Sunday, June 24, 2012

This Is More Bad News

I quit installing Java JRE (Java Runtime Environment) on new computers some time ago but I still have a couple of older installs with Java running on them. Oracle recently started pushing Java 7 to them. With Java 7 these computers were SILENTLY installing something called JavaFX. I Googled it and found mostly developer-oriented discussions.

Long time readers of this blog know I'm a regular listener to Leo Laporte and Steve Gibson's Security Now. Alternate episodes are listeners' questions so I posed the JavaFX question to Steve. My question was chosen for Episode 358.


In short, Steve's answer was "This is more bad news."

Just uninstall Java and JavaFX. You really won't miss it.

Wednesday, June 20, 2012

Am I the Last Person?

Maybe I'm the last person to figure this out but really...

Have you ever bought anything using PayPal? Ever bought anything using Amazon checkout? Ever used Facebook social plugin?

Did you realize that after you finished the transaction with the store and looked around to make sure that you were logged out of the store that you still had an active authorized session with PayPal or Amazon? You can't imagine what information Facebook captures and shares if you're logged in!

Try this the next time you use PayPal. When you finish the transaction, look around to make sure that you are logged out of the store. Close the browser tab. Now open a new tab and browse to paypal.com. You're still logged in.

Now admittedly you're in your own house with your own browser but a malicious site with a click-jacking exploit could look around and see the still active session with PayPal and have fun with your credit. Amazon works the same way.

All you need to do to be safe is after a web transaction that uses a third party payment system, go to that third party site and logout. You'll sleep better.

Sunday, June 17, 2012

It's a DONGLE

I'm conflicted on Apple products. My wife loves her iPhone. My iPad is worlds better than my hacked Android Nook Color. But I recognize the Apple Tax. And the Reality Distortion Field is unbelievable.

The recent announcements are a case in point. While I'm not in the market for an Apple laptop I still follow the products. I was reading PCMag's review of the new MacBook Pro. Right at the top of the page were the Pros and Cons.


Doesn't that distortion hurt?

I couldn't believe that using Ethernet on a modern laptop requires a DONGLE. Please Apple, don't call it an ADAPTER. It's a DONGLE.

I went off to find what this gadget looks like. Amazon has them for pre-order.


I thought that looked familiar so I Googled some. Yep. I thought I'd seen that before.


Why couldn't Apple have used the elegance of XJACK?


They could have called it an iJACK and have said that "When not in use, the iJACK magically retracts into the MacBook for storage."

There's an alternative review on Wired.

Sunday, June 10, 2012

Tracking Cookies

Recently when I was browsing the Guardian I got this bar across the top of the page.


This must be from the EU's new cookie directive. From the Register:
The EU has put forward a directive that partly covers the use of cookies (Directive 2009/136/EC [PDF]) and set a timetable for this to be incorporated into the national law of member states by 25 May. The rules emphasise the need for clear consent from a user, underpinned by clear up-front explanations, before cookies are installed on a user's machine.
The link in the bar on the Guardian page took me here. That page is very thorough and further down the page was this section on "How do I turn cookies off?"


In that section was a link to the Network Advertising Initiative.

I went there and clicked on that big red button on the right.


That button took me here.


While I had all either "No Cookie" or null entries a friend had a lot of sites with "Active Cookie: You have not opted out and you have an active cookie from this network."

So you know what I did. Clicked on "Select All" and then "Submit."

Ooops!


Hmmm. Why didn't it take?

I tripped myself up. In Chrome I had third party cookies blocked. It seems that the opt-out cookies are technically third party cookies.

So I went to Chrome's Settings. In Settings I clicked on "Show advanced settings..." Next I went to Privacy / Content Settings.


I unchecked "Block third-party cookies and site data" and clicked "OK" way down at the bottom.


Then I tried the "Select All" and then "Submit."


Much better. A couple of them still didn't take but I made real progress. Then I re-checked "Block third-party cookies and site data" in Chrome's settings.


On this page the NAI says:
The NAI has adopted a policy that all NAI member companies set a minimum lifespan of five years for their opt out cookies.
So I should be done for a while.

For the truly paranoid, go run this test.

Wednesday, June 06, 2012

Nook Color Ice Cream Sandwich

Last summer I installed Android 2.3 (Gingerbread) on my Nook Color. I used a technique described on the XDS Developers forum that let the Nook boot Gingerbread from a microSD card. The developer (verygreen) of this technique has apparently moved on to new challenges.

In the meanwhile, Android 4.0 (Ice Cream Sandwich - ICS) has dropped and there are nightlies for the Nook Color but the installation techniques install ICS to the eMMC, the internal flash drive. I still like the simplicity of booting from a microSD card.

The thread above has continued to get comments and questions and leapinlar has been very helpful in fielding these.

So here's how to install CyanogenMod 9 (CM9) Ice Cream Sandwich on a microSD for a Nook Color.

Use a Sandisk Class 4 8GB microSD card as recommended here. Use a microSD USB adapter and inset the microSD and USB adapter into your computer.

leapinlar has updated verygreen's microSD image to support ICS. Download the latest generic-sdcard-v1.3-ICS-large-Rev[?].zip from here. Unzip and extract generic-sdcard-v1.3-ICS-large-Rev[?].img.

If you're running Windows, download win32diskimager-RELEASE-0.3-r27-binary.zip from here. Unzip and extract the folder win32diskimager-RELEASE-0.3-r27-binary. Run Win32DiskImager.exe and write leapinlar's image (generic-sdcard-v1.3-ICS-large-Rev[?].img) to the microSD card.

After Win32DiskImager is done with writing, eject the microSD and USB adapter and re-insert it into your computer.

Download a CM9 nightly build from here. Pick the newest that does not say opengl. Be sure to scroll down to the bottom of that page to get the newest build.

Download the Google apps for Ice Cream Sandwich (currently gapps-ics-20120429-signed.zip) from here.

With the newly imaged microSD and USB adapter back in your computer, copy the CM9 nightly build zip and Google apps zip into the root partition (the only one you can see) of the microSD card.

Eject the microSD and USB adapter from your computer.

Make sure that the Nook Color is powered down and insert the new microSD card into the Nook. Power it up.

If the Nook doesn't boot at this point, revisit the microSD and USB adapter and the downloaded .img file. Explore alternatives perhaps using a different microSD and/or USB adapter and redownloading the .img file.

Sit back and watch. It will take a few minutes and lots of messages will scroll by. Then the screen will go black. Power up the Nook.

Ice Cream Sandwich!

I still had to use the Google Play Store to install Gmail and youtube.

See also the errata.

Sunday, June 03, 2012

Microsoft Tags

Recently I had a meeting with a former CIO, now VP of sales with a large regional VAR. As we exchanged business cards I noticed that he had a symbol on his. It looked like a QR code but somewhat stylized, i.e. triangles instead of squares.

I immediately pulled out my Captivate and fired up Barcode Scanner and waited and waited. Barcode Scanner couldn't read it. The VP was confounded as to why nobody else in the room could read it.

Turns out it wasn't a QR code but a Microsoft Tag.

I was going to write a long blog post about QR codes and Microsoft Tags and the difference but who cares?

Suffice it to say that Microsoft took something that was simple and universal and added complexity and took away interoperability for a modest gain in functionality that won't matter because nobody will use it.

If you insist on reading more on Microsoft Tags, here's a good blog post.