Kategorie
Defending Against Remote Code Execution in Google Chrome: A Critical Update
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
Sdílení polohy nebo přístup k mikrofonu už v Chromu nemusí být permanentní
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
Linux in the Cloud: Exploring Linux-based Cloud Computing Solutions
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
Microsoft’s Patch Tuesday updates: Keeping up with the latest fixes
Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are. Patch Tuesday, as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers.
The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates. Like tacos, Patch Tuesday is here to stay.
In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”
Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry. As a case in point, Adobe, among others, follows a similar patch cadence.
Patch Tuesday coverage has also long been a staple of Computerworld’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month.
In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates.
September: Latest Patch Tuesday update fixes 4 zero-daysAddressing four zero-days flaws (CVE-2024-38014, CVE-2024-38217, CVE-2024-43491 and CVE-2024-38217), this month’s Patch Tuesday release from Microsoft includes 79 updates to the Windows platform. There are no patches to Microsoft Exchange Server or the company’s development tools (Visual Studio or .NET). And Microsoft addressed a recently exploited vulnerability in Microsoft Publisher with two critical updates and nine patches rated important for Microsoft Office. More info on Microsoft Security updates for September 2024.
August: Patch Tuesday means patch nowMicrosoft pushed out 90 updates in its August Patch Tuesday release, including fixes for five Windows zero-days (CVE-2024-38178, CVE-2024-38193, CVE-2024-38213, CVE-2024-38106, CVE-2024-38107) and one zero-day affecting Office (CVE-2024-38189). This means a “Patch Now” recommendation for both Windows and Microsoft Office. Microsoft offered several (pretty useful) mitigations and recommendations to reduce the impact of these security issues. More info on Microsoft Security updates for August 2024.
July: 4 zero-day flawsThis July’s Patch Tuesday from Microsoft addressed a significant number of vulnerabilities, including four zero-day threats. Here’s a quick rundown: Microsoft released updates for SQL Server, with patches for Windows, Office, .NET, and Visual Studio. It also released four critical updates for Windows, including patches for Hyper-V and MSHTML. There’s one critical update for Office’s SharePoint platform.
More info on Microsoft Security updates for July 2024.
This month’s Patch Tuesday brought mostly low-risk updates with no reported zero-day vulnerabilities. Key areas addressed include changes to Secure Boot (requiring third-party driver testing), code integrity policies (needing verification for Windows Defender features), and core Windows systems (necessitating broad application testing). While there were no critical updates for Office or Exchange Server, some updates to Visual Studio require attention for developers.
More info on Microsoft Security updates for June 2024.
This month’s Patch Tuesday highlights three critical zero-day vulnerabilities affecting Windows PCs and requiring immediate patching — that is, identified as “patch now.” Some updates like those to Office and Edge browsers follow standard release schedules, but be aware of a critical update for SharePoint Server. Developers need to aware o a late addition to the update cycle affecting the Azure Agent, requiring attention for Azure-based virtual macHines. Testing is crucial this month, especially for core Windows features like the Common Error Log, DNS, cryptography and routing services.
More info on Microsoft Security updates for May.
April’s Patch Tuesday was a complex one, especially for SQL-dependent applications. This hefty Patch Tuesday from Microsoft included 149 updates. While there were no zero-day vulnerabilities, key areas addressed include crypto APIs, networking and remote desktop connections. A major update to the Kerberos security system removes Windows 11 from the affected list, highlighting the importance of staying updated. For developers, 11 updates target the development platform, with 10 focused on SQL ODBC issues and 1 on .NET. While the .NET update can be added to the standard schedule, the ODBC updates require careful examination.
More info on Microsoft Security updates for April.
This month’s Patch Tuesday from Microsoft was complex. There were no reported zero-day vulnerabilities, but a number of updates, particularly those affecting SQL, OLE and ODBC components, underscore the importance of a thorough evaluation. Key areas of focus include file management, cryptography, networking, remote desktop connections, and SQL-related functionalities. Given the interconnectedness of these systems, organizations should prioritize testing across their application portfolios to identify potential impacts. The update to the Kerberos security system is noteworthy, as it removes support for certain Windows 11 versions.
More info on Microsoft Security updates for March.
September’s Patch Tuesday update fixes 4 zero-days
Addressing four zero-days flaws (CVE-2024-38014, CVE-2024-38217, CVE-2024-43491 and CVE-2024-38217), this month’s Patch Tuesday release from Microsoft includes 79 updates to the Windows platform. There are no patches to Microsoft Exchange Server or the company’s development tools (Visual Studio or .NET). And Microsoft addressed a recently exploited vulnerability in Microsoft Publisher with two critical updates and nine patches rated important for Microsoft Office.
Significant testing will be required for this month’s Microsoft SQL Server patches, which affect both server and desktop components — with a focus on application installations due to a change in how Microsoft Installer handles changes and installation rollbacks.
The team at Readiness has crafted a useful infographic outlining the risks associated with each update.
Known issuesMicrosoft always publishes a list of known issues that relate to the operating system and platforms included in each update, including the following two minor issues for September:
- After installing the Windows update released on or after July 9, 2024, some Windows Servers may experience intermittent interruptions to remote desktop connections. Those using RDP over HTTP while employing a Remote Gateway server are most likely to experience this issue. Microsoft is working on a resolution and published a knowledge article (KB5041160) to assist with mitigations.
- As a result of the recent updates to Microsoft SharePoint Server, some users are reporting an issue in which SharePoint workflows can’t be published because the unauthorized type is blocked. The issue also generates the event tag “c42q0” in SharePoint Unified Logging System (ULS) logs. In addition, recent changes could cause the deserialization of custom types that inherit from IDictionary to fail. For more information, see KB5043462 on these issues. (Sounds like something from the Succession TV series.)
Due to recent changes to Windows Installer, User Account Control (UAC) does not prompt for credentials on application installation repairs. Once this update (September 2024) has been installed, UAC will again prompt properly. Your scripts will need to be updated if you have not already accounted for this change.
Though Microsoft has provided documentation on avoiding the issue by disabling this feature in UAC, we think this is a much-needed change and recommend following this latest best practice.
Major revisionsThis month, Microsoft published the following major revisions to past security and feature updates, including:
- CVE-2020-17042: Windows Print Spooler Remote Code Execution Vulnerability. This print spooler update was first released in November 2020. This is an information update to reflect that Windows Server 2022 (Core) is now affected.
- CVE-2024-30077: Windows OLE Remote Code Execution Vulnerability. This two-month-old patch from Microsoft has been updated to include support for the ARM platform.
- CVE-2024-35272: SQL Server Native Client OLE DB Provider Remote Code Execution. First released in July, the affected software table has been updated to include entries for Visual Studio 2019 and 2022. No further action required.
- CVE-2024-38138: Windows Deployment Services Remote Code Execution Vulnerability. This is a documentation update to a patch released last month to include support for all supported versions of Windows Server. No further action required.
Unusually, we have a patch revision that is not strictly documentation related. This month, it’s CVE-2024-38063 (Windows TCP/IP Remote Code Execution Vulnerability). Unlike other revisions, this latest version of a critical network patch will require testing as if it were a new update. System administrators need to take this latest patch revision seriously and test before (re)deployment.
Testing guidelines
Each month, the Readiness team analyzes the latest Patch Tuesday updates and provides detailed, actionable testing guidance based on a large application portfolio and a detailed analysis of the patches and their potential impact.
For September, we have grouped the critical updates and required testing efforts into separate product and functional areas including:
Microsoft SQL ServerMicrosoft released several updates to the Microsoft SQL Server platform that affects both Windows desktops and SQL Server installations, including:
- A significant update to all supported versions (2016-2022) of Microsoft SQL Server that will require a full installation test.
- An updated core Windows library (SQLOLEDB) that helps Windows applications communicate with SQL Server databases and tools. Though Microsoft rated this change low-risk, Readiness recommends a portfolio analysis that highlights all apps that depend on this data-bound communication approach and a full test cycle for each one identified.
Due to the nature of this September SQL Server update, we highly recommend testing the patch itself and the patching process — with a view to the patch REMOVAL process. We understand that this will require time, skill, and effort — but it will be better than a full restore from backup.
WindowsMicrosoft made networking and memory handling security issues a focus this month with the following changes to Windows:
- Due to an update to 64-bit to 32-bit memory handling in Windows (called thunking), 32-bit Camera applications will require testing on 64-bit machines this month. Using Microsoft Teams or playing a video from a USB drive would provide good testing coverage for this change.
- Virtual Machines (VMs) that require a VPN will require connectivity testing. In addition, the following protocols — PPP, PPTP, SSTP — will require a basic connectivity test.
- A minor update to Windows defender will require basic testing for endpoint security.
- A minor update to core networking functions will require a test of high network traffic this month. The focus should be on the transfer of large files using applications such Teams, Outlook and Microsoft Edge.
Microsoft delivered a significant update to the MSI Installer (application installer) sub-system that will require application install level testing for a portion of your portfolio. Part of this update relates to how shell links are handled in the storage subsystem, which might cause redirected folders or shortcuts to behave unexpectedly during an installation — particularly on secure or locked-down configurations.
We suggest that installations, rollbacks, un-installations and UAC checks be validated this month. Checking for “zero” exit codes on the MSI Installer log is always a good start.
Windows lifecycle and enforcement updatesThis section contains important changes to servicing, significant feature depredations, and security related enforcements across the Windows desktop and server platforms.
- Enforcements: Microsoft Entra now requires TLS 1.2 (using the latest Microsoft cryptographic libraries) as defined by RFC5246. Microsoft has published several scripts to assist with assessing whether your clients are using the latest libraries and protocols (they’re found here).
- Lifecycle: General support for Microsoft SQL Server 2019 ends in January 2025. Given the large number of updates to this aging server, it might be time to upgrade.
Microsoft did not publish any mitigations or workarounds this month.
Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:
- Browsers (Microsoft IE and Edge).
- Microsoft Windows (both desktop and server).
- Microsoft Office.
- Microsoft Exchange Server.
- Microsoft Development platforms (ASP.NET Core, .NET Core and Chakra Core).
- Adobe (if you get this far).
Microsoft’s Edge browser no longer synchronizes exactly with Patch Tuesday; there were several updates to Microsoft’s version of the Chromium browser that address the following reported vulnerabilities:
- CVE-2024-41879: Adobe PDF Viewer (Gotcha!)
- CVE-2024-38208: Edge for Android updates.
- CVE-2024-38207: Microsoft MSHTML Memory Issues.
- CVE-2024-38210 and CVE-2024-38209: Microsoft Remote Code Execution.
Once we are done with the Microsoft updates, we can focus on these Chromium patches:
- CVE-2024-8636: Heap buffer overflow in Skia.
- CVE-2024-8637: Use after free in Media Router.
- CVE-2024-8638: Type Confusion in V8 (JavaScript).
- CVE-2024-8639: Use after free in Autofill.
After checking for compatibility or suitability challenges presented by these changes, we have not seen anything in the Edge or Chromium update that could affect most enterprise deployments. Add these browser updates to your standard release schedule.
Windows
Microsoft released two critical rated updates to the Windows platform (CVE-2024-38119 and CVE-2024-43491) and 43 patches rated important. The following Windows features have been updated:
- Windows Update and Installer.
- Windows Hyper-V.
- Windows Kernel and Graphics (GDI).
- Microsoft MSHTML and Mark of the Web.
- Remote Desktop (RDP) and TCP/IP subsystems.
The real concern is that three of these vulnerabilities (CVE-2024-38014, CVE-2024-38217, CVE-2024-43491 have been reported as exploited. In addition, another reported vulnerability in the Windows HTML subsystem (CVE-2024-38217) has been reported as publicly disclosed. Given these four zero-days, we recommend that you add these Windows updates to your Patch Now release schedule.
Microsoft OfficeMicrosoft addressed two critical vulnerabilities in the SharePoint platform (CVE-2024-38018 and CVE-2024-43464) that will require immediate attention. There are nine other updates rated important that affect Microsoft Office, Publisher and Visio. Unfortunately, CVE-2024-38226 (which affects Publisher) has been reported as exploited in the wild by Microsoft. If your application portfolio does not include Publisher (many don’t) then add these Microsoft updates to your standard patch release cycle.
Microsoft SQL (nee Exchange) ServerThis month brings a significantly larger update to the Microsoft SQL Server platform with 15 updates (all) rated as important. There are no reports of public disclosures or active exploits, and these patches cover the following broad vulnerabilities:
- Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability.
- Microsoft SQL Server Native Scoring Information Disclosure Vulnerability.
- Microsoft SQL Server Information Disclosure Vulnerability.
- Microsoft SQL Server Elevation of Privilege Vulnerability.
Though there will be a significant testing profile this month, affecting both server and desktop systems, we suggest you add these SQL Server patches to your standard release schedule.
Microsoft development platformsNo development tools or features (Microsoft Visual Studio or .NET) have been updated this month.
Adobe Reader (and other third-party updates)Things are a little different this month for Adobe Reader. Normally, Microsoft releases an Adobe Reader update to the Windows platforms. Not so, this month.
Adobe Reader has been updated (APSB24-70) but has not been included in the Microsoft release. This month’s Adobe Reader update addresses two critical memory-related security vulnerabilities and should be added to your standard app release cycle.
A new path for Kyber on the web
We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients. The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber. At the time, the NIST standardization process for Kyber had not yet finished.
Since then, the Kyber algorithm has been standardized with minor technical changes and renamed to the Module Lattice Key Encapsulation Mechanism (ML-KEM). We have implemented ML-KEM in Google’s cryptography library, BoringSSL, which allows for it to be deployed and utilized by services that depend on this library.
The changes to the final version of ML-KEM make it incompatible with the previously deployed version of Kyber. As a result, the codepoint in TLS for hybrid post-quantum key exchange is changing from 0x6399 for Kyber768+X25519, to 0x11EC for ML-KEM768+X25519. To handle this, we will be making the following changes in Chrome 1311:
- Chrome will switch from supporting Kyber to ML-KEM
- Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)
- The PostQuantumKeyAgreementEnabled flag and enterprise policy will apply to both Kyber and ML-KEM
- Chrome will no longer support hybrid Kyber (codepoint 0x6399)
Chrome will not support Kyber and ML-KEM at the same time. We made this decision for several reasons:
- Kyber was always experimental, so we think continuing to support it risks ossification on non-standard algorithms.
- Post-quantum cryptography is too big to be able to offer two post-quantum key share predictions at the same time.
- Server operators can temporarily support both algorithms at the same time to maintain post-quantum security with a broader set of clients, as they update over time.
We do not want to regress any clients’ post-quantum security, so we are waiting until Chrome 131 to make this change so that server operators have a chance to update their implementations.
Longer term, we hope to avoid the chicken-and-egg problem for post-quantum key share predictions through our emerging IETF draft for key share prediction. This allows servers to broadcast what algorithms they support in DNS, so that clients can predict a key share that a server is known to support. This avoids the risk of an extra round trip, which can be particularly costly when using large post-quantum algorithms.
We’re excited to continue to improve security for Chrome users, against both current and future computers.
Notes-
Chrome Canary, Dev, and Beta may see these changes prior to Chrome 131. ↩
Apple gets ready for app sideloading on EU iPads
Apple didn’t make a song and dance about it during this week’s iPhone 16 launch, but one other thing that’s about to change (at least in Europe) is that it will support third-party app stores with the release of iPad OS 18. (It already supports this on iPhones in the EU.
We knew this was coming.
European regulators decided Apple needed to open up its platform earlier this year when they imposed requirements in the Digital Markets Act (DMA). What we don’t yet know is the extent to which the move to open up iPads and iPhones to this kind of competition will leave European customers vulnerable to security and privacy attacks.
Changing the storyWe also don’t yet know whether every store that appears will be legitimate, or whether their security procedures will be as rock solid as those Apple provides.
In part, that’s because we can’t predict how stable those regimes will become, or the extent to which increasingly well-resourced hackers will identify and exploit vulnerabilities in third-party app shops. That’s the big experiment that’s really taking place here, and we won’t see the results of this regulatory dedication to market ‘liberalization’ for some time to come.
It’s hard to believe Apple is having a good time in Europe. The bloc just demanded $14 billion in tax from the company, and regulators seem resistant to giving Apple the transparency it needs before offering Apple Intelligence there.
Your private answerPrivacy is a core commitment to Apple. It works hard to protect it. And yet, the regulators say the company’s demand for transparency around how the DMA will be applied to these features in the EU shows how anti-competitive the company is.
That’s a stretch. Apple’s argument is predicated on the nature of the personal data its system can access on devices. That information is personal, and the company is committed to keeping it that way. This’s why Apple Intelligence is being developed as a super-private AI service you can use when you want to hold your data close.
If Apple finds itself forced to make that information available to third parties, then what will be the consequences on personal privacy? When you have a regulator who seems to think it’s a victory to play ‘Fortnite’ on her iPhone, then Apple would probably prefer to negotiate with someone possessed of more nuance. Sometimes things get worse before they get better.
Opening up…Context aside, the addition of iPads to the open market does expand the number of potential consumers third-party stores can approach.
However, it’s fair to say that developers have so far been pretty slow at taking Apple up on the terms under which it has so far offered to open up app store access. I suspect further compromise will be reached, but I also think Apple has the right to ensure its business is sustainable; I doubt critics will get a free ride, no matter how entitled to one they believe they are.
In the end, the big question around the matter never seems to be asked. No one yet has stuck their neck above the parapet to ask how much profit a business should legitimately make? It is amusing the extent to which business-backed political entities everywhere want to avoid defining an ethical approach to profit margins.
Perhaps they fear losing election contributions if they do.
Let the games beginNevertheless, the Great European App Store experiment is under way, and while the number of third-party stores that have appeared so far is limited, this may change. As well as Apple’s App Store, European iPhone and iPad users can now pick between Setapp Mobile, AltStore PAL, Aptoid, Mobivention, and the Epic Games Store. (Two of these are games stores, one a B2B white label app distro service, SetApp is an app subscription service, and Aptoid is an open-source friendly indie app store.)
From baby acorns, new trees grow. But the way I expect this to play out is that as the number of such stores grows, the sector will become more competitive, and then grow a bit until M&A action starts. Once the inevitable market consolidation does take place, it seems reasonable to expect we’ll end up with a couple of stores that have unique USPs, and two or three larger concerns, one of which may (or may not) be Apple’s App Store.
That’s assuming Apple’s concerns around platform security and third-party apps are never realized; if they are, consumers will flock to the only secure store they know. As of Monday, EU consumers on iPads as well as iPhone will be able to try their luck. Good luck with that.
Please follow me on LinkedIn, Mastodon, or join me in the AppleHolic’s bar & grill group on MeWe.
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
New brain-on-a-chip platform to deliver 460x efficiency boost for AI tasks
The Indian Institute of Science (IISc) has announced a breakthrough in artificial intelligence hardware by developing a brain-inspired neuromorphic computing platform. Capable of storing and processing data across 16,500 conductance states in a molecular film, this new platform represents a dramatic leap over traditional digital systems, which are limited to just two states (on and off).
Sreetosh Goswami, assistant professor at the Centre for Nano Science and Engineering (CeNSE), IISc, who led the research team that developed this platform, said that with this discovery, the team has been able to nail down several unsolved challenges that have been lingering in the field of neuromorphic computing for over a decade.
Decoding OpenAI’s o1 family of large language models
OpenAI said its project Strawberry has graduated to a new family of large language models (LLMs) that the company has christened OpenAI o1.
The new family of models, which also includes an o1-mini version for cost efficiency, according to the company, can be differentiated from the latest GPT-4o models basis their reasoning abilities.
“We’ve developed a new series of AI models designed to spend more time thinking before they respond. They can reason through complex tasks and solve harder problems than previous models in science, coding, and math,” the company wrote in a blog post, adding that the models were currently in preview.
According to OpenAI, the next model update performs similarly to PhD students on challenging benchmark tasks in physics, chemistry, and biology, and even excels in math and coding.
“In a qualifying exam for the International Mathematics Olympiad (IMO), GPT-4o correctly solved only 13% of problems, while the reasoning model scored 83%. Their coding abilities were evaluated in contests and reached the 89th percentile in Codeforces competitions,” it added.
The reasoning capabilities inside the OpenAI o1 models are expected to help tackle complex problems in the fields of science, coding, and mathematics among others, according to OpenAI.
“For example, o1 can be used by healthcare researchers to annotate cell sequencing data, by physicists to generate complicated mathematical formulas needed for quantum optics, and by developers in all fields to build and execute multi-step workflows,” it explained.
How do the models get reasoning capabilities?The new family of o1 models gets its reasoning capabilities from the company’s large-scale reinforcement learning algorithm that teaches the models how to think productively using its “Chain of Thought” mechanism in a “highly data-efficient training process.”
“We have found that the performance of o1 consistently improves with more reinforcement learning (train-time compute) and with more time spent thinking (test-time compute),” the company said in another blog post and highlighted that this approach has substantially different constraints when compared to LLM pretraining.
In the field of AI and generative AI, experts say that any model, during training time, tries to rearrange or modify its parameters depending on the training data it has been fed to reduce errors in an effort to increase accuracy.
In contrast, during testing time, developers and researchers expose the model to new data in order to measure its performance and how it adapts to new instances of data.
Therefore, in the case of the new models, the more time it spends analyzing and solving a problem, the more it learns resulting in the sharpening of its reasoning abilities.
This learning is activated by the model’s Chain of Thought algorithm that works similar to how a human may think for a long time before responding to a difficult question, often breaking the problem into smaller chunks.
Speaking about the models’ reasoning capabilities, Nvidia senior research manager Jim Fan, via a LinkedIn post, said that the world is finally seeing the paradigm of inference-time scaling popularized and deployed in production.
“You don’t need a huge model to perform reasoning. Lots of parameters are dedicated to memorizing facts, in order to perform well in benchmarks like trivia QA. It is possible to factor out reasoning from knowledge, i.e. a small ‘reasoning core’ that knows how to call tools like browsers and code verifiers. Pre-training compute may be decreased,” Fan explained.
Further, Fan said that OpenAI must have figured out the inference scaling law a long time ago, which academia is just recently discovering. However, he did point out that productionizing o1 is much harder than nailing the academic benchmarks and raised several questions.
“For reasoning problems in the wild, how (the model) to decide when to stop searching? What’s the reward function? Success criterion? When to call tools like code interpreter in the loop? How to factor in the compute cost of those CPU processes? Their research post didn’t share much.
OpenAI, too, in one of the blog posts has said that the new model, which is still in the early stages of development and is expected to undergo significant iteration, doesn’t yet have many of the features that make ChatGPT useful, such as browsing the web for information and uploading files and images.
“For many common cases GPT-4o will be more capable in the near term,” the company said.
OpenAI is hiding the reasoning tokensAlthough the new family of models has better reasoning, OpenAI is hiding the reasoning tokens or the Chain of Thought algorithm for the models.
While the company acknowledges that exposing the Chain of Thought algorithm could allow enterprises to understand how the models were functioning and if they were showing signs of manipulating a user, it has decided that it would not be helpful to open up a model’s unaligned Chain of Thought or reasoning tokens directly visible to its users.
Interfering with any unaligned Chain of Thought or reasoning tokens is counterintuitive to the model’s functioning, the company explained, adding that to exactly understand how the model is reasoning, it must have the freedom to express its thoughts in unaltered form.
This is why OpenAI cannot train any policy compliance or user preferences onto the Chain of Thought.
“We acknowledge this decision has disadvantages. We strive to partially make up for it by teaching the model to reproduce any useful ideas from the Chain of Thought in the answer,” it added.
British programmer Simon Wilson, who is the co-founder of the social conference directory Lanyrd and co-creator of the Django Web framework, in his blog post said he wasn’t happy with the OpenAI’s policy decision. “The idea that I can run a complex prompt and have key details of how that prompt was evaluated hidden from me feels like a big step backward,” he wrote.
Other limitations of the o1 modelAnother issue about the reasoning tokens that Wilson pointed out is that though reasoning tokens are not visible in the API response, they are still billed and counted as output tokens.
From a technical standpoint, this means that enterprises will have to increase their prompt budgets due to the reasoning tokens.
“Thanks to the importance of reasoning tokens — OpenAI suggests allocating a budget of around 25,000 of these for prompts that benefit from the new models — the output token allowance has been increased dramatically — to 32,768 for o1-preview and 65,536 for the supposedly smaller o1-mini,” Wilson wrote.
These output token allowances are an increase from the gpt-4o and gpt-4o-mini models, both of which currently have a 16,384 output token limit, the programmer added.
OpenAI is also advising enterprises to use retrieval-augmented generation (RAG) differently for the new models.
Unlike the usage of RAG presently where the advice is to potentially cram as many relevant documents as possible, OpenAI suggests that in the case of the new models, users should include only the most relevant information to prevent the model from overcomplicating its response, Wilson explained.
How to get the new o1 family of models?ChatGPT Plus and Team users will be able to access o1 models in ChatGPT starting Thursday.
Both o1-preview and o1-mini can be selected manually in the model picker, and at launch, weekly rate limits will be 30 messages for o1-preview and 50 for o1-mini, the company said, adding that it was working to increase those rates and enable ChatGPT to automatically choose the right model for a given prompt.
Alternatively, ChatGPT Enterprise and Edu users will get access to both models beginning next week. Open AI said that developers who qualify for API usage tier 5 can start prototyping with both models in the API starting Thursday with a rate limit of 20.
“We’re working to increase these limits after additional testing. The API for these models currently doesn’t include function calling, streaming, support for system messages, and other features,” the company said, adding that it was planning to bring o1-mini access to all ChatGPT Free users.
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft
TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud
Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
What North Korea’s infiltration into American IT says about hiring
American companies have unwittingly hired hundreds — maybe thousands — of North Korean workers for remote IT positions, according to the US Department of Justice, the FBI, the US State Department, and cybersecurity companies.
The sophisticated scheme, perpetrated by the North Korean government for years, partly funds that country’s weapons program in violation of US sanctions.
Agents working for the North Korean government use stolen identities of US citizens, create convincing resumes with generative AI (genAI) tools, and make AI-generated photos for their online profiles.
Using VPNs and proxy servers to mask their actual locations — and maintaining laptop farms run by US-based intermediaries to create the illusion of domestic IP addresses — the perpetrators use either Western-based employees for online video interviews or, less successfully, real-time deepfake videoconferencing tools. And they even offer up mailing addresses for receiving paychecks.
These North Korean government agents have landed positions at more than 300 US companies, including Fortune 500 corporations, major tech firms, cybersecurity consultant companies, and aerospace manufacturers.
US officials estimate that the scheme generates hundreds of millions of dollars annually for North Korea, directly funding its nuclear and ballistic missile programs, as well as espionage.
In addition to collecting the salaries, the North Korean government tasks these fake employees with stealing intellectual property (IP) and sensitive information and deploying malware in corporate networks that provides backdoors for future cyberattacks.
Mandiant (Google Cloud’s cybersecurity division) discovered a list of email addresses created as part of a big North Korean operation targeting US companies in June 2022. Some 80 or so of these addresses were used to apply for jobs at critical infrastructure organizations in the US. At the time, Mandiant said the operation was a way to raise money for espionage and IP theft; Mandiant analyst Michael Barnhart said North Korean IT workers were “everywhere.”
The number of North Korean agents seeking IT work in the US has increased in the past two years.
In May, an Arizona woman named Christina Chapman was arrested and accused of conspiring with North Korean “IT workers” Jiho Han, Chunji Jin, Haoran Xu, and others (all allegedly working for the North Korean Munitions Industry Department) to illegally land remote jobs with US companies. This one band of criminals allegedly used an online background check system to steal the identities of more than 60 people to generate nearly $7 million for the North Korean government at more than 300 US companies, including a car maker, a TV network, and a defense contractor.
Among her assigned tasks, Chapman maintained a PC farm of computers used to simulate a US location for all the “workers.” She also helped launder money paid as salaries (companies sent the paychecks to her home address).
The group even tried to get contractor positions at US Immigration and Customs Enforcement and the Federal Protective Services. (They failed because of those agencies’ fingerprinting requirements.) They did manage to land a job at the General Services Administration, but the “employee” was fired after the first meeting.
A Clearwater, FL IT security company called KnowBe4 hired a man named “Kyle” in July. But it turns out that the picture he posted on his LinkedIn account was a stock photo altered with AI. The company sent a work laptop to the address “Kyle” supplied, which was, in fact, a US-based collaborator. The “employee” tried to deploy malware on the company’s networks on his first day but was caught and fired.
“He was being open about strengths and weaknesses, and things he still needed to learn, career path ideas,” Stu Sjouwerman, founder and CEO of KnowBe4, told The Wall Street Journal. “This guy was a professional interviewee who had probably done this a hundred times.”
What the hiring of North Korean agents says about US hiringStatistically, it’s unlikely you or your company will hire North Korean agents. But knowing this can happen should raise questions about your corporate hiring practices and systems. Are they so inadequate that you could hire and employ someone who’s not who they say they are, does not have the experience they claim, does not live where they say they live, or who is illegal to hire?
The truth is that the world has changed, and hiring practices aren’t keeping up. Here’s what has changed, specifically, and what you should do to keep up:
- Remote work. Since the pandemic, remote work has been normalized. Along with this change, companies have also embraced remote interviews, hiring, and onboarding. A straightforward solution is to allow remote work, but build at least one in-person meeting into the hiring or onboarding process. Fly the would-be hire to your location and put them up in a hotel to sign the employment contract (this provides the added assurance of having their legal signature on file), or have them meet with a local representative where they are. Also: Protect access to work laptops or applications with biometrics and have them register those biometrics in person. That way, you’ll see that the applicant is who they say they are and that the ongoing work is really performed by the person you hired. You might also deploy a mobile device management solution to identify the location of provided laptops, tablets, or phones.
- Generative AI chatbots. One metric for gauging the communication skills of a prospective employee is to look at their resume and cover letter. But anyone can create such documents with flawless English using ChatGPT or some other chatbot. Clarity of communication in any written document tells you exactly nothing about the employee’s ability to communicate. Make a writing test part of the evaluation process, where the applicant can’t use AI help.
- Generative AI image tools. Thanks to widely available tools, anyone can create a profile picture that looks real. Never assume a photo shows what a person looks like. Physical characteristics shouldn’t play a part in the hiring anyway; headshots’ only role in hiring is to bias the hiring manager.
Some things haven’t changed. It’s always been a good idea to check references to ensure prospective employees have worked where they say they’ve worked and have gotten the education and certifications they say they’ve gotten.
Yes, malicious North Korean agents are out there trying to get a job at your company so they can funnel money to a despotic regime and hack your organization.
But the broader crisis is that, thanks to recent developments in technology, you might only truly know who you’re hiring if you modify your hiring approach.
Make sure you really know who you’re hiring and employing, and take the necessary steps now to be absolutely sure.
How to bring Google’s Pixel 9 Pro Fold multitasking magic to any Android device
After spending the past couple weeks living with Google’s new Pixel 9 Pro Fold — a.k.a. the second-gen Pixel Fold — I’ve got two big thoughts swimming around my murky man-noggin:
- Multitasking really is a whole new game on a device like this, and that opens the door to some incredibly interesting ways to get stuff done on the go.
- Part of that is undoubtedly tied to the phone’s folding form — but part of it is also a result of the Android-based software enhancements Google’s built into the gadget.
More than anything, that very last part keeps coming back to the forefront and making my brain say, “Hmmmmmmmm.”
We can talk all day about advantages related to one specific device, after all (and, erm, we did, earlier this week) — but especially with a phone like the Pixel 9 Pro Fold and its hefty $1,800 price tag, most people aren’t gonna end up with it inside their paws, purses, or pantaloons.
So what if there were a way to take at least some of the folding Pixel’s multitasking magic and make it available on other Android devices — more traditional phones without the Fold’s unusual (and unusually expensive) folding screen parts?
My friend, lemme tell ya: Such a slice of sorcery absotively exists — two such slices, in fact. They’re off-the-beaten-path advanced adjustments that’d only be possible here on Android. And they can be on your own personal phone this minute, if you know where to look.
[Psst: Love shortcuts? My Android Shortcut Supercourse will teach you tons of time-saving tricks for your phone. Sign up now for free!]
Prepare to be blown away.
Google Pixel 9 Pro Fold multitasking trick #1: The split-screen shortcutWe’ll start with the simpler of our two Pixel-9-Pro-Fold-inspired multitasking advantages, and that’s the newly Google-given ability to open two apps together in Android’s split-screen mode with a single tap.
Part of what makes the Fold so useful, y’see, is that splendid inner screen it sports and the way that added space serves as a canvas for viewing and even interacting with two apps side by side together at the same time.
Android’s split-screen interface, as seen on the inner display of a Pixel 9 Pro Fold phone.JR Raphael, IDG
With this new second-gen Pixel Fold model, Google’s upped the ante by adding in a new native feature that lets you save specific app pairings and then have a simple on-screen shortcut for launching ’em side by side anytime with one fast tap — without all the usual hunting, opening, and arranging effort.
In the Pixel 9 Pro Fold’s software, setting up such a feat is as simple as booping a newly added button inside Android’s Overview mode, right beneath any active app pairing you’ve opened:
A subtle but powerful button added into the Pixel 9 Pro Fold’s Overview interface.JR Raphael, IDG
All you’ve gotta do is tap that son of a gibbon, and bam: You get an easy-as-can-be icon right on your home screen for zipping back to that ready-to-roll pairing in the blink of an eye.
srcset="https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-app-pairs.webp?quality=50&strip=all 600w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-app-pairs.webp?resize=289%2C300&quality=50&strip=all 289w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-app-pairs.webp?resize=162%2C168&quality=50&strip=all 162w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-app-pairs.webp?resize=81%2C84&quality=50&strip=all 81w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-app-pairs.webp?resize=463%2C480&quality=50&strip=all 463w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-app-pairs.webp?resize=347%2C360&quality=50&strip=all 347w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-app-pairs.webp?resize=241%2C250&quality=50&strip=all 241w" width="600" height="622" sizes="(max-width: 600px) 100vw, 600px">One tap, and any app pair is present and ready — exactly as you like it.JR Raphael, IDG
It’s incredibly handy — and while you may not have the same amount of screen space as what the Pixel 9 Pro Fold provides, you’d better believe the same instant screen-splitting setup is also available for you on any reasonably recent Android phone.
The secret resides in a simple little app called, rather amusingly, Be Nice: A Tiny App Launcher. It’s free, open source, and ad-free, too, and it doesn’t require any permissions or collect any type of personal data. (Seriously — what more could you ask for?!)
And once you install the thing and set up whatever on-demand app pairs you want, you’ll probably never actively open it or think about it again.
Here’s all there is to getting your own custom Pixel-9-Pro-Fold-caliber app pair shortcut:
- Install Be Nice from the Play Store.
- Open it once, and tap the plus icon in the lower-right corner of its configuration interface.
- Tap “Select first app” and pick the first app that you want to show up in your pairing.
- Tap “Select second app” and pick the other app that you want to be included.
- If you want, you can increase the delay between the time when the first app opens and the second app appears. There’s really no need to mess with that, though.
- And if you want, you can adjust the text that’ll appear alongside the shortcut on your home screen as well as the style of the icon associated with it. But again, the defaults are perfectly fine.
- Tap “Create” once you’re finished and then confirm that you want to add your newly created shortcut onto your home screen.
JR Raphael, IDG
And that’s it: Once you head back to your home screen, you’ll see that snazzy new shortcut right then and there for easy ongoing access.
An instant app pair shortcut, as created by the independent Be Nice Android power tool.JR Raphael, IDG
And now, whenever you’re ready to work with those two specific apps together for desktop-like mobile multitasking, a fast tap of that fresh ‘n’ friendly new icon is all that’s required. How ’bout them apples?!
Just like on the Pixel 9 Pro Fold, you can launch any app pair in an instant — on any device.JR Raphael, IDG
It’s a powerful start for a smarter smartphone setup. Now, if you really want to take your Android multitasking to the next level, keep reading.
Google Pixel 9 Pro Fold multitasking trick #2: The on-demand taskbarThis second Pixel-9-Pro-Fold-inspired bit o’ multitasking magic is a little less simple — and a little more limited, too.
But if you’re using one of Google’s other Pixel phones — any ol’ Pixel, so long as it’s running 2022’s Android 13 operating system or higher — it’s already present on your phone and available for the taking. All you’ve gotta do is figure out how to find it.
And goodness gracious, it ain’t easy. This Android-exclusive productivity advantage is buried deep within Google’s Pixel software and something no mere mortal would ever encounter under ordinary circumstances.
But oh, is it ever worth the effort. It’s a way to add my absolute favorite folding Pixel feature onto whatever Pixel phone you’ve got in front of you. I’m talkin’ about the on-demand taskbar that pops up on the Pixel 9 Pro Fold whenever you swipe up gently from the bottom edge of the screen with the device in its unfolded state:
The Pixel 9 Pro Fold taskbar — a true productivity-boosting treasure.JR Raphael, IDG
That taskbar gives you a desktop-caliber dock for switching to any other app anytime, either via its customizable primary shortcut positions or via the instant access to your entire app drawer also built right into that interface. And better yet, in addition to opening any app without having to head back to your home screen, the taskbar makes it impossibly easy to switch yourself over to that Android split-screen setup we were just ogling — simply by pressing and holding any icon within the taskbar area and then dragging it up into the main area of your screen.
srcset="https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-taskbar.webp?quality=50&strip=all 600w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-taskbar.webp?resize=289%2C300&quality=50&strip=all 289w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-taskbar.webp?resize=162%2C168&quality=50&strip=all 162w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-taskbar.webp?resize=81%2C84&quality=50&strip=all 81w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-taskbar.webp?resize=463%2C480&quality=50&strip=all 463w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-taskbar.webp?resize=347%2C360&quality=50&strip=all 347w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-taskbar.webp?resize=241%2C250&quality=50&strip=all 241w" width="600" height="622" sizes="(max-width: 600px) 100vw, 600px">That Pixel 9 Pro Fold taskbar takes Android’s split-screen system to soaring new heights.JR Raphael, IDG
And here’s the buried Android treasure to beat all buried Android treasures: While the taskbar is officially limited to appearing only on large-sized devices like the Fold, with a quick tweak to a tucked-away area of your system settings, you can actually enable it on any Google Pixel phone this minute — without dropping a single dime on any fancy new hardware.
Now, fair warning: This does require some fairly advanced and ambitious Android spelunkin’ (to use the technical term). And, again, it’ll work only on Pixel phones, as other Android device-makers like Samsung haven’t opted to implement the same feature into their software setup.
What we’ve gotta do is employ a teensy bit of virtual voodoo to trick your Pixel into thinking it’s bigger than it actually is — ’cause, again, the software is set to show that taskbar element only when it’s running on a device of a certain size.
To do that, we need to dive deep into Android’s developer settings, which house all sorts of intimidating options that aren’t intended for average phone-usin’ folk to futz around with. There’s no risk to you or your phone, and as long as you follow these instructions exactly, it’s actually quite easy. (It’s also incredibly easy to undo, if you ever decide you aren’t into it and want to go back.) But we will be pokin’ around in an area of Android that’s meant mostly for developers, and if you veer off-course and mess with the wrong setting, you could absolutely make a mess.
So proceed only if you’re comfortable — and stick closely to the directions on this page. Capisce? Capisce.
Here we go:
1. First, we need to tell your Pixel that you want to even see Android’s advanced developer options in the first place:
- Head into your phone’s system settings (by swiping down twice from the top of the screen and then tapping the gear-shaped icon in the corner of the panel that comes up).
- Scroll down to the very bottom of the settings menu and select “About phone.”
- Scroll down to the very bottom of that screen and find the line labeled “Build number.”
- Tap your finger onto that line a bunch of times in a row until you see a prompt to enable developer mode on the device. (I swear it’ll work — this isn’t a wild goose chase!) You’ll probably have to put in your PIN, pattern, or passcode to proceed and confirm that you want to continue.
2. Now, with developer mode enabled, we’re ready to make the multitasking magic happen:
- Mosey your way back out to the main system settings menu and tap the search box at the top of the screen.
- Type the word smallest into the search prompt. That should reveal a developer option called “Smallest width.” Tap it!
- Tap “Smallest width” one more time, and in the prompt that comes up, first jot down the number that’s there to start — just in case you want to change it back later. Then change the value to 600 and tap “OK.”
JR Raphael, IDG
At this point, you should see all the text on your screen get smaller. This is an unavoidable side effect of this setup, since we’re tricking your Pixel into thinking its screen is larger than it actually is, but we’ll do some things to make it more palatable and easy on the eyes in a second.
First, let’s find that splendid multitasking taskbar, shall we? Provided you’re using the current Android gesture system and not the legacy three-button navigation approach, you should be able to swipe your finger up gently from the bottom of the screen to reveal that newly unleashed productivity beast:
srcset="https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-developer-settings.webp?quality=50&strip=all 750w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-developer-settings.webp?resize=300%2C294&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-developer-settings.webp?resize=710%2C697&quality=50&strip=all 710w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-developer-settings.webp?resize=171%2C168&quality=50&strip=all 171w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-developer-settings.webp?resize=86%2C84&quality=50&strip=all 86w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-developer-settings.webp?resize=489%2C480&quality=50&strip=all 489w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-developer-settings.webp?resize=367%2C360&quality=50&strip=all 367w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-developer-settings.webp?resize=255%2C250&quality=50&strip=all 255w" width="750" height="736" sizes="(max-width: 750px) 100vw, 750px">An on-demand Android taskbar — just like on the Pixel 9 Pro Fold.JR Raphael, IDG
Whee! And, just like on the Pixel 9 Pro Fold, you can now tap any app icon within that taskbar to switch to it, tap the app drawer icon at the left of the bar to access your complete list of installed apps from anywhere, and press and hold any icon and then drag it upward to bring the associated app into an instant split-screen setup.
srcset="https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-split-screen.webp?quality=50&strip=all 750w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-split-screen.webp?resize=289%2C300&quality=50&strip=all 289w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-split-screen.webp?resize=672%2C697&quality=50&strip=all 672w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-split-screen.webp?resize=162%2C168&quality=50&strip=all 162w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-split-screen.webp?resize=81%2C84&quality=50&strip=all 81w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-split-screen.webp?resize=463%2C480&quality=50&strip=all 463w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-split-screen.webp?resize=347%2C360&quality=50&strip=all 347w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-split-screen.webp?resize=241%2C250&quality=50&strip=all 241w" width="750" height="778" sizes="(max-width: 750px) 100vw, 750px">Simple Pixel-Fold-style screen-splitting, on any Android phone? Yes, please!JR Raphael, IDG
Not bad, right?!
So, back to that tiny text that’s come along with this adjustment — here’s the fix:
- Head back into your phone’s main settings menu.
- Tap “Display,” then select “Display size and text.”
- Place your finger on the slide beneath “Font size” and crank the sucker all the way over to the right.
That’ll make the text bigger and easier to read everywhere while still keeping that taskbar available whenever you want it.
srcset="https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-display-settings.webp?quality=50&strip=all 750w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-display-settings.webp?resize=300%2C294&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-display-settings.webp?resize=711%2C697&quality=50&strip=all 711w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-display-settings.webp?resize=171%2C168&quality=50&strip=all 171w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-display-settings.webp?resize=86%2C84&quality=50&strip=all 86w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-display-settings.webp?resize=490%2C480&quality=50&strip=all 490w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-display-settings.webp?resize=367%2C360&quality=50&strip=all 367w, https://b2b-contenthub.com/wp-content/uploads/2024/09/google-pixel-9-pro-fold-multitasking-taskbar-display-settings.webp?resize=255%2C250&quality=50&strip=all 255w" width="750" height="735" sizes="(max-width: 750px) 100vw, 750px">You can have your Pixel-Fold-inspired taskbar without having to squint.JR Raphael, IDG
All that’s left is to explore your newly enhanced Android environment and see whatcha think. You’ll probably notice other interesting changes sparked by this shift — like the ability to see six Android Quick Settings shortcuts instead of four when you swipe down once from the top of your screen and the presence of a more desktop-like tab interface within your Android Chrome browser.
Desktop-like browser tabs on an Android phone? Eeeenteresting. Very, very eeeeenteresting.JR Raphael, IDG
You might also notice the presence of multipaned interfaces in certain apps that allow you to see different bits of info on screen at the same time.
It’s up to you to decide if you appreciate or are annoyed by these adjustments. But now you know how to make it happen. And if you ever decide you aren’t thrilled with the overall package, all you’ve gotta do is (a) tap the “Reset settings” options within that same “Display size and text” menu and then (b) either change the “Smallest width” developer setting back to its original value or just turn off Android’s developer options entirely (via the toggle at the top of the “Developer options” menu, within the System section of your phone’s settings) to return to your standard Android setup.
The power’s in your hands — and that folding-Pixel-level multitasking magic is officially there and available for you, anytime you want to summon it.
Don’t let yourself miss an ounce of Pixel magic. Start my free Pixel Academy e-course to uncover all sorts of hidden wizardry built into your favorite Pixel phone!
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- …
- následující ›
- poslední »