Archives pour la catégorie Informatique

Contenu : Développement web, administration système, veille technologique et commentaires de l’actualité (rarement, parce que je n’aime pas l’info qui se périme).
Objectifs : Commenter, enseigner, me valoriser auprès d’employeurs.

Mettre davantage d’applications sur un Wiko Rainbow Lite 4G

Initialement publié sur http://www.wikoandco.com/fr/forum-wiko/discussions-aides-wiko-rainbow-lite-4g/13809-tutoriel-mettre-davantage-d-apps#127183

J’ai un Wiko Rainbow Lite 4G, le moins cher des smartphones neuf en 4G aisément accessible.

Comme bien des possesseurs de ce smartphone, je me sens à l’étroit avec aussi peu de mémoire interne. Et même ajouter une carte de 64 Go (le maximum que reconnait le Wiko Rainbow Lite 4G) n’aide pas beaucoup, à cause de la manière très limitée dont fonctionne le transfert des applis sur cartes SD.

Ci-dessous la procédure que j’ai utilisé avec succès pour ne plus avoir de problème. C’est gratuit et très efficace et comme une carte SD 64 Go coûte 20 euros sur Le Bon Coin, on peut dire que j’ai fait une économie de plusieurs centaines d’euros (par rapport à un téléphone ayant 64 Go de stockage, certes avec des performances plus élevées).

Autant partager.

  1. Sauvegardez vos données, y compris sur la SD. Tout va être supprimé.
  2. Factory reset. C’est juste pour partir d’un bon pied.
    • Éteindre le téléphone
    • Power + Volume haut + Volume bas. Maintenir appuyé jusqu’à ce que l’écran soit noir.
    • Power + Volume bas quelques secondes. Vous rentrez dans le mode recovery.
    • Choisir factory reset (volume haut et bas pour naviguer, power pour confirmer)
  3. Root. Installez Kingroot
  4. Installez Root check play.google.com/store/apps/details?id=com.jrummyapps.rootchecker pour confirmer que votre Wiko est débloqué et rooté. Profitez-en pour installer Busybox si ce n’est déja fait.
  5. Installez Aparted play.google.com/store/apps/details?id=com.sylkat.AParted et créez deux partitions sur votre carte SD, toutes les deux primaires, une en FAT32 pour vos fichiers multimédia (la plus grosse) et une seconde en ext4 pour les apps Android (la plus petite).
  6. Installez Link2SD play.google.com/store/apps/details?id=com.buak.Link2SD. Au démarrage, une fenêtre vous demandera le système de fichiers de la carte. Comme nous avons formatté en ext4, choisissez ext4. Puis liez chaque application que vous pouvez à la mémoire SD.

Il manque beaucoup de petits détails dans ce tutoriel — je n’ai pas sous la main un second Rainbow Lite pour procéder pas-à-pas. Je mettrai à jour en fonction de vos retours.

Flattr this!

Proposal: X-PGP-Object

Idea : X-PGP-Object to hide title/object on a PGP mail.

Among the many limitations with PGP is the inability to hide metadata. As an ex-director of the CIA said, we kill people based on metadata (and the NSA added If you have enough metadata, you don’t really need content).

X-PGP-Object would address this. MUA supporting an RFC proposing this would display the content of X-PGP-Object in lieu of the regular Object field. MUA not supporting this would simply display the regular object.

In order for this to work, X-PGP-Object shall not be an actual metadata (so not an actual X-something). It should be inside the content itself, protected by PGP and only displayed in lieu of title/object. UI shall be designed so that the content the user writes to the title field is added to the PGP message. And the reader will see it as a regular title. Thanks to graceful degradation, an unauthorised reader will just seen an empty title.

Example:

  1. Sender: Enters object as usual (usually a one-line title field)
  2. Sender: Enters body as usual (usuall a many-lines content field)
  3. Sender: software concatenates information, with a descriptor to discriminate each data. So we have a single large string of text like this: X-PGP-Object="PGP title goes here";Content="My text"
  4. Sender: software encrypts the result with PGP/mime
  5. Sender: software send the mail the usual way
  6. Recipient(s): software decrypts PGP the usual way
  7. Recipient(s): software recognizes the X-PGP-Object descriptor
  8. Recipient(s): software adds the content of the X-PGP-Object in the Title field in the MUA UI
  9. Recipient(s): software adds the content of the Content field in the Content field in the MUA UI.

That way, the title of the mail is encrypted too.

This doesn’t solve other information, including sensitive one like adresses of the sender and recipient, timestamp… but at least this hides one information without damaging readibility of information (a collection of empty or fake titles doesn’t scale well). This could probably be extented to some other metadata too.

I don’t plan to propose this as an RFC. This is probably a good beginning but proposing an RFC is apparently way too much work (writing a RFC and having it adopted is a long process which requires time, dedication, a hard technical work and a lot of social interactions.).

Still, food for thoughts.

Flattr this!

How to configure a Google account on a mobile with two-factor authentification

You have a new Android smartphone and you have two-factor authentification enabled, and of course your SIM card is in your new phone.

When you configure your smartphone, you are asked for you Google password, then followed by your 2FA code, sent by SMS. Problem: you cannot read the SMS because it is sent to the same phone and you cannot swith to SMS reading until configuration is finished. Catch-22.

Solution: use emergency code (https://accounts.google.com/b/0/SmsAuthSettings) that you will access from a computer. Print  some also.

Flattr this!

Cryptomonnaies : l’argent autrement… et plus loin

La séance sera consacrée aux cryptomonnaies, et notamment à Bitcoin (la plus capitalisée) et Monero, (la petite dernière qui capitalise… le meilleur de la réflexion sur les cryptomonnaies).

Nous aurons l’honneur de recevoir David LATAPIE. Gascon et Parisien, David LATAPIE travaille depuis 2014 dans le domaine des cryptomonnaies. Géographe et informaticien de formation, il est membre du comité directeur de Monero, une cryptomonnaie respectant la vie privée et la neutralité du net. Il se concentre plus particulièrement sur la promotion des cryptomonnaies et l’étude des impacts sociétaux de celles-ci sur le monde de demain.

Les cryptomonnaies sont des processus logiciels communautaires permettant grâce au cryptage d’échanger de façon sécurisée et virtuelle des unités de comptes. Elles sont donc techniquement utilisables comme monnaie par des communautés humaines les adoptant à cette fin. La valeur d’échange d’une unité de compte d’une cryptomonnaie se développe au fur et à mesure qu’une communauté importante adopte cette cryptomonnaie et l’utilise pour des échanges de plus en plus en plus importants.

Selon David LATAPIE les cryptomonnaies sont une affaire non seulement sérieuse, mais également salutaire. Il nous narrera la genèse des cryptomonnaies, leur utilité et la motivation de leurs créateurs et de leur adopteurs précoces. Il décrira leur fonctionnement général, leurs avantages et leurs inconvénients, ainsi que les mesures palliatives à ces inconvénients. Il fera un rapide tour d’horizon en détaillant la plus connue t la plus capitalisée, Bitcoin. Il présentera également les applications non-financières, en terme de réduction des coûts, d’automatisation des tâches juridiques et d’internet des objets. Enfin il détaillera Monero, une nouvelle cryptomonnaie sur laquelle il travaille afin de neutraliser les défauts des cryptomonnaies précédentes et notamment Bitcoin. David LATAPIE accorde une grande importance à cette démarche pour que les hommes libres restent maîtres de leur destin.

Qu’est-ce qu’une monnaie ? Qu’est-ce qu’une cryptomonnaie ? Pourquoi introduire Monero ? C’est autour de ces questions que nous vous proposons de débattre le lundi 16 mars à 20h00 au café le Coup d’Etat, 164, rue Saint Honoré, 75001 Paris (M° Palais Royal) !

Flattr this!

On passwords

I historically preferred to avoid a software for password (what I call “dedicated software”), because you constantly run into situations like “no access to your machine”, “no battery on the phone”, “what if no internet”, “inconvenient”, “place your data in the hand of a party that can go bust”, etc.

But I’m starting to considering it.

My present password strategy, which I call “pattern-based”, is this: use a high entropy password (estimated 98 bit on http://rumkin.com/tools/password/passchk.php) with a part that is always the same (the high entropy part) and a part that can hinted by contextual information (and has low entropy). For instance, “!?.op.” plus the three last letters of the domain name (excluding the TLD).

I see three problems here:

  1. First, password-reuse. There is still a pattern. If I happen to enter my password on a site that gets hacked or is just malicious, the pattern can be identified. Of course, chances are low that the hacker bothers when he has so much other simpler password at its disposal.
  2. Second, no change of password. It is nigh impossible to periodically cycle through all the websites to change the password (a database would make it less difficult because I would not have to remember all the websites but it would still be very tedious, to the point it would simply not be done). And if I don’t spend days changing the password on all the websites in a row, I would then have to remember three or four different patterns.
  3. Exception handling. You will always find a website that doesn’t allow one of your character (same issue with the space in passphrases) or places an upper limit in characters (particularly annoying for passphrases). Those exceptions must be handled by hand. On the opposite, with dedicated software, there is basically no exception, since there is no rule.

As you can see, both approaches (pattern-based and dedicated software) have their limits.
A friend in IT security gave me this answer:

passwordsafe by Bruce Schneier is open source. Some features: hierarchical encrypted storage, password never displayed visibly, protected from dictionary attach, no disk swapping, encrypted in memory and more.
I have hundreds of passwords, all distinct, all unguessable and I don’t know any of them.

I’ll give it a try.

Flattr this!

The abandonment of control

This is worrisome:

  • What is a browser? – Don’t know
  • What is the difference between a browser and a search engine? – Don’t know
  • What is the difference between Google and a browser? – Don’t know
  • Do you use Internet? – No, I use Facebook

See by yourself:

But this is not the most concerning part. The most concerning part is that it is normal.

In the nineteenth century, every car owner was also a car pilot and an accomplished mechanics, as well as a fountain of knowledge on cars. Years later, the amount of knowledge fell so low that it became mandatory to pass an exam and to obtain a driving licence to merely drive a car (don’t even talk about fixing it, and this happened way before the so-called “electronic bloat”) – the first nationwide mandatory exam was in France, in 1899. Nowadays, most people only know the bare minimum about maneuvering a car (and almost nothing about fixing it) and the statistics of road accidents are daunting (even if they were worse in th 70’s, contrary to popular belief). In the future, cars will eschew the driver altogether (probably for the better when it comes to road safety) and we will eventually have a majority of autonomous cars (same for planes, by the way).

I expect the same to happen for computing. Increasing digital analphabetism, increasing assistance and ultimately, computers will do the job for you (remember Google’s vision? you won’t have to search, we will anticipate what you want). Who’s in charge? Most of the time, you won’t be in charge and you will be left with just enough of an illusion of control to be fine with it.

This is not paranoia or dystopia, this is the natural course of life. Spend as few energy as possible (this not always negative: increases in efficiency come out of the quest for least energy).

There will always be knowledgeable people in computing, as there will always be knowledgeable people in cars. We just have to abandon the idea that a sizeable part or our acquaintance will know how it works. And understand that power over computing will get more and more concentrated, due to the sheer lack of education. Could gamification change this? Not sure.

And the same will go for Monero, but frankly, if this is the price to pay for wider use, I’m happily willing to pay it.

Flattr this!