Category Archives: Sufficiently Advanced Technology

Best Use Case for Apple Watch?

My phone was confiscated, but it was being held nearby. I was wearing an Apple Watch for product testing, and was able to send Lian a text message over the watch (the whole time we were held I was not allowed a phone call or any contact otherwise). I somehow doubt that this particular use case is one that Apple will promote, but it was the most compelling one I’ve found so far…

What happens after you’re arrested at a protest in New York. — Medium

Posted in Civil Liberties, Sufficiently Advanced Technology | 2 Comments

How to Fix a Nasty Android Phone Bug (esp on HTC M8)

You may have noticed in the last few days that some apps don’t work right on your android phone – they close as soon as you open them, or in the middle of using them. I had this problem with Handcent, and also with clicking on (most) articles on some (but not other) apps from online news sources. Many other apps are also closing unexpectedly. This is certainly a problem in my HTC One M8, and I gather it has hit some android tablets too.

The source of the problem is an update Google did to the “Android System WebView” app. Despite looking like an app, this is really part of the Android operating system: Google is moving to transition from having all Android updates come in Android version releases and spinning off parts that it update more quickly (and behind the back of the phone makers and cell phone companies) via the Play Store.

To solve the problem you must do 3 things:

  1. Turn off automatic app updates in the Play Store (unless they are off already). This will mean you’ll have to go in and accept updates by hand every day or two, but it’s worth it. Alternately, in Androd 5.x you can just find the “Android System WebView” app in the Play Store, then tap on the three dots in the upper right and make sure “Auto-update” is unchecked. This won’t change your global settings.
  2. Go to settings, App Manager, find the “Android System WebView” app, and uninstall the updates. This will revert the app to a working version. It might be insecure, but at least it will work.
  3. Do not accept offers to update the “Android System WebView” app (or if it does update repeat step 2), until there’s a version more recent than 42.0.2311.129 dated Apr 24, 2015, which is the bad one.

No word from Google yet when they will fix this. You’d think HTC would be on to them about it.

Posted in Android, Sufficiently Advanced Technology | 7 Comments

Take a Shelfie?

Take a pix of your books and get free e-books?

After years of reading and posting rants about DRM and format shifting Pete and Marius (’s founders) decided to do something about it… They built an app that let’s you get the eBook for free or at a huge discount if you own the paper copy. The app is called BitLit and it’s available for free on Android and iOS. They’ve made deals with over 200 publishers including O’Reilly and Packt, and there are over 30,000 titles that are eligible for free / discounted ebooks if you own the paperback. Here’s how it works: First you take a shelfie (yes, a picture of your shelf) and the app will identify all the books on your shelf — hurrah now you have a complete inventory of your library! But, you’ll also get a shortlist of any books you own that are eligible for free/cheap bundled eBooks. To claim a bundled eBook you just need to write your name onto the copyright page of the book and snap a photo using the app… a few seconds later you should get an email with a download link to the eBook in ePub, PDF, and mobi formats.

via User Friendly.

Should I do this? I’m gonna bet that basically none of my books qualify. Plus there are I’d guess about 70 shelves, each of which would have to be photographed in two parts. Plus some of the books are double-shelved, so you’d see only the outer row…but as those tend to be the cheap novels, they’re probably the ones most likely to have an e-copy (as opposed to the academic books). Plus I am suspicious of the “free/cheap” line — will this mostly be a way to market to me?

No, great idea, but until there are more the books available in the scheme I’m not sure I’ll bother.

Well, maybe one test shelf, just to see…

Posted in Readings, Sufficiently Advanced Technology | 3 Comments

Looking for a Good Student Note Topic?

I think this qualifies: FTDI Removes Driver From Windows Update That Bricked Cloned Chips (via Slashdot).

As Ars Technica explains:

Hardware hackers building interactive gadgets based on the Arduino microcontrollers are finding that a recent driver update that Microsoft deployed over Windows Update has bricked some of their hardware, leaving it inaccessible to most software both on Windows and Linux. This came to us via hardware hacking site Hack A Day.

The latest version of FTDI’s driver, released in August, contains some new language in its EULA and a feature that has caught people off-guard: it reprograms counterfeit chips rendering them largely unusable, and its license notes that:

Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT

The license is tucked away inside the driver files; normally nobody would ever see this unless they were explicitly looking for it.

The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it’s not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts.

Nice four-hander here: the rights of the end-user, the rights and duties of the vendor, the rights and liabilities of the legitimate parts maker, and the potential liabilities of Microsoft for serving up the malware-to-counterfeits via Windows Update.

Heck, it could be an article.

Update (10/28/14): Good semi-technical background info on this at Errata Security: The deal with the FTDI driver scandal.

Posted in Law: Internet Law, Student Note Topics, Sufficiently Advanced Technology | Leave a comment

Shellshock: It’s as if Flesh-Eating Bacteria Were Poised to Eat Your Server

arghAnd all your linux-embeded devices with any Internet access. From the sound of it, that’s about how bad the “shellshock” bug in Bash is:

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux, and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Another attack surface is OpenSSH through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.

— Slashdot, Remote Exploit Vulnerability Found In Bash.

Shellshock name spotted on Errata Security (good blog BTW), and the faithful INQ, which shares the cheerful fact that the NIST vulnerability database “rates the flaw 10 out of 10 in terms of severity.”

Update: It looks as if patching severs will be easy – mine is already done. The real problem will be patching devices with embedded linux. To achieve that the consumer needs (1) to know the device exists, is connected to the internet, and is under your control — all sometimes much less obvious than one might imagine; (2) the device has to be patchable; (3) there has to be a patch; (4) the consumer has to know where to go to get the patch; (5) the consumer has to be able to apply it.

Internet of Things considered dangerous?

Update2: This is a nice test for the Shell Shock / shellshock vulnerability:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If it returns something like

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

You are fine. But if it says,

this is a test

Then you have the bash bug.

Posted in Software, Sufficiently Advanced Technology | Leave a comment

I Would Never Lose My Sunglasses Again?

If these Tile bluetooth tell-your-phone where it last was things worked for Android, which they don’t, I would put one in my sunglasses case.

That said, they seem a bit pricey? $20/year/tracker?

I’d buy the stock if it were available, though.

(Wait a minute: the “use other people’s participation to track your lost stuff” aspect might be a real privacy nightmare once the government starts subpoenaing the records.)

Posted in Sufficiently Advanced Technology | Leave a comment