google – Page 4 – Cubicgarden.com…

Google Titan key security problem?

I was sure I tooted/tweet a thank you to the Google team in Berlin’s Re:publica conference. But it looks like it never quite happened due to connectivity issues with the wifi at certain points of the day.

So first of all I want to say thanks for giving me a titan security key for spending time listening to what changes Google had made to their security as announced in Google IO 2019.

I was surprised to see Google there with all the ill feeling about the 5 stacks, their monopoly and business practice.

But before I could get home try the key/system, I saw a bunch of problems with the key.

Google Titan Bluetooth Security Key Can Be Used to Hack Paired Devices

Titan-ic disaster: Bluetooth blunder sinks Google’s 2FA keys, free replacements offered

Obviously I was a little concerned, although I had not added the titan key to my google 2 factor auth yet.

After a bunch of reading, it seems its not completely flawed. The Google security blog confirms my research.

The problem is with the Bluetooth fob which to be honest is super convenient wasn’t the most secure idea in the world. The bluetooth stack is limited in its range but because of that, its not got as much security as most things on the net.

Due to a misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols, it is possible for an attacker who is physically close to you at the moment you use your security key — within approximately 30 feet — to (a) communicate with your security key, or (b) communicate with the device to which your key is paired. In order for the misconfiguration to be exploited, an attacker would have to align a series of events in close coordination:

When you’re trying to sign into an account on your device, you are normally asked to press the button on your BLE security key to activate it. An attacker in close physical proximity at that moment in time can potentially connect their own device to your affected security key before your own device connects. In this set of circumstances, the attacker could sign into your account using their own device if the attacker somehow already obtained your username and password and could time these events exactly.

Before you can use your security key, it must be paired to your device. Once paired, an attacker in close physical proximity to you could use their device to masquerade as your affected security key and connect to your device at the moment you are asked to press the button on your key. After that, they could attempt to change their device to appear as a Bluetooth keyboard or mouse and potentially take actions on your device.

This all being a big mistake, Google has offered a replacement key. However because my key hasn’t been added to my account yet, I get a message saying no action is required but a email to override this. However after double checking my key is a type T3 meaning it wasn’t effected.

Good work Google…

Google starts transcribing podcasts?

Google is finally transcribing some podcasts… It made sense a long time ago and its happening for real. No april fools.

Google Podcasts is now automatically generating transcripts of episodes and is using them as metadata to help listeners search for shows, even if they don’t know the title or when it was published.

Its a shame its only for use in Google podcasts, but I guess nothing is free when it comes to tech corps. I remember thinking Google was going to start doing this when Google talked about podcasts, and what a time to start doing it I guess?

But there are questions about which podcasts are transcribed, is there a waitlist, how do you opt out and of course horrible errors from an automated process.

Google Stadia for Interactive digital narratives?

Yesterday Google announced Stadia, their cloud gaming project. The interesting parts of the announcement are…

Play now on youtube
I love the transition from watching to playing, 5 seconds and I’m sure with time it will drop down to even less.
Play on any device and completely cross platform
Really taking complete advantage of streaming and google’s massive cloud infrastructure.
Record play state to the youtube
Completing the circle, by sharing your state (not video) back to youtube, maybe even allowing others to play again with… This makes total sense because youtube is where they can start to show adverts too; although because its all generated it would be easy to advertise in the game its self.
Share play state
As mentioned above, you are not playing a video, but the game again complete with its world state, player position and player inventory.

Google Stadia on every platform

I think its quite a compelling idea and like everyone else, are interested in how much, how easy its to build for and will google get bored and kill it? I’m less interested in the exclusive games, game pad, etc but acknowledge it will live or die by the games.

I do think theres some incredible possibilities for other types of media especially interactive digital narratives. It certainly could blow netflix’s interactive platform out the water. Said quite a few times, I find netflix’s interactive platform is horrible when you think, theres better more engaging experiences on the console attached to the same TV or even on the mobile you are using to drive it. With Stadia, its all the same thing.

Will breaking up GAFFA do any good?

Elizabeth Warren wants to break up the monopoly of the big tech companies (GAFFA) nothing that new as Tim Berners-Lee’s been saying similar for a year or so.

I do find it interesting watching the calls for Europe to get in the game, but then applying the same metrics to the European market? Something is not quite right there? Why would you want a copy of GAFFA’s, therefore recreating the cycle again?

I bought a Chromebook

https://www.youtube.com/watch?v=YDIhZZJQWRw

The other day my work Dell XPS 13 which has been running Ubuntu 16.04.1 asked me to upgrade. This message has been coming up for a while but I decided it was time for a upgrade, 18.04 was running well on my server and well it was time.

However the upgrade broke and I was left with Ubuntu 18.04 with Busybox. I had backups but as it was a BBC R&D build of Ubuntu, I needed to go to work for them to reinstall it. All of this was just before I went away to Mydata 2018 in Helsinki. On top of that my ubuntu server also had a problem.

Ubuntu server down again, really need to switch to newer hardware 😣

— Ian Forrester (@cubicgarden) August 3, 2018

Double wammy!

It was clear I could reinstall Ubuntu quickly but I would need to do a bunch of configuration and that takes time. I have a task to create a live CD with a bunch of configurations just for me, incase similar happens again.

I’d been looking at Chromebooks since I bought one for my parents ages ago and seen how ChromeOS has matured. I’m not the only one. It was the ability to run Android and Linux apps which pushed to get one.

Google Makes it Easier to Run Linux Apps on Chromebooks

So I bought the Asus chromebook flip c302, and I’m quite impressed with it. The size is good and the performance is good. As a backup laptop its ideal. It also kinda a solution to my lack of a decent tablet now my Nexus 7 is pretty much dead. I was tempted with the Google Pixelbook but it seemed too close to what the Dell XPS 13 is for.

I did consider getting a second hand XPS and sticking ChromeOS on it myself actually.

Google clip, decentralised intelligence?

https://www.youtube.com/watch?v=AD48ZEltaSo

The reviews are appearing about the Google Clip camera. Its not great but to be honest, the only thing I found interesting about it on the announcement, was all the logic/intelligence was onboard. Google has become well known for doing the logic via their own cloud systems, so this was a surprise.

the main reason Google Clips isn’t as worrying as “Google camera that recognizes your family’s faces and records them automatically” sounds is that Google made a few carefully considered technical choices to protect its users’ privacy.

The first is that everything on Clips happens locally. Nothing is synced with Google’s cloud at all — except the photos you save into Google Photos. All the facial recognition happens on the device using its own processing power. None of it is paired up with whatever facial recognition you may have set up in Google Photos. It doesn’t pair faces with names, it just recognizes faces it sees a bunch over time. It also tries to ignore faces it doesn’t recognize. So if you’re at a park with your kids, Clips will endeavor to only take photos of your kids.

The clips the camera takes are also stored only on the camera itself. They don’t try to sync over to your phone unless you ask for them. They’re also encrypted on the camera, in case you lose it.

On first look, I thought it might be a similar replacement for Google Glass, then I thought maybe its the Google GoPro but it doesn’t seem to operate like a point and shoot. So I thought maybe a lifeblogging devices like the autographer and narrative clip. But it seems to be a different category all together.

Its a interesting device, but certainly pricey for a new category camera.

Nexus 5x issues ongoing…

Google Nexus 5x — I like the irony of the good place paired with the problems of the phone

I recently got my Nexus 5x back from Carphone Warehouse. This follows the sudden bootloop of my Nexus 5x in November. They replaced the motherboard as it was still under its 2 year warranty. I was hoping they would just refund me for it, as I bought the Google Pixel2 on its launch.

Got my Nexus5x back, unsure what to do with it. Maybe a backup phone and sell my nexus5, sell it on ebay?

— Ian Forrester (@cubicgarden) January 4, 2018

But it will do for now, till it happens again and I’ll be demanding more. Right now its a spare/backup phone with my pay-as-you-go 3 sim inside. I did pause to think if I should upgrade to Android Oreo, but decided I should do it.

Wondering if I should upgrade to Android 8 "Oreo" on my @GoogleNexus5x ? Since thats what caused the motherboard to fry last time?

— Ian Forrester (@cubicgarden) January 4, 2018

In the mean while its interesting to see some of the solutions people have come up with including this one using salty ice to keep the CPU cool.

Muzzling the Google Home Mini?

When I bought my Google Pixel 2, I received a free Google Home Mini as part of the pre-order deal. While in Madeira it finally came and today I went to Irlam to go get it.

I’ve never liked the idea of the Amazon Alexia and all devices which are listening for an activation word. I get the convenance but it doesn’t equal the given up privacy in my view. I turn off on my phones unless my screen is unlocked and I’m on the home screen (actively using the phone). I’ve been watching and reading how The Google Home mini has already received a ton of privacy strikes and disabled the touch controls.

Google home to finally help my Airbnb guests to control the hue lights pic.twitter.com/sn2lQTNuGU

— Ian Forrester (@cubicgarden) November 18, 2017

My justification for getting the Google Home mini was purely to connect it to my Philips Hue lights. They are great but only if you have the app as the controls on the wall are way too simplistic to change colours, brighten and dim.

Unboxing the Google Home mini and getting it online, was pretty straight forward. I currently have it set with the mic on mute and the touch controls seem pretty basic (volume only). I’m surprised its powered with a micro USB cable not USB C and if I had a choice of colours, would have picked a darker colour instead of Chalk. Out of the box the home mini’s top touch fuctionality is disabled, I assume the firmware was updated when I setup the wifi.

I’m dispointment that there seems to be no way to connect the google home mini to the hue lights without doing it via the Philips Hue web. I currently blocking external access at my router for hue lights, so theres no way to control them remotely, although everything is on the same network. Honestly find it annoying that it can’t talk locally, especially since there is a good API via the Hue Bridge. I understand it needs internet access to do some processing but to control the lights? Sure this can be done locally?

I’m keeping an eye on dev sites to see what might come up, but right now its little use and I’d like to see more ways to muzzle its use to keep things local unless essential.

Goodbye Nexus 5x?

I left my flat Thursday heading for a train to York. Turning on my bluetooth headphones I noticed my Nexus 5x wasn’t connecting. One look at my phone and I noticed the screen was off. So I turned it back on and noticed the bootloader loop I had heard so much about.

While I made my way to York University, I tried multiple times to turn it on using different methods and it was in the taxi when I could actually type in my code to unlock the storage. Of course once it rebooted, it was back to the loop again. I also remember at some point watching the boot loader animation throw a error message which I wasn’t quick enough to snap. But I do remember it saying the storage was corrupt and it needed servicing?

Bloody heck, Nexus 5x is dead 🙁
Just as they announce the Google Pixel 2

— Ian Forrester (@cubicgarden) October 12, 2017

By the time I was home again, it was dead. No matter how much I held down the buttons nothing would happen. I charged it up but there was no lights. Luckily I still have my Nexus 5 with the messed up screen, I had also thought about switching to the Google Pixel 2, but at £629 for the 64gig version, I just can’t bring myself to hit order (its a serious load of money especially since my Nexus 5x was £200) especially since I wasn’t sure if I would be in Manchester to actually get it. I had not realised it not actually officially available yet!

Right enough… Google Pixel 2 with 128gig it is. Not going to think about the money, just treat it as a good timely investment

— Ian Forrester (@cubicgarden) October 13, 2017

In the end after working with my Nexus 5 for a day, I decided to get the Pixel 2 with 128gig and buy it from Carphone warehouse only because I can pick it up from Manchester or London if needed. Just he last 24hours has made realise how much I use my phone for things like Monzo, 2 factor auth and much more. In the meanwhile I’l struggle through with the minimum number of apps on my Nexus 5 & 7.

I may attempt to un-brick my Nexus 5x when I got more time and in our R&D lab with the right tools. But seeing how I was waiting for the Pixel 2, I guess its time really.

Android Oreo upgrade on my Nexus 5x

3 days ago I received the OTA update for Android Oreo on my Nexus 5x. I wasn’t really expecting it, as I’ve been keeping an eye out for my next phone (which is likely to be a Google Pixel 2 even at its much higher cost than my Nexus 5x)

Honestly I haven’t seen much differences except the background tasks are now in your face. Which isn’t a problem as I don’t have a lot running all the time (Timeused, Pebble & Twlight), be interesting to see how long apps like Uber stay in the background

I have noticed a drain on battery, for example my battery is at 88% right now and will stay alive for the next 9 hours. But to be fair its a old battery, I think the same use on Android N would be closer to 92% maybe.

Some of regular menus are shifted around and the small text which I have my phone set to, really is actually small. I am surprised there is no native bluelight filter (redshift, twilight, etc) but I guess it might upset all those apps which do this.

The upgrade was painless, it took 42mins as I was watching an American TV show as it upgraded its self.

Generally I’m happy with the state of the upgrade and although I know this is the last upgrade for the Nexus 5x; it might keep the phone going even longer.