Archive for the ‘ techy ’ Category

Android #Fail

It appears that going to a test URL with a certain iframe using the stock Android browser can perform a factory reset on the phone.

There was a URL posted in the XDA forums pointing to http://ninpo.qap.la/test/index.html to test whether or not the browser would invoke the dialer and present the IMEI. It worked on my Samsung Infuse 4G running stock Gingerbread so I’m guessing that a real exploit may factory reset my phone. Ugh…

Note: The link above could change at anytime to the real exploit, use at your own risk. Here is the content of the test page.

<!DOCTYPE html>
<html>
<frameset>
<frame src=”tel:*%2306%23″>
</frameset>
</html>

The exploit code uses:
<frame src=”tel:*2767*3855%23″ />

Nice huh?

Reports have said it affects mainly Samsung devices but other reports have indicated an old Android bug affecting multiple devices. Should be interesting to see how this turns out…

Update: Confirmed that my Samsung Infuse 4G running Android 2.3.6 (Gingerbread) is vulnerable.

Link for exploit as well as other pertinent information: http://gizmodo.com/5946334/samsung-security-bug-can-wipe-out-your-galaxy-phone-updating

Samsung Infuse 4G Vulnerable to Exploit (YouTube)

[embedplusvideo height=”281″ width=”450″ standard=”http://www.youtube.com/v/V7W9COLLwq8?fs=1″ vars=”ytid=V7W9COLLwq8&width=450&height=281&start=&stop=&rs=w&hd=0&autoplay=0&react=1&chapters=&notes=72%7eModel+and+Version%7c235%7ePerform+the+exploit+to+format+%2f+factory+reset%7c260%7eFactory+reset+complete%7c395%7eFiles%2fdata+is+gone” id=”ep5453″ /]

 

1:12 – Phone Model / Version
3:56 – link clicked, dialer launched, performs format/reset
4:20 – reset
6:35 – files/folders gone

NoTelURL app to install to prompt user on action to take.

Another app ESET USSD – https://play.google.com/store/apps/details?id=com.eset.securedialer will protect you from this exploit.

AWS Glacier

Someone keeps reminding me of this service. Perhaps something to add to the ultimate backup solution?

I’m all about the CLI so this looks interesting as far as clients go. https://github.com/uskudnik/amazon-glacier-cmd-interface

US-CERT Alert TA12-262A – Microsoft Security Advisory for Internet Explorer Exploit

Short summary: Quit using IE? Great job Microsoft.

http://www.kb.cert.org/vuls/id/480095

What is totally sad is companies forcing users to continue to use IE since that is the only “supported” browser for sites/apps. You know who you are companies.

Mosh?

Intriguing but not sure yet..
http://mosh.mit.edu/

more later

Update: proved to be more of a pain to get working on OEL/RH 6.2 than worth. As commented just use screen.

CM10: The good, the bad, and the ugly.

And while back I noticed that there were some nightly CM10 builds out for my cappy (Samsung Captivate) and I’ve given them a try a couple times to see what Jelly Bean (Android 4.1.x) was like, more specifically to experience Google Now. Well given the title of this post I might as well say the good is that the ROM actually flashes fairly painlessly. You do have to reinstall apps and setup accounts which is to be expected given using another release of Android. So far the bad is that something is broken in the media scanner services as after the setup none of my media such as pictures, music, and videos show up in apps such as gallery, Google Music, etc… There are several posts indicating this was some sort of ROM Manager issue with .nomedia files but the solutions to resolve those issues were not applicable to my scenario. What it appears to be the issue is that media scanner is somehow dying and not scanning the SD card correctly. I’ve formatted the SD card and copied some files back to the SD, cleared data in the Media Storage app and rebooted. Yet no luck so I’ve reverted back to CM9.1 for sanity. For the ugly, I suppose the bad is partially the ugly since it’s annoying. Thankfully restoring from the nandroid backup makes it fairly easy to get back to stable, well until you start formatting the SD card of course ;).

It’s only been a couple of weeks since nightlies started so hopefully in the next month or so the issue is resolved. It appears that some are not experiencing the issue so perhaps certain device specific type of issue. I’m just amazed the CM team is still supporting this two year old device and surprised how well CM9 runs on it considering the older hardware.

Update: The issue has been resolved by deleting files created by Camera 360 (C360*.*). Once those files were removed all the media on my device is showing up. I posted this to the following forum and it has helped others as well.

http://forum.cyanogenmod.org/topic/58336-cm10-media-scanner-fails-to-show-existing-media-on-the-phone

 

Site Maintenance

Server rebuild/consolidation taking place throughout the summer. Sites such as samdog.net and my wiki will be off line for a while. Hosted sites such as tapsgetaway.com has been migrated to another VM and won’t be affected. This site may be up and down a bit throughout the process.

So, now you know 🙂

Cheers!

Ubuntu 12.04 LTS (beta)

Installed, nothing really that much different so far, maybe Unity will be better behaved. All hardware works so far.

Time to break this box ಥ_ಥ

Silly things I decide to do…

I’m not sure what gets into my head at times but often I find something silly to work on to pass the time and this time around it was getting FreeBSD 9.0 installed running under Xen with full para-virtualization (PV). In the past (I think it was 8.0) I couldn’t even install FreeBSD as a HVM domU as there was some issue with the bootloader. I started seeing posts around the FreeBSD 8.2 release time frame with people getting FreeBSD running under a Linux Xen machine as domU both HVM and PV so I suppose this finally came up on my list of something to do? Anyway I sort of resolved this installation fix around FreeBSD 8.0 by creating a file based image on an existing FreeBSD system and compiling a FreeBSD XEN enabled kernel. Details for what I consider the old way can be found at the following location: HOWTO: Create a FreeBSD 8 i386 Xen PV domU

The new way I used today involves first installing FreeBSD as a HVM domU and transforming the domU from HVM to PV. The instructions were written for FreeBSD 8.2 and Xen 3.4 but I can confirm that they do work for FreeBSD 9.0 with a few small changes (mainly in block device name – it listed ad1s1a whereas I found I had to use ad1p2 as the main device) and using Xen 4.x. I’m going to read up on what’s new in 9.0 so perhaps devices are being renamed. The new instructions can be found at the following site: Xen FreeBSD 8.2 DomU (PV) — Step by Step Howto

Everything seems to be working and it’s nice to have something new to play around with, not sure how effective the installation will be as far as messing with ZFS goes. One thing I’m pretty sure I’ll run into issues with ZFS is the odd memory cap (850MB) the domU has. Last I heard things like dedup fail in low memory setups.

Until next time…

Highly Productive Weekend – meh?

It’s the designated Quarterly Maintenance weekend for my day job though not all that much I had to assist with since I’m only 50% on the sysdba team. So since I was sticking around for the weekend and there really isn’t all that much to do otherwise while my wife worked I took the time to get Oracle RAC setup in my home server environment again. My previous install was blown away quite a while back to make room for other cool projects.

This time around the entire install was based upon the latest release (11.2.0.3) of the Grid Infrastructure and Database. Also this time around I setup the Xen guests as paravirtualized (pv) rather than full (hvm) and used CentOS 5.7 rather than Oracle Enterprise Linux. I hadn’t had experience setting up OEL as a pv but last Fall found a slick way to install CentOS. I’ll miss out on things such as ACFS but I have no desire to use ASM as a LVM (probably since the shared disk I use for ASM is essentially LVs over iSCSI – you can only virtualize so much before it’s pointless -no?)

Overall the entire setup was quite easy. Using open-iSCSI on the guests was the only real thing different from my 11.1 RAC installs. It seems like each RAC install since 11.2 has really been improved and has become quite flawless. I have no real use case for RAC but at least I have a recent setup around again to play around with.

I also decided to attempt my first installation of Oracle Enterprise Manager 12c. I had one other database server with an adequate amount of memory to attempt the installation but so far it’s been slow going (stuck at 66% for quite some time). I’m sure my ‘ignoring’ the 3GB physical RAM requirement will cause an issue since WebLogic loves to crash on low-memory machines (java… meh) At least I tried and suppose I could always shutdown the two RAC nodes to reclaim 4GB of physical RAM to ensure a successful installation.

So, there you have it, my weekend in less than 500 words.

Note: Summary of installation steps to be provided on Samdog Consulting site in the near future.

Update: Oracle Enterprise Manager 12c install did actually die upon first attempt. Successfully installed after server was brought up with 5GB physical RAM. It’s a pig but to be expected I suppose...