luv-talk July 2013

luv-talk@luv.asn.au

23 participants
20 discussions

by Carl Turney

Hi All, Three dumb questions, possibly: I've never had a smart phone, and probably need to get one soon. For the time being, I'd rather use it just as a GPS... and as an Android learning tool, when near our home wifi. (Moving up to a voice/data plan some months from now.) So: 1) Could I run it as a GPS to help me navigate on the road, even though it would not have a SIM card in it? (i.e. Load some detailed Melbourne roadmap and a GPS application into it at home via the wifi, and then rely solely on the GPS to help me navigate from spot to spot as I do my part-time casual driving job.) 2) Do (m)any Android smartphones have removable and readily available/affordable after-market batteries? (I tend to hang on to things for a long time, and it's always the batteries that die [over time] on such devices for me. Manufacturer's replacement batteries tend to cost as much as an entire device.) 3) Can one reasonably connect a REAL keyboard to a smartphone? (I hate the absurd tiny touch-keyboards on small devices, and the quasi-Morse Code of using a phone number pad.) Thanks a lot. Carl Turney Bayswater p.s. Anyone living/working east of the CBD got a second-hand Android smart-phone with GPS to sell? Contact me directly, off list. Ta.

8 years, 9 months

Curtains came down on Sunday on the 163-year-old telegram service in India

by Petros

Pure nostalgia: http://articles.timesofindia.indiatimes.com/2013-07-14/india/40569461_1_tel… "Though started as a Morse code service, the telegram service evolved gradually with the use of computers. At the time of its death, it had become a web based telegraph mailing service (WBTMS) which used emails to instantly convey message to the other end." Regards Peter

8 years, 9 months

IEEE SSIT talk: Thu 1 Aug 18:30 Uni. Melb.: Water Quality Management: The Case for Real Time ...

by Rodney Brown

SSIT Australia Chair Adj Prof Philip Hall will talk on; *Water Quality Management: The Case for Real Time Monitoring &Reporting.* The talk will occur on Thursday the 1st of August 2013 from 6.30 to 7.30pm at the University of Melbourne, Parkville Campus, Alan Gilbert Lecture Theatre 103. /Further details on speaker and abstract below./ *Location:* University of Melbourne, Parkville Campus, Alan Gilbert Lecture Theatre 103, Corner Grattan & Barry Streets *Organised by:* IEEE SSIT Chapter (and as part of preparation for an Oceanic Engineering Society chapter) *Abstract:* Despite significant advances in sensor and communication technologies, water quality monitoring (WQM) is still primarily undertaken through small-scale and single-application sampling and testing that is limited by the available techniques and only provides selective data for decision support tools. The effects of diffuse pollutants and their distribution within water bodies and transboundary river systems are, therefore, difficult to capture, as is determining the exact point and timing of their release into a defined "water system". Improved data capture and timely analysis, enabled by innovative sensor technologies and communication networks, is an important aspect of compliance monitoring. This is particularly important for international and trans-border agreements where changes in water distribution, quality, and availability associated with regional climate variability are already creating challenges for future water, energy and food security. Therefore, by removing the long lead times between when the sample was taken to completion of sample testing and data analysis, it is not only possible to develop and implement an effective WQM network and management framework that provides for real time data capture and analysis, but one that also provides for flexible policy settings, an early warning and situation management capability, and opportunities for greater compliance in water resource management. http://ymlp.com/zcW6Td

8 years, 9 months

Basics of smartphone security

by Rick Moen

I found this bit about hazards uniquely faced by internation travelers very interesting: Q: Do you think organizations are understanding and taking the threat among these new mobile attack vectors seriously yet? Are security managers really getting it? Why or why not? A: The most-security-aware organizations are taking these threats very seriously. They're destroying phones after taking them to hostile areas with known malicious carriers, they're limiting what information gets copied to the default inbox/contact list on devices, they're limiting what applications can be installed on devices which have access to enterprise infrastructure. [...] Q: In your presentation, you specifically referred to some of the threats mobile users are facing now while traveling internationally. What are you observing? A: There are two major threat categories when it comes to international travel, the malicious foreign carrier and the enterprising private mobile attacker. These threats result from the fact that citizens of a foreign country generally have no rights to privacy and no official recourse if their information gets stolen while they are in the foreign country. I already spoke about how foreign carriers have total control over devices which are associated with their networks. Probably the most alarming thing we've seen happen in our tests is how foreign carriers can steal the cryptographic seed values from soft-tokens installed on smartphones. One take-away I'd love to get across to all of your readers is to never let soft-tokens become a solution to be relied on for organizations which have a large number of international travelers. [...] http://www.csoonline.com/article/print/733691 I'm wary of distortions, outright bullshit, and vague handwaving by security industry guys. As usual, interviewee Aaron Turner (of IntegriCell, formerly Idaho National Laboratory, formerly Microsoft security division) is vague about how code gets executed to do undesirable things. Smartphone 'soft-tokens' means virtual dongles used for (supposed) two-factor authentication such as Symantec VIP or SecurEnvoy SecurAccess. Pity Turner doesn't say _how_ iOS, Android, and BlackberryOS yield 'total control over devices' to local carriers. Turner goes on, in the bit about international travelers, to talk about a cruise ship passenger who uses a cafe's WiFi in port, and 'the coffee shop owner has realized he can make more money selling your address book to spearfishers than he ever can make selling you even his most-expensive latte'. I'm intrigued, Mr. Turner. How does connecting a smartphone to a WAP give the WAP owner automatic access to the smartphone's address book? I'm used to assuming that networks are dangerous and untrustworthy and layering things trustworthy over them. Why is that approach not feasible with a smartphone -- or is Turner just another guy selling unnecessary gear to the rubes?

8 years, 9 months

Fw: Fibonacci day

by DanyJ

Begin forwarded message: Folks, something a little off topic. At 3:02:01 on the 5th of August this year it will be a very special date. The date will form the Fibonacci sequence, where each term is the sum of the two before it. In this case, it will be the 1st second of the 2nd minute of the 3rd hour of the 5th day of the 8th month of the 13th year of the 21st century. Such a sequence will not occur again, and needs to be celebrated properly. OK, its not Linux, but I thought it worth sharing.

8 years, 9 months

Re: [luv-talk] Basics of smartphone security

by Petros

Related to this: I am thinking of replacing an aging Nokia "dumbphone" with another one but have problems to figure out which one can be used as a WiFi hotspot. Do you know one? I am not reading/browsing on a phone but prefer to have a tablet connected when needed. Well, security-wise it separates network carrier and phone functionality from the "browsing/email computer" although it isn't my main concern. I don't have the habit of being online 24hrs, and find phone screens to small to be enjoyable (or too big to carry in my pocket) I like the idea of two screens folded but these devices don't seem to be very popular. They usually disappear from the market before I get around to think of them more seriously. Regards Peter

8 years, 9 months

Facebook.. Privacy? What privacy?

by Petros

Hi all, I just browsed through the permissions list of the Android Facebook app: https://play.google.com/store/apps/details?id=com.facebook.katana&feature=s… I find it amazing. The spy's wet dream come true. Regards Peter

8 years, 9 months

Re: [luv-talk] Facebook.. Privacy? What privacy?

by Rick Moen

Strongly concur with recent comments, here, that the embedded market tends to be a completely different mentality, where the notion of anyone being selective about what one is willing to run is simply an alien concept. Back when I was working at Cadence Design Systems (a big EDA-industry company), I found myself being told by my new boss that he would like me to install various bits of proprietary software on my home laptop for company purposes. I very politely informed him that (1) my laptop ran Debian and not MS-Windows or Mac OS X, but also (2) for reasons of local privacy and security policy, only software I had approved and selected would be installed and run there. However, I said, if he wanted to issue me a company machine to run company-specified software, that would perhaps work. And I remember the look of intense surprise. The 'I installed [foo] because a Web site told me I needed to' population is, actually, almost everyone except us freaks. It's well to remember that, because it's easy to forget. Date: Thu, 25 Jul 2013 13:12:24 -0700 From: Rick Moen <rick(a)linuxmafia.com> To: skeptic(a)lists.johnshopkins.edu Subject: Re: nukemap Quoting Leonard R. Cleavelin (leonard(a)cleavelin.net): > Quoting Lawrence Crowell (goldenfieldquaternions(a)gmail.com): > > > This little morbid program http://54.213.55.143/nukemap3d/ is interesting. > > You can enter in any city in the world set the yield of a nuclear bomb and > > let 'er rip. You need Google Earth 3-D to run this. > > I used it to "nuke" the FedEx Forum in Memphis with a "Davy Crockett" > (smallest nuke the US forces have ever fielded; IIRC it has a 20 > ton--not mega-, not kilo-, not even hecto, just ton--yield). It felt > good. ;-) I'm delighted that people enjoy cool Internet-enabled applications like this, and under no circumstances would tell a devotee he/she shouldn't run them.[0] At the same time, I keep being bemused by the security and privacy implications of such things -- by which I don't mean the little morbid program so much as I do the Google Earth engine needed to run it. Google Earth in either its browser plugin or standalone form isn't just a proprietary opaque (by which I mean unauditable by anyone outside Google, Inc.) binary program but also such an offering _specifically_ from one of the most prying, nosy, large Internet corporations on Earth, a corporation whose entire business model is based on data-mining computer users to glean data valuable to them and to their customers. The Google Earth program[1] must be installed with root (for Unixes) or administrator (for Windows) privilege, hence will have total access to everything on your machine, and hooks directly into the video software layers (for 3D imaging) and sends real-time data (into which you have no visibility) from your computer back to Google. And you're being told you can do this as a non-customer of Google: Google's _actual_ customers (the people who pay them money for services) are entitled by law to an implied warranty of good faith and fair dealing. Users who elect to download their 'free' proprietary programs or use their 'free' Web services have no such entitlment, and are (as the saying goes) not customers but rather product. tl;dr: Google Earth is a huge 'trust me' from the most prominent data-mining enterprise in existence, one that for quite a few years has made quite clear that it will intrude on user privacy whenever and wherever it wants.[2] And _that_, Ben Avery, is one of the things one avoids by sticking to open source offerings from trustworthy (and cross-checked) sources, even if you don't get to see dancing hamsters, animated birthday cards, and nuclear explosions requiring one to download and run an 'app' from nowhere-in-particular (or worse, from someone you know whom you have _no_ reason to trust). _Or_ one can just not bother being careful, and good luck with that. [0] Not because you shouldn't, but just because I don't want to waste time arguing with people who enjoy the benefits of being careless about software and are effectively treating Internet and software security as Someone Else's Problem. [1] The standalone version, at least. The browser plugin version can presumably be installed with only user-level authorisation -- which is quite bad enough. [2] http://wendy.seltzer.org/blog/archives/2009/12/08/personalized-search-opaci… http://joeyh.name/blog/entry/adieu_google/

8 years, 9 months

Unlocked android phones with LTE support

by Jason White

I was planning to buy one of these devices: https://play.google.com/store/devices/details/Samsung_Galaxy_S_4?id=samsung… but discovered that (1) they are available in the U.S. only, and (2) not surprisingly, they are designed for North American frequencies, i.e., 1700 MHz rather than the 1800 MHz bands used in Australia by the major carriers. The advantage, of course, is that the Google devices have unlocked boot loaders so you can replace the firmware yourself, if needed - and I might need it, for various reasons. So if one is looking for an LTE-capable phone with an unlocked boot loader that supports Australian frequency bands, am I right that there are no options on the market at the moment? I can afford to wait a little longer - the equivalent of the above device with the right frequencies supported would be ideal of course.

8 years, 10 months

Andrioid stores WLAN passwords unencrypted - and sends it to Google

by Petros

https://code.google.com/p/android/issues/detail?id=57560 So, your smartphone/tablet will have a list of all the WLAns you connected to. Stored unencrypted. And sends it to Google (according to heise.de this is the Default on all the Android systems they tested it). Well - means, Google has a very very large database of WLAN passwords. Not using it yourself is just half of the solution. There is a friend coming with his Android, "Can I use your WLAN?" - and Google knows your WLAN password. Google will know your company's WLAN passwords too. Regards Peter

8 years, 10 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

luv-talk July 2013