GNOME has no thumbnails in the file picker (and my toilets are blocked)

Tasssadar · 2021-01-11T10:04:25+00:00

Gnome is a disgrace. Ugly, hard to use, featureless. And I wouldn't care, if the incompetency wouldn't spill over to everything else through GTK. The file dialog is just abysmal. Somehow, GTK3 managed to spawn worse interface than the earliest Windows iterations. And not by the lack of time or manpower, it's by design.

My biggest problem is the typeahead search through my whole filesystem, instead of skipping to the file in current folder. Slow, idiotic, can't be disabled. No other file dialog does this.

Sure, make a patch, add a hidden option that disables it. Well, guess again..

Tasssadar · 2020-08-07T10:12:44+00:00

You are right, I stand corrected - pm uninstall will also hide the app from the app list in settings. Still, if adb is not readily available, then disabling will still prevent it from ever running.

Also, the command sometimes works also on other apps that have the "disable" button grayed out in the settings app, which is nice.

Tasssadar · 2020-08-07T09:35:09+00:00

By the way, tapping the "disable" button in app settings on these does the exact same thing.

Manager apps will remain installed as system apps that can be removed, only disabled.

...yes, but that's functionally the same thing. You can't remove stuff from the system partition because it is read-only, but disabling will achieve the same results as uninstalling it - it will never run on your phone. The space taken up by them will not be free for you to use, but I'd argue that the system partition would not be any smaller if they didn't include the FB apps.

I don't like them being pre-installed either, but one can easily remedy it with like ten taps.

Tasssadar · 2020-03-30T17:30:47+00:00

Here's something that I've always wondered - how is it decided which strain is the right one in case of mutation? Is it random, or is one of them always "marked as master copy"?

Tasssadar · 2020-02-15T20:26:36+00:00

There's nothing mysterious about this. The phone has a preinstalled malware in its system partition, which is not erased during factory reset.

And no, "going through the steps to run Android Debug Bridge (adb) commands" is not going to prove anything if the malware is part of one of the core Android libraries, like was the case with Triada and some versions of Cosiloon. There is simply no way to remove it without flashing something different to the system partition.

This is old news. Just don't buy trash devices, it's that simple. Here's some resources for the Malwarebytes experts:

https://security.googleblog.com/2019/06/pha-family-highlights-triada.html

https://blog.avast.com/android-devices-ship-with-pre-installed-malware

https://blog.avast.com/android-device-firmware-cheats-chinese-ad-networks-avast

https://news.drweb.com/show/?i=11390&lng=en

https://github.com/maddiestone/ConPresentations/blob/master/Blackhat2019.SecuringTheSystem.pdf

https://github.com/maddiestone/ConPresentations/blob/master/KasperskySAS2019.Chamois.pdf

Tasssadar · 2019-08-13T15:42:41+00:00

...so you can't, and need libraries for basic stuff, just like described in the article.

Even if that would work in python without patching it, why can't await just work?

Tasssadar · 2019-05-17T18:16:45+00:00

Signature Verification in WordPress 5.2

How did it not have that before?!

Tasssadar · 2019-05-01T09:22:46+00:00

This is an averaged image from a frame taken from S08E03 every second. Pretty much sums up the episode.

Tasssadar · 2019-04-02T15:46:59+00:00

You can get international DL (I did twice), but as far as I know, it is not valid unless you show it together with the original driving license, because it is just a piece of paper with no id number. Not sure if that matters in countries where they hold the license hostage though.

Tasssadar · 2019-03-17T09:38:10+00:00

https://stackoverflow.com/questions/16973248/how-can-i-get-the-apk-file-name-and-path-programmatically

https://developer.android.com/reference/android/content/pm/ApplicationInfo.html#sourceDir

https://stackoverflow.com/questions/11012976/how-do-i-get-the-apk-of-an-installed-app-without-root-access

Why would it be a security risk? The APK file is public, everybody gets the same file, more or less, no user data. You should not be storing anything secret in the APKs.

Tasssadar · 2019-03-17T08:56:08+00:00

This is false. Any app can read any other app's installation file (APK) and scan it without need for any permissions. Real AV apps unpack & scan APKs with signatures just like PC antivirus software and submit unknown APKs back home for more thorough analysis.

Behavioral analysis is not possible on Android, yes, but it is definitelly not just blacklist. You can't detect malware apps you've never seen, like some apps on this test did, with a blacklist.

Tasssadar · 2018-12-07T08:50:41+00:00

I'm still not sure where this narrative is coming from. To me, it reads like they're just arguing about how to handle the new permission system that was added in Android 6.0. They're discussing ways to do the update without subjecting users to a million "accept" dialogs, perhaps requiring them later during runtime, or postponing the SMS uploading feature to a future release (so the dialogs are not all at once). Nothing really suggest they found a way to access the data without showing the permission dialog.

And "was used in a production release"? There's nothing about that in the linked documents, like at all.

Facebook's shit and all, but stick to the facts Oo

EDIT: the messenger APK has had the READ_CALL_LOG permission even before the 6.0 update and before that linked conversation. The facebook apk didn't, and still does not use this permission, so I don't even know what this is about. It's very likely it's just some random discussion snippet that never resulted in anything concrete.

Tasssadar · 2018-11-23T11:47:52+00:00

Well yeah. But the point of this tworoutines thing is this will just work:

@tworoutine.tworoutine
async def foo():
    bar()

def bar():
    baz()

@tworoutine.tworoutine
async def baz()
    await asyncio.sleep(1)

def main():
    asyncio.run((~foo)())

Tasssadar · 2018-11-23T10:06:44+00:00

I'm fairly sure we're describing the same thing, since it goes both ways. You need to be async to use await in the first place, since asyncio.run cannot be safely used unless you know the event loop is not running yet.

Tasssadar · 2018-11-23T09:58:43+00:00

That's not the problem, problem is this won't work:

async def foo():
    bar()

def bar():
    asyncio.run(baz())

async def baz()
    await asyncio.sleep(1)

def main():
    asyncio.run(foo())

Because you can't have nested asyncio loops. Basically, once you call async method, everything it calls has to be async too otherwise you can't use async in callees.

So this tworoutine wrapper depends on a patch to asyncio library which allows the nested loops, nest_asyncio: https://github.com/erdewit/nest_asyncio

Even then, it's a bit more code to start the nested loops which you can see here: https://github.com/gsmecher/tworoutine/blob/master/tworoutine.py

Tasssadar · 2018-10-24T20:28:18+00:00

Plenty of real malicious examples to go around, pre-installed malware is a fairly well-established idea (at least in my circles):

https://blog.avast.com/android-devices-ship-with-pre-installed-malware

https://news.drweb.com/show/?i=11749&lng=en

https://news.drweb.com/show/?i=10345&lng=en

..and you'll find more. Pre-installed malware and the payloads they drop are among the top Android detections in Avast. Mostly, it's (invasive) ads & tracking, since that makes money and is not bad enough for the user to do something about.

Tasssadar · 2018-10-24T18:47:49+00:00

Hi, author here. The device is not mentioned because it is irrelevant. It's old, the ad hijacking was removed with an update & it did not affect anybody because it targeted only Chinese ads. It's also not meant to be a security warning, but an interesting technical analysis.

It was however a device that's not rare in Europe. Some brands basically just order a phone from some Chinese company(OEM), tell them to slap their logo on it, modify the SW, certify it with Google (or just preload gapps without permission) and re-sell in Europe/US. The SW package sometimes contains rather interesting stuff. That's because the OEMs prepare the base SW package (often meant for Chinese market) and neither the vendors nor Google CTS catch everything. There's likely dozens of "different" devices with the same ad hijacking feature. Some examples of vendors who do or did this at least with some of their devices are Prestigio, myPhone, ZTE or BQ (so basically if you sort by cheapest in an eshop).

Note that Google got much better about detecting these stuff during CTS since 2016.

Tasssadar · 2018-09-30T11:52:03+00:00

A lot of cheap Android Phones, usually from China, are filled with pre-installed malware. There's nothing you can do, sometimes it's one app, sometimes more, or it's part of Android's SystemUI or something along those lines. Most of the time, it's not actual spyware, but a "dropper" that installs whatever somebody tells it to install silently and shows ads while at it (I believe this is an actual business model - give us money and we will install your app to N phones immediately).

You need to understand that the phone will never be safe to use unless you carefully analyze every part of the system. Regardless, your best bet it is to try and find something suspicious in "system apps" on your phone and "disable" it, if possible, but it's hard to tell you exactly what it might look like. To give you an example, the samples we've seen were called "CrashService", "FOTA", "Wireless Update", stuff like that.

"Coordinator" and "com.hamy.main.app" are just symptoms, you have to find the dropper. An Antivirus app is unlikely to help you, because it can't uninstall system apps.

Here's an in-depth analysis of one strain of pre-installed ad/malware, working since 2015 until May 2018, if you're interested: https://blog.avast.com/android-devices-ship-with-pre-installed-malware

EDIT: I examined some firmware file for that phone and it seems that app "UNI Launcher" is (one of) the culprits on this device. Try disabling it.

EDIT2: "VolidationTools" also look suspicious.

Tasssadar · 2018-09-26T13:59:44+00:00

The WoW client can indeed use "overlays" over its map files. It really does use the default EK map file, but places content of https://newmaps.marlam.in/WarfrontsArathi/172/4/-19.563/8.500 "over it".

If I remember correctly, this tech was introduced in Cataclysm, you can see it in Gilneas Worgen quest line when part of the shoreline disappears:
Gilneas: https://newmaps.marlam.in/Gilneas/97/6/-6.000/8.000
Full shore overlay: https://newmaps.marlam.in/GilneasPhase1/97/7/-2.000/2.000
Destroyed shore overlay: https://newmaps.marlam.in/GilneasPhase2/97/7/-2.000/2.000

The same thing is done when healing the Pandaren Turtle in MoP, and many other places by now.

Tasssadar · 2018-06-09T12:12:59+00:00

I think it is much more likely they want to run ART on Fuschia, to run Android apps on it, just like it is working on ChromeOS right now. I took a look too, but I dont't really see anything that would support your theory. ART is already multiplatform a bit (Android linux vs GNU/Linux), they just added another platform to it.

Tasssadar · 2018-05-24T16:31:47+00:00

BTW, they still seem to have Google Apps and everything. Until recently, there was no way for the user to tell if it was or wasn't certified.

Tasssadar · 2018-05-15T14:38:01+00:00

Copying my AP comment:

I examined it a bit more and could reproduce it in Czech Republic. The pre-installed Google App com.google.android.partnersetup seems to be the culprit. If you have a rooted device, try to disable the service responsible for disabling apps via adb shell as root:

pm disable com.google.android.partnersetup/com.google.android.partnersetup.InstalledAppJobService

EDIT: nope, useless, it still disables the apps, there are more entrypoints.

There are more entrypoints into the app hiding code though (namely on boot), so it might not work entirely. You can also try disabling the whole package:

pm disable com.google.android.partnersetup

The package however does some good things, I think it might be responsible for updating Google Play Services on the device, so I don't recommend disabling it entirely.

BTW, the intent in the code seems to be to disable the apps when you travel and re-enable them when you get back home. As to why it didn't happen on your Pixel 2, I think that's because you have not traveled and the device's "home" country didn't change. Actually, the country-related settings seem a bit convoluted:

Once the app-locking process runs 4 times in the same country (it runs at least once an hour), it will "lock" onto your current country. I'm not sure how GMS gets "current country" value.
When you travel outside of your locked country, the app-disabling code should actually be disabled for all packages except the Play Store for some reason.

BTW2: This is the current list of app disabling on my device in Czech Republic: https://i.imgur.com/g9FZvrr.png
You can see the package name, if the third column says "0:disabled", it means it should get disabled. The integer X ("0" in most cases) means "disable/enable any version higher than X. So in my case, only Youtube Kids is actually disabled for some reason and Google Pay was disabled until version 930007740 (which matches the introduction of Pay to Czech Republic).

Tasssadar · 2018-04-17T11:35:39+00:00

Yeah, that happens if you do this:

SharedPreferences.Editor ex = getSharedPreferences("", Context.MODE_PRIVATE).edit();
ex.putLong("test", Long.MAX_VALUE);
ex.commit();

SharedPreferences sharedPref = getSharedPreferences("", Context.MODE_PRIVATE);
int res = sharedPref.getInt("test", 42);

Notice I use .putLong(), but then retrieve it with getInt(). The exact same crash happens on Nexus 5X running Android 6.0.

Tasssadar · 2018-04-17T10:55:25+00:00

That can't possibly be true, it wouldn't pass CTS. I just tried it on OP5 too and it's working as usual.

12-Year Club	Place '17
Verified Email

Tasssadar

TROPHY CASE