bluetooth – Cubicgarden.com…

Public Service Internet monthly newsletter (June 2024)

4 people standing (3 female and 1 male) look into their phones

We live in incredible times with such possibilities that is clear. Although its easily dismissed while seeing the latest shiny AI device as simply a Android launcher, FUD pointing at Signal & Proton and AI bots dating other each other?

To quote Buckminster Fuller “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.“

You are seeing aspects of this with Meta sued under section 230, Microsoft providing passkey support for all its users and finally some agreement around Bluetooth tracking.

Is the C-suite at fault for the current tech problems?

Ian thinks: This new series by Zittron looking at how the tech industry is being run by people who have far less interest in the technology. Some call it the maturing of the sector but its clear from the Zittron this isn’t necessarily a good thing

We need a public service internet. no really!

Ian thinks This is not going to come as a surprise to many readers but iit really unites a number of the different initiatives. Futher adding fuel to the slowly burning fire.

GoFundMe is worst that you can imagine

Ian thinks: Most people have seen a range of crowdfunding profiles/sites/apps for tragic healthcare cases, Even I pointed at the lack of public healthcare systems but the podcast goes so much deeper, pointing out who gets funding, how and ultimately how Crowdfunding sites profit from the misery.

Not heard about Deadbots?

Ian thinks: Digital recreations of dead people or deadbots, is on the rise and this Guardian piece highlights the rise and problems with them. The idea of them haunting others could be a real big problem in the future.

Is Passkeys a dream too far?

Ian thinks: Reading this flags a lot of alerts, Microsoft, Google and many more have thrown weight behind it. I still use them but alongside other multifactor authentication.

Time to own your own home page?

Ian thinks: Reading about the return of the home page is a interesting read but I can’t help but remember Steven Pemberton’s presentation from a long time ago.

Use the artificial creativity

Ian thinks: I found Ruskoff’s monologue about Gen AI is quite balanced and reminds us all of the problem with the wider ecosystem. Gen AI will create generic stuff but won’t create the next generation of anything without human creativity.

A public bid to acquire TikTok?

Ian thinks: The Tiktok bans are popping up everywhere and I found this news quite unique. With a billionaire buying Tiktok for the public good? There is a lot more detail on project liberty..

Does Data Colonialism exist?

Ian thinks: One of the most thought-provoking talks in Re:Publica this year, I felt. When layed out in a new book data grab, the professors make a compelling case for how the only word to describe now is data colonialism.

Find the archive here

Pulseaudio filling my flat with sound

Pulse audio DLNA in action while watching the NGI summit and using the picture in picture feature

I usually listen to podcasts during the morning but with Covid19, I have been listening to a lot more podcasts and audiobooks. I use Xbian (Kodi) to listen to podcasts and Yatse without needing to look at a computer screen.

Its a good setup, as it does my bedroom, bathroom and kitchen. I recently removed the FM transmitter and replaced it with a bluetooth transmitter finally avoiding all the interference I was getting. However when I’m watching something on my laptop, I then wish I could send the sound through the same system.

This is when I discovered puslseaudio-dlna, allowing any output from the laptop to be sent over DLNA to my Xbian and to my Kodibox in the living room. Perfect, the only issue I have is the delay which can be sometimes as high as 10seconds. I also learned it can be used to interface with the chromecast, I’m also found out its possible to wire it up to send to two or more outputs at the same time, meaning I could have a sonos type system. Extremely useful to know when next I have a party?

The Asus C434 Chromebook

Asus Chromebook Flip C434 review image 1

I recently bought myself a new Chromebook. I considered getting a Dell XPS13 (which is my work machine) or Lenovo X1 carbon but decided I wanted to replace my old Asus Chromebook which I was giving to my parents to replace their very old Samsung Chromebook.

Its been good to have my own laptop as a backup when my work laptop goes wrong for what ever reason (i’m currently running it off a external SSD). I have enjoyed the Android integration in the past but when I learned about the Linux integration and I was sold.

I opted for the i5 version with 128gig of storage and 8 gig of memory. Why? Well I decided it needed to be slightly more powerful and act a bit more like a full laptop if it was going to run Linux apps. I see this Chromebook as a laptop I can use for most things including audio/image editing. Originally I got a good deal on a refurbished version which was great except Bluetooth was broken and it had to go back. I then bought this laptop brand new and it was shopped and delivered in all of 18 hours!

So far I have only installed htop, inkscape, Joplin, audacity, barrier, cheese and firefox in the linux terminal (love that its ian@penguin in the terminal and I have firefox installed!) then decided to install Flatpak on ChromeOS, I considered installing Snap but it sounds problematic currently.

Just checking out a bunch of ChromeOS blogs and I found this reddit faq useful to fix my linux install when it broke after I installed it and shutdown my chromebook too early.

Generally I’m very happy with this Asus Chromebook and its a good size, weight and I still love the tablet mode.

I finally bought the Oura smart ring

I decided its about time I upgraded my smart ring. I originally bought the Motiv ring because it supported Android, had a better price tag and was interested in the 2 factor authentication.

It was good but then I hit a problem about 6 months down the line and although Motiv did the right thing of refunding me completely and letting me keep the ring. It certainly felt like it was on its way to unsupported space with the new owners.

Oura vs Motiv smart rings

So with the new Oura being a bit cheaper and finally some proper Android support, I decided its time.

First impressions are very good, the app is better than Motiv’s and the ring feels a lot more robust. It has 3 different contact points while the Motiv has one. I took the risk of skipping the ring sizing as I knew my size from the Motiv ring. Luckily they were very close but the Oura is a bit bigger giving me more options of fingers to use.

The app now finally syncs with Google fit (one of the biggest complaints for Android owners). I also noticed there is the ability to download the raw data in Json format. I do find the app a little messy but its got all what is needed and if not you can login on the web and see/manage your data.

Oura's charger

If I was going to say one bad thing about it, it would be simply the charger is quite big compared to the Motiv one, which I was able to carry around on my keychain. But its not like I’m going away for a long while, and I noticed the airplane mode which is great.

Currently everyone is using Oura and its the right decision if you need the best tracker on the market. Just glad I didn’t get it when it was mainly iOS as it would have been extremely annoying.

Looking forward to seeing its sleep tracking as the Motiv was pretty awful. Thankfully I use Sleep as Android.

NHS sees sense and adopts the decentralised model

After all the discussions about the NHS’s contact tracing app being centralised (you would have thought Germany’s decision would convinced them), what on earth did they think they were doing, finally they have changed their minds. I’m sure the pressure from the likes of the open rights group had something to do with it.

As I heard they had worked on two apps and of course the centralised one was a logistical flop. Now the government had to make the painful U turn.

Ouch! What a joke…!

Well at least they didn’t see the joke through to the bitter end.

“We are delighted that the Government listened to our and others advice in ditching the NHS’s ‘world-beating‘ App and to follow the successful model of other countries. “People need to trust the App, and it needs to work. Some countries using decentralised matching have already released their Apps. It will also work across borders. “Decentralised matching makes the App much easier to trust, as it doesn’t track you.

On the hunt for new headphones (Help?)

I have been trying to replace my Bose Soundlink headphones for a long while. I bought them in Tokyo for a good price back in 2014 and although they are great the battery on them has given up completely; plus there seems to be no real way to replace it?

Its frustrating having full functioning headphones except battery life is zero. But its even more frustrating knowing how much I paid for them, even with the exchange rate discount. But then add the fact my phone doesn’t actually have a headphone port anymore!

So I have been looking for headphones to replace what I currently have but I realise there are things which I really need in headphones.

Standard audio jack – Not just for when the battery is low/dead, so I can also connect to my Pacemaker on the go.
Foldable – I usually carry everything in a laptop bag and most things are flat. If it doesn’t fold in some way its going to be a pain to carry around. My Bose fold on the band but the type where speakers fold in are still good for me too.
On ear – The only headphones I can live with day in day out. The ones you put over your ears make my ears hot and sweaty. The ones you put in your ears are awful and always end up coated in wax after use (keeping it real).
Multipoint support – I finally found out what this was called when a bluetooth device can connect to 2 or more devices at once. Its pretty essential for me to be honest.
Micro USB or USB C charging – I’m kind of done with proprietary chargers. When going on holiday for work or pleasure I take my USB power hub which charges everything including phones, laptop, watch, ring, etc. USB is a must and I know most do of course.
Replaceable battery – I add this after my experience of the Bose’s but its wish more than essential. I’d at least like some ability to take it apart. This is why the Pacemaker device is still going over 10 years later.
Good price – I won’t lie, I’d be happy with a price under £100 but I am asking for a lot. I certainly won’t be paying about £200 again.

So far I have bought two headphones from Amazon…

Protein Earmuff,Hi-Fi Stereo Headset f

This was seriously awful, cheap and tacky. Multipoint was pretty bad. On top of this the band was so tight, you could only really wear it for a short while before you felt the life being squeezed out of your head.

Phiaton BT 390 Black Wireless On-ear Headphones with Mic

I liked these and price was pretty great however the micro-USB cable for analogue audio was a bit crappy. It didn’t seem easily changeable and meant carrying it around all the time. But I liked the design and fit. However while in London, they just died. They had to go back…

I considered the BT350 instead of the BT390 but I can’t see much advantage over it except its not all plastic and noise cancelling (which I don’t care about).

So this is where I am now… Any suggestions are welcomed if it fits with the above list.

Pebble 2 smartwatch won’t re-connect after Android 10

I like many Google Pixel users recently got the Android 10 upgrade. It was smooth and everything was in order except there was a notification that the Pebble/Rebble smartwatch software may need to be upgraded as it might be incompatible with the Android 10.

What follows was a long painful process trying to pair the Pebble 2 with my Pixel 2 phone. It took forever and ended up with me unpairing both rebooting both and repairing the whole lot again. Nothing was lost in the process but its a real painful process and I thought, once its done, its done forever.

However I was wrong. It seems like this happens every few weeks? Others have suggested it happens when the Pixel doesn’t see the pebble for a little while. Someone started a bug issue with Google, thankfully and I added my own comment to the growing list.

If you are having similar issues, do add a comment to show Google there is a problem and maybe the Bluetooth LE stack might be at fault? Although I’ve not had a problem with my Motiv Ring yet?

Google Titan key security problem?

I was sure I tooted/tweet a thank you to the Google team in Berlin’s Re:publica conference. But it looks like it never quite happened due to connectivity issues with the wifi at certain points of the day.

So first of all I want to say thanks for giving me a titan security key for spending time listening to what changes Google had made to their security as announced in Google IO 2019.

I was surprised to see Google there with all the ill feeling about the 5 stacks, their monopoly and business practice.

But before I could get home try the key/system, I saw a bunch of problems with the key.

Google Titan Bluetooth Security Key Can Be Used to Hack Paired Devices

Titan-ic disaster: Bluetooth blunder sinks Google’s 2FA keys, free replacements offered

Obviously I was a little concerned, although I had not added the titan key to my google 2 factor auth yet.

After a bunch of reading, it seems its not completely flawed. The Google security blog confirms my research.

The problem is with the Bluetooth fob which to be honest is super convenient wasn’t the most secure idea in the world. The bluetooth stack is limited in its range but because of that, its not got as much security as most things on the net.

Due to a misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols, it is possible for an attacker who is physically close to you at the moment you use your security key — within approximately 30 feet — to (a) communicate with your security key, or (b) communicate with the device to which your key is paired. In order for the misconfiguration to be exploited, an attacker would have to align a series of events in close coordination:

When you’re trying to sign into an account on your device, you are normally asked to press the button on your BLE security key to activate it. An attacker in close physical proximity at that moment in time can potentially connect their own device to your affected security key before your own device connects. In this set of circumstances, the attacker could sign into your account using their own device if the attacker somehow already obtained your username and password and could time these events exactly.

Before you can use your security key, it must be paired to your device. Once paired, an attacker in close physical proximity to you could use their device to masquerade as your affected security key and connect to your device at the moment you are asked to press the button on your key. After that, they could attempt to change their device to appear as a Bluetooth keyboard or mouse and potentially take actions on your device.

This all being a big mistake, Google has offered a replacement key. However because my key hasn’t been added to my account yet, I get a message saying no action is required but a email to override this. However after double checking my key is a type T3 meaning it wasn’t effected.

Good work Google…

Quantified relationships?

https://twitter.com/TonyChurnside/status/565482176566001664

Tony asks my view on pplkpr.

pplkpr is an app that tracks, analyzes, and auto-manages your relationships. Using a smartwatch, pplkpr monitors your physical and emotional response to the people around you, and optimizes your social life accordingly.

Its a interesting project/art project. I don’t think it would work so well but I seen it all before in QSEU13 with Fabio who records every single person he talks to.

Well at least its not a complete system, it works with other wearable devices.

pplkpr has been extensively tested with the Mio wristband, but any Bluetooth LE (also called Bluetooth Smart or Bluetooth 4.0) device that transmits heart rate in real time will work. This includes the Polar H7 chest band and the Zephyr HxM.

Fitbit One just started working?

I don’t understand what happened but my Fitbit One just started working. As you may remember, I running Ubuntu and the client doesn’t work on Linux (tried libfitbit), so I had hoped the Android app would be my way of syncing data to their website. However syncing was in beta on Android and seems to only work on newer Samsung devices I gather.

It must be one of the following, because my data was update on Friday 4:16pm…

The Bluetooth beta syncing is working on my Samsung Tab 7 plus. Even though forcing it to sync never works and its only got Bluetooth 3.0 not 4.0. I do have background sync turned on and the option to sync now is actually there, even if it fails everytime.
The Fitbit sync app works on my HTC One X (which does have bluetooth 4.0), even thought there is no options for syncing the device like on my Samsung Tab 7 plus. However bluetooth is usually on for my headphones and its never failed (mainly because theres no actual button to force sync)
The Fitbit sync’ed via someone elses device on Friday afternoon while at the Future Everything summit.

Option 2 looks like it will happen but not quite yet. HTC’s bluetooth stack is quite different from Samsungs and I guess its the downside of a diverse ecosystem. Option 1 is likely but its strange that when ever I try and force a sync, it just fails. I also have not seen an update to the app for at least a week now and I don’t know how compatible Bluetooth 3.0 is with 4.0?

As crazy as it seems, option 3 is looking likely because the timing looks about right and its never sync’ed before or after then. However does the Fitbit work that way, why only now? And isn’t there major privacy issues with this? (I am aware the fitbit sends its data in the clear over bluetooth already, keep meaning to fire up wireshark to see exactly how and what). Not having to use your own machine does have a lot of advantages. I can sync with a machine which isn’t mine or even a public machine. The password in the clear is a problem but like all my passwords, there just made up nonsense in keepass, so it won’t be used anywhere else. However I must relook at Libfitbit because must be pretty simple for it to work with the Fitbit One?

On the plus side, the Fitbit seemed to keep all the data from the moment I first ever switched it on. I did ask about how much it stored and most people said about 1-2 weeks at a time. But it seems 2 months is more correct.

I should be happy and I am but I’d really like to update it regularly…