Sunday, May 28, 2017

Laser Parking

Recently we traded cars. I got to playing around with the parking position in the garage and found that if I parked the Pilot just right I could open the liftgate with the garage door closed. That seemed like a good plan. The challenge was how to park in the right place every time.

I found Park Right Garage Laser Park with dual lasers on Amazon.


I mounted it high on the wall ...


... and pointed each laser to a car. It have the target on the crown of the instrument panel in front of the driver.


Works like a charm.

Sunday, May 21, 2017

Traffic Signal Preemption

Every now and then my propeller beanie comes out.


Here I go again.

Now I knew that emergency vehicles have a way to make traffic lights change to allow them to traverse managed intersections but I really never had seen it happen.

Then I did.


That is called line of sight traffic signal preemption.

Watch that video in HD. Slow it down to 1/4 speed. The preemption light is the bright white light above and to the right of the middle signal light. It comes on just before 4 seconds in. At that time, the signal begins cycling the cross traffic to orange and then red. At about 10 seconds the signal turns green for the ambulance.

Isn't that cool?

Sunday, May 14, 2017

Windows 10 MBR2GPT

Windows 10 keeps giving me pleasant surprises, e.g. this post.

The Windows 10 Version 1703 (Creators Update) has another feature that would have saved me DAYS.

Back in early 2015 I needed to migrate my Drobo from a MBR (Master Boot Record) volume to a GPT (GUID Partition Table) volume to allow me to expand the Drobo beyond 2TB,

I got this done by configuring a second Drobo to GPT and copying all the data from the MBR volume to the GPT volume. That took a couple of DAYS.

The Creators Update includes a includes a new tool, mbr2gpt, which converts an MBR volume to a GPT volume WITHOUT modifying or deleting data on the disk.

Winaero has an article with the complete instructions. It's not trivial but it's easier that what I did.

Sunday, May 07, 2017

Nougat

I've been using CyanogenMod for years on a variety of phones. I've always had good luck with it. When Google announced that the Nexus 5 wasn't going to be updated to Nougat I decided to do it on my own.

I did my research and decided to do the upgrade between Christmas and New Years.

Then I saw this on 12/24/16: Cyanogen is shutting down all services and nightly builds on December 31st

Bummer.

But then I saw this on 12/28/16: CyanogenMod Is Dead, and Its Successor is Lineage OS

It was going to take Lineage a while to get up to speed but the CyanogenMod blood line was going to survive.

I had time over the holidays so I went ahead and flashed the final nightly of CyanogenMod Nougat. It worked fine.

As I had done previously I had to unlock the bootloader, flash TWRP using Fastboot, flash the CyanogenMod ROM and then the nano OpenGApps. I'm getting pretty comfortable with this.

By mid-January LineageOS had a nightly for the Nexus 5.

To migrate from CyanogenMod to LineageOS (LOS) I had to flash an "experimental" version of LOS and then the signed LOS ROM.

Just as with CyanogenMod this all went well.

The great folks at LineageOS are cranking out "nightlies" for the Nexus 5 every week. There isn't yet an "official" ROM for the Nexus 5 but the "nightlies" have been rock solid.

They have even gotten SafetyNet to run cleanly.


This means that Android Pay works fine.

The Over The Air (OTA) updates to LineageOS have started working and I've OTA updated each week.

Battery life seems generally unchanged from the OEM Marshmallow. I swapped from the PRIV to the Nexus 5 for a week or so but went back when I felt like the camera was much poorer than the PRIV.

Sunday, April 30, 2017

Google Saying Nice Things about Windows Defender

In a previous post I said:
Recently I heard a discussion that recommended Windows Defender over third party alternatives since Windows Defender didn't add any new attack surfaces to Windows, e.g. Symantec.
Now even Google engineers are promoting Windows Defender for similar reasons:
Browser makers don't complain about Microsoft Defender because we have tons of empirical data showing that it's the only well behaved AV. https://t.co/ClGwEWCoWu
Google engineer, Justin Schuh
And it's free.

And it's fast.

And it's quiet.

You could do worse.

For an alternative view, read this.


Sunday, April 23, 2017

Punycode

Wordfence is a security service for WordPress sites. I heard Leo Laporte talk about a recent post Wordfence had demonstrating a potential phishing technique.

To demonstrate this Wordfence created web site using an technique known as Punycode to encode the URL.

Here is a link to their demonstration site. Look closely at the address bar when you get there.

     https://www.ะตั€ั–ั.com/

Here is a link to the real site. Look closely at the address bar when you get there.

     https://www.epic.com

Can you tell the difference?

So you think you're a real geek and you always right click on a link and select "Copy link address" and then paste it into Notepad to see what the link REALLY links to. Knock yourself out. Try it.

Now is a good time to start worrying.

The only way to discern the difference in the URL is to actually browse to the demonstration site. Then highlight the URL and copy it. Now paste it into Notepad.

     https://www.xn--e1awd7f.com

That "xn--" is the Punycode.

I hope you noticed that the demonstration site also showed the padlock in the address bar. You can thank LetsEncrypt for that.

There's a workaround in Wordfence's post for Firefox and reportedly a fix in version 59 of Chrome.

In the meantime, do you think this would fool your mother?



Sunday, April 16, 2017

Shadow Breakers

There have been several leaks of supposed NSA hacks recently. Generally they have been older vulnerabilities and minimal impact.

Microsoft responded with a blog post.
Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.
However there's somewhat of a back story.

You'll remember that Microsoft mysteriously pulled their February updates with no explanation.

Then in March Microsoft fixed several flaws with no attribution. You have to back into this discovery by matching this with this.

This Engadget article speculates on how/why this happened. There's more speculation from Quartz here.

Whatever happened the result is that Microsoft did a good job of protecting their current platforms from the 0-day vulnerabilities. The same can't be said for the NSA.