Tag: Technology

Private Messages on the Internet Don’t Exist

I thought I’d bring this up because the subject cropped up on a forum I frequent. If you’re planning an illegal activity involving illicit substances do not do it on a public forum or through e-mail (seriously it makes the rest of us on that forum look bad). Private messages don’t exist online (in 99.99% of cases). The messages you send and receive are almost always in plain text format that can be read by anybody with the correct credentials. This means a system administrator can see any private messages sent by any user on the system they administer.

This in of itself may not be a huge deal but if that administrator is served a subpoena for those messages they must legally provide them to the authorities. The same goes with e-mail. E-mail may be encrypted from your system to the e-mail server but it’s most likely not encrypted on the e-mail server after arrival. This means any authority figured with a subpoena can obtain those messages and according to an EFF summit I attended at Defcon any e-mails older than six months don’t even require a subpoena to obtain.

Basically if you’re going to do something illegal, embarrassing, politically unacceptable, etc. don’t do it online. Even if you control your e-mail server you don’t control others’. When somebody on GMail sends an e-mail a copy is stored in their sent folder which includes information on whom it was sent to.

I’ll close in saying the best way to avoid getting in trouble with the police is to avoid doing illegal activities. With that said this advice also applies to things outside of criminal activities such as politic dissidence. Basically anything you want to keep private should be encrypted end to end and stored in an encrypted format that can only be unencrypted by the sender and receiver of the message.

At My Wit’s End with Android

It’s not secret to anybody reading this blog that I’ve developed quite the love/hate relationship with Android. On one hand I love many of the capabilities of Android but on the other hand it’s been plagued with bugs to the point of unusability in some cases. Well I just ran into another problem that’s really set me off, the Android Market appears to have lost all record of my purchased applications.

I went to apply a couple of updates a few days ago and noticed two applications wouldn’t update. I thought that was odd so went into the Market to do a manual update and noticed when I tapped the update button I was sent to the purchase page. The Market wanted me to purchase my application again. This seemed really odd so I logged into my Google checkout account and went through my purchased application history and found that everything was still in order that.

Obviously I needed to contact Google… which is impossible. Seriously, there is no technical support number for Google anywhere. Their support forums have left me with no answer but the knowledge other people have had variations of this problem without any reliable method of resolving it. Some people broke down and just repuchased the applications in essence paying for them twice. Nothing pisses me off more than getting ripped off and buying an application twice constitutes are rip off.

Basically I now have a portfolio of purchased applications that I can no longer use. Technical support is non-existent and frankly I’m pissed off. I wonder if Google actually has an competent people working on their Android platform or if they just toss shit at the wall and see what sticks.

USB is Evil

Most people realize that Firewire has much better sustained read and write speeds when compared to USB but I’ve never gone so far as to say USB is the Devil. Then again I’m not an Evangelical Christian in Brazil:

The evangelical cult “Paz do Senhor Amado” (“Peace of the beloved Lord”) in the interior of Brazil forbids its followers to use any USB technology by contending that it uses a symbol that shows sympathy for the devil.

According to its founder, the “Apostle” Welder Saldanha says that this is just another symbol of Satan, which is always present in all Christian homes.

“The symbol of that name (a name which he doesn’t even like to pronounce) is a trident, which is used to torture souls that go to hell. Use only a symbol of those shows that all users of that vile technology are actually worshipers of Satan” – explains the” Apostle”.

I actually lack any smart ass remark that could add to the hilarity of that statement.

Online Privacy

Facebook revealed a new messaging service yesterday and today when rolling into work I heard some guy on the radio talking about the privacy implications (sadly although I have an FM transmitter attached to my iPod there is a split second between the time I turn my iPod off and when I turn my truck off that exposes me to regular radio).

I thought I’d take a second to remind everybody about the golden rule of Internet privacy. If you don’t want everybody in the world to know something don’t post it online. The Internet was never developed with privacy in mind and although websites often try to make data private eventually that data becomes public through human error or system compromise.

The other thing to remember is the simple fact that putting information on a system you don’t completely control may lead to undesirable consequences. You do not control Facebook as you don’t own their servers. This means all information you post on that site is outside of your realm of control making it impossible to know how secure the data is.

Either way if you follow the golden rule of Internet privacy you should never have a problem.

Android Advantage

Yes I go back and forth on the advantages and disadvantages of Android. You have to give me credit on one thing, I’m not a fan boy.

One of the problems I have with my Evo 4G is the generally buggy nature of the included software. Android 2.2 had a lot of troubles with their media layer that were finally sorted out around the release of 2.2.1. The main problem is HTC hasn’t released an update with the new version of Android yet so audio I’ve left paused for a long time is likely to start from the beginning again when I press the play button. This along with a bug that impairs my phones Exchange syncing capabilities (it can’t properly sync with my work’s calendar most of the time and when the calendar sync fails it refuses to sync e-mail as well) has left me rather agitated with Android.

Thankfully Android is an open source operating system and hence anybody is free to roll their own version. Personally I’m far too lazy to do such a thing so I rely on others. For the last several days I’ve been running Cyanogenmod on my phone and frankly it fixes all the issues I’ve had with my phone.

The downside is I lose the ability to use 4G (which I rarely use due to it being a power hog) and HDMI out (which I’ve never used and don’t even have a cable for). Those features will most likely come in a future release so I’m not worried and keep a backup of my old ROM for instances where I need those features. What I like is the fact the features I use on a more daily basis (Last.fm, Pandora, and Exchange synchronization) all work perfectly now.

When people say Android is open this is what they mean. Of course you need to have a NAND unlocked phone in order to install a different ROM so you’re likely limited to more popular phones (as those are the ones hackers work on rooting and unlocking NAND on). Even with that restriction in place the fact of the matter is if you don’t like your current ROM you can swap it out on a lot of phones.

Getting a Esduino Communicating with Mac OS X

Just a word of warning everybody, we are going down super duper mega geek territory here. If you’re not sure what a Esduino is you’ll not give two shits about this post. This is mostly a guide for myself to serve as a reminder of how to get this thing running again should I forget. Since the information has potential to be useful to others out there I figured I post it up on a public page.

I’m not going to waste time explaining what an Esduino is beyond it being a Arduino board that uses a 9S12 microcontroller as its core. If you don’t know what it is chances are this guide is useless to you.

The Esduino by Technologicalarts comes with a FT232R USB to serial port converter built in. There are no built in drivers for this chip in Mac OS X thus you need to install them. The drivers can be found here (for Windows, Mac, and Linux). The installation guides can be found here. Summed up all you need to down is download the appropriated driver (I used the virtual COM port driver instead of the D2XX driver as I’m used to working with virtual COM ports) and install it.

Once the driver is installed you can plug your Esduino into one of your USB ports. You’ll notice nothing happened, that’s normal. In truth something did happen though, two new files were created in your /dev directory (if you’re unfamiliar with the UNIX underpinnings of OS X just ignore this part, it’s really irrelevant). The two new files will be called /dev/cu.usbserial-xxxxxxxx and /dev/tty.usbserial-xxxxxxxx with the xxxxxxxx being the serial number of the device you plugged in. The Esduino will also appear in the System Profiler under USB. I’ll make a quick note that those two files in your /dev directory will only appear when you plug the Esduino in, if you don’t see them you’re device probably isn’t plugged in.

Now your computer is communicating with the Esduino board, what’s next? Well you need to interact with it. All Esduino boards come pre-loaded with an application. This application can be interacted with through the virtual COM port. First before you begin flip the switch on the microcontroller into the run position. In order to communicate with the virtual COM port I found a good program called CoolTerm. Open CoolTerm and open the options dialog (click on the toolbar button labeled Options). Under the Serial Port Options group select usbserial-xxxxxxxx from the port combo box and then click the OK button. Now that you’re back to the main window click the Connect button on the tool bar and press the enter key. A text menu should appear and you’re up and running.

Yes this is the kind of thing I do for fun. See how messed up I am?

Another Reason to Root Your Android Phone

If being able to use your Android phone for a Wi-Fi hotspot (without paying an additional fee to your service provider), being able to backup your data, and being able to run a stripped down version of Wireshark weren’t enough I have yet another reason, security.

Take for example this security exploit. It’s fixed on Android 2.2 but not 1.6. What’s the big deal? Many carriers and handset manufacturers haven’t pushed out the 2.2 update to older phones meaning many phones are now vulnerable with no hope of a fix in site. Unlike a personal computer a phone generally can’t be updated willy nilly. For example I can’t go to the store and purchase a new copy of Android to install on my phone, I have to wait for the manufacturers and carriers to push updates out to me.

How does rooting help? Rooting (at least unlocking the NAND) allows you to install custom ROMs. ROMs are basically the installation of the operating system. Many phones that have seen obsolescence from their manufacturers and carriers have updated custom ROMs available for them. These custom ROMs are maintained by the Android community and can offer updates that otherwise wouldn’t be available. If you have a rooted phone with an old version of Android you may want to see if there are any updated custom ROMs available out there. Sadly this is the only way you’ll probably see a fix for any current and future vulnerabilities.

Missing the Point

I seriously don’t understand Oracle. The bought up Sun Microsystems a while ago and have been working hard on ruining all obtained products as quickly as possible. Although Sun was never good at monetizing what they produced they made some great stuff and were usually pretty open with it. Java, OpenOffice, and Solaris were all open source products by the time they ended up being bought by Oracle.

The main benefit of Java has always been the ability to “write once, run everywhere.” Java doesn’t always deliver on that promise by nine times out of ten it does. I know a lot of people still give Java flak for being slow, bloated, and a device to butcher babies but frankly anybody who’s worked with it on a serious project generally walks away feeling that Java is a viable tool to get jobs done. I rather enjoy the fact that I can write a piece of software, compile it once, and then run it on my Windows, Linux, and Mac.

Apparently Oracle doesn’t understand this advantage and are now looking to monetize Java. I have no problem with monetizing a product, I’m a free market advocate after all. The problem I have is how Oracle is planning on going about monetizing Java. Their talking about releasing to version of the Java Development Kit (JDK), a free one and a premium one. By the sounds of it the premium version of the JDK will contain performance improvements in addition to some additional libraries (mostly for interacting with Oracle’s other products).

For a product like Java divergence is a bad thing. Once you remove the guarantee that an application you wrote will run on any platform with a Java Virtual Machine you’ve also removed the only real advantage. If there are two versions of the virtual machine the most likely outcome is people will only write software to target the free version as that’s the only version you can guarantee people will be willing to obtain. Java has always had a reputation for poor performance (a reputation that should be abolished at this point) so having performance only in the paid version is going to hurt the product’s reputation even more.

Frankly I just don’t understand Oracle’s strategy. They seemed to have purchased Sun just to ruin their products as fast as possible. Thankfully this purchase happened after groups already implemented clean room developments of the Java Virtual Machine and Application Programmer Interfaces (APIs) which gives us an alternative to whatever Oracle comes out with.

When a Fix Isn’t a Fix

A bit back I mentioned Firesheep, a Firefox plugin that allowed you to easily steel session cookies on open wireless networks. Frankly this plugin has exploded in popularity (which is the only reason I heard about it) and now people are trying to fix the problem. The problem is simple, websites use unencrypted channels to send authentication information to clients. The only real fix for Firesheep is websites switching from HTTP to HTTPS. Once web site traffic is encrypted Firesheep no longer works, plain and simple.

Instead of legitimate fixes through people are working on hacks to get around Firesheep. Take for example BlackSheep, a Firefox plugin that informs you if somebody on the network is using Firesheep. The problem here is nothing actually getting fixed. The vulnerability still exists and frankly that’s the whole problem. If you want a better fix to avoid getting your session cookie high jacked by Firesheep you can look into using HTTPS Everywhere. HTTP Everywhere isn’t a perfect solution by any means as it only works with specific websites but it’s far better than using something like BlackSheep that will just inform you if somebody is using Firesheep on your network.

The bottom line is what Firesheep does has always been possible. Firesheep simply made a technical task easy enough for anybody to do it, nothing more. Teaching awareness of the problem was the goal and it’s done exactly that will many websites finally talking about rolling out HTTPS secured sites in lieu of their current unencrypted sites.

iOS and Android Compared

I’ve had some time with iOS on my iPad and Android on my Evo 4G. Obviously there are a lot of differences and I figure I might as well record some of them.

I know there is a lot of debate on whether Android is open or not. Personally I’ve complained several times about how locked down Android is on most phones. After working with iOS for a while I can say for a fact that iOS is a veritable prison compared to Android. Although Android can’t do a lot on a phone that hasn’t been rooted it isn’t tied to a desktop computer.

Generally I don’t have to connect my Evo to my computer unless I need to get some files off of my desktop. I can download most files onto my phone from my phone. The iPad is far different in that it requires all files be downloaded through iTunes. You can’t do a damned thing on an iOS device without a desktop running iTunes. That’s pretty restrictive if I do say so myself.

A big part of this problem comes from the lack of a universal file storage area on iOS devices. On Android devices any files stored on an external media (think SD card) are readable by any application. This means if you use the browser to download a file onto an SD card you can open said file with another program. This can’t be done on an iOS device. If you want to download a file and open it in another program you must download that file on your desktop and transfer the file to your iOS device via iTunes. This is probably the largest limitation in iOS devices.

Another thing that keeps the iOS platform locked down is the inability to install application from a source outside of iTunes. If apple doesn’t approve an application you simply can’t install it. On most Android devices you can side load applications. This means you’re not at Google’s mercy when it comes to applications you can install. Once against this is a pretty severe restriction to place on a device.

One thing that Android has that if find lacking in iOS are widgets. I never thought I’d like widgets so damned much but honestly they are very nice to have. My home screen on my Evo displays the time, weather, upcoming appointments, and my todo list. To see these I just have to turn my phone on. On my iPad I’d have to open a weather application, the calendar application, and a todo application one after another. Widgets make getting specific information quickly easy.

The final mistake made in iOS was the notification system. When an application sends a notification a dialog box pops up and must be dealt with before returning to whatever you were doing before being interrupted. Android has a much nicer system where an icon appears in the upper left-hand corner of the screen and you can read the notification but running your finger from the top of the screen down. Doing this brings down the notification area with a list of all current notifications that haven’t been dealt with. Neither is as intuitive as WebOS’s notification system though.

Now that I’ve bitched about iOS let me focus on the things it does well. The mos notable difference between iOS and Android is the interface. Apple has a long tradition of having consistent and easy to use interfaces. That tradition holds true on iOS. All the included applications have intuitive interfaces which are easy to navigate. Navigation is done consistently in the included applications as well. For instance if I open and application, flip to a new form, and want to flip back I can rest assured that the button to return me to my previous screen will be in the upper left-hand corner of the new form.

Android is the opposite of this. The user interface in Android is inconsistent at best although it has been improving over the various versions. Hell there isn’t even a unified e-mail application included in Android. If you use GMail then you can use Google’s GMail application otherwise you are stuck with the other stock Android e-mail application. These two applications don’t even work in similar manners. For example GMail has a threaded interface with the controls for replying at the top of the e-mail header. The other e-mail application has no conversation threading and replying is done via two buttons at the bottom of the screen. I haven’t a clue what Google was thinking with this but it’s not done properly.

Although it hasn’t been released for the iPad yet I’ve played with iOS’s multitasking via emulators and devices at the Apple store. I’ve mentioned that the back end mechanism for doing multitasking in iOS is poorly implemented but the interface for switching between running applications is better than the standard Android mechanism. In iOS tapping the home screen twice brings up a list of “running” applications (application still in memory but not using CPU time). Every application that’s still in memory will be listed and can be selected by tapping on the application’s icon. Android’s mechanism is… inconsistent. Holding down the home button will bring up a list of the last eight used applications which is tedious (it’s roughly a one second button hold which doesn’t sound long until you’re trying to quickly navigate between three applications). Some applications are good enough to place an icon in the notification bar which makes navigating back to that applications as easy as opening the notification area and tapping on said icon. One again neither are as intuitive and quick as WebOS but this post isn’t about how to do an interface correctly.

If there is one thing Apple is good at it’s polish. I can’t never say that enough because it’s honestly very true. Most things under iOS just scream polish job. The interface is consistent, animations always run smoothly, and shit happens when it’s supposed to (when I rotate my iPad the screen rotates instantly, sometimes my Evo requires a few violent shakes to get the screen to notice I changed the device’s orientation). Everything on iOS is kept simple and uncluttered which I really appreciated on a mobile device.

The bottom line is you have a choice; a very pretty and well run prison or a village to roam where little was planned in accordance with other parts. Frankly Android still wins in my book because I can actually have a device that doesn’t need to be tethered to my computer at any time. On the other hand using iOS is a very pleasant experience and I can know with some matter of certainly what will happen when I do something.