Category: Technology

Android Advantage

Yes I go back and forth on the advantages and disadvantages of Android. You have to give me credit on one thing, I’m not a fan boy.

One of the problems I have with my Evo 4G is the generally buggy nature of the included software. Android 2.2 had a lot of troubles with their media layer that were finally sorted out around the release of 2.2.1. The main problem is HTC hasn’t released an update with the new version of Android yet so audio I’ve left paused for a long time is likely to start from the beginning again when I press the play button. This along with a bug that impairs my phones Exchange syncing capabilities (it can’t properly sync with my work’s calendar most of the time and when the calendar sync fails it refuses to sync e-mail as well) has left me rather agitated with Android.

Thankfully Android is an open source operating system and hence anybody is free to roll their own version. Personally I’m far too lazy to do such a thing so I rely on others. For the last several days I’ve been running Cyanogenmod on my phone and frankly it fixes all the issues I’ve had with my phone.

The downside is I lose the ability to use 4G (which I rarely use due to it being a power hog) and HDMI out (which I’ve never used and don’t even have a cable for). Those features will most likely come in a future release so I’m not worried and keep a backup of my old ROM for instances where I need those features. What I like is the fact the features I use on a more daily basis (Last.fm, Pandora, and Exchange synchronization) all work perfectly now.

When people say Android is open this is what they mean. Of course you need to have a NAND unlocked phone in order to install a different ROM so you’re likely limited to more popular phones (as those are the ones hackers work on rooting and unlocking NAND on). Even with that restriction in place the fact of the matter is if you don’t like your current ROM you can swap it out on a lot of phones.

Another Reason to Root Your Android Phone

If being able to use your Android phone for a Wi-Fi hotspot (without paying an additional fee to your service provider), being able to backup your data, and being able to run a stripped down version of Wireshark weren’t enough I have yet another reason, security.

Take for example this security exploit. It’s fixed on Android 2.2 but not 1.6. What’s the big deal? Many carriers and handset manufacturers haven’t pushed out the 2.2 update to older phones meaning many phones are now vulnerable with no hope of a fix in site. Unlike a personal computer a phone generally can’t be updated willy nilly. For example I can’t go to the store and purchase a new copy of Android to install on my phone, I have to wait for the manufacturers and carriers to push updates out to me.

How does rooting help? Rooting (at least unlocking the NAND) allows you to install custom ROMs. ROMs are basically the installation of the operating system. Many phones that have seen obsolescence from their manufacturers and carriers have updated custom ROMs available for them. These custom ROMs are maintained by the Android community and can offer updates that otherwise wouldn’t be available. If you have a rooted phone with an old version of Android you may want to see if there are any updated custom ROMs available out there. Sadly this is the only way you’ll probably see a fix for any current and future vulnerabilities.

Missing the Point

I seriously don’t understand Oracle. The bought up Sun Microsystems a while ago and have been working hard on ruining all obtained products as quickly as possible. Although Sun was never good at monetizing what they produced they made some great stuff and were usually pretty open with it. Java, OpenOffice, and Solaris were all open source products by the time they ended up being bought by Oracle.

The main benefit of Java has always been the ability to “write once, run everywhere.” Java doesn’t always deliver on that promise by nine times out of ten it does. I know a lot of people still give Java flak for being slow, bloated, and a device to butcher babies but frankly anybody who’s worked with it on a serious project generally walks away feeling that Java is a viable tool to get jobs done. I rather enjoy the fact that I can write a piece of software, compile it once, and then run it on my Windows, Linux, and Mac.

Apparently Oracle doesn’t understand this advantage and are now looking to monetize Java. I have no problem with monetizing a product, I’m a free market advocate after all. The problem I have is how Oracle is planning on going about monetizing Java. Their talking about releasing to version of the Java Development Kit (JDK), a free one and a premium one. By the sounds of it the premium version of the JDK will contain performance improvements in addition to some additional libraries (mostly for interacting with Oracle’s other products).

For a product like Java divergence is a bad thing. Once you remove the guarantee that an application you wrote will run on any platform with a Java Virtual Machine you’ve also removed the only real advantage. If there are two versions of the virtual machine the most likely outcome is people will only write software to target the free version as that’s the only version you can guarantee people will be willing to obtain. Java has always had a reputation for poor performance (a reputation that should be abolished at this point) so having performance only in the paid version is going to hurt the product’s reputation even more.

Frankly I just don’t understand Oracle’s strategy. They seemed to have purchased Sun just to ruin their products as fast as possible. Thankfully this purchase happened after groups already implemented clean room developments of the Java Virtual Machine and Application Programmer Interfaces (APIs) which gives us an alternative to whatever Oracle comes out with.

When a Fix Isn’t a Fix

A bit back I mentioned Firesheep, a Firefox plugin that allowed you to easily steel session cookies on open wireless networks. Frankly this plugin has exploded in popularity (which is the only reason I heard about it) and now people are trying to fix the problem. The problem is simple, websites use unencrypted channels to send authentication information to clients. The only real fix for Firesheep is websites switching from HTTP to HTTPS. Once web site traffic is encrypted Firesheep no longer works, plain and simple.

Instead of legitimate fixes through people are working on hacks to get around Firesheep. Take for example BlackSheep, a Firefox plugin that informs you if somebody on the network is using Firesheep. The problem here is nothing actually getting fixed. The vulnerability still exists and frankly that’s the whole problem. If you want a better fix to avoid getting your session cookie high jacked by Firesheep you can look into using HTTPS Everywhere. HTTP Everywhere isn’t a perfect solution by any means as it only works with specific websites but it’s far better than using something like BlackSheep that will just inform you if somebody is using Firesheep on your network.

The bottom line is what Firesheep does has always been possible. Firesheep simply made a technical task easy enough for anybody to do it, nothing more. Teaching awareness of the problem was the goal and it’s done exactly that will many websites finally talking about rolling out HTTPS secured sites in lieu of their current unencrypted sites.

Why I Don’t Trust Cloud Computing

The center tile in buzzword bingo these days is “cloud computing.” It’s a fancy term for a return to centralized mainframes of yesteryear. It’s a simple concept, put all your files onto servers connected to the Internet so your files are available anywhere you go. Although this part of the idea is sound (so long as you’re encrypting your data before sending it out to a server you don’t control) some people use online storage as their only means of data retention. The latter part of this is the thing that will fuck you over hard.

Case in point Facebook just bought drop.io, a popular file storage and sharing site. The following notice is what is important to this post:

Drop.io is free up to 100 MB of storage, but some people pay to get more storage. Nov. 15 will be the last date when drop.io will charge users for extra storage, and those paid users will also lose all their data after Dec. 15.

Never have your data exclusively on a storage system that you do not fully control. I have friends who use Google Docs as their word processor and sole means of storage. If Google decides to shut down Google Docs that’s it, my friends’ files are gone.

I encrypt and backup my most important files to Amazon’s S3 service. The reason I utilize S3 is so I have an off site backup in case of my apartment complex burning to the ground or other unforeseen event that could destroy everything I own. Of course I also keep a local copy of every file I create (two copies actually, one of my computer and one on a backup drive) in case my Internet connection goes down, Amazon’s S3 servers hosting my data go down, or Amazon decides to terminate S3 out of the blue. The main thing I’m trying to get across here is the fact that you should never use online storage that you don’t completely control as your sole means of data retention. Always have a (preferably two) local copy of every file you create. Everybody who stored files on drop.io has a month and a half to get their data off before it’s gone forever.

Apple Deprecates Their Java Virtual Machine

No, I’m not trying to turn this into the Apple blog but I found this news discouraging. Apple is deprecating their Java Virtual Machine meaning it could be removed in a future OS release. Although I’m not sure why Apple is doing this I wouldn’t be surprised if it had something to do with Oracle.

Since Oracle purchased Sun the Java community has been rather… leery. Oracle is already suing Google because they believe Google’s use of the Java language infringes on Oracle’s Java property. Combine that with the fact Oracle isn’t the most loved company on Earth and you realize the future of Java is on somewhat shaky grounds.

I’ll admit that I use very little Java software. With that said there is one piece of Java software that I simply can’t work without, Eclipse. Eclipse is kind of the juggernaut of Integrated Development Environments (IDE). If you want to write an application in a specific language there is a very high chance that an Eclipse plug-in exists for it. It’s kind of my Swiss Army Knife for development and frankly I don’t want to be stuck running it in a virtual machine all the time (since Eclipse is as a big of a resource hog as it is useful). Granted I could just use a text editor and compilation tools but I really don’t want to switch up my entire work flow. Hopefully Java stays part of OS X for a while longer, at least until somebody else releases a quality virtual machine for it.

Sony Going After Hackers

Although I do not speak German and thus am reliant on another person’s translation it appears as though Sony is going after hackers. I’m not talking about malicious hackers who break into computer system, I’m talking about hackers whom are hacking their own PlayStation 3 (PS3).

A bit back a USB dongle was released that jailbroke the PS3. Sony apparently wasn’t happy just going after the manufacturer of the USB dongle (which is irrelevant as there is now an open-source implementation of the crack) and have decided to take legal action against people who purchased it. I’m not sure about German law but in the United States if you purchase a piece of hardware it’s legally yours to do with as you please. For instance if you purchase an iPhone and hack it you’re completely legal regardless of what Apple says.

I’ve been done with Sony products since they stole the built-in Linux capabilities of the PS3 (I paid for it, they removed it from their system, I can’t use the system to go online without removing the Linux capabilities meaning I lose a feature no matter what, and in my book that’s theft). If I hadn’t already given up on the PS3 this would have certainly made me do it.

A Year Late and a Dollar Short

It seems while I was busy on my trip leaked information started becoming available on the next Palm (now HP) phone. Behold, leaked photographs of the Palm Pre 2. If ever there was an uninspired design this thing is it. Although I do appreciate backwards comparability with accessories the Palm Pre’s accessories need an upgrade. For instance it is known through FCC documents that the Palm Pre 2 uses the same underpowered battery as the first one. One of the things the Pre needed most was a larger battery.

On top of that the new Pre is the same sized screen as the old one. Even with the inclusion of a gesture area it would have been nice to see the screen size increased a bit. One of the things I love about my Evo is the huge screen. I do like the fact that the list microUSB port cover has been removed on the Pre 2 which leaves one less thing to break.

Ultimately the Pre failed to get market share and attention. I don’t see how adding much better hardware to the same form factor is going to help improve Palm’s image. What Palm really need is a super phone that is distinct from other phones on the market while distancing themselves from their previous phones. I’m hoping something more exciting is in the pipeline but frankly with all the competition from Android and iOS this new Pre 2 just isn’t going to cut it.

Some Thoughts on the HTC G2

Yesterday I posted a mini-rant on the HTC G2. My problem is the fact that every time you reboot the phone everything written to the /system directory is undone thus preventing a permanent root solution (for now). Of course in a manner of security this concept make a ton of sense.

The great thing about rooting an Android phone is that it allows you to do far more with it (namely free tethering). Of course any exploit used to gain root privileges can be used to maliciously. Root privileges are generally gained on phones by exploiting a security flaw. Any piece of software can potentially do this. By undoing any changes to the /system directory you effectively make any system-level exploit temporary. It’s actually a pretty smart move overall. Of course it also prevents those of us willing to take the risk for easily rooting our devices.

Due to this I have a suggestion, a hardware switch. The NAND memory that the /system directory is stored in is write protected. On the Evo turning the security flag in the radio off disables this write protection. Why not have a physical hardware switch enable or disable write protection? Without social engineering or a very clever exploit there really is no method of turning off write protection via software if it’s controlled by a physical switch. Users who want to root their phones can disable write-protection and take their risks while others can be happen in the added security of a write-protection operating system. Since manufacturers don’t want to support rooted phones the switch could be covered by a “warranty void if removed” sticker to boot.

Just a thought that would make most people pretty happy.