I still haven't found a great browser on Android. I used Firefox for some time, but it had rendering issues. Chrome is closed source, which I try to avoid. Oddly, a Chromium build was never available, so I stuck with WebView wrappers like Lightning, which I can also load on my non-Play devices (Kindle Fire). Turns out, there were no Chromium builds because the code wasn't open source...but that's changing according to aurimas_chromium on Reddit. I'm looking forward to having Chromium show up in F-Droid!
One of the best side-effects of full-disk encryption is that "factory reset" functionality is a no-op, since it doesn't rely on complex and potentially error-prone disk wiping routines. It turns out that Android suffers from exactly those sort of faults.
Schneier has posted about Logjam, a method for subverting encrypted connections by downgrading cipher strength during key exchange. Much more fascinating is the discussion that the NSA has likely factored one or more of the primes used widely to initiate TLS, SSH and VPN connections.
It's been a very interesting couple of days. Yesterday, the 11th Circuit Court of Appeals found that a person does not have an expectation of privacy with respect to his or her location if they are carrying a cell phone. The full PDF of the decision is available. Two judges penned a compelling dissenting opinion, in which they insightfully pointed out that:
...as far as I can tell, every argument the government makes in its brief regarding cell site location data applies equally well to e-mail accounts, search-engine histories, shopping-site purchases, cloud-storage files, and the like.
So that case was with respect to police requesting cell location information from cell providers, and was essentially based on the third-party doctrine.
Today, the 2nd circuit handed down a related but differing opinion with respect to warrantless, bulk collection of phone call metadata. The decision (PDF) fell short of declaring it unconstitutional, but did assert that Section 215 of the Patriot Act did not authorize bulk phone call metadata collection on United States citizens.
The decisions are distinct, but related. They both relate to phone metadata collected about United States citizens, but one covers actions permissible by domestic law enforcement, the other the actions of intelligence agencies whose mission is supposed to be focused on foreign intelligence collection. Increasingly, the distinction between domestic and foreign is blurred, leading to complexity and confusion.
Insightful post on Freedom To Tinker about a startup that is basing their messaging app on one-time pads. It's another great example of people ignoring the 'hard' part of the crypto problem (key exchange, implementation bugs, etc.) and instead trying to improve the parts that work the best (cryptographic primitives), all the while introducing new vulnerabilities (eavesdropping during key exchange, side-channel attacks). We've seen this sort of approach before, and the early results weren't good. Reinventing your own approach to crypto is almost never a good idea.
I picked up KOTOR for Android and tried it out on my Oneplus One (it was surprisingly good) and also installed it on my Nexus Player. I've had stability problems with games on the Nexus Player before, but KOTOR is very stable after an hour or so of play. I've never actually played KOTOR before, and even though it's 12 years old, I admit it's very well done. If you're looking for a Star Wars RPG fix on Android, I highly recommend it. It's on sale right now for $3 (normally it's $10). 5/5, would buy again.
Slashdot ran an article about Google engineers discussing why Google Plus failed. They point out that it was late to market, and that they wanted it to be too much like Facebook. As a developer, though, I am amazed by how well executed G+ is, but I'm also amazed by how closed the API is. I'm very surprised no one pointed out that the API is read-only. If I had to choose one thing that put me off the most, that would be it.
With awesome laptops like the Dell XPS 13 and the Chromebook Pixel 2015 coming in very small form factors, Google's strategy of focusing on 6- and 9-inch Android devices seems like a major misstep. The 'correct' phone size is between 5 and 5.5 inches, and the 'correct' tablet size is between 6 and 8 inches. Nevertheless, Google's decided to discontinue both the Nexus 5 and the Nexus 7, both of which were more successful than their larger, newer, counterparts.
Public Health has written a bit about why Chipotle dropped GMO foods, and why PepsiCo dropped aspartame (but only in some drinks!) It's a short but insightful read about how small the role of science is in such decisions.
I've always felt that computers had taken a wrong turn somewhere; that they should imbue users with new powers to undestand the world around them. I love Engelbart's work, and this piece fits together the two ideas beautifully.