Thursday, February 26, 2015

Net neutrality becomes the law of the land (ZDNet)

Summary:With Congress washing its hands of the matter, the FCC voted to regulate Internet Service Providers as utilities.

The Federal Communications Commission (FCC) voted today to accept FCC chairman Tom Wheeler's proposal that the Commission "use itsTitle II authority to implement and enforce open Internetprotections." Or, to put it in plain English, your ISP must provide equal broadband access to you or any site -- Amazon, Netflix, etc. -- without slowing down or speeding up sites for additional fees.

Net neutrality is now the law of the land.
As expected, the vote to treat ISPs as common carriers passed by a party line vote of three Democrats over the two Republicans. Under this regulation, broadband Internet services will be governed by Title IIof the Communications Act of 1934, as amended by the Telecommunications Act of 1996. Mobile broadband vendors, such as 4G providers AT&T, Sprint and Verizon Wireless will also be regulated as common carriers based on Title III of the Communications Act. It should also be noted that since Wheeler made his proposal, the FCC has redefined broadband as delivering at least 25-Megabits per second (Mbps).
The Republicans claimed that the FCC was over-reaching its authority by putting in a secret Obama plan for net neutrality. Wheeler dismissed this as nonsense in his final speech. He summed up, "This is the FCC using all the tools in our toolbox to protect innovators and consumers; to ban paid prioritization, the so called fast lane. [This] will not divide the Internet into haves and have-nots."
Specifically, the FCC will use this new authority to define a new "Open Internet." This consists of three fundamental building blocks.
No Blocking: Broadband providers may not block access to legal content, applications, services, or non-harmful devices.
No Throttling: Broadband providers may not impair or degrade lawful Internet traffic on the basis of content, applications, services, or non-harmful devices.
No Paid Prioritization:Broadband providers may not favor some lawful Internet traffic over other lawful traffic in exchange for consideration -- in other words, no "fast lanes." This rule also bans ISPs from prioritizing content and services of their affiliates.
This last provision serves notice to Comcast, Verzion, and other last-mile ISPs that they can no longer charge Netflix, or other content providers, for Internet access. It's a safe bet that these contracts are now on their way to the courts. In addition, even as Internet technologies evolve, ISPs are forbidden to harm consumers or edge providers.
The FCC is also claiming for the first time to have authority to hear complaints and take appropriate enforcement action if it determines the interconnection activities of ISPs are not just and reasonable. This will enable the FCC to address conflicts over traffic between mass-market broadband providers and edge providers.
In the commercial Internet's first days in 1992, the ISPs of the day formed the Commercial Internet Exchange (CIX). One of its guiding principles was net neutrality -- that no sites would be blocked and no traffic would be metered or slowed.
This has ceased to be the case. In 2014, Verizon won a case against the FCC. In it, they showed that the FCC did not have the right to regulate Internet traffic. This was a kick in the teeth for net neutralityat the time. The Tier 1 backbone ISP Level 3 has shown that last-mile ISPs with a monopoly in some areas have deliberately slowing down Internet traffic.
So, what will this mean for you? Wheeler declared that this new stance "will ensure the Internet remains open, now and in the future, for all Americans." We'll see. As Mark Cuban, serial entrepreneur, said on CNBC, "Let the lawsuits begin."

Monday, February 23, 2015

How to remove Superfish adware from your laptop (ZDNet)

Summary:The bad news is that Lenovo ever put Superfish on their consumer laptops. The good news is that it's not that hard to get rid of it.

UPDATED: No one likes crapware--the adware and trial software that PC and smartphone vendors put on their devices. Until recently, though we rarely got actual malware installed on new computers. Now, thanks to Lenovo and Superfish Visual Discovery adware, we didn't merely get injected ads in our search engine results, we also had our computer doors opened to man-in-the-middle Secure-Socket Layer/Transport Layer Security (SSL/TLS) attacks.

Users always disliked Superfish. As early as September 2014, Lenovo buyers were complaining about Superfish's fishy search results. Lenovo, however, didn't admit to installing Superfish, and its problems, until January 2015. Then, Mark Hopkins, a Lenovo social media program manager, admitted that Superfish had "some issues (browser pop up behavior for example)," so Lenovo temporarily removed Superfish from their systems.
What Lenovo didn't say was that Superfish was installing its own self-signed root certificate authority (CA), This enabled the Superfish software to void SSL/TLS connections and gave hackers a hole to be used in man-in-the-middle (MITM) attack and view the contents of any "encrypted" connections.
This hole was discovered on January 21 by a Lenovo user. Lenovo, however, while no longer installing it on new systems, didn't alert users of the potential danger. This hole can be used against you no matter which Web browser you're using.
Then, the problem with Lenovo consumer laptops running Windows 8.1 sold between September 2014 and January 2015, was shown to be even worse than expected. Google security engineer, Chris Palmer, showed on Twitter that Superfish was intercepting SSL/TLS connections and injecting its own self-signed certificates for all sites on his Yoga 2 laptop. This included such sites as the one for Bank of America.

Read this

Enterprise customers are not said to be affected, but millions of consumers and bring-your-own-device users are likely using compromised machines.
On February 19th, the problem went from merely terrible security practice and a potential problem to being a real security hole. Robert Graham, a security hacker,extracted the password that Superfish uses for its CA and published it. This means that, as Graham put it, "I can intercept the encrypted communications of SuperFish's victims (people with Lenovo laptops) while hanging out near them at a café wifi hotspot."
So, since if you're in a coffee shop right now using your new Lenovo to look at a secured Web site open in another tab, you could be having your password stolen at this moment, here's how to zap Superfish.
First, you need to get rid of the program. To do that, first take the following steps:
  • Go to Control Panel > Uninstall a Program
  • Select Visual Discovery > Uninstall
According to Lenovo, that's all you need do and besides"We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns." In part, Lenovo states this because "Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the product is no longer active. This disables Superfish for all products in market."
I don't buy it. If that's the case then Palmer never should have been misdirected while browsing with his Lenovo laptop on February 18th.
This issue aside, the bad certificate will still be on your Windows system. To get rid of it, run the Microsoft Management Console, Mmc.exe (you need an administrator's credentials to do this), and do the following:
  1. Go to File -> Add/Remove Snap-in
  2. Pick Certificates, click Add
  3. Pick Computer Account, click Next
  4. Pick Local Computer, click Finish
  5. Click OK
  6. Look under Trusted Root Certification Authorities -> Certificates
  7. Find the one issued to Superfish and delete it.
You can't just rerun CertMgr.msc directly because that only shows the user account, not the Computer Account cert store. The bad Superfish certificate lives at the Computer Account level.
Even after this, there will still be some Superfish registry entries left behind, but they are not likely to be dangerous.
To get rid of those you may want to try a registry cleaner, although, as ZDNet resident Windows expert Ed Bott puts it, "registry cleaners are the 21st Century equivalent of snake oil." Still, if you want to be do your best to clean out every last remnant, you should usePiriform's Ccleaner registry cleaner.
It may also be possible that if you're using Firefox or Chrome there may be a cached copy of the bad certificate. To check on this, with Firefox enter:
on the address bar. On the menu that comes up, choose Certificates and then View Certificates. Once there, look for Superfish in the list of Authorities. Once you find it, delete it.
On Chrome, go to Settings/Advanced Settings/HTTPS/SSL/Manage Certificates. In the Certification Manager, go to Authorities and look for Superfish. If you find it, delete it. If the delete button is not active, choose edit instead and uncheck all the "Trust this certification" radio buttons.
To make sure that Superfish is no longer intercepting your secure communications, go to the Superfish CA test Website.
Last, but not least, do these steps now. If you don't, every time you go to a "secure" Website with your new Lenovo laptop, you're telling the world to steal your IDs and passwords.

Friday, February 20, 2015

Cyberattackers can reprogram hard drive firmware, according to Kaspersky bulletin (TechRepublic)

A Kaspersky Lab bulletin indicates a cyberattack group has the capability to infect hard drive firmware. Learn how this capability works, and what it means for your deployed systems. 

A cyberattack group dubbed Equation group by Russian security firm Kaspersky Lab has a portfolio of intricate and highly sophisticated malware that dates back to at least 2001. The organization is considered by Kaspersky to be "the most advanced threat actor we have seen." The portfolio of Equation group's exploits extensively utilizes a variety of encryption algorithms and hashes, including using SHA-256 1,000 times on an NTFS object ID.
Information about the afflicted parties and details regarding the use of code written by Equation group is covered in depth on CNET, as well as information regarding how these disclosures relate to the Stuxnet worm, which was discovered in 2010 and is still a subject of political intrigue. The focus of this article is on the technical inner workings of the Equation group exploit, and the use of drive firmware as an attack vector.

What sets Equation apart from other groups?

Perhaps the most alarming capability detailed in the report is that the malware produced by Equation can reprogram the firmware of hard drives. According to Kaspersky, the malware's design allows for the creation of hidden sectors on the drive, which are resistant to drive formatting. Naturally, it also provides an API for access to the hidden sectors for use by other Equation components. Of the two identified modules with this capability, the first (from 2010) can reprogram six distinct drive "categories," which constitute individual products or product lines by Maxtor, Seagate, Western Digital, and Samsung. The second version (from 2013) has 12 product classes, which include the previous brands and adds HGST/IBM, Micron, OCZ, OWC, Corsair, and Mushkin.
Finnish security firm F-Secure notes that this disclosure describes the capabilities of a utility called IRATEMONK in an internal National Security Agency (NSA) catalog from 2008 that "provides software application persistence...through MBR substitution." This utility can infect the firmware of "a variety of Western Digital, Seagate, Maxtor, and Samsung hard drives," which supports FAT, NTFS, EXT3, and UFS file systems not running as part of a RAID array.

What are the implications of using that attack vector?

In an interview with Reuters, lead Kaspersky researcher Costin Raiu claims that the vendors must have had access to the source code of the drive firmware. Raiu is quoted by Reuters as saying that, "There is zero chance that someone could rewrite the [hard drive] operating system using public information."
In response to this claim, a Western Digital spokesman told Reuters they "[have] not provided its source code to government agencies." Reuters indicates other drive makers declined to say if they have shared their source code. A Seagate spokesman said it has "secure measures to prevent tampering or reverse engineering of its firmware and other technologies." In the report from Reuters -- which names the NSA as the developers of this exploit -- it is possible for the government to request source code in the process of a security audit for government purchases.
Importantly, the Kaspersky report notes that this exploit is extremely rare, and that it is "kept for the most valuable victims or for some very unusual circumstances." This does not appear to be a scenario in which Equation-produced code is accompanying drives shipped from the factory.

How hard is it to reverse-engineer drive firmware?

Surprisingly, the answer to that question is not very, but it is not trivial either. A hard drive is, in essence, functionally identical to any other integrated system. Typically speaking, the circuit board on a hard drive contains DRAM for the drive cache, a spindle motor controller, the drive controller -- a multi-core ARM processor for modern drives. Some drives, like the drive used in this experiment at SpritesMods, have an additional serial flash to store the firmware, though others may keep this storage internal to the controller. These drive controllers are either off-the-shelf parts, or made by the drive vendors.
In the experiment at SpritesMods, the Western Digital firmware does not contain any obfuscation tricks. That experiment starts with getting access by connecting to an ARM core on the controller accessible via JTAG, which allows for easier debugging with breakpoints and memory editing. In that experiment, making a persistent change to the drive firmware was possible -- the memory layout of the chip was already documented, and free space existed in which to inject arbitrary instructions, which can be executed before the rest of the drive firmware by changing the execution order in the header.
Notably, some of the instruction blocks in the firmware code are stored in an unknown compression format and unpacked into RAM at start -- making this edit does not require the ability to modify that code in the compressed state. When it is unpacked for execution at boot, the arbitrary code can insert hooks into the executed code. In the SpritesMods experiment, a small program was written utilizing code from the idle3-tools package, which allows for the firmware to be flashed to the drive.

What does this mean for deployed systems?

Considering the rarity with which this exploit appears to be used, it probably is not an issue worth worrying about at this time. Windows users are a more obvious target through sheer ubiquity, though Mac OS X and Linux users should know there is no security through obscurity. The Kaspersky report indicates there are some signs that Equation can target non-Windows systems, and IRATEMONK is documented as supporting EXT3 and UFS.
The opaque nature of hard drive firmware, and the extensive amount of vendor-specific commands, often with poor to no documentation (a somewhat shocking state of affairs for such ubiquitous hardware as mass storage devices) is reason to give pause. Ariel Berkman of the Israeli firm Recover has written a proof-of-concept on hiding data in reserved service space that only requires knowledge of vendor-specific commands, which has the potential to be easier than firmware modification.

Thursday, February 19, 2015

7 ways tech can help fix the US healthcare system (TechRepublic)


It's no secret that the US healthcare system is broken. A report released by the Commonwealth Fund, a US think tank, showed that in 2014 the US ranked last in the quality of healthcare systems when compared to 10 other industrialized nations. We've occupied that spot from 2004 to 2014.
We also spend much more per capita -- about $8,600 -- on healthcare than any other nation, and that's about 30% higher than the next closest industrialized country, according to theWorld Bank.
As of 2012, according to the CDC, more than half of Americans live with a chronic disease. Prescription drug spending accounts for one in every $10 spent on healthcare.
Technology has a big role to play in the future of digital health and the improvement of healthcare, and 2015 is going to be a big year for the industry. Here's a look at how technology can be used to better the US healthcare industry.

1. Making sense of all the data

Big data is one of the biggest trends in digital health right now, and it's key to every stage of the system -- from research and development, to disease monitoring and treatment, to patient care. Researchers have been gathering data for years, but now, it's about making sense of the data and putting it to good use. With IoT technology, sensors, and real-time analytics, doctors and researchers can more accurately understand their patients and better customize care.

2. Making care more accessible

Access to healthcare in the US has long been regarded as unreliable, and technology may be able to remedy that. Telemedicine is one way that more people can get access to healthcare providers no matter their location, so they can communicate with doctors and receive treatment without having to physically go to a clinic.
According to a report by Robert Half Technology, 36% of healthcare companies have no mobile strategy. Digital health clinics that are accessible via computers and mobile phones can change that, making it easier

3. Reimagining medical school

The US medical school format, which consists of two years of studying and two years of clinical residency, has been in place since about 1910. Technology has changed the medical industry, but the educational system has not really evolved with it.
However, that is now changing -- the American Medical Association's Accelerating Change in Medical Education is funding $1 million to each of 11 different schools to help fund new programs. Some schools are offering classes that use tech to look at disparities in access to care or how tech can help physicians give patient care. Also, the MCAT is going under a revamping for this new age as well.

4. Incentives to be healthier

According to the CDC, one in five children is obese and, in 2010, more than one third of adults were. Because of this epidemic, corporate wellness has become a $6 billion industry, and employers are offering discounts and other financial incentives to get people to be healthier, stop smoking, and/or lose weight.
This comes at a time when fitness trackers and health apps are extremely popular with consumers, and companies like Apple are integrating health apps into their operating systems. It's creating an ecosystem that can hopefully lower obesity rates, preventable diseases, and potentially the costs of healthcare.

5. Reinventing health insurance

With the Affordable Care Act, more people in the US are insured than ever before. According to a survey by the Transamerica Center for Health Studies last year, the number of Americans without health insurance dropped from 22% to 15%, but that's still a lot of people who lack it.
Technology is allowing for some novel approaches to closing that gap. A company called Oscar, which only offers services in New York and New Jersey currently, is trying to revamp the health insurance business model. Use the app to describe your symptoms, click to talk to a doctor about them, and look at all your visits, prescriptions, and medical history in a timeline. The company also pays you money to keep track of your fitness and work towards goals. Users can also easily get quotes for health insurance.

6. Putting some of that entrepreneurial creativity to use

There are brilliant, creative entrepreneurs all over the world, and a lot of exciting innovations in the tech industry. But in many ways, what's being built is not solving real solutions -- the industry is full of games and apps and billion dollar valuations that don't make much sense. At the same time, the healthcare industry is long overdue for some creative solutions. Teaming technologists up with medical providers is a great start to making a positive impact.
For example, Significance Labs is a new accelerator based in New York City that offers technologists and entrepreneurs a place to build technology to solve major social issues that low-income people face. Not Impossible Labs builds technology for the sake of humanity, using open source designs and inexpensive resources to build things like the Eyewriter and the Brainwriter. The ideas behind these organizations are key to creating better solutions that can really impact people.

7. Health IT growth

According to a 2013 Deloitte report, 73% of physicians believe that healthcare information technology will improve the quality of care provided long term for patients. The number of health IT jobs is supposed to increase by 20% by 2018, according to the Department of Health and Human Services. Additionally, as more medical providers adopt electronic health records, physicians can collaborate easier for patient care.

Wednesday, February 18, 2015

Why Is My Wi-Fi So Crazy Slow? (BusinessWeek)

Ask people about their tech headaches and they'll tell you about their home Wi-Fi networks. Balky, inconsistent connections are as commonplace as they are maddening. A startup called Eero says it's going to change all that.
Earlier this month, Eero began taking pre-orders for a Wi-Fi system it says will fundamentally improve home connectivity without making consumers jump through hoops connecting and reconfiguring their networks. The idea seems to have struck a chord: The company says it sold $1 million of routers in the first 48 hours.  
If Eero can follow through, it will have solved a problem the rest of the technology industry has failed to solve for years.
It has always been tricky to blanket an entire residence with a high-quality wireless connection. But in recent years, customers’ expectations have exploded, along with their appetites for streaming video and audio, making the dead zones in the distant corners of their homes seem that much more lifeless. While Linksys, D-Link, and other popular router manufacturers have been marketing more powerful routers, the biggest problems with home Wi-Fi can’t be solved with any one device. The sort of specs you would find on the box of a home router can be deceptive. Stronger signals, for instance, have shorter ranges. 
The best way to improve the performance of a home Wi-Fi network is to increase the number of radios sending out a wireless signal. There are various ways to do this. Wi-Fi extenders are common and can be relatively cheap, but they aren’t very efficient at transmitting a signal, and they add a layer of complexity that could drive you nuts. Hard-wiring additional ethernet access points is very effective but can amount to a project.
In businesses and public places, connections are often offered through mesh networking—multiple devices that each serve as receiver and transmitter of a signal. This spreads the Internet equally throughout the air in the network and sends devices to the most logical access point, based on their locations. 
Mesh networks have consumer applications as well. Sonos, which sells Internet-connected speakers, creates a mesh network among its devices to play music throughout a home. Open Garden uses mesh networks to let people participate in a kind of online chat that doesn't require a connection to the Internet. 
We haven't yet seen a good use of mesh networking for home Wi-Fi, but it’s the logical future, according to Tim Higgins, managing editor of the Wi-Fi-focused website, “The key thing that Eero is doing is really bringing mesh to the consumer,” he says. “It’s a big deal if it works.”
Nick Weaver, Eero's co-founder and chief executive, says other companies haven't built mesh networks for consumer devices because it's hard to do so without rewriting all the code that runs the systems. Many router companies outsource the code that runs their devices, and they may rely on systems that are over a decade old. Eero designed its hardware and software from scratch. "It basically all comes down to the software," Weaver says.  
The appeal of Eero at the moment is conceptual because reviewers and customers haven’t had a chance to test the system. The company says it will begin shipping pre-orders this summer. 
In addition to a stronger Wi-Fi signal, Eero devices serve as Bluetooth connection points. They create home-wide Bluetooth networks, an additional form of wireless connectivity, generally used to communicate signals between two devices within a few feet of one another. These innovations are potentially exciting to people who understand and care about home networking.
Eero will need to get beyond those customers. So it is following the same home-appliance-as-iPhone strategy that Nest has pursued for thermostats and smoke detectors. The Eero even kind of looks like the Nest thermostat. The company boasts that this is one router you won’t feel inspired to hide in that dusty area behind your TV stand.  
It’s hard to see many people buying a wireless router just because it's an elegant white square instead of an ugly black rectangle. The bigger draws are likely to be the promise of a quick setup that takes place entirely on a smartphone, or an easy way to let house guests connect devices to the network. As with the core networking functionality, we just have to trust Eero on how well these features work at this point.
Eero also resembles Nest in its price premium. The company said it would raise its prices to $199 for a single unit, up from the $125 it initially charged, and $499 for a three-pack (up from $299). Higgins of says demand for wireless routers drops off sharply once customers are asked to spend more than $300. Even if Eero has developed a fundamentally superior Wi-Fi router, he thinks it is unlikely that many people will spend $500 for something they’d rather never think about. 
“That’s a little steep for what’s basically a science experiment at this point,” he says. 
Eero's Weaver says people often spend nearly that much on home networks, once they've bought an expensive router and a few range extenders. But he acknowledges that Eero is raising prices partly to limit demand to what the company could actually deliver on schedule. "Over time, as you hit larger scale, price becomes a flexible thing," he says. 

Thursday, February 12, 2015

Public Knowledge : ..its the plan of 4 mill Americans..

Yesterday, FCC Commissioner Pai held a press conference to denounce the plan that the FCC developed after hearing from over 4 million Americans, attempting to dismiss it as "Obama's plan." Commissioner Pai believes that "Obama's plan" is the result of improper presidential involvement with the FCC's decision-making process and, as a result, should be ignored.
But let's look at the real facts:


Every President in the last 30 years has weighed in publicly with the FCC on issues of national importance. It did not violate the FCC’s independence when President George W. Bush publicly called for Chairman Michael Powell to vote on deregulating media ownership, or when President Bill Clinton wrote a public letter to Chairman Reed Hundt to ban hard liquor advertising on television. It also did not violate the FCC’s independence when President Ronald Reagan asked Chairman Mark Fowler to drop his proposal to rescind the Financial Interest and Syndication Rules. Similarly, President Obama has not violated the independence of the FCC by making his support for strong net neutrality rules under Title II public.

Commissioner Pai's remarks are an insult to the American people. People who have participated in the net neutrality debate in unprecedented numbers and spoken with unmistakable clarity across the political spectrum.

Chairman Wheeler’s proposed order reflects the demands of the American people, and Public Knowledge stands behind him as the fight continues for an open, fast, and fair internet. 

Greatly improve the power of Google Now with Commandr (TechRepublic)

If you find Google Now commands a bit limiting, Jack Wallen has found an app that adds a number of useful commands to the hands-free system. 
If you're a Google Now user, but you wish you had more power at your command, a 16-year-old developer named Ryan Senanayake has created a free app called Commandr that you must try. Once the app is installed, it will add the following commands to the Google Now system:
  • Flashlight On/Off
  • Wi-Fi On/Off
  • GPS On/Off (some devices)
  • Bluetooth On/Off
  • Wireless Hotspot On/Off
  • Pause/Resume music
  • Previous/Next song
  • Read unread SMS
  • Read last SMS from contact
  • Play Google Music playlist
  • Chatbot (for Siri-like functionality)
  • Cellular Data On/Off
  • Read unread Gmail
  • Raise/Lower volume
  • Silence/Unsilence ringer
  • Set volume to percentage
  • Unlock/Lock phone
  • Take a picture/Selfie
  • Shutdown (root)
  • Reboot recovery (root)
  • Restart (root)
  • Clear notifications (root)
  • Wolfram alpha
  • Send Whatsapp message
  • Enable/Disable rotation lock
  • Enable/Disable sync
  • Night mode (disable Wi-Fi, data, and ringer)
  • Enable/Disable Airplane Mode (requires root)
  • Enable/Disable Car Mode
Commandr works out of the box (once it's enabled), so there's zero extra tweaking involved. And, with the help of Tasker, you can even add your own custom commands to the app.
Let's install Commandr and enable it so you can gain even more power with Google Now.


To install Commandr, follow these steps:
  1. Open the Google Play Store on your Android device
  2. Search for Commandr
  3. Locate and tap the entry by RSenApps Inc
  4. Tap Install
  5. Read through the permissions listing
  6. If the permissions are acceptable, tap Accept
Once the installation has completed, tap the Open button within the Google Play Store, and the Commandr welcome screen will appear. Swipe to the left to dismiss this window. You'll now be prompted to enable Commandr's accessibility service. Tap the Open Settings button (Figure A).
Figure A
Figure A
Enabling Commandr on a Verizon-branded Droid Turbo.
Within the Accessibility Settings window, tap Commandr for Google Now, and then tap the ON/OFF switch to enable the service (Figure B).
Figure B
Figure B
You're almost ready to empower Google Now.
After you turn the Accessibility Setting on, the Commandr settings window will open. Tap the Built-In Commands entry to see a full listing of the built-in commands. From here (Figure C), you can edit the command used to launch each feature by tapping the Edit button (pencil) and then changing the launch phrase.
Figure C
Figure C
The full list of Commandr commands.
A nice little hidden feature is Command Voting. While in the Built-In Commands window, swipe downward until you see the little stair icon at the bottom right corner of the window. Tap that icon, and you can vote on current commands being developed. The commands with the highest votes will be integrated into the app. You can also suggest a new command (while in the voting window) by tapping the plus sign [+] and adding your suggested command (Figure D).
Figure D
Figure D
Suggesting a command to the developer of Commandr.
Note: The developer of Commandr is always adding new commands to this very handy tool. This app is open source. If you're interested in the source, it can be downloaded here.
If you're looking for the fastest means of expanding what Google Now can do for you, you would be remiss if you didn't install this free app.

Tuesday, February 10, 2015

18 tips to get the most out of Android 5.0 (InfoWorld)

Android guys

Got Lollipop? Google's Android 5.0 operating system is slowly but surely making its way to devices around the world -- and like any major OS upgrade, it brings with it a whole new set of options, features, and shortcuts to master.

Some of Lollipop's new elements are obvious, like the striking newMaterial Design motif or the revamped Overview (aka Recent Apps) interface. Others, however, take a little learning and exploration to discover.

Strap on your explorer hat and stretch out your phalanges: It's time to get into the nooks and crannies of Lollipop's many possibilities.

(Note that this story focuses on Google's core Android 5.0 software. Some hardware manufacturers modify the OS, however, so the placement and presence of items described here may vary depending on your device.)

Tip No. 1: Bump and beam data to another device

One of Android's least-known but most useful features picks up even more power with Lollipop: With Android 5.0, Android Beam gains the ability to wirelessly transmit practically any type of content from one device to another -- and it's easier than ever to use.
Simply tap the share icon in any app -- like while viewing a photo in the Photos app, a contact entry in the Contacts app, or a document in your favorite Android office suite -- and select Android Beam from the list of options that appears. Then tap the back of your device to the back of another Android device, and the info will be zapped over in an instant.

The receiving device doesn't even have to have Lollipop; it only needs to support NFC (near-field communication) -- which most reasonably recent midrange to high-end Android devices do -- and to be powered on and unlocked.

Tip No. 2: Quick swipe for settings

Tip No. 2: Quick swipe for settings

Need to change a device-level setting fast? You can swipe down twice from the top of your device's screen to access the new Lollipop-level Quick Settings panel, which allows you to quickly adjust elements like display brightness, Wi-Fi and Bluetooth connections, airplane mode, and flashlight status. You can also get to the Quick Settings panel by swiping down once from the top of your screen while using two fingers.

Tip No. 3: Tap text for extra shortcuts

You wouldn't know it by looking, but two of the settings in Lollipop's Quick Settings panel have hidden secondary functions: With both Wi-Fi and Bluetooth, you can tap the icon to toggle the function on or off and tap the text -- either your Wi-Fi network name or the word "Bluetooth" -- to jump directly to the respective section of the full system settings.

Tip No. 4: Bone up on your battery use

See the battery-level indicator at the top of Lollipop's Quick Settings panel? Tap it to jump to Android's power consumption tool, which gives you a detailed breakdown of exactly what apps and processes are draining your device's battery. While you're there, tap the overflow menu icon (the three vertical dots) at the top right of the screen to set up Lollipop's new battery-saver mode, which automatically revs down your system's engines when the battery gets low in order to keep things running as long as possible.

Tip No. 5: Keep tabs on your alarms

The next time you set an alarm on your Android device, take a quick peek in the Quick Settings panel: Lollipop shows the date and time of your next alarm there, and you can tap on it to jump directly to the Clock app if you need to make any changes.

Tip No. 6: Tune Android to respond to the sound of your voice

Android 5.0 has a powerful new always-listening voice command system that's available on many devices, but you have to activate it before it'll work -- and the option to do so is surprisingly out of sight and buried.
Ready to dig it up? In your system settings, tap "Language & input," then "Voice input." Tap the gear icon next to "Enhanced Google services," then tap "'Ok Google Detection" and look for the option labeled "From any screen." (If it isn't there, your device probably doesn't support the feature. Sorry!)
Tip No. 6: Android Voice Commands
Now follow the prompts to train the system to recognize your voice and your voice alone. When you're finished, you'll be able to say, "Ok, Google," to wake your device anytime -- even when its screen is off -- and give it all sorts of commands without ever touching it.

Tip No. 7: Bypass the lock screen at home

Nothing against pass codes, but unlocking your phone every time you want to check a sports score -- er, work email while waiting for pasta water to boil can be a real nuisance. Trouble is, that one time you turn off the lock at home and forget to turn it back on before catching the bus could come back to haunt you.
Enter Lollipop's newly introduced Trusted Places, which allows you to keep your phone or tablet always unlocked at a set geographical location -- like your house or office. To give Lollipop the go-ahead, head to your system settings, tap on Security, then Smart Lock. There you will find Trusted Places, where you can set specific trusted locations.

Tip No. 8: Bypass the lock screen on the go

Tip No. 11: Prioritize notifications
Another way to see only important
notifications and keep the rest away is to 
make use of  Lollipop's new Priority 
notification mode.

Tip No. 9: Override Smart Lock
Tap and hold the padlock icon on the lock 
screen to secure your device when 
Smart Lock is enabled.
Similarly, Lollipop can keep your phone or tablet unlocked whenever it's connected to a specific Bluetooth device you trust, such as your smartwatch or car audio system. While you're in the Smart Lock menu (see Tip No. 7), tap the option labeled Trusted Devices and follow the prompts to add a device onto the list. Once you're finished, your phone or tablet won't prompt you for your PIN, pattern, or password anytime the trusted device is present and paired.

Tip No. 9: Override Smart Lock

Don't fret: You can still secure your device when Smart Lock is enabled. Think of it as a manual override option: Anytime Smart Lock is activated, tap and hold the padlock icon at the bottom of your phone or tablet's lock screen. After about a second, you'll see an alert informing you that the device has been locked and will require your security code for the next entry.

Tip No. 10: Cut down the notification noise

Notifications can help you stay on top of everything that's important to you, but with nearly every app nagging for attention, keeping on top of which notifications you want to receive can be a chore.

     If you're getting pestered by a notification you'd rather     not receive, tap the notification and hold your finger        down for about a second. Android will show you exactly what app created the notification and give you a link to the app's information page, where you can blacklist it from creating additional alerts.

Tip No. 11: Prioritize notifications

Another way to see only important notifications and keep the rest away is to make use of Lollipop's new Priority notification mode. To activate it, press your device's volume-up or volume-down button and tap Priority on the box that appears. You can then select to leave Priority mode enabled indefinitely or to specify a limited amount of time for which it'll remain active.

While you're there, tap the gear icon next to the words "Priority notifications only" to make sure you're set up the way you like. You'll be able to control exactly what types of notifications are considered "priority" -- events and reminders, any calls and messages, or only calls and messages from specific approved contacts. You can also set regular recurring times for Priority mode to be activated -- if, for instance, you always want it to turn on during the overnight hours to prevent less-pressing alerts from sounding.

Tip No. 12: Keep notifications discreet

Lollipop puts your pending notifications right on the lock screen, which can be handy -- but can raise pesky privacy issues, particularly for security-sensitive business users. Take control of the situation by going into the Sound & Notification section of your device's system settings and tapping the option labeled "When device is locked." There, you can choose whether the lock screen shows all notifications, no notifications, or only notifications that aren't considered sensitive.

To mark an app's notifications as sensitive, tap App Notifications in that same Sound & Notification section and select the app from the list. From here you can set its notifications to "sensitive" and block it from showing any notifications or whitelist it to always show its alerts when you're in Priority mode (see Tip No. 11).

Tip No. 13: Share your device with guest mode

Want to let someone use your phone or tablet without gaining access to all your stuff? Try Lollipop's new guest mode. Swipe down twice (or swipe down once with two fingers) from the top of your screen to access the Quick Settings panel, then tap the user icon in the upper-right corner of the screen. Select "Add guest" from the menu that appears, and voilà: Your device will switch to a new profile in which all basic functions are available but none of your apps, data, or settings is accessible.

Tip No. 13: Share your device with guest mode
Want to let someone use your phone or
tablet without gaining access to all your
stuff? Try Lollipop's new guest mode.

To exit guest mode, mosey back into the Quick Settings panel, tap the user icon, and tap "Remove guest." Enter your security code, and you'll be back at home in your own regular profile.

Tip No. 14: Keep guests from making calls

If you want to create a more limited guest mode for your phone in which someone could get online but notmake calls, head into the Users section of your system settings and tap the gear icon next to Guest. Tap the toggle next to "Allow phone calls," and the function will be disabled. (Guest mode already prohibits a user from accessing any phone-based text messaging, so there's no need to worry about that.)

Tip No. 15: Screen-pin to share access to a single app

For an even more limited way to let someone else use your phone or tablet, take Android 5.0's new screen-pinning feature out for a spin. First, go into the Security section of your system settings and select the option labeled Screen Pinning to activate it. Once it's active, tap your device's Overview button (the rectangular icon at the bottom of the screen, next to the Home key) and scroll upward with your finger.

Tap the green pushpin icon on the bottommost card and confirm that you want to start screen pinning. Be sure to select the "Ask for unlock pattern before unpinning" option.

That'll lock your device to your most recently used app or process so that someone can access it and nothing else -- if, say, you wanted to let a friend make a call or look something up in Chrome but didn't want them to be able to open anything else. In order to exit screen-pinning mode, you'll need to touch and hold the Overview button and enter your security code to continue.

Tip No. 16: Cut down on Overview clutter

Speaking of the Overview function, Lollipop allows you to have every individual browser tab appear as a card in the Overview list instead of as a traditional tab within Chrome itself -- but you don'thave to use it that way. If you'd rather have your tabs be managed within Chrome, open up the Chrome app on your Android 5.0 phone or tablet, tap the overflow menu icon, and select Settings. Select "Merge tabs and apps" from the list that appears, then simply tap the toggle to turn it off.

Tip No. 17: Bring back silent mode

A traditional silent mode is mysteriously missing in Android 5.0 -- so what to do when you need your phone to stay quiet? You have two main options, neither of which is exactly intuitive: First, you can press your volume-up or volume-down key and select None from the box that appears on screen. That'll keep all sounds from coming out of your device -- but it'll put the kibosh even on alarms, which typically still sound in a traditional silent setting.
The other option, if you don't want to silence your alarms as well, is to use the Priority mode described in Tip No. 10 and configure it so that no notifications are allowed through. Alarms are an exception that are always permitted in that mode, so if you disable everything else, you'll be good to go.

Tip No. 18: Hang up in style

Save yourself a few steps the next time you're ready to end a call: Open up your phone's system settings and select Accessibility. Tap and activate the option labeled "Power button ends call." Now, when you want to hang up on someone, all you have to do is press your phone's power button -- no futzing with the screen or searching for the right icon.

Saying so long has never been so easy.