Archive for the ‘Software’ Category

It cannot be repeated enough: “There is No Middle Ground on Encryption” says the EFF. Specifically: the so-called “backdoors” requested by government can only weaken the encryption used, basically rendering it vulnerable to malicious attacks. The legal arguments put forward by the EFF are, of course, specific to the USA, but similar cases can certainly be built in many other countries. And the other arguments only fail to convince those who don’t know what they’re talking about… So let’s spread the word: no backdoors!

Source: Shutterstock

Also interesting is the fact that the general conclusion from a 1996 (!) study (also quoted by the EFF) still remains pretty valid:

It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages.


Read Full Post »

It’s all over the Internet: the Telegram messaging application will be banned in Russia. Censorship is never good news, so why am I happy about the news?

It’s simple: if even the russian secret services/hackers can’t break the Telegram encryption, then their protocol and encryption must be very good! That’s good news for Telegram users and privacy lovers all over the world (except Russia, of course). And that makes me a happy user of Telegram.

Read Full Post »

Just to make the update history complete: my Samsung Galaxy S7 has been updated yesterday with the February 2018 Security Patch. The current version is now called NRD90M.G930FXXU2DRB6. There’s still no sign of a real Android update to version 7.1 or 8.0…

Read Full Post »

From time to time, I spend some time (sometimes way too much) to check out the applications I’m using. Certainly on mobile devices the available options for a given function can change quickly, and it’s always useful to see if you’re missing out on something a newer application has to offer.

My most important app on any platform is, of course, a password manager. I have already spoken out in favour of the KeePass family of tools. Currently on the iPad Mini I’m using MiniKeePass, which is not very sexy to look at (or to use). But the app can read your database when stored in the cloud (Dropbox, Google Drive, etc.), and the source code is available on Github – so we are reasonably certain that the app does what it is supposed to do, nothing less and certainly nothing more.

The MiniKeePass settings screen

My search for ‘Keepass‘ on the App Store turned up another candidate: KeePass Touch. Glancing over the specs made me want to try it out. Indeed, the “Touch” part of the name indicates that you can unlock access to the passwords by using Touch ID, and I must admit that I have grown fond of that functionality on multiple mobile devices.

However, a bit of study stopped me from switching from MiniKeePass. Here’s why:

  • KeePass Touch displays ads, that can only be avoided by paying.
  • KeePass Touch claims to be “Open Source”, but I’m guessing the quotes are there for a reason: I wasn’t able to find the source code of this app, nor did I even find any website for the company that publishes the app.
  • As I found out by comparing both apps, MiniKeePass can also be unlocked by Touch ID. That’s perfect for use on my new iPad Pro ;-)

I’m very suspicious of KeePass Touch, since there are no guarantees that your passwords are safe from the eyes of its developers.

I would be very happy if someone made MiniKeePass read and write its files directly from/to Dropbox, Google Drive or a similar cloud service. But even without that I will continue to use MiniKeePass – if only to prove that real Open Source is important to me.

Read Full Post »

Yes, Samsung distributed another update for my Samsung Galaxy S7. No, it wasn’t an update to Android 7.1, and certainly not Android 8. Just security patches, I suppose – but no word on which holes were effectively taken care of. I hope that the famous KRACK attack vector of November 2017 is taken care of; I’m not betting on any resolution, partial or complete, for Spectre and Meltdown. I guess we’ll just have to be happy with the fact that security patches do come through, no?

Build G930FXXU1DRA3 for SGS7 looks like this ;-)

Read Full Post »

Considering the number of mobile apps dedicated to the subject I know I’m not alone in wanting to know the fuel consumption of my vehicles. Like my father, I have been doing that as long as I have driven motor vehicles on two and four wheels. Since 2013 or so I am using AndiCar (on Android): it has the features I want, and it’s a piece of FOSS (Free and Open Source Software). Keeping an eye on your fuel consumption is always a good idea, since a rise in numbers can be the first indicator of a problem with your vehicle.

When we bought a bi-fuel car, however, things got complicated. In November 2017, as far as I could tell, there were no apps that had full support for “hybrid” or bi-fuel vehicles. I had no choice but to start experimenting a bit, and I settled on testing an app called Fuelio as a possible alternative for AndiCar. I won’t do a complete comparative review of these two: let me just explain that AndiCar is faster for data entry (at least in my situation: I enter the data in the evening or in the weekend, when I’m at home, not in the gas station), and Fuelio is the better looking app.

Some of the statistics available in the apps I mentioned (AndiCar on the left, Fuelio on the right). The numbers do not correspond because the periods are different, not because of errors ;-)

So I mailed Miklós, the author of AndiCar, explaining my situation. I probably wasn’t the first one to mention the “multi-fuel problem” to him. Nevertheless I’m quite impressed with the fact that six weeks later he already published a new version of AndiCar that allows detailed data entry for hybrid vehicles like mine. To top it off, he also mailed me to tell me about the new version!

One of the advantages of AndiCar is that it allows you to define your own fuel types. I actually use three types of fuel, since we have two types of CNG in Belgium: low caloric content (L) and high caloric content (H) gas. AndiCar is perfectly capable of handling that.

As a happy person I simply had to respond to Miklós – here’s the code of my mail:

Good work, man! You impressed me with the speed with which you implemented the support for alternative fuel vehicles. I’m not just giving you last version “a look”: I have copied all the fill-ups of my new car into AndiCar, of course.

For the moment I will continue to compare AndiCar with Fuelio, if only to get a feeling for what might constitute a good solution for the “fuel consumption/efficiency calculation” issue, as you call it. The Fuelio solution is not good enough: it just uses the distance between the two latest fillings for that type of fuel. But that results in silly numbers when driving most kilometers with one type of fuel, interspersed with an occasional fill-up of the alternative fuel (and that’ what I try to do: run mostly on CNG because it’s cleaner, just switching to petrol when no CNG is available).

What is probably needed, is a system whereby it is possible to indicate for each fill-up whether it can be used for a consumption calculation based on the previous fill-up of the same fuel type. Or perhaps an extra odometer field ? Or …? I realise that my situation is different from that of people with electric hybrid cars: my g-tron runs on CNG as long as there is enough of it in the tank, and switches to petrol with an explicit warning the moment that switch happens. In e-hybrids the rules are completely different, and I have no ideas about how AndiCar (or any other app) could support such calculations – I suppose those cars can do it themselves ;-)

Oh well. I’m already quite happy with the work you’ve done, so thanks again!

PS. I ran into one issue when entering my fill-ups in AndiCar: trying to “convert” an existing entry to the new fuel type and UOM crashed the app (I tried it several times). But of course, deleting the existing entry and reentering the data in a new entry solved the issue, so no real harm done.

If only all software makers would be so friendly and so quick to react to their users!

Read Full Post »

Online security remains a hot topic in 2018. I was alarmed a few days ago, when messages showed up in my RSS feeds about weaknesses in Signal, Threema and WhatsApp. I use Signal almost every day, ever since it replaced its predecessor TextSecure. It’s my default texting app that covers SMS messaging in general and secure messaging with other Signal users. Logic dictates that I pay attention when Signal is mentioned in the news, especially on the subject of its security features.

So I consulted Matthew Green, through his blog post “Attack of the Week: Group Messaging in WhatsApp and Signal“. He writes that things are not as bad as they might have been:

…due to flaws in both Signal and WhatsApp (which I single out because I use them), it’s theoretically possible for strangers to add themselves to an encrypted group chat. However, the caveat is that these attacks are extremely difficult to pull off in practice, so nobody needs to panic.

So one-to-one conversations are still very private, and that’s what I care about most – I don’t think I have ever tried to send a message to a group in Signal.

Still, as Green notes, “The great thing about these bugs is that they’re both eminently fixable“. Now, I trust Open Whisper Systems to correct the issue in a short time (if it hasn’t already been fixed: the issue is seemingly not that complex to solve). But WhatsApp does not seem inclined to do the same, according to Wired’s “WhatsApp security flaws could allow snoops to slide into group chats“. So you have been warned!

Read Full Post »

Older Posts »