More of the same?

2016-03-25

Changing the encryption pass phrase on Cyanogenmod 13 / Marshmallow

Filed under: Android, Software — Tags: , , , , , , — _ds_ @ 19:56

I’ve recently been looking at improving my phone’s security configuration, and I found some advice regarding filesystem encryption which applied to Android L but not to M – and some reports of problems with this advice when applied to Cyanogenmod 13, which led me to information about a bug which stopped this working. I discovered that it was was fixed in mid-February, but my CM13 installation predates that: this meant that my phone, until shortly before writing this, never asked me for anything other than the usual at the lock screen.

So here’s a quick guide to changing your phone’s filesystem encryption pass phrase. You may know this as the boot pass phrase; in one important way, it is indeed exactly that, so I’m going to call it that.

This information is valid for Cyanogenmod 13, and may also be valid for other modified OSes and for stock Marshmallow.

Keeping lock screen and boot pass phrases the same

This is easy. Just set the pass phrase for the lock screen and you’ll be asked whether you want to use it at start-up. If you choose not to then any existing boot pass phrase will be removed and you won’t be asked for one after rebooting.

Making them different

Prerequisites

I’m assuming a certain amount of technical capability here (if I didn’t, this article would be about three times the size – at least).

  • Developer mode is enabled.
  • Access to a root shell on your phone. It doesn’t matter whether this is via a terminal app or via ADB.

CM13 has a terminal app built in. You can enable it and allow root access via developer options once developer mode is enabled.

Back up first!

In case of mistakes, make a backup. Make sure that it’s stored somewhere other than on the phone. If you make a mess of changing the pass phrase, you’re going to have to wipe and re-install.

A good way to create a backup is to run adb backup -apk -all -shared -system, which will create a file named “backup.ab”. You can later restore this using adb restore backup.ab should you need to.

As I use TWRP for recovery and update purposes, I created my backup using that and copied it from my phone by using “adb pull /sdcard/TWRP/BACKUPS .”. Had there been a problem, I’d flash an appropriate stock Marshmallow image, re-install TWRP, start that up then push the backup directory back to my phone then tell TWRP to restore the correct backup from that.

Making the change

You’ll need the current boot pass phrase. This is whatever you type in when asked “To start Android, enter your password”; if your phone doesn’t ask then it’s using the hard-coded default, which is “default_password”.

Choose a pass phrase. The usual advice about something easy to remember and hard to brute-force applies. Do not choose an empty pass phrase!

“default_password” and “new_password” as appropriate (no encoding needed, except perhaps a \ or two in specific circumstances):

vdc cryptfs changepw password 'default_password' 'new_password'

Or, if you’re setting a PIN:

vdc cryptfs changepw pin 'default_password' 'new_password'

This will take somewhere between 2 and maybe 10 seconds to run, depending on your phone. If all is well, you’ll get this response:

200 0 0

If not, something’s gone wrong. I don’t have sufficient information about errors here, unfortunately. Anyway, if the output differs, retry the command, first checking that you entered it correctly; otherwise, you’ll have to look up result codes from that command and decide from that.

Reboot and test

Now. Here’s the fun bit. Reboot your phone. You’ll fairly quickly be asked for the new boot pass phrase, so enter it. All being well, your phone will continue to boot and you’ll end up at the lock screen as normal.

Remember that you’ve not changed anything which affects the lock screen: you can unlock exactly as you did before making the boot pass phrase change.

Oh, and don’t forget that pass phrase…

Other notes

It appears to be possible to set the pass phrase to a pattern. I’m guessing that the pass phrase, in this case, would be a sequence of digits describing the dots to be joined, and in what order.

2014-12-27

The American date format must die. Horribly. With pitchforks and fire.

Filed under: FAIL, Miscellaneous — Tags: , , — _ds_ @ 23:50

Actually, so must our own. Today, for example, is 27/12/2014. Next Saturday is 3/1/2015, unless you’re American (or, evidently, Taiwanese or Chinese, if computer BIOSes are anything to go by), in which case it’s 1/3/2015 – which looks like 3 March to me.

Such formats are fine if they’re used where they won’t be misread.

WordPress uses this format inappropriately. This article was, according to them, “published on 12/27/2014 23:50”. Okay, that one happens to be unambiguous, but I’d be happier if that date were shown as “27/12/2014” (which is correct for where I am) or, better, “2014-12-27”.

Let’s all use ISO 8601 and avoid this mess!

2014-04-25

2013-12-08

FAIL: servers with IPv6 addresses, but only accessible over IPv4

Filed under: FAIL, Miscellaneous — Tags: , , , , , , — _ds_ @ 04:02

Okay. Fun situation. A possibly-interesting web site has a hostname, let’s say lart-me.example.com. That hostname has two IP addresses, as follows:

$ host lart-me.example.com
lart-me.example.com has address 192.0.2.197
lart-me.example.com has IPv6 address 2001:db8:dead:beef::3
$

(Yes, I’m using unroutable examples. I did consider using actual hostnames and addresses.)

It’s listening on IPv4 only, probably because admin don’t know about IPv6 or it’s blocked as not being TCPv4, UDPv4 or ICMPv4 or something silly like that.

Now, add in a lack of browser (or proxy) fallback to IPv4 – don’t assume that this isn’t intentional! – and watch what happens…

Connection to 2001:db8:dead:beef::3 failed. The system returned (110) Connection timed out

Confirming that it’s not listening on IPv6:

$ telnet -4 lart-me.example.com 80
Trying 192.0.2.197...
Connected to lart-me.example.com.
Escape character is '^]'.
^]

telnet> Connection closed.
$
$ telnet -6 lart-me.example.com 80 & sleep 60; kill %1
[1] 6942
Trying 2001:db8:dead:beef::3...
$

Whoops. Basically, fail.

Needless to say, traceroute6 lart-me.example.com works at least part of the way.

I see this (potentially) becoming a common problem as IPv6 spreads but admin (for example) simply don’t consider IPv6… they really need to make sure that their sites or services work properly regardless of whether the client uses IPv4 or IPv6 since, sooner or later, IPv4 is going to become Fun™ to use (consider carrier-grade NAT) and will eventually be of historical interest only.

I tried emailing the perpetrators of two such sites. One ignored me and the other doesn’t have a working webmaster@ address – which is another fail in its own right.

2013-11-06

“Okay, Google” without en_US

Filed under: Mobile, Software — Tags: , — _ds_ @ 14:51

This hack works for stand-alone Google search but not the integrated Google Now in the Nexus 5 launcher. (It was developed and tested with English (UK) on my Nexus 4 running Cyanogenmod 10.2.)

First, make sure that the voice search data for your language is installed and that English (US) is up to date.

Then, root shell time. Run the following commands, replacing en-GB with the appropriate directory name if you need to

# cd /data/data/com.google.android.googlequicksearchbox/app_g3_models/en-GB
# ls ../en-US

If that second command succeeds, the next step is this:

# ln -s ../en-US/dnn ../en-US/*hotword* ../en-US/phone* .

Otherwise, this:

# ln -s /system/usr/srec/en-US/dnn /system/usr/srec/en-US/*hotword*
        /system/usr/srec/en-US/phone* .

When done, find -type l should list 9 symlinked files.

Of course, ideally this wouldn’t be needed. Maybe Google will, one day, get round to adding hotword detection to other languages and localisations…?

Update (2014-04-26)

A little belated with this, but anyway…

Google have added “okay, Google” to various other English localisations and a few other languages this year. It’s now recognised for British English (which means that I get to use it without hacks), Canadian English, Australian English, German and French.

If your language still isn’t supported (and the above procedure doesn’t help), here are two other sites which can help (and if they don’t, search instead).

2012-12-07

Idiots on Britain’s roads. Let’s call it a war!

Filed under: Miscellaneous, Uncategorised — Tags: , , , , — _ds_ @ 07:18

I’ve watched that BBC documentary, “War on Britain’s Roads”, about, effectively, cyclists versus other road users. It showed accidents or near-misses. It showed a cyclist being cut in front of by a cab driver, and the confrontation which ensued. It showed CCTV footage of a cement mixer lorry turning left, dragging a cyclist under it… It showed cyclists being idiots too. It showed one who goes fast along the road, who likes keeping up with the other road users. It also showed a pedestrian stepping out right into the path of a bike…

This alleged documentary focused on the negatives – the idiots, what they do, and what can and does go wrong as a result. At least one review says that it did a good job of scaring people off their bikes and into cars, another says “smug vigilante cyclists”; it seems that many say that it was unbalanced and sensationalist.

I have no real argument with those reviews; and, indeed, let’s be fair here – it did show one or two good things too, like a policeman stopping things getting out of hand (it also showed him racing after others; but, to be fair, he was at least making sure that his presence was known) and two who’d lost cyclist relatives to drivers who, certainly in one case and likely the other too, hadn’t seen them (and couldn’t).

People out recording footage of their journeys. I’d expect that what they record to be mostly fine, no incidents to chase up, nothing doing. But if you believe what was in the documentary, it’s all but ‒ nowhere did anybody mention that. Maybe some of them go out looking for incidents, and sometimes cause them so that they have something to report – certainly, the documentary gave the impression that those featured do that.

Then there’s that last bit. Seems to have been some film-maker and some idiot racers – the former I’d expect to have set up properly regarding safety, insurance etc.; without that, it’s just plain irresponsible if not illegal.

Anyway…

I’ve had a few vehicles (usually cars) cut in right in front of me, and it’s not nice. Each time, it seemed to me that the driver of the vehicle in question was trying to push me into the kerb or off the road. This is not nice. Even if you, as a driver, think that you’ve given the cyclist just enough space, the cyclist sees it as dangerous. Remember that you’re nice and safe in your big metal box-o’-death – and the cyclist is very much exposed. Is it any wonder that some react, seemingly aggressively?

Okay, I’ve chased one or two who’ve done that, and got ahead of one and pulled out into the middle of the lane for a while, moving back when I caught up with slow traffic up ahead. Nothing much resulted, unlike Mr. Speed Freak in the documentary, who got into a confrontation with the driver after banging on his cab. I’d not do that. I’d probably fall over.

I’ve been knocked off my bike once – in fact, almost twice – by vehicles turning left when I wanted to go straight on. In both cases, I had no idea that the vehicle was coming up (they were, after all, behind me) and turning. The first time was by a car driver who had no excuse regarding visibility (yes, the excuse was used)– came up behind me, turned left; I, not having encountered this before, had no chance to react. Result? Broken wrist. Pinned bone. A few visits to the local hospital to see a physiotherapist – who was a cyclist and is now another statistic.

The second time (the almost one), it was a larger vehicle – a small lorry. I was able to stop and retain my balance; no damage done, and after making sure of this, we were both on our way.

Due to that cyclist v. cement mixer incident reported on in the documentary (which resulted in one dead cyclist and one mother not letting go and, consequently, making a difference), there have been some safety improvements in the fleet owned by the company whose vehicle was involved in the accident. Sometimes it takes this kind of thing to improve matters…

Check. Check again. Youre coming up behind the cyclist, so it’s safe to assume that you haven’t been seen and that, in the absence of indication to the contrary, the cyclist will continue straight ahead, across the junction. Wait until you can see the cyclist again, safely away from you.

Okay, I get things wrong occasionally. I’ve gone through a few red lights, and that’s something which I try not to do – as a road user, traffic lights apply to me too. I’ve probably done one or two other things, but not realised. I’m wary about signalling because of drivers who don’t give you a lot of space. I do slow down for others when on a cycle path, enough that there’ll be no real damage should one suddenly step out right into my path – I certainly don’t want to fall off as a result of bumping into somebody!

I don’t try to keep up with the cars. It may be faster and, perhaps, better (from an exercise point of view); but it’s also a lot of effort and it’s riskier should I have an accident, and I think that I’d be concentrating more on that and on maintaining my position. Competitive where competitive isn’t needed or useful.

I do sometimes ignore cycle paths. I know of some roads where the cycle path repeatedly crosses it: I find that, by and large, rather silly, particularly where the path remains wide enough. Short sections may be ignored too; there’s one such stretch not far from home, where the path crosses the road, follows alongside then turns away from it. Unless I’m following the cycle path, it’s pointless using that short segment.

Where I have problems is turning right from traffic lights. I get in the right lane, on its left side because (usually) there’s already a car parked there, waiting. And, as often as not, the driver of that car wants to go straight on; so I watch then proceed when I think that it’s safe. Maybe I should take some advice given in that documentary: take “possession” of the road – after all, on my bike, I’m another road user. Perhaps I should line up with, not alongside, the cars when waiting at traffic lights; I don’t know.

Oh yes. That’s one thing which I don’t like: drivers who stop too close to the kerb when in stationary traffic. To any pedestrians who hate us for mounting the pavement to get past traffic, look at the traffic and see how much room it’s left us.

I’m not sure that it’s a ‘war’ by idiots – drivers and cyclists alike – on the rest of us. While we can all be idiots, some are much more likely to be than others. We all lose concentration occasionally. We all get distracted. We all make mistakes. It’s fair to be informed that we’ve done so should we not realise it ourselves. But some endanger themselves or others seemingly deliberately…

2012-11-28

x32 isn’t x86

Filed under: Hardware, Linux, Software — _ds_ @ 17:41

There’s a shiny new possibly-to-be-in-Debian architecture named x32. This is, basically, amd64 (x86_64) with a 32-bit address space and 32-bit long integers.

Unfortunately, people have been referring to i386 (x86) as x32, presumably influenced by a certain monopolistic company calling amd64 ‘x64’ – I’ve seen search results including “Ubuntu 10.04 x32”. If x32 gains significant traction (looks like it could be gaining that now) and gets into Debian proper, and subsequently also derivatives such as Ubuntu, then this is going to be a little bit interesting…

2012-09-01

What’s wrong with Google+ on Android…?

Filed under: FAIL, Miscellaneous, Mobile, Software — _ds_ @ 02:45

What I don’t like about the ‘new’ +Google+ UI, having just upgraded downgraded from the last version for Android which supported Incoming (due to them finally having switched it off):

  • Circles menu is… inconvenient.
    • Being able to select which circles are shown there is useful, particularly if you have many. Alternatively, being able to mark some as ‘important’ (regarding placement in that menu) would work – and I include the pseudo-circles in this.
  • Pictures and videos are initially confusing, being above the name and posting text.
    • In portrait mode, they look like they’re associated with the content immediately above.
    • In landscape mode, the avatar and name appear misplaced.
    • The avatar shouldn’t overlap them – as is, it looks bad. I’d put it, name, date etc. above.
  • The avatar looks bad.
    • It should match desktop browser G+, i.e. not clipped to a circle.
  • In landscape mode:
    • Posting arrangement is strange. Should be vertical.
    • Notifications are badly placed. I didn’t find them until I saw the side menu in portrait mode.
    • Viewing a single thread makes bad use of the available space.
      • Here, it’s restricted in width to the height of the display (more or less). It needs to use the full width of the display (which, here, is 800×480).
    • Adding a comment doesn’t work well.
      • This is due to the above thread view limitation.
      • Portrait mode is better for display reasons, but this makes soft keyboard rather more awkward (narrow buttons).
      • Strangely, given this, making a new posting works as well as it previously did in landscape mode.
  • Nothing to indicate that there’s more text in a posting (in the stream view).
  • Still no indication of struck-through text.
  • No scroll bar in the stream view? Weird.
  • ‘Swipe to switch circles’ is missing.
  • ‘What’s Not’ is present.
  • Incoming is missing (but I expected that).
    • I don’t expect to go through each and every ‘not yet in circles’ profile to see what’s there – that’s what Incoming’s for.

The UI in the last version for Android to support Incoming works. It’s nice and clean. This one’s… less clean.

I’ve reported most of this little lot via the G+ feedback page (in smaller chunks due to the paltry 500-character limit). Hopefully we’ll see some improvements, including the return of Incoming. But somehow I think that that’s not going to happen…

Finally, according to the ‘city-level’ location, I’m in Northern Europe. While technically true, it often makes attaching my location rather less than useful.

2012-08-30

Google+ – Incoming not merely hidden, but completely removed?

Filed under: FAIL, Miscellaneous, Mobile, Software — _ds_ @ 22:58
Android G+ screenshots showing nothing found

Screenshots from the last Android Google+ app to support Incoming, showing “no posts found” (but there should be content). Taken on 2012-08-31.

Seems that Google+ have decided to cut off all but Nearby for those of us who still have the last version (on Android) to support Incoming.

This is Bad and Wrong.

Now I can’t easily and conveniently dip in and see what people who’ve circled me (but I’ve not circled back) are posting. There was a suggestion of looking at each individual profile to see what’s posted, but that’s repetitive, time-consuming and error-prone.

I might have decided to see what’s being shared for a while after being circled (i.e. not just what’s public) before deciding what to do. Incoming allowed this in a convenient way.

Well done, Google+, for removing useful stuff

I am now forced to downgrade to a newer version of the Android G+ app if I want something which works.

(Also, scrapbook pictures. Yes, I use them. No, I will not choose to use cover images instead. Yes, I want to use them on one of my pages, but somehow that got downgraded to cover image and I can’t revert that – THAT IS JUST PLAIN BROKEN.)

(You may pretend that the above text is liberally padded with expletives. That would be a lot closer to what I’m thinking.)

Older Posts »

The Silver is the New Black Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.