jarrodwhaley.com

I make films. I'm also a nerd.

Gemalto Denies Sim Cards Were Hacked by NSA

Samuel Gibbs, The Guardian:

The firm allegedly hacked by the NSA and GCHQ has stated that it cannot find any evidence that the US and UK security services breached and stole the encryption keys billions of Sim cards.

Good news if true. I can’t help but be a little skeptical, however. Snowden’s revelations have proven time and again to be borne out by the facts. What’s more, don’t we think Gemalto would have a huge incentive to lie and say they were never actually breached?

Lenovo Installs Spyware on Consumer PC’s

As reported by Rick Osgood of Hackaday:

The software actually installs a self-signed root HTTPS certificate. Then, the software uses its own certificates for every single HTTPS session the user opens. If you visit your online banking portal for example, you won’t actually get the certificate from your bank. Instead, you’ll receive a certificate signed by Superfish. Your PC will trust it, because it already has the root certificate installed. This is essentially a man in the middle attack performed by software installed by Lenovo. Superfish uses this ability to do things to your encrypted connection including collecting data, and injecting ads.

Well, if compromising the security of our personal financial transactions makes good business sense for Lenovo, we’ll just have to toughen up and deal with it, won’t we?

They claim that server-side interactions have been disabled since January, which disables Superfish. They have no plans to pre-load Superfish on any new systems.

Oh, good. False alarm. So they’ve stopped doing this. I totally trust them not to be full of “it.”

QuickReminder v. 2.1

My QuickReminder script for Pythonista is now at version 2.1. I improved the way that certain errors were handled, making everything a bit more friendly to the user. I’ve also made a small tweak which throws an alert when no time interval is specified, then relaunches Drafts, preserving the original reminder text.

You can always grab the newest version of the script from this gist.

Dropbox Doesn’t Care About Its Own Product

I’d noticed that many of the files in my Dropbox aren’t syncing lately–and with file sync being the central and defining feature of Dropbox’s service, I found the situation to be…suboptimal. That being the case, I filed a support ticket. Three days later, I received the following non-response from some Python script running on a cron schedule on some forgotten server:

Dropbox's idea of support.

It takes giant balls to respond to one of your users like this. Why would anybody want to give money to a company with this much disdain for the people it purports to serve? Combine this with a growing distrust of pretty much all online service providers, and I kind of have to start thinking about jumping ship–and telling everybody I know to do the same.

Oh, You Didn’t See That Facebook Post?

John Moltz on Facebook’s goofily incomplete “News Feed”:

When the algorithm gets in the way of showing you what’s happening now, if you have to wait until the next day or go below the fold to see what happened last night, how is your medium any better than a newspaper?

Facebook has really become a giant abortion of theology and geometry, and every day I’m amazed to see that users aren’t kicking it to the curb en masse. Something this bad–something this disdainful of its users–really can’t be awfully long for this world. People will always get tired of eating crap…eventually.

Google Executive Murdered By Prostitute on Yacht

NBC Bay Area:

A woman police describe as a high-end prostitute has been arrested on suspicion of murder after allegedly injecting heroin into a tech executive on his yacht in Santa Cruz and leaving him to die when he overdosed.

This is bizarre and sad. Silicon Valley does seem to be a new Hollywood.

A Flexible Random Number Generator on iOS

My girlfriend manages a retail store on the Web, which entails a lot of marketing via social media. She likes to run a weekly promotion on Facebook in which a prize is awarded to a randomly selected “liker”1. When she first conceived the idea, she didn’t really have a means of properly choosing a winner with any real amount of randomness2, so I thought I’d cook up a little Python script. I realized that something like this would be a handy little utility for my own purposes, and I also knew my girlfriend would be asking for random numbers with some degree of regularity. Those two conditions being the case, I decided I’d like to write something that could be easily fired from an iPhone or an iPad with minimal effort. The script below meets those requirements fairly well, I think.

more »

Facebook Caching Data Not Even Given to Them

Pierluigi Paganini of Security Affairs:

Facebook is analyzing thoughts the writing [sic] that users have intentionally chosen not to share.

The article claims that when a user begins to type something into the status update field and then changes her mind about sharing it (or in other words, censors herself), Facebook actually keeps that text and runs data analysis on it.

I don’t know if it’s fair to say that Facebook is “analyzing thoughts,” exactly, and I don’t think there’s any reason to think that any interaction with Facebook at all is in any way connected with anything even remotely related to privacy. My sense is that humanity as a whole seems eager to do away with the very notion of privacy, so who cares?

Android Flashlight App LoJacks Users

Alice Truong, Fast Company:

The Android app Brightest Flashlight has been installed between 50 million and 100 million times, averaging a 4.8 rating from more than 1 million reviews. Yet its customers might not be so happy to learn the app has been secretly recording and sharing their location and device ID information.

I’m willing to bet a non-negligible amount of money, actually, that the number of shits given among those who’ve installed this app is less than or equal to 0.01. These users will never even know that their movements are filling a creepy database, and they wouldn’t care a whit even if they did know.

QuickReminder v. 2.0

I’ve updated my QuickReminder script for Pythonista to version 2.0, and it comes with a couple of cool improvements. Now, when the script begins to run, you’ll be prompted via a native iOS alert to either schedule the reminder or cancel it entirely1. The script will also return you to Drafts2 once your reminder is successfully set.

I have a lot of ideas for further improvements, so stay tuned. If you’d like to grab it, check out the gist.


  1. I’ve found on many occasions while running the script that I’d say, “oops,” and need to kill the notification so I could reschedule it, etc. 
  2. Required under my implementation, but it ought to be fairly simple to launch it with Launch Center Pro, for example.