Capitano Giuseppe Palminteri (1978-2014)

Ronnie Macdonald

Godspeed, my friend.

HTC Cricket missing menu button and Taskos

I believe Taskos [] is a a great way to sync with Google Tasks. I usually suggest this to my customers when for any reasons they need to an  alternative to the otherwise excellent Gtasks [].
Taskos  has a clean and handy interface, and it’s usually quite bug-free. So I was quite surprised when one client I referred to Taskos went back  to me complaining that he could not find the Menu-settings on his HTC One SV (Cricket) [].
I must admit I was quite baffled when, I too, was not able to find the Settings Menu,  not a graphic button at least. What is it?
A quick google search confirmed my suspicion. The HTC One  HAS a menu button, and it’s in plain view.

Miss having a Menu button? []
So depending on your settings, digging in the Taskos menu is as simply as keeping the Recent apps button pressed.
HTC One SV (Cricket)
HTC One SV (Cricket) (image from

GTasks comes also in a premium flavour, for a little fee [].
Both Taskos and GTasks seem to have a good record when it comes to privacy, but if you have sensitive tasks, you may wish to reconsider granting any third-part app full access to you tasks list. Taskos has a clear stated Privacy policy (see here).
Disclosure: to date, I have no business with the Taskos team or with GTasks team.

UFRaw and Gimp 2.8

UFRaw logo
UFRaw logo

UFRaw is a decent and opensource RAW file utility. It works on many platforms and despite the ’80 looking site works quite well with NEF file from Nikon cameras. Moreover, it is fairly well integrated with The GIMP, thanks to a dedicated plugin.  Setting it up on Windows may be tricky, especially regarding the Gimp integration. I found out an interesting post from  with a workaround. It worked for me fairly well.

Thanks zirneklitis for sharing this.




Biometric on iPhone worse than Snakes on a Plane?

Apple has recently spur some controversy with the introduction of a biometric sensor onboard its last flagship product, the iPhone.  When it comes to this topic (governments stealing fingerprints…anyone?), I think that most people are overseeing some  other interesting issues.
In my knowledge, available and affordable biometric sensors are known to be quite easy to bypass. Even those considering skin humidity can be bypassed and this vulnerability is known since 2002 so it comes in no surprise that Apple touch-id has been broken  in a few hours after its launch by CCC .
So, if everything was just known, why manufacturers decided to insert a biometric sensor anyway. Why? There may be different reasons, some understandable, some  outside the scope of this article.
– PINs and passphrase authentication schemes are showing their weakness and a suitable answer was required by market.
– biometric sensor is a great way to tie the device to the user. In a not distant future, ‘for security reasons’ it may be handy for manufacturers to tie the biometric credential to the device in an irreversible way, to ‘burn in‘ thus zeroing the second hand market (and black market as well).
Update(27.09.2013):I feel that thid will eventually come up any time soon.
– Plausible Deniability: in this not distant future, once the biometric credential is ‘burned in’ the device during initial setup, it can be difficult for the user to repudiate the device, claiming he does not own it.
As far as I know, the link between the biometric credential and the device is not so strong at the moment, and I suppose that the phone can be reset and sold without particular issues in this regard.

For normal people, the ones who fear more a violent assault by petty thieves than a government coming after them for espionage,  there a are a few reason why a biometric sensor on a phone is a good thing:

  • PINs, unlock schemes and pass phrase may be awkward to insert in an emergency situation. While it’s true that the emergency  dialer is always accessible, an emergency situation may include a scenario where one has to call a different number from the standard one and PINs and pass phrase are difficult to remember under stress.
  • an authentication scheme based on a biometric sensor is better in an hands-free situation, because it does not require the  user to focus on the credential insertion.
  • a biometric sensor is great for elderly people and impaired one.
  • you cannot forgot a biometric credential (*hopefully*).

On the other end, there are plenty of cons regarding a credential system solely based on a biometric sensor.

  • a biometric credential cannot be easily changed.
  • a biometric credential, like a fingerprint, is comparably cumbersome to protect while for normal situation protecting a PIN or a pass phrase is relatively easy.
  • fingerprints, in particular, are mostly exposed as unless the user is using gloves, as fingertips are always in contact with the surrounding environment. The claim that touch-id works also with other part of the body may be fun, but fingertips have a very special characteristic: they are different from person to person. I would love see people unlocking their device with the forehead, but it would be interesting to see if foreheads of  other people forehead can work as well. Moreover, no more placing your forehead on the window in a cold day like Keanu Reeves would possibly do, unless you want to risk to compromise your main credential.

The use of fingerprints as a biometric credential while practical, has some real issues that people should consider. First of all,  there’s a better chance of violent crimes being conducted where the thieves unlock forcibly or cut the fingertip
to obtain the biometric credential. And living without the thumbs can be at least uncomfortable.
Then there’s the aspect of privacy and data security.  Everyone may find himself in a situation where a third party can forcibly try to obtain access to the device.
While a little interrogation or trying to access by forensic methods can be a viable alternative every law agency can consider, bypassing a biometric credential is easy like forcing the user to swipe a finger on the sensor. You don’t even have
to spend 5$ on a wrench .
A few points worth mentioning:

  •  biometric authentication means that the device is vulnerable in any situation where the user is unconscious or’unavailable’, while for classical credential like PINs and passphrase this scenario works conveniently the opposite way.
  •   it’s difficult to oversee a plausible deniability scheme where one can provide the adversary with a different fake credential that will reveal uninteresting data, because the user can be observed acting in normal life ( so it may, for example, be difficult to swipe a different finger under distress, as the adversary may and probably already knows what the valid finger is).

So, are we ready for biometrics? Probably not. But probably, like many innovations Apple has endorsed, this will bring some good, spurring manufacturers into developing safer biometric systems.

Update (24.09.2013): a really good article on the subject (with some first hand experience on the touch-id hack) can be found here.

Further reading

Importance of Open Discussion on Adversarial Analyses for Mobile Security Technologies:

Chaos Computer Club breaks Apple TouchID:


Why I Hacked Apple’s TouchID, And Still Think It Is Awesome:


Arromances by hayha
Arromances, a photo by hayha on Flickr.

Playing like boys