logic involved » life out there

SELinux on Android

niels — Sat, 14 Jan 2012 14:41:38 +0000

SELinux is coming to Android. Called SEAndroid, the project looks pretty interesting:

Some distinctive features of our SE Android reference implementation in comparison to prior efforts of which we are aware include:
Per-file security labeling support for yaffs2,
Filesystem images (yaffs2 and ext4) labeled at build time,
Kernel permission checks controlling Binder IPC,
Labeling of service sockets and socket files created by init,
Labeling of device nodes created by ueventd,
Flexible, configurable labeling of apps and app data directories,
Userspace permission checks controlling use of the Zygote socket commands,
Minimal port of SELinux userspace,
SELinux support for the Android toolbox,
Small TE policy written from scratch for Android,
Confined domains for system services and apps,
Use of MLS categories to isolate apps.

Links: Java, Security & more

niels — Wed, 13 Oct 2010 20:41:53 +0000

New Java desktop UI toolkit:
Amino brings some nice features
Authentication != Authorization (and more):
Diaspora has a long way to go, but there are lots of things you can learn. Things like what you should never, ever do, that is.
Java obfuscation:
the Android developers recommend ProGuard. It’s actually a very nice utility, but I don’t feel comfortable to apply a complicated technique to already complicated applications.
One Time Passwords, remote logout:
Facebook adds new security features, and some questions are crossing my mind:
why not add add OPIE-like features, with One Time Password Lists and/or two-factor authentication (with something you know and something you have)? We got lots of smartphones out there, just use them…?
re “remote logout”: why not just invalidate existing web sessions on the next login of the user? Can Facebook make a difference between web and API (e.g. widget, apps) sessions?

Skype for Android

niels — Tue, 05 Oct 2010 18:52:44 +0000

And here it is

Requires Android 2.1 or higher.

Creating custom Linux appliances with SUSE Studio

niels — Mon, 04 Oct 2010 20:21:27 +0000

I have been playing with SUSE Studio for quite some time, and it never fails to amaze me. In short, it’s a utility that allows you to build your own SuSE-based Linux: you start with a general selection (openSUSE, SLES, KDE, Gnome, a JeOS , …), add repositories and packages. Then you add your configuration: set your locale and keyboard, add users, rig the network settings and the firewall, add custom backgrounds and logos, add license(s) that have to be accepted by the end user, add your own files and folders, add your custom post-built/post-boot/first boot scripts … and change many more things.
After that, it’s time for building: you can create USB images, live CDs (.iso files), XEN guests and VMware / VirtualBox / KVM (.vmdk) appliances. Built time is just a few minutes, and you can either download your appliance or take it for a test drive it right away, on the SUSE Studio servers. For that, you can connect to the web server of your appliance, log in via SSH, or have the desktop displayed in an applet within your web browser.
One of the most interesting features of SUSE Studio is the ability to keep the changes you make in your test drive. In other words: you don’t have to stick with the web interface for refining your appliance, but you can apply the more delicate refinements in a live system.

The SUSE Gallery hosts an impressive number of appliances that were made with SUSE Studio. Let me highlight just a few examples:

Android Developer’s Desktop Remix – an Android development environment, based on openSUSE
BrowserBox – 22 versions of 13 different web browsers (Android Browser, Internet Explorer, Firefox, Chrome, Safari, Lynx, Opera, …)
iFolder Server – run your own iFolder file synchronization server
Chrome OS – well, mostly Google Chrome

Herb Sutter on Web Browser UIs

niels — Wed, 15 Sep 2010 18:58:11 +0000

The just-released IE9 Beta features a slim user interface. This makes pretty much sense: in the web, the focus is on the content – not on the tool that is used to display it.
Or as Herb Sutter puts it:

Of course, that’s because the page/site is the real app. And like most apps they are indeed going the other way.
The browser is not really an app; it’s a shell, like the OS shell, just a runtime necessity to run the real app and provide some convenience housekeeping tools.

One more thing that changed since the early browser wars.

Apples vs. Oranges

niels — Thu, 19 Aug 2010 09:15:15 +0000

Apparently comparing apples and oranges makes sense after all:
Apples and Oranges — A Comparison by Scott A. Sandford, NASA Ames Research Center, Mountain View, California

Quote Of The Day

niels — Mon, 19 Jul 2010 17:49:03 +0000

It’s forgotten all too often:

Search is a way to harvest demand, not to create it.

(Drew Houston, co-founder & CEO of Dropbox, about Google AdWords in his “Startup Lessons Learned” presentation).

via Jeff Barr.

Entering Foreign Characters in Firefox

niels — Tue, 04 May 2010 17:11:08 +0000

When dealing with foreign names, it is a matter of both correctness and courtesy to use the right spelling. But quite often it is also a problem of “how do I enter this darn character”.

Luckily, there is abcTajpu, a Firefox extension that allows you to select foreign characters, umlauts, … quite easily.

Free, no ads – really worth a try

How Internet Explorer 8 got hacked at Pwn2Own

niels — Wed, 31 Mar 2010 18:17:53 +0000

The Security Intel Analysis Team gives a pretty good summary of how the IE8 on Windows 7 got busted at the Pwn2Own during CanSecWest 2010. They show us a pretty interesting dive into the ideas behind data execution prevention in definitive must-read article.

Update:
zdnet provides (less verbose) background information on how the iPhone got hacked at the same event.

Diagnostic and Usage Data Collection in Mac OS X 10.6.3

niels — Mon, 29 Mar 2010 20:19:27 +0000

Apple just released Mac OS X 10.6.3. Pretty good. As usual, the list of bug fixes and patches is quite long. Thanks for that
Oh, and they added a diagnostic and usage data collection … erm, feature? Hey, it is even enabled by default:

If there was a possibility for opting out I must have missed it somehow. Actually, I am pretty sure they did not ask me.
Speaking as a software engineer, I understand that crash logs and usage data can be invaluable for creating timely and to-the-point patches and updates. On the other side, this is my system. And the data stored on it is mine. Once again, speaking as a software engineer: in the way of creating new applications, a lot of crashes will occur. Bugs need to be squashed, and features to be added. Why should Apple know what I am working on? Or simply what video I was looking at before Youtube crashed? Or what mail caused Mail.app to go down in flames?
And why is it so hard to ask your customers if they want to take part in the user data collection before such a gimmick is activated?

Read more about the Diagnostic and usage data collection (and how to disable it) here.