Feeds:
Posts
Comments

Archive for the ‘Software’ Category

A One-Trick Pony

A browser that can only access a single site: I call that an app ;-)

Link to the source

Source: Still reliant on Flash, South Africa’s tax agency creates its own Flash-compatible browser (BoingBoing)

Read Full Post »

Just a quick follow-up: on February 3, the January 2021 Android security patch was pushed to the Samsung Galaxy Note 10+. Nothing spectacular to report: it seems that patch really was the only change in the 124MB download.

That’s what the About Software screen now looks like

Read Full Post »

I’m convinced 2FA is an excellent idea, and I’m already using it for a few situations like my Apple devices and a Google account. Of course I use two-factor authentication on my Apple devices – but that only goes so far, of course. Google also bugs me when logging in to another Google account on those devices, but keeps sending the confirmation to an Android device that I do not always have near me (and I haven’t found a way yet to alter that setting).

But I have always hesitated to apply 2FA to all the applications and websites I use. Why? Because it’s hard to pick the right tool – which one can be applied to most/all sites (and I have a lot of those)? Should I pick a hardware solution, or an application? What about backing up your keys? What if I lose my phone? Etc.

Dan Goodin confirms the complexity of the situation, and tries to give an answer in “Choosing 2FA authenticator apps can be hard. Ars did it so you don’t have to” (on Ars Technica).

Don’t get me wrong: Goodin does an excellent job introducing the complexities of choosing a 2FA solution. But there are many more solutions available – just try any search engine and look for “2FA”. Years ago, I already looked at FreeOTP and andOTP, but I did not feel confident enough in their backup strategies to actually use them. I would also like to know more about privacyIDEA and its application to the problem.

The article mentioned however can be used as a measuring stick, to see whether your 2FA choice ticks the points that you really want/need. And if you don’t use any 2FA solution yet, at least make sure that you have all your (complex!) passwords in a decent password manager on all your devices – I still find Keepassium and the other members of the Keepass family very valuable.

Read Full Post »

Another software update for the Galaxy Note 10+ has found its way to the machines here in Belgium last week: no changes in security patch level, just a new UI version, says Samsung.

Baseband version N975FXXU6ETLF is here

My current experience limits itself to two observations. First of all, the lock screen used white lettering on my very light background image, rendering the lock screen essentially unreadable until I changed the background image to something very dark. Secondly, and more annoying, it seems that Samsung has changed the rules about face recognition to unlock the phone: I now have to enter my password several times every day. Or is my hair really getting too long, given that Belgian hairdressers and barber shops are closed since the beginning of November 2020 ?

Read Full Post »

You will have to read the original Github ticket – or one of its copies, in case the Github ticket were to be closed/deleted/… –  but the essence of the message is that Chrome extension “The Great Suspender” (TGS) has become a very suspect suspender. According to the ticket, version 7.18 in the Chrome Web Store does not correspond to the source on Github, and has been modified in such a way that it could (can/will/…?) be used to invisibly execute tracking or malicious code!

Copy of a tweet urging to delete TGS from your computer

I was a great fan of that extension: I’m always juggling reading material and lots of browser-based applications at the same time, and that extension made it possible to keep them all open yet limit the memory and CPU footprint of Chrome to more reasonable sizes. I read about the trouble yesterday, and did not hesitate to delete this extension from all my computers!

There is mention of a few alternatives to The Great Suspender; at least one of them is a copy of the latest “pure” version of  TGS. But at the moment it isn’t available at the Chrome Web Store and requires a bit of manipulation to get it installed properly: that’s not for everyone.

By the way: if the ticket mentioned above is too technical for you, hop over to Life Hacker or The Register get their take on the subject.

Anyway, the worst part of the whole story is that Google does not seem to be interested in doing what it should do, that being to kick the extension out of its Web Store, at least while investigating the matter. But so far there seems to have been no reply from them, even though several people, including me, reported the extensions as incompatible with the rules of the Chrome Web Store. In the words of The Register:

The Register asked Google whether it plans to implement any measures to help make it easier for people to understand who maintains Chrome extensions and to understand code changes that have been made. We’ve not heard back.

Read Full Post »

The past few days our home intranet WiFi wasn’t performing as well as previously. But everything I needed worked OK (I telework on a machine that connects to the intranet/internet by cable) and my family did not complain, so all was more or less well.

Until our daughter needed to print out papers to prepare for the upcoming exams at uni. Each time she tried to print, the printer would work OK for two pages, and then the Mac complained about an unresponsive printer. So I spent an hour checking the (or even resetting!) configuration of the router and the WiFi range extender, trying to figure out on what IP address all the devices in our home were to be found. In the end, it was almost by accident that I noticed (in Fing on Android) that there existed one device on our little network with a strange identification: ‘Ikea’ was listed as brand, and ‘Xerox’ as the name of the device…

There’s the Ikea hub, close to our router…

Disconnecting the Ikea Trådfri WiFi hub brought the printer to life without any further issues, making it clear that the Ikea hub and the printer had somehow managed to “use” the same IP address 192.168.1.3. Reconnecting the Idea hub a bit later I did check that it received another, unused IP address – just as I expected that to happen all the time.

I have no explanation for that situation, since I did not force any device to use a fixed IP address on our intranet. But the situation caused a lot of frustration! I would have thought this kind of mix up could be solved by the router software, but clearly it did not.

As a sidenote, let me tell you that my daughter proposed to buy a new, “better” printer. Of course this would also have solved the problem, since a new device would (hopefully) have received a hew IP address. But that would have meant throwing away a perfectly good printer – just because of a software failure on the router. Or is there a better explanation for what occurred here?

Read Full Post »

I know: I should have reported this a few days ago. Just so you know: the latest system update for the Samsung Galaxy Note 10+ has arrived. It contains (among other things, but probably in essence) the December 1 Android security patch level.

Baseband version N975FXXS6DTK8 is here!

It goes without saying that all your other devices are better off if you keep them up to date, software-wise ;-)

Read Full Post »

We live in an era of rapidly increasing digitalisation. Hence it’s no surprise that digital systems, however complex they may be, are the subject of increasingly sophisticated attacks. If you want proof of that, take a few hours and read “An iOS zero-click radio proximity exploit odyssey” by Google engineer Ian Beer. He explains how he discovered – and “exploited” – a vulnerability in Apple’s iOS that made it possible to take over an iOS device remotely without the user knowing what happened.

If you like programming, like me, you’ll find the story lacking in code but rich, very rich, in debugging techniques. Plus a lot of detective work and experimenting – in soft- and hardware. That’s what “hacking” is about, of course, and this story is a good illustration of just how devious you have to be!

Read Full Post »

Touching It Is No Use!

When I took this photo in the summer of 2018 I was pondering how to label it: should I blame Microsoft ? Should I say something about Italians and technology? Or does no-one care about tourists? We’ll never now what we were supposed to see then…

“Impossibile avviare il computer” – indeed!

The not so funny point is that even today Google Streetview shows the exact same message on the exact same spot in Orta San Giulio (Novara, Italy), in a picture that is probably/possibly a lot younger than mine!

Screenshot of Google Streetview on 2020-11-22 – Copyright by Google, of course.

Read Full Post »

The Android November 1, 2020 security patches – and possibly more updates – are now available on the Samsung Galaxy Note 10+. Since 2021 is coming closer and closer, I wonder: should I already start hoping for Android 11 on this device?

The N975FXXU6DTJ4 update includes the November 1, 2020 security patches

Read Full Post »

I am using WordPress for ten years now, and I have always appreciated the fact that WP is a solid piece of software. I know I’m not using all of its possibilities and functions, but until a a few weeks ago I have never encountered anything that could be considered a “bug”.

However… since the change to the Block editor for editing Posts and Pages all my editing sessions regularly show me this message:

Conflicting messages: did WP save the post or not?

What does WordPress mean, by the way, when it says I’m not allowed to edit my own Post? And if I’m not allowed to edit it, where did it save the Post? Why do I find parts of what I wrote in my site, even when it tells me that the update failed?

This is, of course, a nice example of how not to inform your user. Because just to be sure I keep clicking the “Save” or “Update” buttons, only to see the same message popping up most of the time!

Worse: sometimes the editor says “Saved”, but does not save the Post, thus forcing me to retype it. Having experienced that on a few occasions, I even started to write my Posts in a separate text editor program on my Mac or PC before copy-pasting them into the block editor – and that can and should not be the right way to use a tool like WordPress that can handle a minimal but complete editorial flow from writing over revising and approving to publishing.

Back to the message shown above: it occurs when I create a new Post, but also when I edit older Pages and Posts that were created with the Classic editor. Until very recently, I always preferred the Classic editor: it gives me a certain measure of control over the HTML code, something I (like many web developers) appreciate a lot. By the way: the Classic block in the Block editor may look like the Classic editor, but it isn’t the same and does not allow the same measure of control over your content. So  it’s not a good equivalent.

I know I still have to learn to get to grips with the Block editor, which is by definition better than the Classic editor when it comes to structuring content in a web page. That’s a big plus when changing the look and feel of a site, or when you move content from one site to another. So from a Content Management point of view the Block editor is way better than the Classic editor.

But the Block editor should be able to handle existing “classic” posts and pages without strange hick-ups (I seen a few of those as well) and without trying to apply the Block editor rules on those old Posts. It would be better if WordPress could simply revert to the Classic editor if it notices that there is no “Block” stuff in them.

And certainly the Block editor should save my edits correctly and without fail – and without dubious messages! Because that’s a bug, in my view!

Read Full Post »

A few days ago, my Samsung Galaxy Note 10 Plus could already install the August 1, 2020 Android security patches. If only Samsung (and other phone manufacturers) were always so quick to support more devices for many more years: the latest Samsung Galaxy S7 security patch is dated March 1, 2020…

Read Full Post »

It had been a while, many years actually, since I needed the Windows equivalent of “touch“. You don’t know that command? All it does is change to modification date and time of a file (or a series of files) to the current date and time of the computer. I used to turn to the Cygwin toolkit to get things done, in the days when corporate Windows PC’s weren’t so closed off and you could install your own tools.

Luckily for me there is an equivalent in Windows, on the command line. You can use this somewhat strange command to get the same result:

copy /b filename.ext +,,

Yes, that’s a plus sign followed by two commas at the end. I’m writing it up here because I know I won’t remember that correctly in a few days!

Read Full Post »

Strong words, but there’s more than a grain of truth in them: “Why Kubernetes is The New Application Server“. “Classic” application servers like those for Java are no longer sufficient by themselves to build a platform that can serve big internet-applications with a large, world-wide audience. And in the world of “containers” Kubernetes seems to be king, as far as I can tell.

Container ship at sea

(Photo by GPA Photo Archive – Original on Flickr)

In order for containerisation to work, applications must be properly “documented” – in fact, the bulk of the “configuration documentation” will somehow be part of what is needed to get those containers up and running. Around the time I read up on Kubernetes I stumbled onto something called “The Twelve-Factor App” – can’t remember who pointed me there. This methodology (it’s not an app!) describes a well-documented way to build, configure and run a cloud application – a laudable objective.

At work, we have tried to describe our applications in order to migrate them to another (Windows) domain with new (better) rules about access control, database access, etc. But things aren’t working out as they should. We do have documentation, although I’m not sure how useful it is outside of the context of passing relevant information from the developers to an external partner that will implement parts of the configuration. Additionally, we have described lots of “what“s, but almost no “why“s – which might be essential in the coming months and years as the applications continue to evolve…

Ideally, I would have loved to have a decent ‘methodology’ for documenting application essentials when we were building our applications. Trying to figure out what has to be done to get things up and running again on new servers has become something of a nightmare. That is even more so when the application you’re handling was developed by someone who’s no longer available for questioning!

The Twelve-Factor app may turn out to be very useful, although I suspect it is incomplete. I don’t think there is a single method for completely describing and documenting applications and systems that extend beyond the most simple cases. Any ‘methodology’ to build software is bound to need more or less tweaking to fit your (or your company’s) way of working. Getting to know methodologies other than the one you’re using is a good way of discovering what you need to get better!

Read Full Post »

My setup has been the same since quite a few years now: I have a Keepass file on Dropbox, and I use several different applications and apps on multiple devices to access and update that file. Which applications, you ask?

On my Macs as well as on my Xubuntu machines I will use Keeweb. Despite its name, it gives you a desktop application that natively accesses (and syncs) files on Dropbox. This is the application I go to for when I want or need to reorganise the Keepass file, e.g. to rearrange groups or import lots of account data.

I would use Keeweb on a Windows PC as well – if I had one. At work, we have no free choice of which application to use to store passwords, but luckily we do have the “official” Keepass Password Safe at our disposal.

On Android my favourite Keepass app is called Keepass2Android. I will admit that I made that choice a few years ago, and haven’t checked on its competitors recently (are there competitors of note, by the way?). But it does what I need it to do; it accepts Dropbox as cloud storage and it will even merge changes from the local version and the Dropbox version when it detects differences between the two during the synchronisation process. That last one is a killer feature, and it hasn’t failed me a single time in the years I have been using it.

On iOS the situation is a little more complicated – at least, that how it feels to me. I wrote earlier about KeePassium, and that is still my app of choice. I like the interface, and it does all I need when I look for account info (you can store more than just passwords there!).

But in order to sync my central file on Dropbox, on iOS the app has to go through the “Files” app from Apple. Files-the-app is capable of showing files of all kinds on the iOS device, as well as the files on several cloud file systems, like Dropbox. What is less clear to me, however, is how quickly “Files” notices changes on Dropbox and picks up the latest version of my central KeePass file. I also have had trouble getting the latest version of my file (as changed on Android, for example) onto my iPhone. Although I must admit that the last few weeks fared better: I haven’t noticed anymore missing syncs lately. What I can’t say is whether the issue was/is with Files rather than KeePassium or even my internet connection…

Anyway, when it comes to passwords I want to be sure that I’m not missing any information – or worse: I don’t want to overwrite my updated central file with an older version on iPhone! That’s why I currently always check the “last updated on” date of my Dropbox file in Files before opening the file again. Of course my Dropbox account is protected with a password, but I don’t think that is what Andrei Popleteev means when he’s writing about “How to sync KeePassium with Dropbox“.

Manually checking the file date on iOS is not an ideal situation, I know, but to me that check is a small price to pay for the greater good of having my account data available on all the platforms I use! And for me, KeePassium is still the way to go on iOS.

Read Full Post »

Older Posts »