Sunday, May 21, 2017

Traffic Signal Preemption

Every now and then my propeller beanie comes out.


Here I go again.

Now I knew that emergency vehicles have a way to make traffic lights change to allow them to traverse managed intersections but I really never had seen it happen.

Then I did.


That is called line of sight traffic signal preemption.

Watch that video in HD. Slow it down to 1/4 speed. The preemption light is the bright white light above and to the right of the middle signal light. It comes on just before 4 seconds in. At that time, the signal begins cycling the cross traffic to orange and then red. At about 10 seconds the signal turns green for the ambulance.

Isn't that cool?

Sunday, May 14, 2017

Windows 10 MBR2GPT

Windows 10 keeps giving me pleasant surprises, e.g. this post.

The Windows 10 Version 1703 (Creators Update) has another feature that would have saved me DAYS.

Back in early 2015 I needed to migrate my Drobo from a MBR (Master Boot Record) volume to a GPT (GUID Partition Table) volume to allow me to expand the Drobo beyond 2TB,

I got this done by configuring a second Drobo to GPT and copying all the data from the MBR volume to the GPT volume. That took a couple of DAYS.

The Creators Update includes a includes a new tool, mbr2gpt, which converts an MBR volume to a GPT volume WITHOUT modifying or deleting data on the disk.

Winaero has an article with the complete instructions. It's not trivial but it's easier that what I did.

Sunday, May 07, 2017

Nougat

I've been using CyanogenMod for years on a variety of phones. I've always had good luck with it. When Google announced that the Nexus 5 wasn't going to be updated to Nougat I decided to do it on my own.

I did my research and decided to do the upgrade between Christmas and New Years.

Then I saw this on 12/24/16: Cyanogen is shutting down all services and nightly builds on December 31st

Bummer.

But then I saw this on 12/28/16: CyanogenMod Is Dead, and Its Successor is Lineage OS

It was going to take Lineage a while to get up to speed but the CyanogenMod blood line was going to survive.

I had time over the holidays so I went ahead and flashed the final nightly of CyanogenMod Nougat. It worked fine.

As I had done previously I had to unlock the bootloader, flash TWRP using Fastboot, flash the CyanogenMod ROM and then the nano OpenGApps. I'm getting pretty comfortable with this.

By mid-January LineageOS had a nightly for the Nexus 5.

To migrate from CyanogenMod to LineageOS (LOS) I had to flash an "experimental" version of LOS and then the signed LOS ROM.

Just as with CyanogenMod this all went well.

The great folks at LineageOS are cranking out "nightlies" for the Nexus 5 every week. There isn't yet an "official" ROM for the Nexus 5 but the "nightlies" have been rock solid.

They have even gotten SafetyNet to run cleanly.


This means that Android Pay works fine.

The Over The Air (OTA) updates to LineageOS have started working and I've OTA updated each week.

Battery life seems generally unchanged from the OEM Marshmallow. I swapped from the PRIV to the Nexus 5 for a week or so but went back when I felt like the camera was much poorer than the PRIV.

Sunday, April 30, 2017

Google Saying Nice Things about Windows Defender

In a previous post I said:
Recently I heard a discussion that recommended Windows Defender over third party alternatives since Windows Defender didn't add any new attack surfaces to Windows, e.g. Symantec.
Now even Google engineers are promoting Windows Defender for similar reasons:
Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV. https://t.co/ClGwEWCoWu
Google engineer, Justin Schuh
And it's free.

And it's fast.

And it's quiet.

You could do worse.

For an alternative view, read this.


Sunday, April 23, 2017

Punycode

Wordfence is a security service for WordPress sites. I heard Leo Laporte talk about a recent post Wordfence had demonstrating a potential phishing technique.

To demonstrate this Wordfence created web site using an technique known as Punycode to encode the URL.

Here is a link to their demonstration site. Look closely at the address bar when you get there.

     https://www.ะตั€ั–ั.com/

Here is a link to the real site. Look closely at the address bar when you get there.

     https://www.epic.com

Can you tell the difference?

So you think you're a real geek and you always right click on a link and select "Copy link address" and then paste it into Notepad to see what the link REALLY links to. Knock yourself out. Try it.

Now is a good time to start worrying.

The only way to discern the difference in the URL is to actually browse to the demonstration site. Then highlight the URL and copy it. Now paste it into Notepad.

     https://www.xn--e1awd7f.com

That "xn--" is the Punycode.

I hope you noticed that the demonstration site also showed the padlock in the address bar. You can thank LetsEncrypt for that.

There's a workaround in Wordfence's post for Firefox and reportedly a fix in version 59 of Chrome.

In the meantime, do you think this would fool your mother?



Sunday, April 16, 2017

Shadow Breakers

There have been several leaks of supposed NSA hacks recently. Generally they have been older vulnerabilities and minimal impact.

Microsoft responded with a blog post.
Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.
However there's somewhat of a back story.

You'll remember that Microsoft mysteriously pulled their February updates with no explanation.

Then in March Microsoft fixed several flaws with no attribution. You have to back into this discovery by matching this with this.

This Engadget article speculates on how/why this happened. There's more speculation from Quartz here.

Whatever happened the result is that Microsoft did a good job of protecting their current platforms from the 0-day vulnerabilities. The same can't be said for the NSA.

Sunday, April 09, 2017

iOS 10.3.Whatever

tl;dr Install iOS 10.3.1 now

On March 27, 2017 Apple released iOS 10.3 with little fanfare. Here are their release notes:
iOS 10.3
iOS 10.3 introduces new features including the ability to locate AirPods using Find my iPhone and more ways to use Siri with payment, ride booking and automaker apps.

Find My iPhone
  • View the current or last known location of your AirPods
  • Play a sound on one or both AirPods to help you find them

Siri
  • Support for paying and checking status of bills with payment apps
  • Support for scheduling with ride booking apps
  • Support for checking car fuel level, lock status, turning on lights and activating horn with automaker apps
  • Cricket sports scores and statistics for Indian Premier League and International Cricket Council

CarPlay
  • Shortcuts in the status bar for easy access to last used apps
  • Apple Music Now Playing screen gives access to Up Next and the currently playing song’s album
  • Daily curated playlists and new music categories in Apple Music

Other improvements and fixes
  • Rent once and watch your iTunes movies across your devices
  • New Settings unified view for your Apple ID account information, settings and devices
  • Hourly weather in Maps using 3D Touch on the displayed current temperature
  • Support for searching “parked car" in Maps
  • Calendar adds the ability to delete an unwanted invite and report it as junk
  • Home app support to trigger scenes using accessories with switches and buttons
  • Home app support for accessory battery level status
  • Podcasts support for 3D Touch and Today widget to access recently updated shows
  • Podcast shows or episodes are shareable to Messages with full playback support
  • Fixes an issue that could prevent Maps from displaying your current location after resetting Location & Privacy
  • VoiceOver stability improvements for Phone, Safari and Mail

Weren't we all waiting for improvements in "Cricket sports scores?"

Well, there were a few more things in iOS 10.3. Good things. Things worth talking about. Things worth shouting from the roof tops about. But Apple didn't mention them in the release notice.

MacRumors noted:
iOS 10.3 introduces a new Apple File System (APFS), which is installed when an iOS device is updated. APFS is optimized for flash/SSD storage and includes improved support for encryption. Other features include snapshots for freezing the state of a file system (better for backups), space sharing, and better space efficiency, all of which should result in a more stable platform. Customers updating to iOS 10.3 should first make a backup given that the update installs a new file system.
More on the storage savings from APFS later...

In a separate document from the release notice Apple casually mentioned a few security updates. Specifically it documents 89 CVEs (Common Vulnerabilities and Exposures).

You'd think Apple would tout that.

Maybe there was a reason they didn't though.

On April 3, 2017 Apple released iOS 10.3.1 with ONE security fix.
Wi-Fi
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero
Read that again. Especially this part:
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
This is NASTY. The Register has a good summary. This is a problem in Broadcom's Wi-Fi stack which is used by iPhones after the iPhone 4 and in newer iPods and iPads and some Android phones including Google's Nexus 5, 6 and 6P, most Samsung flagship devices.

The good news is that Apple's ecosystem is able to respond very quickly to vulnerabilities such as this. The bad news is that Android can't.

On a related topic, the implementation of new Apple File System (APFS) that comes with the installation of iOS 10.3.Whatever yields significant savings in storage.

On my 16GB iPad Air, my available storage increased more than 1GB. It took about half an hour to install.