The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,738 other followers

Archive for October 16th, 2017

OnePlus OxygenOS built-in analytics: disable it as soon as you can

Posted by jpluimers on 2017/10/16

Remove the OnePlus Analytics service because of privacy violations:

Source: [WayBackOnePlus OxygenOS built-in analytics

We take a look at the analytics built into the OxygenOS, the flavour of Android built by phone manufacturer OnePlus.

The analytics data is sent over https, but it contains way too much information on your privacy.

This also taught me about this interesting project: [WayBack] OWASP Zed Attack Proxy Project – OWASP

These tweets describe how to disabled it:

It was also present OnePlus Five, I found it through:

  1. Settings
  2. Developer Options
  3. Running Services
  4. OnePlus System Service
  5. OnePlusAnalyticsJobService

Until removed, it restarts at every boot.

Removing the service seems more permanent than the alternative [WayBack] Dear OnePlus, please stop spying on my phone:

  1. Settings
  2. Advanced
  3. Join user experience program
  4. toggle this option to off

It is unclear to me what turned that option on in the first place.

–jeroen

via: [WayBack] Welp. As a OnePlus owner, this makes me pretty damn unhappy :/ https://www.chrisdcmoore.co.uk/post/oneplus-analytics/ +Colm Buckley – Kristian Köhntopp – Google+

 

Posted in Android Devices, OnePlus Five, OnePlus Two, Power User, Privacy | Leave a Comment »

If Beyond Compare indicates “editing disabled” after starting from SourceTree, then your integration is wrong.

Posted by jpluimers on 2017/10/16

SourceTree 2.1 still doesn't recognise that Beyond Compare is installed.

SourceTree 2.1 still doesn’t recognise that Beyond Compare is installed.

I noticed that on my Mac, Beyond Compare wasn’t able to edit diffed files when it had been started from SourceTree. This struck me as odd since on Windows this worked fine. So I did a bit of digging and found out both SourceTee and I screwed up:

Editing Disabled

Luckily [WayBackZoë Peterson (lead developer on Beyond Compare and formerly Turbo Power Abbrevia project admin) had answered this before, and all these show “Editing disabled” in the user-interface:

Beyond Compare will disable editing of a file any of the following reasons:

  • It’s one of the input files in a 3-way merge
  • The comparison was cancelled
  • The comparison encountered an error (corrupt file, invalid character encoding, out of memory, gamma rays, etc)
  • The file format’s conversion settings don’t support converting back to the original format (MS Word, PDF)
  • The file is on a read-only “filesystem” (7zip/RAR/CHM archives, CD/DVD-ROMs)
  • A file or parent folder had editing explicitly disabled by the user in the session settings or using the /ro command line switches
  • The viewer itself doesn’t support editing (eg, Hex Compare)

Source: [WayBackversion control – Beyond Compare 3 editing disabled – Stack Overflow

So the last instruction should be:

Set both Visual Diff Tool and Merge Tool to Other, then set both the Diff Command and Merge Command to the value you obtained above (in my case /usr/local/bin/bcomp) and these arguments:

  1. Diff Command Arguments
    "$LOCAL" "$REMOTE"
  2. Merge Command Arguments
    "$LOCAL" "$REMOTE" "$BASE" "$MERGED"

Note that somewhere during 2.2, SourceTree has added Beyond Compare integration and fixed some of the issues, but there are still issues left:

No Editing Disabled

There is only one occasion where the UI does not show “Editing Disabled”, but where you cannot edit the file itself (you can only edit the current line in the line diff view at the bottom of the UI). Zoë mentioned that too:

Also, the Full Edit (F2) toggle in the Text Compare View menu switches between inline editing and line-based mode. If it’s disabled you can copy/delete whole lines and type in the line details edits at the bottom of the window, but the main windows won’t have a cursor, typing is disabled, and it will always select whole lines. Unlike the above items, this doesn’t show “Editing Disabled” in the status bar.

Source: [WayBackversion control – Beyond Compare 3 editing disabled – Stack Overflow

By default this setting is bound to the F2 key on Windows, so if you accidentally press that when Beyond Compare is active, you might be in for a surprise.

Screen shots:

Read the rest of this entry »

Posted in Beyond Compare, Power User | Leave a Comment »

RSA keys by Infineon chips or libraries can be cracked fast; Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping…

Posted by jpluimers on 2017/10/16

All of our house is wired by ethernet for a reason…

WPA2 Flawed. Once again, it turns out that designing something properly secure is really, really, REALLY hard.

[WayBack] Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping https://arstechnica.com/… – Lars Fosdal – Google+

[Archive.is] If fixes exist, third party firmware will have it in days. Most OEMs, never. I do worry a lot about unfixable flaws in the wifi standards… – Kristian Köhntopp – Google+:

Dave reminds us that there is a reason why people mod the firmware of their Wifi routers, and that reason is actually now more critical than ever.

Via [WayBack] https://www.krackattacks.com/ has a FAQ. Some interesting questions from there:… – Kristian Köhntopp – Google+:

[WayBackKRACK Attacks: Breaking WPA2 : This website presents the Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi.

 

Since we’re talking security, watch your RSA as it is way worse than the WPA2 one: [Archive.is]

We heard you liked the 10 WPA2 CVE’s, so »A 2nd major crypto vulnerability being disclosed… – Kristian Köhntopp – Google+ quoting

[WayBack] Dan Goodin‏ @dangoodin001: 2nd major crypto vulnerability being disclosed Monday involves millions of 1024- and 2048-bit RSA keys that are practically factorizable.

[WayBackROCA: Vulnerable RSA generation (CVE-2017-15361) [CRoCS wiki]

The time complexity and cost for the selected key lengths (Intel E5-2650 v3@3GHz Q2/2014):

  • 512 bit RSA keys – 2 CPU hours (the cost of $0.06);
  • 1024 bit RSA keys – 97 CPU days (the cost of $40-$80);
  • 2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 – $40,000).

[WayBack] New vulnerabilities found in RSA 1024 and 2048 bit keys. Estimated cost of cracking based on access to the Public key only: 1024 bit: $40 2048 bit: $20k… – Lars Fosdal – Google+

Jan Wildeboer did a nice explanation in laymen terms of both security issues published today:

 

–jeroen

Read the rest of this entry »

Posted in LifeHacker, Power User, Security, WiFi | Leave a Comment »

When you believe that you have a keylogger or some sort trojan | Official Apple Support Communities

Posted by jpluimers on 2017/10/16

We thought one of our Macs was compromised, but it wasn’t: it had too many web browsers open so it was crawling like a snake.

The below terminal commands and EtreCheck [Source: etresoft/EtreCheck: Source code for EtreCheck] helped to find out what was running:

kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'  

sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'  

launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'  
 
ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null  

osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null  

Source: [WayBackI believe that I have a keylogger or some sort … | Official Apple Support Communities

–jeroen

Posted in Apple, Mac, MacBook, MacBook-Air, Power User | Leave a Comment »

 
%d bloggers like this: