Earlier this morning it was reported that
Lenovo is installing adware to their new laptops.
This piece of adware is called SuperFish, and it basically MITM’s your connections — including secure ones — and
inserts ads into webpages you visit. This in itself should be alarming and is an extremely scummy thing to do, but now
things have taken a turn for the worse. Yes, it can get even worse.
Since Lenovo has installed a root CA of their own on the computer, they can basically make your browser trust any site
they want by using the CA to create certificates for them. But now everyone can. A
people have already extracted the private key from the
adware app and bruteforced the terrible, inexcusably bad password. A password of only 7 characters in length, consisting
of nothing but lowercase a–z characters. komodia. Really, that’s it right there.
So now anyone can create certificates that new Lenovo machines automatically trust. Shame on you, Lenovo.
And yes, I know Lenovo is not directly responsible because they didn’t make the adware, but they shouldn’t have
added some in the first place. At the very least they should have had oversight, because this is complete buffoonery.
Hopefully some heads will roll as a result. This race to the bottom where laptops are preinstalled with bloat in ever
increasing crappiness must stop.
In case you are using a Lenovo computer and want to check if you are vulnerable, try
going here. If you get a security warning from your browser, you are safe. If not,
douse your computer in some holy water and go make an angry call to Lenovo support.
I had some free time this weekend, so I decided to pick up on an old piece of code I wrote back when I started learning
Elixir. It’s a URI parser I called Nurina (the word nurina is Finnish and means
grumbling or complaining — it sounded funny and it contains the word URI). It’s not really a well put together piece of
code but more of a learning excercise. I also decided to avoid using regular expressions entirely and instead used
pattern matching to parse the whole URI — an additional challenge.
I removed my old blog at nicd.nytsoi.net today and pointed Nginx to serve a permanent redirect to this site instead.
The old blog served me from my days on the once free webhost 3rror.com, to my first webhotel and
from there through three different VPS installations to where we are now. When I started, WordPress wasn’t the
household name it now is and the web was very different. I wrote for years about stuff I saw, did and felt…
And I’m glad the blog is gone. Because that shit was embarrassing. Funny how your opinion of your own cleverness changes
when time passes. Also I got fed up with updating WP every two weeks and fearing that the next time I visited, it
would’ve been replaced with greetings from my friendly neighborhood hacker group. Aaand I had stopped posting somewhere
Pitot — my SailfishOS GPS/GLONASS speedometer app — has reached a state where I’m confident to
release it for others to use. You can download the RPM in
the BitBucket repository.
Some screenshots showing the basic functionality below:
Some notes about the accuracy when using with the Jolla phone:
It takes a long time to get a location when you are moving. This is due to the phone’s GPS
being pretty bad. I don’t know of a way to alleviate it in the app.
Jolla’s speed readings come rounded to around 0.25 m/s. So for example when walking, the app
will report 4.5 and 5.4 km/h but nothing in between. To my knowledge this cannot be changed
from the app either.
The app is feature complete and I’ll just wait until QtPositioning is allowed in Harbour to publish it.
There’s still one little problem, the font is really jagged and ugly. I tried following a Jolla
employee’s instructions in setting the text’s renderType to Text.NativeRendering but it seems to
have no effect. I’ll take a better look at that later. (Also the logo is quite ugly, but I’m bad at
graphics, so any help on that would be much appreciated!)
If you encounter any problems, I’d appreciate bug reports or even pull requests in the BitBucket
An interesting look into a chinese Bitcoin mine and what working there is like. It’s funny to think that
since the video was made, all that hardware has probably been made obsolete and replaced already.
Now, if I could just find my Bitcoin wallet with the 0.07 BTC I mined a while ago, I’d… have enough money
to buy some candy. :)
“Stop a Douchebag” - is a Russian youth movement that attempts to enforce the road traffic regulations in Russia.
This is seriously great stuff. I’ve selected one video here, but you can see many more on their
YouTube channel. In case you want to see idiots get what they
deserve, this is the right channel for you.
My work laptop got its first sticker today — a Code from Finland sticker. I think it’s a nice
idea of marketing that we do our work in Finland, employing Finnish people and boosting the domestic
economy. Kind of akin to the Key Flag Symbol for other products.
First post of undoubtedly many to come in my SailfishOS adventures. This time it’s to tell about a small app I made
during the weekend.
Pitot is a simple GPS/GLONASS speedometer for Sailfish. It will display the current speed of the device in big
letters on the screen. It has a few different units, including kilometers per hour, meters per second, miles per hour
and even knots.
It still needs some polish and a good smart cover. Also, it can’t be released in the Jolla Harbour yet, since it uses
QtPositioning to get the speed.
Having used it a couple of times, it seems that the Jolla phone’s GPS is really terrible, though, since it takes ages to
get a speed reading and when you do, the readings jump up and down even though your speed is constant. It also seems the
resolution of the speed readings is too bad for trying to measure walking speed – I either get 4.5 or 5.4 kph, nothing
Hopefully I get enough time to finish it next weekend. Now I’ll have to be off to work!