Friday, June 11, 2021

Storage Basics

(Audience: IT security person who needs a basic understanding of IT storage.)

Storage is one of the IT disciplines that is a little less visible to users.

A typical server has one or more components that store data -- hard disks, SSDs, and/or tapes. The basic idea of IT Storage is to move some or all of these components outside the servers. Some or all of these storage components are separated into their own devices.

Why do we separate storage?

Separating out storage yields a bunch of benefits:

Storage devices can provide larger capacity than a single server can hold

Servers only have so many internal slots. If a server needs more storage than its drive slots can support, dedicated storage is the only option.

Storage devices can more easily provide a mix of storage sizes.

If you have some servers that need a tiny amount of storage and some that need a lot, it can be hard to order servers in the right balance. Special storage devices can have big pools of physical disks that are divided up between servers. So you can more easily allocate a little storage to the servers that need a little and a lot of storage to the servers that need a lot.

Dynamic growth

When servers contain disks internally, if there is a need to add capacity while the server is already "live", it can be difficult. If the storage is provided by special storage devices, it is easier to do this "live" without downtime or rebuilds.

Robust, consistent handling of disk failures

Storage components such as disks tend to fail. If the storage has RAID, this is easy to fix so long as someone notices quickly. When disks are inside servers, the ability to fix disk failures depends on the system administrators, operating systems, supporting software, and configurations. These can be of inconsistent quality. Centralizing storage management allows these functions to be centralized and performed consistently.

File sharing

Sometimes there is a need to share the same files to many servers, such as network shares, user home directories, or migrating profiles. This is often easiest and most reliable with dedicated storage devices.

High performance

Some scenarios, such as high-performance computing, require storage that is much faster than normal. Some needs can be best served with dedicated hardware.

What kinds of products are out there?

Storage products fall into a number of categories.

Direct-attached storage (DAS)

This is the simplest to understand. It's typically a box that looks like a server, but contains lots of disks, and connects to a server with an interface cable.

Some of those interfaces are specific to storage, such as "fiber channel" or "SCSI". Others of those interfaces could potentially be used for multiple purposes, such as fiber channel over ethernet (FcoE) or iSCSI. If the interface is FcoE or iSCSI, it might be dedicated to storage or it might be shared with other network traffic.

A logical disk carved up from a real disk pool is typically referred to as a "LUN". It is shared at the "block" level, meaning that the servers that it is shared to see it as a virtual disk that they can format with partitions and filesystems.

Storage Area Network (SAN)

As with direct-attached storage, we have a box with disks inside. But now, instead of connecting it directly to one server, we attach it to a network. As with direct-attached, we have multiple options of how to made the connection -- storage-specific options such as fiber channel, or potentially dual-use technologies such as FcoE or iSCSI that may or may not actually have dual-use. The box or boxes can typically carve up the storage so that different servers can be given different-sized pieces, and the sizes can be changed for "live" servers.

Once more, the SAN presents logical disks to servers at the "block" level. The servers still need to partition and format the disks.

Network Attached Storage (NAS)

With a NAS, one wants to have a central file store that is shared to one or more computers over a network. Usually the network is an IP network. The network could be dedicated to storage, but usually is shared with other traffic.

The servers see the storage as files and directories, rather than the "blocks" that we see with DAS and SAN. So this is called "file storage."

This typically works via features built into the server operating systems. Both the NAS and the operating system need to support special "storage protocols" such as NFS or CIFS/SMB. It can require systems administration setup and support.

This kind of storage can also be useful from desktops.

Object storage

This is a relatively new kind of storage. Like Network Attached Storage, it is accessible using regular IP technology. But it is somewhat different in that the interface is typically an "application programming interface" (API), often via web protocols, rather than special storage protocols.

This type of storage is typically provisioned not at the individual file level, but as "buckets" of storage that can hold a collection of related data.

This type of storage is specifically designed to not require operating system support. Applications and users can provision storage objects and access them by talking directly to the object storage API.

Security concerns

Like any technology, Storage has security concerns.

Access controls

How do the storage devices know which client(s) should be allowed to access which resources? What access level (read-only vs. read-write) should be applied to a given client's access to a given resource?

If the storage is connected to only one device then access controls are easy. If the device is connected through a special-purpose network or a dedicated network to multiple devices, then access control must be carefully managed. And if they connect through a network that allows other kinds of traffic in a less controlled fashion, then we require even more robust network controls.

Client trust and authentication

To what extent does the storage trust the servers and/or desktops that access it? For example, NAS devices that talk NFS version 3 assume that the client user is who the user claims to be. So if a user can place a laptop they control on the network, at an IP or subnet in the NAS access list, then they can claim to be any user.

Some storage types (e.g. NFSv4 and AFS) can utilize kerberos tickets to avoid this issue. But they are complicated to setup and manage.

Encryption

Many storage technologies do not default to encrypting data in transit.

Network trust and dedicated network

As mentioned above, there are a number of issues that revolve around network trust -- access controls, client trust, and encryption. Security personnel are likely to want dedicated networks for storage. Especially SAN storage.

Management controls

Many storage devices have software for the storage device to be "managed" -- configuration and reporting. Even if the actual storage goes through a dedicated interface, the management function usually needs to be on a regular IP network. It needs to have security controls, like any other device on a regular IP network -- security scans, best practice configuration checklists, and all the rest.

Monday, December 21, 2020

Implications of the SolarWinds Orion Compromise

A whole bunch of major companies and government agencies recently had their networks compromised ("hacked"). This incident is far more serious than most other such compromises, not just because of the scope of the targets, but because of the methodology. Most compromises are successful because the target made a mistake. But in this case, the targets were compromised because they did something right. The targets installed patches, just as they were supposed to.

The bad guys didn't go after the targets directly. Instead, they first went after SolarWinds. SolarWinds is a major IT software vendor. Like many vendors, SolarWinds sometimes has to issues "patches" -- fixes for bugs that are discovered in their products. IT organizations are encouraged to download such patches, check their "digital signatures", scan them for bad software ("virus", "malware", "trojans", etc.), test them to make sure they don't break functionality, and install them as quickly as possible. Such patches often fix security bugs that could be used to break into the product, so IT security people want us to go through the steps as quickly as possible. Many vendors digitally "sign" their patches, so we IT people can check the signatures and not get tricked into installing software from a bad guy.

So the bad guys broke into SolarWind's network. They changed the vendor's software "build server" to add custom bad software to the patches themselves. Because this happened on the actual build server, the bad software updates were signed by the vendor's digital keys. Because the "bad software" was custom, it evaded detection of existing bad software. IT personnel in the target organizations downloaded the patches, checked the signatures, tested the software for functionality, scanned it for (known) bad software, and after it passed all the checks, installed it. Even after all their care, their SolarWind servers were then compromised.

And then it became still worse. Sites with really good security postures often have internal firewalls and sophisticated software that limit even what the software legitimately installed on their networks can do. This can stop many adversaries even if they can get past other security defenses. This is an IT security principle known as "defense in depth." The catch here is that SolarWinds is a vendor of "network management software". This is software that is designed to reach out all over the network, talking a variety of network protocols. So the attackers didn't just have access to any old server. They had access to the servers that had the most access on the organization networks.

In other words, target organizations that did everything right, and followed every major best practice, were still broken into. The multiple levels of protections that the more sophisticated organizations employ to stop this kind of thing didn't help here.

This compromise demonstrates one of the great principles of IT security: IT security cannot prevent high-level attacks by a sufficiently determined and well-resourced adversary. IT security only exists to stop lower-level attacks. The overwhelming majority of IT attacks are by "script kiddies" -- people who aren't capable of writing an exploit themselves, but are able to use exploit tools written by others. Higher tiers of attackers who can write their own novel exploits and tools are more rare, and tougher to beat, but we can beat them with more sophisticated defenses. But the highest tier of attackers can get through our best defenses. These attackers have access to many custom exploits, their own tools, and disciplined tradecraft.

After every major incident, IT people read up on the incident to understand what went wrong and what we need to do better. What makes this incident so very terrifying and different is that the methodology didn't require target organizations to make any mistakes. If anything, organizations that followed best practices were targeted through some of the very practices that normally protect them.

This is a hard lesson. We all desperately want to know what we can do to avoid such a problem. But sometimes we are powerless. "It is possible to commit no mistakes and still lose." -- Star Trek: The Next Generation

This is important to understand. Many journalists, pundits, and politicians don't get it. Even many IT personnel don't have technical backgrounds strong enough to really understand it. This means that we'll be seeing bad recommendations in the popular media and even in the trade media.

Physical security provides a good analogy. A regular door and lock will prevent someone from casually entering a house, but won't stop a locksmith or someone willing to kick the door in. A fancier lock and reinforced door will slow down an attacker, but someone with an ax or a determined locksmith can still get in. If you're running a bank, you want even more security in the form of a vault, but even those can be broken into by a determined attacker with a drill and enough time. So if you're protecting something really important, you also hire around-the-clock security guards. And if you're a government, maybe you even install a military base. But if an army suddenly shows up on your doorstop with tanks and airplanes and a lot more force than your military base can counter, then you can try to fight, but you might be forced to surrender.

In the same way, IT security provides layers of protection that can deal with higher levels of threat if you're willing to expend more resources. But even the best sets of controls have their limits. At some level, the challenge is bigger than what even a large organization can counter.

All of this matters because there will be calls for change. Perhaps some of what is recommended will actually be novel concepts by knowledgable people that address the real threats. But so far, everything I've heard would not have realistically helped. And at least one item not only wouldn't have helped, but would actually have made us more susceptible to the more common low-level threats by slowing down patch cycles. When the pundits and politicians make recommendations based on this incident, we will need to pay attention and ask some hard questions.

Technical source: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

(Addendum: I don't run SolarWinds Orion, and never have. On a former job, when network management systems and IT security were a large part of my role, I recommended products other than SolarWinds. It wasn't because I saw this coming. But I'm feeling really good anyway!)

Written 2020-12-18; updated 2020-12-21

Sunday, August 23, 2015

Netflix not sending DVDs reliably

Netflix has been really annoying lately. On the surface, they're
being useful -- sending us DVDs before we've sent back the old DVDs.
But in practice, we're sometimes not getting DVDs we're supposed to
get.

The problem is that we have multiple DVD queues, one for items that my
wife Catie picks, one for items that I pick. We have one DVD
allocated to Catie's list, and two to mine, since we both watch
through mine a lot faster. Catie sometimes doesn't watch her DVDs for
a while. When Netflix sends extra DVDs to one queue, they sometimes
don't send DVDs to the other queue until the extras are sent back. So
if Catie has an extra DVD on her queue and doesn't watch it, then I
might not get one of my DVDs. And if she has two extras, then I can
stop getting DVDs altogether. This isn't how the DVD allocations are
supposed to work. It's infuriating.

I've contacted netflix a couple of times to complain about this, but
the customer service folks don't have the ability to do anything about
it. Very frustrating.

Tuesday, November 26, 2013

How I lost 67 Pounds

Between April 2012 and October 2013, I lost 67 pounds. People keep asking me how.
The short answer: diet and exercise.
The long answer: I had a plan. It started simple and grew more complicated. That plan is below.
DISCLAIMER: I am not a professional nutritionist or a professional physical therapist. This is not intended as advice, but to document what I did to answer others' questions. What worked for me might not work for you.
Disclaimers aside, let's make way for:

Morty's Weight Loss Plan

General weight loss

The big rule: don't try to do everything at once. Start small and build.
Don't lose weight too fast. For the first week or two, it's OK to lose a lot of weight, but after that, it should be 1-2 pounds per week. If you're losing weight faster than that, back off. Do less exercise and maybe relax the diet a bit.
You're not just doing this until you lose weight. If you go back to your old bad habits, you're just going to put the weight back on. The goal here is to make lifestyle changes that will let you lose the weight and then keep it off. And you need to exercise even if your weight isn't a problem. So your mindset should be "what can I live with for the rest of my life", not "what can I live with until I drop the weight."
NB: you do get to back off a little bit when you reach your goal weight. It's easier to maintain weight than to lose weight. Homeostatic equilibrium, baby.

Eating

Eat at least three meals per day
Eat at least 5 items of fruit per day. Usually a banana, two apples (fuji and something else), a pear (bartlett, d'anjou, forelle, or other green pear or red pear, but not packham) and a citrus (minneola tangelo, valencia orange, or other)
Eat at least one serving of vegetable per day. [Mom would be so proud.]
Eat at least one serving of fish per day. Canned fish works well. Examples: tuna salad (suitable for work), sardines in lemon sauce, sardines in mustard, smoked trout.
Watch out: don't bring "stinky" fish to work. Some people didn't grow up eating this stuff. Poor them.
Avoid starch. That includes bread, potato, pasta, or rice. A little won't hurt, but don't overdo it. (I eventually added a daily whole wheat bagel.)
Eat at most one "meat" meal per day. The other meals should be just fruit and/or vegetables and/or fish
Meal idea: stir fry. Use 2 pounds of veggies for every pound of meat.
Meal idea: grilled steak and grilled veggies
Meal idea: Maiwand Kebab (21044, by the Safeway, not one of the other ones). Lamb kebab, substitute eggplant and chickpeas.
Eat fruit and veggies *before* "fun" food
If you're hungry, eat. If you're thirsty, drink. If you're tired, sleep.
While eating, pay attention to your hunger. If you're not hungry any more, stop eating. Eat slowly, so your body has time to adjust.
It's OK not to finish everything on your plate.
You can eat food that's healthy. You can eat (some) food that's tasty, even if it's not healthy. If the food isn't healthy and isn't tasty, don't eat it! This is especially a problem at restaurants, which tend to bundle "bad" foods with "good" foods. I don't much like french fries, and they are not healthy, so why do I eat them when they are served in restaurants as a side?
Tricks for dealing with restaurants: "hold" and substitutions. I tend to eat whatever is served to me, even if I don't like it -- I don't want to waste food. So, get them to "hold" it, so it won't be wasted. Or substitute for something healthier. Most restaurants are happy to substitute salad for french fries.
When eating out, partition your food. Don't eat more than you think you should. Remember, it's OK not to eat everything. The starving kids of the world won't be any more fed if you overeat.
When you want to drink juice or other sugar waters, drink just a small amount. The best part is the first swallow. Then slake your thirst with water.
The above works with most tasty+unhealthy food. Ice cream? Have a spoonful, and then eat something else.
You are allowed to make occasional exceptions. The bread at Maiwand 21044, for example. Just don't do it too often.

Exercise

"No pain, no pain." If it hurts, stop the exercise or decrease the weight.
Watch TV on an exercise machine (treadmill, exercise bike.) No TV watching from the sofa unless you are also keeping up with your exercise.
Never run two days in a row -- intersperse with bike work.
When you have time, spend extra time walking/biking at low intensity. This helps you lose weight. Keep it slow.
Split the weights into muscle groups. Do different groups on different days.
Gradually increase the load over time. I increase one setting per visit, gradually rotating through all settings. Since I use 12 different weight machines, that means I stay at a given setting for about 2 weeks before I increase it.
Don't increase by more than 5 pounds at a time. For machines that only go up by 10 pound increments, use 5-pound add-on weights.
If you are scheduled to increase the load but are having a lot of trouble with it, DO NOT increase the load. See "no pain, no pain" above.
Even if you are scheduled to stay at the same weight you have done before, if you are having trouble with it, decrease the weight. See "no pain, no pain" above.
Exercise every day if possible while trying to lose weight.
Missing one day occasionally is OK. Do not miss two days in a row. [When you're done losing weight, you might be able to back off to exercising every two days as a matter of course.]
High-speed exercise is good for the heart. Low speed exercise is good for weight loss. The border is at a pulse rate of about 180 - $your_age. Above that threshold, you don't burn fat. Do both kinds of exercise.
Per the above, you need a heart rate monitor. Be sure to get one with a replacable battery.
Normal exercise sequence: half an hour of swimming followed by half an hour of running/walking or biking followed by weight work.
Exerise every day. If you can't do every day, do every 1.5 days.
I try to exercise 7 times in a week. Sample schedule: Monday morning: run, group 1 (abs and arms). Tuesday morning: bike, group 2 (chest, thighs, legs, shoulders). Wednesday: repeat Monday.
Note that the above was not an all-at-once deal. When I started out, I was just going the running. After more than 5 months, I started the group 1 and group 2 exercised. A few months after that, I started the exercise bike. I phased in swimming about 15 months after I started, then dropped it a few months later.

Thursday, June 6, 2013

Commands: noun, then verb

One of the little things that irk me: commands that start with a verb followed by a noun.

I fully understand why English-speaking people tend to put the verb first. In English, an imperative order is given verb first. "Insert this module! Delete this directory! Add this apt repository!" So English speaking programmers tend to use the same convention for program names.

Unfortunately, verb-first order breaks command searching via command completion. Suppose I want a module related command, but I can't remember the name. The part I'm most likely to remember is "mod". If it were "modins", "moddep", "modrm", etc., I could start typing "mod" and press <tab> and the various module-related commands would be listed. But if it's "insmod", "depmod", "rmmod", etc., I had better remember the particular verb used as well as the noun.

A related problem is that verbs tend to not be consistent. Why do we "ins" and "rm" modules but "add" and "del" users? The noun part is much more likely to be consistent. Once more, command completion comes to our rescue.

When I did Solaris admin, I was impressed that all their module commands started with "mod". I'm happy to note that people in the Linux world now mostly seem to get this as well. The early Linux module commands were "verb-noun" ordering, but the newer module commands are "noun-verb" -- "modprobe", "modinfo". Similarly, the early "user" commands were "adduser" and "deluser", but the modern equivalents are "useradd" and "userdel". Yay for progress!

[And now I have a reference for when I need to argue with someone on why they should rename their program! Yay me.]

Monday, May 6, 2013

Android configuration

I document all my normal Android settings, for when I have to configure a new device. Let's share.

settings
1. security
  1. unknown sources: allow
  2. screen lock: pin
  3. automatically lock: 5 minutes after sleep
  4. power button instantly locks: off
  5. owner info: enter name and email
  6. verify apps: enable
2. backup and restore
  1. automatic backup: enable
  2. automatic restore: enable
accounts:
1. google
2. dropbox
3. facebook
4. Mantano (now expired)
5. netflix
6. outlook web email
7. skype
8. tivo
9. twitter
ADW (ADVANCED)
1. actionbar: don't show
2. dock: rotate with device orientation
3. desktop position: ICS slider
4. app drawer: ICS paginated
5. transitions: normal scroll
6. ADW Settings
  1. screen
    1. desktop columns: 5
    2. desktop rows: 7
  2. system
    1. advanced settings
      1. home orientation: portrait
7. desktop setup
  1. icon row:
    1. phone
    2. beyond podcast
    3. chrome
    4. reader
  2. row: 1 (from bottom)
    1. power toggles icon (see below for details)
    2. widget beyond podcast 1x1 icon
  3. row: 2 (from bottom)
    1. widget connectbot frakir.org
    2. maps
    3. winamp
    4. folder
      1. facebook
      2. twitter
      3. flipboard
      4. google+
    5. play store
  4. row: 3 (from bottom)
    1. folder
      1. mantano reader lite
      2. AEPreader
      3. aldiko premium
      4. eReader Prestigio
      5. ZXReader
      6. HaTaNa"Ch
    2. OurGroceries
    3. folder
      1. Angry Birds
      2. Angry Birds seasons
      3. Bard's Tale
      4. Defender II
      5. Minecraft PE demo
      6. Sudoku
    4. folder
      1. MX player
      2. Music
      3. Mythfrontend
      4. netflix
      5. pandora
      6. tivo
    5. folder
      1. Gmail
      2. Messaging
      3. Outlook Web Mobile
      4. People
      5. Skype
      6. Talk
      7. YAIIC
  5. row: 4 (from bottom)
    1. folder
      1. Clock
      2. StopWatch and Timer
    2. Navigation
    3. folder
      1. Camera
      2. Camera MX
      3. DOF Calculator
      4. OneShot Cam
      5. Smart Voice Recorder
    4. folder
      1. settings
      2. ADW Config
      3. Authenticator
      4. battery indicator
      5. BlueAnt
      6. Downloads
      7. Dropbox
      8. ES File Explorer
      9. Gallery
      10. Power Toggles
      11. ROM Manager
      12. SGS3 Easy UMS
      13. StickMount
      14. SuperSU
      15. Task Manager
      16. Torch
      17. Traceroute
      18. UltraTools Mobile
      19. Wi-fi Web Login
    5. folder
      1. Tricorder
      2. AK47
      3. Android Lightsaber
      4. Android Lightsaber (#2)
      5. BlueScreen
      6. Earth
      7. Google Sky Map
      8. Periodic Table
      9. screen Crack
      10. Sonic Screwdriver
      11. Sonic Screwdriver (#2)
  6. row: 5 (from bottom)
    1. blank
    2. blank
    3. folder
      1. Barcode scanner
      2. BMI Calculator
      3. Chicon7
      4. DC Metro Map
      5. DC Metro Transit
      6. Goggles
      7. How to Tie a Tie
      8. Karl's Mortgage
      9. Local
      10. MyBMI
      11. NASA
      12. News and Weather
      13. RunKeeper
      14. Running
      15. Speed Dial
      16. The Weather Channel
      17. Translate
    4. RealCalc
    5. folder
      1. Titanium Backup
      2. APN Backup & Restore
      3. Call Log Backup & Restore
      4. SMS Backup & Restore
  7. row: 6 (from bottom)
    1. blank x5
  8. row: 7 (from bottom)
    1. blank
    2. Calendar
    3. Hebrew Calendar Widget (see below)
aldiko premium
1. settings | display | page turn animation = off
automateit
1. settings
  1. show popup messages: off
  2. show service notifications: off
2. add rules
  1. application trigger
    1. application: map
    2. actions: composite
      1. GPS: on (phone only)
      2. mobile data: on (phone only)
  2. power connected
    1. actions: composite
      1. GPS: on (phone only)
      2. bluetooth: on
      3. wifi: on
  3. power disconnected trigger
    1. actions: composite
      1. GPS: off (phone only)
      2. bluetooth: off
      3. wifi: off
  4. application activated trigger
    1. application: MX Player Pro
    2. action: set screen brightness 100%
  5. application deactivated trigger
    1. application: MX Player Pro
    2. action: set screen brightness automatic
AVG
1. activate
battery indicator
1. just start it
call logs backup and restore
1. preferences
  1. backup folder: external card
  2. schedule backups
    1. enable
    2. 4am
    3. repeat 1 day
connectbot
1. set up hacker's keyboard first
2. connect ssh to morty@frakir.org
3. connect ssh to work
4. connect local
5. create shortcut widgets for morty@frakir.org
dropbox
1. configure account
2. upload phones
  1. upload existing photos: no
  2. skip
email
1. settings
  1. application
    1. auto-advance: message list
ES File Viewer
1. settings
  1. file settings
    1. show hidden files: yes
  2. view settings
    1. view: details
facebook
1. log in
2. sync (contacts): Sync all (note: won't be present on tablet)
3. settings
  1. sync photos: off
  2. messenger location: off
  3. sync contacts: sync all (note: won't be present on tablet)
hacker's keyboard
1. configure input methods (also under settings | keyboard)
  1. hacker's keyboard
    1. enable
    2. settings
      1. keyboard mode, portrait: full 5-row layout
2. set current input method (also under settings | keyboard)
  1. hacker's keyboard
Hebrew Calendar 3x1 widget
1. hebrew date changes at: midnight
2. location for candle lighting: enter location manually: 21044
3. Language: Hebrew
4. minutes before sunset to light candles: 18
mantano
1. settings
  1. bookshelf
    1. import folders
      1. add: /mnt/inbooks
      2. del: /mnt or other defaults
ourgroceries
1. send auth request to main acount
MX player
1. settings
  1. decoder
    1. S/W decoder (local): yes
netflix
1. log in
power toggles
1. create a widget
  1. toggles:
    1. hotspot (wifi)
    2. wifi
    3. bluetooth
    4. gps
    5. mobile data
    6. screen lock
    7. volume toggle
    8. brightness quad
  2. transparency: about 50%
2. under the app:
  1. notification widget
    1. enable
    2. conigure
      1. two rows
      2. row1: as per widget above
      3. row2:
        
        flash light
        screen light
        data sync
        sync now
        airplane mode
        play/pause music
        rotation lock
realcalc
1. settings
  1. RPN mode: yes
  2. Enable Radix modes: yes
  3. swap percent and 1/x: yes
tricorder
1. obtain from your dropbox account
2. settings
  1. sound level: quiet sound
SuperSU
1. settings
  1. show notifications: no
  2. clear logs after: never
wifi web login
1. log in at work
2. log in at gym
root phone (ADVANCED)
1. download heimdall, recovery.img, and CWM file CWM-SuperSU-v0.87.zip to linux system
2. build heimdall
3. copy CWM file to phone external card
4. reboot (#1) phone, while holding down buttons: volume-down, power, and home
5. at prompt, press volume-up
6. you should now be in "ODIN mode" (small print) and "Downloading..."
7. on your PC, sudo ./heimdall flash --recovery recovery.img
8. watch phone closely! If you miss your window, you will need to reflash until it works
9. When it reboots (#2), hold down buttons: volume-up, power, and home
10. If you boot into the normal phone OS, you missed recovery mode. Go back to the reboot #1 and reflash.
11. You should boot into CWM based Recovery. If you boot into Android recover, go back to reboot #1.
12. If you got into recovery mode, congrats!
13. In the recovery menu, use volume-up, volume-down, and power to select
14. select "install zip from sdcard"
15. select "choose zip from sdcard"
16. select "firmware"
17. select CWM file
18. select "yes"
19. select "go back"
20. select "reboot"
Upgrading to a different firmware (ADVANCED)
1. backup phone apps using Titanium backup
2. backup call logs to external SDcard
3. backup SMSs to external SDcard
4. backup APNs; copy from local SDcard to external SDcard
5. backup ADW launcher settings; copy from local SDcard to external SDcard
6. download and transfer to phone sdcard:
  1. desired image
  2. google apps ("gapps") for desired image
7. do usual root steps, up to second boot
8. using clockwork recovery:
  1. make a backup of the system firmware
  2. wipe previous data
  3. install image
  4. install google apps ("gapps")
  5. reboot
9. once booted
  1. configure wireless
  2. configure google account
  3. go to google play
    1. stop downloads (if they are happening)
    2. install titanium backup
  4. go to titanium backup
    1. menu | batch actions
      1. restore missing apps with data
      2. DO NOT: restore missing apps and all system data
      3. DO NOT: restore all apps with data
  5. reboot

Tuesday, October 30, 2012

Android Apps

[Last Updated: 2013-05-06]

Every now and again, geek chats turn to favorite Android apps. I've been meaning to make a list of mine. Here is that list, starting with the really useful, non-obvious choices first. If you have a great one that I left out, please let me know!

[Note: a few are labelled as requiring root. For these few, if you are not very technical, you may not want to try to use them.]

Apps that everyone can use

MX Player -- video player that is much more flexible than the built-in player. Versions: free (full, ad-supported); pro.
RealCalc -- scientific calculator. Has support for Radix modes, RPN, and other nifty features. Versions: free (almost all features); pro.
OurGroceries -- shared list manager. Has clients for Android, iOS, and generic web. Free, ad-supported.
PowerToggles -- replacement (up to 8 toggles) for the default power control widget. Free. Note: some functionality requires root, but on Samsung, is worth installing even without root.
ADW Launcher -- replacement for the main interface that comes with your Android device. Will let you increase the number of columns and rows. Very useful if you have a device that limits you in this department. Free.
BeyondPodcast -- nice podcast manager. Much nicer than Google's "Listen" app. Versions: trial (limited); pro.
ES File Explorer File Manager -- browse files directly. Free.
Call log Backup, APN backup, SMS Backup -- free backup apps.
Mantano Reader -- ereader app, my current preference.
WiFi Web Login -- automate login to wifi hotspots. Very useful if your work and/or gym wifi requires a login.
More specialized apps
Connectbot -- ssh client. Free.
Hacker's keyboard -- replacement Android virtual keyboard. Includes, control, alt, escape, and other useful keys. Free.
Stickmount -- replacement for USB mass storage support for devices that don't come with. Free. Note: REQUIRES ROOT.
Speed Dial -- replacement speed dial call list for phones that have a crappy phone app. Free.
Battery Indicator (Darshan) -- nice battery widget.
AutomateIt -- automatically change settings and do other actions based on triggers. Versions: free (limited); pro.
BusyBox -- linux tools. Free. Note: REQUIRES ROOT.
DOF Calculator (Aimen) -- for photographers to calculate depth-of-field. Has advanced mode that will let you fill in numbers -- handy for, say, shuttle photography. Free.
Titanium backup -- lets you backup all your apps and setting, e.g. before an upgrade. NOTE: REQUIRES ROOT. Versions: free (limited); pro.
Google Authenticator -- lets you build two-factor auth systems.
Google Goggles -- work with barcodes.
Hebrew Bible -- for looking things up on the fly.
Hebrew Calendar Widget
Karl's Mortgage Calculator -- calculate mortgage under various conditions. Free.
How to Tie a Tie -- diagrams that include the more obscure tie types
NASA App -- keep track of NASA
mythfrontend -- watch TV from your MythTV player
Periodic Table -- yay for chemistry!
Presto Sound Library -- a "beta" but it costs money. Will let you play your podcasts in BeyondPodcast at faster than 1x.
Skymap (google) -- nifty astronomy resource
Stop Watch & Timer
SuperSU -- manages root access. Note: requires root.
Task Manager (Rhythm Software)
Tivo -- control your tivo. Cannot yet stream content from a tivo. Free.
The Weather Channel -- widgets to track weather
traceroute (srcguardian)
UltraTools Mobile -- traceroute and other tools to troubleshoot networks
Yaaic -- IRC chat program. Free.
Go Clock Widget
Antivirus AVG. Free. Not sure if it's worth it. ;)
Call Your Folks -- reminder to call parents.
Nike+ Running
Runkeeper
MyBMI
BMI Calculator
Some app equivalents of popular websites and desktop apps. Also apps that tend to come with your devices
Google Reader -- keep up with your RSS feeds. Unfortunately, limited to 30-day retention. Still one of my most heavily-used apps.
Gmail -- keep up with your google mail
Google Calendar
Google Earth
Google Play
Google Play Books
Google Play Movies and TV
Google Play Music
Google Search
Google Translate
Dropbox
facebook
firefox
Flipboard
IMDB -- search IMDB. Sometimes less useful than the website.
Maps
netflix
Skype
Street View on Google Maps
twitter
Voice Search (google)
WinAmp -- yes, it's available for Android.
Youtube
Toys and games (all free except as indicated)
AK-47 -- toy gun.
Android Lightsaber
Angry Birds
Angry Birds Seasons
Bard's Tale
Binary Time Widget
BSOD
Defender II -- free to play. After a certain point, upgrades cost money. :(
Radiant Defense -- free to play castle defence. After a certain point, upgrades cost money.
ScreenCrack
Sonic Screwdriver Gadgets
Star Wars Light Saber
Sudoku (Frank and Chase)
Tricorder (not available from the app store)
X-sonic Screwdrivers
Some apps I no longer use/need
Power Control Plus -- can have a whole lot of toggles, but can't set GPS even with root and running as a system app.
Adobe Reader -- I no longer run Adobe software by choice
Advanced Task Killer (rechild) -- don't like current permissions
Aldiko -- eReader app. Has problems rendering the covers of some of my books. I've switched to Moon+ Reader.
Android Tethering -- prefer wifi tethering
BarcodeBank -- use google goggles instead
Battery Widget (GeekyYouUp) -- prefer Darshan
Brightest Flashlight -- prefer the flashlight that is part of Power Toggles
Color Flashlight HD -- prefer the flashlight that is part of Power Toggles
Power Control Widget -- a power control widget that can have an arbitrarily large number of controls/toggles. Unfortunately, it doesn't work on my rooted ICS Samsung S3.
Moon+ Reader -- ereader app. Doesn't paginate correctly.
Nook -- implements DRM. No thanks.
Out of Milk -- shopping app. No easy sharing.
eReader Prestigio -- ereader app. Put an ad in my notification area.
Racing Live -- free to play.
Shop Savvy Barcode scanner

Tips and tricks

You can use widgets to make shortcuts. This is really useful for navigation -- I have shortcuts for home, work, gym, parents, and some others. Also for google reader -- I have a shortcut for slashdot.

With AutomateIt, you can have the GPS and 4G automatically turn on when you turn on navigation. This may be updated in the future. :)

mortyabzug