1 Comment

Major Android vulnerability for Samsung Galaxy phones (and others)

{,}
 September 26th, 2012

There is a major risk to lose all your data when you’re using the internet with your Samsung Galaxy phone. Your phone will reset.

You can test here to see if your vulnerable: USSD-Android-vulnerability.html It will show your IMEI number on the phone, when you’re vulnerable. Just open the page with your mobile phone.

Contrary to what you have read somewhere else, the vulnerability doesn’t need you to click anything, loading a page (with malicious advertisements) can be enough. Some advice say that you should read all links carefully. Nonsense, that won’t help.

This bug is also called the Android Reset bug or Android Wipe bug.

Workaround / Solution

Please install this app to secure yourself ASAP.

`TelStop` will do nothing, just ask you what to do, and prevent the default dangerous handling.

Details

The vulnerability is caused by automatic handling of so called USSD `tel` URI by the dialer system. USSD (Unstructured Supplementary Service Data) can display certain information, like your IMEI number or perform specific special features like a Factory Reset (loss of all your data).

Just adding this code to any website can trigger the bug:


<iframe src="tel:123"></iframe>

It isn’t limited to the `tel` URI, also `callto:123` can be used in some browsers, e.g. Opera browsers.

With JavaScript any link can be infected, so it’s a real danger.

It isn’t a browser or Android bug, it’s a bug in TouchWizz, Samsungs own interface layer. Apparently HTC and Motorola made the same mistake.

On a Samsung Galaxy S 2.3.6 phone all tested browsers were vulnerable, stock browser, Firefox, Dolphin, Opera Mobile, Opera Mini.

In the latest firmware (4.0.4) for the Samsung Galaxy III the bug was patched, apparently Samsung was aware of the bug for some time.

Reported Vulnerable phones

(This list is incomplete, sometimes it depends of firmware version)

  • Samsung Galaxy S (Android 2.3.6)
  • Samsung Galaxy S II
  • Samsung Galaxy S III (any firmware below 4.0.4)
  • Samsung Galaxy Gio
  • Samsung Galaxy Advance
  • HTC One X (HTC Sense 4.0 on Android 4.0.3)
  • HTC Desire
  • Motorola Defy (Android 2.3.5)
  • Sony Xperia Active
  • Sony Xperia Arc S

Please add a comment with your phone model if your experience this bug too, and don’t forget to install the workaround.

updated 27/9  sony phones added

Posted in browser | 1 Comment

No Comments

The Art of Moving

{}
 August 4th, 2012

Morphing with SVG

Going from one pose in Yoga to another.

Posted in SVG, Webtechnology | No Comments

1 Comment

Why I love the Internet

July 15th, 2012

Because it’s the only place where typo’s can make you smile:

http://www.arte.tv/nl’

And I love classic French cars:

 

Posted in Webtechnology | 1 Comment

1 Comment

Installing Gimp 2.8 on Ubuntu 12.04

{,}
 May 31st, 2012

Gimp 2.8 has been released a few weeks after the major major Ubuntu 12.04 LTS update. Unfortunately, because Gimp 2.8 has some nice improvements. Luckily it’s quite easy to install Gimp 2.8 manually with adding a PPA and do an update. There is no need to compile it manually.

The latest update of this PPA also offer new newly compiled plug-ins for Gimp 2.8, which is quite an improvement, because I could install Gimp 2.8 today to over 2.6 without a hassle. Some sites tell you that you need to uninstall anything before or that you will running into problem, An that was true, until a few days.

Just paste this in a terminal:


sudo add-apt-repository ppa:otto-kesselgulasch/gimp
sudo apt-get update
sudo apt-get install gimp gimp-plugin-registry

It worked for me with no problem for with Gimp 2.6 install.

What’s new in Gimp 2.8

A fine list is you can find on the Gimp website:

But what I like is a nice and quick feature to create a screenshot from any webpage:

file -> create for webpage -> url

Well, it’s more then a screenshot because it renders the whole page not only what’s visible in the viewport of your browser. Something like the Shutter can do as well.

It did hang though on some sites with flash content.

Other changes include that saving is now only impossible as xcf file, the native Gimp file format. Other formats, like jpeg, or pgn is now called exporting, This isn’t a regression only you need different menu item, and there is a shortcut `export to` for fast exporting.

How to add `save as compressed xcf file`

XCF files are big uncompressed files, saving it as a xcfbz or xcfgz cab save a lot of MB’s but somehow that option is missing from the new 2.8 install. Luckily it’s not so difficult to get it back, just install the file-compressor plug-in manually., by taking it from an older gimp build.

UPDATE: with the latest ppa update the file-compressor is installed automatically.

How to get the menu back in Gimp under Unity

Gimp does support the global menu for Gnome 3 or Unity, in short this saves worthy space on your screen, but because Gimp uses several floating windows for layers, and the toolbox this isn’t working well, because the toolbox doesn’t have a menu, and the main menu doesn’t show when the toolbox window is selected. Also that can be cured easily, just enable the window menu again in the picture window.

That can be done by adding this environment variable to the command to run Gimp:

APPMENU_DISPLAY_BOTH=1

The best way to do that:

Copy the gimp.desktop  file from /usr/share/applications/gimp.desktop to ~/home/.local/share /applications and change the line with

Exec=gimp-2.8 %U

to

Exec=env APPMENU_DISPLAY_BOTH=1 gimp-2.8 %U

and drag the gimp.desktop file from the ~/home/.local/share/applications folder to your launcher.

That will create a new launcher that will start Gimp with a menu in the image window. So you can use that menu, and the global menu.

To be honest, I had to get used to Unity/ the dash / global menu / Hud, but now I’m used to it and and start missing it on other Ubuntu machines

No Gimp image showing in the launcher

The gimp.svg icon is missing in /usr/share/icons/hicolor/scalable/apps .

Just download it from here by:

wget http://upload.wikimedia.org/wikipedia/commons/0/05/GIMP_Icon.svg

and rename and  copy it to the usr/share/icons/hicolor/scalable/apps folder. You need root access for that.

Then change the line that start with Icon in the desktop file to this:

Icon=/usr/share/icons/hicolor/scalable/apps/gimp.svg

Gimp not showing in the dash

Somehow the dash is not showing Gimp, anymore but it’s offering it for download. CLicking it will open Ubuntu Store, and that will tell you Gimp is already installed. Well, that’s because Gimp is not called Gimp but the GNU Image Manipulation Program in the desktop file. Now you know why Gimp is called Gimp.

So change the line that start with name in the gimp.desktop file to this:


Name=Gimp

Then log out, or reboot.

Posted in Webtechnology | 1 Comment

No Comments

The development of Linux, and Git

April 5th, 2012

We wrote about the Git (and Github), and proposed that the Nobel Peace Price should be awarded.

The Linux kernel is maintained and developed in the Git, and here a video about how powerful that is.

The only question that remains.
Linux is everywhere but not on our desktop computer?

Is that because Windows is bundled with desktop computers in every shop? I mean I had to really throw away some Windows 7 OS’s, because I didn’t want them. Still I had to buy it. Dell, Acer  don’t sell without Microsoft Windows.

There is something wrong with the desktop computer market in the EU/World. And our government fails to act.

Unbundle the sale of hardware and software:

  1. Buy a computer.
  2. If you want Windows: great, buy Windows for another 100 bugs.
    If you want Linux:  download Linux at your neighbour, at the library or wherever you want.

Posted in Webtechnology | No Comments

No Comments

Spinners and sliders with just native javascript

April 5th, 2012

In an earlier post we waved goodbye to jQuery UI for animations. CSS transform and transitions are more powerful, easier to maintain, hardware accelerated, and last but not least less code.

And you could save bandwidth by not loading jQuery UI.

And now I have rewritten the former example to drop jQuery, and believe it or not, it’s even less inline Javascript code. Sure the former example wasn’t really clever programmed – now we use event delegations – but it’s quiet astonishing that using native JS requires less code then the former jQuery example. And of course one library less to load.

Why can we drop jQuery in a lot of cases?

Because CSS animations aren’t working in old browsers anyway, so it doesn’t matter that don’t understand the latest HTML5/ECMA Script 5 / Javascript additions. That’s what graceful degradation means. No eye-candy for older browsers.

Important HTML5/ECMA Script 5 / Javascript additions:

  • classList api: easy toggling, adding and removing of classes.
  • document.querySelectorAll, the native selector API,  get you’re DOM elements like the way you do with CSS
  • new powerful array functions, like forEach etc.
  • even Microsoft products (Explorer 9) now support Javascript specs: like addEventListener, XMLHttpRequest,  javascript objects instead of ActiveX objects etc.
  • innerHTML, outerHTML
  • DOM traversal

Above list is not complete, but in most cases jQuery was used for things like, binding events, toggling classes, selecting elements, add elements, and ajaxify sites.

Here is the new example

And the used Javascript code:


(function(){
var spinner = document.getElementById("spinner"),i=null
spinner.addEventListener('click', function(event){
// event.preventDefault()
// event.stopPropagation()
// which element is the target
i = Array.prototype.indexOf.call(spinner.children, event.target);
// if(window.console) console.log(i,event)
switch(i){
case 1:
// clicked left, pop -> unshift
spinner.insertBefore(spinner.lastElementChild, spinner.firstElementChild)
break;
case 3:
// clicked right shift -> push
spinner.appendChild(spinner.firstElementChild)
break;
default:
}
// Opera bug workaround
spinner.classList.toggle('operabug')
}, false);
})()

Caveats

The Opera bug with DOM mutations and CSS transform/transitions isn’t resolved yet unfortunately. Somehow the DOM mutations don’t seem to trigger a reflow.

UPDATE: there is an easy fix for the Opera Bug, trigger a reflow by setting a bogus class on any element:

// Opera bug workaround
spinner.classList.toggle('operabug')

Posted in CSS3, HTML5, Javascript, Webtechnology | No Comments

« Older Entries Newer Entries »