Archive for the ‘technology’ Category

Five minutes with the Kobo Vox

Saturday, November 5th, 2011

Today I had a chance to play with the Canadian equivalent of the Kindle Fire, the Kobo Vox. It’s an Android 2.3 device, which means that it effectively has access to the entire ecosystem of Android apps. What it lacks, unfortunately, is the official Google Market application. It did appear to have access to the Gmail app, which makes the lack of Google’s Android market surprising.

The Vox is a bit lackluster in the graphics department. Full-screen animations like zooms and fades are choppy: 5-10 frames per second. The same animations in the Kobo application on my Galaxy Tab 10 are fluid and smooth. This makes the Kobo Vox feel like a really cheap bit of hardware. It’s not a big deal while reading books in the Kobo application: paging is lightning fast, although it doesn’t have any sort of animation to indicate page flips.

One thing you get with the Vox that you won’t get with the plain Kobo application on other devices is the “Kobo Voice” social reading experience. You can annotate passages in books and share them with other readers. I don’t find this to be a big loss. The Vox also offers a way to lay out books in two-page landscape mode, which would be amazing on the Galaxy Tab 10, but feels a bit cramped on the smaller Vox screen.

The Kobo Vox does have a nice screen. The Dell Streak 7″ tablet has issues with narrow viewing angles in portrait mode. From what I could tell, the Vox was beautiful in portrait and landscape orientation. The quality of the display feels pretty good.

Based on the five minutes I played with it, I don’t think it’s worth me buying. I’m tempted to look at the Kindle Fire for use in Canada, but I suspect that Amazon’s less-than-perfect support for Amazon services in Canada will make it less of an interesting piece of hardware. If you don’t already have a tablet, however, this might not be a bad device to purchase.

Comparable devices:

  • Kindle Fire: $200
  • Kobo Vox: $200
  • Dell Streak 7″: $399 (terrible for reading in portrait!)
  • Galaxy Tab 8.9: $400-600 (couldn’t find it for sale in Canada)
  • Galaxy Tab 10.1: $649

Automatic file transfer in iTerm2 via ZModem

Wednesday, October 26th, 2011

scp is a great way to securely transfer files from computer to computer, but wouldn’t it be nice if you could just automatically send files over the existing SSH connection you’ve already opened?

Back in the days of modem-based BBSes and dial-up machine access, file transfers were forced to run over the same TTY as your interaction with the system. A number of different solutions evolved for this, starting with the grandfather of transfer solutions, XModem. Other transfer protocols evolved, some starting from the ground up like Kermit, while YModem and ZModem build on the foundation of XModem.

The latest version of iTerm 2 added support for two features that were very interesting: Triggers, that match a regular expression to a line of text; and co-processes, that can feed input directly into a terminal. With these two features, we can add the ability to stream files to and from any server over an existing ssh session. As ZModem is most modern protocol with wide support (lrzsz is well-supported and packaged on both OSX and Linux), I’ll show you how to use it to automate piggy-backed file uploads and downloads in your iTerm sessions.

Setup

First of all, install lrzsz via brew. This will install the sz and rz binaries in /usr/local/bin/:

macbook-pro-2:~ matthew$ brew install lrzsz
==> Downloading http://www.ohse.de/uwe/releases/lrzsz-0.12.20.tar.gz
==> ./configure --prefix=/usr/local/Cellar/lrzsz/0.12.20 --mandir=/usr/local/Cellar/lrzsz/0.12.20/share/man
==> make
==> make install
/usr/local/Cellar/lrzsz/0.12.20: 13 files, 376K, built in 21 seconds

Secondly, grab the scripts from my iterm2-zmodem github repo, and save them in /usr/local/bin/.

Next, we’ll add a Trigger to your iTerm 2 profile that will trigger on the signature of the rz and sz commands. The setup for these commands differs based on the iTerm 2 version you have:

Build newer than 1.0.0.20111026

    Regular expression: \*\*B0100
    Action: Run Coprocess
    Parameters: /usr/local/bin/iterm2-send-zmodem.sh

    Regular expression: \*\*B00000000000000
    Action: Run Coprocess
    Parameters: /usr/local/bin/iterm2-recv-zmodem.sh

Build older than 1.0.0.20111026 (only receive supported)

    Regular expression: [\$#] rz( -v)?$
    Action: Run Coprocess
    Parameters: /usr/local/bin/iterm2-send-zmodem.sh

Note: ideally we’d be matching on the ZModem initial packet signature: \*\*\u0018B01 in all versions of iTerm 2, but earlier versions of iTerm 2 had a bug that broke this pattern detection in this case. Instead we’re matching against the pattern of the rz command typed at a shell for those older builds.

Receiving files from the server

To receive a file on your server, type the following at a shell prompt:

# rz

A file-picker dialog will then pop up asking you for the file to send. Once you choose the file to send, it will automatically transfer the file across your existing console session.

Sending files to the server

To send files from your server to your desktop, type the following:

# sz file1 file2 file3 /folder/file*

A folder picker will show up, asking where you want to drop the files. If you send multiple files, they will all appear in this folder.

Wrap-up

This is a pretty rough first pass at this, but the shell scripts are available on github if you’ve got ideas for improvement.

Comments: discuss this on Hacker News

On the advancement of science and the useful arts

Wednesday, August 24th, 2011

(this is an expanded version of my Google+ post here)

Apple is quickly burning my goodwill towards with these silly patent fights. Two out of three of the patents were found not to be infringing, while the last one is a software patent that basically describes the functioning of a mobile device that deals with photos.

At this point, it’s probably worth pointing out that Apple’s notification bar is pretty much a rip-off of the Android one. And you know what? I really don’t care.

Companies should be riffing off each other’s designs and improving them as they do. We’ll get a lot further than if we give one company total control over a single domain. Apple has taken the Android notification bar and improved it, just as Google has done with various iPhone features. Both companies have built their mobile operating systems on the prior art of thousands of other inventions from the last thirty years.

As many people have stated, patents are a monopoly to advance science and the useful arts. They are not a monopoly to advance the profits of any given company, though that may be a side-effect of their existence.

Copyright and trademark law already exist to prevent direct copying of design. Would Apple have released the iPhone in the absence of software patents? Very likely. Would the iPhone/Android rivalry shaped up the same way without software patents? Very likely.

In their current form, software patents have been hindering the progress of computing. With that in mind, I say it’s time for them to go.

See this post on Hacker News

Follow me on Twitter: @mmastrac

How Apple can make use of ARM (and Intel) in its laptop line

Saturday, May 7th, 2011

There’s been some speculation about Apple moving to ARM in some of its MacBook products. This has been largely dismissed as pure rumour by a number of folks: the costs to developers of adding another platform to the universal binary format (“universal trinaries”) would be prohibitive. On top of that, the difficultly of emulating x86 or x64-compiled code on a purely ARM platform with reasonable performance would be a very challenging task.

That’s not to say that it’s totally impossible for Apple to take advantage of the potential power savings of making an ARM switch.

The focus has been on Apple switching entirely from the x64 platform to the ARM platform. I don’t think this is a feasible approach, however. It requires a bit of out-of-the-box thinking instead. Here’s how I think it could happen.

There is a fair bit of space on inside of a MacBook compared to an iPad or iPhone. Apple would use some of this space to drop one of the A5 chips on the motherboard next to the Intel chip, effectively buildly themselves a hybrid ARM/x64 system.

This A5 would be an integral part of the new MacBook design. In fact, it would run the entire OSX kernel on it. It would also be capable of running most of the other light applications on the system: Mail.app, Finder.app, Dock.app. Developers would be able to compile x64/ARM capable binaries that would be able to take advantage of this low-power processor as well. Twitter.app doesn’t need a full-fledged x64 processor to run. It would be perfectly happy living on the lower-power ARM chip.

The x64 chip would still play an important role. It would be useful for running applications that need more power than the ARM chip would be able to provide: games, web browsing and the like. It also provides the architecture necessary for VirtualBox, Parallels and BootCamp to make the OSX platform more interesting to switchers and those with Windows-only apps.

There’s no reason to think this hybrid approach wouldn’t work. The x64 processor would talk with the kernel running on the ARM chip via one of the many high-speed interconnects available on the Intel architecture. The two chips would share the framebuffer- applications running on the two chips would seamlessly render to the same desktop. They could potentially share the same RAM the same way that two Intel chips running on a motherboard do. Think of it as an “asymmetric multi-processor” setup, versus the normal SMP you’d see in servers.

There are huge advantages to running this hybrid mode. The x64 processor would be able to power down far more than it can now, adding precious hours to the runtime of the system. If users didn’t need anything more than simple ARM-able applications, the system could potentially run on the ARM processor for a significant part of a day. On top of that, there is far less required of the Intel side. The x64 chip could potentially be powered down more aggressively than it is today, adding additional runtime for those who run “legacy” x86/x64 apps.

With this approach, I wouldn’t be surprised if we saw MacBooks boasting 20-hour runtimes when used in low-power mode.

A week with a ChromeOS netbook

Saturday, February 5th, 2011

Meta: apologies for taking so long to approve comments on the blog. I haven’t set WordPress up to notify me by mail of new comments, so it takes a bit of time to notice them.

A box showed up earlier this week in the mail with an interesting set of markings. It wasn’t a big surprise – I’d been eagerly anticipating the arrival of a Cr-48 since it was shipped late last week.

Inside the box was the netbook, a set of instructions and the new set of Cr-48 decals. The decals are pretty flashy and look good, but I figured I’d wait a bit before putting them on (hey, this thing looks pretty good as-is).

The first thing you notice when starting the netbook up is that it’s fast. Pushing the power button to the firstboot or login screen is a matter of seconds. It’s the same while signing out or powering down. Oh, and the power button functions as a signout key as well. Hold it for a few seconds and it signs you out. Keep it held down a few more seconds and it powers down.

There aren’t a lot of surprises on this box. It’s basically a giant battery strapped to the Chrome browser. The battery is pretty amazing. Popping the power cord out yielded a runtime of just under eight hours when I first got the machine. A few discharge/charge cycles later and it’s sitting at more than eight hours.

Overall, the hardware is pretty decent. It’s an Atom N445 processor with 2GB RAM. It has 16GB of onboard solid-state storage. For comparison, the Dell Inspiron Mini 10 I just bought had a similar processor, but half the memory and way more storage (albeit spinning bits instead). The screen is really great and the keyboard is very comfortable to use.

I’ve heard bad things about the trackpad on the Cr-48. It seemed to be working well after I first started up the machine, but over time it’s clearly shaping up to be the weakest part of the system. The trackpad is unreliable at times. It gets stuck in a clicked state at time, where it thinks that you’re holding a finger down and moving a finger around starts selecting things. Other times it fails to recognize the two-finger right-click, making for a frustrating experience trying to copy and paste from one place to another.

Aside: I swear that when I first got this machine, the trackpad didn’t support the ability to click and drag by pushing down on the whole trackpad with one finger and dragging the other. This is working now and I can’t explain it. *shrug*

The Chrome browser runs fairly well on this hardware given the size of its CPU, but it’s definitely not as slick as Chrome on my Macbook. It can start to feel a bit sluggish when you end up with a number of tabs open. Sites that use position:fixed or background-attachment:fixed are terribly slow to scroll as well. I imagine that future versions of the OS will bring hardware-accelerated compositing to scrolling.

The netbook supports multiple users, but it can’t support more than one user logged in at a time. That’s likely to avoid having more than one user hogging the limited resources of the box. I’d really love to see something along the lines of tab hibernation used, instead of forcing one user to log out to let another log in. Once a user signs out, the state of their session should be persisted to disk locally and restored after they log in again.

I’ve been trying to get used to a world without any apps beyond the browser. It’s tough. I set up Guacamole to get access to a Linux desktop where I could run a bunch of applications that I need access to. As a developer, I can’t really live without a few desktop apps. If there were a way for me to get access to the applications on my desktop remotely, I’d be bringing this netbook everywhere instead of lugging around the much heavier Macbook Pro.

Overall, I’m really impressed with the ChromeOS netbook. It feels designed, not just made. I’m confident that a lot of the issues I’ve seen can be fixed in software updates. There are probably a lot of people that could make a switch full-time to this netbook. I’m not one of those right now, but I’d love to use something small like this for more of my computing needs.

This blog post was composed entirely on the Cr-48, including the awkward dance to download my previous Cr-48 pics from Twitpic and upload them into WordPress.

Follow me on Twitter: @mmastrac and check out my latest project, Gri.pe.

(this is Thing A Week #3)

How we found a backdoor in Sprint’s EVO and Hero phones (and lived to tell about it)

Wednesday, July 7th, 2010

As you might have seen on Wired or Engadget, we were poking around on the pre-release EVO from Google I/O and managed to get root access to it before it had been shipped. You might remember my blurrycam video of the event:

We didn’t mention how we did it at the time, only that we exploited a serious vulnerability and recommended other users root their phones. Now that Sprint’s patch has been out in the wild for a while and everyone has updated, we’re releasing more details on what the security vulnerability is.

The first step of rooting any phone is taking stock of what’s on the device and doing a cursory check of whether you can use it to elevate permissions. This means running a shell on the device and poring over ls -l in every directory.

On the EVO I received from I/O, there was a file named “skyagent” in the /system/bin directory of the device. This file was also present in the latest, shipped firmware in Sprint HTC Hero phones. When we started poking at it, we discovered that not only would it let us get root, but it was effectively a backdoor into the device that allowed external users to peek and poke input, dump the contents of the screen and run arbitrary programs. Not only that, but the program listened on every interface, meaning external users could spy remotely on the device. We weren’t able to determine if the program could be launched remotely, but once it was launched, it was a very effective back door.

We disclosed this to Sprint quickly after finding it. They were very responsive and rolled it into a patch that they released alongside the EVO’s launch.

We’re still not sure what this program was doing on the device at launch. One theory is that it’s a test program, designed to provide input and output for automated testing on real devices. Another theory is that it’s a law-enforcement or three-letter-agency wiretap program for capturing communication. Yet another is that it was placed there by a rogue employee as a plain, malicious backdoor. There’s not enough evidence to determine which (if any) of the theories is correct and Sprint hasn’t disclosed anything.

Here’s an excerpt from our coming vulnerability disclosure (thanks to rpearl for turning our internal disclosure into something more readable):

The binary is executable by any user; no authentication or privileges are necessary. Further, during the program’s initialization, there are numerous instances in which a buffer overflow can overwrite stack or bssmemory; similarly, the program passes user controlled arguments unsanitized as a format string to a sprintf, also leading to memory being overwritten. We believe that these can only be exploited to the point of a denial of service, not to the end of arbitrary code execution. This appears to be by chance, not by design.

However, the security vulnerabilities present in skyagent are of less cause for concern than the purpose of the program. It appears that the binary was designed as a backdoor into the phone, allowing remote control of the device without the user’s knowledge or permission. When the program is invoked, it listens for connections over TCP (by default, port 12345, on all interfaces, including the 3G network!) that accepts a fixed set of commands. These commands appear to be authenticated only by a fixed “magic number”; the commands are neither encrypted on the way to the device or on the way back. The commands that we have knowledge of at this time include:

  • sending and monitor user tap and drag input (“PentapHook”),
  • sending key events (“InputCapture”),
  • dumping the framebuffer (“captureScreen”),
  • listing processes (“GetProc”),
  • rebooting the device immediately,
  • and executing arbitrary shell commands as root (“LaunchChild”)

Here’s the paper that Joshua Wise typed up from the analysis we did, describing the backdoor in more detail:

Skyagent Protocol Description

The Next Decade

Sunday, January 3rd, 2010

The last ten years have been a wild ride for this planet, but I’m sure the next ten are going to be even more exciting. I’d like to offer my predictions of what we’ll see around now, ten years in the future.

The browser will continue its domination in the world of applications, absorbing more of what we do in desktop applications. A significant fraction of software development will happen in the browser, though most development will still happen on the desktop. WebGL will be starting to become a major platform for gaming. IE6 will be a war story told by greybeard developers, Microsoft having jumped back into the browser race and caught up to the leaders of the pack. No single browser will have a majority share worldwide. Javascript will still be the biggest language, but it will have gone through a few language iterations. The browser JS VM will be near the speed of native code, less than 25% slower.

Devices will continue to double in capacity and speed every few years. In 2020 you won’t have a desktop computer. You’ll have something in the form-factor of a laptop or tablet that you dock and charge wirelessly wherever you device to work. Hard-drives as we know them today won’t exist in most machines, replaced by various forms of multi-terabyte solid-state storage.

You’ll be carrying around a mini-computer in your pocket that runs at the equivalent speed of today’s MacBook Pro. It’ll multitask easily with a few GB of RAM and have nearly a terabyte of solid-state storage onboard. The mobile experience will be a scaled-down, synchronized version of your larger machine rather than an entirely separate device. In fact, some people may eschew the larger device and hook their mobile device wirelessly into display and input devices when they want an easier environment to work in.

Your phone and laptop will have high-end cameras with thin liquid lenses that will be good enough for most people to stop carrying around dedicated point-and-shoot cameras.

E-books will continue to grow, but the functionality will move out of dedicated devices and into portable computers with improved screens that work as well as e-paper today. Electronic textbooks will have taken over the majority share of post-secondary education and will start to make inroads in earlier school grades.

Land-lines will be a legacy technology in 2020. Most people will opt to forward their personal cell phones to an adapter that rings a home number as well when the phone is nearby. Telcos will start offering a much-higher-fidelity audio codec for cell phones that offers VoIP-quality conversations.

True electronic commerce will be starting to emerge in 2020, replacing wallets with your electronic devices for power users. Instead of carrying around a dozen ID and payment cards, people will have the option of storing them digitally and presenting them wirelessly. Electronic banking will take off, providing safe, standard web-based APIs around your personal finances and investments.

Our understanding of genetics today will look primitive compared to that of 2020. In 2020, genomics will have high-level structures that understand and codify the development and existence of organisms, allowing us to symbolically describe and modify how genes are turned on and off, like a computer program. We will have genetic fixes for a few of the big genetic disorders today. Some of these fixes will be applied to the human germline as well, wiping the diseases out entirely for descendants.

Car travel will take a number of big steps forward. In 2020, most modern cars will aware of each other to some degree and offer basic driving coordination like avoiding rear-end collisions and traffic management. Most cars will be LTE-capable and have online traffic updates, integration with your personal mail and text-to-speech for handsfree web ‘listening’. Rare features today such as heads-up night-vision displays and 360º visibility cameras will trickle down to a much larger segment of vehicles.

Personal space travel will be uncommon, but available for individuals for a cost around $100,000. Small space travel outfits will have small, but permanent space stations for the travellers to dock and stay for a few nights. Humans will be in the planning stages for the first extra-terran mission in our solar system since the moon landings which will involve nations from around the world.

Thoughts on where I’ve missed the boat, or neglected an important up-and-coming change? Leave comments below or select a paragraph to add your thoughts inline.