Let's encrypt beta invite

Fantastic! The same day as I was mentioning them on a post about UK HTTP sniffing logs retention perspectives, Let's encrypt sent me an invite for the closed beta I subscribed to a few weeks ago.

I'm very proud to be able to experiment early with the tools that'll help converting massive chunks of the Internet to encrypted connections for everyone.

And.. perfect timing really.

#supercurioBlog #encryption



Let’s Encrypt
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the Internet Security Research Group (ISRG). ISRG is a California public benefit corporation, and is recognized by the IRS as a tax-exempt organization under Section 501(c)(3) of the Internal Revenue Code.

Source post on Google+

Dear UK, what are you doing?!

It might be time to throw out your current leaders.

In case anyone was ever doubting that adult content filters were just a first step for control freak authorities having no limit on how ready they are to violate any citizen privacy… here's your proof.

On the positive side if there is any, it will only encourage every site owner to switch to HTTPS, either with their own certificates with http://letsencrypt.org or via +CloudFlare​​​​ free solution, sufficient to avoid HTTP requests logging from ISPs in a few clicks.

I've activated that for my sites until http://letsencrypt.org is shipping. Unless you prefer to obtain full-fledged certificates, I would strongly encourage you to do that too given the current direction of things.

#supercurioBlog #security #encryption

Originally shared by +TNW

UK bill forcing ISPs to store users’ browsing history to be published today http://tnw.me/gzmimWk



UK bill forcing ISPs to store users’ browsing history on its way
New surveillance laws in the works will require broadband providers to store details of every site citizens visited in the past 12 months, reports the BBC.

Source post on Google+

Google Project Zero targeting Samsung

Project Zero made the news a few months ago by publishing unfixed vulnerabilities with their exploit in Microsoft operating systems before Redmond's company succeeded to ship patches.
A lot was written back then about the fact Google was attacking their competitor, accusing also this team to be irresponsible by operating following a fixed 90 days time-frame.

Well, this time they went against the worldwide leader Android manufacturer and its Galaxy 6 Edge, with the same rules and similar results which should address any bias concerns.

The report itself is fascinating and illustrates how additional software, like apps or support for more media formats natively (Samsung always has been good with that) increases the attack surface with more code, that might also not be as solid as AOSP's.
Then there is hardware drivers (like for the GPU) and you can't really skip shipping that.

How many vulnerabilities can be found in the phone you are using right now (any phone) with a few weeks of work from a dedicated team?
It's safe to assume quite a few. With sufficient resources it seems there will be ways to find a way in which is not reassuring given the amount of data our gadgets have access to – especially through Google account credentials.
Location history being the perfect example of over the top tracking yet required for Google Fit and probably enabled after tapping a Google Maps launch dialog without realizing the consequences by many.
This is why I highly recommend two factora authentication… Yet it doesn't change anything if a root vulnerability allows to escape the sandbox and steal credentials from the active device or access the data from there directly.

It is also difficult to know where to learn about manufacturers' security practices.
Do they have a security team like Project Zero evaluating their products internally continuously with fuzzing and more?
There are no guarantee of results and certainly no such thing as perfect security, but it's something it would be good to know.

#supercurioBlog #security



Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge
Posted by Natalie Silvanovich, Planner of Bug Bashes Recently, Project Zero researched a popular Android phone, the Samsung Galaxy S6 Edge. We discovered and reported 11 high-impact security issues as a result. This post …

Source post on Google+

Nexus 6P bends again

Following up on his first video where +JerryRigEverything​​ bends a +Nexus​​ 6P, I'm doing the same after qualifying the first one as likely non-representative it was done on a phone which glass was already shattered.

I can't see any particular flaw in the method of this one, and it's done with an educational approach.
This phone very much has a point of vulnerability where demonstrated.

What I don't know is that if like the iPhone 6 and 6 Plus the phone can bend in regular use, little by little and stay bent, or this one is more about its "bend-breaking" ability.

It's too bad that after the iPhone 6 generation experience, manufactures still release products with a mechanical weak point such as this one.
It shows that +Huawei​​ likely didn't make their own stress test process to take into consideration the new elements, something that other manufacturers appear to have done in comparison.

At least, as observed previously, the phone bends/break above the battery and unlike the iPhone 6 it doesn't make it a safety hazard in this case

#supercurioBlog #video #Nexus

Source post on Google+

Twitter new like: favs got old

+Twitter made a pragmatic choice by transforming the awkward "favorite" button into a common "like", encouraging healthy and positive interactions between their users.
In fact if you're on Twitter you've probably seen one of your tweets be favorited despite it was not THAT great, and later acted likewise to acknowledge someone else's tweet.

This is where the article's author has a point. Transforming "Fav" into "Like/Love" with a heart button cannot represent accurately the large variety of use people found with this one.
It's a clear choice to direct it in a positive way however.

Only an "ACK" or "Acknowledge" button would be generic enough, without attaching a meaning which could be out of place – better convoyed by words instead.

But an "acknowledge" button, really? I might be watching too much Star Trek 😉

#supercurioBlog



RIP Twitter favs, killed by a half-assed ‘like’
Twitter has officially killed the favorite button today, rolling out a new heart button labeled ‘like’ to replace it. The change, which rolls out today, fe

Source post on Google+

Learning more about Android Doze mode

A few applications allow to adjust the parameters of Android 6 automatic power saving capability, like +Francisco Franco​​'s Naptime available here:
https://play.google.com/store/apps/details?id=com.franco.doze

This other app published on +xda-developers​​ comes with a cool description of the various parameters the system takes into consideration to activate this lower power state.

Interesting read to learn more about how things work ☺

#supercurioBlog #battery



[Root] Doze Settings Editor (Android Marshmallow Only)
Android Marshmallow Doze Settings Editor Requires Root This app is a simple editor of the settings or parameters which affect the operation of Doze. If no…

Source post on Google+

Samsung Galaxy View strange formula

A small and rather expensive TV able to run streaming apps?

The main issue with this concept that could indeed work is the weight:
Sure, it might be fine standing on a table.
But 2.65 kg? That's gonna be awkwardly uncomfortable on a couch or in bed.

If it's just for streaming, lower SoC specs and lower price would have given it a better chance – but I suppose Samsung tries to introduce this new category as high-margin instead, assuming the risk that the 1st generation could fail.

#supercurioBlog



Hands-on with the Galaxy View: A huge $599 screen for streaming
Enormous? Yes. Silly? Maybe a little! Either way, Samsung loves the idea of a screen for your streaming videos.

Source post on Google+

Questionnable Nexus 6P bend test

It is expected than picks of Mohs Hardness Scale of 7 and above scratched with some pressure will leave from marks to deep dents into a Gorilla Glass screen.

As soon as +JerryRigEverything​ does that, he compromises the structure of the complete glass by going through the coating and attacking what makes up the material's compression stress.

This is why it is not surprising to see it shatter. It doesn't mean that the glass is particularly fragile. Any similar glass construction will behave about the same once the damage goes past the coating.

I don't get the point of the lighter burn test. Maybe because I don't smoke?

The bend test however isn't looking too great.
At least it seems to bend above the battery so that one should be reasonably safe.
Edit: I agree the bend test might not be representative however due to the prior shattering of the display, then unable to participate to the structural rigidity.

See https://d3nevzfk7ii3be.cloudfront.net/igi/ZlpUoq3OjhHJsqTo.huge: it bends right in between the battery and board areas.

Now let's see how other phones behave when subjected to the same treatment by the same person for comparison!

#supercurioBlog #Nexus #video

Source post on Google+

10-bit color on OSX El Captain

The first thing.. okay the second thing I noticed when looking at a couple Retina iMac was the large amount of banding in gradients.
Like this one:
http://dl.project-voodoo.org/screen-tests/gradient-2560×1600.png or a dithered version
http://dl.project-voodoo.org/screen-tests/gradient-2560×1600-oversampled-dithered.png

It seems that Apple was applying a correction profile on only 8-bit – and quite a bit of it, which on this very large and sharp panel created simply banding galore.

10-bit, even for apps that support only 8-bit per channel (24-bit colors) should at least fix the calibration banding issue, if all is as it should be.

#supercurioBlog #color #calibration #banding

Originally shared by +PetaPixel

OS X El Capitan Quietly Unlocked 10-Bit Color in iMacs and Mac Pros



OS X El Capitan Quietly Unlocked 10-Bit Color in iMacs and Mac Pros
OS X El Capitan added some major features to the operating system when the update was released at the end of September 2015, but it appears that there was

Source post on Google+

Casting lossless audio to Chromecast

+Manuel C. is preparing a Chromecast audio review for +FrAndroid and came to me today to talk about that. I shared my impressions and told him that I didn't find the time yet to develop a mini app based on the SDK to stream lossless audio to it.

So he found this music player, which is one of the first app available able to do just that!
The screenshot shows the upload bandwidth which corresponds to 44100 Hz 16-bit PCM Stereo audio when playing a WAV file for a quick verification.

44100*16*2 = 1411200 bit/s = 172 kB/s: perfect!

The name is Shuttle Music Player, from SimpleCity, by +Tim Malseed

Free: https://play.google.com/store/apps/details?id=another.music.player
Pro: https://play.google.com/store/apps/details?id=com.simplecity.amp_pro

Notes:
– I noticed already a little bug concerning casting audio volume so be careful with that.
Cool and promising app nonetheless, highly recommended try!
– Keep in mind that the Chromecast Audio and Chromecast 2 currently upsample everything to 48 kHz with a non-optimal resampling algorithm. So there's some loss here unless you're streaming 48kHz/16-bit PCM.

Now I can prepare Chomecast Audio quality measurement, nice!

#supercurioBlog #audio #lossless #Chromecast

 

Source post on Google+