Archive for the ‘electronics’ Category

On Google Chromebooks

Wednesday, May 30th, 2012

The Google Chromebook is an interesting product to watch. I’ve been a fan of and using them since the early Cr-48 days. In fact, two Chromebook laptops were in service in our household until just a few weeks ago when the Samsung Chromebook broke (although I hope to repair it soon).

These laptops sit next to our couch in a stack as a set of floater laptops we use for random surfing. If any of us are just looking for a quick bite of information, we generally pull out the Chromebook rather than walking over to the Macbook that sits on our kitchen counter. The Chromebook is also great for our son to use when building LEGO from PDF instructions.

Browsing is far better on the Chromebook than it is on any Android or iOS device I’ve used, hands down. I find the browsing experience to be frustrating on an iPad or my Galaxy 10″, while the Chromebook experience is flawless. The device is basically ready-to-use for browsing as soon as you lift the lid, in contrast to the fair amount of time it takes to get logged into the Macbook (especially if another user has a few applications open in their session).

The hardware itself in the early models was slightly underpowered, but that doesn’t really seem to matter much unless you’re playing a particularly intensive Flash video or HTML5 game. Scrolling is fairly slow on complex sites like Google+ as well, but it’s never been a showstopper. The touchpads have also been hit-and-miss in the early models. For what we use it for, the hardware is pretty decent. I imagine that the next generations will gradually improve on these shortcomings.

What makes these devices a hard sell is the price point. The cheapest Chromebook experience you can get today is the Acer (@ $300). Considering the fact that you are buying a piece of hardware that effectively does less than a laptop, I would find it hard to justify spending that amount if I were looking at hardware today. Even though I prefer to use the Chromebook when surfing over the tablets or the full laptop, I feel like the cost is just too much for a single-purpose device like this.

For Chromebooks to really take off in the home market, I think that a device with the equivalent power to the Samsung Chromebook 5 needs to be on the market at a $199 price point. I could see myself buying them without a second thought at that price. Alternatively, if we saw some sort of Android hybrid integration with the Chromebook, I think that this could radically change the equation and add significant perceived value to the device.

I don’t see the Chromebox being popular in households ever – I believe that we’ll see the decline of the non-portable computer going forward at home. Now, if I were running a business where a large subset of employees could get by with just web access, I would definitely consider rolling these out. The Chromebox looks like it could be a real game changer for business IT costs.

Five minutes with the Kobo Vox

Saturday, November 5th, 2011

Today I had a chance to play with the Canadian equivalent of the Kindle Fire, the Kobo Vox. It’s an Android 2.3 device, which means that it effectively has access to the entire ecosystem of Android apps. What it lacks, unfortunately, is the official Google Market application. It did appear to have access to the Gmail app, which makes the lack of Google’s Android market surprising.

The Vox is a bit lackluster in the graphics department. Full-screen animations like zooms and fades are choppy: 5-10 frames per second. The same animations in the Kobo application on my Galaxy Tab 10 are fluid and smooth. This makes the Kobo Vox feel like a really cheap bit of hardware. It’s not a big deal while reading books in the Kobo application: paging is lightning fast, although it doesn’t have any sort of animation to indicate page flips.

One thing you get with the Vox that you won’t get with the plain Kobo application on other devices is the “Kobo Voice” social reading experience. You can annotate passages in books and share them with other readers. I don’t find this to be a big loss. The Vox also offers a way to lay out books in two-page landscape mode, which would be amazing on the Galaxy Tab 10, but feels a bit cramped on the smaller Vox screen.

The Kobo Vox does have a nice screen. The Dell Streak 7″ tablet has issues with narrow viewing angles in portrait mode. From what I could tell, the Vox was beautiful in portrait and landscape orientation. The quality of the display feels pretty good.

Based on the five minutes I played with it, I don’t think it’s worth me buying. I’m tempted to look at the Kindle Fire for use in Canada, but I suspect that Amazon’s less-than-perfect support for Amazon services in Canada will make it less of an interesting piece of hardware. If you don’t already have a tablet, however, this might not be a bad device to purchase.

Comparable devices:

  • Kindle Fire: $200
  • Kobo Vox: $200
  • Dell Streak 7″: $399 (terrible for reading in portrait!)
  • Galaxy Tab 8.9: $400-600 (couldn’t find it for sale in Canada)
  • Galaxy Tab 10.1: $649

On the advancement of science and the useful arts

Wednesday, August 24th, 2011

(this is an expanded version of my Google+ post here)

Apple is quickly burning my goodwill towards with these silly patent fights. Two out of three of the patents were found not to be infringing, while the last one is a software patent that basically describes the functioning of a mobile device that deals with photos.

At this point, it’s probably worth pointing out that Apple’s notification bar is pretty much a rip-off of the Android one. And you know what? I really don’t care.

Companies should be riffing off each other’s designs and improving them as they do. We’ll get a lot further than if we give one company total control over a single domain. Apple has taken the Android notification bar and improved it, just as Google has done with various iPhone features. Both companies have built their mobile operating systems on the prior art of thousands of other inventions from the last thirty years.

As many people have stated, patents are a monopoly to advance science and the useful arts. They are not a monopoly to advance the profits of any given company, though that may be a side-effect of their existence.

Copyright and trademark law already exist to prevent direct copying of design. Would Apple have released the iPhone in the absence of software patents? Very likely. Would the iPhone/Android rivalry shaped up the same way without software patents? Very likely.

In their current form, software patents have been hindering the progress of computing. With that in mind, I say it’s time for them to go.

See this post on Hacker News

Follow me on Twitter: @mmastrac

How Apple can make use of ARM (and Intel) in its laptop line

Saturday, May 7th, 2011

There’s been some speculation about Apple moving to ARM in some of its MacBook products. This has been largely dismissed as pure rumour by a number of folks: the costs to developers of adding another platform to the universal binary format (“universal trinaries”) would be prohibitive. On top of that, the difficultly of emulating x86 or x64-compiled code on a purely ARM platform with reasonable performance would be a very challenging task.

That’s not to say that it’s totally impossible for Apple to take advantage of the potential power savings of making an ARM switch.

The focus has been on Apple switching entirely from the x64 platform to the ARM platform. I don’t think this is a feasible approach, however. It requires a bit of out-of-the-box thinking instead. Here’s how I think it could happen.

There is a fair bit of space on inside of a MacBook compared to an iPad or iPhone. Apple would use some of this space to drop one of the A5 chips on the motherboard next to the Intel chip, effectively buildly themselves a hybrid ARM/x64 system.

This A5 would be an integral part of the new MacBook design. In fact, it would run the entire OSX kernel on it. It would also be capable of running most of the other light applications on the system: Mail.app, Finder.app, Dock.app. Developers would be able to compile x64/ARM capable binaries that would be able to take advantage of this low-power processor as well. Twitter.app doesn’t need a full-fledged x64 processor to run. It would be perfectly happy living on the lower-power ARM chip.

The x64 chip would still play an important role. It would be useful for running applications that need more power than the ARM chip would be able to provide: games, web browsing and the like. It also provides the architecture necessary for VirtualBox, Parallels and BootCamp to make the OSX platform more interesting to switchers and those with Windows-only apps.

There’s no reason to think this hybrid approach wouldn’t work. The x64 processor would talk with the kernel running on the ARM chip via one of the many high-speed interconnects available on the Intel architecture. The two chips would share the framebuffer- applications running on the two chips would seamlessly render to the same desktop. They could potentially share the same RAM the same way that two Intel chips running on a motherboard do. Think of it as an “asymmetric multi-processor” setup, versus the normal SMP you’d see in servers.

There are huge advantages to running this hybrid mode. The x64 processor would be able to power down far more than it can now, adding precious hours to the runtime of the system. If users didn’t need anything more than simple ARM-able applications, the system could potentially run on the ARM processor for a significant part of a day. On top of that, there is far less required of the Intel side. The x64 chip could potentially be powered down more aggressively than it is today, adding additional runtime for those who run “legacy” x86/x64 apps.

With this approach, I wouldn’t be surprised if we saw MacBooks boasting 20-hour runtimes when used in low-power mode.

A week with a ChromeOS netbook

Saturday, February 5th, 2011

Meta: apologies for taking so long to approve comments on the blog. I haven’t set WordPress up to notify me by mail of new comments, so it takes a bit of time to notice them.

A box showed up earlier this week in the mail with an interesting set of markings. It wasn’t a big surprise – I’d been eagerly anticipating the arrival of a Cr-48 since it was shipped late last week.

Inside the box was the netbook, a set of instructions and the new set of Cr-48 decals. The decals are pretty flashy and look good, but I figured I’d wait a bit before putting them on (hey, this thing looks pretty good as-is).

The first thing you notice when starting the netbook up is that it’s fast. Pushing the power button to the firstboot or login screen is a matter of seconds. It’s the same while signing out or powering down. Oh, and the power button functions as a signout key as well. Hold it for a few seconds and it signs you out. Keep it held down a few more seconds and it powers down.

There aren’t a lot of surprises on this box. It’s basically a giant battery strapped to the Chrome browser. The battery is pretty amazing. Popping the power cord out yielded a runtime of just under eight hours when I first got the machine. A few discharge/charge cycles later and it’s sitting at more than eight hours.

Overall, the hardware is pretty decent. It’s an Atom N445 processor with 2GB RAM. It has 16GB of onboard solid-state storage. For comparison, the Dell Inspiron Mini 10 I just bought had a similar processor, but half the memory and way more storage (albeit spinning bits instead). The screen is really great and the keyboard is very comfortable to use.

I’ve heard bad things about the trackpad on the Cr-48. It seemed to be working well after I first started up the machine, but over time it’s clearly shaping up to be the weakest part of the system. The trackpad is unreliable at times. It gets stuck in a clicked state at time, where it thinks that you’re holding a finger down and moving a finger around starts selecting things. Other times it fails to recognize the two-finger right-click, making for a frustrating experience trying to copy and paste from one place to another.

Aside: I swear that when I first got this machine, the trackpad didn’t support the ability to click and drag by pushing down on the whole trackpad with one finger and dragging the other. This is working now and I can’t explain it. *shrug*

The Chrome browser runs fairly well on this hardware given the size of its CPU, but it’s definitely not as slick as Chrome on my Macbook. It can start to feel a bit sluggish when you end up with a number of tabs open. Sites that use position:fixed or background-attachment:fixed are terribly slow to scroll as well. I imagine that future versions of the OS will bring hardware-accelerated compositing to scrolling.

The netbook supports multiple users, but it can’t support more than one user logged in at a time. That’s likely to avoid having more than one user hogging the limited resources of the box. I’d really love to see something along the lines of tab hibernation used, instead of forcing one user to log out to let another log in. Once a user signs out, the state of their session should be persisted to disk locally and restored after they log in again.

I’ve been trying to get used to a world without any apps beyond the browser. It’s tough. I set up Guacamole to get access to a Linux desktop where I could run a bunch of applications that I need access to. As a developer, I can’t really live without a few desktop apps. If there were a way for me to get access to the applications on my desktop remotely, I’d be bringing this netbook everywhere instead of lugging around the much heavier Macbook Pro.

Overall, I’m really impressed with the ChromeOS netbook. It feels designed, not just made. I’m confident that a lot of the issues I’ve seen can be fixed in software updates. There are probably a lot of people that could make a switch full-time to this netbook. I’m not one of those right now, but I’d love to use something small like this for more of my computing needs.

This blog post was composed entirely on the Cr-48, including the awkward dance to download my previous Cr-48 pics from Twitpic and upload them into WordPress.

Follow me on Twitter: @mmastrac and check out my latest project, Gri.pe.

(this is Thing A Week #3)

How we found a backdoor in Sprint’s EVO and Hero phones (and lived to tell about it)

Wednesday, July 7th, 2010

As you might have seen on Wired or Engadget, we were poking around on the pre-release EVO from Google I/O and managed to get root access to it before it had been shipped. You might remember my blurrycam video of the event:

We didn’t mention how we did it at the time, only that we exploited a serious vulnerability and recommended other users root their phones. Now that Sprint’s patch has been out in the wild for a while and everyone has updated, we’re releasing more details on what the security vulnerability is.

The first step of rooting any phone is taking stock of what’s on the device and doing a cursory check of whether you can use it to elevate permissions. This means running a shell on the device and poring over ls -l in every directory.

On the EVO I received from I/O, there was a file named “skyagent” in the /system/bin directory of the device. This file was also present in the latest, shipped firmware in Sprint HTC Hero phones. When we started poking at it, we discovered that not only would it let us get root, but it was effectively a backdoor into the device that allowed external users to peek and poke input, dump the contents of the screen and run arbitrary programs. Not only that, but the program listened on every interface, meaning external users could spy remotely on the device. We weren’t able to determine if the program could be launched remotely, but once it was launched, it was a very effective back door.

We disclosed this to Sprint quickly after finding it. They were very responsive and rolled it into a patch that they released alongside the EVO’s launch.

We’re still not sure what this program was doing on the device at launch. One theory is that it’s a test program, designed to provide input and output for automated testing on real devices. Another theory is that it’s a law-enforcement or three-letter-agency wiretap program for capturing communication. Yet another is that it was placed there by a rogue employee as a plain, malicious backdoor. There’s not enough evidence to determine which (if any) of the theories is correct and Sprint hasn’t disclosed anything.

Here’s an excerpt from our coming vulnerability disclosure (thanks to rpearl for turning our internal disclosure into something more readable):

The binary is executable by any user; no authentication or privileges are necessary. Further, during the program’s initialization, there are numerous instances in which a buffer overflow can overwrite stack or bssmemory; similarly, the program passes user controlled arguments unsanitized as a format string to a sprintf, also leading to memory being overwritten. We believe that these can only be exploited to the point of a denial of service, not to the end of arbitrary code execution. This appears to be by chance, not by design.

However, the security vulnerabilities present in skyagent are of less cause for concern than the purpose of the program. It appears that the binary was designed as a backdoor into the phone, allowing remote control of the device without the user’s knowledge or permission. When the program is invoked, it listens for connections over TCP (by default, port 12345, on all interfaces, including the 3G network!) that accepts a fixed set of commands. These commands appear to be authenticated only by a fixed “magic number”; the commands are neither encrypted on the way to the device or on the way back. The commands that we have knowledge of at this time include:

  • sending and monitor user tap and drag input (“PentapHook”),
  • sending key events (“InputCapture”),
  • dumping the framebuffer (“captureScreen”),
  • listing processes (“GetProc”),
  • rebooting the device immediately,
  • and executing arbitrary shell commands as root (“LaunchChild”)

Here’s the paper that Joshua Wise typed up from the analysis we did, describing the backdoor in more detail:

Skyagent Protocol Description

HTC EVO 4G: Nice Hardware, Horrible Sprint Software

Thursday, June 3rd, 2010

UPDATE: Sprint’s OTA release last night fixes the serious vulnerability we reported to them. Kudos to them for moving so quickly. As an end-user, you’ll have to decide between being more secure with the OTA update or having root access to the device you own for now.

In the comments, Sean Doherty says:

We want to reassure everybody about some questions that have been raised about HTC EVO 4G.

We have a software update being deployed that corrects an issue with some MicroSD cards and also deploys a patch that will fix a potential security vulnerability. Users can install this update by going to Settings > System Updates > HTC Software Update on their EVO and following the instructions as prompted.

Sprint moved swiftly to make sure this was addressed.

Sean Doherty
Sprint Corporate Communications
@srdoherty


As you might know, I’ve been poking around in the guts of the HTC EVO with some other developers during the last few weeks of early EVO ownership looking to get access to root. It turned out to be fairly easy – a few hours into the investigation and we had access to root.

It turns out that this is a really, really bad thing for users. The Sprint customizations of Android are so bad that an Android application could get access to all of your data with very little work. It’s so bad that I would not recommend purchasing the Sprint EVO or Hero.

You are putting your data at risk of theft from not just one vulnerability (the one we’re releasing tomorrow), but a whole suite of vulnerabilities!

The hardest part of this is that we’re now in competition with Sprint trying to keep root access to the phone, so the idea of “responsible disclosure” works against what you’re trying to do. If end-users had full access to the phone, we’d be sending these vulnerabilities straight to Sprint. Since Sprint has decided to take the anti-user approach and lock down the phone, we’re basically holding all of these exploits close to our chest.

It hurts me to say this, but to help users take control of hardware they own, we have to expose them to security holes.

To handset manufacturers and carriers: if you give users to freedom to customize their devices, we’ll work with you directly to make sure those same users aren’t vulnerable out-of-the-box. Be more like Google and less like Apple and you’ll get an army of white-hats working to improve your product.

To end-users: choose phones that don’t make you jump through hoops to take control like the Nexus One. You bought it, it should be yours to hack and customize.

We’ll be releasing the unrevoked exploit tomorrow, but holding the details for a week or so. It’s such a blatant and dangerous hole that we felt that responsible disclosure was our only choice.

For the record, both Google and Sprint have been very proactive in plugging this hole. It would, however, be a lot easier for all parties involved if these devices weren’t locked down and we were all working to improve the user’s experience instead of building better mice and mousetraps.

HTC Evo 4G Root – where’s the details?

Wednesday, May 26th, 2010

No surprise here: lots of people are interested in the details of the root process. There’s four reasons why we aren’t releasing anything yet:

  1. We’re still working on making the root ‘sticky’. The current root doesn’t persist beyond a reboot, meaning you need to root it every time you reboot the device.
  2. We want to package up the rooter in an easy-to-install, one-click application so we’re not holding people’s hands through adb shell.
  3. We don’t want to give HTC any details that they could use to fix the hole before the official release.
  4. We want to make sure that when Froyo is released on this device, we can still get root on it.

#1 is the only real technical challenge left, but we’ve almost cracked it. Stay tuned for details.

FWIW, I can’t use my HTC Evo up here in Canada, so I’ll be selling or trading it after we finish everything up. It’s a great phone, but the best parts of it come from being a great network device.

Root on an HTC EVO 4G!

Sunday, May 23rd, 2010

UPDATE: We (ozzeh, joshua, shadowmite and I) just put the teaser site together for the EVO root. More info coming soon!

http://unrevoked.com


I ended up with a Sprint HTC EVO 4G after Google I/O. It’s a pretty fantastic phone, even though it’s something of a kitchen sink. By a happy coincidence, I ended up reconnecting with some of my buddies from the old mobile hacking days who were looking to root it. With a few hours effort and a three person team (credit to ozzeh and Joshua Wise!), we managed to get the standard su tool installed.

This sort of disassembly and hacking really brought back memories. Shadowmite introduced me to mobile phone hacking back in the day. Back then we were doing stuff like porting Linux to the device and hacking the bootloader.

In any case, here’s some screenshots. We’re not releasing any details on the root hack yet:

At this time, we believe that this specific exploit cannot be applied to Incredible.

You can find me on twitter as @mmastrac

The Next Decade

Sunday, January 3rd, 2010

The last ten years have been a wild ride for this planet, but I’m sure the next ten are going to be even more exciting. I’d like to offer my predictions of what we’ll see around now, ten years in the future.

The browser will continue its domination in the world of applications, absorbing more of what we do in desktop applications. A significant fraction of software development will happen in the browser, though most development will still happen on the desktop. WebGL will be starting to become a major platform for gaming. IE6 will be a war story told by greybeard developers, Microsoft having jumped back into the browser race and caught up to the leaders of the pack. No single browser will have a majority share worldwide. Javascript will still be the biggest language, but it will have gone through a few language iterations. The browser JS VM will be near the speed of native code, less than 25% slower.

Devices will continue to double in capacity and speed every few years. In 2020 you won’t have a desktop computer. You’ll have something in the form-factor of a laptop or tablet that you dock and charge wirelessly wherever you device to work. Hard-drives as we know them today won’t exist in most machines, replaced by various forms of multi-terabyte solid-state storage.

You’ll be carrying around a mini-computer in your pocket that runs at the equivalent speed of today’s MacBook Pro. It’ll multitask easily with a few GB of RAM and have nearly a terabyte of solid-state storage onboard. The mobile experience will be a scaled-down, synchronized version of your larger machine rather than an entirely separate device. In fact, some people may eschew the larger device and hook their mobile device wirelessly into display and input devices when they want an easier environment to work in.

Your phone and laptop will have high-end cameras with thin liquid lenses that will be good enough for most people to stop carrying around dedicated point-and-shoot cameras.

E-books will continue to grow, but the functionality will move out of dedicated devices and into portable computers with improved screens that work as well as e-paper today. Electronic textbooks will have taken over the majority share of post-secondary education and will start to make inroads in earlier school grades.

Land-lines will be a legacy technology in 2020. Most people will opt to forward their personal cell phones to an adapter that rings a home number as well when the phone is nearby. Telcos will start offering a much-higher-fidelity audio codec for cell phones that offers VoIP-quality conversations.

True electronic commerce will be starting to emerge in 2020, replacing wallets with your electronic devices for power users. Instead of carrying around a dozen ID and payment cards, people will have the option of storing them digitally and presenting them wirelessly. Electronic banking will take off, providing safe, standard web-based APIs around your personal finances and investments.

Our understanding of genetics today will look primitive compared to that of 2020. In 2020, genomics will have high-level structures that understand and codify the development and existence of organisms, allowing us to symbolically describe and modify how genes are turned on and off, like a computer program. We will have genetic fixes for a few of the big genetic disorders today. Some of these fixes will be applied to the human germline as well, wiping the diseases out entirely for descendants.

Car travel will take a number of big steps forward. In 2020, most modern cars will aware of each other to some degree and offer basic driving coordination like avoiding rear-end collisions and traffic management. Most cars will be LTE-capable and have online traffic updates, integration with your personal mail and text-to-speech for handsfree web ‘listening’. Rare features today such as heads-up night-vision displays and 360º visibility cameras will trickle down to a much larger segment of vehicles.

Personal space travel will be uncommon, but available for individuals for a cost around $100,000. Small space travel outfits will have small, but permanent space stations for the travellers to dock and stay for a few nights. Humans will be in the planning stages for the first extra-terran mission in our solar system since the moon landings which will involve nations from around the world.

Thoughts on where I’ve missed the boat, or neglected an important up-and-coming change? Leave comments below or select a paragraph to add your thoughts inline.