Is your Pixel randomly shutting off Bluetooth? You’re not alone

My Pixel’s got the Bluetooth Bug Blues…

The Google Pixel has been a bit buggy after this month’s February update, and Google has identified a fix for one of the more noticeable ones: your Bluetooth randomly shutting itself off. Listed in the Pixel’s Product forum, community leaders say that a fix has been identified and that it will be pushed out in a coming release, hopefully alongside the March security update.

The issue that many Pixel users have experienced is an infrequent but nevertheless annoying disabling of Bluetooth without the user having gone anywhere near the settings. If you’re playing music through a Bluetooth speaker at the time, it’s easy to detect, but for most of us, you don’t find out until your phone keeps dinging for notifications and your wrists doesn’t, or when you get in the car and your tunes never start up.

Numerous users have been chiming up with this issue in the Pixel User Community, helping the Pixel team find the issue and identify a fix. There doesn’t seem to be much of a workaround while we wait for said fix to roll out, but it’s good to know that it’s not just us, and it will be fixed. Hopefully soon.

Google Pixel + Pixel XL

• Google Pixel and Pixel XL review
• Google Pixel XL review: A U.S. perspective
• Google Pixel FAQ: Should you upgrade?
• Pixel + Pixel XL specs
• Understanding Android 7.1 Nougat
• Join the discussion in the forums!

Google Store
Verizon

Verizon takes top spot in latest RootMetrics nationwide report

Another carrier report, another win for Verizon… but the gap is closing

T-Mobile’s been jumping up and down claiming it’s the best network now, pointing to an OpenSignal report in some of its most recent bragging. This week, we have another report from RootMetrics, which claims, as it has claimed for a while now, that Verizon is still top dog nationally in each of their six categories. So, who’s right? Who’s wrong? Who’s best? Who’s worst?

Well, like a lot of statistics and reports, it comes down to the method for collecting the data.

OpenSignal is crowd-sourced, meaning that they pull data from users where they can get them, and since most of the crowd on OpenSignal is in cities (like most of the nation’s populace), T-Mobile gets a better rating and a better report because T-Mobile performs better in metro areas than rural areas. RootMetrics isn’t crowd-sourced, but a more calculated analysis that balances rural and metro demographics more accurately.

So, in cities, T-Mobile has a bit better chance of working well, and if you’re a city-dweller, that’s great news for you. If you’re out in the sticks, those OpenSignal numbers aren’t going to be as accurate to you as the RootMetrics score. RootMetrics still puts Verizon in first place and AT&T as a close second.

Who’s the best? Well, that depends where you are.

Who’s the worst? Sprint.

Cloudbleed: What you need to know and what you need to do

Cloudflare has had a sizeable data leak. Here’s what that means for you.

On February 17, 2017, vulnerability researcher from Google’s Project Zero Tavis Ormandy stumbled across what looked like a really nasty data leak from Cloudflare, a web performance and security company. He quickly contacted the “right” people at Cloudflare and the situation was fixed in less than an hour.

Any data breach can be significant. Especially when a service has over one billion users. We’ll direct you to the Cloudflare incident report for the full details of what happened (warning: it’s pretty technical). In layman’s terms, data was leaked that was potentially sensitive. This data was available to anyone, even web spiders used by search engines. SSL keys were not leaked.

The Cloudflare features that used the affected HTML parser (email obfuscation, Server-side Excludes, and Automatic HTTPS Rewrites) were in use by a lot of companies. Most likely companies that you have online accounts with, This means your data may have been exposed.

Mobile Nations uses some of Cloudflare’s services. In fact, you’ll find us on the list floating around of sites potentially affected. We have verified that the affected services aren’t in use nor have ever been used on any Mobile Nations sites.

After investigation, the features behind #Cloudbleed (Email Obfuscation, SSE, HTTPS Rewrites) have never been active on @MobileNations sites

— Marcus Adolfsson (@madolfsson) February 24, 2017

We also received notice from Cloudflare about the leak and they had this to say:

Your domain is not one of the domains where we have discovered exposed data in any third party caches. The bug has been patched so it is no longer leaking data. However, we continue to work with these caches to review their records and help them purge any exposed data we find. If we discover any data leaked about your domains during this search, we will reach out to you directly and provide you full details of what we have found.

Look for a similar statement from other places you have an account with for information about your data that may have been exposed.

What should I do

Like most big security instances, we’ll never know the full details of what was and wasn’t leaked out. We can confirm that we aren’t using the services that were mentioned as vulnerable, but we don’t know how anything else on Cloudflare’s servers might have been affected. Every Cloudflare customer is in the same boat.

That means it’s time for you to get proactive.

Change the password for all of your online accounts

Yes, this sucks, but know what sucks more? Having someone get your details and have access to stuff you don’t want them to have access to. Use a password manager and let it make crazy passwords and remember them for you if you don’t have your own password management routine. If you haven’t used a password manager in the past but wanted to check one out, now is a perfect time.

More: Best password managers for Android

Now is also a good time to remember that you should be changing your passwords regularly, which makes a password manager a must if you have a lot of accounts.

Enable two-factor authentication on every account that has it available as an option

If you have two-factor authentication enabled, someone else with your login details still won’t be able to access your account. Two-factor authentication can also be a pain in the butt sometimes, but it’s the best way to protect yourself when a big data breach happens, like the one we’re seeing now.

Here are some resources on two-factor authentication.

• What you need to know about two-factor authentication
• How to set up two-factor authentication on your Google account
• Add a USB Security Key to your Google account
• Wireless security keys now work on Android
• Download Google Authenticator
• List of websites and whether or not they support 2FA.

Nothing we can do will prevent these kinds of data leaks. The important thing is what we can do to protect ourselves when they happen,

LG’s ultralight Gram laptops now available starting at $1,000

One of the most exciting things we saw at CES 2017 was LG’s 14-inch Gram laptop, particularly because of its lightweight design (2.3 pounds). Today, the company announced that the device is now available, along with the 13.3 and 15.6-inch versions. Regardless of which screen size you choose, they all feature Intel’s 7th-generation Kaby Lake processors and 1080p IPS displays. The cheapest model costs $1,000 and comes with a Core i5 CPU, 8GB RAM and 256GB of built-in storage, but it does lack a touchscreen. You can also get the 14-inch with these specs for $200 more.

In case you want to go all out, there’s a 15.6-inch Gram with a Core i7 processor, 16GB of memory and a 512GB solid-state drive. This top-of-the-line model is $1,700, or you can pay $500 less for a same-size unit with half the RAM and internal storage. If you’re interested, head to LG’s site and see which one of these Windows PCs makes the most sense for you.

Source: LG

The NBA hopes VR will expand its audience

This year’s NBA All-Star Weekend wasn’t just about the iconic Slam Dunk Contest or the riveting game between the best players from the Eastern and Western conferences. Yes, these were certainly the main attractions for attendees and viewers at home, but the event was also an opportunity for the NBA to showcase the ways in which technology will play a role in the future of the game. That future includes wearables, eSports and virtual reality, a medium whose immersive format the league says will help it reach wider audiences.

Last week, the NBA announced it had made its first original content for virtual reality headsets through a partnership with the Hollywood digital production company Digital Domain. The NBA VR app, available exclusively for Google Daydream, features on-demand episodes of a talk show called House of Legends, where former NBA players discuss moments from their careers as well as various pop culture topics. There are also 360-degree video tours of team arenas, player interviews and highlights.

NBA’s “House of Legends” show for Google Daydream

This is notable because until the launch of NBA VR, the league had only focused on making live games with NextVR, a company that develops broadcast tech for virtual reality events. Although the NBA did introduce a VR documentary titled Follow my Lead: The Story of the 2016 NBA Finals last year, the experience was created by Oculus, not the league itself. In the documentary, viewers got an immersive look at the championship series between the Cleveland Cavaliers and Golden State Warriors, narrated by actor Michael B. Jordan (Creed, Fruitvale Station, Friday Night Lights).

The NBA’s push into the VR’s live space kicked into high gear in 2015, when it streamed its first game of the season in 360-degree video. Today, the league is now livestreaming one game every week to Gear VR and Google Daydream via NextVR’s application. At first, the main caveat for fans was that to access the content they needed an NBA League Pass account, which isn’t exactly feasible since the service costs $200 per season. That said, the NBA recently added an à la carte option that lets users pay $7 per game if they want to watch it on their VR headset.

Neither the NBA nor NextVR was willing to disclose viewership numbers to Engadget; they only said they’ve received “tremendous positive” feedback from people tuning in to these 360-degree video streams. The benefit to watching this way over a traditional TV broadcast, the two companies say, is that it allows fans who may not be able to attend the arena to feel like they’re actually there. Jeff Marsilio, NBA VP of global media distribution, said being able to offer games in VR is particularly valuable for fans who don’t live in the US or can’t afford a front-row ticket.

Anytime you have technological advancements like that, where you can just create a more immersive experience for the game, I think that’s special.

Stephen Curry

“That’s why the courtside seat is such an iconic seat in all of entertainment,” Marsilio said. “With virtual reality, you can actually deliver something like that experience. You can make people feel closer to the action.” He claims there’s not any other medium that delivers on this kind of promise, but he cautions that it’s too early to tell if this will be successful for the NBA in the long run. The challenge, he said, is making sure fans are actually enjoying the content and that it doesn’t take away from simply enjoying the game.

As far as production goes, the setup isn’t much different from a TV broadcast. For a typical game, NextVR has seven to eight cameras around the NBA arena. They’re placed on the scorer’s table, behind the baskets, in the locker room hallways and floating mid-court. Through it all, there’s a producer choosing the best camera angles and cutting graphics that display stats, game clock, shot clock and other information you’d expect to see as you’re watching an NBA game.

Naturally, you also have announcers narrating the event. Their main goal is to guide you along the way and ensure that your head isn’t all over the place in the virtual arena. At the same time, though, NextVR wants you to have that freedom to explore whenever you want; that’s what makes this different than the 2D viewing experience you get from TV. Mark Rogondino, a sports broadcaster who now does games for NextVR’s NBA games, said the key part is knowing everyone is different; some people may want to keep their eyes on the ball whereas others may be more interested in what’s happening on the team benches.

When asked if watching in VR could end up distracting people from the game, Rogondino said he believes it’s more like peeling another layer for the viewer. “Did people feel it was distracting when the game, or whatever they were watching, went from black and white to color?” he asked. “All of a sudden they were like, ‘Oh my gosh, those flowers in the corner are so much more vivid than I ever thought they were.’ Then eventually, over time, you adjust to watching that and if you ever went to black and white you would think, ‘Oh my God. This is archaic.’”

There are some downsides to the tech, though. For one, don’t expect to watch games in high resolution with a VR headset, though that could change later on as VR production cameras improve. The other thing is, can your brain really handle a two-hour basketball game in 360-degree video? Everyone’s different, but personally I would prefer sitting on my couch and watching an NBA game on my big-screen TV. That’s not to say I don’t understand the benefits of the medium, such as making me feel as if I’m sitting courtside. It’s definitely a more immersive experience than what I can get from a TV.

In an interview during All-Star Weekend 2017, two-time NBA MVP Stephen Curry, of the Golden State Warriors, told Engadget that he hopes the league continues to experiment with VR and other tech like it. “From a fan standpoint, anytime you have technological advancements like that, where you can just create a more immersive experience for the game, ” he said. “I think that’s special.” Curry said he’s tried a number of undisclosed virtual reality projects and is always amazed at how he can step into “a whole new world.”

When it comes to experimenting with VR, the NBA is a step ahead of fellow major sports leagues like the NFL, MLB and MLS. But, if the medium starts to prove its worth among fans, don’t be surprised to see more of them follow in the NBA’s footsteps and start livestreaming their games to VR headsets all over the world. In fact, the NFL announced its first 360-degree video series for Daydream and YouTube a couple of months ago, so chances are it won’t be long before you can catch a Sunday night football game on some VR platform.

Marsilio said the NBA plans to keep learning as it goes and, most importantly, listen to feedback from fans on what works and what doesn’t. “I think we’ve got a ways to go before we really, truly fulfill [VR’s] potential,” he said. “And as the technology improves we want to make sure we’re improving with it, so that when it’s fully materialized and mature, we’re ready.”

The best password managers

By Joe Kissell

This post was done in partnership with The Wirecutter, a buyer’s guide to the best technology. When readers choose to buy The Wirecutter’s independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here.

If you’re not using a password manager, start now. As we wrote in Password Managers Are for Everyone—Including You, a password manager makes you less vulnerable online by generating strong random passwords, syncing them securely across your browsers and devices so they’re easily accessible everywhere, and filling them in automatically when needed. After 15 hours of research and testing, we believe that LastPass is the best password manager for most people. It has all the essential features plus some handy extras, it works with virtually any browser on any device, and most of its features are free.

Who should get this

Everyone should use a password manager. The things that make strong passwords strong—length, uniqueness, variety of characters—make them difficult to remember, so most people reuse a few easy-to-remember passwords everywhere they go online. But reusing passwords is dangerous: If just one site suffers a security breach, an attacker could access your entire digital life: email, cloud storage, bank accounts, social media, dating sites, and more. And if your reused password is weak, the problem is that much worse, because someone could guess your password even if there isn’t a security breach.

If you have more than a handful of online accounts—and almost everyone does—you need a good password manager. It enables you to easily ensure that each password is both unique and strong, and it saves you the bother of looking up, remembering, typing, or even copying and pasting your passwords when you need them. If you don’t already use a password manager, you should get one, and LastPass is a fabulous overall choice for most users.

How we picked and tested

Although I’d already spent countless hours testing password managers in the course of writing my book Take Control of Your Passwords, for this article I redid most of the research and testing from scratch, because apps in this category change constantly—and often dramatically.

I looked for tools that do their job as efficiently as possible without being intrusive or annoying. A password manager should disappear until you need it, do its thing quickly and with minimum interaction, and require as little thought as possible (even when switching browsers or platforms). And the barrier to entry should be low enough—in terms of both cost and simplicity—for nearly anyone to get up to speed quickly.

I began by ruling out the password autofill features built into browsers like Chrome and Firefox—although they’re better than nothing, they tend to be less secure than stand-alone apps, and they provide no way to use your stored passwords with other browsers.

Next I looked for apps that support all the major platforms and browsers. If you use only one or two platforms or browsers, support for the others may be irrelevant to you, but broad compatibility is still a good sign. This means, ideally, support for the four biggest platforms—Windows, macOS, iOS, and Android—as well as desktop browser integration with at least Chrome and Firefox, plus Safari on macOS.

I excluded apps that force you to copy and paste passwords into your browser rather than offering a browser extension that lets you click a button or use a keystroke to fill in your credentials. And, because most of us use more than one computing device, the capability to sync passwords securely across those devices is essential.

After narrowing down the options, I tested eight finalists: 1Password, Dashlane, Enpass, Keeper, LastPass, LogmeOnce, RoboForm, and Sticky Password.

I tested for usability by doing a number of spot checks to verify that the features described in the apps’ marketing materials matched what I saw in real life. I set up a simple set of test forms on my own server that enabled me to evaluate how each app performed basic tasks such as capturing manually entered usernames and passwords, filling in those credentials on demand, and dealing with contact and credit card data.

If my initial experiences with an app were good, I also tried that app with as many additional platforms and browsers as I could in order to form a more complete picture of its capabilities. I did portions of my testing on macOS 10.12, Windows 10, Chromium OS (as a stand-in for Chrome OS), iOS 10, Apple Watch, and Android.

Our pick

You can access LastPass in a browser extension, on the Web, or in a stand-alone app.

Before I get to what’s great about LastPass, a word of context: LastPass, Dashlane, and 1Password are significantly better than the rest of the field. I suspect most people would be equally happy with any of them. What tipped the scales in favor of LastPass was the company’s announcement on November 2, 2016, that it was making cross-device syncing (formerly a paid feature) available for free. Although there’s still a Premium subscription that adds important features (more on that in our full guide), this change makes LastPass a no-brainer for anyone who hasn’t yet started using a password manager. Even its $12/year premium tier is much cheaper than 1Password or Dashlane’s paid options.

LastPass has the broadest platform support of any password manager I saw. Its autofill feature is flexible and nicely designed. You can securely share selected passwords with other people; there’s also an Emergency Access feature that lets you give a loved one or other trusted person access to your data. An Automatic Password Change feature works on many sites to let you change many passwords with one click, and a Security Challenge alerts you to passwords that are weak, old, or duplicates, or that go with sites that have suffered data breaches.

LastPass works on macOS, Windows, iOS, Android, Chrome OS, Linux, Firefox OS, Firefox Mobile, Windows RT, Windows Phone—even Apple Watch and Android Wear smartwatches. (Sorry, no BlackBerry, Palm, or Symbian support.) It’s available as a browser extension for Chrome, Firefox, Safari, Internet Explorer, and Microsoft Edge, and it has desktop and mobile apps for various platforms.

Upgrade pick for Apple users

1Password offers Mac and iOS users features not found in LastPass, plus a more-polished interface.

If you’re a Mac, iPhone, and/or iPad user with a few extra bucks, and you’d like even more bells and whistles in your password manager, 1Password is well worth a look. 1Password has a more polished and convenient user interface than either LastPass or Dashlane. It’s also a little faster at most tasks; it has a local storage option if you don’t trust your passwords to the cloud; it gives you more options than LastPass for working with attached files; and it can auto-generate one-time tokens for many sites that use two-step verification—LastPass requires a separate app for this. 1Password is, however, more expensive than LastPass and doesn’t work on as many platforms: Windows and Chromebook users, especially, are better off with LastPass.

This guide may have been updated by The Wirecutter. To see the current recommendation, please go here.

Note from The Wirecutter: When readers choose to buy our independently chosen editorial picks, we may earn affiliate commissions that support our work.

Investors and employees aren’t buying Uber’s sexism ‘probe’

Nobody was terribly surprised by revelations from former engineer Susan Fowler about a sexist, bro-centric Uber culture that protects “high performer” employees. And many folks aren’t impressed by CEO Travis Kalanick’s investigation into the matter by company lawyer Eric Holder and board member Arianna Huffington. During a secretly recorded meeting with Kalanick and more than 100 female engineers (obtained by Buzzfeed), employees said they don’t need Holder to tell them sexual harassment problems at the company are “systemic.”

Investors and Silicon Valley legends Mitch Kapor and Freada Kapor Klein also slammed Kalanick’s investigation. “We are disappointed to see that Uber has selected a team of insiders to investigate its destructive culture and make recommendations for change,” they wrote in a blog post. “To us, this decision is yet another example of Uber’s continued unwillingness to be open, transparent and direct.”

In Fowler’s explosive post, she described how Uber’s HR department ignored her sexual harassment complaints because her boss was a “high performer.” She later learned that he had done the same thing to other female engineers even though she was told it was his “first offense.”

Managers also blocked employees transfers for her and other employees, often despite perfect performance reports. In one particularly petty incident, six female employees were denied team leather jackets because it wouldn’t have been “cost effective,” even though more than 120 male engineers got them (Uber has been valued as high as $66 billion).

We are disappointed to see that Uber has selected a team of insiders to investigate its destructive culture and make recommendations for change. To us, this decision is yet another example of Uber’s continued unwillingness to be open, transparent and direct.

During the meeting, Kalanick seemed emotional as he spoke with the women engineers. “There are a lot of people in this room who have experienced things that are incredibly unjust,” he said in the recording. “I want to root out the injustice. I want to get at the people who are making this place a bad place.”

However, employees from the “Lady Eng” group told Kalanick that an investigation won’t tell them anything they don’t already know. “Everyone who’s in these rooms now believes that there is a systemic problem here. We wouldn’t be here if we didn’t,” said one. “I do not think we need [Eric Holder’s] help in admitting to ourselves as a company that we have a systemic problem.”

Describing the company culture as “toxic,” the Kapors added that “Uber has been here many times before, responding to public exposure of bad behavior by holding an all-hands meeting, apologizing and vowing to change, only to quickly return to aggressive business as usual.” A scathing New York Times report from Wednesday backs that up, describing one incident in which a manager groped a female employee’s breasts at a Las Vegas retreat.

It didn’t have to get to this. Please see @mkapor and my open letter to the @Uber board and investors https://t.co/6eG08Hgc5B

— Freada Klein (@TheRealFreada) February 23, 2017

Holder told Buzzfeed that “I will put my personal reputation behind everything that I say,” and that Uber should be “prepared for me to simply look at the facts as they are.” In a similar vein, Huffington said “I view it as my responsibility to hold the leadership team’s feet to the fire on this issue.”

However, Kapor said that as a board member, Huffington is “deeply invested in the company weathering the PR crisis.” He added that Holder has been working on behalf of Uber since at least June, so couldn’t be considered as a partial outsider, either. “This group is not set up to come up with an accurate analysis of the culture and a tough set of recommendations.”

Source: Buzzfeed, Shift.Newco

‘RollerCoaster Tycoon’ finally goes 3D on mobile

With RollerCoaster Tycoon Touch, the beloved amusement park building series is moving beyond dated 2D graphics and into the modern world. It’s strange to say this in 2017, but it’s the first mobile version of the game to take advantage of 3D graphics. It’s a major leap ahead of 2014’s RollerCoaster Tycoon 4 Mobile and RollerCoaster Tycoon Classic, a rehash of the series’ first two games released in December. The free-to-play title is available on iOS and Android, and you can bet there will be plenty of micro-transactions.

Beyond the graphics, it doesn’t seem like much is changing gameplay-wise. You’re still aiming to put together an impressive theme park to keep audiences happy, and you can build your own rollercoasters from scratch. Atari says there will be over 100 attractions to add to your parks, and you can also quickly share your creations with friends (with the ultimate goal of making them download the game, of course).

Source: Atari

Everything you don’t want to know about the Nintendo Switch

Being a Nintendo fan is often an exercise in managing expectations. For years, we’ve watched the company just miss the mark with online services, third-party game availability and outdated hardware specifications. The frustration of seeing a company you like make so many odd decisions can wear you down. Now, Nintendo is about to release a new game console, and as always, it’s far from perfect. For the most loyal Nintendo fans, these imperfections can evoke one of two responses: anger that the company has failed to live up to their expectations, or denial that the company is doing anything wrong at all. That’s no way to live. Instead, let’s skip the first four stages of grief and embrace the Nintendo Switch’s faults with acceptance. This is everything the Nintendo Switch is doing wrong at launch (so far).

It does almost nothing out of the box

If you bought a Nintendo Wii, Wii U or any of the company’s portable 3DS systems, you had something to play right away. Wii Sports, Nintendo Land and the 3DS’ AR games served as ambassadors to the new consoles, using games as a medium to teach new owners everything they needed to know about their new hardware. These were fun, contained experiences that added value to every console sold. The Nintendo Switch has nothing like that. According to early previews, leaks and reports, all a new Switch owner can do without buying a game is navigate a few menus, change the user interface’s theme and make Nintendo Mii avatars — and even that meager experience is hidden in the console’s settings menu.

There’s no backward compatibility

If previous Nintendo consoles had sold without a Wii Sports-like bundled game, at least new buyers would have their old game library to fall back on. Not so with the Nintendo Switch: The hybrid handheld is the first Nintendo console since the Gamecube that doesn’t support software from the previous generation. This may be a necessary limitation due to the Switch’s new game format (and indeed, a standard in this console generation), but it’s an absolute bummer nonetheless.

You’ll have to wait for Virtual Console games

A day-one update will give the Switch access to the Nintendo eShop, but you won’t find any of the company’s classic titles available for purchase. New Switch owners will be able to buy a new Shovel Knight game, an F-Zero inspired indie racer and all of the digital retail games they could ask for, but Nintendo has confirmed that the hybrid system’s Virtual Console offerings won’t be available on launch day. There’s no word on how long the wait will be, either — but at least we know when they do get here, they’ll have some extra features.

Not enough internal storage

If you’re planning to buy most of your games digitally, you’d better invest in a microSD card. The Nintendo Switch comes with just 32GB of internal storage, and 6.1GB of that is reserved for the console’s operating system. That leaves just 25.9GB of space for games. That’s enough to download a couple of the game’s launch titles, including The Legend of Zelda: Breath of the Wild and I am Setsuna, but not enough for everything. In fact, at least one game is too big for the console: Dragon Quest Heroes I and II will take up 32GB of storage, outstretching the limits of the Switch’s free space. Most Switch owners will either need to expand the console’s storage or buy most of their games in cartridge format.

Your wireless headphones won’t work

The Nintendo Switch is the company’s first console to offer online voice chat, but you may have to be physically tethered to the console to use it. The Switch’s settings menu offers no way to connect a Bluetooth headset to the device, and there’s no analog jack on any of the console’s controllers, either. The tablet portion of the console itself does have an audio jack, but using it from the couch in TV mode would require a very long headphone cable. Nintendo has stated that a companion smartphone app will allow players to access voice chat from a personal device, which could open the door for game and chat audio to be piped over your phone’s Bluetooth or audio jack, but that’s a potentially complicated solution to an otherwise straightforward problem.

The included Joy-Con grip won’t charge your controllers

The Nintendo Switch is primarily controlled by two detachable, wireless controllers called Joy-cons, and the system comes with a handy controller grip to lock them into for comfortable couch play. That’s awesome! Unfortunately, it’s impossible to charge the Switch’s controllers while using them with the included grip. The only way to charge the controllers out of the box is to attach them directly to the Switch tablet, making it impossible to play games in TV mode if the batteries are dead. Nintendo will sell a separate, nearly identical controller grip that will charge the Joy-Cons while you play, but it costs an extra $30.

Accessories don’t come cheap

In fact, all of the Nintendo Switch’s accessories are kind of expensive. An extra pair of Joy-Con controllers costs a $80 for a pair or $50 for just one. If you want an extra TV dock for the study, it’ll set you back a steep $90. Even the $70 Nintendo Switch Pro controller is a bit pricey compared to the PlayStation 4 and Xbox One gamepads, which sell for $60 apiece.

The Nintendo Switch is going to hit stores with a ton of flaws — the growing pains of a new console’s first year. It will take time for Nintendo to iron out the machine’s faults with software updates, and longer still for the Switch’s game library to fill out with enough titles to justify the investment for early adopters. And that’s okay. Most of us are fans of products, brands and franchises in spite of their flaws, not because we’re under the illusion they’re perfect. The Switch’s failings aren’t going to stop me, or thousands of other gamers from picking it up on day one. After all, being a Nintendo fan is all about managing expectations.

Cloudflare Bug That Leaked Sensitive User Data From Various Websites and Apps Now Fixed

Content delivery network Cloudflare has confirmed the existence of a bug that caused search engines to cache sensitive user data from a variety of well-known apps and websites. Google researcher Tavis Ormandy discovered and reported the bug to Cloudflare, and the company has since fixed the bug and published a detailed blog post about exactly what happened.

According to Cloudflare, the period of greatest impact for the “parser bug” ran from February 13 to February 18, although the extent of the leak stretches back months. The heart of the issue was a security problem with Cloudflare edge servers, which were returning corrupted web pages by some HTTP requests running on Cloudflare’s large network.

In what the company referred to as “some unusual circumstances,” occasionally private information was returned as well, including “HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data.”

It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.

The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.

As shared in a tweet by Ormandy this week, that data also included private dating site messages from OKCupid, full messages from a “well-known chat service,” passwords from password managing apps like 1Password, and more (via Fortune). In response, some companies — like 1Password — have published blog posts confirming that “no 1Password data is put at any risk through the bug reported about CloudFlare.”

To expedite a solution, Cloudflare responded to Ormandy’s discovery and turned off three minor features of the network — email obfuscation, Server-side Excludes, and Automatic HTTPS Rewrites — discovered to be using the same HTML parser chain “that was causing the leakage.”

In its blog post, the company said that it has “not discovered any evidence of malicious exploits” in relation to the time that the parser bug was active. It also noted that, while serious, the scale of the bug was still relatively low: around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulted in memory leakage. “That’s about 0.00003% of requests,” the company noted.

Cloudflare worked with the affected search engines, including Google, Yahoo, and Bing, to erase any remnants of the sensitive data from their caches. The company’s chief technology officer, John Graham-Cumming, concluded the blog saying, “We are very grateful to our colleagues at Google for contacting us about the problem and working closely with us through its resolution. All of which occurred without any reports that outside parties had identified the issue or exploited it.”

Earlier this week, it was reported that Apple cut ties with server supplier Super Micro Computer in order to avoid a potential future scenario where user data might be put at risk, similar to Cloudflare’s leak. Early in 2016, Apple was said to have discovered a potential security vulnerability in one of Super Micro Computer’s data center servers and effectively ended its business relationship with the network company shortly thereafter.

For a technical dive into Cloudflare’s parser bug and its origins, check out the company’s blog post.

Tag: CloudFlare
Discuss this article in our forums