Category Archives: Sufficiently Advanced Technology

Oh Joy

Time to add _optout to the name of every wifi router out there.

A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it shares Wi-Fi passwords with the user’s contacts.

Those contacts include their (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends.

But don’t worry!

Wi-Fi Sense doesn’t reveal the plaintext password.

Unless, of course, something goes wrong….

In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense.

(So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. …)

Posted in Sufficiently Advanced Technology | 1 Comment

Learning the Wrong Lesson from a Ripoff

Peter Himler draws the wrong conclusion from his bad experience with The F***ing Internet of Things — Adventures in Consumer Technology.

I soon learned that I had very few options in terms of service providers. The design of the Crestron system is quite complex, i.e., each system is programmed to the individual specs of the dealer and the dealer is the only one with the keys.

For my deep-pocketed and tech-luddite neighbors, this fact probably mattered little. If you have a $10-million dollar home, what’s tens of thousands of dollars? For us, however, it mattered.

Conversely, for the small group of local Crestron dealers, it’s a virtual bonanza.

Rather than conclude (as he does) that the makers of high-tech IOT-enabled products ought to remind their dealers to be less grasping, not to mention criminal, Himler should have concluded that we ought not to buy expensive (or mission-critical) products that have proprietary systems.

Open source, my friend, open source.

Posted in Sufficiently Advanced Technology | 1 Comment

Best Use Case for Apple Watch?

My phone was confiscated, but it was being held nearby. I was wearing an Apple Watch for product testing, and was able to send Lian a text message over the watch (the whole time we were held I was not allowed a phone call or any contact otherwise). I somehow doubt that this particular use case is one that Apple will promote, but it was the most compelling one I’ve found so far…

What happens after you’re arrested at a protest in New York. — Medium

Posted in Civil Liberties, Sufficiently Advanced Technology | 2 Comments

How to Fix a Nasty Android Phone Bug (esp on HTC M8)

You may have noticed in the last few days that some apps don’t work right on your android phone – they close as soon as you open them, or in the middle of using them. I had this problem with Handcent, and also with clicking on (most) articles on some (but not other) apps from online news sources. Many other apps are also closing unexpectedly. This is certainly a problem in my HTC One M8, and I gather it has hit some android tablets too.

The source of the problem is an update Google did to the “Android System WebView” app. Despite looking like an app, this is really part of the Android operating system: Google is moving to transition from having all Android updates come in Android version releases and spinning off parts that it update more quickly (and behind the back of the phone makers and cell phone companies) via the Play Store.

To solve the problem you must do 3 things:

  1. Turn off automatic app updates in the Play Store (unless they are off already). This will mean you’ll have to go in and accept updates by hand every day or two, but it’s worth it. Alternately, in Androd 5.x you can just find the “Android System WebView” app in the Play Store, then tap on the three dots in the upper right and make sure “Auto-update” is unchecked. This won’t change your global settings.
  2. Go to settings, App Manager, find the “Android System WebView” app, and uninstall the updates. This will revert the app to a working version. It might be insecure, but at least it will work.
  3. Do not accept offers to update the “Android System WebView” app (or if it does update repeat step 2), until there’s a version more recent than 42.0.2311.129 dated Apr 24, 2015, which is the bad one.

No word from Google yet when they will fix this. You’d think HTC would be on to them about it.

Posted in Android, Sufficiently Advanced Technology | 1 Comment

Take a Shelfie?

Take a pix of your books and get free e-books?

After years of reading and posting rants about DRM and format shifting Pete and Marius (’s founders) decided to do something about it… They built an app that let’s you get the eBook for free or at a huge discount if you own the paper copy. The app is called BitLit and it’s available for free on Android and iOS. They’ve made deals with over 200 publishers including O’Reilly and Packt, and there are over 30,000 titles that are eligible for free / discounted ebooks if you own the paperback. Here’s how it works: First you take a shelfie (yes, a picture of your shelf) and the app will identify all the books on your shelf — hurrah now you have a complete inventory of your library! But, you’ll also get a shortlist of any books you own that are eligible for free/cheap bundled eBooks. To claim a bundled eBook you just need to write your name onto the copyright page of the book and snap a photo using the app… a few seconds later you should get an email with a download link to the eBook in ePub, PDF, and mobi formats.

via User Friendly.

Should I do this? I’m gonna bet that basically none of my books qualify. Plus there are I’d guess about 70 shelves, each of which would have to be photographed in two parts. Plus some of the books are double-shelved, so you’d see only the outer row…but as those tend to be the cheap novels, they’re probably the ones most likely to have an e-copy (as opposed to the academic books). Plus I am suspicious of the “free/cheap” line — will this mostly be a way to market to me?

No, great idea, but until there are more the books available in the scheme I’m not sure I’ll bother.

Well, maybe one test shelf, just to see…

Posted in Readings, Sufficiently Advanced Technology | 3 Comments

Looking for a Good Student Note Topic?

I think this qualifies: FTDI Removes Driver From Windows Update That Bricked Cloned Chips (via Slashdot).

As Ars Technica explains:

Hardware hackers building interactive gadgets based on the Arduino microcontrollers are finding that a recent driver update that Microsoft deployed over Windows Update has bricked some of their hardware, leaving it inaccessible to most software both on Windows and Linux. This came to us via hardware hacking site Hack A Day.

The latest version of FTDI’s driver, released in August, contains some new language in its EULA and a feature that has caught people off-guard: it reprograms counterfeit chips rendering them largely unusable, and its license notes that:

Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT

The license is tucked away inside the driver files; normally nobody would ever see this unless they were explicitly looking for it.

The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it’s not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts.

Nice four-hander here: the rights of the end-user, the rights and duties of the vendor, the rights and liabilities of the legitimate parts maker, and the potential liabilities of Microsoft for serving up the malware-to-counterfeits via Windows Update.

Heck, it could be an article.

Update (10/28/14): Good semi-technical background info on this at Errata Security: The deal with the FTDI driver scandal.

Posted in Law: Internet Law, Student Note Topics, Sufficiently Advanced Technology | Leave a comment

Shellshock: It’s as if Flesh-Eating Bacteria Were Poised to Eat Your Server

arghAnd all your linux-embeded devices with any Internet access. From the sound of it, that’s about how bad the “shellshock” bug in Bash is:

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux, and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Another attack surface is OpenSSH through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.

— Slashdot, Remote Exploit Vulnerability Found In Bash.

Shellshock name spotted on Errata Security (good blog BTW), and the faithful INQ, which shares the cheerful fact that the NIST vulnerability database “rates the flaw 10 out of 10 in terms of severity.”

Update: It looks as if patching severs will be easy – mine is already done. The real problem will be patching devices with embedded linux. To achieve that the consumer needs (1) to know the device exists, is connected to the internet, and is under your control — all sometimes much less obvious than one might imagine; (2) the device has to be patchable; (3) there has to be a patch; (4) the consumer has to know where to go to get the patch; (5) the consumer has to be able to apply it.

Internet of Things considered dangerous?

Update2: This is a nice test for the Shell Shock / shellshock vulnerability:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If it returns something like

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

You are fine. But if it says,

this is a test

Then you have the bash bug.

Posted in Software, Sufficiently Advanced Technology | Leave a comment