HowTo: Wipe a Nexus 7 with a Broken Screen

I’m hopeful that neither I nor anyone else will ever need this information.  The way things work though is that if you don’t have a piece of information available, you’ll need it.  So by writing this down, I can help boost the odds to favor both of us.

My Nexus 7 has a broken screen and after weighing my options, I’m going to recycle it. But, before doing that, I want to wipe out all the data on it. A smart phone or tablet is a portal to a great deal of sensitive data (e-mail, passwords, bank accounts, etc) which in the wrong hands, could make identity theft far too easy.

So, a factory reset is in order. There are three ways to do this.

The Easy Way

Not applicable in my case, but if the device is fully functional and you just want to wipe it before selling it, sending it for service, passing it to your brother-in-law, etc, the steps are fairly straight-foward:

  1. Login to the device.
  2. Go the settings screen
  3. Go to “Backup & Reset”
  4. Choose “Factory data reset”

The Almost-as-Easy Way

If the device is semi-functional, i.e. you can power on, but the screen is inconveniently shattered and you can’t actually log in, you may be able to wipe it remotely via Google Play. This requires that you first configure the device to allow remote erasing. Assuming you’ve already done that, the erasure steps are:

  1. Login to Google Play.
  2. Click on the Settings Icon (the “Gear” in the upper right corner.
  3. Select “Android Device Manager”
  4. If prommpted, login again to confirm your identity
  5. In the upper left corner of the Android Device Manager” page, select the device to be erased.
  6. Click the “Erase” button.
  7. Confirm that you want to reset the device
  8. Done

These are also the steps you’d want to follow if your device was stolen and there was no chance of recovering it. Note however that configuring the device to allow the remote wipe requires that you have it, and are able to login. If it’s already been stolen (or in my case, if the screen is already broken), it’s too late to make configuration changes.

Need to set up Android Device Manager on your device?  Google has instructions.  Do it before you need it.

The not too Difficult Manual Way

If all else fails, and the device at least powers on, you can still trigger the factory reset with these directions (Adapted from Tech-Recipes.com)

  1. Press and hold the power button, along with both volume buttons until the device reboots to the special restore mode. You’ll see a green “Start” menu, and the android mascot laying on his back, with his chest open for surgery.
  2. Use the volume up/down keys to scroll through the menu and then use the power button to select “Recovery Mode.”
  3. The Google logo will flash up again, and then the mascot will appear again, this time with a red-triangle.
  4. Hold the power key briefly while you press the Volume Up button. (Release the power key immediately afterward so you don’t turn the device off and find yourself back at step 1. This took me a while to figure out.)
  5. Use the volume up/down keys to scroll through the menu and then use the power button to select “wipe data/factory reset”
  6. Use the volume up/down keys to scroll through the list of “no” answers and use the power button select “Yes — delete all user data.”
  7. Use the volume up/down keys to scroll through the menu and then use the power button to select “reboot system now”
  8. Done

Comments

What are GainSpan and new_host?

A few weeks ago, I noticed two computers on my home network that I couldn’t identify. One was GainSpand23v and the other was simply new_host.

The network uses WPA-2 with a fairly strong password, so I was mystified how something could have got on without my wife or I knowing about it. Just to play it safe, I went into the router’s settings, blocked them from having access, and made a mental note to undo them in case it turned out they were something important like my wife’s VOIP phone.

Nothing broke immediately, so I left it be and let the mystery sit for a while.

Early last week, I bought George Takei’s e-book Oh Myyy! from Amazon. Surprisingly, it didn’t appear on my 3-month old, e-ink Kindle and as I attempted to sync it manually, I started getting error messages that the Kindle couldn’t even connect to the WiFi.

Remember those two unknown computers? I didn’t. It took most of a week before I realized “new_host” was the Kindle. (And since the e-ink Kindles only connect rarely, that would explain why this “computer” wasn’t pingable.)

So now had to find out what the heck GainSpand23v was. Google came back with a link to GainSpan, a company which apparently makes low-power WiFi modules for “The Internet of Things.”

OK, a clue. What “smart” devices do I have? The Raspberry Pi? Nope, that was accounted for. The thermostat? No, that was also showing up. What else could there be?

Finally, my mind hit on the Aria Scale. Could that be it? So I searched for “gainspan fitbit” to see if perhaps Fitbit was one of GainSpan’s customers. Bingo. It seems someone else found GainSpan on his network too.

Both companies might want to consider having their devices do a better job of identifying themselves. But for now, I hereby record this experience in case someone else should run across the same mystery.

Comments

Raspberry Pi Beginners Guide

Another entry from the land of “So I can find it later….”

Setting up the Raspberry Pi set was easy enough, and installing Chromium (the open-source version of Chrome) only took a single command (apt-get install chromium). When I was using it to post “Hello World” on Facebook, I discovered that the @ and ” keys were reversed (the physical keys were in their ususal locations, but their behaviors were backwards). OK, the keyboard mapping isn’t set for the US. (The Pi and the drive image I’m using are both from the UK.)

I was pretty sure I could fix it via the configuration program that runs when you boot the first time, but there were two problems: (1) the configuration program only run automatically on the first boot and (2) I couldn’t remember the command.

Searching for raspberry pi configuration program led to the link RPi Beginners which looks to chock-full of useful information if (like me) you’re just getting started with Linux and/or the Pi. (For example: Backup your SD card.)

By the way, the configuratio program is raspi-config; you’ll need to run it as sudo raspi-config.

Comments

Installing Ubuntu without pae

From the land of “things I might want to refer to later…”

My old Dell Inspiron works fine except for a missing ‘R’ key. Windows XP is showing more signs of age than the notebook, so time to put another OS on it.

I’ve been using Ubuntu in such situations, but my attempts at installing both 12.04> and Lubuntu (lightweight Ubuntu) have both ended with a message about the hardware not supporting the required pae extensions.

Physical Address Extension (aka pae) is an Intel technology which allows a 32-bit operating system to access more than 4 GB of RAM. (A quick read suggests it essentially hands easch application a 4 GB chunk of memory, similar to how programs on the 80286 and earlier chips were able to address more than 64 KB at a time by combining a 16-bit memory address with a 16-bit segment address — and by revealing that I know about this, I’ve probably dated myself quite handily.)

Another quick search on Google turned up a relevant pair of AskUbuntu Questions describing how to install a non-PAE version.

In a nutshell:

  • Download the non-pae netboot image mini.iso. This is a bare-bones installer which downloads the selected packages during the installation process. (Obviously, this requires a broadband connection.)
  • Burn the image onto a CD* and boot the computer from that.
  • Accept the default values for most of the prompts. You’ll need to supply a userid and password. My experience is that it’s faster to select the keyboard layout from a list then to go through the prompts for “detection.” (Faster for a standard US keyboard anyhow; your mileage may vary.)
  • At the final screen, when prompted for packages to install, be certain to select a desktop (e.g. Ubuntu Desktop) unless you plan to do everything from the command line.

* The Inspiron’s CD drive is getting old and unreliable, using UNetbootin to make a bootable thumb drive worked perfectly.

Comments

DRM and Monopolies

I miss Rob Pegaroraro’s contributions to the Washington Post’s technology coverage. Instead of the Apple Rumor du jour that passes for Tech Journalism in most places, he digs into policy angles.

He makes some interesting points in his story “Overlooked E-Book Chapter: DRM Makes Monopolies.” Notably, the fact that once someone buys an e-reader (e.g. a Nook or Kindle), they’re not likely to buy e-books from competing vendors. Why not? Because the Digital Rights Management (or rather, Digital Rights Restrictions) prevent you from reading a book from vendor A on vendor B’s hardware.

He does overlook two loopholes though. First off, you can buy two e-readers. If you have lots of money. (In which case, please share some with me!) Or you can buy a tablet computer (iPad or Android) and download the free Kindle and Nook e-reader apps. You still can’t read the books from one store in the competing stores’ app, but at least you only have to buy one piece of hardware.

But it’s still not convenient. And, as Pegaroraro points out, your rights to the book are sharply limited. With a physical book, once you’ve read it, you can put it on a shelf, sell it or give it away. With an e-book, it’s yours forever.

Comments (1)

Is Your Computer at Risk?

If you have 10 minutes to spare, read about The Virus That Really Will Kill Your PC.

If you only have 5 minutes, the super-condensed version is that there’s a virus which may have altered your computer’s settings and if you’re infected, your web browser and email will stop working on July 9. To find out if you’re infected, visit http://www.dns-ok.us/. If the page shows up with a green background, then you’re in the clear (at least, you don’t have this particular problem). A red background however means your internet connection will stop working in July.

The linked article is worth a read. In short, the FBI busted some bad guys who were hijacking people’s internet traffic by way of a virus that changes DNS settings. (DNS is the system that turns human-friendly address – such as www.thatblairguy.com – into computer friendly IP addresses.) For the time being, the FBI is running the DNS server the bad guys had been using, but that won’t go on forever.

The interesting question to me then is how does that web page work? Viewing the page source, there’s nothing but static HTML.

It turns out The Good Guys are taking advantage of the compromised DNS to set up an “eye chart”. If your computer is using a safe DNS system, then www.dns-ok.us resolves to an IP address where the “green light” page is displayed. But if your computer is using an unsafe DNS system (the one the bad guys put in place), then www.dns-ok.us resolves to the IP address of the “red light” page.

Comments

Setting up a Subversion Server on Ubuntu

From the “So I can find it again” department…

Setting Up an Ubuntu Subversion Server

Comments

Thoughts on Blocking Malware

A friend just got her computer back from “the computer doctor.” Evidently it had been compromised with a root kit (the really nasty sort of software that runs at such a low-level your anti-virus software can’t see it). She uses three different anti-malware tools and was quite surprised that none of them caught it.

The problem with anti-virus software is it can only protect you against problems that are already known. The bad guys are constantly looking for new ways to attack your computer and the anti-virus programs are playing catch up. I’m not saying don’t use anti-virus software (the free version of Avast has saved me several times), just don’t count on it as your only defense.

So, is there any 100% guaranteed way to stop malware? Well, you could always unplug your computer from the Internet and never use it to access any USB drives or CDs, but that’s not exactly practical. And if you do stay online, even visiting only “known safe” sites doesn’t help much, since even legit sites get compromised on occasion.

But there are a few things you can do to help your odds. None of these approaches is 100% guaranteed to keep you safe, but they should help.

The Basics

This is “the usual stuff” you hear any time someone talks about how to stay safe online. It seems obvious, and yet it bears repeating because it’s easy to get careless:

  • Don’t open attachments you weren’t expecting, not even from people you know and trust. Maybe that attachment from your friend Bob really is the really important document the email says, but if you weren’t expecting it, you have no way of knowing.
  • Be skeptical of clicking links in unexpected emails. Your bank isn’t going to tell you to click a link to verify your account information. (If something like this ever does turn out to be legit, you need to change banks.)
  • Don’t download pirated software. Aside from the legal issues, pirated software frequently contains malware.

Slightly more Difficult

Beyond the basics, there are a few other things that are easy enough to do, but don’t always make it into the “How to stay safe” discussions. Most attacks against your computer are targeting the applications you run, not the operating system. (Running Windows isn’t as risky as reading a PDF file with Acrobat reader.)

  • Use a browser other than Internet Explorer. Microsoft’s made a lot of progress with the safety of Internet Explorer over the past few years. But even though IE recently dropped below 50% of the total browser market, it’s still the single most popular browser out there and therefore the one most likely to be targeted in online attacks.
  • Keep your system up to date. Not just the Windows/Mac/Whatever Operating System patches, but also the software you use. Use Microsoft Update instead of Windows Update to get patches for Office. Install Secunia’s Personal Software Inspector tool to find out what other software on your computer is out of date.
  • Uninstall software you don’t use. The more programs you have, the more likely you are to have something which has security problems. Bonus: You also save disk space!
  • Run “alternate” software. The more widely-used a given program is, the more tempting a target it becomes for the bad guys. Instead of Acrobat Reader, use Foxit Reader. Instead of Microsoft Office, use Libre Office (fully compatible documents, but also available for free.)
  • Uninstall Java. Most home users don’t need it, and older versions were not only laden with security problems, but the updates didn’t remove the older versions.
  • Don’t run as the Administrator. When you set up your computer, reserve the main account for software installations and the like. Create a second, less-privileged login ID for day to day tasks.
  • Security journalist Brian Krebs talks a bit more about keeping software up to date and what to install or delete in his: 3 Basic Rules for Online Safety

    Going for the Gusto

    Wanna go really hard-core?

    • Uninstall Flash (or install a flash blocker so that you have to approve any Flash scripts that run).
    • Install NoScript (same idea).
    • Don’t do any online banking with a Windows machine, use a Linux live CD instead. (For a business, I’d consider this one an absolute must.)
    • Use a third-party DNS provider. Both Open DNS and Google Public DNS provide a facility where you change a couple system settings and if you then attempt to access a site which serves up malware, they’ll block the connection.

    The Takeaway

    There are no magic bullets. None of these suggestions will provide absolute protection for all users. What might be overkill for one person’s situation might not be nearly enough protection for another. But by choosing the practices which make the most sense for you personally, you can tilt the odds a bit more in your favor.

    Bonus Reading: Get a Mac/Switch to Linux

    In most discussions of online security, someone inevitably replies “Get a Mac!’ or “Switch to Linux.” It’s a bit like going to a concert and someone yelling, “Play Freebird.” It’s a wonderful song, and a few groups have done great covers in response, but it’s not always the best fit.

    But if the suggestion is inevitable, I may as well be the one to make it and bring up some of the tradeoffs.

    Switching to a Mac may actually make sense for some folks, but don’t make the switch thinking you’ll be invincible. At the annual CanSecWest security conference, there’s a “Pwn2Own” contest where security professionals attempt to break into computers running the latest versions of the Mac OS, Windows and Linux. The first one to succeed, wins the computer. Every year, the Mac is the first system compromised.

    Now that’s what happens at a security conference. Macs are less common than Windows computers; so the bad guys have to work harder to find them. It’s much easier to attack the more common computers.

    But malware targeting Macs has been cropping up too.

    Other concerns with switching to a Mac:

    • You’ll have to buy all your software again. Assuming a Mac version even exists. Otherwise, you might have to look for an equivalent program.
    • Despite the marketing pitch, a Mac doesn’t always “just work.” Just two weeks ago a co-worker returned a Mac Notebook that was downloading over his WiFi at just 1/10 the speed of Windows computer. (Apple’s support wasn’t able to resolve the problem.)
    • You may encounter problems with incompatible file formats when sharing files with people who use Windows. Particularly if the programs you were using on Windows aren’t available for Mac and you had to switch to something else.

    Linux tends to be the most secure OS of all (as noted earlier, most of the problems these days are the software you run on top of it). The main downfalls of Linux are:

    • Availability. Yes, it’s free to get a copy, but you still have to find where to download it, burn a CD, and install it. Although this is getting easier, it’s still not a set of tasks the average home user will be comfortable with.
    • Commercial software. Few software vendors on Windows or Mac have Linux versions of their software. Some do, but most do not. You’ll generally have to find an open source equivalent, and then work out how to share files with others who are on Windows or Mac.

Comments (2)

Standards

“The great thing about standards is that there are so many to choose from.”  — Me.

I’m pretty sure this is why:

Fortunately, the charging one has been solved now that we've all standardized on mini-USB. Or is it micro-USB? Shit.

(via xkcd)

Comments

Installing Subversion on the PogoPlug

After converting the PogoPlug to run arbitrary programs, I was able to install subversion and manually run svnserve as a daemon (it’s in the manual, just run “svnserve -d”), but having to remember to do that after every boot is a nuisance.

A Google search for install svnserve as a daemon turned up instructions for setting up svnserve on Ubuntu, as well as a few scripts.  Obviously PlugBox Linux isn’t Ubuntu, but it was a step in the right direction.  Installing httpd during the initial PogoPlug hack had already introduced me to the /etc folder, the rc.conf file, and the rc.d subfolder.

Poking around in rc.d, I discovered the httpd startup script.  So now I knew where my svnserve script needed to go.  The Ubuntu setup instructions included several helpful bash scripts in the comments, my next step was to run “view httpd” and verify that it was also a bash script.  Knowing that, I could just use the new script verbatim.

Then I listed the files in /etc/rc.d and discovered that one of them was named svnserve.  Sonuvagun, the svn package included a script!

So in the end, all I had to do was go to /etc and edit rc.conf.  The very last line in the file is DAEMONS=(…..).  All I had to do was add svnserve to the list.

Well… that was actually the next to last thing.

After rebooting (“shutdown -r now”), TortoiseSVN would connect to the svn server, but it couldn’t find my repository at svn://plugbox/test.  I’d forgotten that by default, svnserve serves up repositories in any directory on the entire machine.  My test repository was now located at svn://plugbox/media/external_drive/Subversion/test.

To go back to a short URL, I went to /etc/conf.d,  edited svnserve, and set

SVNSERVE_ARGS=”-r /media/external_drive/Subversion/”

Next I ran

/etc/rc.d/svnserve stop

followed by

/etc/rc.d/svnserve start

and voila! My repository was back at svn://plugbox/test

Comments

« Previous entries Next Page » Next Page »