The Daily Parker

Politics, Weather, Photography, and the Dog

Two unhappy articles about your phone

First, two unidentified have discovered malware on 38 Android devices that could only have been installed after manufacture but before distribution to retailers:

An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren't part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected.

"This finding proves that, even if a user is extremely careful, never clicks a malicious link, or downloads a fishy app, he can still be infected by malware without even knowing it," Check Point Mobile Threat Researcher Daniel Padon told Ars. "This should be a concern for all mobile users."

Padon said it's not clear if the two companies were specifically targeted or if the infections were part of a broader, more opportunistic campaign. The presence of ransomware and other easy-to-detect malware seems to suggest the latter. Check Point also doesn't know where the infected phones were obtained. One of the affected parties was a "large telecommunications company" and the other was a "multinational technology company."

But malware and password stealing doesn't always need software. Sometimes it just needs a suspicious border guard:

Data provided by the Department of Homeland Security shows that searches of cellphones by border agents has exploded, growing fivefold in just one year, from fewer than 5,000 in 2015 to nearly 25,000 in 2016.

According to DHS officials, 2017 will be a blockbuster year. Five-thousand devices were searched in February alone, more than in all of 2015.

The more aggressive tactics of the past two years, two senior intelligence officials told NBC News, were sparked by a string of domestic incidents in 2015 and 2016 in which the watch list system and the FBI failed to stop American citizens from conducting attacks. The searches also reflect new abilities to extract contact lists, travel patterns and other data from phones very quickly.

But the officials caution that rhetoric about a Muslim registry and ban during the presidential campaign also seems to have emboldened federal agents to act more forcefully.

"The shackles are off," said Hugh Handeyside, a staff attorney with the ACLU's National Security Project. "We see individual officers and perhaps supervisors as well pushing those limits, exceeding their authority and violating people's rights."

Expect a lot of litigation and very unhappy travelers. Plus some other Fourth Amendment issues that go unreported.

Happy cell phoning!

Should we ignore presidential Tweets?

Jeet Heer says no:

[T]he very nature of our modern world, and the United States’ supremacy, makes it impossible to dismiss an American president’s word. The U.S. is a nuclear-armed superpower, with a commander in chief who presides over the world’s largest economy. Millions of people all over the world pay careful attention to what a president says, making their own plans based on the words coming out of the White House—and they will continue to do so whether or not the press corps and political class in Washington somehow agree en masse to ignore Trump’s tweets.

“Toyota Motor said will build a new plant in Baja, Mexico, to build Corolla cars for U.S. NO WAY!” Trump tweeted in January. “Build plant in U.S. or pay big border tax.” Toyota’s stock promptly fell, as has the stock of other companies caught in Trump’s Twitter crosshairs. Because his tweets move markets, businesses are developing strategies for how to handle a presidential social media attack. There’s even an app that lets you know when Trump has tweeted negatively about a publicly traded company, so you can sell quickly if needed. Another company created a lightning-fast Twitter bot that automatically short sells such stocks. It’s called “Trump and Dump.”

“Mr. Trump’s Twitter posts, viewed with amazement outside the West Wing bubble, often create crises on the inside,” the Times reported. “That was never truer than when Mr. Trump began posting from his weekend retreat at his Mar-a-Lago estate in Florida shortly after sunrise on Saturday. His groggy staff realized quickly that this was no typical Trump broadside, but an allegation with potentially far-reaching implications that threatened to derail a coming week that included the rollout of his redrafted travel ban and the unveiling of the Republican plan to replace the Affordable Care Act.”

The more one watches this clown, the more one wonders just how much he's a genius, or, you know, something else?

Nokia dumbs down

The Finnish manufacturer is bringing back their 2000-era 3310:

Given the rising angst of a society run by technology, Nokia might have picked the perfect time to introduce an antidote to the smartphone. But even under today’s conditions, it is tempting to see the new Nokia 3310 merely as another example of retro nostalgia. Ha-ha, what if you could get a dumbphone instead? It would pair perfectly with a milk crate full of vinyl albums. But it’s also possible that the 3310 marks the start of a new period of technological mobility. One that offers a sense of how even the most entrenched technological habits might yet turn out differently.

It might be premature to announce the end of humanity’s love affair with the smartphone. But the relationship’s cracks are surely showing. Some have immediate consequence. Apps have contributed to a huge spike in traffic accidents and deaths, as more and more people attempt to operate finicky handheld devices while driving. The partial-reinforcement techniques baked into today’s apps and games has become more apparent to users, who seem increasingly resigned to services they also feel no option to quit. And the uniformity in design of devices has arrested their future potential. Every year another glass rectangle, affording no more or less than it promises, which is more of the same.

The smartphone’s conquest is definitive and complete. A decade after its form solidified, the contemporary citizen of the developed world has almost no choice but to own and operate one. And yet, the joy and the utility of doing so has declined, if not ceased entirely.

Hey, for $50 I might pick one up as a backup device, once they're offered in the U.S.

Poor dead phone

My new LG G5 is now a brick, so I'm back to my slightly-cracked G4.

Yesterday, the phone got hot, stopped responding to inputs, and rebooted itself twice in three hours. That's usually the sign of a runaway app. So upon turning it back on, I manually rebooted it to clear running apps (it auto-loads apps that were running when it resets), and all seemed fine.

Then sometime while I walked home from Wrigley it shut itself off completely and has not yet woken up.

Fortunately T-Mobile was able to move my SIM back to my old phone. Unfortunately the photos I took at Wrigley were on an encrypted SD card which is now unreadable because the decryption keys are hardware-based. (The whole point of the encryption scheme is to prevent an attacker from moving the data to a new phone.)

T-Mobile says I should have a replacement G5 by Monday.

Big news from the DC Circuit Court

The appeals court that is typically the last stop for regulatory disputes has ruled that the Internet is a utility:

The court’s decision upholds the F.C.C. on the declaration of broadband as a utility, the most significant aspect of the rules. That has broad-reaching implications for web and telecommunications companies and signals a shift in the government’s view of broadband as a service that should be equally accessible to all Americans, rather than a luxury that does not need close government supervision.

The ruling may open a path for new limits on broadband providers. Google and Netflix support net neutrality rules and have warned government officials that without regulatory limits, broadband providers would have an incentive to create business models that could harm consumers. They argue that broadband providers could degrade the quality of downloads and streams of online services to extract tolls from web companies or to promote unfairly their own competing services or the content of partners.

This is very good news to those of us worried about the dominance of carriers. There's not other way to solve the "last mile" problem, I think, than this, forcing your local telco or cable company to treat all Internet traffic equally. It's still subject to appeal to the Supreme Court; here's hoping they don't grant certiorari.

Killing your babies

Startup founder Tim Romeo decided to kill his startup right before they would have gotten a check for $500,000. Sounds crazy? No; he did the right thing:

[S]omething was wrong. It seemed trivial at first, but it bothered me. Despite glowing praise, our users were only using ContractBeast to create a small percentage of their total new contracts.

I spent the next two weeks visiting our beta users, looking over their shoulders as they worked, and listening to them explain how they planned on using the product. Pressing them directly on why they were not using ContractBeast to create all their contracts resulted in a lot of feature requests.

Now, talking with customers about features is tricky. Often you receive solid and useful ideas. Occasionally a customer will provide an insight that will change the way you look at your product. But most of the time, customers don’t really want the the features they are asking for. At least not very badly.

When users are unhappy but can’t explain exactly why, they often express that dissatisfaction as a series of tangential, trivial feature requests. ... These aren’t necessarily bad ideas, but they had nothing to do with why they were not using ContractBeast more extensively.

His blog post is good advice not just for startup founders, but for anyone writing software.

Neat Windows 10 trick

Senior Microsoft programmer Raymond Chen describes a feature in Windows 10 that is unusually useful:

Windows 10 brings the Xbox Game DVR feature to the PC. The Game DVR feature lets you record yourself playing a video game, so you can share the recording with your friends.

Suppose you have some program that you want to record, say for a bug report or for an instructional video. Just pretend it's a game:

  • Put focus on the program you want to record.
  • Press Win+G to open the Game Bar. If it asks whether you want to open the Game Bar, say, "Yes, this is a game."
  • Press the red circle to start recording, or press Win+Alt+R
  • Do the thing you want to record.
  • Open the Game Bar and press the red square to stop recording. Or use the hotkey Win+Alt+R
  • Optional: Open the Game Bar, click the gear icon, and uncheck "Remember this app as a game."

The recording is placed in your Videos\Captures folder.

Cool, right?

Curious

Scott Hanselman suggests that, rather than dividing the world into technologists and non-techies, the division is simply about curiosity:

I took apart my toaster, my remote control, and a clock-radio telephone before I was 10. Didn't you? What's the difference between the people that take toasters apart and the folks that just want toast? At what point do kids or young adults stop asking "how does it work?"

There's a great interview question I love to give. "When you type foo.com into a browser, what happens? Then what happens? Then what happens?" I ask this question not because I care how deep you can go; I ask because I care how deep you care to go. Where does your interest stop? How do you THINK it works? Where does technology end and where does the magic (for you) begin? HTTP? TCP? DNS? Voltage on a wire? Registers in chips? Quantum effects?

Perhaps curiosity is an innate thing, perhaps it's taught and encouraged, but more likely it's a little of both. I hope that you're stretching yourself and others to ask more questions and explore the how and why of the world around you.

And he has a great quote on Twitter (from himself): "Non-technical people, here's a secret. We tech folks have no idea what the problem is. We just try to narrow it down, removing variables."