I installed CyanogenMod on my three-year-old Samsung Galaxy S III phone. It was easier than I’d expected, and it’s like having a new phone. Here are a few notes.

These S3s were very popular, of course, and with good reason. They’re good. This one has served me well for three years. I bought it after staying up all night for In Fear We Trust at the 2012 Nuit Blanche—I remember grabbing some zeds at 8 am, waking up at 10, looking at the newspaper and seeing a big ad from Rogers, my phone company, saying I could upgrade for a penny if I committed to a three-year contract (which they can no longer do). I needed a new phone—I’d cracked the screen on the one I had, and slivers were starting to come off in my fingers—and I thought, “Heck, I’ve already stayed up all night, I might as well get a new phone. This weekend, anything can happen!” I might have been a little dazed, but it was still a good decision.

There are an astounding number of videos on YouTube of people showing how to install Cyanogenmod on phones, and they all mention links in the notes or on their web site where everything is all explained. I watched a few to see what the general process was like, but the specifics didn’t help. (Furthermore, I can’t make head or tail out of forum.xda-developers.com, and downloading binaries made by some anonymous user on a message board is weird and unsettling.) For that, all I really needed were these two pages: the official instructions and one with extra details about how to do it with TWRP (a recovery boot manager thing):

• How to Install CyanogenMod on the Samsung Galaxy S III LTE (“d2lte”)
• How to install CyanogenMod 12 on your Android device

Before all that, I’d done a few things:

• backed up what I could
• made a list of all the apps installed
• got all my photos and such off
• made sure developer mode was enabled
• installed adb and heimdall (sudo apt-get install android-tools-adb heimdall-flash on my Ubuntu machine)

Then following the instructions linked above worked very nicely (except I had to run heimdall as root). I used the d2can TWRP image, because that’s what I saw in the prompt when I ran adb shell to log into my phone when it was connected by USB. I got the latest versions of Cyanogenmod and the Google apps package and they went in a treat.

The only problem I had was rebooting into the TWRP recovery mode after installing it. I was pressing Volume Up + Home + Power, as required, but either not long enough, or too long, and it took a few tries to realize when to let go of the buttons.

After the install I rebooted (the first time was slow) and all was well. I hadn’t bricked it and I could make a phone call. Two-factor authentication made reconnecting my accounts take a little while, but that’s no problem. Now I’m reinstalling all my favourite apps (like Tasker) and configuring things the way I like. I think I liked a few things about the S3 a little more, like the way text messages looked, but generally everything is an improvement, and I’m very happy to be rid of the useless apps Rogers and Samsung forced on me.

The home screen can handle more icons and widgets, but I had to get rid of the Google search box as soon as possible.

Overall the phone seems to be running faster, but it may also be using more battery, or that may just be the new operating system getting used to my aged old worn-down system. I’ll see. Either way, it’s like having a new phone. Rogers only had me on Android 4.1.1, but now I’ve got Android 4.4.1, and when there’s a Cyanogenmod version of Android 5 for my phone, I’ll install it.

Access is the annual Canadian conference about libraries and technology. The 2015 conference is in Toronto (the program looks great). As usual at Access, before the conference starts there’s a one-day hackfest. Katie Legere and I are running a special hackfest about music and sonification, to be followed by a concert after the hackfest is over. It’s a hackfest! It’s a happening! It’s code and data and music! Full details: Music, Code and Data: Hackfest and Happening at Access 2015.

Coursera sends me emails every now and then suggesting courses I might want to try. The emails are filled with stupidly long URLs like this, which I present in 20-character lines:

https://eventing.coursera.org/redirect/
_WtLvKefAb4HnpCdGvrQ
2Bzme2yv6Vbcd4MdVvIA
AHedEK3IwHDRNzGbV5R1
1c43qg-ohDi3F4H4lL1K
qvDPBg.DVNpoJbn4hljT
4VLZbW1Cg.Uz-IOZ2YNh
Fi1RAvvYlFfrp8yzjINi
9_AfhUNf7kYjg2ZfF36n
fY8EiibmNlPznFJVn4ue
8qRs0SM_mWqyoNNQk9Dx
qFeymHudQYCQs2xX3nAT
hQ0lbLN_Rxz1ht8k3aTk
Il3FUWpTfVhkkViMBsvn
y7kkgpArIc9gF1TC8DeU
p9Y8iCfRJfFT5pEkJUF3
VcBWKGUxQ1wZ88i79cCX
xH6WPX11pb-gQgDSSUMN
gK1ZMuZweIsc4tLbjXqS
rUpx8Ot672hFol7a5YSM
5DUBaFhO_5bdEEmIgN9D
J0YzrZuMqDmdzdlZqhVl
UrQbkMHAedLOJPhOXOWm
IMzJZH-KYx-DDys6jsSb
swOemmenthal7dMVIceI
98sB285q1GMrIyZYM2Vq
telTYNMWkperOLU9y7nW
cvg-kNp2cBtiXFV-Lu8z
c_wHdBdHUNd9IS0NdqG1
l0J0CQIIhyCVTlF81agA
B2IrOF0_XPjXNoETLRcv
whOf4OQ-ZUJdHGWUvXiW
sfWqenNfCfFHNanfsaet
vom-h43cK-oVlYMxSk1y
61YKrNZWhGFS4Vll1SO2
jRASohdxl-bEv2dz3YNW
kzlr-PW-KpBYqtUVxe3T
l69PUWmCiPOJ1Aji1zt7
LTCtooooastlt8tBO8gM
xiST4k6qLRxbpkChl6vZ
TWmvTEky58_duy-wibto
3pa_-aVfrdpn2TTEHd73
D76Ageve48W7hS8UG7eP
raJ1EItRnW3K3V5VwMMr
_UU5YVNeuED1Pq9GYXTG
VRbZp071g-iiOP5EE_W2
vKipOa1YnwO2S-LN7Lvc
uBF_nOexEE0daZlKXbjiZi

That is 942 characters long. With lower- and upper-case letters, numbers, underscores and hyphens available, each character in the string can be one of 64 choices, so there are 64^942 possible strings, which Wolfram Alpha says is on the order of 10^1701.

What is going on in Coursera’s notification system?

Genius at Play: The Curious Mind of John Horton Conway, by Siobhan Roberts, is the best biography I’ve read in a while, and it’ll be in my top ten favourite books of 2015. Conway is a mathematician, an unruly digressive eccentric fascinating genius mathematician, and this is an unruly digressive eccentric fascinating biography, because no normal narrative structure (like Roberts used for her fine biography of straitlaced geometer Donald Coxeter) could get across what Conway is like. Conway’s such an unstoppable force he gets his own typeface in the book, so he can explain mathematics or tell a story or just interject.

Here’s a trailer Roberts did for the book:

Everyone in mathematics and computer science knows Conway, for the game of Life (which he grew to hate), combinatorics, games, surreal numbers (which inspired Donald Knuth to write a novel), group theory, the Doomsday algorithm (a great trick, and part of Conway’s regular shtick), the free will theorem, and much more. He’s done major work in many different areas of mathematics.

One of the delights of the book is how well it gets across Conway’s unceasing desire to know everything, especially mathematics, and his absolute excitement and delight in numbers and geometry and groups and games. He’s a genius. The way he is in this world is not the way that other people are.

Conway is quoted extensively in the book. I especially like this one, from near the end:

Richard Dawkins wrote a book before he wrote The God Delusion called Unweaving the Rainbow. Now, this title is taken from a few lines from Keats. He says, “Shalt thou unweave the rainbow?” And it’s a vaguely unscientific theme. He’s saying if you explain the rainbow, it is somehow making it less beautiful, by taking away the mystery from it. But everybody who knows anything about anything knows that the more you know, the more beautiful it is.

This is the same point Richard Feynman made:

Feynman said:

I have a friend who’s an artist and has sometimes taken a view which I don’t agree with very well. He’ll hold up a flower and say, “Look how beautiful it is,” and I’ll agree. Then he says, “I as an artist can see how beautiful this is, but you as a scientist take this all apart and it becomes a dull thing,” and I think that he’s kind of nutty.

First of all, the beauty that he sees is available to other people and to me too, I believe, although I might not be quite as refined aesthetically as he is, I can appreciate the beauty of a flower. At the same time, I see much more about the flower than he sees. I could imagine the cells in there, the complicated actions inside, which also have a beauty. I mean, it’s not just beauty at this dimension, at one centimetre; there’s also beauty at smaller dimensions, the inner structure, also the processes. The fact that the colours in the flower evolved in order to attract insects to pollinate it is interesting: it means that insects can see the colour. It adds a question: does this aesthetic sense also exist in the lower forms? Why is it aesthetic? All kinds of interesting questions which the science knowledge only adds to the excitement, the mystery and the awe of a flower. It only adds. I don’t understand how it subtracts.

Conway was talking about rainbows because he’s fascinated with them and and how they work—which, of course, most people don’t, or why you can sometimes see two rainbows, or that third and fourth rainbows are also possible. The quote continues, in classic Conway style:

And I think that is the theme of Dawkins’s book—he’s referring to Keats and saying, “No, it’s a good idea to unweave the rainbow.” I keep on meaning to catch Dawkins one day and interrogate him on how the rainbow is formed. Because I think if he’s written a book called Unweaving the Rainbow, he should actually succeed in unweaving the rainbow. Maybe he does, I don’t know, I haven’t read his book. So maybe he knows how the rainbow is formed, but it’s really quite conceivable that he doesn’t, because so very few people do.

This is an unusual book, and the only one I can think of that’s similar is Willeford by Don Herron, his biography of Charles Willeford, the great American novelist. (The Burnt Orange Heresy is the finest novel about modern art ever written.) When I first read it I didn’t appreciate how good it was. Herron knew Willeford. Willeford was a supreme storyteller (and bullshitter, in the best sense), and the usual biographical approach wouldn’t work with him, so Herron did it differently, with the kind of approach Roberts takes with Conway. Willeford still deserves a serious academic biography, but you wouldn’t get to know the man in that book like you do in Herron’s.

(By the way, if you’re ever in San Francisco, take Don Herron’s’ Dashiell Hammett walking tour. I went out with him, just the two of us, in 2008, one of the most memorable days of my life. He took me all over Hammett’s San Francisco, including where Brigid O'Shaughnessy shot Miles Archer, and most amazingly of all he was able to show me the apartment where Hammett lived when he wrote The Maltese Falcon—the apartment is the exact model for Spade’s. I’ll never forget that.)

Back to Genius at Play. I highly recommend it. Even if you’re not too interested in mathematics, it’s worth reading. Roberts and Conway do a fine job of explaining the math, but what’s most important is Conway himself, and his utter joy and complete involvement in what he does, same as a composer or painter might have, or, perhaps, that we all seek in our own lives. (Though probably with fewer marriages and affairs.)

Finally, here’s a Numberphile video with more from Roberts, where Conway goes to McMaster University so Sandra Witelson can run an fMRI on his brain. The grumpy visit is also described in the book.

I listen to Rdio a lot, and I hooked up an old laptop to my stereo with a FiiO E10 USB digital-to-analog converter (it’s great, and priced low) for maximum home listening pleasure. The laptop is a Lenovo Thinkpad X120e, running Ubuntu. I like Thinkpads (I’m writing this on an X240), and they wear well, but the battery on it is pretty much dead, and I spilled a glass of red wine on the keyboard and Page Down sticks, but still, if you spill wine on an advanced computing device, that’s a small price to pay. It was cheap Argentine malbec, so no major loss there either.

A few days ago I ran the updater. One of the updates was to the kernel, which might have been where the problem arose: the machine wouldn’t boot! It started up, detected the hard drives, the screen flashed … and then instead of the login screen showing up in a few seconds, the screen stayed black. If I booted into recovery mode and then rebooted it would work, but at low graphical resolution, and that’s a stupid fix anyway.

After some fiddling I decided Ubuntu just wouldn’t work on it, so I tried to install Debian. The Thinkpad requires a non-free driver for the wifi to work, so I installed with the thing plugged into my router with a cable, got it going, made sure it would reboot properly, added the firmware-realtek package … and it just wouldn’t see the wifi device. After more fiddling I decided Debian wasn’t the thing either.

Next I tried Linux Mint, is based on Debian and Ubuntu, and (philosophically troublingly, but installationally pleasingly) includes non-free wifi drivers, so it all worked pretty much out of the box. (Debian’s great on servers, but Ubuntu and Mint have made installing on a personal machine much, much easier.) All I’ll ever do on it is use Firefox or ssh in from the other side of the room, so I don’t care what it looks like. I got the sound configured to use the FiiO E10, and all is well. I logged into Rdio to find Iron Maiden have released “Speed of Light,” a song from Book of Souls, which comes out next month, so I cranked that up and got back to work. Up the Irons!

A quote from a sermon given by an Anglican minister a couple of weeks ago: “Jesus, to his credit, was a lot more honourable than some of us would have been.”

I updated the list of fictional footnotes with more information on Don’t Ask (1993) by Donald E. Westlake, which I just read (it’s a Dortmunder):

Two chapter headings have footnotes that identify them as “Optional—historical aside—not for credit.” Chapter six mentions a street with “a whole block of taxpayers.” This is footnoted: “A temporary structure, commonly one story in height and containing shops of the most ephemeral sort. Constructed by owners of the land when a delay is anticipated, sometimes of several decades’ duration, between the razing of the previous unwanted edifice and the erection of the new blight on the landscape. Called a ‘taxpayer’ because that’s what it does.+” The second footnote, indented under the first, says, “Didn’t expect a footnote in a novel, did you? And a real informative one, too. Pays to keep on your toes.”

The t.p. verso of my 1994 Mysterious Press paperback edition has this:

Enjoy lively book discussion online with CompuServe. To become a member of CompuServe call 1-800-848-8199 and ask for the Time Warner Trade Publishing forum. (Current members: GO:TWEP.)

I called the number but got a fast busy.

Here’s an update to my post a month ago about the Firefox extensions I use on my laptop to increase privacy. I’m no expert, and it may do little or nothing against spy agencies, but it does confuse corporate tracking, which is also important. One key point, which does defend against spy agencies: use Tor more (but watch out). Every grain of sand we each throw in the gears is a help.

Remove Chromium

First, though, yesterday I deleted Chromium, the purportedly free and open browser that Google extends to make Chrome, its proprietary browser. I had used it as the only browser for using my Google accounts (which are purely for work) and for other web sites that had unreasonable demands for cookies and Javascript but that I had to use (such as for buying a ticket to a concert). Then I saw Rick Falkvinge’s Google Chrome listening in to your room shows the importance of privacy defense in depth, which reports that the browser was secretly downloading a binary that would let it listen for “ok google” in order to trigger searches.

The browser required a setting to be turned on to actually start listening, Google says, but nevertheless, without my knowing it, a blob of unknown code had been installed on my computer that could listen to my microphone. The links in Falkvinge’s piece are worth following to what developers thought of this and how Google handled it. The Guardian picked up the story with Google eavesdropping tool installed on computers without permission.

My response:

$ sudo apt-get purge chromium-browser

Of course, I am walking around with a perfectly constructed and highly sophisticated monitoring device in my pocket which must have its microphone turned on—because it’s my phone—but that’s another issue.

I’m not sure what browser I’ll now use for Google access.

Extensions I use

Now, the extensions. I deleted Adblock Plus and now use uBlock, thanks to a recommendation on Twitter. It’s under the GPL v3 and completely free and open, and isn’t, in effect, a protection racket, as described in Both AdBlock Plus and the media are worried about Safari’s upcoming features.

AdBlock Plus needs to work well for its parent company to make money. Not from its users, of course, but from the companies that want to pay the company to make sure their advertisements aren’t blasted into oblivion by the extension.

On my phone I’m still seeing lots of ads (and hence being tracked) but that’s another issue too.

I also installed NoScript, which I should have done a long time ago. It blocks Javascript (and some other things) on sites unless I enable it where I want it to run. It comes with a whitelist, but it’s editable.

This is my updated list of privacy extensions, with their licenses (MPL == Mozilla Public License, GPL == GNU Public License) and links to source if public:

• Better Privacy (“BetterPrivacy is freeware; Non-commercial use and distribution only!”, no source)
• CanvasBlocker (MPL, https://github.com/kkapsner/CanvasBlocker)
• Cookie Monster (MPL, no source)
• Disconnect (GPL, for-profit company, https://github.com/disconnectme/disconnect)
• HTTPS Everywhere (GPL, https://github.com/EFForg/https-everywhere)
• NoScript (GPL, https://github.com/avian2/noscript)
• Privacy Badger (GPL, https://github.com/EFForg/privacybadgerfirefox)
• uBlock (GPL, https://github.com/chrisaljoudi/ublock)

Also:

• Lightbeam (MPL, https://github.com/mozilla/lightbeam)

Check in on Lightbeam every few days to see a nice visualization of how your information is being passed from one site to another. It’s incredible.

Blocking referrers

None of those do anything with the HTTP referer header, so I looked into how to handle that myself. Opening the (pseudo-)URL about:config in Firefox and searching for referer (an aged misspelling) showed this:

Finding the details of these is strangely difficult on the Mozilla Firefox site, but Improve online privacy by controlling referrer information documents them.

network.http.referer.XOriginPolicy

• 0: always send referrer (default).
• 1: only send if base domains match.
• 2: only send if hosts match.

I set this to 1.

network.http.referer.spoofSource

• false: send the referrer (default).
• true: spoof the referrer and instead use the target URI

I set this to true.

network.http.referer.trimmingPolicy

• 0: send full URI (default)
• 1: send scheme, host, port and path
• 2: send scheme, host and port

I set this to 2.

network.http.sendRefererHeader

• 0. never send the referring URL
• 1. send when following a link
• 2. send when following a link or loading an image (default)

I set this to 1.

This may stop some sites from working. I’ll wait and see.

Server-side

Eric Hellman’s Protect reader privacy with referrer meta tags told me about the new referrer (finally properly spelled) meta tag in HTML 5, which allows a site owner to suggest to a browser what referrer information it should pass on to a linked site. You’re viewing this over HTTPS, so this shouldn’t matter when linking to a non-secure HTTP site: 15.1.3 Encoding Sensitive Information in URI’s in RFC 2616 says, “Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.” However, my URL would be passed on to HTTPS sites. To prevent this, I added this to my page template:

 <meta name="referrer" content="origin-when-cross-origin" />

This means that links leading off my site should pass on that the browser came from https://www.miskatonic.org/, without giving the particular page, but links staying inside my site will pass the full referring URL.

Use Tor more

I’m using Tor more. I try to use it for as much regular anonymous browsing as I can: just reading the newspapers or looking at blogs or checking something on Wikipedia or any other normal behaviour. Using Tor like this has two wide advantages: it increases the overall traffic on the network, which helps confuse what everyone else is doing, and it means that more Tor traffic hits regular web sites, which also helps confuse what everyone else is doing. The more people that use it, the better for everyone.

It has its faults. It shows ads! Here’s what the Toronto Star home page looks like right now in Tor:

Not only do I see the ad at the top, which uBlock prevents, it’s messed up and ugly. But I don’t mind.

Using Tor (or ssh) means that you become a permanent target of the security agencies and everything you do will be logged and analyzed, so know what you’re doing.

Still, every grain of sand we each throw in the gears is a help.