Brave (browser)

Brave (browser)


  • Available
    • no
    • circa v0.7
    • assemble the sources yourself
    • closed beta program.
  • Cultures
    • Linux
    • Mac (OS/X)
    • Windows (sic)
    • Android
    • iPhone (iOS)
  • Basis
    • Chromium → Linux, Mac, Windows
    • iOS → Firefox for iOS
    • Android → Bubble (linkbubble)
  • linkbubble
  • Funding
    • $2.5 million
    • Unnamed individuals
      “angel” investment.
  • Features
    • Known
      • HTTPS Everywhere add-on
    • Expected, not declared as existing
      • a UI
      • cross-platform sync
      • incognito mode
      • password manager



  • Mozilla co-founder unveils Brave, a Web browser that blocks ads by default; ; In Ars Technica; 2016-01-21.
    Teaser: … but Brave then replaces blocked ads with its own ads, taking a 15% cut of revenues.

    • <quote>In practice, Brave just sounds like a cash-grab. Brave isn’t just a glorified adblocker: after removing ads from a Web page, Brave then inserts its own programmatic ads</quote>
  • Brendan Eich Launches Brave New Browser Ian Elliot; In I Programmer; 20165-01-20.
    Teaser: Brendan Eich, the man who invented JavaScript and the co-founder of Mozilla, has just launched a new browser called Brave. Is this a Firefox fork?

Via: backfill.

SOLVED[fail]: Android WebView does not support Client Certificates at all

Problem Statement



Partial success…

  • Webware => just works
    • desktop officework browser
      i.e. Firefox 29+
    • mobile browser => “just works”
      i.e. Chrome 40, Blink 537.36, Android 4.4.4 (what is that, Jelly Bean, Key Lime Pie?, Lollipop?)
  • Appware => FAIL
    • Android does not work, cannot be made to work.
    • WordPress Android is unuseable in this mode.

Environment: Webby Officework Desktop

Outcome: just works


  • Firefox (Fedora) “just works”
  • Chrome (Android) “just works”


  • User receives the certificate as a PKCS #12 (a .p12 file)
  • Install fhe certificate
    • … in the browser (Firefox, Linux)
    • … in the operating system (Android)

Environment: WordPress Android

Outcome: FAIL

  • Do not use Android WordPress on these blogs
  • Use the webby interface with Chrome.
  • WordPress Android uses an embedded WebView which does not implement client certificates at all.


Others have tried … but Android does not yet support this concept

Android Is Huge. But Here’s Why Developers Keep Favoring Apple | Business Insider

Android Is Huge. But Here’s Why Developers Keep Favoring Apple; ; reporter; In Business Insider; 2014-04-03.

tl;dr => only poor people have Android; rich people have Apple gear.


  • Share of visits to e-commerce sites from tablets
    • iPad: 87%
    • Android: 11%
  • Average order value from tablets
    • iPad: $155
    • Android: $110
  • Share of visits to e-commerce sites from phones
    • iPhone: 60%
    • Android: 39%
  • Average order value from phones
    • iPhone: $126
    • Android: $136
  • Only on phones do Android users spend more.
  • Colorful
    • iPad users spend — $155 on 87% of visits
      colorful: Apple users do their shopping on iPad; only use their phones for the loose-change stuff.
    • An Android user is worth 1/4 of an iOS user


chart of the day ios android monetization gap

Android Apple

Android iphonesan francisco iphone android appleAndroid Apple

Via: backfill

Intel Merrifield SoC will have “Hooks” to truncate OS functionality for aftermarket OS installs

Hooks im Kernel sollen Android sicherer machen; at Cebit, in; 2014; In German.



Via Google Translate

Intel : hooks in the kernel to make Android more secure

Cebit 2014

Starting with the next SoC design , Merrifield, Intel plans to incorporate new security features in its x86 Android kernel . You should ensure , among other things , not slow virus scanner that tablets and smartphones unnecessary.

” We shall come originally from the corporate sector,” explains Frank Kuypers Intel talking to at Cebit . And for professional clients Kuypers is known as ” Technology Specialist ” also responsible . The moan of his observation after the moment especially on the proliferation of Android devices that are to be brought safely to the corporate network .

To this end, Intel wants that develops for years the x86 version of Android along with Google , in the next versions of its Kitkat kernel – install new features – ie for Android 4.4. Especially Hooks play a role , they are simple interfaces with which code can be inserted from one program to another. This may seem risky for certain tasks but very efficient.

In the case of x86 Android , Intel plans , among other things , file operations virus scanners allow by hooks. To ensure that only new files can then be scanned , for example, in real time , without the anti-malware and the operating system must be the usual way through the file system go . This relieves the CPU, RAM and storage medium and is so little overall slow down the system . With the still expected in 2014 SoC Merrifield Intel wants to use the hooks for the first time .

These hooks will use even with its McAfee software Intel initially , but the company already works with other providers of products for the management of mobile devices together . Whether the hooks are also publicly documented or even an SDK is created but is not yet decided. Frank Kuypers wanted this possibility but also not mutually exclusive.

Why such deeply into the operating system anchored safety features are important for Android devices , the Intel manager said on own example. In the Intel – only network mobile devices with certain versions of Android may not use all the features. Would he be provided with Cyanogenmod smartphone , there would still the Fi – then would no longer get , among other things on the phone all the e- mails to face, because the device would be classified as a potential security risk.

Via: backfill

Beginning NFC: Near Field Communication with Arduino, Android, and PhoneGap | Igoe, Coleman, Jepson

Tom Igoe, Don Coleman, Brian Jepson; Beginning NFC: Near Field Communication with Arduino, Android, and PhoneGap; O’Reilly Media; 2014-01-14; 246 pages; kindle: $10.

AFrame: Isolating Advertisements From Mobile Applications in Android | Zhang, Ahlawat, Du

Xiao Zhang, Amit Ahlawat, Wenliang Du; AFrame: Isolating Advertisements From Mobile Applications in Android; In Proceedings of Annual Computer Security Applications Conference (ACSAC); 2013-12-09; 10 pages.


Android uses a permission-based security model to restrict applications from accessing private data and privileged resources. However, the permissions are assigned at the application level, so even untrusted third-party libraries, such as advertisement, once incorporated, can share the same privileges as the entire application, leading to over-privileged problems.

We present AFrame, a developer friendly method to isolate untrusted third-party code from the host applications. The isolation achieved by AFrame covers not only the process/permission isolation, but also the display and input isolation. Our AFrame framework is implemented through a minimal change to the existing Android code base; our evaluation results demonstrate that it is effective in isolating the privileges of untrusted third-party code from applications with reasonable performance overhead.

Via: backfill

radvd and NetworkManager for RFC 6106 (IPv6 Router Advertisement Options for DNS Configuration)


  • dhcpd (ISC’s DHCPv6)
    • stateless mode is a dhclient-side activity
    • remove the ia (ask for address) statements from the interface stanzas
    • Example:
      iface eth0 {
      option domain
      option time-zone
      ... }
  • radvd
    • AdvManagedFlag off;
    • AdvOtherConfigFlag on;
    • RDNSS address list {
      AdvRDNSSPreference 8;
      AdvRDNSSLifetime 3600;
      ... }
  • NetworkManager
    • nmcli connection
  • rdnssd
    • obsolete, incorporated into NetworkManager

Commentary & Tutorial

  • Jeremy Visser; Is an IPv6-only Network Feasible?; In His Blog; 2012-06-13.

    • <quote>Ubuntu 12.04 this works out-of-the-box with NetworkManager. On older versions of Ubuntu, you need to change IPv6 from “Ignore” to “Automatic” in NetworkManager.</quote>

Commitments & Comparisons

Fedora, Scoping & Project Documentation

Fedora 12

Comparison of IPv6 support in operating systems; In Jimi Wales’ Wiki

  • Fedora 13 => OK
  • RHEL6 => OK
  • Ubuntu 11.04 (Natty Narwal) => OK
  • Android => NO (Neither: DHCP6, ND RDNSS)
    1. Issue 32621: Support for DHCPv6 (RFC 3315)
    2. Issue 32629: Support for Recursive DNS Server Option in ICMPv6 Router Advertisements (RFC 6106)



  • RFC 6106 IPv6 Router Advertisement Options for DNS Configuration; J. Jeong (Brocade), S. Park (Samsung), L. Beloeil (France Telecom), S. Madanapalli (iRam); 2010-11.
  • RFC 4861 Neighbor Discovery for IP version 6 (IPv6); T. Narten (IBM), E. Nordmark (Sun), W. Simpson (Daydreamer), H. Soliman (Elevate); 2007-09.
  • RFC 3736 Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6; R. Droms (Cisco); 2004-04
  • RFC 3315 Dynamic Host Configuration Protocol for IPv6 (DHCPv6); Editor: R. Droms (Cisco); J. Bound (HP), B. Volz (Ericsson), T. Lemon (Nominum), C. Perkins (Nokia), M. Carney (Sun); 2003-07.

Via backfill

Replicant is a FOSS Android clone


Rick Lehrbaum; Replicant fully-free Android distro project solicits funds; In Linux Gizmos; 2013-07-26.




  • 2010
  • <quote>to unify the efforts of various individuals attempting to produce a fully free Android distribution</quote>


  • Founders
    • Aaron Williamson
    • Graziano Sorbaioli
    • Denis “GNUtoo” Carikli
    • Bradley M. Kuhn
  • Recent
    • Carikli Kocialkowski
    • Paul Kocialkowski

Via backfill

CyanogenMod to end Tegra 2 support

Status Update: Tegra 2 Support; CyanogenMod on G+; 2013-06-25.





  • The “next Android release” (unstated time)


  • Tegra 2 no NEON
  • Tegra 3 have NEON



  • Atrix uses outdated nvidia hal (and old kernel), not made for ics and jelly bean, but there was a recent port to Linux 3

Google’s ‘Moto X’ Phone Rumor Roundup | Phone Arena



  • Names
    • Motorola XT1056, XT1058, XT1060
    • Moto X
    • Motorola X Phone
    • XFON (probably an AT&T specific branding)
    • Ghost
  • Display:
    • 4.7″ or maybe 4.6″ or maybe 4.5″
      (older rumors had 4.8″ and a maybe a small variant)
    • OLED
    • Resolution: 720p (720 x 1280; older rumors had 1196 x 720)
  • Basics
    • 1.7GHz dual-core Snapdragon (Qualcomm Snapdragon S4 Pro)
    • RAM: 2GB
    • Storage (internal, “native” flash storage)
      • 16GB
      • (maybe) 32GB
  • Cameras
    • 10MP rear-facing camera
    • 2MP front-facing camera
  • Radios
    • NFC
    • Bluetooth 4.0 with Low Energy, Enhanced Data Rate
    • 802.11ac (a/b/g/n/ac
    • Telecom
      • AT&T => <quote>something</quote>
      • Sprint => <quote>The device has LTE Band 25, which is only used by Sprint. Interestingly, it also has certification for HSPA+ 21 Mbps on the 850, 1900, and 2100MHz bands, but the documentation says that the device will be SIM-locked for all US carriers. </quote> source
      • Verizon => <quote>something</quote>
  • Battery
    • (maybe) Removable battery
    • (maybe) Buitin Battery
  • Android
    • Android 4.2.2
    • a.k.a. a Jelly Bean variant
    • (expected) stock Android with no MotoBlur,
    • (maybe) Google Edition, Google Experience Device
  • Branding
    • (probably) a single one-off device
      • (probably-not) a family of devices
    • Something about how this is the “last Motorola device” after which Motorola will “disappear” while they retool for some vague relaunch in the future with different branding, trade dress, theming.  Something like that.
  • Colors
  • Released 2013-08-01 (maybe)
  • Availability
    • (maybe) Sold from Google Play Store
    • (unclear) Carrier lockin contracts
  • Assembly
    • “in USA”
    • <quote>Some components will still come from Taiwan and Korea, but manufacturing of the handset will happen just outside of Fort Worth, Texas at a 500,000 sq. ft. plant that is had been used by Nokia for manufacturing phones. Ultimately, about 70% of the manufacturing will be done in Texas.</quote> source
  • Carriers:
    • AT&T => expected from the XFON trial rumor
    • Sprint => expected from the LTE tests, source of the leaked photos
    • Verizon => maybe, maybe confirmed


  • BGR sources from Phone Arena
  • Phone Arena sources from Android Authority, All Things D, Droid Life, evleaks, Mobile Syrup


In archaeological order, therefore repurposed posts appear prior to original reporting.


  • Dennis Woodside, CEO, Motorola, division of Google

Via: Daniel P.; Mysterious Motorola X phone picture pops up, testing as the XT1056 on Sprint’s LTE; In Phone Arena; 2013-06-26.

Via: ; Google’s ‘Moto X’ phone revealed in leaked photo; In BGR; 2013-06-26; repasted from the Phone Arena piece.

Motorola Atrix HD to Jelly Bean 4.2.2 with CyanogenMod 10.1

Marius Maria; Update Motorola Atrix HD to Jelly Bean 4.2.2 with CM10.1 Custom ROM; In Some Blog entitled Android Geeks; 2013-04-29.


Via backfill

Morotola X Phone (XFON) Rumor Roundup

Rumor Roundup

  • ; Moto X Phone Specs Leak Points to Most of What We Already Know, 10MP Camera Though; In Droid Life; 2013-06-16.

    • Source: @evleaks (a single tweet)
    • Lede image of something looking like a Moto phone with the words Motorola confidential property printed on it.
    • 1.7GHz dual-core MSM8960 Pro processor
    • 720p display
    • 2GB RAM
    • 16GB internal storage
    • 10MP rear camera; 2MP front camera
    • Android 4.2.2
  • ; Verizon’s Motorola XFON Hits the FCC as Model XT1060; In Droid Life; 2013-05-24.

    • No pictures
    • Images of fragments of government (FCC) documents.
  • Other Untraced Rumors
    • Available 2013-07.
    • Not a Google Experience Device.
    • Something close.
    • Will have other sensors and other proprietary software layered on top.
    • Unclear if it will have carrier crapware on top of that.

Hewlett-Packard sources Slate 7 from BYD Electronic International Co & Fuzhou Rockchip Electronics

Via: Eva Dou; China Gains Tablet Foothold; In The Wall Street Journal (WSJ); 2013-03-14.


  • Chinese vs Taiwanese manufacturers
  • Slate 7, Hewlett-Packard
  • China
    • BYD Electronic International Co.
  • Taiwan
    • Hon Hai Precision Industry, subsidiary Foxconn International Holdings Ltd.
    • Quanta Computer Inc.
    • Compal Electronics Inc.
    • Pegatron Corp.
    • Acer Inc.
    • MediaTek
  • BYD Electronic International Co
    • Shenzhen
    • Products
      • Electric cars
      • Batteries
    • 10% owned by Berkshire Hathaway (Warren Buffet) since 2008
  • Quotes & Quips
    • Arthur Hsieh, UBS
    • Alberto Moel, Sanford C. Bernstein
  • Hewlett-Packard
    • Slate 7 tablet
    • Processor from Fuzhou Rockchip Electronics

      • Qualcomm
      • Nvidia
  • Acer Inc.
    • Jim Wong, President
    • Iconia B1 tablet
      • Processor from MediaTek

The excess permissions in Android Apps – Adobe Reader, Dragon, Evernote, Groupon, Hipmunk, LinkedIn

Via Sebastian Porst circa 2012-04-27.

Each one deserves treatment on its own

  • Adobe Reader: Full Internet Access (+Adobe)
  • AppAware: Retrieve running applications (+AppAware)
  • Dragon, Fly! Free: Modify/delete USB storage contents
  • Evernote: Read calendar events, plus confidential information (+Evernote)
  • Groupon: Automatically start at boot + Modify/delete USB storage contents (+Groupon)
  • Hipmunk: Read calendar events, plus confidential information (+Hipmunk)
  • LinkedIn: Read contacts, calendar events, plus confidential information (+LinkedIn)
  • Uber: Read contacts, Take pictures and videos without confirmation,
  • Xing: Read contacts, Your Accounts, Take pictures and videos without confirmation, Control Near Field Communication

These apps don’t work on your behalf.  As such, all of these earn the coveted Poisonous App.  Avoid.

  • There’s some argument that perhaps a travel scheduling app needs to see your calendar.  Maybe.
  • But why a social networking app needs to see your calendar+confidential is unclear.

Jeannie (like Siri) is fantastically dangerous

Jeannie (Like Siri)

This means that any elements on any calendar that is visible to you (shared with you) is totally public.  It can be, and you consent to have this indexed and displayed to the world irrevocably.  For this, the app receives the coveted Poisonous App appelation.  Avoid.

Who are these people and why would they even want to hold that sort of data?  Temporarily?  Ever?

From the permissions page on Play Store.

Your personal information

read your contacts
Allows the app to read data about your contacts stored on your tablet, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge. Allows the app to read data about your contacts stored on your phone, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge.
read calendar events plus confidential information
Allows the app to read all calendar events stored on your tablet, including those of friends or co-workers. This may allow the app to share or save your calendar data, regardless of confidentiality or sensitivity. Allows the app to read all calendar events stored on your phone, including those of friends or co-workers. This may allow the app to share or save your calendar data, regardless of confidentiality or sensitivity.
add or modify calendar events and send email to guests without owners’ knowledge
Allows the app to add, remove, change events that you can modify on your tablet, including those of friends or co-workers. This may allow the app to send messages that appear to come from calendar owners, or modify events without the owners’ knowledge. Allows the app to add, remove, change events that you can modify on your phone, including those of friends or co-workers. This may allow the app to send messages that appear to come from calendar owners, or modify events without the owners’ knowledge.


OnStar RemoteLink app, Android

Whereas I joined the club, now I get to comment as part of the experience.

From before…

Problem Statement

  • What is it?
  • What’s the vision/value prop. of the service/product?
  • What does it do for me?
  • Is it worth it? (will it be worth it if/when I pay for it)?

Still assessing OnStar RemoteLink App as

Current Estimate Tending & Aspiring Towards
Needs Work, You Pay Me for My Time Helping You Debug Good Enough To Be Free



Reading device status off of the car works. That’s a neat convenience.  “Neat,” but worth $0/month because it ought to be doable with this technology (Android) without server-side support and at zero cost to GM.

Actualities of success:

Critique & Review

OnStar RemoteLink Android


They are not kidding about the admonishment of incompatibility:

Requires Android OS 2.1 or later. Resolution must be one of the following: FWVGA (480×854), 3.5″-4.0″ diagonal. WVGA (480×800), 3.3″-4.0″ diagonal. HVGA (320×480), 3.0″-3.5″ diagonal. Check your owner’s manual for details.

This paragraph is a very fancy way of declaring

  • Does not work on GED device tablets
  • Does not work on the Xoom
  • Does not work on the Nexus 7
  • Does not work on anything but teensy tinsey little screens.

When people talk about the “fragmentation of Android” this is the problem that they are talking about. It’s not a problem with Android but a problem with the developers, who typically are time-and-materials consultants.  There is absolutely nothing in the functionality of the app that can’t be delivered on a varying-sized screen, even a screen as large as a tablet.  Absolutely nothing.  Yet they precluded it from even running in a fat-font mode on the current-generation Android hardware, however ugly that might be.  There ought to be a tablet-class variant of this app.  The Play Store’s device compatibility system prevents the app from being visible on your tablet or from being remote-provisioned onto your tablets.


The app is very slow to start, sign in to OnStar and to acquire data.  It seems to do synchronous lock-step communication to the servers.  Nothing is asynchronous or “in the background.”  The data is never “at the ready” or “waiting for you.”  You wait for the app, you wait for the data.

  • When you fire up the app, there is a “waiting to connect stage” that is long enough that you put the phone down and come back.
  • When the app fires up, the car’s status is not “at ready.”   The status exhibited to you is the dataa that was last acquired from the car, stored locally on a cached-copy basis.  That is, it is the data from the last time you ran the app.  Frequently this irrelevant and your first act is to press “refresh.”  And then you wait, you put the phone down, you go away, you come back, unlock the phone and see if your car status is ready.
  • Refresh is synchronous and you wait.

The waiting issue is long enough that you would never be able ot use the app as a substitute for the keyfob controls (see above).  You’d never get signed in in time.

Buggy unto Does.Not.Work.

  • The alerts system is busted.  It will not “sync alerts” onto the vehicle.
  • Recovering status out of the vehicle does work.
  • Therefore it is not a “connectivity problem”
  • Ticket 24  ‘OnStar RemoteLink’ cannot set alerts on presented.recondite on Jelly Bean [access is limited]
    Summary: includes actualities of traceroute4 and tcpdump of the https traffic into onstar server head-end; the app communicates to OnStar servers, but fails to set email & SMS alerts; it can & does recover the Volt’s dashboard data (as shown above).

Peer-to-Peer versus Client-to-Server

Embarassingly, you may be standing standing right next to the car when you ask for the car’s status.  The app and still has to communicate back to the servers in Detroit, MI which then may or may not “dial” into the car to pick up the latest data set.

This is an architecture issue.  This problem is not unique to OnStar.  It is endemic in the mobile world where device-to-server communication over IP (IPv4) is device-independent, cheap, secure and reliable (as these things go), but slow, inefficient and backhaul route dependent; in contrast device-to-device connectivity via any of WiFi ad hoc, Bluetooth or NFC is substantially unused and unproven except as kids’ toy remote controls or as audio headset controllers.  Peer-to-peer device-to-device still isn’t trusted-reliable enough to do device-to-device data movement where one cares about the data.


Car design & build cycles are 8 years + 10 years of useful lifetime.  Phone & tablet design cycles are 2 years + 18 months of consumer lifespan; app development cycles are measured in “teens” of “sprints” which last two weeks (by definition).  So any time now, GM could come out with an Android App that “is great.”  (ahem, or they could open source the protocols and let the enthusiast community build such for them; like the other guys are doing with OpenXC).

Open Vehicle Systems | Open Vehicle Monitoring Systems (OVMS)

Site & Project

Product & Output


  • Precise Location
  • Full Network Access


  • Feels like “OnStar RemoteLink for Tesla”
  • Tesla focused (exclusively)


Among the Site Name, DNS name, Product Name, App Name

  • Open Vehicles
  • Open Vehicle Systems
  • Open Vehicle Monitoring Systems