Category Archives: Sufficiently Advanced Technology

Take a Shelfie?

Posted on December 4, 2014 by Michael Froomkin

Take a pix of your books and get free e-books?

After years of reading and posting rants about DRM and format shifting Pete and Marius (bitlit.com’s founders) decided to do something about it… They built an app that let’s you get the eBook for free or at a huge discount if you own the paper copy. The app is called BitLit and it’s available for free on Android and iOS. They’ve made deals with over 200 publishers including O’Reilly and Packt, and there are over 30,000 titles that are eligible for free / discounted ebooks if you own the paperback. Here’s how it works: First you take a shelfie (yes, a picture of your shelf) and the app will identify all the books on your shelf — hurrah now you have a complete inventory of your library! But, you’ll also get a shortlist of any books you own that are eligible for free/cheap bundled eBooks. To claim a bundled eBook you just need to write your name onto the copyright page of the book and snap a photo using the app… a few seconds later you should get an email with a download link to the eBook in ePub, PDF, and mobi formats.

via User Friendly.

Should I do this? I’m gonna bet that basically none of my books qualify. Plus there are I’d guess about 70 shelves, each of which would have to be photographed in two parts. Plus some of the books are double-shelved, so you’d see only the outer row…but as those tend to be the cheap novels, they’re probably the ones most likely to have an e-copy (as opposed to the academic books). Plus I am suspicious of the “free/cheap” line — will this mostly be a way to market to me?

No, great idea, but until there are more the books available in the scheme I’m not sure I’ll bother.

Well, maybe one test shelf, just to see…

Posted in Readings, Sufficiently Advanced Technology | 3 Comments

Looking for a Good Student Note Topic?

Posted on October 24, 2014 by Michael Froomkin

I think this qualifies: FTDI Removes Driver From Windows Update That Bricked Cloned Chips (via Slashdot).

As Ars Technica explains:

Hardware hackers building interactive gadgets based on the Arduino microcontrollers are finding that a recent driver update that Microsoft deployed over Windows Update has bricked some of their hardware, leaving it inaccessible to most software both on Windows and Linux. This came to us via hardware hacking site Hack A Day.

The latest version of FTDI’s driver, released in August, contains some new language in its EULA and a feature that has caught people off-guard: it reprograms counterfeit chips rendering them largely unusable, and its license notes that:

Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT

The license is tucked away inside the driver files; normally nobody would ever see this unless they were explicitly looking for it.

The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it’s not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts.

Nice four-hander here: the rights of the end-user, the rights and duties of the vendor, the rights and liabilities of the legitimate parts maker, and the potential liabilities of Microsoft for serving up the malware-to-counterfeits via Windows Update.

Heck, it could be an article.

Update (10/28/14): Good semi-technical background info on this at Errata Security: The deal with the FTDI driver scandal.

Posted in Law: Internet Law, Student Note Topics, Sufficiently Advanced Technology | Comments Off on Looking for a Good Student Note Topic?

Shellshock: It’s as if Flesh-Eating Bacteria Were Poised to Eat Your Server

Posted on September 24, 2014 by Michael Froomkin

arghAnd all your linux-embeded devices with any Internet access. From the sound of it, that’s about how bad the “shellshock” bug in Bash is:

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux, and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Another attack surface is OpenSSH through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.

— Slashdot, Remote Exploit Vulnerability Found In Bash.

Shellshock name spotted on Errata Security (good blog BTW), and the faithful INQ, which shares the cheerful fact that the NIST vulnerability database “rates the flaw 10 out of 10 in terms of severity.”

Update: It looks as if patching severs will be easy – mine is already done. The real problem will be patching devices with embedded linux. To achieve that the consumer needs (1) to know the device exists, is connected to the internet, and is under your control — all sometimes much less obvious than one might imagine; (2) the device has to be patchable; (3) there has to be a patch; (4) the consumer has to know where to go to get the patch; (5) the consumer has to be able to apply it.

Internet of Things considered dangerous?

Update2: This is a nice test for the Shell Shock / shellshock vulnerability:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If it returns something like

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

You are fine. But if it says,

vulnerable
this is a test

Then you have the bash bug.

Posted in Software, Sufficiently Advanced Technology | Comments Off on Shellshock: It’s as if Flesh-Eating Bacteria Were Poised to Eat Your Server

I Would Never Lose My Sunglasses Again?

Posted on August 11, 2014 by Michael Froomkin

If these Tile bluetooth tell-your-phone where it last was things worked for Android, which they don’t, I would put one in my sunglasses case.

That said, they seem a bit pricey? $20/year/tracker?

I’d buy the stock if it were available, though.

(Wait a minute: the “use other people’s participation to track your lost stuff” aspect might be a real privacy nightmare once the government starts subpoenaing the records.)

Posted in Sufficiently Advanced Technology | Comments Off on I Would Never Lose My Sunglasses Again?

The Curious Case of Al Jazeera’s Absence From HTC Blinkfeed

Posted on August 4, 2014 by Michael Froomkin

TL/DR: Why is al Jazeera’s feed absent from HTC’s Blinkfeed? It’s a mystery.

After writing up my review of the HTC One (M8) the other day, I thought maybe I ought to give Blinkfeed a try.

For those of you who don’t have an HTC phone — and it’s a somewhat specialist taste if reports of declining market share are to believed — Blinkfeed is an HTC-curated/controlled news feed (now available to all Android users). It provides an elegant magazine-like interface made up of user-selected content from among the news sources provided by HTC, and also from one’s social media. Most of the major social media choices you would expect seem to be on the available list, but the provision of news sources is somewhat erratic. There is something from just about every part of the globe, but often not much; there are two wire services, and Huffington Post but no US newspapers. If the US choices are rather spotty in news, they are somewhat heavier in sports and entertainment and various other web-based frills. Many of the news feeds on offer seem rather heavy on gorgeous photos, particularly of landscapes and animals, which I think skews the content of the feed somewhat…although as my test is only a couple of days old it might also reflect that August is the silly season for many news media.

The good news is that Blinkfeed’s options include news from many regions in their home language, so I can get the French news is in French, which I like. And even though you get other languages by changing your “edition,” which isn’t totally intuitive, it’s possible to meld feeds from different languages, so I don’t have to have my US news in French just to get the French news in French.

The bad news is that Blinkfeed is a closed system: I can’t add an RSS feed of my choice, an option that would have made Blinkfeed actually useful.

But, at least, though I, there’s Al Jazeera. Given all the turmoil in the Middle East at present, I thought it would be useful part of my media diet. Except, at least for the last three days, there isn’t any Al Jazeera in my feed. And when I go to the al Jazeera button all it says is “NO CONTENT Pull down to refresh.” Swiping down just repeats the update/nothing-happens cycle.

A Google search got me nowhere. There are plenty of links in which HTC brags about all the content deals it has signed. (I’m guessing people pay HTC for the privilege of being in their sandbox, which is why it’s such an anemic little sandbox.) And even some about HTC adding al Jazeera. But there’s nothing I can find in which HTC says it has dropped al Jazeera.

So I called it in to HTC customer support. I’d had a very good experience with them the last time I called, and no good deed goes unpunished. The support guy I got was understandably skeptical at first. He had me remove everything else from my feed. He had me reboot the phone. No change. Finally he put me on hold for a long static-filled wait. When he came back he explained he’d “gone to the lab” and gotten one of their HTC One (M8) test models, and replicated my problem.

The good news: he now totally believed me.

The bad news: he didn’t have any better ideas than I did about what to do about it.

Apparently, there’s nothing on the HTC internal system about them dropping al Jazeera. No one on the floor at the help center had heard anything like that. So all he could suggest is that I call back tomorrow during regular business hours and ask to be escalated — apparently the escalation team doesn’t work late at night.

Maybe tomorrow I’ll find out if this is a case of broken RSS (or whatever) feed, or a case of political censorship. Right now it’s just a bug report.

Posted in Politics: International, Sufficiently Advanced Technology | 7 Comments

HTC One (M8) Review

Posted on July 30, 2014 by Michael Froomkin

Tl/dr: I like this phone. I’ve had this phone for about two months and it has met or exceeded my expectations in just about every respect.

I got the HTC One (M8) instead of the Samsung S5 primarily because my carrier — which I didn’t particularly want to change — offered a 32GB version of the phone, and only a 16GB version of the S5. Having hit the 2GB limit of my previous phone early and often, I didn’t want that to happen again. Also the S5 was reputed to have more phone junk on it; not that the M8 has none, but it’s easy to ignore. The other major advantage of the S5, a superior camera, wasn’t as important to me, although it might be to some people.

Here’s what I wanted from the phone:

First, it has to be a world phone (check).

Second, it has to be a good at making phone calls, with decent range (no problem so far, although I probably haven’t stressed it), and very good sound quality. The M8’s sound quality as a phone is good, certainly good enough, but I wouldn’t call it excellent. Oddly, the speakerphone is substantially better than the regular phone: it is excellent. Indeed its ability to play music and videos (neither of which is or was a requirement for me) is amazing. In fact, however, I mostly use earphones when I listen to podcasts.

Third, my phone has to have an SD card slot (very check: this one takes up to 128G cards!) so I can store my podcasts on it.

Fourth, I want lots of memory so I can download lots of apps. I haven’t historically played games on my phone, but I like calendaring and note-taking apps in particular, and productivity apps and weather and travel-related apps in general. Travel is the main time I’m likely to be far from a proper computer, so I need good substitutes.

Fifth, I’d like it to be fast, because I’m impatient. This phone feels fast.

Sixth, I wanted enough battery to get me through the day. On wifi the battery does great and on days when I’m primarily in areas with wifi I can end the day with over 50% of the charge left. Days that involve a lot of moving around off wifi chew more juice. How much varies. I have yet to actually run out of battery in a day, but I did come close once. The battery is not removable, which is not ideal. It does charge quickly though. Keep in mind that while I might use the phone’s apps a fair amount, I’m not playing videos which perhaps might drain battery on a different pattern.

Seventh, I don’t want a bad camera, but I don’t need state of the art. Check.

Lastly, I don’t have a Mac, and am used to Androids, so I pretty much ignored the iPhone options.

That’s it. Everything else is bonus.

For example, the phone’s voice recognition is dog-on-hind-legs good, which is to say a bit erratic. But the android ecosystem is coming up with interesting apps to take advantage of it, notably Commandr.

Google Now has promise, although I don’t make use of most of it’s features because I turned off most of the tracking and personalization.

Skype over wifi is of surprisingly good voice and image quality – much better than my old phone which basically couldn’t do it.

I do have two small complaints. First, the headphone jack is on the bottom of the phone, which I find awkward when I carry it in my shirt pocket, and at other times too. Second, due to a bug in the Android operating system, I can only connect to secure wireless when the lock screen is on. Neither of these is major.

I did have a temporary problem that I thought might be a deal killer: for a while I had a flashing bar at the bottom of my screen. It turned out to be caused by a misbehaving alternate keyboard app I had downloaded. HTC customer support helped me diagnose the problem by telling that I had to reboot the phone after erasing suspect apps, just deleting them would not be enough. (In contrast, the folks at Verizon gave me only bad advice as to how to solve the problem, suggesting I should do a factory reset as my first option.)

And, the phone’s generous screen size (although it is thinnish and light for its size) is a mixed blessing, although one it shares with its close competitors. The screen is very vivid and the real estate is nice to have. But it’s a handful, and so for most things that require interaction the phone can’t be operated with just one hand. Plus it sticks out of my shirt pocket a bit, which I was told is not an ideal fashion statement — advice I admit I ignored.

I killed the Blinkfeed screen within minutes of turning on the phone. This much-touted method of combining news, social media and updates never had any appeal for me. It seemed like a great way to run down the battery, though.

And of course the phone, like most modern smart phones, is a privacy disaster and a security issue waiting to happen. I would never put any banking or financial app or info on it. And it’s appalling how many apps feel entitled to trawl my address book, or record my location. Maybe my next phone will be a Blackphone.

Still, it’s useful, it’s fast, the screen is pretty, if you get the 32GB version it has a ton of memory plus the ability to expand a lot more with a micro SD card, and it works well as a phone. Plus I got a deal. So I like it.

Posted in Sufficiently Advanced Technology | 2 Comments