Category Archives: Sufficiently Advanced Technology

Best Use Case for Apple Watch?

My phone was confiscated, but it was being held nearby. I was wearing an Apple Watch for product testing, and was able to send Lian a text message over the watch (the whole time we were held I was not allowed a phone call or any contact otherwise). I somehow doubt that this particular use case is one that Apple will promote, but it was the most compelling one I’ve found so far…

What happens after you’re arrested at a protest in New York. — Medium

Posted in Civil Liberties, Sufficiently Advanced Technology | 2 Comments

How to Fix a Nasty Android Phone Bug (esp on HTC M8)

You may have noticed in the last few days that some apps don’t work right on your android phone – they close as soon as you open them, or in the middle of using them. I had this problem with Handcent, and also with clicking on (most) articles on some (but not other) apps from online news sources. Many other apps are also closing unexpectedly. This is certainly a problem in my HTC One M8, and I gather it has hit some android tablets too.

The source of the problem is an update Google did to the “Android System WebView” app. Despite looking like an app, this is really part of the Android operating system: Google is moving to transition from having all Android updates come in Android version releases and spinning off parts that it update more quickly (and behind the back of the phone makers and cell phone companies) via the Play Store.

To solve the problem you must do 3 things:

  1. Turn off automatic app updates in the Play Store (unless they are off already). This will mean you’ll have to go in and accept updates by hand every day or two, but it’s worth it. Alternately, in Androd 5.x you can just find the “Android System WebView” app in the Play Store, then tap on the three dots in the upper right and make sure “Auto-update” is unchecked. This won’t change your global settings.
  2. Go to settings, App Manager, find the “Android System WebView” app, and uninstall the updates. This will revert the app to a working version. It might be insecure, but at least it will work.
  3. Do not accept offers to update the “Android System WebView” app (or if it does update repeat step 2), until there’s a version more recent than 42.0.2311.129 dated Apr 24, 2015, which is the bad one.

No word from Google yet when they will fix this. You’d think HTC would be on to them about it.

Posted in Android, Sufficiently Advanced Technology | 1 Comment

Take a Shelfie?

Take a pix of your books and get free e-books?

After years of reading and posting rants about DRM and format shifting Pete and Marius (bitlit.com’s founders) decided to do something about it… They built an app that let’s you get the eBook for free or at a huge discount if you own the paper copy. The app is called BitLit and it’s available for free on Android and iOS. They’ve made deals with over 200 publishers including O’Reilly and Packt, and there are over 30,000 titles that are eligible for free / discounted ebooks if you own the paperback. Here’s how it works: First you take a shelfie (yes, a picture of your shelf) and the app will identify all the books on your shelf — hurrah now you have a complete inventory of your library! But, you’ll also get a shortlist of any books you own that are eligible for free/cheap bundled eBooks. To claim a bundled eBook you just need to write your name onto the copyright page of the book and snap a photo using the app… a few seconds later you should get an email with a download link to the eBook in ePub, PDF, and mobi formats.

via User Friendly.

Should I do this? I’m gonna bet that basically none of my books qualify. Plus there are I’d guess about 70 shelves, each of which would have to be photographed in two parts. Plus some of the books are double-shelved, so you’d see only the outer row…but as those tend to be the cheap novels, they’re probably the ones most likely to have an e-copy (as opposed to the academic books). Plus I am suspicious of the “free/cheap” line — will this mostly be a way to market to me?

No, great idea, but until there are more the books available in the scheme I’m not sure I’ll bother.

Well, maybe one test shelf, just to see…

Posted in Readings, Sufficiently Advanced Technology | 3 Comments

Looking for a Good Student Note Topic?

I think this qualifies: FTDI Removes Driver From Windows Update That Bricked Cloned Chips (via Slashdot).

As Ars Technica explains:

Hardware hackers building interactive gadgets based on the Arduino microcontrollers are finding that a recent driver update that Microsoft deployed over Windows Update has bricked some of their hardware, leaving it inaccessible to most software both on Windows and Linux. This came to us via hardware hacking site Hack A Day.

The latest version of FTDI’s driver, released in August, contains some new language in its EULA and a feature that has caught people off-guard: it reprograms counterfeit chips rendering them largely unusable, and its license notes that:

Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT

The license is tucked away inside the driver files; normally nobody would ever see this unless they were explicitly looking for it.

The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it’s not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts.

Nice four-hander here: the rights of the end-user, the rights and duties of the vendor, the rights and liabilities of the legitimate parts maker, and the potential liabilities of Microsoft for serving up the malware-to-counterfeits via Windows Update.

Heck, it could be an article.

Update (10/28/14): Good semi-technical background info on this at Errata Security: The deal with the FTDI driver scandal.

Posted in Law: Internet Law, Student Note Topics, Sufficiently Advanced Technology | Leave a comment

Shellshock: It’s as if Flesh-Eating Bacteria Were Poised to Eat Your Server

arghAnd all your linux-embeded devices with any Internet access. From the sound of it, that’s about how bad the “shellshock” bug in Bash is:

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux, and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Another attack surface is OpenSSH through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.

— Slashdot, Remote Exploit Vulnerability Found In Bash.

Shellshock name spotted on Errata Security (good blog BTW), and the faithful INQ, which shares the cheerful fact that the NIST vulnerability database “rates the flaw 10 out of 10 in terms of severity.”

Update: It looks as if patching severs will be easy – mine is already done. The real problem will be patching devices with embedded linux. To achieve that the consumer needs (1) to know the device exists, is connected to the internet, and is under your control — all sometimes much less obvious than one might imagine; (2) the device has to be patchable; (3) there has to be a patch; (4) the consumer has to know where to go to get the patch; (5) the consumer has to be able to apply it.

Internet of Things considered dangerous?

Update2: This is a nice test for the Shell Shock / shellshock vulnerability:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If it returns something like

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

You are fine. But if it says,

vulnerable
this is a test

Then you have the bash bug.

Posted in Software, Sufficiently Advanced Technology | Leave a comment

I Would Never Lose My Sunglasses Again?

If these Tile bluetooth tell-your-phone where it last was things worked for Android, which they don’t, I would put one in my sunglasses case.

That said, they seem a bit pricey? $20/year/tracker?

I’d buy the stock if it were available, though.

(Wait a minute: the “use other people’s participation to track your lost stuff” aspect might be a real privacy nightmare once the government starts subpoenaing the records.)

Posted in Sufficiently Advanced Technology | Leave a comment

The Curious Case of Al Jazeera’s Absence From HTC Blinkfeed

TL/DR: Why is al Jazeera’s feed absent from HTC’s Blinkfeed? It’s a mystery.

After writing up my review of the HTC One (M8) the other day, I thought maybe I ought to give Blinkfeed a try.

For those of you who don’t have an HTC phone — and it’s a somewhat specialist taste if reports of declining market share are to believed — Blinkfeed is an HTC-curated/controlled news feed (now available to all Android users). It provides an elegant magazine-like interface made up of user-selected content from among the news sources provided by HTC, and also from one’s social media. Most of the major social media choices you would expect seem to be on the available list, but the provision of news sources is somewhat erratic. There is something from just about every part of the globe, but often not much; there are two wire services, and Huffington Post but no US newspapers. If the US choices are rather spotty in news, they are somewhat heavier in sports and entertainment and various other web-based frills. Many of the news feeds on offer seem rather heavy on gorgeous photos, particularly of landscapes and animals, which I think skews the content of the feed somewhat…although as my test is only a couple of days old it might also reflect that August is the silly season for many news media.

The good news is that Blinkfeed’s options include news from many regions in their home language, so I can get the French news is in French, which I like. And even though you get other languages by changing your “edition,” which isn’t totally intuitive, it’s possible to meld feeds from different languages, so I don’t have to have my US news in French just to get the French news in French.

The bad news is that Blinkfeed is a closed system: I can’t add an RSS feed of my choice, an option that would have made Blinkfeed actually useful.

But, at least, though I, there’s Al Jazeera. Given all the turmoil in the Middle East at present, I thought it would be useful part of my media diet. Except, at least for the last three days, there isn’t any Al Jazeera in my feed. And when I go to the al Jazeera button all it says is “NO CONTENT Pull down to refresh.” Swiping down just repeats the update/nothing-happens cycle.

A Google search got me nowhere. There are plenty of links in which HTC brags about all the content deals it has signed. (I’m guessing people pay HTC for the privilege of being in their sandbox, which is why it’s such an anemic little sandbox.) And even some about HTC adding al Jazeera. But there’s nothing I can find in which HTC says it has dropped al Jazeera.

So I called it in to HTC customer support. I’d had a very good experience with them the last time I called, and no good deed goes unpunished. The support guy I got was understandably skeptical at first. He had me remove everything else from my feed. He had me reboot the phone. No change. Finally he put me on hold for a long static-filled wait. When he came back he explained he’d “gone to the lab” and gotten one of their HTC One (M8) test models, and replicated my problem.

The good news: he now totally believed me.

The bad news: he didn’t have any better ideas than I did about what to do about it.

Apparently, there’s nothing on the HTC internal system about them dropping al Jazeera. No one on the floor at the help center had heard anything like that. So all he could suggest is that I call back tomorrow during regular business hours and ask to be escalated — apparently the escalation team doesn’t work late at night.

Maybe tomorrow I’ll find out if this is a case of broken RSS (or whatever) feed, or a case of political censorship. Right now it’s just a bug report.

Posted in Politics: International, Sufficiently Advanced Technology | 7 Comments