Android phones don't have an awful lot of attack surface area for typical users though. Messenger apps already will refuse to display arbitrary images - Whatsapp for example will only display jpegs and mp4's sent from other contacts.

True, and most websites will reencode images for compression anyway. But the point still stands this makes "hacked by clicking a link" a reality again for some people which should have ended along with flash and java applets. The current mainstream is that "you won't get hacked if you don't install." (not to say that this is the best security practise..) Since you don't install images most people will just assume they are safe. I hope this whole ordeal doesn't hurt JPEG-XL adoption.

I hope it does hurt JPEG-XL adoption.

The reference implementation is C++, and it’s nearly guaranteed to have equally worrisome bugs in it — every image library has seen those over the years.

We live in 2023. We can deal with slightly worse compression until someone rewrites it in a sane language.

> We live in 2023. We can deal with slightly worse compression until someone rewrites it in a sane language.

not just sanity of implementation but also reliability and compatibility

{h264,jpg,zip} for life!

Yeah, I don't mess with webp, VP8, etc. I see near zero benefit to myself from that, with significant downsides.

Like, Google Meet insists on using VP8/9. Why, cause it's "free?" The strain on my laptop and extra energy usage for it to CPU-en/decode video ain't free. Zoom just uses h.264 instead of being annoying about it.

Especially when there are various neural net compression methods on the horizon that look like they can probably reduce file sizes 10x or more for similar user enjoyment.

It's not just compression ratios that new formats provide though: it's also higher bit depths (meaning less banding for things like gradients, i.e. in skies at sunset) and HDR support (values over 1.0 in 'linear' space, rather than being clamped).

I'm sure this is what you meant, right ;)

https://github.com/Traneptora/jxlatte

I'll take it. It's not like Java is slow nowadays.

I was under the impression that modern C++ is a "sane language" - it looks like "smart pointers" are a thing now?

Smart pointers aren't the beginning and end of things. C++ is riddled with places that can be converted into weird machines, even if you guarantee correct lifetimes of everything on the heap.

Look at how much fun we can just have with the stack!

  std::string_view foo(std::string_view s) {
    return s;
  }

  auto s = foo("temporary");  // kaboom

Modern C++ does not force you to initialize everything before it is read. Modern C++ happily lets you ignore bounds checks with vector operator[] or by using c style arrays or by doing pointer arithmetic. Modern C++ happily lets you overflow integers or silently truncate when widths change. And on and on and on. Turning every "new" into "make_shared" is nowhere close to enough to make C++ safe in the face of bugs.

Agreed. Security shouldn't depend on not visiting certain web sites, because if nothing else the ad networks are able to get your browser to load all sorts of content from all sorts of places that you wouldn't deliberately do.

Clicking a link in a web browser means that any image decoding happens in the browser renderer sandbox.

That sandbox is pretty robust - the difficulty of finding an exploit somewhere in a browser renderer is much lower than the difficulty of finding a way out of the sandbox the renderer runs in.

Yes, not exactly "clicking a link" but still at the same level ("add to contacts"). Also many apps have users with profile pictures. An attacker can send a link that will open in an app (eg. Instagram, facebook). Also within browsers could this still leak whatever is currently rendering on the page?

Is there any site that shows what phones are still getting security updates? I'm worried that this will be the thing that makes me retire my son's old Moto G... 5 I think? It's probably out of security updates. Which kills me, he's a careful boy and it's a solid phone, this is unnecessary E-Waste.

I don't know of a site that tracks it, but in the phone settings you can see when it last got security patches.

Also, if you want to get security updates without the e-waste, you could just install LineageOS on it.

"just" is definitely a 4-letter word here, but yes, I think I'll be getting him a new one and putting LineageOS on the thing to play with.

I'd say a G5 is way out of updates. I have the G8+ and it stopped getting security updates ages ago.

I’m surprised, given the history of exploits, Google didn’t decide to start shipping the image decoders as an APEX system component in the Play Store, with the built-in ones serving as a fallback. They just might now.

Having spelunked through some Google announcements on this, it looks like they planned to do so back when Android 11 was in development (https://android-developers.googleblog.com/2020/02/Android-11... ), but I can’t find any evidence that image decoders are included in the current Android Mainline system updates that ship via Google Play - video codecs are, but not image ones apparently.

The image decoders are in android.graphics (https://developer.android.com/reference/android/graphics/pac... ) & that API subset is not listed in the Android Mainline system modules that are catalogued here: https://source.android.com/docs/core/ota/modular-system

It looks as if they planned to include image decoders, but that was dropped sometime during the Android 11 development cycle, unless I’ve missed something (which is certainly possible).

Edit: the final dev release announcement for Android 11 keeps the same paragraph about the native image decoder. So maybe it is there & I’m just not finding it? https://android-developers.googleblog.com/2020/09/android11-...

I'm always suspicious of Google's behavior. It might be a good opportunity for them to tell everyone they need the latest version of Chrome because security. Manifest 3.0 and cohorts/FLoC, you can't escape them.