Profile

Cover photo
Stuart Hicks
137 followers|262,910 views
AboutPostsPhotosYouTube+1's

Stream

Stuart Hicks

Shared publicly  - 
 
Loving the new site!
 
At Paranoid Android, we go for providing the best usability and design. All day, every day. This is accomplished by dedication to the work. To celebrate that, we are pushing a brand new website. 

The website follows Paranoid Android's new design language aiming to help new and experienced users alike learn about us and our features through simple animations and short descriptions. You can learn about our team members through the Team page on the site, download the official AOSPA wallpapers for both desktops and mobile devices or easily reach important links from the menu. 

The downloads section also received an overhaul following a clean and bold design. You can now reach downloads for both Official and Legacy devices at the same place. 

The website is responsive, looks great on all displays and can be checked out right now at http://aospa.co/ so head over there and #stayparanoid.
440 comments on original post
1
Add a comment...

Stuart Hicks

Shared publicly  - 
 
To disable SSLv3 in Firefox, go to about:config and set security.tls.version.min to 1
The title given to this article is incorrect due to technical limitations. The correct title is security.tls.version.(min,max). This article describes the preference security.tls.version.(min,max). To add, delete, or modify this preference, you will need to edit your configuration — do not edit ...
1
Add a comment...

Stuart Hicks

Shared publicly  - 
 
 
Thousands of people have been evacuated in the #Philippines as Mount #Mayon rumbles back to life: http://bbc.in/XHGOtS
31 comments on original post
1
Add a comment...

Stuart Hicks

Shared publicly  - 
 
Yep.
 
Lightning has struck the UK more than 3,000 times in two hours - this is what it looked like...

(Oh, and a #heatwave alert is still in place: http://bbc.in/1p1SUaz)
98 comments on original post
1
Add a comment...

Stuart Hicks

Shared publicly  - 
 
Huzzah! PA 4.4 now declared stable! Combined with XPosed for XPrivacy and AppSettings it's a pretty unbeatable ROM.
 
4.4 FINAL / ANDROID 4.4.4

This week at PA headquarters we worked very hard to bring you the most stable experience ever since 4+. 
Too many hot fixes have been merged today, along with some new goodies.

What does 4.4 Final mean?
Current featured branch reached final stable state. Doesn’t mean at all that development has stopped :) You can just flash this, and feel safe.

KITKAT UPSTREAM
Android 4.4.4 upstream tag has been merged into our source. 

VOLUME PANEL
The Volume Panel has been re-designed as you can see in the image below to be inline with hover, be less intrusive and more beautiful.

HOVER
Hover UI/UX has been reworked a bit for tablet users: Hover will not take the whole screen width, but it will respect notification size. Also status bar isn’t hidden when hover shows and you can pull it down when you want, as you touch status bar Hover will be dismissed to not overload on top of status bar expanded state. Another awesome thing is that un-dismissible notifications cases like screenshots etc have been solved (yea is true). Last but not least the marriage with ticker view has been reworked, when hover is enabled and you receive notifications from foreground app they will not be shown in Hover but in ticker.

PIE
Fixed a couple of issues regarding repositioning. Also, Pie now follows same behavior of navigation bar on phone when in landscape, sticks at right. Last but not least Pie is now themeable by external xml resources, by Theme Engine.

PEEK
As for Peek App our Native Peek got some love on sensors side. They should work better now. You can find latest Peek App with advanced features on Play Store, check link below.

THEME ENGINE
Merged upstream changes and added style support to Dialer app, IME switcher alert dialog and many more.

BATTERY TILE AND STATUS BAR INDICATOR
Added colorizing support for all components for both circle and stock look. Themers can play with everything now :)

RECENTS
Hopefully fixed rare blank screen and always show translucent decors.

DOCUMENTS UI
Updated system API to let it delete folders.

PARANOID OTA
Fixed some FCs.

TRANSLATIONS
Imported new crowdin translations.

GENERAL
Fixed various bugs as rare softboots and cleanups.

Downloads: http://paranoidandroid.co
Bugs: https://paranoidandroid.atlassian.net
Crowdin translation system: https://crowdin.net/project/aospa-framework

Community legacy corner:
https://plus.google.com/u/0/communities/103106032137232805260

P.S. The theme shown off in the images below was made by our own +Carlo Savignano and will be available on the Play Store soon this week. Follow him to get state updates and to show him some love :)

P.P.S. The icons in the screens are from Kraken Rounded icon pack made by our own +Matt Flaming , link to the pack down below.


Peek App: https://play.google.com/store/apps/details?id=com.jedga.peek
Kraken Rounded Icon Pack: https://play.google.com/store/apps/details?id=com.jmftech.krakenround.icons

Wallpaper used in the image from +Justin Maller Facets Project.
Check his work here: http://facets.la/
Support him, buy his awesome 365 wallpapers app: https://play.google.com/store/apps/details?id=net.trippedout.android.facets

#StayParanoid 
495 comments on original post
1
Add a comment...

Stuart Hicks

Developers (NOT for General Q&A)  - 
 
I've been getting an awful lot of systemui crashes on beta7 causing lots of rebots (nexus-5). I'm getting the following stack trace in logcat:

D/AndroidRuntime( 5614): Shutting down VM
W/dalvikvm( 5614): threadid=1: thread exiting with uncaught exception (group=0x415a3ba8)
E/AndroidRuntime( 5614): FATAL EXCEPTION: main
E/AndroidRuntime( 5614): Process: com.android.systemui, PID: 5614
E/AndroidRuntime( 5614): java.lang.NoSuchMethodError: android.app.INotificationManager.isPackageAllowedForFloatingWindow
E/AndroidRuntime( 5614):     at com.android.systemui.statusbar.BaseStatusBar$NotificationClicker.onClick(BaseStatusBar.java:1130)
E/AndroidRuntime( 5614):     at android.view.View.performClick(View.java:4438)
E/AndroidRuntime( 5614):     at android.view.View$PerformClick.run(View.java:18439)
E/AndroidRuntime( 5614):     at android.os.Handler.handleCallback(Handler.java:733)
E/AndroidRuntime( 5614):     at android.os.Handler.dispatchMessage(Handler.java:95)
E/AndroidRuntime( 5614):     at android.os.Looper.loop(Looper.java:136)
E/AndroidRuntime( 5614):     at android.app.ActivityThread.main(ActivityThread.java:5024)
E/AndroidRuntime( 5614):     at java.lang.reflect.Method.invokeNative(Native Method)
E/AndroidRuntime( 5614):     at java.lang.reflect.Method.invoke(Method.java:515)
E/AndroidRuntime( 5614):     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779)
E/AndroidRuntime( 5614):     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595)
E/AndroidRuntime( 5614):     at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
E/AndroidRuntime( 5614):     at dalvik.system.NativeStart.main(Native Method)

I have Xposed installed, so my first guess is that some module I have is no longer compatible with PA (perhaps replacing the implementation of that ingerface?), but I'm not sure how to debug that, short of trial-and-error disabling modules.

Anyone having this and already found the problem? Or does anyone have a way to inspect what implementation is being used for that interface?
1
Dayne Close's profile photoIlham Hamzah's profile photoStuart Hicks's profile photo
5 comments
 
Wiping system and doing a reflash does seem to have fixed it, although I can't imagine why.  I suspect there's still a bug somewhere that caused this, but reproducing it is not going to be easy... Thanks anyway +Dayne Close and +Ilham Hamzah :)
Add a comment...

Stuart Hicks

Shared publicly  - 
 
A week left! Still time to donate money for my insane sister running the Bath Half next weekend for Alzheimers Society...
 
I am running the Bath Half Marathon in a month in aid of Alzheimers Society- please sponsor me! 
View original post
1
Add a comment...
Have him in circles
137 people
Pankaj Sinha's profile photo
Vidit Mehta's profile photo
Tom Dewey's profile photo
Gabriëlla Roelofs's profile photo
Philip Seifi's profile photo
John Harrison's profile photo
Ben Woodward's profile photo
Michael Watt's profile photo
Lok Bhattarai's profile photo

Stuart Hicks

Shared publicly  - 
 
 
On LPX13D, SELinux, and root

As promised, here are some more details about the current situation.

Why it breaks

Google has really put some effort into better securing Android, and we've seen a lot of SELinux related commits to the AOSP tree over the past months. There is some disconnect between the AOSP tree and actual L preview builds, some things from AOSP are not in the L preview build, and vice versa. Ultimately, it's a pretty good bet these things will mostly align, though.

On most devices and firmwares, SuperSU's daemon is started by the install-recovery.sh service script that runs at system boot time, as user root with the init context. This is what the daemon needs to function.

Recently, they've started requiring all started services to run in their own SELinux context, instead of init. Developers and security guys following AOSP have known this was coming; AOSP builds have been logging complaints about this specific service not having its own context for a while now.

Now this script runs as root, but as the install_recovery context, which breaks SuperSU's operation, as it is a very restrictive context.

In the last AOSP build I have tried (a few weeks old), there were a fair number of other holes that we could use to launch the daemon. At first glance(!), it seems those have all been closed. An impressive feat by the guys working on this, if it proves true.

How to fix it

To fix root, all that really had to be done was ensure the daemon's startup script is run at boot as the root user with the init context.

There are multiple ways to do this, but unfortunately for now it seems that it does require a modified kernel package (changing the ramdisk).

In the modified kernel packages I've posted for the Nexus 5 and Nexus 7, the daemon's startup is fixed by commenting out the line in init.rc that forces the install-recovery.sh script to run as the install_recovery context, so now it runs as init again, and all is well.

Repercussions

As stated above, it seems for now that modifications to the kernel package are required to have root, we cannot attain it with only modifications to the system partition.

Combine that with a locked bootloader (and optionally dm-verity) and a device becomes nigh unrootable - exactly as intended by the security guys.

Exploit-based roots are already harder to do thanks to SELinux, and now because of the kernel requirements for persistent root, these exploits will need to be run at every boot. Exploits that make the system unstable (as many do) are thus out as well.

Of course, this is all dependent on OEMs implementing everything exactly right. If a certain OEM doesn't protect one of their services correctly, then we can leverage that to launch the daemon without kernel modifications. While I'm fairly certain this will be the case for a bunch of devices and firmwares, especially the earlier L firmwares, this is not something you should expect or base decisions on. It is now thus more important than ever to buy unlocked devices if you want root.

It might also mean that every firmware update will require re-rooting, and OTA survival mode will be broken. For many (but far from all) devices we can probably automate patching the kernel package right in the SuperSU installer ZIP. We can try to keep it relatively easy, but updating stock firmwares while maintaining root is probably not going to work as easy and fast as it did until now.

Apps need updates

Unsurprisingly, with a new major Android release, apps will need updates. None more so than apps that go beyond the Android API, as root apps do, but even some non-root apps will be affected by the security changes.

As one example, someone posted in the SuperSU thread of a kernel flashing app that didn't work. From the logcat you could see that it was looking for partitions in /dev/block from its normal non-root user and non-init context. That used to be possible, but now it is restricted: normal apps no longer have read access there. 

The solution for that app is actually quite simple: list the /dev/block contents using root instead. But simple solution or not, the app will still need to be updated.

By far most root apps should be updateable for L without too much issue. There are indeed exceptions that will need some special care, but those are rare.

Permissive vs enforcing

The kernel packages I posted for the Nexus 5 and 7 LPX13D  firmware keep SELinux mostly set to enforcing. I say mostly, because SuperSU actually switches a small part of the system to permissive, so apps calling su can do most things without much interference. The details on this are lengthy (yes, your apps will be able to modify policies as well if needed, which should be rare), and I will document these for other developers after L retail release, assuming it will all still work at that time.

Alternatively, you can set the whole system to permissive or otherwise disable SELinux. There are other kernel packages released that indeed do this. The advantage here is that it instantly fixes some apps' issues, as the SELinux based restrictions have all gone the way of the dodo. The disadvantage here is that you've just shut down a major part of the security system of the device.

Some would argue that a device with an unlocked bootloader, root, encrypted modem firmwares of which nobody really knows what they're doing, etc, is inherently insecure, and thus disabling SELinux doesn't make much difference.

I personally disagree with this. While I do agree that these things weaken security down from the ideal level, I would still not disable more security features than I absolutely need to. Just because you cannot eliminate all attack vectors, is no reason to just completely give up on defending against them.

It is of course your own choice if you want to run a permissive system or not. I will strive to keep everything working in enforcing mode though, and I hope other root app developers will do the same - as stated earlier in the post, I believe this is still possible.

(everything in this post is subject to change for retail L release, obviously)
134 comments on original post
1
Add a comment...

Stuart Hicks

Shared publicly  - 
 
 
In celebration of London's Year of the Bus, today's #GoogleDoodle features an animated version of the iconic Routemaster bus.

The much-loved Routemaster made its first public appearance in London on 24 September 1954, and 60 years later is honoured with this fantastic +Google UK Doodle.
13 comments on original post
1
Add a comment...

Stuart Hicks

Shared publicly  - 
 
Wow.. What an amazing dog.
 
http://youtu.be/7QKeTYOinik

I would like to share this touching story of pup hero with all animal lovers
(= GoPro Video of the Week)
View original post
1
Add a comment...

Stuart Hicks

Shared publicly  - 
3
Add a comment...

Stuart Hicks

Shared publicly  - 
 
That last reaction xD
1
Add a comment...
People
Have him in circles
137 people
Pankaj Sinha's profile photo
Vidit Mehta's profile photo
Tom Dewey's profile photo
Gabriëlla Roelofs's profile photo
Philip Seifi's profile photo
John Harrison's profile photo
Ben Woodward's profile photo
Michael Watt's profile photo
Lok Bhattarai's profile photo
Basic Information
Gender
Male
Other names
スチューアト
Story
Tagline
Japan-bound Software Engineer
Introduction
I love Japan, Games, Music, Photography and Technology.
Bragging rights
BSc Computer Science with Games Development, CEFL Japanese Level B2, iTEFL
Work
Occupation
Software Engineer
Skills
Yes
Stuart Hicks's +1's are the things they like, agree with, or want to recommend.
KUKU VPN+
market.android.com

❉ EARLY ACCESS DISCOUNTED BETA VERSION ❉ ❤︎ Please contact us at for any inquiry or help, please don't rate the app yet ❤︎ VPN+ with anti-ph

Chrome Beta
market.android.com

Welcome to Chrome Beta for Android!• Preview the latest features: Try out the newest features. (Sometimes these may be a little rough around

Per-App Modes
market.android.com

Android Authority - March 11, 2014: "The bottom line is this: every hardcore root user in the entire Android ecosystem waited years to have

Human Japanese
market.android.com

Human Japanese presents the Japanese language from square one in a warm, engaging tone. The software goes much deeper than just vocabulary,

ConnectBot
market.android.com

ConnectBot is a powerful open-source Secure Shell (SSH) client. It can manage simultaneous SSH sessions, create secure tunnels, and copy/pas

Nothing To Envy: Real Lives In North Korea
market.android.com

North Korea is Orwell’s 1984 made reality: it is the only country in the world not connected to the internet; Gone with the Wind is a danger

Circle - Nearby Friends Chat!
market.android.com

SOCIAL RADAR- The #1 App to Find your Friends, Contacts and Suggested Contacts that are nearby, anywhere in the world! Circle magically tell

Google I/O 2012
developers.google.com

Google I/O 2012 brings together thousands of developers for three days of deep technical content focused on building the next generation of

ClamBook Android and iPhone Laptop Dock
clamcase.com

ClamBook Android and iPhone Laptop Dock

Woojung
plus.google.com

Woojung hasn't shared anything on this page with you.

カイロパーク
kairopark.jp

夢と魔法と感動のカイロパークの入口. (C)Kairosoft.

Let's work together. - 人材募集 - Google
www.google.co.jp

Let's work together. Google 東京オフィスでは、様々な職種の社員が活躍しています。エンジニアは、日本だけではなく世界に向けた最新のプロダクトを、世界中のエンジニアとともに研究開発しています。卓越したビジネスセンスと経験をもったセールスやマーケティ

xkcd: Home Organization
xkcd.com

XKCD updates every Monday, Wednesday, and Friday. You can get prints, posters, and t-shirts in the store. Home Organization. |< · < Prev · R

Trippy. : funny
www.reddit.com

reddit: the front page of the internet

Google+
plus.google.com

Real-life sharing, rethought for the web

YouTube - Florence + The Machine - No Light, No Light
www.youtube.com

Criar contaFazer login. Home. ProcurarEnviar. Ei, você, isso não é uma interrupção comercial. Você está usando um navegador desatualizado, a

YouTube - Lenny Kravitz - Let Love Rule 2009
www.youtube.com

Create AccountSign In. Home. BrowseFilmsUpload. Hey there, this is not a commercial interruption. You're using an outdated browser, whic