Author Archives: Josh

Samsung Galaxy SII doesn’t mount under Linux

unable to mount samsung_android: error initialising camera -1 unspecified error

Screenshot of the error message

Unable to mount SAMSUNG_Android

Error initialising camera: -1 Unspecified error

So this is the error message I get when plugging my Samsung Galaxy S2 into the USB port on my Linux boxen, all running Linux Mint Maya running the MATE desktop (Ubuntu 12.04). 

PTP_transfer_enable The answer is, of course, you need to enable PTP transfers, rather than MTP transfers.  MTP transfers work great for Windows or Mac, but not Linux.  On your phone, drag down the Notifications screen, then under “Ongoing” you’ll find something about “other USB options”.  Select that and you can pick the PTP transfer.

Per the notes on how to take a screenshot on a different phone, I took a screenshot of the final screen. Getting the screenshot onto my computer, that was a whole world of hurt.  Settings | More Settings | USB utilities | USB mass storage needs to be turned on, otherwise the file browsing from Linux shows only the directory structure, no files whatsoever.

Of course, Cathy’s HTC Desire, it Just Works.

Diablo I (yes, Diablo 1) LAN play on Vista or Windows 7

– and presumably 8.

There’s various convoluted steps to get LAN play working on more recent versions of Windows.

Mount the ISO on your hard drive, and use the somewhat unstable Microsoft supplied ISO mounting program to fool the program into thinking you CD is in a CD drive.  Install Diablo from here.  This step is not strictly necessary, but it’s so much quicker and cleaner than the alternatives.

Fetch and apply the patch to bring Diablo 1.00 up to version 1.09.  It may also be helpful to pull up the properties of the .exe and enable compatibility mode with WinXP Service Pack x. When fetching patch, get it for the version you’re installing – much confusion is caused if you get the spawned Diablo patch and apply it to the full version.

Go and get IPXWrapper, and per the instructions drop the DLL files into your Diablo directory. If you have a heterogeneous environment, all machines need to use this wrapper – IPXWrapper is a translation layer than transforms IPX into UDP, and without it IPX aware OSes like WinXP won’t see the network traffic of the IPX unaware OSes like Vista.  Punch a hole in your Windows Firewall to allow UDP port 54792.

To fix the palette issue, download the registry patch, which seems to work under Vista as well:

32-bit Windows 7 – http://ftp.blizzard.com/pub/diablo/d109_x86.reg
64-bit Windows 7 – http://ftp.blizzard.com/pub/diablo/d109_x64.reg

See?  Easy.  Doesn’t take more than a few hours if you don’t know what you’re doing.

Where did I take that photo?

I couldn’t find anyone extracting out the geolocation geotagging EXIF data from their photographs so they could pull it up on something like Google Maps.  There are stand-alone programs with embedded maps, but the bits and bobs lying around on the average system ought to be enough to just generate a URL to a mapping website.  The following bash script echoes the  URL that geolocates your JPEG.  Because my camera doesn’t emit it, I couldn’t be bothered dealing with the seconds part of a location, but I did detect that you don’t have a camera the same as mine.  Drop a line if you’ve used this and fixed it.

#!/bin/bash
# emit a hyperlink to google maps for the location of a photograph
declare Seconds=""
Seconds=`exif -m --ifd=GPS --tag=0x02 $1 | grep -oP "[\d|\d\.]+$"`
if (( $Seconds=='0' ))
then
  Seconds=`exif -m --ifd=GPS --tag=0x04 $1 | grep -oP "[\d|\d\.]+$"`
fi
if (( $Seconds!='0' ))
then
  echo
  echo "Script does not support seconds being specified"
  exit
fi
echo -n "https://maps.google.com.au/?q="
declare NorthSouth=`exif -m --ifd=GPS --tag=0x01 $1`
if [ "$NorthSouth" == "S" ] 
then
  echo -n "-"
fi
echo -n `exif -m --ifd=GPS --tag=0x02 $1 | grep -oP "^[\d|\d\.]+"`
echo -n "%20"
echo -n `exif -m --ifd=GPS --tag=0x02 $1 | grep -oP "(?<= )[\d|\d\.]+,"`
declare EastWest=`exif -m --ifd=GPS --tag=0x03 $1`
if [ "$EastWest" == "W" ]
then
  echo -n "-"
fi
echo -n `exif -m --ifd=GPS --tag=0x04 $1 | grep -oP "^[\d|\d\.]+"`
echo -n "%20"
echo -n `exif -m --ifd=GPS --tag=0x04 $1 | grep -oP "(?<= )[\d|\d\.]+(?=,)"`
echo

ANZ: The rodeo clowns of online security

For years now I’ve been… less than impressed with the ANZ bank’s concept of how a secure banking website should work. Finally they’ve taken steps to harden their site. They’ve introduced “secret questions”, like “who was your best friend in high school”, “what’s your partner’s nickname” and “what’s your nickname for your youngest child”. At last, my money is now safe from thieves who will never guess that my my partner’s nickname is Cathy, my best friend in High School was Robert, and my youngest’s nickname is Marky. Oh, darn! I accidentally disclosed the answers to those secret questions! It’s as if that information would be widely available to any thief who took the time to look me up on Facebook (don’t bother, I’m not on Facebook).

Because in providing answers to these questions the security on my account was going up, not down, I couldn’t possibly be allowed to opt-out, with dire warnings about being liable for losses if someone found out the answers. To these most basic of questions.

Most other banks have implemented two-factor authentication. Even G-mail has two-factor authentication. But not the ANZ, they’ve stepped things up a notch. They’ve eschewed two-factor, and gone for “You’ll never guess the name of my pet, which I post on Facebook all day long”.

So I took my standard defensive action: attack surface reduction and target-value minimisation. To reduce the attack surface, for each answer I mashed the keyboard – so thieves, remember my first Primary School was in the suburb of pwofkmvosffslkdflsifcmmsmclsefscdsfpsdfpefsdflsd, or something. To minimise the value of the target, I swept all the funds out of the account. What’s wrong the the technique of establishing identity by the production and examination of 100 points of identifying documents?  Why do I need to have a favourite colour?

Cathy worked for the ANZ until recently, and the day she received her final paypacket she shut the account. Hated their account with a passion, but the ANZ is incapable of paying their employees through anything other than an ANZ account. Because, you know, banking is hard.

Install mwparserfromhell on Linux

Here’s how to install mwparserfromhell on Linux:

sudo apt-get install python-dev
sudo apt-get install python-pip
git clone https://github.com/earwig/mwparserfromhell.git
cd mwparserfromhell
python setup.py install

After which, wikitools by MrZ-man is nice for power-users:
svn co https://github.com/alexz-enwp/wikitools
cd wikitools/trunk
sudo python setup.py install

Installing Pygal into Cygwin

Pygal is a python library for emitting SVG charts. It might do PNGs too; the documentation is… sparse. Okay, there’s no documentation, but they show you several ways to make bar charts, and figure you can follow on from there.  Anyways, the installation instructions don’t work, not under cygwin.

Here’s what you should do:

  1. ensure cygwin has the libs libxml2-devel and libxslt-devel installed
  2. issue the command
    cygwin$ pip install pygal

and you’re done. Getting pip into cygwin is a whole world of hurt, but you will need to go looking for a http (not https) source to download setuptools, then download and run ez_setup.py, followed by using pip to upgrade setuptools. Have fun with that; I know I did.

Allow more JavaScript, maintain privacy

I’ve long regarded JavaScript in the browser to be one of the biggest security holes in web-browsing, and at the same time the Internet works less and less well without it. In 2008 Joel Spolsky made the observation that for some people the Internet is just broken:

Spolsky:   Does anybody really turn off JavaScript nowadays, and like successfully surf the Internets?

Atwood:   Yeah, I was going through my blog…

Spolsky:   It seems like half of all sites would be broken.

Which is not wrong.  Things have changed in the last five years, and now the Internet is even more broken if you’re not willing to do whatever random things the site you’re looking at tells you to, and whatever other random sites that site links off to tell you to, plus whatever their JavaScript in turn tells you to. This bugs me because it marginalizes the vulnerable (the visually impaired, specifically), and is also a gaping security hole.  And the performance drain!

Normally I rock with JavaScript disabling tools and part of my tin-foil-hat approach to the Internet, but I’m now seeing that the Internet is increasingly dependent on fat clients. I’ve seen blogging sites that come up empty, because they can’t lay out their content without client-side scripting and refuse to fall back gracefully.

So, I need finer granularity of control.  Part one is RequestPolicy for FireFox, similar to which (but not as fine-grained) is Cross-Domain Request Filter for Chrome.

The extensive tracking performed by Google, Facebook, Twitter et al gives me the willys. These particular organisations can be blocked by ShareMeNot, but the galling thing is that the ShareMeNot download page demands JavaScript to display a screenshot and a clickable graphical button – which could easily been implemented as an image with a href. What the hell is wrong with kids these days?

Anyway, here’s the base configuration for my browsers these days:

FireFox Chrome Reason
HTTPSEverywhere HTTPSEverywhere Avoid inadvertent privacy leakage
Self Destructing Cookies “Third party cookies and site data” is blocked via the browser’s Settings, manual approval of individual third party cookies. Avoid tracking; StackOverflow (for example) completely breaks without cookies
RequestPolicy Cross-Domain Request Filter for Chrome Browser security and performance, avoid tracking
NoScript NotScripts Browser security and performance, avoid tracking
AdBlock Edge Adblock Plus Ad blocking
DoNotTrackMe DoNotTrackMe Avoid tracking – use social media when you want, not all the time
Firegloves (no longer available), could replace with Blender or Blend In I’ve have had layout issues when using Firegloves and couldn’t turn it off site-by-site

Subtitling tries to make me dumber

I was watching Todd Sampson‘s Redesign My brain S1E1 Make Me Smarter and noticed the subtitling was annoyingly wrong. FMRI was subtitled as MRI. Baseline became based on – and there was more errors. My hearing’s not super-great, but even I could tell that these weren’t right.

Twice I’ve seen subtitling so bad that I’ve been prompted to find out who did it. Last time it was Jacqui Mapoon at CSI.

This time it was Jacqui Mapoon at CSI. Either Jacqui does a lot of work for CSI and sometimes has bad days, or she does a little work and often screws it up. What are the odds that on the two occasions I notice very bad subtitling, the same person’s behind it?  Subtitling is a very specialized field, so there can’t be that many people doing it, but at the same time a lot of TV is subtitled. I know from personal experience that subtitling takes at least 5 minutes per minute of show, and can take more if it’s particularly speech-heavy. There are a few hours of TV a night requiring subtitles, and it’d take one person one day to subtitle one hour of TV, so there’s probably a few dozen people in Australia doing it; live subtitling is a different specialty. Perhaps work processes need to be changed; I know I proof my subtitling after having done it, and spot errors. Perhaps someone other than the original subtitler ought to do the final proofing? Proof-reading error rates would show whose work needed more attention.

Most of the subtitles that I’ve seen are great – precisely timed transcriptions of the spoken dialogue, either exact reproductions or well thought through précis, contracted just enough to be faithful to the words and the intent whilst also fitting on the screen. For some reason American stuff is all caps unless the character is off-screen. Given so many in this industry can get it transparently right, why does one person’s work repeatedly poke me in the eye? Somebody give Jacqui some training, stat!

Please make it okay for KITT to drive itself around

Driverless vehicles are coming. A clear legal framework will make them come all the sooner, and there’s an opportunity to make autonomous vehicles as safe as passenger aircraft.

Don't drive a car like a smuck, get the car to drive you!

Don’t drive a car like a smuck, get the car to drive you!

Make the manufacturer(1) solely responsible for all liabilities incurred by the vehicle, driverless or not. Transfer this liability to anyone who modifies the vehicle without manufacturer approval(2) – covering up sensors, adding systems, modifying software etc. While autonomous, fines for driving infractions are the responsibility of the manufacturer; demerit points are treated as unidentified and the fine for failing to identify the driver is payable by the manufacturer. Annual vehicle registration fees(3) remain payable by the vehicle owner, but third party insurance costs – personal and property – are remitted to the manufacturer, who could be expected to pay you to… not drive the car – if you drive the car, that creates an uncontrollable liability, but if the car drives itself then the risks are only those that are those due to the product, which presumably would lead to product improvement to decrease crashes and injury.

How would you force owners of cars that are the liability of someone else to properly maintain them? Simple; you make the manufacturer cover maintenance costs too – tyres, servicing etc. So now we’re getting to the point where we ask: what are people paying for cars that they only have to cover the running expenses for? How does the manufacturer recoup the cost of maintenance? Doesn’t really matter, but I think you’ll see that driverless cars will only be able to be leased, or hired, or rented, or some other such model. They’d basically be taxis – paid for by time and distance.

Every driverless crash will be investigated by a federal body – the Australian Transport Safety Bureau. To aid investigations, vehicles will be required to detect crashes and refuse to function after them; extensive data logging like on aircraft will be mandated. Because of the lack of humans involved, crashes come down to systems failure and the crash rate should be highly controllable.

 

Fly, KITT, fly

(1) Autonomous vehicle manufacturers might baulk at these plans to make them directly fiscally responsible for their products. Fine; they could instead put an insurance/finance company in as the responsible entity, but whomever is responsible would have to prove to the government their capability to meet their contingent liabilities.

(2) That is, you can hack your car if you want. But if you do, you wear the (potentially quite substantial) risks associated with having done so. Find an insurance company that’s willing to cover you (ha!).

Have you played thePopulation: Tire game? If not, you haven't lived.

Have you played thePopulation: Tire game? If not, you haven’t lived.

(3) Why do we charge registration fees? Owning a car doesn’t impose any costs on society. Driving it does; parking it does. There ought to be taxes on… tyres. The consumption of tyres by a vehicle is roughly correlated to the wear and tear on infrastructure and other externalities. Motorbikes, two tyres; semis eighteen or more. There are already taxes on fuel, again because of externalities – and presumably, because they’re easy-to-levy taxes that are hard to avoid. But infrastructure wear is not a function of fuel consumption, but it is a function of using tyres. The problem with a tyre tax is that people will naturally buy tyres that last a long time, rather than other considerations – for example braking efficiency; to address this some wear factor ought to be applied too.

Australian electoral fraud

An undamaged security cable tie

If the security cable tie isn’t pulled tight engaging the teeth, it can be pulled right off. If it was secured, it would have been damaged while being removed (with scissors).

I did scrutineering at the last Victorian state election, and apart from the shocking level of informal voting and above-the-line voting, there was another shock.

Electoral fraud – or the possibility of it.

The nice thing about living in Australia is that we take our democracy seriously, and we balance being able to prove that what the outcome was with ballot secrecy. Nobody, no level of government or industry, no individual, will know how you voted without you telling them. Yet at the same time we can have confidence that our electoral system is not being rorted; our governments change back and forth, and each time it does representatives of both sides keep a close watch on the activities of the employees of the AEC and VEC, eyeballing each individual vote and knowing that they are all distinctly different from the others in spite of being a collection of handwritten marks on a slip of paper.

To minimize the risks of ballot box tampering, at the start of voting the ballot boxes (just big cardboard boxes here in Australia) are sealed shut with serialized cable-ties. An independent somebody witnesses this when an Electoral Commission employee does this (typically the first voters who wandered into the polling station), and their details are recorded (by details, I think that means signature, but it could be actually enough to track the person down afterwards) and they sign the form that records the sealing of those particular ballot boxes.

So how come they use cable ties that can be “done up” and yet the teeth don’t engage – thus leading to an unsealed ballot box? Is it too much to ask for a cable tie with teeth on both sides?

I should have kicked up a fuss, but it was a safe booth in a safe seat, and who needs the hassle?

Anyways, the reason I relate this story is that I’ve been seeing comments along the lines of “this is the 21st century, why they hell are we using pencil and paper?”  Because, dickwads, computers don’t leave a fucking audit trail.  There’s no scrutineering of electrons.  How the hell are you meant to verify that Clive Palmer didn’t in fact get 98% of the vote?  You can’t.  Interesting that Clive Palmer owns the company that supplied all of the (suspiciously cheap) voting machines to the AEC, but that hasn’t got anything to do with it. And the cost! Pencils are 10c each, paper is about a cent a sheet.  A shitty computer is $500, and requires a bunch of electricity. “Do it on the Internet, or use smart phones!” I hear you say. No, because while nearly everyone can move a pencil around, significantly fewer can use their computer to vote. And there’s no connection between how you voted, and the counting of votes. The announced result could be anything, and there’d be absolutely no way of proving it wrong.  So, yes, computers are shiny and clearly the best way of implementing a voting system, if you want an electoral system you can’t actually trust.