What you need to know about the Secure Boot certificate expiration in Windows

Posted on by Martin Brinkmann

Secure Boot is a key security feature of PCs that is ensuring that only trusted, digitally signed software can load before the Windows operating starts. It uses a chain of trust using cryptographic certificates.

Microsoft issued the original Secure Boot certificates in 2011. Nearly every PC since 2012 has these certificates.

  • The problem: The certificates are set to expire in 2026. Some will expire in June 2026, others in October 2026.
  • The solution: To prevent Secure Boot disruptions, Microsoft is exchanging certificates.

What happens if the certificates are not exchanged?

Good news is that the PC won’s break or fail to boot when that happens. In fact, for most users, the PC will act and behave just like before. Windows will boot, apps will launch, and they can use their PC just like before.

The only limitation in that case is that Secure Boot can’t be updated anymore. This means that the official blocklist won’t update anymore to stop known malware or bootkits, can’t receive new features or fixes.

The expiring and new Secure Boot keys

Expiring 2011 CertificateNew 2023 ReplacementPurpose
Microsoft Corporation KEK CA 2011Microsoft Corporation KEK 2K CA 2023Gives Windows the authority to update the Signature Database (DB) and the blocklist (DBX).
Microsoft Windows Production PCA 2011Windows UEFI CA 2023Signs the actual Windows bootloader so the OS is allowed to start.
Microsoft Corporation UEFI CA 2011Microsoft UEFI CA 2023Signs third-party bootloaders (like Linux) and EFI applications.
NoneMicrosoft Option ROM UEFI CA 2023Signs third-party option ROMs (firmware for graphics cards, network cards, etc.).

The rollout of the update

Most Windows users on unmanaged PCs won’t have to do anything. The update is pushed via Windows Update and it will happen automatically in the background. A restart of the PC is required, but that is about it.

Microsoft begins with PCs that are “deemed highly compatible” first. This is the same distribution strategy that Microsoft uses for pushing out new feature or major updates to home and consumer PCs.

Here is how you can find out if the update is installed:

  1. Open the Start menu.
  2. Type Powershell.
  3. Select “Run as administrator”.
  4. Confirm the security prompt.
  5. Type Confirm-SecureBootUEFI and press the Enter-key.
    • True means that Secure Boot is active.
    • False means that Secure Boot is turned off.
  6. If True is returned, run the command ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match ‘Windows UEFI CA 2023’).
    • True means that the update is fully installed.
    • False means that the update is not yet installed, the 2011 keys are still used.

What loading an old RSS Feed opml file teaches you about the Internet

Posted on by Martin Brinkmann

When I updated the RSS feed reader RSS Guard recently to version 5.x on a computer, I found myself without any feed subscriptions after the upgrade. It is a bug apparently that is confirmed by the developer when upgrading from 4.x to the new major version.

Anyway, I picked the very first RSS feed file that I had on the computer and imported it. It was from 2023, not that long ago, but I realized quickly that something was off.

More than half of the subscribed feeds were shown in red after hitting the “update all feeds” button. This meant that they a) were not responding temporarily b) no longer available, or c) that the Feed address changed.

Often decade-old websites, like Raymond.cc, Donationcoder.com, or Ask Windows Wally, came up red. When I checked the addresses manually, I discovered that some of them were gone for good while others have not been updated for years.

One a few showed new articles or content, which meant that the Feed URL had changed or was removed entirely.

Loading an old RSS file teaches us a few fundamental truths about the web’s lifecycle:

  • Link rot is the rule: Websites come and go, which is especially true when it comes to independently run sites. These used to thrive a decade ago, but have a hard standing nowadays with traffic flowing to AI content or major players.
  • Security migration caused problems: The great migration from HTTP to HTTPS left all the sites behind that did not upgrade. Maybe they were abandoned by their owner prior to the changes, or the owner did not have the technical know-how or desire to upgrade.
  • Graveyard of hosted platforms: Platforms like Feedburner were used by millions of blogs in the past. Now, they are in a zombie-like state that is causing more and more problems. Also, restructures of blogs, e.g., Microsoft migrating away from Technet and MSDN, and defunct community projects, all caused disruptions in the field.
  • Shift to “walled gardens”: Old RSS feeds represented a decentralized web. People visited dozens of independent niche blogs. Today, many authors have moved to using centralized platforms, such as Substack, Medium, Reddit, or social media. At least some of these make it difficult to subscribe to feeds.

The Internet used to be this cool decentralized place where everyone could start a site or blog and attract an audience. Today, this has shifted towards social media and centralized platforms. The last holdouts feel this shift with every passing year, see it in traffic stats and bank statements.

I’m not saying that ever independent site will be gone in the next five or ten years, but every passing year is going to make it harder for many independent sites out there.

Now You: is there any site in particular that you miss a lot? Feel free to leave a comment down below.

Mozilla is working on a Firefox redesign – a fan favorite feature could make an official return

Posted on by Martin Brinkmann

Mozilla is working on a redesign of its open source Firefox web browser according to leaked mockups of the project. Previous attempts to redesign the browser split the community. While some heralded the changes as a move to modernize the browser, others pointed out that these redesigns were removing or changing features.

Here is an overview of the main changes according to the leak:

  • Strongly Rounded Elements: The most characteristic feature of the Nova design is its prominent use of rounded corners. The tabs, address bar, sidebar launcher, website content area, and elements on the start page are all significantly more rounded. The top section (tab bar and navigation bar) now forms a single rounded unit.
  • Subtle Color Gradients: Unlike the previous design, which relied on solid, single-color surfaces, Mozilla is introducing subtle color gradients across parts of the interface.
  • New Color Accents: The mockups show a noticeable tendency toward violet tones. However, these colors appear to adapt to the chosen theme, as another screenshot demonstrates a mint-green start page with matching UI colors.
  • Improved Vertical Tabs Integration: The redesign prominently features built-in support for vertical tabs as an alternative to the traditional horizontal tab bar.
  • Return of “Compact Mode”: While Firefox currently hides its space-saving “compact mode” behind advanced settings, the Nova mockups explicitly show a visible toggle for it. This suggests Mozilla might officially support and promote a compact UI layout again.
  • Split-Screen Tabs: The dark theme mockups showcase a layout with two tabs open side-by-side, hinting at a native split-screen or tiling feature currently in development.

Mozilla is not reinventing the wheel with this new design. Most web browsers look very similar in this day and age. In fact, compared to the current version of Firefox, it is focusing heavily on colors and rounded elements as the main distinguishing visual changes.

The one thing that excites me the most is the (supposed) return of the compact mode. This mode, which is still supported unofficially by Firefox, is my favorite display mode, as it reduces the size of the UI to give websites more room. Its existence in the mockups suggests strongly that Mozilla might return it officially to Firefox, a change that I would welcome with open arms. It would be another feature that Mozilla is returning or adding to Firefox in the past two or so years.

The mockups show a work in progress. This means that it is not really clear if a redesigned Firefox will look exactly like that.

Now You: What is your take on the proposed redesign of the web browser?

Android

The Epic War is Over: Google Play Drastically Changes Its Rules (and Fees)

Posted on by Martin Brinkmann

After nearly six years of legal bombshells and courtroom drama, the walled garden of the Android app ecosystem has finally cracked. This week, Google announced a massive, platform-altering overhaul to its Android operating system, officially marking the end of its legal battle with Epic Games.

In a move that will fundamentally reshape the economics of mobile software, the tech giant says it is rolling out a “new era” of openness that drastically alters how the Google Play Store operates.

Google decouples service and billing fees, allows registered third-party app stores, and gives developers choice when it comes to payments.

Here is an overview of the announced changes by Sameer Samat, President of the Android ecosystem:

  • Expanded Billing Choice: Developers can now use their own billing systems alongside Google Play’s or direct users to their own websites for purchases.
  • Registered App Stores Program: A new initiative to streamline the installation flow for third-party app stores that meet specific safety and quality benchmarks.
  • Revised Fee Structure: A new business model that decouples billing fees from service fees, reducing the in-app purchase service fee to 20% (or as low as 15% for those in specific developer programs).
  • Resolution with Epic Games: The post also notes that these updates officially resolve Google’s long-standing global legal disputes with Epic Games.

The changes are a major shift from the walled-garden approach of Google and also Apple. While it is uncertain how this change affects Apple, if at all, it will open up Android.

The effects for users and developers

The biggest immediate effect is the end of the 30 percent fee that Google is charging for any transaction on the platform. Google replaces it with the following system:

  • The service fee is dropped to 20 percent as the new baseline.
  • Developers who participate in the new “App Experience” or “Play Games Level Up” programs pay 15 percent.
  • Billing fees, if developers want to still use the billing system of Google Play, adds “market-specific fees” to the bill. Google set it to 5 percent in core markets such as US, UK and EEA.

Developers who choose to distribute their apps through their own store and process payments using their own billing system pay nothing to Google under the new system.

Sideloading is changing as well with the official Registered App Stores program. Third-party app stores that are accepted into the program get a “streamlined, friction-free installation process”. Provided that Google allows competitors, like the Epic Games Store, into the program, it will make it easier to install games offered through these stores.

When is this coming?

The rollout will happen in phases.

  • By June 30, 2026: US, UK, and EEA.
  • By September 30, 2026: Australia.
  • By December 31, 2026: Japan and Korea.
  • By September 30, 2027: The rest of the world.

It remains to be seen how this will all work out and whether it will really be that easy for developers to set up their own store and billing system.

KeePass 2.61 is out: here is what is new

Posted on by Martin Brinkmann

You probably know that KeePass is still my favorite password manager and that I do not save passwords in a browser or cloud-based location. It is a free Windows-based local password manager that does not restrict passwords and can be extend easily thanks to its open system. Other developers have created apps for all kinds of operating systems.

KeePass 2.61 is the latest version that got released earlier today. The new version adds new features and improvements, including several that make the password manager more versatile or secure.

As always, while you can configure KeePass to inform you about updates, you do need to download the new version from the developer website manually, as it does not include automatic update functionality. The new version should upgrade without any issues.

The main improvements of KeePass 2.61

One of the main improvements is update-related. Checks for new updates are now performed before a database is opened. Furthermore, if the master key prompt is opened, it will now also indicate that an update is available with an icon. You can toggle the feature under Options > Advanced.

The built-in one-time password generation capabilities have received several changes:

  • White-space characters are now automatically removed when pasting shared secrets, if the encoding is Base16/Hex, Base32 or Base64.
  • New buttons in the one-time password generator to copy the passwords to the clipboard.
  • The settings dialog supports displaying history entries now.

Other than that, you get improved saving of active databases to local files, multi-location/file synchronization options, and multiple attempts at entering the master key when a database is exported. Previously, users had to re-open the option to try again if the master password was incorrect.

The changelog lists a solid number of improvements next to that, which are mostly minor changes. One of the main changes is that searches are now more tolerant by default in almost any location. You can check the full list on the linked at the top.

Ultimately, KeePass 2.61 doesn’t try to fix what isn’t broken; instead, it polishes the edges of a tool built for those who value total sovereignty over their digital keys.

The March 2026 Android Security update is here and you should install it asap (if you can)

Posted on by Martin Brinkmann

Google released this month’s big security update for Android. It fixes a total of 129 vulnerabilities, including one that is actively exploited in the wild.

As is the case with these updates, they are not published immediately to all Android devices. Pixel devices do get them first, usually, before other manufacturers start pushing them out. Even then, your device may not receive them for weeks or even months, depending on how the manufacturer handles these updates.

Google describes the most severe of the patched issues in the following way:

The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

The vulnerability affects more than 200 different Qualcomm chips and has the identifier CVE-2026-21385.

Google does not reveal how the vulnerability is exploited in the wild, but it says that it is aware of “limited, targeted exploitation” of the issue. Users should exercise caution on devices without the March 2026 patch update.

You can check the full list of patches here. Check your manufacturer’s support website to find out when your device may be getting the update. Samsung users, for instance, find the full listing on the Samsung Mobile website.

Google to release two Chrome Stable releases per month

Posted on by Martin Brinkmann

Google updates the stable version of its Chrome web browser every week right now. It gets one major version bump, for instance from version 145 to 146, and three point updates. The big update introduces new features and changes plus security updates, the point updates usually only security fixes and major bug fixes.

Google announced a major change to the browser’s release cycle today on the official Chrome for Developers blog. “Starting September 2026, Chrome will move to a two-week release cycle”, writes Google on the blog.

Google continues:

The new release cycle means that a new beta and stable version of Chrome will ship every two weeks, starting from the stable release of Chrome 153 on September 8th. This applies to all platforms—Desktop, Android, and iOS. There will be no changes to the Dev and the Canary channels.

The company explains that this is done to “match the demands of a modern web” by providing developers and users with “immediate access to the latest performance improvements, fixes and new capabilities”. It may also help Google reclaim the (major) browser rank with the highest version, a coveted rank that it lost recently to Mozilla’s Firefox web browser.

The changes apply to stable Chrome on all platforms only. The Extended Stable release is not affected by this. It has a different schedule, as it is updated on an eight-week cycle. Similarly, Beta and Canary channels are also not affected by the change.

While the change may not look like big, as Google retains the number of Chrome releases in a month, it is far from small either. Security updates install without major problems usually, but this can’t be said for a browser release that introduces changes or new features.

With two coming each month, users have to keep a good eye on the changes and better increase the number of backups that they make before installing new software to account for potential issues arising from this.

While I won’t cover all Chrome releases here on Chipp, you can expect me to cover those that are causing major issues.

Don’t Bother with Windows 11’s new Speedtest feature

Posted on by Martin Brinkmann

How fast is the Internet connection of your Windows 11 PC? It may surprise you that you may give two answers to that question: the maximum speed of the line or the actual speed of the device.

Speedtests help test this. They are useful for troubleshooting connection-related issues, and may also help you get a partial refund from your Internet Service Provider, if the advertised speed does not match the actual speed you get.

Most Internet users run tests in browsers. Go to a site like speedtest.net, fast.com, or Cloudflare Speed, and you get information about the download and upload speed and the ping.

There are also some apps that you can run locally, which may offer better results as they eliminate the browser bottleneck. Lastly, there are also some command line solutions, but these may require the installation of extra packages.

For example, to install Speedtest CLI, which enables you to run tests from the command prompt, you would first install the module with the command winget install Ookla.Speedtest.CLI. Once done, you’d run a basic test from the command prompt with the command speedtest. You can also use parameters, which allow you to test the speed against specific servers or write the output to a json file.

The Windows 11 Speed test

Microsoft released preview updates for Windows 11 about a week ago. These add several new features, including a new speedtest.

Here is how Microsoft describes the feature:

A built‑in network speed test is now available from the taskbar. You can open it from the Wi‑Fi or Cellular Quick Settings, or by right-clicking the network icon in the system tray. The speed test opens in the default browser and measures Ethernet, Wi‑Fi, and cellular connections. This feature helps check network performance and troubleshoot issues.

This sounds like a useful addition to Windows. Instead of having to open a test in a browser, run an app or a command, you’d simply run the test from the taskbar.

However, when you test the feature, you may realize that this is not a fully integrated speedtest in Windows 11. When you select the option, for instance by right-clicking on a network icon on the Windows taskbar, you are taken to the speedtest.net website.

In other words, Microsoft has implemented a shortcut to the website instead of implementing its own solution.

Is it still useful? Well, it may save you a click or two and it may expose the option to some users who did not know such tests existed in first place.

However, if you have used a device with Internet connectivity for a while, you may not be that impressed by this new feature.

Now it is your turn: have you used speed tests in the past to test your Internet speed?

Warning! That laptop on Amazon? It comes with temporary storage

Posted on by Martin Brinkmann

I do not think that Amazon is the best place to shop for computer parts, laptops or full PC systems. The main reason for that is price, but there are other factors that should make you pause before you hit the “add to cart” button on the shopping site.

A new issue that has been uncovered by Neowin is that some sellers on Amazon inflate the storage of the devices that they sell. A laptop with 1.1 TB of storage? What an odd number. While it is possible that such a laptop exists, for instance one with a 128 GB solid state drive and a 1 TB platter-based drive, in this case, something different is being sold.

See, these particular sellers add a one year subscription to OneDrive to the laptop, and they add the 1 TB of cloud storage to the total of the laptop’s storage. So, instead of getting a laptop with 1.1 TB of storage, buyers get a laptop with 128 GB of storage and 1 TB of cloud storage.

This should not be a problem for users who know what OneDrive is, as physical and cloud storage is clearly separated in the title and Microsoft’s cloud service is mentioned by name. The system configuration is also displayed correctly, but it can still be problematic for users who hit the buy button too quickly or do not know the difference.

At the very least, it can be very confusing. If you open such a result on Amazon, say this HP 14″ laptop, you find the following title on Amazon:

HP 14″ Natural Silver Ultrabook Laptop, Intel 4-Core CPU, 4GB RAM, 1.1TB Storage (1TB OneDrive and 128GB SSD), HD Display, Windows 11, Microsoft 365 Web Apps

The title says 1.1 TB of storage first before the seller highlights how much of that is physical and how much is cloud-based.

This laptop comes in three configurations: the base model comes with 4 GB of RAM and 128 GB of storage, the most expensive model with 16 GB of RAM and 256 GB of storage. Here, the seller has not added the 1 TB to the laptop’s total.

However, when you scroll to the specs right below, you see 1.1 or 1.2 TB as the hard disk size. The “about this item” section again differentiates the storage between local and cloud storage.

Ultimately, it is a new selling strategy on Amazon that you may want to look out for, if you do buy laptops or PCs there. It is quite possible that Amazon is not the only marketplace where the strategy is used.

“If your printer works today, it will continue to work”: Microsoft corrects previous announcement

Posted on by Martin Brinkmann

Last month, Microsoft made a statement regarding printer support on Windows that caused confusion. Back then, Microsoft wrote: “January 2026, Windows will no longer support V3 and V4 printer drivers. These older driver models were announced as deprecated in September 2023”.

Turns out, this was not really what the company meant. Windows Central claims to have received a statement by Microsoft that confirms that support for legacy printer drivers is not ending after all on Windows.

If that would be the case, millions of printers would stop working. Here is the full statement as reported by the site:

Windows has not ended support for legacy printer drivers. If your printer works with Windows today, it will continue to work, and no action is required [..] an update to the Windows Roadmap stated that Windows will no longer support V3 and V4 printer drivers—this update was inaccurate and has since been removed

Here is what Microsoft actually meant: new legacy printer drivers will only be accepted on a case-by-case basis. This does not affect existing printer drivers and users may still download and install the updates from third-party sources.

The core changes

  • The Microsoft IPP Class Driver: Instead of downloading a specific driver for every printer model (e.g., an HP driver, a Brother driver, a Canon driver), Windows 11 is shifting to the Internet Printing Protocol (IPP) and the Mopria standard. This allows Windows to use a single, built-in inbox driver that works seamlessly with almost any modern printer.
  • Windows Protected Print Mode (WPP): Introduced in the Windows 11 24H2 update, this is an optional security feature that entirely disables third-party printer drivers. When enabled, your PC only uses the Microsoft IPP Class Driver. While it’s currently turned off by default, Microsoft’s long-term goal is to make WPP the standard.
  • Print Support Apps (PSAs): Instead of bundling advanced features (like watermarks, stapling, or deep color management) into a heavy driver package, manufacturers are being pushed to offer these features through lightweight Print Support Apps downloaded directly from the Microsoft Store.

The official timeline

  • January 15, 2026: Microsoft officially stopped accepting new v3 and v4 printer drivers onto Windows Update. From this point forward, new printers are expected to be IPP/Mopria compliant, but exceptions may be made case-by-case.
  • July 1, 2026: Windows will change its internal ranking system. If you plug in a new printer, Windows will default to the Microsoft IPP class driver instead of hunting for a manufacturer-specific driver.
  • July 1, 2027: Windows Update will stop distributing non-security updates for third-party legacy drivers. Only critical security patches will be allowed through.