compression feature Archives

AppWizard

October 14, 2025

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

Recent findings reveal a vulnerability in Android devices from Google and Samsung that allows a sophisticated side-channel attack known as Pixnapping, enabling malicious actors to extract sensitive information such as two-factor authentication (2FA) codes and Google Maps timelines without user awareness. Pixnapping is a pixel-stealing framework that targets Android devices, circumventing browser protections and accessing data from non-browser applications like Google Authenticator. The attack exploits Android APIs and a hardware side-channel, allowing a malicious app to capture 2FA codes quickly. The study focused on devices running Android versions 13 to 16, with uncertainty regarding vulnerabilities in devices from other manufacturers. The attack can be executed by any Android app without special permissions, relying on user installation of the malicious app. It combines a previously disclosed vulnerability (GPU.zip) with Android's window blur API to leak rendering data. The attack manipulates the rendering pipeline to steal pixels from target apps. Three critical factors contribute to Android's susceptibility: the ability to send another app's activities to the rendering pipeline via intents, induce graphical operations on another app's pixels, and measure pixel color-dependent side effects from these operations. Google is tracking this issue as CVE-2025-48561, with a CVSS score of 5.5. Patches were released in the September 2025 Android Security Bulletin, but a workaround may re-enable Pixnapping. The vulnerability also allows attackers to determine installed applications on a device, bypassing restrictions from Android 11. Google has categorized this app list bypass as "won't fix."

Tech Optimizer

July 8, 2025

How TimescaleDB helped us scale analytics and reporting

At Cloudflare, PostgreSQL and ClickHouse are used as primary databases for transactional and analytical workloads. PostgreSQL is preferred for product development due to its speed, versatility, and reliability, with hundreds of instances running in various configurations. ClickHouse, introduced in 2017, allows ingestion of tens of millions of rows per second with millisecond-level query performance but comes with trade-offs. The Digital Experience Monitoring (DEX) product was developed with a focus on simplicity and rapid shipping, utilizing a team of three engineers and collaboration with other teams. DEX's initial launch included fleet status logs uploaded every two minutes and synthetic tests with usage caps, leading to a successful MVP launch ahead of schedule. The architecture included an HTTP API, PostgreSQL for storing configurations, and a React UI in the Cloudflare Dashboard. PostgreSQL was chosen for analytics due to its ability to handle structured logs, with a table created for device state logs lacking a primary key but optimized with unique and standard indexes for common queries. The UPSERT query was used for data insertion, and the order of columns in multicolumn indexes was optimized for performance. After launching DEX, the system scaled to 1,000 inserts per second, leading to performance degradation. Precomputed aggregates were implemented to improve query performance, resulting in up to a 1000x improvement. Table partitioning was considered but ultimately not pursued due to its manual management requirements. TimescaleDB was explored as an alternative to enhance query performance, offering features like automatic partition management, continuous aggregates, and compression. A side-by-side comparison with PostgreSQL showed significant performance improvements, particularly for longer time windows. TimescaleDB's integration allowed for efficient data retention and aggregation, simplifying the infrastructure. Following the success of DEX, other teams at Cloudflare began using TimescaleDB for analytics and reporting, consolidating data from various sources and managing high ingestion rates effectively by optimizing data handling techniques such as switching to COPY for bulk inserts and adjusting replication settings.

Winsage

March 11, 2025

Microsoft is adding image editing and compression to its Windows Share feature – and I couldn’t be happier

Microsoft has released a beta update for Windows 11 version 23H2 that enhances image editing and sharing capabilities. This update allows users to edit and compress images directly within the Windows Share interface, enabling cropping, adjusting, and filtering without the Snipping Tool. The feature is currently available in the beta version, but its future in subsequent updates is uncertain. This development aids users in managing file sizes when sharing larger images and may reduce reliance on third-party compression tools. Users have expressed satisfaction with the stability of version 23H2 compared to version 24H2.

Winsage

March 10, 2025

Windows 11’s built-in share tool is getting an image editor and compression feature

Microsoft is enhancing the system-wide sharing interface in Windows 11 by introducing image editing and compression tools. Users will be able to crop, rotate, highlight, draw, and compress images directly before sharing them. Recent updates have improved the share UI and integration with Windows Phone Link for easier file sharing between PCs and mobile devices. A new drop-down menu will appear at the top of the screen when a file is selected in File Explorer. The compression feature allows users to reduce the size of an image before uploading. The editing capabilities include options for cropping, rotating, marking up images, adjusting colors and brightness, and applying filters.

Winsage

March 8, 2025

This hidden Windows 11 Beta feature makes sharing images a breeze

Windows 11 23H2 Beta introduces an image sharing tool integrated into the Windows Share sheet, allowing users to edit images and compress them before sharing. This feature is still in development and may have inconsistencies or bugs.