m Quec.lim's republished posts.http://quec.li/~m /We can de-anonymize programmers from coding style. What are the implications?https://freedom-to-tinker.com/blog/aylin/we-can-de-anonymize-programmers-from-coding-style-what-are-the-implications/https://freedom-to-tinker.com/?p=10819Thu, 26 Feb 2015 11:20:00 -0500In a recent post, I talked about our paper showing how to identify anonymous programmers from their coding styles. We used a combination of lexical features (e.g., variable name choices), layout features (e.g., spacing), and syntactic features (i.e., grammatical structure of source code) to represent programmers? coding styles. The previous post focused on the overall [&#8230;]http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10819matt [wronka.org] Samsung's SmartHubhttp://quec.es/org.wronka/matt/2015/02/26/Thu, 26 Feb 2015 15:55:31 +0000;matt [wronka.org]Thu, 26 Feb 2015 10:55:00 -0500Two nights ago, my wife went to bed, and I tried to watch some <a href="http://quec.es/t/columbo/">Columbo</a> on <a href="http://quec.es/t/netflix/">Netflix</a> (I was up to the <a href="http://quec.es/t/great/">Great</a> <a href="http://quec.es/t/santini/">Santini</a>, who sets up his own alibi through a fragile, technical, contrivance). We've only recently subscribed to <a href="http://quec.es/t/netflix/">Netflix</a> since I've always been leary of the reliability of cloud services and rental subscriptions like this in general. It turns out the flakey <a href="http://quec.es/t/samsung/">Samsung</a> implementation was more to blame.<br /> <br /> This isn't abnormal. <a href="http://quec.es/t/first/">First</a> off, the <a href="http://quec.es/t/samsung/">Samsung</a> equipment (we own two of their <a href="http://quec.es/t/tvs/">TVs</a> and one <a href="http://quec.es/t/dvd/">DVD</a> player, all with essentially the same software) seem to arbitrarily forget <a href="http://quec.es/t/wifi/">WiFi</a> passwords, which makes supporting them frustrating if not useless (they're all on the unsecured network now). <a href="http://quec.es/t/sometimes/">Sometimes</a> it fails to connect for a short period, and I need to just wait; that wasn't happening.<br /> <br /> Obviously, there was a larger problem. I gave up and watched <a href="http://quec.es/t/topgear/">TopGear</a> on my <a href="http://quec.es/t/mythtv/">MythTV</a> box instead, expecting whatever issue <a href="http://quec.es/t/samsung/">Samsung</a> was having to resolve itself the next day. Why a box can't trust that it's on the <a href="http://quec.es/t/internet/">Internet</a>, or at least be optimistic about it once it's gotten an IP address, and a <a href="http://quec.es/t/dns/">DNS</a> server that resolves what it needs is an open question that I've tried to ask <a href="http://quec.es/t/samsung/">Samsung</a> support (like the TV's software, I'm not optimistic for a response).<br /> <br /> Yesterday while I was at work, I&shy; got a message from my wife, complaining about the <a href="http://quec.es/t/dvd/">DVD</a> player not thinking it had <a href="http://quec.es/t/internet/">Internet</a> access. <a href="http://quec.es/t/obviously/">Obviously</a>, she wanted to think it was a problem with our network&mdash;which is reasonable, given that's what the software said&mdash;but it turns out <a href="http://quec.es/t/samsung/">Samsung</a> still didn't have their system up. It seems that there was some <a href="http://quec.es/t/dns/">DNS</a> hokeyness with their <a href="http://quec.es/t/akamai/">Akamai</a> <a href="http://quec.es/t/dsa/">DSA</a> settings. <a href="http://quec.es/t/after/">After</a> a chain of <a href="http://quec.es/t/cnames/">CNAMEs</a> (some of which included &quot;china-&quot; prefixes for some reason) eventually we got very short <a href="http://quec.es/t/ttl/">TTL</a> addresses, which were not returning appropriate answers for the TV.<br /> <br /> A <a href="http://quec.es/t/web/">Web</a> search found somebody who *had* found an IP address that worked, also being served through <a href="http://quec.es/t/akamai/">Akamai</a> <a href="http://quec.es/t/dsa/">DSA</a>:<br /> <a href="http://www.myce.com/news/smart-tv-mayhem-sony-samsung-users-central-servers-go-75137/">http://www.myce.com/news/smart-tv-mayhem-sony-samsung-users-central-servers-go-75137/</a><br /> <br /> The resulting IP for www.samsung.com was 23.66.247.46; while you're setting-up your own <a href="http://quec.es/t/dns/">DNS</a> for your <a href="http://quec.es/t/samsung/">Samsung</a> devices, I also suggest making ad.samsungadhub.com and rd.samsungadhub.com either fail or point to localhost since these are what send and track impressions for the annoying little piece of real estate in the top right corner.<br /> <br /> I strongly discourage anyone from buying one of these devices (and apparently <a href="http://quec.es/t/sony/">Sony</a> devices) for these features, since they seem to be fragile. As I&shy; was trying to find information on the current outage (<a href="http://quec.es/t/samsung/">Samsung</a> was not forthcoming and even mentioned on their support page of no known issues), I found references and news articles for outages regularly going back to 2013. It's clear <a href="http://quec.es/t/samsung/">Samsung</a> doesn't treat this as production functionality.<br /> <br /> More coverage today, after a couple days of this:<br /> <a href="http://www.theregister.co.uk/2015/02/26/samsung_sony_tv_outage/">http://www.theregister.co.uk/2015/02/26/samsung_sony_tv_outage/</a>http://quec.li/EntryComments?feed=http%3A%2F%2Fquec.es%2Forg.wronka%2Fmatt%2Fsynd%2F&entry=Thu%2C+26+Feb+2015+15%3A55%3A31+%2B0000%3Bmatt+%5Bwronka.org%5DEveryone Wants You To Have Security, But Not from Themhttps://www.schneier.com/blog/archives/2015/02/everyone_wants_.htmltag:www.schneier.com,2015:/blog//2.6790Thu, 26 Feb 2015 07:47:00 -0500http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6790Stories of the Past and Futurehttp://xkcd.com/1491/http://xkcd.com/1491/Wed, 25 Feb 2015 00:00:00 -0500<img src="http://imgs.xkcd.com/comics/stories_of_the_past_and_future.png" title="Little-known fact: The 'Dawn of Man' opening sequence in 2001 cuts away seconds before the Flinstones theme becomes recognizable." alt="Little-known fact: The 'Dawn of Man' opening sequence in 2001 cuts away seconds before the Flinstones theme becomes recognizable." />http://quec.li/EntryComments?feed=http%3A%2F%2Fxkcd.com%2Frss.xml&entry=http%3A%2F%2Fxkcd.com%2F1491%2FMan-in-the-Middle Attacks on Lenovo Computershttps://www.schneier.com/blog/archives/2015/02/man-in-the-midd_7.htmltag:www.schneier.com,2015:/blog//2.6782Fri, 20 Feb 2015 16:43:00 -0500<p>It's not just national intelligence agencies that break your https security through man-in-the-middle attacks. Corporations do it, too. For the past few months, Lenovo PCs have shipped with an adware app called Superfish that <a href="http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/">man-in-the-middles</a> <a href="http://www.theverge.com/2015/2/19/8071745/superfish-lenovo-adware-invisible-systems%20">TLS connections</a>.</p> <p>Here's <a href="http://www.wired.com/2015/02/lenovo-superfish/">how it</a> <a href="https://nakedsecurity.sophos.com/2015/02/20/the-lenovo-superfish-controversy-what-you-need-to-know/">works</a>, and here's <a href="https://nakedsecurity.sophos.com/2015/02/20/how-to-get-rid-of-the-lenovo-superfish-adware/">how to get rid of it</a>.</p> <p>And you should</i> get rid of it, not merely because it's nasty adware. It's a security risk. Someone with the password -- here it is, <a href="http://www.theverge.com/2015/2/19/8071745/superfish-lenovo-adware-invisible-systems">cracked</a> -- can perform a man-in-the-middle attack on your security as well.</p> <p>Since the story broke, Lenovo <a href="http://www.wired.com/2015/02/lenovo-superfish/">completely misunderstood the problem</a>, <a href="http://blogs.wsj.com/personal-technology/2015/02/19/lenovo-turns-off-superfish-pc-adware-following-customer-complaints/">turned off the app</a>, and is now <a href="http://blogs.wsj.com/digits/2015/02/19/lenovo-cto-were-working-to-wipe-superfish-app-off-of-pcs/">removing it from its computers</a>.</p> <p><a href="http://yro.slashdot.org/story/15/02/19/1348207/lenovo-allegedly-installing-superfish-proxy-adware-on-new-computers">Three</a> <a href="http://it.slashdot.org/story/15/02/19/1924207/superfish-security-certificate-password-cracked-creating-new-attack-vector">Slashdot</a> <a href="http://it.slashdot.org/story/15/02/20/1532256/lenovo-to-wipe-superfish-off-pcs">threads</a>. </p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6782The sleepover: American versus French standardshttp://blogs.law.harvard.edu/philg/2015/02/20/the-sleepover-american-versus-french-standards/http://blogs.law.harvard.edu/philg/?p=6960Fri, 20 Feb 2015 11:08:00 -0500http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6960NSA/GCHQ Hacks SIM Card Database and Steals Billions of Keyshttps://www.schneier.com/blog/archives/2015/02/nsagchq_hacks_s.htmltag:www.schneier.com,2015:/blog//2.6781Fri, 20 Feb 2015 08:51:00 -0500<p><i>The Intercept</i> has an <a href="https://firstlook.org/theintercept/2015/02/19/great-sim-heist/">extraordinary story</a>: the NSA and/or GCHQ hacked into the Dutch SIM card manufacturer Gemalto, stealing the encryption keys for billions of cellphones. People are still trying to figure out exactly what this means, but it seems to mean that the intelligence agencies have access to both voice and data from all phones using those cards.</p> <p>Me in <a href="http://www.theregister.co.uk/2015/02/19/nsa_and_gchq_hacked_worlds_largest_sim_card_company_to_steal_keys_to_kingdom/">The Register</a>: "We always knew that they would occasionally steal SIM keys. But <i>all</i> of them? The odds that they just attacked this one firm are extraordinarily low and we know the NSA does like to steal keys where it can." </p> <p>I think this is one of the most important Snowden stories we've read.</p> <p>More <a href="http://www.theguardian.com/us-news/2015/feb/19/nsa-gchq-sim-card-billions-cellphones-hacking">news</a> <a href="http://www.nytimes.com/aponline/2015/02/20/world/europe/ap-eu-netherlands-nsa-surveillance-.html">stories</a>. Slashdot <a href="http://yro.slashdot.org/story/15/02/19/2230243/how-nsa-spies-stole-the-keys-to-the-encryption-castle">thread</a>. Hacker News <a href="https://news.ycombinator.com/item?id=9076351">thread</a>.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6781The Epson V850 Pro Scanner in Contexthttp://feedproxy.google.com/~r/luminous-landscape-whatsnew/~3/wy9jujMW0fU/http://luminous-landscape.com/?p=184550Fri, 20 Feb 2015 06:15:00 -0500http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds2.feedburner.com%2Fluminous-landscape-whatsnew&entry=http%3A%2F%2Fluminous-landscape.com%2F%3Fp%3D184550matt [wronka.org] Mozilla BUY TAX SOFTWARE FireFoxhttp://quec.es/org.wronka/matt/2015/02/13/Fri, 13 Feb 2015 01:57:22 +0000;matt [wronka.org]Thu, 12 Feb 2015 20:57:00 -0500Recently&mdash;last week or so that is&mdash;I noticed my &quot;speed dial&quot;/recently viewed sites list on my desktop copies of <a href="http://quec.es/t/mozilla/">Mozilla</a> <a href="http://quec.es/t/firefox/">FIreFox</a> were cleared. This happened to co&iuml;ncide with rebuilding nightly. At first this was an annoyance, when everything was replaced with links to <a href="http://quec.es/t/mozilla/">Mozilla</a> and open source pages. <a href="http://quec.es/t/after/">After</a> using the browser for a bit, I got one bookmark back on the page (oddly, something I *hadn't* visited that day); and now after about a week, I've got the first three and the final (15th) spot as pages I've visited.<br /> <br /> In addition to those, a tab for the <a href="http://quec.es/t/mozilla/">Mozilla</a> <a href="http://quec.es/t/marketplace/">Marketplace</a> and nine other <a href="http://quec.es/t/mozilla/">Mozilla</a> links: I now have a tab for a tax package. I'm not happy with you <a href="http://quec.es/t/mozilla/">Mozilla</a>. <a href="http://quec.es/t/basically/">Basically</a>, I'm saying the same thing to you that you are to your users.http://quec.li/EntryComments?feed=http%3A%2F%2Fquec.es%2Forg.wronka%2Fmatt%2Fsynd%2F&entry=Fri%2C+13+Feb+2015+01%3A57%3A22+%2B0000%3Bmatt+%5Bwronka.org%5DOn Lens Detection and Correctionhttp://www.darktable.org/2015/02/on-lens-detection-and-correction/http://www.darktable.org/?p=3543Thu, 12 Feb 2015 15:10:00 -0500http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.darktable.org%2Ffeed%2F&entry=http%3A%2F%2Fwww.darktable.org%2F%3Fp%3D3543Android 5.0 / CyanogenMod 12.0 on The OnePlus Onehttp://www.prolixium.com/blog?id=1013http://www.prolixium.com/blog?id=1013Sat, 07 Feb 2015 17:21:00 -0500<p>Alright, I've been venting on various social networks about this so I think it's time I write a blog entry on it.</p> <p>tl;dr: Android 5.0 (Lollipop) is the worst version of Android I've used and will most likely be the reason why my next phone will not run Android.</p> <h3>Why Did I Upgrade?</h3> <p>I have been running CyanogenMod 11.0 nightly builds on my OnePlus One since I got the phone (October of 2014) and have been happy with it. CyanogenMod is the only Android variant that works on the OnePlus One with the officially-supported build being version 11S. CyanogenMod 11 is based on Android 4.4 and adds "tweaks" and usability enhancements to the user interface. The enhancements I typically find most useful are the additional tiles (3G/LTE, data, tethering, performance, lock delay, etc. one-tap toggles) and privacy guard (limit individual applications' access to personal data).</p> <p>The upgrade was a mistake, really. I decided to upgrade to a newer nightly build of 11 at the beginning of January but was instead presented with a list of nightly builds of CyanogenMod 12, instead of 11. Nighty builds for 11 apparently have ceased with most development effort likely going toward 12. Not paying attention to this, I tapped upgrade and bricked my phone (going from 11 to 12 probably required a wipe, which I would have done anyway). After backing up some unsaved stuff on my phone via ADB I decided to do a clean install of 12 instead of going back to 11, since I would be forced to eventually.</p> <h3>First Impressions</h3> <p>Android's Material Design doesn't really bother me. I don't care if buttons, widgets, and windows are flat, 3D, or something else. I typically don't like special effects and animations, though, and try to disable them as much as possible. Android 5.0 still let me disable the animations (<a href="https://code.google.com/p/android/issues/detail?id=62394">this</a> is not a problem anymore) completely, so that made me happy.</p> <p><img style="border-style: solid; border-color: #000000; border-width: 1px; padding: 4px; vertical-align: middle;" src="http://www.prolixium.com/images/blog/cm12-batterysaver.png" title="Battery Saver" alt="Battery Saver" /></p> <p>There's a new battery saver mode that has been added in Android 5.0. It shuts off all vibrations, throttles the clock on the CPU and GPU, and dims the screen. I find it useful when I'm at the office since I hardly use my phone when I'm at my desk.</p> <p>Unfortunately, I've already come to the end of the parts of Android 5.0 that don't bother me. The rest is all downhill.</p> <h3>Notification System</h3> <p>The notifications system changed for the worse. I want the old system back.</p> <p><img style="border-style: solid; border-color: #000000; border-width: 1px; padding: 4px; vertical-align: middle;" src="http://www.prolixium.com/images/blog/cm12-topnotifications.png" title="Annoying Notifications" alt="Annoying Notifications" /></p> <p>Android 5.0's notification system seems to be an odd copy of how iOS does notifications plus some general stupidity. I always found iOS' notification system to be pretty horrible (although, I only use it on an iPad.. I do not own an iPhone). Instead of notifications lining up in the status bar at the top of the screen, they now display as a large rectangle over the status bar and takes up precious screen real estate until you swipe them away.</p> <p><img style="border-style: solid; border-color: #000000; border-width: 1px; padding: 4px; vertical-align: middle;" src="http://www.prolixium.com/images/blog/cm12-fullnotifications.png" title="Full Notifications" alt="Full Notifications" /></p> <p>To make things worse, when one swipes down the status bar to display all notifications, there's no easy way of getting rid of them like there was in prior version of Android. The "clear notifications" button no longer exists at the top of the notification screen but at the bottom of all notifications.</p> <p><img style="border-style: solid; border-color: #000000; border-width: 1px; padding: 4px; vertical-align: middle;" src="http://www.prolixium.com/images/blog/cm12-clearnotifications.png" title="Clear Notifications" alt="Clear Notifications" /></p> <p>So, if you have about half a dozen notifications pending (installed programs, messaging, e-mail, etc. - you don't have to be a social media "rock star" to get tons of notifications), you have to drag them all up to reveal the "clear notifications" button. Who came up with this? This gets significantly worse if you have applications always running that have a permanent notification&mdash;it only takes 3-4 additional notifications to push the "clear notifications" button off the screen.</p> <p>Notifications no longer display on the status bar when the phone is locked. They now are displayed under the clock with three options: 1) display all content 2) hide content 3) hide notifications completely. None of these options work for me&mdash;I want notifications in the status bar! I ultimately just hid them from view completely because they are annoying. If my phone makes a message I now have to unlock it to see what kind of notification I got.</p> <h3>Notification Sounds</h3> <p>This is really still in the "notifications suck" category but deserves its own section. The sound profiles changed and are now terrible. Apparently Android is trying to get away from applying sound profiles to all applications and instead applying profiles that selectively allow what notifications can make sounds (or vibrations) at a given time.</p> <p>Instead of being able to select "vribate only" or "quiet hours" (allow only phone calls to make sounds), I now have three options:</p> <ul> <li>None: No sounds or vibrations</li> <li>Priority: "some" stuff makes sounds and vibrations</li> <li>All: Everything makes sounds and vibrations</li> </ul> <p><img style="border-style: solid; border-color: #000000; border-width: 1px; padding: 4px; vertical-align: middle;" src="http://www.prolixium.com/images/blog/cm12-sounds.png" title="Sounds" alt="Sounds" /></p> <p>The priority setting is kind-of tunable, meaning you can set up priority interruptions that can be 1) events and reminders 2) calls 3) messages.. but, uh, nothing else. It's very half-baked.</p> <p>What bugs <em>me</em> specifically about this is that there is no "vibrate only" setting. This is what I miss from all previous versions of Android. I simply want to put my phone in vibrate mode before entering a meeting&mdash;I still want the phone to let me know things are happening by vibration but not generate any sounds from the speaker. The only way I can see to do this is to enable the "all" mode and slide the volumes all of the way to the left (yet somehow remembering exactly where they were before).</p> <h3>Miscellaneous Annoyances</h3> <p><img style="border-style: solid; border-color: #000000; border-width: 1px; padding: 4px; vertical-align: middle;" src="http://www.prolixium.com/images/blog/cm12-multiuser.png" title="Multiple Users" alt="Multiple Users" /></p> <p>The little person icon on the top right of the notifications drawer is annoying. It's apparently for some multi-user garbage that, in my opinion, doesn't belong on a phone and there's no way of getting rid of it. Seriously, who has a phone that they share with someone else?</p> <p>There's a little weather widget that is enabled by default in the notification drawer. I liked it but I couldn't figure out how to change the temperature from Farenheit to Celsius, so I turned it off. The standard News &amp; Weather widget allows one to choose temperature units.</p> <h3>CyanogenMod Annoyances</h3> <p>I <em>think</em> that these are the result of CyanogenMod and not Android 5.0 itself so they are going in a different category.</p> <p>There's something horribly wrong with the radio firmware for the OnePlus One that comes with CM12. I can't use an IPv6-only APN or even an IPv4/IPv6 one, anymore, without the radio crashing. I have to use the IPv4 APN on T-Mobile, now. It's really strange why an APN setting would trigger a bug in the radio firmware, but I can reproduce it all day and twice on Sundays:</p> <pre>&lt;3&gt;[78188.227080] SMSM: Modem SMSM state changed to SMSM_RESET. &lt;3&gt;[78188.227291] Fatal error on the modem. &lt;3&gt;[78188.227413] modem subsystem failure reason: :Excep :0:. &lt;6&gt;[78188.227521] subsys-restart: subsystem_restart_dev(): Restart sequence requested for modem, restart_level = RELATED. &lt;3&gt;[78188.227670] Notify: start reset &lt;6&gt;[78188.241363] subsys-restart: subsystem_shutdown(): [e0a4b900]: Shutting down modem &lt;4&gt;[78188.341484] pil-q6v5-mss fc880000.qcom,mss: Port c5c7c280 halt timeout &lt;3&gt;[78188.345214] smd_pkt_read notifying reset for smd_pkt_dev id:8 &lt;3&gt;[78188.345271] Ramdump(ramdump_smem): No consumers. Aborting.. &lt;3&gt;[78188.345283] restart_notifier_cb: unable to dump smem -32 &lt;3&gt;[78188.346650] smd_pkt_read notifying reset for smd_pkt_dev id:1 &lt;3&gt;[78188.346717] smd_pkt_read notifying reset for smd_pkt_dev id:5 &lt;3&gt;[78188.346957] smd_pkt_read notifying reset for smd_pkt_dev id:2 &lt;3&gt;[78188.347183] smd_pkt_read notifying reset for smd_pkt_dev id:6 &lt;3&gt;[78188.347402] smd_pkt_read notifying reset for smd_pkt_dev id:3 &lt;3&gt;[78188.347627] smd_pkt_read notifying reset for smd_pkt_dev id:9 &lt;3&gt;[78188.347850] smd_pkt_read notifying reset for smd_pkt_dev id:7 &lt;3&gt;[78188.348071] smd_pkt_read notifying reset for smd_pkt_dev id:4 &lt;3&gt;[78188.349135] smd_pkt_read notifying reset for smd_pkt_dev id:0 &lt;3&gt;[78188.370990] modem_notifier_cb: sysmon_send_event error -38 &lt;3&gt;[78188.371158] M-Notify: General: 4 &lt;6&gt;[78188.372614] subsys-restart: subsystem_powerup(): [e0a4b900]: Powering up modem &lt;6&gt;[78188.377927] pil-q6v5-mss fc880000.qcom,mss: mba: loading from 0x0d100000 to 0x0d149000 &lt;6&gt;[78188.413792] pil-q6v5-mss fc880000.qcom,mss: mba: Brought out of reset &lt;6&gt;[78188.416378] pil-q6v5-mss fc880000.qcom,mss: modem: loading from 0x08000000 to 0x0ce00000 &lt;3&gt;[78188.439592] smd_write_start: packet header failed to write &lt;3&gt;[78188.439693] msm_ipc_router_smd_remote_write: ipc_rtr_smd_ipcrtr chnl reset &lt;4&gt;[78188.649183] audit: audit_lost=13258 audit_rate_limit=20 audit_backlog_limit=64 &lt;3&gt;[78188.649229] audit: rate limit exceeded &lt;6&gt;[78188.978289] pil-q6v5-mss fc880000.qcom,mss: modem: Brought out of reset &lt;3&gt;[78189.061349] Notify: smsm init &lt;6&gt;[78189.096582] pil-q6v5-mss fc880000.qcom,mss: mba: Power/Clock ready interrupt received &lt;6&gt;[78189.096641] pil-q6v5-mss fc880000.qcom,mss: Subsystem error monitoring/handling services are up &lt;6&gt;[78189.098020] subsys-restart: subsystem_restart_wq_func(): [e0a4b900]: Restart sequence for modem completed.</pre> <p>This happens about a second or two after the data connection is established, results in about 5-10 seconds of no signal, then repeats. Apparently I'm not the only one who has this problem considering the reply to my <a href="http://forum.cyanogenmod.org/topic/104483-t-mobile-ipv6-only-apn-issues-wcm12/">post</a>.</p> <p>The OnePlus One has always had a great camera, IMHO. It has done very well in low light and features HDR in hardware, which looks great most of the time. Unfortunately, it seems that the CM12 upgrade has messed up the camera, somehow. Photos get progressively blurrier as the light level decreases. HDR use seems to compound this effect. I'm not sure what was done but I've added a <a href="http://forum.cyanogenmod.org/topic/104904-cm12-blurry-camera-low-light-performance/">post</a> about this, too.</p> <p>Videos don't play anymore. I can record a video with the camera application just fine but whenever I go to play it back on the phone I get a "Cannot play video." message. I haven't really looked into this because I don't take videos with my phone too often. The videos themselves are fine since they play fine on a computer when transferred.</p> <h3>Summary</h3> <p>I would have gone back to CM11 after encountering these issues with CM12 but, as I mentioned, it seems that CM11 development is winding down (completing) and there are no more nightly builds. Also, it's likely that more applications will start to require Android 5.0 in the future.</p> <p>This latest horrible regressions of an upgrade from Google is really making me think that the OnePlus One will be my last Android phone. I really don't want to go to iOS since it's not an open platform and I will have to always wait for the next jailbreak to have a usable device (I rely on having shell access and a customizable control center). The Ubuntu phone stuff looks interesting but it's likely there won't be many applications for the platform for quite sometime (if ever).</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.prolixium.com%2Ffeed%3Fwhat%3Dmynews&entry=http%3A%2F%2Fwww.prolixium.com%2Fblog%3Fid%3D1013matt [wronka.org]http://quec.es/org.wronka/matt/2015/02/06/Fri, 06 Feb 2015 20:55:29 +0000;matt [wronka.org]Fri, 06 Feb 2015 15:55:00 -0500It looks like <a href="http://quec.es/t/mozilla/">Mozilla</a> fixed an issue! <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=898003">https://bugzilla.mozilla.org/show_bug.cgi?id=898003</a> is fixed in incoming. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=791069">https://bugzilla.mozilla.org/show_bug.cgi?id=791069</a> now has a smaller patch: <a href="http://matt.wronka.org/stuff/projects/icpp/mozilla/emailvalidation-rfccompatible-20150206.diff">http://matt.wronka.org/stuff/projects/icpp/mozilla/emailvalidation-rfccompatible-20150206.diff</a>http://quec.li/EntryComments?feed=http%3A%2F%2Fquec.es%2Forg.wronka%2Fmatt%2Fsynd%2F&entry=Fri%2C+06+Feb+2015+20%3A55%3A29+%2B0000%3Bmatt+%5Bwronka.org%5DUPDATE 1-Google panel backs firm on EU limit to 'right to be forgotten'http://feeds.reuters.com/~r/news/usmarkets/~3/iKpxf-rIc9c/story01.htmhttp://www.reuters.com/article/2015/02/06/google-eu-privacy-idUSL6N0VG1W420150206?feedType=RSS&amp;feedName=marketsNewsFri, 06 Feb 2015 08:47:00 -0500BRUSSELS, Feb 6 (Reuters) - A panel of experts appointed by Google to advise it on how to implement an EU ruling ordering it to remove links to some personal information from search results has...<div> <a href="http://feeds.reuters.com/~ff/news/usmarkets?a=iKpxf-rIc9c:CM67lizuNfs:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/news/usmarkets?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/news/usmarkets?a=iKpxf-rIc9c:CM67lizuNfs:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/news/usmarkets?i=iKpxf-rIc9c:CM67lizuNfs:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/news/usmarkets?a=iKpxf-rIc9c:CM67lizuNfs:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/news/usmarkets?i=iKpxf-rIc9c:CM67lizuNfs:F7zBnMyn0Lo" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/news/usmarkets/~4/iKpxf-rIc9c" height="1" width="1" alt="" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2Fnews%2Fusmarkets&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2015%2F02%2F06%2Fgoogle-eu-privacy-idUSL6N0VG1W420150206%3FfeedType%3DRSS%26amp%3BfeedName%3DmarketsNewsPerk up your home price: Live near a coffee shophttp://feeds.reuters.com/~r/news/wealth/~3/4Hm6C3vfqvQ/story01.htmhttp://www.reuters.com/article/2015/02/06/us-realestate-starbucks-homeprices-idUSKBN0LA1CI20150206?feedType=RSS&amp;feedName=PersonalFinanceFri, 06 Feb 2015 08:02:00 -0500NEW YORK (Reuters) - When searching for a new home, buyers usually consider the usual suspects: square footage, number of bedrooms, amount of sunlight.<div> <a href="http://feeds.reuters.com/~ff/news/wealth?a=4Hm6C3vfqvQ:2eVficGJdaU:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/news/wealth?d=yIl2AUoC8zA" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/news/wealth/~4/4Hm6C3vfqvQ" height="1" width="1" alt="" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2Fnews%2Fwealth&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2015%2F02%2F06%2Fus-realestate-starbucks-homeprices-idUSKBN0LA1CI20150206%3FfeedType%3DRSS%26amp%3BfeedName%3DPersonalFinanceNet neutrality: Someone WILL sue. So will the FCC's rules hold up?http://go.theregister.com/feed/www.theregister.co.uk/2015/02/06/so_will_the_fccs_net_neutrality_rules_hold_up/tag:theregister.co.uk,2005:story/2015/02/06/so_will_the_fccs_net_neutrality_rules_hold_up/Fri, 06 Feb 2015 02:29:00 -0500<h4>A deep look into the legality of chairman Wheeler's Title II plans</h4> <p><strong>Analysis</strong> More details about what is contained within new net neutrality rules <a href="http://www.theregister.co.uk/2015/02/04/fcc_wheeler_net_neutrality/">outlined yesterday</a> by FCC chairman Tom Wheeler have made it a virtual certainty that they will be approved by the watchdog later this month.?</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.theregister.co.uk%2Fheadlines.rss&entry=tag%3Atheregister.co.uk%2C2005%3Astory%2F2015%2F02%2F06%2Fso_will_the_fccs_net_neutrality_rules_hold_up%2FNet Neutrality Questionshttp://www.prolixium.com/blog?id=1012http://www.prolixium.com/blog?id=1012Wed, 04 Feb 2015 20:20:00 -0500<p>Rather than go into my opinion about the FCC reclassifying broadband networks in the US as common carriers under Title II, I figured I'd just pose some questions that I haven't seen answers to, so far. In fact, I haven't seen many "gory technical details" at all.</p> <p>First, what ISPs are going to be reclassified? What is the definition of broadband Internet nowadays, anyway? Is it just the 25 Mbps / 3 Mbps throughput requirement or is it just the multi-media requirement, both, or neither? Does the multi-media component require circuit switching (e.g., ATSC + DOCSIS) or can it be extended to different kinds of services (TV, phone, data, etc.) over the same packet-switched protocol? If so, this extends the definition of broadband to many more ISPs' offerings including commercial ones.</p> <p>I've heard that blocking certain TCP and UDP ports constitute a net neutrality violation. Some popular examples are VPN-related ports like UDP/4500 (IPsec NAT-T), IP/50 (IPsec ESP), UDP/1194 (OpenVPN), etc. or BitTorrent-related ports (traditionally TCP/6881-6889) but how about the less-common ports? How about TCP/135 or TCP/139? These are routinely blocked by many residential ISPs since they have a bad history of abuse and are hardly ever legitimately used over the Internet. Would blocking TCP/135 be considered a net neutrality violation? What if there's a huge amplification attack vector discovered on some UDP service that happens to be listening on most home routers.. can an ISP block that without someone screaming about a net neutrality violation? Assuming that those "bad" ports aren't considered net neutrality violations, what if I decided to run a web server on TCP/135? Would that then bring TCP/135 into the scope of violation once again?</p> <p>To go even further than just blocking ports, how about broadband ISPs that only hand out unroutable IPv4 address space (RFC 1918, squat space, or other junk) and use NAT+PAT to provide Internet access? Without some sort of UPnP there's no way for that host to receive unsolicited traffic from the Internet at large. Peer-to-peer "stuff" breaks. Does the choice of the address selection constitute a net neutrality violation? How about mobile networks offering IPv6 but firewall all inbound connections (hello, Verizon Wireless)? The IPv6 address space is typically publicly routable so the inbound filtering is certainly a net neutrality violation.. or is it?</p> <p>What is the real definition of "fast lane" as it relates to net neutrality? The easy [na&#239;ve] answer to this might be something like "providing a faster connection to Facebook than Google"&mdash;but it's not that simple. Speaking only as it relates to the network infrastructure, the definition of "fast" is dependent on some general variables like link speed, RTT, and network congestion. While it's conceivable that link speed and network congestion can be made somewhat equal for a few networks (i.e., Google, Facebook, etc.) it's less likely that the RTT will be equal. Paths to other networks are almost never going to be equal because the chance that both the interconnect locations to the remote networks and destinations on the remote networks will be equal from an RTT perspective is highly unlikely. For example, is Comcast providing a "fast lane" to Google for a certain service area that may be closer to a peering point with Google than it is to a peering point for Facebook? The content providers' network architecture certainly makes a big difference, here. If Google has caches at every peering points but Facebook doesn't, how does an ISP provide equally fast lanes?</p> <p>How do on-net caches play into this? Google and Netflix are two examples of content providers that offer on-net caches so ISPs don't have to eat transit costs to get content to their customers. It also provides a much better experience due to the lower latency&mdash;is this also considered a "fast lane"? To add an additional twist on this, how about Akamai's on-net caches? Well, wouldn't this favor only content providers that pay Akamai to host objects on their CDN?</p> <p>How about peering vs. transit vs. customers? Does a peering connection (how many peering locations?) constitute a net neutrality violation? What if a small content provider has one transit provider and decides to get another one, would <em>other</em> customers of that second transit provider now have a "fast lane" to that content provider? There are many permutations.</p> <p>I doubt I'll ever hear definitive answers to all of these questions. It's possible many of these questions will become invalid, too.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.prolixium.com%2Ffeed%3Fwhat%3Dmynews&entry=http%3A%2F%2Fwww.prolixium.com%2Fblog%3Fid%3D1012Poetterizationhttp://bohmian.org/disc/Poetterizationhttp://bohmian.org/disc/PoetterizationMon, 02 Feb 2015 19:19:00 -0500<div>Small is not done.<br />Make each thing done by one Program.<br />APIS are unimportant, since the Program does everything.<br />Others will port the Program for you, so you need not worry about writing for portability.<br />Text is for humans; the Program reads binary.<br />Use economic leverage to your advantage.<br />Build your own shell for scripts.<br />Avoid user interfaces.</div>http://quec.li/EntryComments?feed=http%3A%2F%2Fbohmian.org%2Fsynd%2Fuser%2Fm%2Frss&entry=http%3A%2F%2Fbohmian.org%2Fdisc%2FPoetterizationUnix Philosophyhttp://bohmian.org/disc/Unix_Philosophyhttp://bohmian.org/disc/Unix_PhilosophyMon, 02 Feb 2015 19:12:00 -0500<div>Doug McIlroy (Bell Labs, 1978):<br /> (i) Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new features.<br /> (ii) Expect the output of every program to become the input to another, as yet unknown, program. Don't clutter output with extraneous information. Avoid stringently columnar or binary input formats. Don't insist on interactive input.<br /> (iii) Design and build software, even operating systems, to be tried early, ideally within weeks. Don't hesitate to throw away the clumsy parts and rebuild them.<br /> (iv) Use tools in preference to unskilled help to lighten a programming task, even if you have to detour to build the tools and expect to throw some of them out after you've finished using them.<br /><br /><br />From Mike Gancarz in 1994:<br /><br /> Small is beautiful.<br /> Make each program do one thing well.<br /> Build a prototype as soon as possible.<br /> Choose portability over efficiency.<br /> Store data in flat text files.<br /> Use software leverage to your advantage.<br /> Use shell scripts to increase leverage and portability.<br /> Avoid captive user interfaces.<br /> Make every program a filter.<br /></div>http://quec.li/EntryComments?feed=http%3A%2F%2Fbohmian.org%2Fsynd%2Fuser%2Fm%2Frss&entry=http%3A%2F%2Fbohmian.org%2Fdisc%2FUnix_PhilosophyPoetterizehttp://bohmian.org/disc/Poetterizehttp://bohmian.org/disc/PoetterizeMon, 02 Feb 2015 19:08:00 -0500<div>The process by which a federated system is assumed by a fascist monolithic one. These new systems conflict with the established culture, such as the <a href="http://bohmian.org/disc/Unix_Philosophy">Unix Philosophy</a> in the case of <a href="http://bohmian.org/disc/systemd">systemd</a>.<br /><br /><br /> "People are working very hard to /depoetterize/ Linux as fast as Red Hat<br />can /poetterize/ it. Your statement above is a slap in the face to the<br />people making eudev, vdev, and lots of other stuff."--Steve Litt in &lt;20150202182705.1fb4fe4d@mydesq2.domain.cx&gt; <br /></div>http://quec.li/EntryComments?feed=http%3A%2F%2Fbohmian.org%2Fsynd%2Fuser%2Fm%2Frss&entry=http%3A%2F%2Fbohmian.org%2Fdisc%2FPoetterizeDSA-3153 krb5 - security updatehttps://www.debian.org/security/2015/dsa-3153https://www.debian.org/security/2015/dsa-3153Mon, 02 Feb 2015 19:00:00 -0500<p>Multiple vulnerabilities have been found in krb5, the MIT implementation of Kerberos:</p>http://quec.li/EntryComments?feed=https%3A%2F%2Fwww.debian.org%2Fsecurity%2Fdsa-long&entry=https%3A%2F%2Fwww.debian.org%2Fsecurity%2F2015%2Fdsa-3153matt [wronka.org]http://quec.es/org.wronka/matt/2015/02/02/Mon, 02 Feb 2015 17:52:56 +0000;matt [wronka.org]Mon, 02 Feb 2015 12:52:00 -0500&quot;<a href="http://quec.es/t/all/">All</a> <a href="http://quec.es/t/systemd/">SystemD</a> developers have <a href="http://quec.es/t/ssds/">SSDs</a> and no more spinning disks, nobody could/wanted to support this anymore.&quot;http://quec.li/EntryComments?feed=http%3A%2F%2Fquec.es%2Forg.wronka%2Fmatt%2Fsynd%2F&entry=Mon%2C+02+Feb+2015+17%3A52%3A56+%2B0000%3Bmatt+%5Bwronka.org%5Dmatt [wronka.org] SystemD 2015http://quec.es/org.wronka/matt/2015/02/02/Mon, 02 Feb 2015 16:47:22 +0000;matt [wronka.org]Mon, 02 Feb 2015 11:47:00 -0500<a href="http://ma.ttias.be/whats-new-systemd-2015-edition/">http://ma.ttias.be/whats-new-systemd-2015-edition/</a><br /> <br /> Unix: Do one thing well.<br /> SystemD: Why do one thing, when you could be doing other things as well?<br /> <br /> I'm not a huge fan of <a href="http://quec.es/t/systemd/">SystemD</a>, in fact, I was considering switching back to <a href="http://quec.es/t/freebsd/">FreeBSD</a> for my home workstations to avoid it. However, there were some points in the notes on the 2015 roadmap which might actually be useful for the specific usecase I have for <a href="http://quec.es/t/gnu/">GNU</a>/Linux.<br /> <br /> Booting a standard <a href="http://quec.es/t/gnu/">GNU</a>/Linux distro with a read-only root (e.g. from <a href="http://quec.es/t/nfs/">NFS</a>) is frustrating; it doesn't work well, and even though many of the caveats are documented around the <a href="http://quec.es/t/web/">Web</a>, it seems like there's always something that doesn't quite work. <a href="http://quec.es/t/freebsd/">FreeBSD</a>, for what its worth, booted diskless quite nicely when I was comparing the two about two years ago. In the end, I went with <a href="http://quec.es/t/usb/">USB</a> boot images for each node at home.<br /> <br /> Looking at the roadmap, the 2015 plan for <a href="http://quec.es/t/systemd/">SystemD</a> seems to be moving towards a system which is better designed for read-only root by default, which would be neat, and hopefully mean once the system is configured, bitrot would be less of an issue.http://quec.li/EntryComments?feed=http%3A%2F%2Fquec.es%2Forg.wronka%2Fmatt%2Fsynd%2F&entry=Mon%2C+02+Feb+2015+16%3A47%3A22+%2B0000%3Bmatt+%5Bwronka.org%5DAPIhttp://xkcd.com/1481/http://xkcd.com/1481/Mon, 02 Feb 2015 00:00:00 -0500<img src="http://imgs.xkcd.com/comics/api.png" title="ACCESS LIMITS: Clients may maintain connections to the server for no more than 86,400 seconds per day. If you need additional time, you may contact IERS to file a request for up to one additional second." alt="ACCESS LIMITS: Clients may maintain connections to the server for no more than 86,400 seconds per day. If you need additional time, you may contact IERS to file a request for up to one additional second." />http://quec.li/EntryComments?feed=http%3A%2F%2Fxkcd.com%2Frss.xml&entry=http%3A%2F%2Fxkcd.com%2F1481%2FUber probed by U.S. judge on driver benefitshttp://feeds.reuters.com/~r/news/usmarkets/~3/rr9WNPQYLZc/story01.htmhttp://www.reuters.com/article/2015/01/31/uber-workers-hearing-idUSL1N0V92LX20150131?feedType=RSS&amp;feedName=marketsNewsFri, 30 Jan 2015 19:19:00 -0500SAN FRANCISCO, Jan 30 (Reuters) - A U.S. judge appeared skeptical on Friday about Uber's bid for a quick pretrial ruling that its drivers are contractors and not employees, a critical question facing...<div> <a href="http://feeds.reuters.com/~ff/news/usmarkets?a=rr9WNPQYLZc:ceCp6ohPeYk:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/news/usmarkets?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/news/usmarkets?a=rr9WNPQYLZc:ceCp6ohPeYk:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/news/usmarkets?i=rr9WNPQYLZc:ceCp6ohPeYk:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/news/usmarkets?a=rr9WNPQYLZc:ceCp6ohPeYk:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/news/usmarkets?i=rr9WNPQYLZc:ceCp6ohPeYk:F7zBnMyn0Lo" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/news/usmarkets/~4/rr9WNPQYLZc" height="1" width="1" alt="" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2Fnews%2Fusmarkets&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2015%2F01%2F31%2Fuber-workers-hearing-idUSL1N0V92LX20150131%3FfeedType%3DRSS%26amp%3BfeedName%3DmarketsNewsAndroid WebView security and the mobile advertising marketplacehttps://freedom-to-tinker.com/blog/dwallach/android-webview-security-and-the-mobile-advertising-marketplace/https://freedom-to-tinker.com/?p=10768Wed, 28 Jan 2015 08:00:00 -0500http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10768