A week without the Apple Watch

Lee Paterson wrote on waitingtoDownload about his week without the Apple Watch.

My first full work day without my watch was an interesting one, I found myself looking down to check the time on my wrist rather than my phone. It’s a habit that developed quickly once I started to wear a watch again and obviously missed.  All I can do is laugh to myself when all I see is skin (then turn around to make sure no one saw me)… 

I have done that several times when I just woke up. Lift my wrist to check the watch, only to realise I haven’t put it on.

Aside from checking the time (and date) I’ve found myself missing complications. I frequently use the timer one when I’m cooking and resorted back to the good old kitchen timer this week.  Complications have become part of my information stream I use the MODULAR watch face that shows me my next appointment, activity levels and a timer.  I’ve missed being able to see this at a glance and reached for my phone more that I’d like.

The timer has been very useful. I have started using it for my pomodoro session.

It may seem silly

John Gruber wrote about the Jon Evans piece, “Don’t be Apple”.

Jon Evans argued that since Apple has a centralised ecosystem, there is a chance that Apple can turn it into a surveillance system for the government. Hence, we shouldn’t be using Apple products. Can you work out the logic in that?

At which point we’d be forced to continue using these spyware Apple products because… ? And engineers at Apple would continue working for the company rather than resigning en masse because… ? And Apple would suffer no bad publicity for its cowardice because… ? Because: Tim Cook could surely flip a switch that would enable this surveillance without anyone noticing.

This advice is madness. Evans is recommending against using a platform that is secure and private today, from a company with a consistent decades-long track record in this regard, because in the future they might turn coat and become an accomplice of government mass surveillance, even though, if that came to pass, we could and would all just abandon the use of Apple products.

This is just ridiculous fear-mongering using a hypothetical situation. As Gruber puts it, even if it does come to that, we have the choice of ditching Apple. Why stay away from a secure platform that champions privacy just because of what might, as remotely as it can be, happen?

But wait, that’s not all.

Jon Evans:

But I have a sneaking suspicion that over the next year this dispute will grow more and more concrete. Maybe, as this contrast heightens, Apple will see the light; maybe instead of fighting jailbreakers, they will offer jailbreaking and sideloading as an option for power users out of the box, just as Android does. That alone would be a huge seismic shift.

So he wants a secure ecosystem to be made with a possible exploit so that users will feel more secure. I’ll give you some time to wrap your head around that.

Don’t expect iPhone 6S to save Apple

Therese Polettie wrote on MarketWatch, “Don’t expect iPhone 6S to save Apple.”

Apple needs to be saved? Oh yeah, because of this.

New data uncovers the surprising predictability of Android lock patterns

Ars Technica reported on new data that uncovered the surprising predictability of Android lock patterns.

Now, Android lock patterns—the password alternative Google introduced in 2008 with the launch of its Android mobile OS—are getting the same sort of treatment. The Tic-Tac-Toe-style patterns, it turns out, frequently adhere to their own sets of predictable rules and often possess only a fraction of the complexity they’re capable of. The research is in its infancy since Android lock Patterns (ALPs) are so new and the number of collected real-world-patterns is comparatively miniscule. Still, the predictability suggests the patterns could one day be subject to the same sorts of intensive attacks that regularly visit passwords.

Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology, recently collected and analyzed almost 4,000 ALPs as part of her master’s thesis. She found that a large percentage of them—44 percent—started in the top left-most node of the screen. A full 77 percent of them started in one of the four corners. The average number of nodes was about five, meaning there were fewer than 9,000 possible pattern combinations. A significant percentage of patterns had just four nodes, shrinking the pool of available combinations to 1,624. More often than not, patterns moved from left to right and top to bottom, another factor that makes guessing easier.


Data breaches over the years have repeatedly shown some of the most common passwords are “1234567”, “password”, and “letmein”. Løge said many ALPs suffer a similar form of weakness. More than 10 percent of the ones she collected were fashioned after an alphabetic letter, which often corresponded to the first initial of the subject or of a spouse, child, or other person close to the subject. The discovery is significant, because it means attackers may have a one-in-ten chance of guessing an ALP with no more than about 100 guesses. The number of guesses could be reduced further if the attacker knows the names of the target or of people close to the target.

This reminds me of how important and useful TouchID is. It is so easy to shoulder surf, even unintentionally. Don’t take my word for it. Be more aware when an Android user unlock their phone near you next time.

Even when told not to, Windows 10 just can’t stop talking to Microsoft

Ars Technica reported on Windows 10 talking to Microsoft even when told not to.

For example, even with Cortana and searching the Web from the Start menu disabled, opening Start and typing will send a request to www.bing.com to request a file called threshold.appcache which appears to contain some Cortana information, even though Cortana is disabled. The request for this file appears to contain a random machine ID that persists across reboots.


Some of the traffic looks harmless but feels like it shouldn’t be happening. For example, even with no Live tiles pinned to Start (and hence no obvious need to poll for new tile data), Windows 10 seems to download new tile info from MSN’s network from time to time, using unencrypted HTTP to do so. While again the requests contain no identifying information, it’s not clear why they’re occurring at all, given that they have no corresponding tile.

Other traffic looks a little more troublesome. Windows 10 will periodically send data to a Microsoft server named ssw.live.com. This server seems to be used for OneDrive and some other Microsoft services. Windows 10 seems to transmit information to the server even when OneDrive is disabled and logins are using a local account that isn’t connected to a Microsoft Account. The exact nature of the information being sent isn’t clear—it appears to be referencing telemetry settings—and again, it’s not clear why any data is being sent at all. We disabled telemetry on our test machine using group policies.

When disabling services doesn’t really disable them.

Hackers can remotely steal fingerprints from Android phones

ZDNet reported on how hackers can remotely steal fingerprints from Android phones.

The attack, which was confirmed on the HTC One Max and Samsung’s Galaxy S5, allows a hacker to stealthily acquire a fingerprint image from an affected device because device makers don’t fully lock down the sensor.

Making matters worse, the sensor on some devices is only guarded by the “system” privilege instead of root, making it easier to target. (In other words: rooting or jailbreaking your phone can leave you at a greater risk.) Once the attack is in place, the fingerprint sensor can continue to quietly collect fingerprint data on anyone who uses the sensor.

“In this attack, victims’ fingerprint data directly fall into attacker’s hand. For the rest of the victim’s life, the attacker can keep using the fingerprint data to do other malicious things,” Zhang said. And that’s a big problem. Fingerprints might be commonplace in mobile payments and unlocking devices, but they have been used more in the past five years also for identity, immigration, and for criminal records.

Fault lies firmly with the device makers. Food for thought for people who like to root their Android devices.

Apple Pay competitor CurrentC may not launch until next year

Re/code reported on Apple Pay competitor CurrentC possibly not launching until next year.

CurrentC, the payments app being created by a consortium of big retailers known as MCX, may not launch widely this year as originally planned, MCX CEO Brian Mooney told Re/code in an interview on Tuesday. The company will begin a public pilot of its app in Columbus, Ohio, in a few weeks and will not rush a wider rollout if the product is not ready, he said.


MCX attracted a bunch of attention last year when two of its member merchants, CVS and Rite Aid, shut down support for Apple Pay after briefly accepting it as a payment option. On Tuesday, though, Rite Aid said it would start accepting Apple Pay later this month, and other MCX merchants such as Best Buy have announced plans to accept Apple Pay later this year. MCX members had signed exclusivity agreements which prevented them from accepting competitive wallets, but those expire this month — so it’s quite possible we will hear about other MCX retailers choosing to accept mobile wallets other than CurrentC.

One more reason not to use CurrentC.

Bubble Cloud Widget + Wear brings a stylish launcher to Android Wear

Android Central reported on Bubble Cloud Widget + Wear.

Convenience is the name of the game when it comes to Smartwatches, but at times getting to the app you need quickly can be a hassle in Android Wear. Bubble Cloud Widgets + Wear is a launcher that brings you gorgeous icons for all of your apps within swiping range. You’ve also got tons of options, and choices to personalize how everything looks and behaves.

If you haven’t seen it yet, check it out below.

I see it every time I raise my wrist.

HTC trading below cash leaves smartphone brand with no value

Bloomberg reported on HTC trading below cash leaves smartphone brand with no value.

A 60 percent plunge in HTC Corp.’s stock this year pushed its market value to below its cash on hand. That means investors were effectively saying the smartphone maker’s brand, factories and buildings were worthless.

HTC’s market price fell Monday to NT$47 billion ($1.5 billion), below the NT$47.2 billion cash it had at the end of June. A drop of as much as 9.8 percent in its stock before a late rally signaled investors put no value on the rest of the company.

“HTC’s cash is the only asset of value to shareholders,” said Calvin Huang, who has a NT$46.50 price target on the stock at Sinopac Financial Holdings Co. in Taipei. “Most of the other assets shouldn’t be considered in their valuation because there’s more write-offs to come and the brand has no value.”

Another victim in the race to the bottom.

Hackers exploit Flash vulnerability in Yahoo ads

The New York Times reported on hackers exploiting Flash vulnerability in Yahoo ads.

For seven days, hackers used Yahoo’s ad network to send malicious bits of code to computers that visit Yahoo’s collection of heavily trafficked websites, the company said on Monday.

The attack, which started on July 28, was the latest in a string that have exploited Internet advertising networks, which are designed to reach millions of people online. It also highlighted growing anxiety over a much-used graphics program called Adobe Flash, which has a history of security issues that have irked developers at Silicon Valley companies.

“Right now, the bad guys are really enjoying this,” said Jérôme Segura, a security researcher at Malwarebytes, the security company that uncovered the attack. “Flash for them was a godsend.”

Firefox users got lucky.