Topics

1

Developer's Corner / ZTD and transitioning to using GTD

« on: November 06, 2015, 07:11 PM »

Started re-reading GTD recently and am finding:

-Appreciation for certain aspects has grown
-Many seemingly important points didn't stick the last time through

So it seems like it's going somewhere useful.

OTOH, last time through, failed to successfully set up fully and maintain a running system, and this time through I get the sense that the book is almost designed to lead one to ask for help for the implementation stage (specifically from... ).  This pattern seems to exist elsewhere in other materials, but perhaps that's for another post...

Anyway, after some consideration of transitioning / adoption and looking around, came across ZTD and Minimal ZTD at ZenHabits.  (I found mention of ZenHabits in the forums here, but not ZTD -- please share pointers if any.)

Still working on digesting them, but so far they appear to be close to proper subsets of GTD with Minimal ZTD being close to a proper subset of ZTD.  Started wondering if trying to adopt a series of well-defined subsets of GTD (or other system) might tend to lead to more successful transitioning.

Any thoughts or reflections?


On a side note, considered adding to:

  https://www.donation...ex.php?topic=34699.0

but ended up posting here per mouser's suggestion.

2

Living Room / Experience with Bluetooth Remotes?

« on: October 28, 2015, 07:11 PM »

Am interested in some kind of small remote for controlling devices including smart phones (of the Android persuasion).  Any one have experience with the likes of the following sort?

  http://www.amazon.co...phone/dp/B00V6OFVZI/
  http://www.amazon.co...ontrol/dp/B00824948U
  http://www.amazon.co...hones/dp/B00WFXWKY4/
  http://www.amazon.co...utter/dp/B00UMO763S/
  http://www.amazon.co...msung/dp/B00RM75NL0/

3

General Software Discussion / AVG Antivirus Plans to Collect & Sell Your Personal Data to Advertisers?

« on: September 20, 2015, 09:53 AM »

Didn't check in detail myself, but came across the following:

This new policy, which will come into effect on October 15, clearly explains that AVG will be allowed to collect and sell users' "non-personal data" in order to "make money from our free offerings so we can keep them free."

Here's the list of, what AVG calls, "non-personal data" the company claims to collect from its customers and sell to interested third-parties, specifically online advertisers:

 * Browsing History,
 * Search History,
 * Meta-data,
 * Advertising ID associated with your device,
 * Internet Service Provider (ISP) or Mobile Network you use to connect to AVG products,
 * Information regarding other apps you have on your device.

Previous policies allowed the firm to only collect:

 * Data on "the words you search",
 * Information about any malware on the users' machine.

via https://thehackernew...9/avg-antivirus.html

May be someone else can confirm?

4

Living Room / Security: Android 5.x Lockscreen Bypass (CVE-2015-3860)

« on: September 16, 2015, 07:22 PM »

A vulnerability exists in Android 5.x <= 5.1.1 (before build LMY48M) that allows an attacker to crash the lockscreen and gain full access to a locked device, even if encryption is enabled on the device. By manipulating a sufficiently large string in the password field when the camera app is active an attacker is able to destabilize the lockscreen, causing it to crash to the home screen. At this point arbitrary applications can be run or adb developer access can be enabled to gain full access to the device and expose any data contained therein.

via http://sites.utexas....5-lockscreen-bypass/

5

General Software Discussion / Chocolatey...opinions? portable?

« on: September 13, 2015, 02:37 AM »

Anyone tried Chocolatey?

...and anyone successfully using it portably?

6

Living Room / Security: Seagate Wireless HDD Undocumented Accessible Telnet Services

« on: September 07, 2015, 07:28 PM »

Seagate wireless hard-drives provides undocumented Telnet services accessible by using the default credentials of 'root' as username and the default password.

via https://www.kb.cert.org/vuls/id/903500 and http://www.theregist..._poisoned_purloined/

FWIW, other vulnerabilities surfaced too (see links).


IIUC, this type of device has been mentioned in a few threads over the years...hence the post.

7

Living Room / Security: Stagefright Vulnerability (Android)

« on: July 27, 2015, 08:40 PM »

Six critical vulnerabilities have left 95 per cent of Google Android phones open to an attack delivered by a simple multimedia text, a mobile security expert warned today. In some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data.

via: http://www.forbes.co...ndroid-text-attacks/

Still trying to process what one can easily do about this (apart from disabling network access and turning off one's affected Android devices -- may be it's important to be careful about what one does after turning it back on too...).

Some related info:

  http://www.theregist...oid_phone_text_flaw/
  https://threatpost.c...vices-at-risk/113960
  http://it.slashdot.o...oid-with-just-a-text

8

Living Room / Security: Microsoft Security Bulletin MS15-078 - Critical

« on: July 21, 2015, 04:03 AM »

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.

via: https://technet.micr...curity/ms15-078.aspx

9

Living Room / Security: All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS

« on: July 19, 2015, 05:36 PM »

Worth checking one's access point settings and https-running web server configuration?

Almost a third of the world's encrypted Web connections can be cracked using an exploit that's growing increasingly practical, computer scientists warned Wednesday. They said the attack technique on a cryptographic cipher known as RC4 can also be used to break into wireless networks protected by the Wi-Fi Protected Access Temporal Key Integrity Protocol.

via: http://arstechnica.c...ges-on-practicality/


Upstream site and paper:

http://www.rc4nomore.com/
http://www.rc4nomore...nhoef-usenix2015.pdf

Quotes from site:

When you visit a website, and the browser's address bar contains a lock icon , the HTTPS protocol is used to protect your communication with this website (providing security and privacy). HTTPS supports several encryption techniques, one of them being the famous RC4 algorithm. At one point RC4 was used 50% of the time, with the latest estimate being 30%. Our RC4 NOMORE attack exposes weaknesses in this RC4 encryption algorithm. More precisely, in most situations where RC4 is used, these weaknesses can be used to reveal information which was previously thought to be safely encrypted.

Is WPA-TKIP also vulnerable?

Yes. We can break a WPA-TKIP network within an hour. More precisely, after successfully executing the attack, an attacker can decrypt and inject arbitrary packets sent towards a client. In general, any protocol using RC4 should be considered vulnerable.

10

Living Room / Security: Oracle Critical Patch Update Advisory - July 2015

« on: July 16, 2015, 04:54 PM »

IIUC, there's a Java vulnerability:

  http://blog.trendmic...va-zero-day-exploit/

related to the same "source" of the recent Flash exploits and apparently there's an update:

  https://blogs.oracle...ritical_patch_update

Looking for "Oracle Java" at:

  http://www.oracle.co...jul2015-2367936.html

might be helpful.


No chance of a separate section / sub-forum for security-related info?

11

Mini-Reviews by Members / Some Thoughts on Sony's DPT-S1 (Digital Paper System)

« on: June 28, 2015, 04:11 AM »

Been using a U.S. English version of Sony's DPT-S1 with 1.3.x firmware for a few weeks and have some thoughts to share.


The short of it is that I'm happy to be using one.


The following are some details covering info that I didn't find elsewhere before purchasing.  May be this will help for other folks who are considering

Viewer
  The "Table of Contents" for a PDF file is usable unlike (AFAIU) for Amazon's DX.  It works like this:
    -with an appropriate PDF displayed, press the menu button followed by the table of contents button
    -along the left side of the screen there should be an area displaying some table of contents entries - the area to the right of the table of contents entries displays a smaller version of some page in the PDF
    -if an entry has any children, this is indicated via a different icon to the left of an entry's text
    -touching an entry with children leads to all children entries being displayed (but they replace what entries were displayed before) - the area to the right of the entries is updated to display the corresponding page of the PDF
    -touching the page causes the table of contents area to disappear and the full-size version of the page is displayed instead
 Apparently no clipboard - no copy / paste -- however, this may be possible from firmware version 1.4.x (at least in jp version) - long-pressing a word in a PDF does bring up a menu with items 'Highlight', 'Search', and 'Google' though
 Doesn't seem possible to flip pages while zoomed in -- however, apparently possible from firmware version 1.4.x (at least in jp version)
 Although there are 4-page and 9-page views, there doesn't appear to be a dual-page view

File Transfer
  Both the internal memory and the micro SD card are accessible as mass storage devices -- I've only tested under *NIX, but don't believe it's any different under other operating systems -- no extra software necessary to access one's content (given which company made this device, this was quite a (pleasant!) surprise for me)
  Have successfully removed and replaced the micro SD card while the system is in standby mode -- not sure whether this is safe...

Browser
 Doesn't appear to let one view HTML files that reside in internal memory or the micro SD card
 Doesn't seem possible to view pages rotated (though that works for viewing PDFs)
 Didn't expect to use the browser functionality, but as slow and limited as it is, better to have something than nothing - too bad it doesn't seem possible to save the current page as PDF (like one can do in FF)
 Appears to limit one to using up to 3 windows

Miscellaneous
 The current time doesn't seem to be displayed anywhere useful -- I actually did a search via the browser to find out the current time once... Pressing the menu key while at the home screen displays the current time in the top left corner of the screen
 The UI smells of Android here and there:
  dialog boxen
  pop-up kbd
  notification area
 Did not find a way to transfer files between internal memory and micro SD directly
 Doesn't appear to be any auto-cropping of whitespace
 Wikipedia's 'download as pdf' and 'create a book' functionality seems particularly useful -- though haven't found it convenient to access that functionality via the device itself...some of the created PDFs turned out pretty decently
 Didn't expect to use the stylus to create notes, but much to my surprise I've come to use it -- I could just barely adjust to the lag -- now it doesn't bother me too much -- I used to dream of having a white board where I could restore the content...this device reminds me of that forgotten dream
 Didn't expect to use the workspace feature (basically one can 'save' a set of tabs and name the set) but though there are various things that are wanting it's a fair bit better than nothing


That's it for now.  May be I'll update this from time to time...

12

Living Room / Tindie

« on: May 19, 2015, 05:36 AM »

While looking into how to get experience with JTAG using a Raspberry Pi, came across tindie:

Tindie is the largest marketplace online for open hardware. Thousands of our inventions are open source. The schematics and source code are available for anyone to study, remix, or even clone.

via https://tindie.zende...open-hardware-policy

Has any one picked up anything via tindie?


Found a "USB Lithium Ion coin cell battery charger LIR2032, CR2032 replacement":

  https://www.tindie.c...-cr2032-replacement/

(Though it may be that care and timing are needed to stop the charging appropriately.)

13

Developer's Corner / "Think X" Book Series and the Textbook Manifesto

« on: April 24, 2015, 08:43 AM »

Recently came across and have started reading "Think Stats: Probability and Statistics for Programmers" by Allen B. Downey.

There are some other "Think X" books that look interesting too, where X might be "Python", "Bayes", "Complexity" or something else.

Oh, and:

...books are available under free license that allow readers to copy and distribute the text; they are also free to modify it, which allows them to adapt the book to different needs, and to help develop new material.

These books are available in a variety of electronic formats; some are also for sale in hard copy.

Found the Textbook Manifesto by the same author:

Students should read and understand textbooks.

More details at: http://greenteapress.com/manifesto.html

Sounded pretty reasonable.

14

General Software Discussion / Lists of "Rogue Security Software"?

« on: April 05, 2015, 04:56 PM »

Came across this:

  https://en.wikipedia.org/wiki/List_of_rogue_security_software

Wikipedia currently has the following definition for "Rogue Security Software":

a rogue (a form of Internet fraud using computer malware) that deceives or misleads users into paying money for fake or simulated removal of malware (so is a form of ransomware) — or it claims to get rid of, but instead introduces malware to the computer.

Not sure how up-to-date the list is.

Found some other lists that seemed clearly out-of-date by a year or more.


Apart from asking around, I guess if one is considering something for installation and it's small enough jotti, virustotal, and the like are likely to give useful feedback about the candidate in question.

15

General Software Discussion / Keyboard Shortcut for "Hamburger Menu" in Firefox?

« on: March 13, 2015, 12:15 AM »

Not having much luck finding a keyboard shortcut for the "Hamburger Menu" (aka PanelUI-button) in Firefox.

In Chromium, Alt+F, Alt+E, and F10 followed by space all seem to work.

Anyone know a keyboard shortcut for Firefox?  Or possibly how one might be assigned?


Sadly no good answers here:

  http://superuser.com...anelui-in-firefox-29

16

Non-Windows Software / *NIX: Commands / software to verify partition backups / clones?

« on: January 16, 2015, 10:47 PM »

Am trying out a cloning dock -- one of those things that let's one clone a drive to another without the use of a PC.

Would like to verify the results though -- perhaps not every time.

I'm currently doing something like:

md5sum /dev/sda1
...
md5sum /dev/sdaN

for N partitions and comparing with analogous results from the other drive.

I'm not that concerned about MBR / GPT metadata at the moment.  (Thought of just doing the whole drive (e.g. /dev/sda) but then realized that drive sizes differ some times )

Also tried the cksum command as perhaps that's good enough to detect errors.  I/O is probably so much more of a bottleneck that may be there won't be a detectable difference...

Any favorites or recommendations for this sort of procedure?


Some numbers and additional details:

Cloning a c. 320 GB drive has taken around 80 min (have done this a couple of times now).

Verifying (i.e. using the md5sum program above on 4 partitions) I didn't track very closely, but it may have exceeded an hour total.

Three of the partitions contained ext4 filesystems and the fourth was swap -- yes, working with the swap partition was probably pointless

17

Developer's Corner / Rx (Reactive Extensions): A Flavor of Functional Reactive Programming

« on: December 17, 2014, 12:45 AM »

Have been working to wrap head around Rx.  The going has been slow, but recently came across some resources that have been...better than what I had found before:

• RxJSKoans - once the set-up was complete, this was helpful especially because of the small chunks and interactive experience...didn't know anything about QUnit though and it had been quite a while since interacting with NodeJS, so had to learn / brush up on some of that...some of the code seems a bit buggy which tends to work against the learning experience, but that's a relatively minor point.  The links below the 'Reactive Extensions Class Library' section of the RxJS repository page were helpful -- the fact that the example code seems to often enough reference other library functions does not tend to facilitate newbies looking to shave less yaks, but way better than nothing.
• Netflix JavaScript Talks - Async JavaScript with Reactive Extensions - nice (and humorous) talk by Jafar Husain (cf. LearnRx Tutorial below) -- via comment on reddit by an RxJS author -- btw, there's a glitch / subliminal advertising(?) at 13:55 or so
• LearnRX Tutorial - 'a series of interactive exercises for learning Microsoft's Reactive Extensions (Rx) Library for Javascript' - interactive with relatively small chunk-size like RxJS Koans...not quite finished with this and haven't reached the "Reactive" part yet...watching the talk first may help
• The introduction to Reactive Programming you've been missing - taking a look at this after having gone through some of the RxJS koans was helpful.
• 'Additional Reading' section of RxJava repository - a collection of resources, many of which somehow I hadn't managed to find in the months since I first started investigating.
• RxMarbles - Interactive diagrams of Rx Observables - interesting (try dragging and dropping some marbles) but slightly buggy?

Anyone else experienced with / looking into such things and have helpful resources to share?

18

Non-Windows Software / Linuxbrew: A Fork of Homebrew for Linux

« on: December 04, 2014, 08:58 PM »

Anyone tried this package manager?

Some claimed features:

* Can install software to a home directory and so does not require sudo
* Install software not packaged by the native distribution
* Install up-to-date versions of software when the native distribution is old
* Use the same package manager to manage both your Mac and Linux machines

via Linuxbrew Project Page

19

Non-Windows Software / Android: Lil' Debi

« on: November 15, 2014, 07:37 PM »

Just tried out Lil' Debi on a few devices with some success:

The aim of Lil’ Debi is to provide a transparent and tightly integrated Debian install on your Android device. It mounts all of your Android partitions in Debian space, so you see a fusion of both systems. Its even possible to have Lil’ Debi launch the normal Debian init start-up scripts when it starts, so that all you need to do is apt-get install and any servers you install will just work.

The aim is to make it work with as few modifications to the Android system as possible. Currently, it only adds a /bin symlink, and a /debian mount directory. It does not touch /system at all.

via https://guardianproject.info/code/lildebi/.

Highly recommend checking the "Using Debian" section in the related Wiki:

  https://github.com/guardianproject/lildebi/wiki


With additional work, it's even possible to run wireshark...

20

Developer's Corner / Service: Proof of Existence

« on: October 14, 2014, 11:39 PM »

Any one tried Proof of Existence?

service to anonymously and securely store an online distributed proof of existence for any document. Your documents are NOT stored in our database or in the bitcoin blockchain, so you don't have to worry about your data being accessed by others.

All we store is a cryptographic digest of the file, linked to the time in which you submitted the document. In this way, you can later certify that the data existed at that time. This is the first online service allowing you to publicly prove that you have certain information without revealing the data or yourself, with a decentralized certification based on the bitcoin network.

The key advantages are anonymity, privacy, and getting a decentralized proof which can't be erased or modified by anyone (third parties or governments). Your document's existence is permanently validated by the blockchain even if this site is compromised or down, so you don't depend or need to trust any central authority. All previous data timestamping solutions lack this freedom.

via http://www.proofofexistence.com/about

21

Non-Windows Software / Android: Beware Old Android Browser (CVE-2014-6041)

« on: September 17, 2014, 12:18 AM »

This looks pretty serious for folks that still use the old Android Browser (or apps that might use some of the contained code):

...a flaw that enables malicious sites to inject JavaScript into other sites. Those malicious JavaScripts can in turn read cookies and password fields, submit forms, grab keyboard input, or do practically anything else.

via:

  http://arstechnica.c...lf-of-android-users/

More at:

  https://community.ra...saster-cve-2014-6041

22

Non-Windows Software / *NIX: Create ISOs containing files larger than 4GB (xorriso)

« on: August 14, 2014, 03:48 AM »

After some unsuccessful attempts via genisoimage and trying a (successful but rather lengthy) work-around via UDF, re-encountered xorriso:

Xorriso creates, loads, manipulates, and writes ISO 9660 filesystem images with Rock Ridge extensions. Files can be copied in and out. Optionally it supports hard links, ACLs, xattr, and MD5 checksums. The session results get written to optical media or to filesystem objects.

via https://www.gnu.org/software/xorriso/

Burned a BD-RE with an ISO containing a file larger than 4GB.  Apparently some OSes may not handle the result, but FWIW...

23

General Software Discussion / Recommendation for offline "QR Code Generating" Firefox Add-on / Extension?

« on: July 19, 2014, 11:03 PM »

I'm looking for a Firefox add-on to show a QR code of the currently visible page -- preferably not leaking URL info via the network (so offline QR code generation) and without having to restart.

Some candidates that turned up included:

Offline QR generator
QR Code Image Generator

A reviewer suggested the following might also work offline:

QrCodeR

Anyone have a favorite that seems applicable?

24

General Software Discussion / Tried git-annex / git-annex assistant?

« on: July 12, 2014, 05:28 AM »

Any one tried the git-annex system?

Quoted below are two use cases:

use case: The Archivist

Bob has many drives to archive his data, most of them kept offline, in a safe place.

With git-annex, Bob has a single directory tree that includes all his files, even if their content is being stored offline. He can reorganize his files using that tree, committing new versions to git, without worry about accidentally deleting anything.

When Bob needs access to some files, git-annex can tell him which drive(s) they're on, and easily make them available. Indeed, every drive knows what is on every other drive.

Bob thinks long-term, and so he appreciates that git-annex uses a simple repository format. He knows his files will be accessible in the future even if the world has forgotten about git-annex and git.

Run in a cron job, git-annex adds new files to archival drives at night. It also helps Bob keep track of intentional, and unintentional copies of files, and logs information he can use to decide when it's time to duplicate the content of old drives.

use case: The Nomad

Alice is always on the move, often with her trusty netbook and a small handheld terabyte USB drive, or a smaller USB keydrive. She has a server out there on the net. She stores data, encrypted in the Cloud.

All these things can have different files on them, but Alice no longer has to deal with the tedious process of keeping them manually in sync, or remembering where she put a file. git-annex manages all these data sources as if they were git remotes.

When she has 1 bar on her cell, Alice queues up interesting files on her server for later. At a coffee shop, she has git-annex download them to her USB drive. High in the sky or in a remote cabin, she catches up on podcasts, videos, and games, first letting git-annex copy them from her USB drive to the netbook (this saves battery power).

When she's done, she tells git-annex which to keep and which to remove. They're all removed from her netbook to save space, and Alice knows that next time she syncs up to the net, her changes will be synced back to her server.

Also from the homepage:

git-annex is designed for git users who love the command line. For everyone else, the git-annex assistant turns git-annex into an easy to use folder synchroniser.

25

Non-Windows Software / Android: (Wired) File Transfers from PC

« on: June 10, 2014, 10:27 PM »

Any favorite methods for transferring files from PCs?

For one-offs "adb push" seems good enough.  For some more complicated transfers am trying out QtADB (0.8.1) with some success [1].


[1] Was helped tremendously via following comment:

1) When launched, QtADB displayed application window then crashed. Cause of problem is missing network resource, which raise SIGABRT in classes/updateapp.cpp, line 57 (function UpdateApp::gotWWW). Probably because QtADB version updates currently is not available. Perhaps QtADB 2.0 should check for resouce availability too and shouldn’t crash only because update server is missing. To avoid this problem in 0.8.1, automatic updates must be switched off. Open QtADB.conf (Linux users must look in /home//.config/Bracia) and set checkForUpdatesOnStart to “false” as displayed below:
checkForUpdatesOnStart=false

via Janis Baumanis' comment at:

  http://qtadb.wordpress.com/2014/04/15/qtadb-0-8-1-fix/