ThePCSpy.com content-only feed

Debranding and Unlocking a Samsung M8800 Pixon

no@spam.no (Oli) — Sat, 28 Mar 2009 11:22:33 GMT

Both Harri and I are on O2. This year we decided to forgo getting new phones with our new contracts, saving us a lot of money on the actual contract but meaning we'd likely pay full whack for a phone. For Harri at least, there was another route: buying a slightly second hand, locked phone off ebay. She found the pink Pixons, fell in love and bought one the next day for around £200.

We've unlocked phones before so thought, "How hard can it be? Surely there'll either be codes on the interweb or somebody on ebay will be selling them for a quid a shot!"

Actually, it's a little tougher than we thought. There are several services available, some quite excessive sounding procedures involving servers and data cables, which, at first, make you think "Oh my, this is really complex! It must be worth the £20" until you see there are other services, £4-6 cheaper that only need a serial or IMEI to work.

But my first port of call had actually been at DealExtreme. It's a Chinese site with various consumer electronics that work but you can practically guarantee aren't made by the people that invented them; for those prices it has to be knock-off. I bought a iSmartSIM 2008. It said it could let any SIM work with any phone all for $4.20-something (inc postage) so I bought one the same day Harri decided to buy the Pixon.

As it was coming all the way from Hong Kong, I thought there was zero chance it would show up before the phone and it didn't. I started looking around at websites, trying to find a free or near-free way to unlock the phone but nothing worked. I then found a site promising 100% guaranteed Samsung unlock codes for £13.99 ? by far the cheapest I found. So I gave them my IMEI and crossed my fingers.

But then something really strange happened. DealExtreme managed to ship something to me in under two weeks. Just a few hours after buying the unlock code, the iSmartSIM was here, looking really flimsy, fake and not at all capable of doing what it promised but here, nonetheless. Even more surprising was that it worked. So in a bout of extreme haste, I cancelled the order for an unlock code.

It was only later when Harri was back that I realised we'd been a little too hasty. The iSS worked with my SIM but it was a little tetchy with Harri's. My and Harri's SIMs have a slightly different connector layout but it basically meant I could use her phone with my SIM but she could only use hers 50% of the time. Cutting out. Looking like it was in roaming mode all the time. A bit of a hacktastrophe.

It's always embarrassing when you accidentally muck people around while deciding what you really want. I went back to Unlock Samsung, got the unlock code and the next morning had an unlocked Pixon in my hands. I'd heartily recommend them to anybody.

The next part of the puzzle was getting the scummy and locked down Orange branding off an otherwise beautiful phone. They butchered the software, locking you into using Orange online services. I eventually found this thread. You have to register to download the firmware but that's all free. I then followed their guide and after a couple of hiccoughs had a newer firmware that let you use the phone as Samsung intended.

I should stress that debranding is not for the easily scared and that it *can* damage your phone and/or void your warranty. Always backup before doing it and don't do drugs, mmmkay.

Facebook worm

no@spam.no (Oli) — Thu, 07 Aug 2008 11:35:59 GMT

I received a wall message "from" an old friend today:

It's got everything a worm needs. There's the bait, raising my intrigue. There's the payload. And there's trust.

This isn't as aimless as the random "download this file for a larger pocket-rocket"; I know the person that Facebook says sent this message. In my case, not enough to trust a random .exe, but in many people's cases, this sort of crap might fly!

Needless to say, Facebook needs to examine its security framework. I see a few possible attack vectors: XSS from fbapps and other sites, fbapp loopholes and a bot running on somebody's PC. At the very least Facebook needs to consider blocking people posting .exe files but this would only serve as a temporary fix as it would be comically trivial to post a link to a page that redirected to a .exe file.

If you get a message like this, delete it. It's on your wall so other, perhaps less educated people may see it, click it and get infected. Then tell the person that they may have a problem. They need to look closely at the apps they have installed and also strongly consider running a thorough virus scan.

But now for the really scary part: AV detection.

I submitted this to an online virus scanner which runs the file through various AVs at its end and tells you which thought the file was infected. I'm not overly sure which versions and which updates it was running, but that also applies to the real world. People are sometimes lax about applying updates. Anyway, only 36% of scans registered this as a virus.

Amongst the ones that didn't are some big names: Symantec, McAfee, Kaspersky, Sophos, AVG, Nod32, ClamAV and F-Prot. This is not an exhaustive list. There were many more failures. These brands account for what must be 95-98% of the home and enterprise AV market.

Some of the ones that passed (and also saying more than "Suspicious file"): AntiVir, Avast, BitDefender, F-Secure, Microsoft and TrendMicro.

Here's the full table of results:

<table border="1"> <tr><td colspan="4">File picture_dl.exe received on 08.07.2008 11:18:30 (CET)</td></tr> <tr><td>Antivirus</td><td>Version</td><td>Last Update</td><td>Result</td</tr> <tr><td>AhnLab-V3</td><td>-</td><td>-</td><td>-</td</tr> <tr><td>AntiVir</td><td>-</td><td>-</td><td style="color: red;">DR/Delphi.Gen</td</tr> <tr><td>Authentium</td><td>-</td><td>-</td><td>-</td</tr> <tr><td>Avast</td><td>-</td><td>-</td><td style="color: red;">Win32:Delf-GNA</td</tr> <tr><td>AVG</td><td>-</td><td>-</td><td>-</td</tr> <tr><td>BitDefender</td><td>-</td><td>-</td><td style="color: red;">Trojan.Dropper.Delf.Crypt.C</td</tr> <tr><td>CAT-QuickHeal</td><td>-</td><td>-</td><td style="color: red;">(Suspicious) - DNAScan</td</tr> <tr><td>ClamAV</td><td>-</td><td>-</td><td>-</td</tr> <tr><td>DrWeb</td><td>-</td><td>-</td><td>-</td</tr> <tr><td>eSafe</td><td>-</td><td>-</td><td style="color: red;">Suspicious File</td</tr> <tr><td>eTrust-Vet</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Ewido</td><td>-</td><td>-</td><td>-</td</tr><tr><td>F-Prot</td><td>-</td><td>-</td><td>-</td</tr><tr><td>F-Secure</td><td>-</td><td>-</td><td style="color: red;">Suspicious:W32/Malware!Gemini</td</tr><tr><td>Fortinet</td><td>-</td><td>-</td><td>-</td</tr><tr><td>GData</td><td>-</td><td>-</td><td style="color: red;">Win32:Delf-GNA</td</tr><tr><td>Ikarus</td><td>-</td><td>-</td><td>-</td</tr><tr><td>K7AntiVirus</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Kaspersky</td><td>-</td><td>-</td><td>-</td</tr><tr><td>McAfee</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Microsoft</td><td>-</td><td>-</td><td style="color: red;">VirTool:Win32/DelfInject.gen!T</td</tr><tr><td>NOD32v2</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Norman</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Panda</td><td>-</td><td>-</td><td style="color: red;">Suspicious file</td</tr><tr><td>PCTools</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Prevx1</td><td>-</td><td>-</td><td style="color: red;">Suspicious</td</tr><tr><td>Rising</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Sophos</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Sunbelt</td><td>-</td><td>-</td><td style="color: red;">Malware.Win32.CodeAnalyzer!cobra (v)</td</tr><tr><td>Symantec</td><td>-</td><td>-</td><td>-</td</tr><tr><td>TheHacker</td><td>-</td><td>-</td><td>-</td</tr><tr><td>TrendMicro</td><td>-</td><td>-</td><td style="color: red;">PAK_Generic.001</td</tr><tr><td>VBA32</td><td>-</td><td>-</td><td>-</td</tr><tr><td>ViRobot</td><td>-</td><td>-</td><td>-</td</tr><tr><td>VirusBuster</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Webwasher-Gateway</td><td>-</td><td>-</td><td style="color: red;">Trojan.Dropper.Delphi.Gen</td</tr><tr><td colspan="4"> </td></tr></table>

The payload, in case you're wondering, is a trojan dropper. That can subsequently grab things for sending spam and post itself to other people's Facebook profiles.

My issues with Linux et al

no@spam.no (Oli) — Wed, 23 Jul 2008 17:09:05 GMT

I'll start by reiterating my faith. My name is Oli Warner and I believe in open source. Everybody has the code, everybody can improve on it and the ?choice? to use one application over another is the ultimate quality control. Despite there being some excellent examples of FOSS (Free and open source software), use some of it for long enough and you'll discover its weaknesses.

I love Linux but I'm losing my religion.

Before you ask me why I'm using the following apps, allow me to tell you that I do shop around. I do try different distributions, different desktops and different combinations of applications. I use everything here because, in my opinion, it's the best of what's available.

Gnome and GTK+

Despite it being the primary interface for the most widely used desktop distribution, the Gnome desktop has some serious ideological problems.

First up is configuration. Gnome developers seem to share a mantra: configuration is both confusing and evil, and it's their mission to shield users from it. Newsflash: configuration is useful at times! Sane defaults will only get you so far. The first place I ran into this issue was the Places menu. 4 bookmarks or mounts is fine but six is apparently far too many to list and requires truncating:

Doesn't that look intuitive?! It's a usability dream, I'll tell you. Now this would all be fine, if I could change the limit but the variable is hard-coded in the source. I could download the source, find the file and line, make the edit, compile and re-install, but let's face it, I'd probably cock it up and life is just too damned short.

If I had my wish, I'd have a dozen bookmarks because they're so useful, but because of this EPIC FAIL, I stick to four or five.

Next up is Nautilus, Gnome's answer to Windows' Explorer. In a very similar fashion it manages the desktop and the panels and it's also a file browser. My main complaint lies with the latter. Its file-managing abilities aren't bad but it needs more power. They helpfully include a drop-down box on the tool-bar but it seems a bit overkill; there are only two options within.

I need a real (a-la Windows) list view. Not details! List. A small icon and the filename, in columns, scrolling horizontally. Please! Thunar (XFCE's Nautilus) does include this but lacks several important features deemed too heavy for its lightweight parent. Another nice feature would be file details and meta-data when you hover over a file, its content changing depending on the file type.

The desktop is a bit rough in areas too. Icon alignment works on a rough grid system that might be nice if it worked.

It allows you to overlap icons, they never ever line up correctly and, all in all, I end up wasting more time arranging icons on my desktop than I ever did under Explorer's fascist regime. I'm sure people enjoy the flexibility of an fluid-ish grid ? but I don't. Please give us the option!

Pulseaudio

Pulseaudio (PA herein) is yet another answer to one of Linux's longest weaknesses: sound. Linux has too many sound ?solutions? that do fairly specific tasks but nothing has all the features to keep people happy. As a result, apps and frameworks (eg SDL) have to support multiple sound output configurations. It's a complete mess and adding PA hasn't helped in recent months.

Unifying everybody under a fresh banner might sound like a good idea, but all the apps that need sound need to feed through PA. All fine as long as one of two conditions are met:

Devs create a PA module to output sound
They use PA's virtual inputs.

The first requires more work but tends to produce a better result. The second requires the devs to use the virtual inputs in a standard manner. The issue, as I've come to understand it, is people don't always follow APIs to the letter. They hack their way around them to get things working.

My complaint: PA + Wine + Steam + any Steam game = FAIL.

Steam requires its own sound channel and so does the game. Wine doesn't support PA but that's fine because ALSA lets you do multiple simultaneous sources, so we pick ALSA. The problem is Wine doesn't use the API properly (according to PA devs) and/or PA doesn't implement the ALSA API correctly (according to Wine devs).

The only workaround involves disabling Wine's sound, then starting Steam, then re-enabling sound, and using virtual-OSS, which only allows one app to connect to it at once. Or dump PA.

And that's been the situation for months. I've been desperately looking for a sane fix but until somebody takes some responsibility, it's just us, the users, taking it on the chin. I hope it's not another four months before somebody grows a pair and digs in.

Stability is another issue for me in particular. Sometimes PA'll crash and you can load it back up, but over the past few weeks, it's been crashing and taking the entire system with it. PA crashing could be a symptom of something else. It's still under investigation but at the moment, I'm considering ditching PA.

Compiz

Compiz has quickly become the standard bearer for Linux's desktop abilities. It gives you tons of desktop-wizardry at a tiny portion of Vista's system requirements. What users don't first see are the numerous bugs floating around.

Resizing windows properly is deathly slow. The pseudo-resize is inaccurate.
Relatively poor 3d application performance compared to Windows.
Compiz + Wine = even worse performance.
Flash performance is terrible under Compiz. Fullscreen flash is unusable.
Compiz still can't get window positioning right on dual-screen setups. Pop-ups appear on the wrong screen or stuck between the two. You can't rely on Compiz to remember window positions.
Random window manager crashes that don't resurrect themselves, sometimes leaving you.

You could blame several of these points on other projects, some of them closed source (Flash, nvidia), but my frustration ends up with Compiz because of the frivolous things they keep churning out. I know they owe me nothing but it's frustrating when instead of bugs getting fixed, there's another fish tank or snow globe plug-in.

Repositories and releases

Ubuntu's six month release cycle is there for good reason: stability. By limiting the number of large updates during a cycle, users don't receive any nasty shocks when something suddenly stops working. The problem with this model is application maturity. Only a few a few desktop applications can say they're truly stable or even feature complete at release and this means that lots of the apps in Hardy are outdated just two months after its release.

Then there are applications that must always be the latest version. Anti-virus scanners. Multiplayer games. The kinds of apps whose updates aren't necessarily security patches but are required for optimal operation.

Users are free to download the latest source and install it themselves but there must be a better way. Some have suggested implementing a Debian-style ?volatile? repository which would cover specific apps, as I've described but it's not quite enough in my eyes.

I would go one further and say that apt needs re-engineering to enable users to choose between three states of upgrade policy on a package-by-package basis:

Do not upgrade at all.
Upgrade security and stability patches.
Use bleeding edge.

Ghosts in the machine

By definition, these are accumulations of issues causing random-looking behaviour:

X crashes
Mouse de-sensitivity
Pulseaudio crashes
Random application crashing (with no reporting)
ALSA volume control randomness

It's extremely difficult to target the issue for each of these. I've reported bugs to Launchpad for most of them but they'll either be ignored or inaccurately assigned as duplicates.

Application deficit

There are lots and lots of apps for Linux and I've replaced many of the ones I used in Windows with viable alternatives, but what happens when your work-flow depends on specific tasks that just aren't available in a Linux app?

We're probably still a couple of years off Adobe porting their suite of creative applications across to Linux, so I'm left having to use a VM or Wine for Photoshop (no, The GIMP doesn't do all I need of it), Illustrator (same comment at Inksape) and Fireworks (a pretty unique mix of features).

Linux NEEDS commercial application support. Or Wine needs to get really good.

On another note, I use Xine UI to play all my video files because it's unobtrusive and you can configure EVERY shortcut you can imagine, however, its interface (hidden 99% of the time) is ugly and it doesn't play digital TV, requiring me to load Kaffeine. Totem would be okay but it fails on all counts. VLC doesn't handle my mouse shortcuts for some reason. Mplayer is too minimal. SMplayer doesn't do everything.

Similarly, I've used Thunderbird for years. I used it under Windows so it was my natural choice. However, they've been pretty slow at integrating Outlook-style tools (calendering, todo listing, sync). Evolution is integrated into Gnome. It can display your upcoming items on the main clock and does everything I could want... Except work. Evolution appears to have a pretty critical IMAP bug. I need IMAP more than I need Evolution.

My point: choice can be an illusion when you're left between a rock and a hard place.

I've mentioned bugs and vented my frustration that they're not fixed fast enough. This is exacerbated by knowing that it would take somebody with knowledge of the relevant projects just a few hours, if not minutes in some cases, to relieve my stress.

And I'd be willing to pay them. This is a refinement model that FOSS has to seize upon. There needs to be an open marketplace where users can out their woes and ask for developers to ?bid? on bugs. Deliverable through upstream patches and instructions on how to apply and compile, or pre-built packages. Multiple users could share the cost.

There are obvious downsides to this plan: developers may adjust their behaviour and only do paying work, or, worse still, deliberately place bugs or limit functionality. But I think it's worth that risk.

Will I dump Linux?

It may look like I've just slammed out ~1600 words blasting Linux and its sub-projects but I could write infinitely more in its favour. And it's constantly improving. No, I'm not leaving Linux. I might be frustrated at the speed of some advancements but I'm sure as more and more developers join projects, more eyes will equate higher quality.

I still believe.

In time I hope to be able to resolve my own issues. I'm trying to get into it but it's a pretty steep learning curve for a web developer familiar in VB.NET/C#/PHP. If any of you reading have any tips, tutorials or time to kick me into gear, I'd love to learn.