Skip to content

Don’t enter your iOS UUID into a WebForm

This morning’s news reveals a story about how an FBI Agent’s Laptop was hacked into using a malicious java script exploit, and that a file of millions of iOS device users personal data was stolen from the hacked FBI laptop. Interestingly, perhaps even predictably, and irrationally; several websites have sprung up offering to compare the leaked list to your own UUID (which you are expected to enter into a webform) to let you know if your own information was part of the leaked set. I agree that it would be useful to know if your privacy is compromised, but publishing your private data to a website purporting to check for you is NOT the way to do this.

In fact, you are giving the private data away again; so please don’t do it.

We should instead be asking:
1) why was the laptop allowed to run javascript on an OS that is difficult to secure?
2) why was the FBI collecting this sort of data in the first place?
3) why was this sensitive data allowed to be on a laptop and not in a server that is harder to get to and can be audited?

If we feel we must check, it is better to download a leaked copy of the data yourself and then compare in the privacy of your own computer – of course that means you will have a copy of many other people’s private data too – and does that make you a criminal as well? I am not a lawyer – but the risks seem pretty high only to find out if your own data is in the leaked set.

The news I am talking about:
AntiSec hackers leak 1,000,001 Apple device IDs allegedly obtained from FBI breach

Hackers leak 1 million Apple device IDs

Update: Well, FBI is denying the allegations that their laptop was involved and that the data came from them; guess one needs to always verify the sources of the information. The basic advise not to submit your data to a webform still applies though.

Update 2: Wow! Turns out it was not initially the FBI at all, but an app developer that was the source of the leaked UUIDs – and this inquisitive person figured it out: Tracking Down the UDID Breach Source

Microsoft Messenger for Mac

I am trying to use Microsoft Messenger for Mac 6.0.3 talking only to the corporate accounts, and it frequently will only let me log in but appear offline… I can’t send nor get new messages until I can get it to report online, but clicking the menu items and buttons to go online does nothing. If I quit the app and restart it and log in – sometimes that eventually works.

Anyone know of a fix for this?

I have to be honest and say I hate Messenger, and only use it reluctantly because it is the only thing some folks at our company use even though Jabber is the company standard (Jabber works great in Adium).

Frustrations with unneeded iOS app upgrades

Most of the time the iOS application ecosystem works exactly the way you want it to. I back up my iPhone daily and my iPad weekly by plugging them into my laptop and frequently update all Apps that I have already “purchased” (mostly they are free) and everything is pretty current and generally works great.

There are a few vendors who insist on releasing new versions with new features almost weekly and the new version actually break features that I had come to rely on… so I have found that it is helpful NOT to empty the trash quite so often and yank the IPA file back out of the trash for an older version of an app and re-install it to the iOS device, effectively downgrading it to a working version. The two apps I am doing this with right now are Skype and the Junos Pulse VPN client.

Skype is annoying, because I have been preserving and re-installing older versions of their software for two years now on both computers and mobiles. They keep releasing new junk and failing to get the interface right. Skype 3.7.40 is my favorite as the 4 series on iOS is buggy, and on the computer I still use Skype

Junos Pulse is critical for my work and the newer version is simply broken with our VPN, so is the version I am using.

With both, when iTunes updates you to the new version of an application, the old version goes into your trashcan. If you are careful, you can capture the old version, and drag it into a folder called “Preserved iOS Apps” or something like that. Then if you find a version you hate, you can drag the most recent version of the same app that you liked from your Preserved folder back to iTunes. You will need to manually halt the process on iOS and then delete it, and then sync the new copy of the older version back again.

To manually halt a process on iOS, quickly double tap the home button to bring up a list of all running apps, then find your running Skype and Junos Pulse apps, press and hold them until the red minus sign appears and then tap that red minus sign. The app is no longer running.

To manually delete an app in iOS, press and hold the icon for the app until the “jigglies” and the black X markers appear, tap the black X to delete the app and all of it’s data.

Then you can safely re-sync the app from iTunes on your computer, which roles you back to the most recent version you dragged into iTunes library from your Preserved folder or your Trashcan.

What other iOS apps were better in previous versions?

Tagged , , , , , , ,

Pretty video, hauntingly beaufitul song

Please take a few minutes to enjoy this, it just might make your day a little happier…

Earbuds not fitting properly?

Things you learn that make so much sense you wonder why you didn’t think of it are interesting. I hear people complain all the time that the earbuds that came with their music player or phone don’t fit their ears, and there are actually two affordable solutions out there aside from replacing the earbuds with 3rd party ones (which of course is always an option too).


Whoomp Earbud Enhanders:
Whoomp Earbud Enhanders

Both appear to be resold at several retailers both online and local for between $10-15 a pair. I have never used either, but they look like they’d be pretty effective.

Silence is Golden

I have my phones all on the Do-Not-Call list, but there are always those who ignore the law and spam anyway. They tend to do it from the same numbers, and I have added them to my phone’s contact list and associated them with a custom ringtone that is 15 seconds of silence so I never hear the spammers call me. Over the years people have asked me for this ringtone, which is easy to make in GarageBand, but here it is in iTunes/iPhone format:


Copy this file into the Tones folder in iTunes on a Mac or PC, then sync it to your iPhone by plugging the iPhone in, selecting the iPhone device in the left hand side-bar, then clicking on the Tones tab in the main window and sync all or sync the ones you want.

It is not perfect, as when the phone is on vibrate mode, I am still aware of the spam callers, but it helps my sanity just a little. A better solution would be for the phone carrier to let me BLOCK all calls from an annoying number; but they refuse to do that so far.

Tagged ,

Facebook and Yahoo cutting off their own noses

There is a brilliant Oatmeal cartoon about how silly the latest trend at both Facebook and Yahoo of trying to force their users to do something in order to view a completely unrelated thing is:

The Oatmeal: State of the Web

Scroll down or Jump to a section to the one about Yahoo if it does not do so automatically.

Searching the generic web with Google or Bing is so easy, that trying to fool people into Timeline migration may backfire and re-teach them to just use the open internet and ignore your silly social interface all together.


Fun UNIX Shell Tricks

I wanted to know what was the last date of the preceding month to now… regardless of when now is… The UNIX/Linux cal command came to the rescue:

cal -3 | cut -c1-16 | grep -v "^ *$" | tail -1 | sed -e 's/^..* \([23][0-9]\)/\1/'
It turns out you need a fairly modern version of the cal command. Darn… perhaps gnu cal will help if your system has an older cal version.

How it works…

cal -3

Gives me three months; the month prior, the month I am in, and the next month.

cut -c1-16

Ignores this month and next month.

grep -v "^ *$"

Ignores any blank lines, note the space between the ^ and the $.

tail -1

Ignores all except the last week of dates.

sed -e 's/^..* \([23][0-9]\)/\1/'

Uses the streams editor to ignore all except the last two digits, and specifically, only the last two that begin with 2 or 3 (all months have 28, 29, 30, or 31 days in them). Note the space preceding the \ character.

We are left with the last day of the preceding month, no matter which month it is now. So… why was I trying to solve this again?

Update: Alan points out that on modern systems with TimeZone features you can actually just have date itself do all the heavy lifting:
TZ=`/bin/date +%Z`
DS=`TZ=${TZ}+24 /bin/date +%m-%d-%y`
echo "Current time `/bin/date +%m-%d-%y`"
echo "One day earlier $DS"
DS=`TZ=${TZ}-24 /bin/date +%m-%d-%y`
echo "One day later $DS"

TZ=`/bin/date +%Z` ; TZ=${TZ}+24 /bin/date +%d

Sears Appliance Service Sucks

Called A&E Appliance Repair for appliance repair of both a Viking under-counter fridge and a Dacor double oven. Identified both by specific model number and asked if they repaired those models and brands. Walked the A&E dispatcher through the error codes on both devices and the exact model numbers, and asked them to pre-buy the parts and dispatch worker(s) with the parts as arranging for time off was the hardest thing. At no point did the dispatcher tell me he was actually Sears. At no point did the dispatcher warn me that the company he represented did not actually support Viking fridges. He merely agreed to my diagnosis and parts request and scheduled both repairs for the same day so I could take one day off and knock out two repairs. Awesome.

Repair day shows up and a Sears technician shows up with absolutely no idea what brand and models he is working on, no parts in hand, and he begins the diagnosis. Furthermore he keeps calling me “boss” even when I told him my name was Scott and he does it a way that makes it creepy. He checks with his dispatcher (a 40 minute phone call) and finds that Sears can not even beging to cover the Viking fridge. He confirms my diagnosis of the Dacor oven as needing a new controller board and orders the part, and I pay him for the repair in full so my wife (who will have to take time off for the repeat visit, scheduled two weeks out) does not have to pay anything.

Ten days later the part has not arrived, and I call A&E to let them know there may be trouble. A&E re-connects me to Sears. I spend 90 minutes in voice menu hell trying to give my name, address, and phone number to a computer that cannot understand English and will not allow me to simply type the keypad on my phone. I discover my parts order has been cancelled…. but that Sears never bothered to tell me. I ask for a call back from a human who can actually understand why the parts order was cancelled and schedule my oven repair.

Two days later an automated recording calls my number and says to call Sears at a new number pertaining to my parts order. I call the new number and spend another 60 minutes trying to identify to the stupid robot that cannot understand English which case I am by repeating my phone number, name, and address again and again. When I finally get a human, they have no idea why parts division cancelled the order either and will need to check with parts and get back to me.

Later the same day I spend another 90 minutes trying to get the parts division on the phone through the same horrible robot based 800 number so I can just get a refund. I finally get a direct to customer service number out of this call, but customer service cannot find out why the original parts order was cancelled from my own house on the day if the original “repair” where nothing new happened as I had already diagnosed the problems. Customer service guy admits my experience is horrible beyond belief and is very sympathetic and guarantees that I will get either my part and repair or a refund.

The next day I call customer service direct and spend 45 minutes navigating the voice menu prompter from hell, this time I get customer service with a clue… My parts order was cancelled because parts knew immediately upon initial order that they could no longer get this part from Dacor because Dacor will not do business with Sears. Dacor is sounding really smart about now. Apparently Parts department figured they could find an alternate source. Customer service person talks me into giving them two more days.

Two days later I call Sears customer service direct and ask for my refund, as they still don’t have a way to get the part they need to do the repair. They agree, but say it will take some time for the paperwork to catch up.

Good news, I discover that Foremost Appliance has not gone out of business, but merely moved to a new location! I arrange for Foremost to come out and look at the fridge and oven. Foremost guy diagnoses both devices and his diagnosis matches exactly my original diagnosis, though we discover that my under-counter fridge is stuck and I will have to figure out how to get the thing out so it can be worked on when the parts come in. Friends help me break the seal of spilled cola and get the fridge out.

Two weeks go by and Sears has not refunded me any money, I call customer service direct again and waste another 72 minutes trying to get the robot to understand my case. When I finally get a human they claim they never were told I wanted a refund and I read the poor person the riot act for how crappy the entire Sears experience has been but I know it is not them personally but their company that sucks beyond belief. They estimate refund in about a week. Another week goes by and I get a partial refund, they deducted the service call from the moron who came out originally.

Should I hire a lawyer and sue Sears for full refund and financial compensation at my contracting rate for the number of hours wasted?

Irony: every voice menu systems at the Sears 800 numbers says “Thank you for choosing Sears” even though I never chose Sears, and the menu for A&E does not identify them as merely taking up business for Sears. Bait and switch.

Tinker, Tailor, Soldier, Sailor, Rich Man, Poor Man, Beggerman, Thief…

“Tinker, Tailor, Soldier, Spy” was intense! Gary Oldman never fails to deliver, and neither does Benedict Cumberbatch nor Mark Strong. Excellent casting all around, especially of John Hurt. You have to like a mystery, for there is almost no sex and almost no action; but it is a very suspenseful thriller with stunning acting all around. I highly recommend this thinking person’s film, bring your brains, you’ll need them.