The 10 Worst Passwords

Posted on by
Reply

‘baloney’ and ‘baloney1’ was not included, but there is no protection for stupid.

Worst password for 2016

Worst password for 2016

Google: 10 worst passwords 2016

https://www.teamsid.com/worst-passwords-2016/

Worst passwords for 2015

Worst passwords for 2015

Google: 10 worst passwords 2015

https://www.teamsid.com/worst-passwords-2015/

Google: 10 worst passwords 2014

https://www.teamsid.com/worst-passwords-of-2014/

1 123456 No Change
2 password No Change
3 12345 Up 17
4 12345678 Down 1
5 qwerty Down 1
6 123456789 No Change
7 1234 Up 9
8 baseball New
9 dragon New
10 football New

Google: 10 worst passwords 2010

https://www.symantec.com/connect/blogs/top-500-worst-passwords-all-time

1 123456
2 password
3 12345678
4 1234
5 pussy
6 12345
7 dragon
8 qwerty
9 696969
10 mustang

And try not to do very bad things

German Government Classifies Doll as Illegal Spyware & that snitch bitch Barbie

Posted on by
Reply

This story has an unseen element for mobile developers. What we are seeing in this next phase of mobile development is system integration. Most developers will think of IoT devices like Google Nest, the proverbial Internet connected refrigerator, or Amazon’s Alexa. Instead think, iRobot’s Roomba, John Deere Lawn Mowers, and Virtual Reality exercise machines. Under thse new scenarios, your phone/tablet may well be your “key” to turn them on – just like your phone can unlock your front door right now.

When you think in those terms, then Hello Barbie (that snitch bitch) does not seems so innocent.

Doll Hack

Given the holidays and the recent election in the USA, you might have missed these two (2) items.  In Feb 2017, Bruce Schneier, a well-respected Internet security expert,  put out this tweet

Bruce writes in his blog:

The My Friend Cayla doll (…) allows children to access the internet via speech recognition software, and to control the toy via an app.

But Germany’s Federal Network Agency announced this week that it classified Cayla as an “illegal espionage apparatus”. (…)

Under German law it is illegal to manufacture, sell or possess surveillance devices disguised as another object.

That snitch bitch Barbie

Hackers can hijack Wi-Fi Hello Barbie to spy on your children – The Guardian (no paywall) – by Samuel Gibbs – 26 November 2015

The article states:

Mattel’s latest Wi-Fi enabled Barbie doll can easily be hacked to turn it into a surveillance device for spying on children and listening into conversations without the owner’s knowledge.

(…)

But US security researcher Matt Jakubowski discovered that when connected to Wi-Fi the doll was vulnerable to hacking, allowing him easy access to the doll’s system information, account information, stored audio files and direct access to the microphone.

The Trouble for Citizens

HMMMMM… In the US, under the US Constitution we have the Right to Privacy and the Right to Unreasonable Search and Seizure. But spying on a US citizen is permitted and has created huge issues. In 2015, PBS’s Frontline exposed the issues, which included:

(…) the 2008 FISA Amendments Act, the government still has the authority to access the communications of users of popular Internet sites such as Facebook, Google, Microsoft and Yahoo. Section 702 of the law, which does not expire until 2017, gives the government the ability to collect the content of an Internet user’s actual communications — not just metadata.

IOT Connected CarSo to be clear under Section 702, the government can collect the content of an Internet user’s actual communications. This means that anything, any IOT device (like Nest, or your car, or Internet Barbie) can used to collect your communications and conversation — lawfully, and can be used in court against you.

What can you do

Can we do anything about it?

Sadly not alot has been written about this, and even the companies that produce these toys tend to be self-asorbed and clueless as to what to do.

The one thing I’ve been able to find gives the usual advice, but it also states some interesting points. From the Washington University in Saint Louis is Analysis of Security Concerns & Privacy Risks of Children’s Smart Toys (pdf)

V. MITIGATING THE RISKS

(…)

Currently, toy manufacturers are not required to disclose security vulnerabilities and therefore carry no liability. Because they do not have to report such factors it is unknown how well companies are testing the security of their products.

VII. Conclusion

There are both positive and negative aspects to consider as the smart toy continues to evolve. It will provide new ways of learning and interacting, but with it comes security and privacy risks. While there are several steps consumers can take to protect themselves there really needs to be a formal agency that approves and reviews the security of the new Internet of Toys and the legality of data those toys harvest, process, and monetize. There will always be zero day attacks and unknown unknowns, but there is room for improvement in protecting the youngest consumers with a higher standard of safety.

Best of Luck All

SOURCES:

DiaTweet: Twitter new vision for API and platform.

Posted on by
Reply

twitter icon

The first screen leads to the blog

Roadmap to plan on Trello.com

Direct Messaging to blog, again.

A Twitter app based on a slippery slope.

Posted on by
Reply

slipper slope warningThe premise is simple enough. Track what a user (or account) tweets over time. The purpose would be to monitor the content of the user (or account). The intent is to have a third-party review the tweets. As such, Twitter has some general policy rules that MUST be followed. They are outlined below.

The commercial product, named Bird Netting, is blogged on edogfood as With Bird Netting, get tweets at a later time. The process will be blogged for those wanted to create similar services. Example code will be on github.com.

There are two important parts:

  1. Our list of Important Points from Twitter Developer Policy
  2. Other Important Terms from the Twitter Developer Agreement

Important Points from Twitter Developer Policy

We sumarize the important points in no particular order.

  • When Twitter asks, promptly delete, change or modify the tweet.
  • Twitter maintains it’s right to control all Twitter content.
  • Don’t cyber-stalk (use the geo information to follow) people.

Use the following tweets to lead you to the exact the words and terms for the policy.

Other Important Terms

From the Twitter Developer Agreement

VII. Other Important Terms

The text has been marked up to assist in read the document.

A. User Protection. You will not knowingly: 1) display, distribute, or otherwise make available Content to any entity to investigate, track or surveil Twitter’s users or their Content, or to obtain information on Twitter users or their Content, in a manner that would require a subpoena, court order, or other valid legal process or that would otherwise have the potential to be inconsistent with our users’ reasonable expectations of privacy; or 2) display, distribute or otherwise make available Content to any person or entity that you reasonably believe will use such data to violate the Universal Declaration of Human Rights (located at http://www.un.org/en/documents/udhr/), including without limitation Articles 12, 18, or 19. If law enforcement personnel request information about Twitter or its users for the purposes of an ongoing investigation, you may refer them to Twitter’s Guidelines for Law Enforcement located at https://t.co/le. You will not conduct and your Services will not provide analyses or research that isolates a small group of individuals or any single individual for any unlawful or discriminatory purposes.

  1. Protect the User’s legal rights.
  2. Protect the User’s Universal Declaration of Human Rights, which appear to be consistent with the USA Consitution.
  3. Do not do anything that is unlawful or is discriminatory.

Below is a one slippery slope. Who determines what is discriminatory?

 

How to install git on Debian Linux, Ubuntu, Mint, & Debian-based systems

Posted on by
Reply

git icongit is a useful repository system. It has collaboration, but like all system it has it’s pitfalls. I won’t cover that here.

This is for debian-based linux system – Ubuntu, Mint, etc. Links in the SOURCES section will let you know, if your system can use these instructions. Additional git tutorials linked below.

It will generally work, if you use apt-get for software packages.

sudo apt-get update
sudo apt-get install git

That’s it.

apt-get update – updates the apt-get tool with the latest patches and security fixes.

apt-get install git – actually installs git

Additonal Tutorials

Git Tutorial https://tecadmin.net/git-tutorial/

Tutorial – How to use github.com for your projects. – codesnippets.altervista.com

SOURCES:

 

Cordova / Phonegap Release History

Posted on by
Reply

cordova-phonegap-release-historyA few days ago I blogged on How Cordova and Phonegap releases work. That blog post includes links to the blogs – from where some of this information comes.

However, the blogs also provide a historic record of the Release and important transitions. As such, Cordova and Phonegap each have their own histories. Those histories are intertwined.

Sometime in the future I will write an in-depth description on the many changes and mistakes that were made in the development of the “system”. Today there are eleven (11) files that outline the record. There is also a Index to listing of releases.

If you have any question, you can ask me on Google Groups.

If you see any errors, please create an issue on the github repository.

Cordova

Phonegap

How Cordova and Phonegap releases work

Posted on by
Reply

cordova-phonegap-buildA conflicting recommendation exists within Cordova and Phonegap.

One policy recommends that you never set your compiler and plugin version so you will always get the latest and greatest.

Another policy recommends that you always set your compiler and plugin version so you will always get the stability and reliance.

I recommend you always set your compiler and plugin version.

Which every way you decide to take it is good to know the release policies for both, and how they work. (For version numbering and such, there is a link at the bottom.)

Update: 2013-02-23 New section on “pinning” at the bottom.

Cordova Releases

  1. Tools Release (aka Cordova CLI) is the leading branch. This is available as soon as the “Tools Release blog” is posted.
  2. Within each Tool Release, are the builders for each platform. For example, Cordova Android CLI is for Google Android, and Cordova iOS CLI is Apple iOS. Builders have there own versioning and release cycle – which may or may not coincidence with the Tools Release.
  3. The Plugins Release is the release of Cordova “Core” Plugins. The release is usually released after the leading branch. The Cordova “Core” Plugins are those plugins mentioned in the Plugins Release blog post. This differs from the Tools Release.
  4. Cordova “Core” Plugins can, and often do, advance a version before the next Plugins Release.
  5. Cordova “Core” Plugins occasionally break. This requires a “hot patch”, and an immediate advance in the version. This is rare, but it happens.
  6. Cordova Third-Party plugins are independent, and advance on there own pace. Their version may or may not coincide with Tools Release. However in practice, Third-Party plugins make changes or addendums soon after Tools Release.

Phonegap Releases

  1. Phonegap CLI generally has the leading branch for Phonegap; usually just days after the Tools Release.
  2. Phonegap Build is always behind the leading branch. It takes weeks, and sometimes months, for Phonegap Build to align with the Tools Release. It often skips intermediate versions.
  3. Recently, Phonegap set to *read-only* the Phonegap Build Repository in favor of the Cordova (NPM) Plugin Repository. This means developers are encouraged to use the Cordova (NPM) Plugin Repository. This also means ALL the Cordova (NPM) Plugin Repository *plugins* are available – for both CLI and Build. This previously was not the case. However, the plugins have the following caveats.

Phonegap Build Plugins Caveats

  1. 3rd-Party Plugin authors are still responsible for the plugins. They are also responsible for answering questions about their plugins. Neither Cordova, nor Phonegap enforce this policy, neither do they take corrective action – except in extreme cases.
  2. Phonegap Build may not support all the Cordova “build hooks” needed by a 3rd-Party Plugin author.
  3. Phonegap Build plugins must be in the Cordova (NPM) Plugin Repository. This excludes plugins that are not in the repository. (At this time, this excludes some plugins in github.com)
  4. Sometimes the most recent release of a Third-Party plugin requires the most recent Tools Release. This means sometimes the most recent release of that Third-Party plugin will not work with Phonegap Build.
  5. Sometimes for a Third-Party plugin to work with Phonegap Build a developer must use a previous version of the Third-Party plugin.
  6. Private plugins are available as part of the paid Phonegap Build account.
  7. There are more properties for Third-Party plugin. I have been unable to identify them.
  8. Lastly, on occasion, the *read-only* Phonegap Build Repository must be use for a plugin. The most notable example is Crosswalk. (SEE: Cordova Android 4.0.2 and 3rd Party Webviews)

UPDATE: 2016-02-23

Clear Up Confusion on Pinning

When Cordova makes a Tools Release, they typically will “pin” the current compiler platform version. “Pin”, sometimes refered to as “pinned version”, is the version that was current when the Tools Release happened. Cordova will make note of this at the bottom of the post.

For example, when Cordova 6.0.0 was released, at the bottom of the blog post you will see something like this:

Pinned Platform Versions for Cordova CLI 6.0.0

  • Cordova Amazon-FireOS: ~3.6.3
  • Cordova Android: ~5.1.0
  • ::::

This has been in place for sometime – generally it started in mid-4.x version.

NOW THE CONFUSION: Previous to version 6.0.0 Plugins were not “pinned” to Tools Release. This is a new policy. As should be expected, Phonegap Build  has not implemented this policy – YET; even though the recently decide to use cli-6.0.0 (but not as the default build).

To be clear, it is a new (unannounce) policy for Cordova to pin the “core” plugins with the Tools Release. For those with doubt, here are the links to previous releases. NOTE: The lablels with the pinned version are not consistent with the Tools Release. It appears to be a transcription error.

= Links =

= Reference =

How to create a Cordova Bug Report on JIRA

Posted on by
Reply

If you have not signed up for the system, you need to do that first.

Creating a bug report on this system is confusing. Part of the reason is that it handles bug reporting for several projects. Another reason is that any random key will do something and it is hard to find your way back to where you started.

This tutorial is picture based, but there are three (3) major steps.

  1. Select the Cordova Project
  2. Find the Help Menu
  3. Start a Bug Report

Select the Cordova Project

Find the Project select box.

step_01

Search for Cordova

step_02

Click the box and select Apache Cordova from the list.

step_03

 

Find the Help Menu

On the top right is a pull-down button, click it.

jira_help_button

From the menu, select Keyboard Shortcuts.

jira_help_menu

On the right hand column is the item "Create an issue:" [c].
NOTE: This is legend, not an active menu.

jira_help_keys_list

 

Start a Bug Report

Close the Keyboard Shortcuts legend.

Press [C] on your keyboard.

After a second or two, the following screen should pop up.

jira_create_report

javascript, ubuntu gnome and disabling hot-corners and message-tray

Posted on by
Reply
Screen view after accidentally hitting the top left corner with my mouse.

Screen view after accidentally hitting the top left corner with my mouse.

About two years ago, I need to update my laptop because the old one was dying. I decided on a used Lenovo T60. Years earlier it proved a favorite with System administrators, so I figured many of the bugs were fixed – little did I know I was *wrong*.

Rather than use the Unity windowing system I decide to find the various pieces of the Gnome Classic. It worked for the most part except for two extremely annoying pieces. This so-called feature is soooo bad I really want to punch the author in the face. For those people that know me, this seems to be a real reach. But trust me, if you are the author and you read this, do NOT admit to writing this piece of wholy crap.

The Annoyance

Often, without warning, I would have my screen collapse. The picture to of the blog shows what would happen, if I accidentally scrolled my mouse to the top left corner. This is know as the “top left hot corner”. The picture just below that so-called message tray.

Now, there are tools for fixing these issues, but they always seem to be in a version I did not have.

The annoying message tray that would pop up after I accidentally let my mouse float to the bottom of the screen.

The annoying message tray that would pop up after I accidentally let my mouse float to the bottom of the screen.

On 2015-11-20, I finally was feed up to the point where I started some real searching to figure out what the problems was.

The Final Solution

In the final solution, it was not clear to me where I should edit. My final decision was to comment out the list where the event was “connected” to an action. The solution was everything I was hoping for. Do the following two (2) edits.

Edit #1

cd /usr/share/gnome-shell/js/ui
sudo vi +453 layout.js

comment out the following lines (#453), like this.

/*
        this._trayPressure.connect('trigger', function(barrier) {
            if (Main.layoutManager.bottomMonitor.inFullscreen)
                return;

            Main.messageTray.openTray();
        });
*/

Edit #2

sudo vi +1078 layout.js

comment out this line (#1076) in layout.js

        // this._pressureBarrier.connect('trigger', Lang.bind(this, this._toggleOverview));

What amazed me was how neat the code was, and that it was all written in Javascript. Who would have known.

An IoT Tutorial for Phonegap, and the Arduino Yun using the Bridge REST API

Posted on by
2

pa_toggle13Hey All,
Recently, I create a Phonegap Demo App that toggles an LED on an Arduino Yun using the Bridge REST API. While this seems trival, it is intended as a simple demo app and tutorial. The Phonegap App works on Android and iOS. The Arduino Yun uses a script, pre-installed on it’s famous IDE, known as the bridge sketch.

For those unfamiliar with mobile development, it will seems both easy and challenging. The code has a familiar appearance and bearing, but the words used (the syntax) appear as a different language.

For those familiar with mobile development, communicating with Arduino will seem trivial and puzzling. The REST API will appear basic and frictionless, and when the LED changes state (ON to OFF, OFF to ON) it will seem magically. However, because the Arduino C++ is ”NOT” a standard C++, and the interface appears to inherit but does not, the programmer will be left to wonder if they hit some type of time warp.

The challenge awaits those interested in IoT (Internet of Things).

BLOG: http://codesnippets.altervista.org/blog/2015/BLOG.2015-05-25.jssnippets.html

CODE: https://github.com/jessemonroy650/phonegap-arduino-toggle13