Unique Usernames and People Who Want Them

One phenomenon I’ve come across on the internet are unique usernames and the logistics behind people or businesses wanting to steal them, swap them, or purchase them for themselves. Such examples are Moz, Mozilla, Fred, Cosmic Panda, etc.

In 2007, the ‘moz’ username on Twitter.com was taken by Swedish web user Per Mosseby. At some point in either 2012 or 2013, the username was taken over by an SEO business also called Moz.

I had this happen to me on a lesser known web forum for Google Maps. One day I logged in to find a screen forcing me to create a username, but I already had one called ‘Alexander’ which I thought I would cleverly grab while the forum was new. I typed it into the screen, since I assumed I had already ‘owned’ it and it cannot be given to anyone else (turns out it can).

I was greeted with this:

stealers

Therefore, I can only assume that a Google employee or moderator desired the username and took it from me to use it for his/her own account.

People will go great lengths to grab unique usernames online. There have been times when a large business or public figure will somehow quietly steal the username. For example Fred on YouTube was famously given the ‘Fred’ username, which was forcibly taken from its original owner.

However, sometimes businesses will use diplomacy to try and acquire a username. Web user foszor posted online that when Twitter was new, he took the username Mozilla.’ Time passed, and he was contacted by a lawyer for the business. He had tweeted foszor asking him to send an email, then deleted the tweet afterwards. It ended up being a legitimate dialogue for exchanging the username. In return for giving up ‘Mozilla,’ foszor received “2 t-shirts, 3 buttons and some stickers.”

He also mentions that he had the ‘CBS’ username, and that it was stolen from him without any conversation.

The standard procedure businesses go through to acquire usernames is to contact the site and say that they want their trademarked name for themselves. For example, with Instagram you would have to go through a trademark infringement form.

Here is an interesting article about someone who had his rare username stolen through social engineering.

A Step by Step Guide on How to Update a Samsung Galaxy S7 (SM-G930F/FD) with Magisk Installed.

I do this every so often, so I’m keeping a post here to remind myself how to do it. This guide assumes you have an Exynos S7 rooted with Magisk, and that you want to update your phone’s official firmware. I’m not going to walk you through everything, so you’ll have to know quite a bit about rooting before you read this guide. Remember to back everything up, calls, texts, media, apps, you name it. This process takes a few hours.

Obligatory disclaimer: I’m not responsible for what happens to your phone, you are. Your phone could be rendered inoperable if you choose to follow this guide. In fact you should not follow this guide, get out of here.

Things you should already have:

  • Your phone, with a battery charge of at least 70%
  • Odin
  • Team Win Recovery Project (twrp) for herolte (or hero2lte for Edge) or an alternative custom recovery zip
  • no-verity-opt-encrypt-5.1, a script in the form of a .zip which you should have used when flashing Magisk for the first time
  • The Magisk zip you want to re-flash, or preferably the most recent version
  • The Magisk uninstaller zip
  • Your chosen region’s update firmware files
  • A USB cable.

Magisk XDA thread to download Magisk files from: https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445

Here’s a step by step guide, now that you have everything you need:

Step 1: Readying the Resources

http://updato.com/firmware-archive-select-model?q=GALAXY+S7

From this link, you’ll need to find the firmware version you desire. For example, the firmware code I’ll use is BTU, which matches my desired phone region. An alternative site would be Sammobile. No matter what website you choose; it will take hours to download the firmware, so be prepared for that. The Edge has separate firmware, so don’t mix them up.

Move the no-verity patch, the magisk zip, and the magisk uninstaller zip onto your phone using a file-transfer method through USB. Move them to the SD card, not the internal memory. Your phone’s internal memory will be unreadable after you flash a custom recovery, so you must use an SD card.

12

12

 

Now you’ve got the zip files on your phone ready to use later. Once done, unplug your phone from the USB cable.

Double-check you have all of your resources. Preferably organised in a folder on your computer. You WILL need to re-flash TWRP (or an alternative recovery) once your phone has been updated, so don’t skip on that even though you already have it installed on your phone. This is because everything on your phone, including the recovery, is overwritten by the firmware flash, apart from your personal data if we use HOME_CSC (hopefully, friendly reminder to backup). However we will not be using HOME_CSC, we have to use CSC instead because updating a rooted phone and retaining user data causes it to soft brick.

For reference, this is how the folder looks on my PC:

et phone hom

In my folder, I have an additional folder; my old firmware. This isn’t required for what we’re doing now though.

Inside the fully-downloaded firmware folder looks like:

et phone hom2

If your files do not look like this, double-check that you’ve gathered everything you need.

Step 2: Removing Magisk (We’ll install it again at the end)

Check that

Boot your S7 into recovery by having your phone fully turned off, then holding the “Volume UP + Power + Home” buttons simultaneously until you see the Samsung boot logo. You should now be on your recovery screen (if you have stock recovery, you have come to the wrong guide).

Important: if you never flashed the no-verity patch when you first rooted using Magisk, removing Magisk will soft-brick your phone. If this applies to you; you can either skip this step, or take the risk. If this doesn’t apply to you, carry on.

From recovery, go to install, then you should find your Magisk-uninstaller zip where you saved it. It may take some navigating. Find it and flash that bad boy. If all went well, which it did for me, your phone is now unrooted. If you see any red messages, try again. If it persists, I’m afraid you’ll probably need to factory reset and restore your backed up data. A more simple way of removing Magisk is to do it from the Magisk manager app itself, but since we want to do the job properly, we flashed the zip. Tap on reboot system.

If all went well, your phone turns back on normally but now it doesn’t have Magisk installed. Turn your phone back off, it’s about to get real.

Step 3: Flashing the New Firmware

Open up Odin on your computer. For better measure, you can right-click the program and select “Run as administrator”. As you already have Magisk on your phone, you must be thinking “hello darkness my old friend”, being familiar with Odin.

You need to unzip the firmware file before you put any of the files into Odin, so make sure you’ve done that before carrying on.

You should be seeing this interface:

odeein

Click on BL and it’ll open a windows explorer window. Navigate to the firmware folder you saved and select corresponding MD5 hash file with the prefix “BL”:

ballz

 

 

 

 

 

Now it’s been selected under the BL tab:

ballz2

Do the exact same for the other tabs by selecting their corresponding prefix from the firmware folder except from the CSC file. i.e. the AP file goes in the AP tab and the CP file goes in the CP tab. The program might stutter a bit as it checks the files.

For the CSC tab, you want to do something slightly different. Do not select the HOME_CSC file. Instead, select the similar “CSC” file.

Remember, if you use the HOME_CSC file instead of the normal CSC file, your phone will soft brick when the new firmware is flashed. Do not try it. Backup and reinstall your user data.

At this point you should be seeing something like this:

32523532

Your phone should still be off, if it isn’t then turn it off. Hold down the Volume DOWN + Power + Home” buttons to enter the firmware download screen.

Press “Volume UP” to confirm. Now plug your phone back into the USB cable, this is the moment of truth. In the log, something similar to “<ID:0/004> Added!!” should appear, showing that the program has recognised your phone plugging in. The number that appears on your screen may differ.

Do not change anything in the options, these should be the default settings:

opts

Press “Start” and the firmware download process will begin. This takes a few minutes, so make sure you don’t accidentally unplug the phone in the process.

Step 4: Making Sure the New Firmware Works

Once completed, you should be seeing this:

ye boi

At this point, it’s safe to disconnect your phone and close Odin if you so wish, but we’ll be needing it again in a second. Your phone should also display a few update screens, let it do its thing. It can take up to 15 minutes and get hot to the touch so be VERY patient. If your phone has not left the boot screen for half an hour, then it’s time to worry and you will likely have to enter recovery and factory reset. Luckily, that’s the reason we backed up.

The reason we turn on the phone again is so that we can confirm the phone is still working as it should before we root it again. It also gives it a chance to completely finish the update process before we flash anything again.

Step 5: Re-flashing the Custom Recovery

Once you’ve confirmed everything is still where it should be, you can install the custom recovery again. If for some reason your phone was wiped, you need the no-verity patch and the magisk zip stored on your phone somewhere.

In this guide we’re using TWRP, but other custom recoveries work as well. Turn off your phone and run Odin again. On Odin, place your TWRP tar file into the AP slot and disable Auto Reboot in the options.

buyacka

Put your phone into download mode once more by turning it off, then holding down the Volume DOWN + Power + Home” buttons until it enters the download screen. Press the “Volume UP” button to confirm. Plug it into the PC via USB again. The log should say “<ID:0/004> Added!” as before. Press Start.

Once you see “<OSM> All threads completed. (succeed 1 / failed 0)”: Hold “Volume DOWN” + “Power” + “Home” to exit download mode and whilst holding all the buttons, immediately swap from “Volume DOWN” to “Volume UP” when the screen turns black. Continue holding until the recovery screen appears, for good measure.

If the TWRP recovery screen doesn’t appear, try turning the phone off and then holding “Volume UP + Power + Home”.

On the latest version of TWRP, you should swipe right to allow modifications. Then navigate to Install. The rest is yours.

Notes

  • Do not “restore stock boot image” if your phone asks
  • using the home_csc does not delete user data, but you should use csc as using home_csc will cause your phone to bootloop and you will have to flash stock Android again
  • Google Pay will reset
  • yes disable dm-verity using the patch
  • edit build.prop file lines to: ro.config.tima=0 AND wlan.wfd.hdcp=disable
  • ‎Rename the following file /system/lib/liboemcrypto.so to /liboemcrypto.so.bak

Strange Method of trying to Extort Money using Combo Lists Uncovered

[scammer]@pnpytur.com says

I do know [old password I used once when I was 12, anyone can find it on the anti public combo list] one of your password. Lets get directly to purpose. You don’t know me and you are probably thinking why you are getting this email?

actually, I installed a malware on the xxx streaming (porno) site and guess what, you visited this site to experience fun (you know what I mean). When you were watching videos, your web browser started operating as a Remote control Desktop that has a keylogger which provided me with accessibility to your display screen and web camera. Right after that, my software program collected all of your contacts from your Messenger, social networks, and e-mailaccount. And then I created a double-screen video. 1st part displays the video you were viewing (you have a fine taste hehe), and second part shows the view of your cam, yea its you.

You do have a pair of alternatives. Shall we read the possibilities in aspects:

First option is to ignore this e-mail. Then, I most certainly will send your very own video recording to just about all of your contacts and also just imagine about the embarrassment you will definitely get. And consequently if you are in an affair, just how it is going to affect?

Number 2 solution should be to pay me [absurd amount of money which no one will pay]. Lets refer to it as a donation. Then, I most certainly will instantaneously discard your videotape. You could continue on your lif e like this never took place and you will not ever hear back again from me.

You will make the payment through Bitcoin (if you don’t know this, search for “how to buy bitcoin” in Google).

BTC Address: [he put his bitcoin address in here]

If you have been planning on going to the law enforcement, look, this email can not be traced back to me. I have covered my steps. I am just not looking to charge a fee very much, I simply want to be compensated.

You now have one day to pay. I have a special pixel within this e mail, and now I know that you have read through this email message. If I don’t get the BitCoins, I will send your video recording to all of your contacts including members of your family, coworkers, and so on. Having said that, if I receive the payment, I will erase the video right away. If you really want evidence, reply with Yes! & I definitely will send out your video to your 7 contacts. It’s a nonnegotiable offer, so please do not waste mine time and yours by responding to this e-mail.

It’s easy to deal with such a scam, simply ignore the email. The scammer finds your password by looking at combo lists, letting other people do the bulk work for him and then using the password on that list to try (very poorly) to make the threat seem real.

I once believed that this scam was easy to see through, but my computer science buddy Pete told me he was approached by a friend who asked for advice after seeing this scam. The friend was apparently about to pay up before asking my buddy Pete about what she should do.

I was considering sending a response to see what would happen, but if I did that then the scammer would see that me email address is active.

If you’ve received such an email, just ignore it. He can’t do anything except send more emails begging for money.

To protect yourself from these, the only rule you really ever need to follow is don’t re-use passwords and use a password manager.

You can check to see if your password has ever been leaked at https://haveibeenpwned.com/

Fix: Display Mirroring Has Ended on Galaxy devices

I have a Samsung Galaxy S7 Exynos. I found out that every time I wanted to cast my screen to my Amazon Firestick, it would tell me that mirroring has ended as soon as it starts. This is apparently a common problem with rooted devices. This may actually be a fix for other rooted Android phones as well.

Without fail, every time I tried mirroring my phone, I would see the words “display mirroring has ended”.

A simple fix for you might be to uninstall any other casting applications on your phone (like Allcast). If not, then follow the steps below:

  1. Download a build.prop editor from the Google Play Store.
  2. Open up that bad boy.
  3. Find a line that says “wlan.wfd.hdcp=enable”
  4. Change it to “wlan.wfd.hdcp=disable”

If the line does not already exist, make a new one at the end and type in “wlan.wfd.hdcp=disable”. This changes the behaviour of your wlan connectivity, and it fixed the screen mirroring issue for me.

This is how it looks for me:

Screenshot_20170927-200424

You will need to restart your phone before changes take effect.

You may need to use the preinstalled ‘Smart View’ Samsung app to use screen casting/mirroring.

While you’re at it, if you have not done this already, you may want to set your ro.config.tima=0 if it is set to 1. This tricks some older apps into thinking your device has not been rooted.

Also -‎Rename the following file
/system/lib/liboemcrypto.so to /liboemcrypto.so.bak if Amazon Video doesn’t work.

The reason I have posted this fix is because I cannot find it anywhere else, and is not an obvious one.

A plunge into Google Maps and its crowd-sourcing

capture3

Google is shutting down Map Maker next month. What now?

Almost every listing you see on Google Maps is crowd-sourced, with the rest being built through terrain data, satellite imagery, and bulk data bought from mapping companies. Most of the newer listings on the platform depend on the willing contribution from the public, a bit like Wikipedia and its articles.

Map Maker was introduced in 2008, and anyone could add, edit, or delete map listings in most places in the world. It allowed try-hard map editors to feel a sense of power in that they could change what everyone sees on Maps, but the most important part is that anyone’s 8 year old kid could do it too. This is why most edits had to go through a voting-phase before it was approved by the system, but some mishaps could slip through. For example; a few folks would always race to be the first to add a new listing and as a result, a bunch of duplicates would appear like below for a new car park.

capture2
Three duplicates of the same place. One of them is humorously listed as a “Park & Garden”.

Now that Map Maker’s on its last legs, Google has started removing change logs in preparation for the move.

capture2333
There would usually be a list of changes, but it’s all going away.

Nevertheless, let’s take a look to see if it’s still possible to make changes just before its death. I’m going to attempt to fix the duplicate car park listings mentioned earlier. Usually my edits would go through instantly because the system trusts me, or at least it used to. I’m unsure how the algorithm works, but the first few times my edits would go through a user vote, but after a while I would receive emails straight away saying my edit was approved. It may have something to do with the ‘Local Guides’ badge on Maps, which you receive after making plenty of edits. An intangible reward for your free labour.

desktop-02-26-2017-08-13-59-01_1

desktop-02-26-2017-08-13-59-01_1

Sometimes your edit will go through instantly, other times it won’t. This means I’ll have to wait for an undetermined amount of time before the changes show, but I’ve seen cases where the change is stuck on pending forever. That’s right, if your change doesn’t get any votes, it will be in limbo until it receives at least two votes. But that’s about to change (apparently).

The company has spent the last few years slowly adding Map Maker-like features to the mainstream Google Maps. Although not as detailed or rich, one can find them by selecting a feature and going through “Suggest an edit”. Voila.

zff
Editing features through Maps itself is taking over from the depreciated Map Maker.

These edits are implemented based on whether other Map users agree or disagree with the suggestion you made. This feature is currently in beta for smartphone users, but it’s assumed that it will come to desktop users in the future. Whether or not people pay attention to it or even use the feature is another thing.

Many enthusiasts of Google products express concern over the company’s misdirection. Some fear that the tragedy that was the release of Allo and Duo isn’t over yet. For those who don’t know, the online community has criticised Google for not properly marketing its messaging apps, as well as releasing new ones when old, fully functioning ones still exist with the exact same features. The lack of marketing meant that its user base depended on word of mouth. There’s only one person in my contacts list who even uses Allo – and that took some convincing. With hope, this disaster won’t encompass the reshaping of Google Maps.

google-messaging-apps
Let’s hope this doesn’t happen across the board.

 

Sources:

Google (2012) The next dimension of Google maps. Available at: https://www.youtube.com/watch?v=HMBJ2Hu0NLw (Accessed: 26 February 2017).

Image source: https://plus.google.com/+JRRaphael/posts/cT17fiupJyp