Nov
22nd

Android “Lollipop” Disk Encryption Causes Serious Performance Issues!

If you recently upgraded your Android device to Android 5.0, known as the “Lollipop” version, you may be experiencing some strange performance issues after the upgrade if you enable encryption. It appears that the problem is caused by disk encryption of the Android device which can be turned off in the new Nexus devices. It is a “feature” and not a bug! However, users are very upset by the performance hit that this new feature causes. In testing a Motorola Nexus 6 that didn’t have encryption enabled (which is not the way it normally comes) testers at AnanTech discovered that it was, in fact, the disk encryption in the Nexus 6 that slows down the read-write disk speeds… and, unfortunately, you can’t turn it off once enabled.

During tests with a Nexus 6 running without encryption, and another one with it enabled, they saw as much is a 63% decline in read performance and a 50% decline in write performance in the device with encryption enabled. If your math impaired, in terms of understanding those numbers, that’s a big deal!

Now, if you want to turn off your disk encryption in order to see at a performance improvement; you can’t on the Nexus 6 or Nexus 9, at least not at this time.

The geeky folks over at XGA are tinkering with a new boot.img image that will disable the forced encryption, but this is annoying fix for a problem that Google should have already provided a workaround for. We should not have to rely on some hackers to fix their problem!

One would hope that Google will respond to this and give users a way to encrypt their phones and restore performance to reasonable levels!

Nov
22nd

An Open Source Notebook? Yes, Please!

I totally want one!

Geek – By: Lee Mathews – “Supporters of software freedom and open source have plenty of choices when it comes to apps. When it comes to hardware? Not so much. The Librem 15 laptop is hoping to change that.

Like the clunky old netbook that Richard Stallman bangs on, the Librem 15 is all about FOSS. It’s a beast of a machine that features a quad-core Intel Core i7 processor, Nvidia GT840M graphics, and a 15-inch 1080p display. Purism, the company behind the Librem 15, plans to ship a customized version of Trisquel Linux (one of the few distros that gets a thumbs up from the FSF). The Librem 15 certainly looks good. It’s relatively slim at 22mm and not too heavy, weighing in at 4.4 pounds — comparable to similar systems from OEMs like Asus and Dell.

This laptop would eat the last FSF-certified machine we wrote about for lunch. It’s also a huge step up from the DIY Novena, though it’s worth noting that the Novena is genuinely totally free: hardware, firmware, software. That’s why it runs an underpowered Freescale CPU instead of a ballsy Intel Core chip.

A totally free gaming laptop is an interesting — albeit slightly conflicted — device. Even if founder Todd Weaver and Purism manage to get Intel to free up all their closed binary blobs, the games you would likely want to play on a machine like this probably aren’t FOSS.

There’s an ever-growing list of good, free, open source games out there. There are more titles coming to Steam for Linux all the time, too, but the $1,400 Librem 15 is open hardware that wants desperately to play in the closed-source world of PC gaming. It’s a steep hill to climb, to be sure.

Still, if you’re committed to the FOSS movement, the Librem 15 could be the horse you want to back. Companies like Purism can’t achieve their goals without funding, so head on over to Crowd Supply and pledge if you’d to help them succeed.”

If you want one, order it here: Crowd Supply – Librem 15 Laptop

Nov
22nd

Malware for Your Phone – Just What You Need! (Not!)

(Cross-posted from the Hand Held Hack) I HATE Malware. I am OK with lining up the perps that write it and shooting them (metaphorically.) I guess.

Malicious Software Said to Spread on Android Phones

Bits Blog – New York Times – By: Nicole Perlroth – “For years security researchers have warned that it was only a matter of time before nasty digital scourges like malicious software and spam would hit smartphones.

Now they say it is has finally happened.

A particularly nasty mobile malware campaign targeting Android users has hit between four million and 4.5 million Americans since January of 2013, according to an estimate by Lookout, a San Francisco mobile security company that has been tracking the malware for about two years.

Lookout first encountered the mobile malware, called NotCompatible, two years ago and has since seen increasingly sophisticated versions. Lookout said it believes, based on attempted infections of its user base of 50 million, that the total number of people who have encountered the malware in the United States exceeds four million.

Criminals infect smartphones primarily by infecting legitimate websites with malicious code. When victims visit the site from their mobile phone, they inadvertently download the code, in what is known as a “drive-by download.”

In other cases, the attackers sent spam from hijacked email accounts to their victims. That technique, Lookout’s researchers say, successfully caused more than 20,000 infections a day. More recently, researchers say, attackers have been tricking their victims into installing the malicious code by disguising it as a ‘security patch’ in an email attachment. In others, spam emails advertised weight loss solutions with a link that served up malware to Android users.

The attackers goal, researchers say, is to infect as many smartphones as possible and turn them into a so-called botnet, a network of infected devices that can be used by attackers for various malicious purposes. Lookout’s researchers say there is evidence that Not Compatible’s authors are renting out control of infected mobile devices to people who have used them to simply send out more spam or buy up event tickets in bulk from from Ticketmaster, Live Nation, EventShopper and Craigslist. Some have used infected devices to try to crack WordPress accounts.

Lookout says the malware, now on its third iteration, allows infected devices to search for and communicate with other infected machines and share intelligence. Attackers also have found a way to encrypt communications between their command and control center and infected devices, which makes it more difficult to detect and decipher.

The latest version, Lookout said, ‘has set a new bar for mobile malware sophistication and operational complexity.’

All this malicious activity can be costly. The criminals are incurring data charges on phones that, ultimately, victims are held responsible for. As if that weren’t annoying enough, researchers say the malware causes tremendous battery drainage.

As with most malware discoveries, Lookout, the company sounding the alarm, has a stake in raising concerns about the security of mobile devices. Its mobile security application, which is available for both Apple’s iOS and Android-powered smartphones, is able to identify the NotCompatible malware and keep it from infecting Android devices that have downloaded the Lookout app.”

Nov
20th

Firefox and Yahoo – What?

Oh, you have to be kidding! YAHOO?!? What is up with that?

Firefox drops Google as default search engine, signs five-year deal with Yahoo

TheVerge – By: Russell Brandom – “Today, Yahoo and Mozilla announced a five-year partnership that would make Yahoo the default US search engine for Mozilla’s Firefox browser on mobile and desktop. In December, Yahoo will roll out an enhanced new search function to Firefox users, and will also support Do Not Track functions in Firefox as a result of the partnership. The agreement also sets the stage for future product integrations, but so far the companies are keeping quiet on what those might be. Firefox has lost market share in recent years but is still used by roughly 17 percent of webgoers. According to Mozilla CEO Chris Beard, Firefox users search the web more than 100 billion times each year, suggesting a major windfall for Yahoo as a result of the deal.

By comparison, only 10 percent of web searches are made through Yahoo, which is powered by Microsoft Bing. But Google and Bing have both made major gains in recent years. Nonetheless, Yahoo CEO Marissa Mayer said search traffic is still a major priority for the network, and one they expect to explore through the new partnership. ‘At Yahoo, we believe deeply in search – it’s an area of investment, opportunity and growth for us,’ said Mayer. ‘I can’t wait to see what innovations we build together.’

Google has been Firefox’s default browser for ten years, so the new partnership represents a significant break. In a subsequent blog post, Mozilla CEO Chris Beard described the decision as a strategic one. ‘Our agreement came up for renewal this year, and we took this as an opportunity to review our competitive strategy,’ Beard wrote. ‘We believe it will empower more people, in more places with more choice and opportunity to innovate and ultimately put even more people in control over their lives online.’ Mozilla is also setting Yandex as the default search engine in Russia, and the move opens up the company to work with more local partners. Google, Bing, DuckDuckGo, eBay, Amazon, Twitter and Wikipedia will continue as alternative search options in the US.”

Nov
16th

Security Guards That Look Like Daleks!?!

Security Guard Daleks!It’s the end of the world, I’m tellin’ ya!

This Company Is Making Robot Security Guards That Look Like Daleks

Gizmodo – By: Chris Mills – “If you’re sitting down at the drawing board to design a robotic security guard, and you don’t want people to run the other way screaming ‘oh hell no’ at first sight, here’s a little tip: don’t make it look like the evil killer robot from a science fiction show. (Dr. Who, of course – Dr. Bill)

The K5 is a robotic security guard being developed by California startup Knightscope (I’m pretty sure that’s also the name of the world-ruling megacorp in some dystopian sci-fi movie), to provide an alternative to flesh-and-bones security. The robot isn’t armed (thank Christ), but it’s about five feet tall, outfitted with an array of sensors to detect humans and phone home, and yes, it exists outside of a lab. In fact, there’s a fleet of five patrolling Microsoft’s Silicon Valley campus as we speak.

The robots are kitted out with four cameras, one on each side, plus microphones, weather sensors, GPS, and a laser rangefinder to help navigation. If you try and mess with it, the robot will ‘beep ominously’, before sending a SOS to its control center.

Realistically, these things aren’t going to be replacing security patrols any time soon — I can’t imagine it’d be that hard for a determined human to evade a grown-up Roomba, or there’s always the option of just pushing it over. But for some mundane tasks — I’m particularly thinking parking attendants — this thing could actually make sense. Just do not, under any circumstances, give it a weapon. And, um, maybe rethink the styling a little?”

Nov
15th

Windows 95 on an iPhone 6?!?

Windows 95 on an iPhone!Now, this is just CWAZY! Though I give him points for geekery!

Chinese Programmer Sticks Windows 95 On An iPhone 6 Plus

TechCrunch – By: John Biggs – “Today in ‘putting stuff onto things on which they don’t belong,’ we present a user, xyq058775, and his exciting admission that he installed Windows 95 on a brand new iPhone. He used a tool called iDos, an open source DOSBox-like app to install the OS. He found that most of it worked fine but he was unable to upgrade to Windows XP. And we can assume he was also able to play Doom.

There’s is very little new about this whole process – people have been putting emulators on things since the original VAX machines – but it’s cool to see resurrected software run so readily on new hardware. While I can’t imagine a real world use case for this (maybe you really need to run a copy of Mavis Beacon?) it’s a great theoretical exercise. Who knows, maybe someone can run POSDT next.

Here is the poorly translated FAQ:

1.Q: Can I install WINDOWS XP? A: The answer is yes you can, but certainly not by idos, because idos simply simulate the DOS environment is not the true sense of the virtual machine, so the system is more difficult to run the DOS and idos simulation environment and do not have XP running basic environmental needs, so later if transplanted XP system, then I will make use of their leisure time with friends ios platform to write a plug-in to run XP virtual machine system.

2.Q: Why are you doing this? Why not use Remote Desktop. A: First, to show that this kind of thing tall Remote Desktop is currently no support on win98 systems, not to use during system installation and tool methods have sent me here.

3.Q: Why is the process I installed the explorer process wrong? A: Because idos simulator only simulates the 16’s dos environment, although win98 16/32 hybrid system but Explorer and exe process large part needed is a 32-bit environment, so when they need 32 program calls some system environment variables and support libraries when an error occurs, LZ modify some of the resource is designed to allow him to run in idos environmental good, However, this modification will change the part of the machine, which has led some device errors when using LZ modify the good image. After LZ according to everyone’s feedback slowly improve!

There are full instructions on his post if you can read Chinese. If not, I leave the installation as an exercise for the reader.”

Nov
15th

OK, Is This Real?

This claims to be open information, free to the world. Hummmm…


Download with Vixy | YouTube to MP3 | Replay Media Catcher

I guess my question is, who determines what information gets distributed?

Here’s more information on “Outernet.”

Nov
15th

Facebook to Begin Limiting Promotional Posts in the News Feed

I am down with this!

News Feed FYI: Reducing Overly Promotional Page Posts in News Feed

Facebook – “One of the main reasons people come to Facebook is to see what’s happening in their News Feeds. Our goal with News Feed has always been to show people the things they want to see. That’s why we often look to people on Facebook to tell us how we can improve. As part of an ongoing survey we asked hundreds of thousands of people how they feel about the content in their News Feeds. People told us they wanted to see more stories from friends and Pages they care about, and less promotional content.

We dug further into the data to better understand this feedback. What we discovered is that a lot of the content people see as too promotional is posts from Pages they like, rather than ads. This may seem counterintuitive but it actually makes sense: News Feed has controls for the number of ads a person sees and for the quality of those ads (based on engagement, hiding ads, etc.), but those same controls haven’t been as closely monitored for promotional Page posts. Now we’re bringing new volume and content controls for promotional posts, so people see more of what they want from Pages.

According to people we surveyed, there are some consistent traits that make organic posts feel too promotional:

  • Posts that solely push people to buy a product or install an app
  • Posts that push people to enter promotions and sweepstakes with no real context
  • Posts that reuse the exact same content from ads

Fewer Promotional Page Posts

Beginning in January 2015, people will see less of this type of content in their News Feeds. As we’ve said before, News Feed is already a competitive place – as more people and Pages are posting content, competition to appear in News Feed has increased. All of this means that Pages that post promotional creative should expect their organic distribution to fall significantly over time.

This change will not increase the number of ads people see in their News Feeds. The idea is to increase the relevance and quality of the overall stories – including Page posts – people see in their News Feeds. This change is about giving people the best Facebook experience possible and being responsive to what they have told us.

While Pages that post a lot of the content we mention above will see a significant decrease in distribution, the majority of Pages will not be impacted by this change.”

Nov
15th

Google Play Subscribers to Get YouTube Music Key!

Since I am a Google Play Music subscriber, I am stoked! Yes!

Google says Play Music subscribers automatically get access to YouTube Music Key starting next week

9 to 5 Google – By: Stephen Hall – “When YouTube Music Key was announced earlier this week, we were left with many details about the service unexplained. Of these, was the question of whether or not current Google Play Music subscribers were going to have access to the service automatically. While the announcement said that subscribers of Music Key would be getting All Access subscriptions included, it wasn’t exactly clear whether or not it worked the other way around. Now we have the answer:

Starting next week, as a Google Play Music subscriber, you’ll get free and complete access to the YouTube Music Key beta, a new service from YouTube where you can watch ad-free music videos, and keep the music playing in the background or when you’re offline. The Google Play Music app will also include ad-free music videos alongside select tracks. Stay tuned for more information.

In an email sent out to Google Play Music subscribers this morning, the above snippet of text explained that those who already subscribe to Google’s music service will be getting access to the Music Key beta starting ‘next week.’ The service promises ad-free listening to music on YouTube, offline playback, and the ability to listen to music in the background on your mobile devices.

If you’re not a Google Play Music All Access subscriber and you still want to get access to the Music Key beta, head over to the Music Key splash page and hand over your email address.”

Nov
15th

Mobile Pwn2Own: Microsoft Wins?!?

Yep, the end of the world, like I said. Microsoft is the safest phone. OK, did somebody not tell me and it is really April 1st?

Mobile Pwn2Own 2014: Windows Phone’s sandbox resists attack

http://www.net-security.org/secworld.php?id=17640

Help Net Security – “The Mobile Pwn2Own 2014 hacking competition, held at the PacSec Applied Security Conference in Tokyo, Japan, was concluded on Thursday, and not one of the targeted phones has survived completely unscathed.

Of the targets available for selection, Amazon Fire Phone, Apple iPhone 5S, Samsung Galaxy S5, and Google/LG Nexus were completely ‘pwned,” the Nokia Lumia 1520 running Windows Phone partially, and BlackBerry Z30, Apple’s iPad Mini and the Nexus 7 weren’t targeted at all.

Competitors were encouraged to come at the phones from a variety of sides – via the mobile web browser, through mobile app and OS holes, via Bluetooth, Wi-Fi or NFC, messaging services or, in limited cases, via baseband.

A successful exploitation of a bug in the latter carried with it a $150,000 prize, the others less: $100,000 for messaging services, $75,000 for short distance and $50,000 for the browser, apps or OS.

Not many details about the successful exploits were provided, as the information is first shared with vendors and will be shared with the public once the bugs are closed.

What we know is that the Apple iPhone 5S was owned via the Safari browser by exploiting two bugs, the Amazon Fire Phone was breached via three bugs in its browser, Samsung Galaxy S5 was successfully targeted via NFC by two different teams (one by triggering a deserialization issue in certain code, and the other by targeting a logical error), and the Nexus 5 was forced to pair with another phone via Bluetooth.

The two contestants that did their attacks on the second day were less successful: Jüri Aedla used Wi-Fi to target a Nexus 5, but was unable to elevate his privileges further than their original level. And Nico Joly tried to exploit Lumia’s browser, but didn’t manage to gain full control of the system as the sandbox held. He did, however, manage to extract the cookie database.

More details about the exploits can be expected in the coming weeks, as the vendors patch the bugs and the contestants are given leave to discuss their attacks publicly.”


7 day free trial