Sunday, April 27, 2014

What A Mess

Who hasn't heart about "Heartbleed?" But I like to put it in perspective.

Here's a click bait headline:
Tests confirm Heartbleed bug can expose server's private key
But go read it for yourself. The hacker was able to get the site's security certificate after "2.5 million requests" against a honeypot setup explicitly to be hacked. And keep reading. What did/could he do with that certificate? Signed an e-mail with it.

So if somebody hit your bank's site a couple of million times and got their security certificate they can't do ANYTHING with that without ANOTHER exploit that gives them a man-in-the-middle position.

Just a word to the wise: Don't do your online banking at Starbucks.

I'm not saying that "Heartbleed" isn't a real problem just keep it in perspective.

And about passwords "leaking" via "Heartbleed," any site worth it's salt (pardon the pun) is using good password management so the the passwords IN MEMORY should just be salted hashes.

Ok, sure. Go change your passwords if it makes you feel better.

And if you really want a placebo, go into your browser and enable the "Check for server certificate revocation."

Why is that a placebo? Read Steve Gibson's Certificate Revocation Pages:

  1. Introduction
  2. Commentary
  3. Chrome's CRLSets

Clearly these are one person's opinion and a work in progress. Still, that's a real problem.

What a mess...

Sunday, April 20, 2014


Without airing all my dirty laundry I need to raise the level of security on my Android devices. At the same time I want to minimize the burden when I am in a "friendly" place like my home, car or office.

What I found was AutomateIT. It's free in the Play Store. There's also a Pro version. There was a good article on Lifehack that described how to use it.

AutomateIT comes with a starter set of rules. I just turned all of them off.

I created several pairs of rules. Each pair consisted of one rule that turned off the screen lock when I connected to a known network (Wi-Fi at home or office or BlueTooth in the car) and a complementary rule that turned the screen lock on when I disconnected from a known network.

Seemed easy.

Here's what my rules look like.

Editing the "When (car) is connected disable Lock Screen."

It is set to trigger when it connects to my car's BlueTooth. Then the action is to disable the screen lock.

Here's the detail.

Notice that the Action to "Enable/Disable Screen Lock" is the same and you specify whether to enable or disable with a check box. Odd but works fine.

So far, so good.

Now here's a log.

It reads bottom to top.

Let's start with the earliest full entry.

12:41:14 When (car) is connected disable Lock Screen - I started the car to drive to work.

So it unlocks the screen.

13:04:08 When (car) is disconnected enable Lock Screen - I get to work and turn off the car.

So it locks the screen.

13:04:16 When (work) is connected disable Lock Screen - I walked into the office.

So it unlocks the screen.

13:20:23 When (car) is connected disable Lock Screen - I started the car to leave work.

So it unlocks the screen. But wait. It was already unlocked.

13:20:36 When (work) is disconnected enable Lock Screen - I drove out of range of work's Wi-Fi.

So it locks the screen. But I'm in the car!

The next 2 entries are where I disabled the BlueTooth on the phone to try to get back in sync.

This really isn't a fault with AutomateIT. Perhaps AutomateIT Pro with composite triggers and composite actions can address this but it's going to get messy.

There's another situation that isn't the fault of AutomateIT. Often when AutomateIT toggles the screen lock, Android leaves the screen on. It locks it for touch but leaves the light on. To use the screen you have to tap the Power button to wake it up.

I'm undecided whether I'm going to stick with it.

Sunday, April 13, 2014


I can't believe it. I have never posted about my TiVos. It's a long story. Too long to go into here. Just suffice it to borrow a quote from The Verge:
There is nothing more instantly dangerous to the average relationship than screwing up the TV.

Recently I was playing a YouTube video on my TV using my Chromecast. But when I clicked on the "Cast" button on the YouTube player here's what I got:

"Play on TiVo in the Den"? And it did.

Ok, what's going on here?

It turns out that the "Winter" update to my TiVo Premiere introduced DIAL (DIscovery And Launch) support. There's a little more documentation here. Pretty low key of TiVo if you ask me.

This means that DIAL-enabled applications can "cast" directly to the TiVo. At this time this seems to be YouTube and Netflix. Still a good start. Means I don't have to switch inputs on my TV to watch YouTube videos.

Sunday, April 06, 2014

Lockscreen Shortcuts

I guess I've been asleep at the wheel. I was playing with Contacts+ and noticed that they had a widget. This led me to try to put something on my Skyrocket's lockscreen. Since the Skyrocket is still running Ice Cream Sandwich (4.1.2) I couldn't put a widget on my lockscreen but I was able to put a shortcut there.

Somehow I had missed that along the way but I apparently wasn't the only one. This thread tries to explain how to do it.

Here's what I did.

Go to "Settings" and then tap on "Lock screen."

Tap on "Lock screen options."

Make sure that the "Shortcuts" slider is "ON" and then (and here's the trick) tap on "Shortcuts."

Tap on the "+."

Now select an application to put on the lockscreen.

Ta da!