Tag: fix

Categories
Mobile Syrup

November security patch fixes Pixel lock screen bypass bug

Google’s November 2022 security patch dropped for Pixel phones a few days ago, and, if you haven’t already updated your Pixel phone, you should. The update includes a fix for a security flaw that could allow someone to bypass the phone’s lock screen using a SIM card.

David Schütz discovered the issue and detailed it in a blog post and video. While the post is well worth a read if you’re interested in this kind of thing, the short version is that someone with physical access to a Pixel device could bypass lock screen protections, including the fingerprint and PIN, and gain access to the phone.

To do so, all an attacker would need to do is swap the SIM card in the phone. In the video, Schütz shows himself swapping a SIM card into a locked Pixel 6, which then asks for the SIM PIN. After entering that wrong three times, the Pixel asks for a personal unblocking key (PUK), which is used to reset a SIM PIN if a user forgets it. However, in the case of Pixel phones, after entering the PUK and typing in a new SIM PIN, the phone unlocks.

Put another way, an attacker would only need a SIM card with a SIM PIN a PUK code that they know to gain access to any Pixel smartphone. The November 2022 security patch, which is now available for the Pixel 4a and newer, fixes the problem.

Frustratingly, Schütz reported the security flaw to Android’s Vulnerability Rewards Program in the middle of 2022, but Google didn’t do anything until September after some in-person prodding. Still, Schütz got a $70,000 USD reward (about $93,703 CAD), which is a good chunk of change for spotting the flaw.

Source: Schütz Via: 9to5Google

Categories
Cottage Life

One hour is all it takes to salvage a busted lamp

Photo by Bradley Reinhardt

Table and floor lamps can have a long life. But as they age, their three main electrical components—socket, cord, and plug—may need to be replaced. With a few simple techniques that make sure you do it safely, about $20, and an hour of your time, you can have a like-new, rewired lamp. 

Start by unplugging the lamp and removing the shade and bulb. With a screwdriver or a strong pair of hands, remove the upper shell of the socket. The socket shell, the sleeve, and the base (which is usually secured onto a threaded rod with a set screw) can be reused if they’re in good shape. If the shell is metal, make sure that you check that the cardboard insulation sleeve inside is intact. 

If you are just replacing a damaged lamp cord, unscrew the wires from the socket terminals. It’s probably best, though, to replace the socket itself while you’re at it, since the switch often breaks over time. In that case, unscrew the socket base from the lamp, leaving the old cord attached. You can use that old cord as a pull wire, attaching old to new, to get the replacement up from the base to the socket. 

Whenever you’re wiring, it’s important to know which wire is which. The side of the new lamp cord with raised ridges or printing is the neutral conductor. That wire goes to the silver screw on the socket. The other wire, on the smooth side, is hot; it goes to the brass screw. 

With the wires identified and threaded through the secured socket base, pull the two wires apart for a few inches to create two single wires. Then tie them into an underwriter’s knot. If anyone pulls on the cord, this knot prevents damage to the wire or the terminal connections.

Strip the end of each wire, wrap it clockwise around the corresponding terminal screw, and tighten it. Everything else goes back together just as it was when you started.

You’ll save time (and often money) by buying a lamp cord with the plug already attached, but if you’re only replacing the plug, be careful that you attach the wires correctly. It’s the same principle as in the socket. The ridged, neutral wire connects to the wide prong on the plug. Those different-sized prongs mean you can only plug the lamp in one way—the safe way.

Categories
Mobile Syrup

Intel found a flaw in AMD’s Spectre mitigation, AMD issues fix

Source: https://www.amd.com/en/corporate/newsroom-media

Intel’s security team found a flaw in AMD’s old ‘LFENCE/JMP’ patch to mitigate Spectre vulnerabilities across several generations of Ryzen and Threadripper CPUs.

In response, AMD issued a security bulletin recommending the use of alternate mitigation options. The update also had additional information for software developers.

Spectre is a type of security flaw that affects almost all modern Intel and AMD processors. It can potentially allow attackers to access sensitive data without detection. Worse, last week researchers found that Intel and Arm processors are susceptible to a new kind of ‘Spectre v2’ attack.

Intel uncovered the issue with LFENCE/JMP while investigating the new vulnerability. AMD implemented LFENCE/JMP in 2018 to mitigate against Spectre, but Intel’s researchers found it doesn’t adequately protect against the threat.

As per AMD’s security bulletin, the weakness in LFENCE/JMP spans the following chips:

  • Gen 1, 2, and 3 AMD Epyc processors
  • AMD Ryzen 2000, 3000, and 5000 series desktop processors
  • AMD Ryzen 4000 and 5000 series desktop processors with Radeon graphics
  • 2nd and 3rd Gen Ryzen Threadripper
  • AMD Ryzen Threadripper Pro
  • AMD Athlon 3000 series mobile processors with Radeon graphics
  • AMD Ryzen 2000 and 3000 series mobile processors
  • 2nd Gen AMD Ryzen mobile processor with Radeon graphics
  • AMD Ryzen 3000, 4000, and 5000 series with Radeon graphics
  • AMD Athlon, Athlon 3000, and Ryzen 3000 mobile processors with Radeon graphics for Chromebook

You can view the full list here.

The researchers who found the flaw performed the exploit on Linux, but so far there haven’t been examples of the using the exploit on platforms like Windows.

Finally, The Verge points out that patches for Spectre-related vulnerabilities have been known to cause performance issues, especially on older hardware. However, benchmarking platform Phoronix tested the impact of initial patches for Intel and AMD chips in 2019 and found AMD CPUs were less affected than Intel.

Image credit: AMD

Source: Tom’s Hardware, AMD Via: The Verge

Categories
Cottage Life

How to stabilize a tippy floating dock

Photo by Shutterstock

Does your floating dock pivot like a teeter-totter when folks step off the boat? For maximum stability, a floating dock should be long, wide, and heavy, with a low centre of gravity and its flotation near the edges.

If your dock is at least 8′ wide—the minimum builders recommend—check the location of the floats. Can they be moved closer to the edges? If your design is essentially a deck perched on top of floats, it will have a high centre of gravity. Build a wood subframe below to house the floats and add weight. Now your dock has a lower centre of gravity—and more stability. 

Sometimes, you can improve performance by connecting dock sections in a T- or an L-shape. Sometimes that just creates a wobbly letter-shaped dock. Bottom line? Any floating dock that’s less than 6′ wide will probably never have a stable relationship with people. Maybe you should repurpose it as a ramp for a new dock that is long, wide, and heavy.

Categories
Mobile Syrup

Microsoft testing new, streamlined way to change default browsers in Windows 11

Microsoft will eventually undo changes in Windows 11 that made it more difficult for users to select a different default browser.

Unfortunately, the improved browser switch tool is still in testing. It’s not clear when Microsoft plans to roll out the updated default browser selection, so it could still be a little while before Microsoft fixes the issue.

Rafael Rivera, the developer behind EarTrumpet, a Windows app that improves the volume control menu, shared the new Windows 11 default browser selector on Twitter after discovering it in the Windows 11 Insider Preview Build 22509. There’s a button at the top of the browser page in the ‘Apps’ part of the Windows 11 settings in Rivera’s screenshots. Pressing that button will set the browser as the default.

Aaron Woodman, vice president of Windows marketing, confirmed to The Verge in a statement that the company “streamlined the ability for a Windows Insider to set the ‘default browser’ to apps that register for HTTP:, HTTPS:, .HTM, and .HTML.”

Windows 11 ditched the simpler Windows 10 default browser switcher, which let users click on the default browser option and select a different browser from a list of installed browsers. Instead, Windows 11 makes users pick a browser from a list of all apps and then set it as the default for each individual file type the browser can open (HTTP, HTML, PDF, etc). The Windows 11 process is more tedious and confusing than it was on Windows 10 — the change was generally met with backlash from users and rival browser makers. Some, like Firefox, added new buttons to help streamline the process.

Those interested can read a lot more about the Windows 11 default browser process here, or a guide on how to change the default here.

Microsoft shouldn’t need to backtrack — it should never have made this change

Although the new default browser switcher in Windows 11 is an improvement, it’s hard to commend Microsoft for fixing a problem it made for itself. The company has a long history of adding changes, prompts and other annoying roadblocks to try and make people use its Edge browser (or dissuade people from switching to another browser). Most recently, Edge started showing prompts when users try to download Chrome.

  1. Microsoft’s revamped Edge browser is actually pretty good (excluding a few odd additions like the ‘buy now, pay later‘ feature in the U.S. that has people understandably upset). As MobileSyrup’s resident browser geek, I find Edge offers better performance than Chrome and generally, it works better for how I work.
  3. That said, Microsoft’s constant attempts to force people to use Edge and hinder switching to other browsers sour many people on Edge before they ever try it. Those same features even get in the way of me using Edge since I prefer to use the beta version to get early access to new features. Microsoft’s browser-switching roadblocks almost always get in the way of me going from default Edge to beta Edge.

Source: Rafael Rivera (Twitter) Via: The Verge

Categories
Mobile Syrup

Google says it’s working on a fix for Pixel 6/6 Pro ghost call issue

Google confirmed its “aware” of the Pixel 6 and 6 Pro ghost call issue and is “working on an immediate fix.”

The search giant confirmed it was working to fix the problem in a statement to 9to5Google after several reports emerged Friday that Pixel 6 and 6 Pro devices were calling people randomly. Threads on Reddit and Google’s Pixel support forums claimed that Pixel 6 phones were calling numbers in the middle of the night and without any input from users.

People speculated that Google Assistant was the culprit behind the problem after some reported success in stopping the problem by disabling Assistant on the lock screen. That effectively prevented it from activating (and thus calling someone) while the phone was locked.

Although Google hasn’t yet confirmed the source of the problem, Android Police founder Artem Russakovskii shared on Twitter that launching Assistant and saying nothing would eventually result in it placing a call to someone. It remains unclear why this happens, but it appears that once Assistant activates, it will decide to call a contact.

Some Twitter users replied to Russakovskii, saying they could also reproduce the issue. I couldn’t make it happen on my Pixel 6, but I also haven’t experienced the phantom calling problem at all yet (hopefully, that doesn’t change).

With Google working on an “immediate fix,” the issue should be resolved soon. For those who are suffering from phantom calls, you can disable Assistant on the lock screen to temporarily fix the issue (open the Google app > tap your profile in the top-right corner > Settings > Google Assistant > Lock screen > disable Assistant responses on lock screen).

Source: Artem Russakovskii (Twitter), 9to5Google

Categories
Mobile Syrup

Some AMD Ryzen CPUs seeing up to 15% performance hit on Windows 11

Source: https://www.amd.com/en/corporate/newsroom-media

Windows users with AMD Ryzen chips may want to hold off on updating to Windows 11 for the time being — Microsoft and AMD have uncovered at least two issues causing performance issues for Ryzen chips.

According to AMD support (via The Verge), Microsoft’s fancy new operating system can cause performance drops up to 15 percent in some cases.

The first of the two issues is that Windows 11 can cause L3 cache latency to triple. According to AMD, that could cause a three to five percent degradation in performance in most applications. Games (AMD specifically mentions “games commonly used for eSports”) can see a 10-15 percent performance hit.

The second issue is with AMD’s ‘preferred core’ tech, which shifts threads to the fastest core on a processor. AMD says that users may see performance issues with tasks that are heavily reliant on the CPU, especially if they have a processor with more than eight cores and above 65W TDP.

AMD and Microsoft are looking into the issues, with AMD noting on its support page that a Windows update is “in development” and should arrive later this month. For now, however, AMD users may want to hold off on the Windows 11 update.

Image credit: AMD

Source: AMD Via: The Verge