H.R. 2058 - Forcing the hand of habit.

13 November, 2015 01:20 CST6CDT

Please do not force my hand back to tobacco.  I understand concerns should be talked about, negotiated, and acknowledged for both benefits and risks.  However, do this not as a job of making rules, regulations, and laws - rather take a direction towards an understanding and with a helping hand which I sometimes feel is absent in government. FDA Deeming Authority Clarification Act of 2015 (H.R. 2058).

Please support H.R. 2058.

Thank you for your considerations.

The FDA Deeming Authority Clarification Act of 2015 (HR 2058), introduced by Representative Tom Cole of Oklahoma, would save the U.S. vapor industry from being decimated by improper regulations by the FDA. This bill would amend the Food, Drug, and Cosmetics Act to change the grandfather date for “deemed tobacco products.” This change would allow for all vapor products currently on the market to remain on the market without being subject to the burdensome (read: prohibitive) pre-market FDA approval application process.

CASAA - The Consumer Advocates for Smoke-free Alternatives Association

CASAA - The Consumer Advocates for Smoke-free Alternatives Association

A year ago I was writing...

Guide to ROOT on the Envizen EM63TX

Article & Comments Tags: E-Cigs

Unlock the LG G3 (LS990) Bootloader and Install TWRP Recovery on Stock Lollipop

17 October, 2015 22:24 CST6CDT

I was able to unlock a LG G3 LS990 Sprint bootloader and install TWRP recovery with a one-click Android APK (updated AutoRec).  The device I tested had root which is a requirement to unlock the bootloader and install the recovery.  This bootloader unlock and TWRP recovery install method is for those on Lollipop LG G3 (ZV8) devices.  In other words: Must be on Stock Rom Lollipop and Rooted.

If you are one of those unlucky device owners whom updated to Lollipop with then no way around the locked down LG signing with the only option being to downgrade (TOT or BIN), this may be your luck.  Just sideload the APK, tap on the icon to launch, and do the greatly allured one-click to unlock the bootloader and install TWRP recovery.

The Android APK will make a backup of your bootloader (aboot.img), update/download (laf.img), kernel (boot.img), and your current recovery (recovery.img) located in the 'atemp' directory on your storage partition.

The impression I get after looking in forums and at the new and backed up images is that the aboot and laf partitions are downgraded to the KitKat version along with replacing the stock LG recovery with TWRP recovery.  Take note that when you decide to try out a 3rd party ROM or kernel it still needs to be 'bumped'.

The kernel seems to have been replaced in addition to the aboot, laf, and recovery partitions and this is somewhat of a mystery to me.  The new kernel (the replacement) is much smaller than the factory boot image.  This could be a CM kernel or even an older KitKat kernel - I just am not certain.  In any case I found a bumped stock ZV8 kernel which I flashed shortly after with success.

You may grab the APK ls990_lollipop_test.apk (updated AutoRec for Lollipop), give thanks (@bender_007 & @ingoljosh), and check out forum posts for this method [here] or alternate download [here].

A year ago I was writing...

The Envizen EM63 TX (EM63TX) Reviewed 7 inch Android HD Quad Core Tablet

Article & Comments Tags: Software, Projects

TrueCrypt 7.1a and VeraCrypt 1.14 CVE Assignments Followed by a Kick in VeraCrypt's Bottom for Inproper Disclosure

28 September, 2015 07:54 CST6CDT

The two recently discovered TrueCrypt and VeraCrypt vulnerabilities:


I would like to request two CVE identifiers for the two security issues described below affecting TrueCrypt 7.1a (latest version) and its fork VeraCrypt 1.14 (latest version) running on all versions of Windows.

These issues were reported by James Forshaw (Google).

Issue 1: Local Elevation of Privilege on Windows by abusing drive letter handling.

Issue 2: Local Elevation of Privilege on Windows caused by incorrect Impersonation Token Handling.

Issue 1 is critical.

A fix has already been developed. Version 1.15 of VeraCrypt will be released soon to address those issues.

For your information, I have sent a similar CVE request to mitre.org.


From:    VeraCrypt Team <veracrypt@idrix.fr>

And the OSS mailing list response:

> I would like to request two CVE identifiers for the two security issues
> described below affecting TrueCrypt 7.1a (latest version) and its fork
> VeraCrypt 1.14 (latest version) running on all versions of Windows.
> These issues were reported by James Forshaw (Google).

> Issue 1: Local Elevation of Privilege on Windows by abusing
>               drive letter handling.

Use CVE-2015-7358.

> Issue 2: Local Elevation of Privilege on Windows caused by incorrect
>               Impersonation Token Handling.

Use CVE-2015-7359.

> For your information, I have sent a similar CVE request to mitre.org.

That request was about 40 minutes earlier.

Sending the same CVE request to multiple addresses is typically not what MITRE wants, although you're certainly welcome to change your mind and decide that you had actually preferred that a CVE request be publicly archived from the beginning. (It's rare for a vendor to use oss-security for CVE requests related to "critical" vulnerabilities that don't yet have a fixed release. The issue descriptions here, in combination with vendor confirmation, probably make the vulnerabilities sufficiently public that they are within the scope of the oss-security list charter. We think the implication is that readers should look at


at a future time, if interested in other details.)

CVE assignment team, MITRE CVE Numbering Authority

From:    cve-assign@mitre.org

A year ago I was writing...

The Morning I Turned On World News Now And This Happened

Article & Comments Tags: Software

Turn Your Old AV Receiver into a Modern HDMI AV Receiver and Switch

10 August, 2015 22:41 CST6CDT

I wrote about the Skeptre TV I purchased a few months back and it came with a few limitations. I currently have an old Sony analog audio/video receiver that I refuse to replace. Luckily I have two digital inputs, an optical port and a coax digital input that I can use to receive audio for a couple of devices but not all of them, the Raspberry Pi namely, has no digital output besides the HDMI link. The Skeptre TV refuses to pass through DTS audio of any kind most probably because of licensing issues. It did not matter whether the TV was passing through with the PCM or 5.1 settings. In addition to the Pi, I have a Western Digital HD Streaming device and a computer with a long HDMI cable to the entertainment center area. This is where an HDMI switch can turn a loving but aging AV receiver into a modern AV receiver and switch.

I decided on the Monoprice 4 port HDMI switch model 5557. This unit has one HDMI out for the display and four HDMI inputs for audio and video. The switch outputs audio simultaneously to three connections, a fiber and coax SPDIF outputs and a 3.5mm stereo jack. All three of my media sources may be controlled remotely with UPnP and/or DLNA and I did not want to have the TV screen on when doing so. Unfortunately my TV is an entry level large screen LED so the otherwise simple option of turning off the display while keeping the juices flowing is not available to me. With the 5557 you simply select one of the four HDMI inputs with the included remote or on the switch itself to parse the audio out of an otherwise multiplexed audio and video HDMI source link. No TV needed for digital audio from my desktop computer, Raspberry Pi (OpenELEC), or the WD HD Streaming device.

Monoprice Model 5557 HDMI Switch

The switch has two audio modes, 2 channel or 5.1 channel output. With either option all three audio out links are encoded, decoded, or rendered appropriately. You can safely keep this on the 5.1 setting since the unit will auto detect the audio input and handle it accordingly. The 2 channel mode will give you the ability to take a 5.1 speaker arrangement and convert it to two channels.

My HDMI devices were able to detect compatibility for most audio profiles old and new such as DTS Digital with DTS-HD support, and Dolby Digital including True HD. You are not stuck with just a 5.1 speaker arrangement. Uncompressed audio such as LPCM is fully supported. This is my use case at the moment: a desktop computer with an output of 48KHz s32le 24-bit (32-bit little-endian), a Raspberry Pi with an output of 48KHz s16le 16-bit, and a WD media device with an output of 44.1 and 48KHz at 16-bits. I have tested the switch using 96KHz 24-bit audio with no problems as to be expected since the unit will handle up to 192KHz audio.

This Monoprice model has one input on the front of the device for plug and play situations therefor if you have more than three HDMI sources, you will need to route a fourth one to the front, and the front is where the Monoprice 5557 makes itself known. The status lights are very bright, overly bright, to the point of hurting my eyes. It took two layers of colored sticky post it note paper to dim the visual modes to a level I could use in a darkened environment. The overly bright lights is my only complaint of the switch.

The switch does 192KHz audio but you may be wondering how the video is handled and switched into the output channel. The HDMI output and all four HDMI inputs are specification 1.3b and supports HDCP protected content at up to 1080p video resolution. The switch handles 12-bit color which I tested on a Western Digital HD Streaming with no problems (36bits on all channels). The Skeptre has a static color gamut but I still notice a big difference on supported 1080/24p playback. Each channel runs at 225MHz/2.25Gbps for a total of 6.75Gbps bandwidth.

How much power you may ask? For electric costs less than my 8 watt LED lights perhaps. The switch includes an AC to DC power source and uses 2 amps and 5 watts at 5 volts. This was a good buy for my needs so if you have the same needs or a similar situation and can easily handle masking tape for the overly bright lights, this is a no brain complete solution.

A year ago I was writing...

Zenphoto Lighttpd Rewrite Rules
XBMC now Kodi on the Raspberry Pi B+ First Impressions

Article & Comments Tags: Technology

Webalizer Search Engine List

26 July, 2015 05:30 CST6CDT

updated 2015-07-26

The Webalizer is an HTTP server log file analyzer that generates visual output statistics and graphs for your Internet website(s) and visitors.  One of the features of The Webalizer is the search engine search strings (keywords, search text) logging.  Each search engine uses a URL parameter that contains a query or a search string from the referring site that may direct traffic to your website(s).  Webalizer uses the search query parameter to generate a list of 'Search Strings' that may be viewed and referenced by rank, hits, and percentage of hits.

SearchEngine name variable

Allows the specification of search engines and their query strings. The name is the name to match against the referrer string for a given search engine. The variable is the cgi variable that the search engine uses for queries. See the sample.conf file for example usage with common search engines.

The following is a list of search provider names and their corresponding query variable for generating Webalizer search strings statistics.  I will update these periodically.  Some search strings require Webalizer or later.

SearchEngine    facebook.       q=
SearchEngine    fastbrowsersearch.com q=
SearchEngine    image.youdao.com        q=
SearchEngine    kvasir.no       q=
SearchEngine    eureka.com      q=
SearchEngine    hotbot.com      MT=
SearchEngine    infoseek.com    qt=
SearchEngine    mamma.com       query=
SearchEngine    sensis.com.au   find=
SearchEngine    frontier.com    q=
SearchEngine    pavlovmedia.com q=
SearchEngine    zoominternet.net        q=
SearchEngine    mediacomcable.com       q=
SearchEngine    webcache.googleusercontent.com  q=
SearchEngine    www.google.     q=
SearchEngine    www.google.     as_q=All Words
SearchEngine    www.google.     as_epq=Exact Phrase
SearchEngine    www.google.     as_oq=Any Word
SearchEngine    www.google.     as_eq=Without Words
SearchEngine    www.google.     as_filetype=File Type
SearchEngine    search.yahoo.   p=
SearchEngine    search.yahoo.   va=All Words
SearchEngine    search.yahoo.   vp=Exact Phrase
SearchEngine    search.yahoo.   vo=Any Word
SearchEngine    search.yahoo.   ve=Without Words
SearchEngine    search.yahoo.   vf=File Type
SearchEngine    bingj.  q=
SearchEngine    bing.   q=
SearchEngine    msn.com         q=
SearchEngine    about.com       terms=
SearchEngine    alltheweb.com   q=
SearchEngine    altavista.com   q=
SearchEngine    aol.com         query=
SearchEngine    ask.com         q=
SearchEngine    looksmart.com   qt=
SearchEngine    lycos.com       query=
SearchEngine    netscape.com    query=
SearchEngine    search.com      q=
SearchEngine    search.alot.    q=
SearchEngine    search.comcast.net      q=
SearchEngine    search.conduit. q=
SearchEngine    search.pro      q=

Article & Comments Tags: Software, Projects

1 2 3 ... 124 125 126  Next»
Land where drunk cows swim and home to my daily hand