was discovered by Simon Aarons and is dubbed "Acropalypse," or more formally CVE-2023-21036. There's a proof-of-concept app that can unredact Pixel screenshots at acropalypse.app, and it works! There's also a good technical write-up here by Aarons' collaborator, David Buchanan. The basic gist of the problem is that Google's screenshot editor overwrites the original screenshot file with your new edited screenshot, but it does not truncate or recompress that file in any way. If your edited screenshot has a smaller file size than the original—that's very easy to do with the crop tool—you end up with a PNG with a bunch of hidden junk data at the end of it. That junk data is made up of the end bits of your original screenshot, and it's actually possible to recover that data.

That sounds like a bad way to write a screenshot cropping tool, but in Google's defense, the Android 9 release of the Markup tool worked correctly and truncated the overwritten file. Android 10 brought a lot of dramatic "Scoped Storage" changes to how file storage worked in Android, though. It's unclear how or why this happened, but perhaps as part of that huge wave of file-handling commits, one undocumented change made it into the Android Framework file parser: the Framework's "write" mode stopped truncating overwritten files, and the bug in Markup was created. The Markup tool relied on the OS's file handling, and the way it worked changed in a later release, which it looks like nobody noticed.

Enlarge (credit: Aurich Lawson / Ars Technica)

One of the enduring legacies of the '90s browser wars has been an outsize attention to how Microsoft handles default app settings in Windows, especially browser settings. The company plans to make it more straightforward to change your app defaults in future versions of Windows 11, according to a new blog post that outlines a "principled approach to app pinning and app defaults in Windows."

The company's principled approach is a combination of broad, vague platitudes ("we will ensure people who use Windows are in control of changes to their pins and their defaults") and new developer features. A future version of Windows 11 will offer a consistent "deep link URI" for apps so they can send users to the right place in the Settings app for changing app defaults. Microsoft will also add a pop-up notification that should be used when newly installed apps want to pin themselves to your Taskbar, rather than either pinning themselves by default or getting lost somewhere in your Start menu.

The new Settings URI is designed to replace default app workflows like this one from Adobe Reader, which opens an old-school Windows 95-style Properties window instead of the Settings app. (credit: Andrew Cunningham)

These new features will be added to Windows "in the coming months," starting in the Dev channel Windows Insider Preview builds.

Enlarge / The IPCC chair and secretary preside over a marathon final approval session. (credit: IPCC/Antoine Tardy)

The reports produced by the Intergovernmental Panel on Climate Change (IPCC) are massive undertakings, requiring years of effort and hundreds of scientists who volunteer as authors. The 6th assessment report cycle saw its first documents released in 2018, and five more followed through 2022. Today puts a coda on that cycle, as the condensed Synthesis Report is now out.

The first three reports were focused on narrow topics: the 1.5°C warming milestone, land use and climate change, and the world’s oceans and ice. The next three followed the traditional structure of previous assessment reports: the physical science of climate change, the impacts of climate change, and solutions.

Each of these reports is meant to represent the state of scientific knowledge on a topic so decision makers and other interested readers don’t have to take on the many thousands of published studies that form their foundation. The role of the Synthesis Report is to further distill the most important information into the simplest reference that the scientists can bear to put their stamp of approval on. The 18 key conclusions in this report provide an impressively comprehensive yet succinct description of our situation—the ultimate TL;DR of Earth’s climate.