technology

save data or at least reduce the consumption, optimize for rural regions, holidays, etc.

your inclusive data volume is up… throttling to 64 kbit/s.

the consuption of data doubles every year, the mobile abo’s evolved as well but there is a gap between the required data volume for services and the availbale mobile capacity, below approximately amount for different services

teams e.g. need for a group websession 1 Mbps, when turn off incoming video it could reduced further for about 75%, tested by myself, round about 1GB per workday

read below some further tipps in different catagories to optimze mobile data consuption


windows

right at your windows10 device, your can select your phone hotspot as a metered connection, cellular data connections are set as metered by default

below you can additionally view data usage per app and set a data limit

chrome android

  • at your android enable for chrome browser the lite mode in settings > advanced > turn on lite mode
  • data usage of apps and set a capacity limit could be reviewed in settings > mobile network > data warning (depending on android vendor)
  • file download, disable in your mail client or chat app the automatic download of media and attachments
  • other browser e.g. Brave to use integrated add blocker and enable data compression
  • battery saver, when enabled disallow app launch in background and disable push notifications

iOS

with iOS13 there is a new feature called low data mode, enabel in settings > mobile data

also possible to review the volume per app in mobile data and disable unreqired

spotify

reduce consuption for your favourite playlist, choose

  1. tab start
  2. tab settings
  3. tab data saver
  4. enable it

offline

try plan to use offline apps, while download and store data infront of traveling, read below

offline is the new online

in times like always connected, it could happen – no connection – no fear, here are apps with offline functionality to bridge with google maps – download areas and maps offline, others maps.me, here   spotify – offline music in flight mode, required premium subscription   amazon kindle – ebooks pay it, download it, read it offline… Continue reading offline is the new online

… check every app whether it offers a data save option

google

android 11 beta public available

dessert code name, but lots of new features, focused on three key themes: People, Controls, and Privacy

perform update at https://www.google.com/android/beta for the following devices:

  • Pixel 2
  • Pixel 2 XL
  • Pixel 3
  • Pixel 3 XL
  • Pixel 3a
  • Pixel 3a XL
  • Pixel 4
  • Pixel 4 XL


… best obviously feature so far:

  • Priority conversations, mark as “priority”
  • Media controls, in Quick Settings
  • Bubbles, chat over other apps
  • Notifications, simpler and more control
  • Conversations
  • Do Not Disturb, per App
  • Screenshots, in lower left corner
  • Screen recording, native android feature
  • Privacy, one-time permission to localtion, camera or mic

further with Project Mainline, google push key system components directly over the air independant from carrier/vendor

btw Easter egg isn’t updated yet (in Settings > About phone > Android Version > repeatedly tap on Android version)

unwrapping android 11 beta plus more @google



microsoft

windows 10 may 2020 update – what’s in it

microsoft published is next update for windows 10 – called version 2004 – are your ready ?

What’s new in Windows 10 for IT Pros

  • Windows Hello, support Fast Identity Online 2 (FIDO2)

special items have picked, full list @microsoft



what’s new in MDM for Windows 10

for enterprise some configuration service provider (csp) have added or advanced

TopicDescription
Policy CSPadded new policies in Windows 10, version 2004: •ApplicationManagement/BlockNonAdminUserInstall •Bluetooth/SetMinimumEncryptionKeySize •Education/AllowGraphingCalculator •TextInput/ConfigureJapaneseIMEVersion •TextInput/ConfigureSimplifiedChineseIMEVersion •TextInput/ConfigureTraditionalChineseIMEVersion
DevDetail CSPadded the following new node:
Ext/Microsoft/DNSComputerName
EnterpriseModern
AppManagement CSP
added the following new node:
IsStub
SUPL CSPadded the following new node:
FullVersion

select Start  > Settings  > Update & Security  > Windows Update and select Check for updates otherwise click below

security

deploy client certificates – secure your data

cybersecurity thread gain more and more weight and potential to harm your seriously, time to protect your data

asymmetric cryptography enable two parties to communicate securely with eachother, by using a related private and public key, let’s have a lot how to usalize

X.509 is the official standard for public key certificates, secure the access to webbased services or protect access via vpn or wifi – the schema below is my interpretation, or definition @wikipedia

x.509 client certificate authenticiation

OpenSSL

OpenSSL is a cryptographic tool, open-source, to provide free encryption – jump in to see how easy to generate private security certificates

FIRST generate private key for your certificate authority (ca)

openssl genrsa -out ca.key 4096

create ca certificate from key, fill out the reqired certificate information

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

implement ca certificate in your application/service

NOW create client private key …

openssl genrsa -out /etc/nginx/ssl/key/client_abc.key 1024

… and certificate signing requst (csr)

 openssl req -new -key client_abc.key -out client_abc.csr

SIGN the client certificate

openssl x509 -req -days 365 -in client_abc.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client_abc.crt

provide client certifcate to used client devices

online/hosted service

CAcert is a comunity-driven and want to push awareness for encryption und education by providing cryptographic certificates

enterprise

several vendor offer pki services – microsoft provide it’s windows server 2008R2 buildin certificate services selfhosted, with network device enrollment service (ndes) for automated client certificate enrollment – others like digicert/globalsign/etc. provide payed hosted services

apple

iOS client certificate authentication or iOS13.5 – the real important fix

“Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.”

https://nvd.nist.gov/vuln/detail/CVE-2015-1129#VulnChangeHistoryDiv

Impact: Users may be tracked by malicious websites using client certificates

Description: An issue existed in Safari’s client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates.

security content of iOS 9 @apple

apple

jailbreaking made easy for everyone [update: fix out now]

even with the current release of iOS13.5 it is possible to jailbreak an iOS device, to either customize your design or even worse to get around systemlevel security

  • first your need to download AltStore, also sideload any ipa without a jailbreak
  • trust App as developer in settings on your device
  • open unc0ver.dev and select “Open in AltStore”
  1. open unc0ver to perform jailbreak
  • done, now check Cydia App for Tweaks e.g. OpenSSH
we’re connected via putty

but in my opinion…

  • require a desktop macOS/Win10/LInux perform
  • AltServer works just for a single device at a time
  • unc0ver needs to be excuted after a device reboot
  • iOS 13.5.1 beta already fixed is [update: is fixed right now]
  • minor benefit for personal
  • enterprise are aware of this issue and scan device with UEM and Advance Thread Detection

it will always be a cat-and-mouse game 

technology

websessions with custom background

in times of corona in homeoffice and a lot of websessions it’s a nice feature to hide your background or change carpet color

teams

offer “background effects” to insert custom image to live video, at windows add your custom image here

%APPDATA%\Microsoft\Teams\Backgrounds\Uploads

zoom

called as virtual backgrounds it is also possible to hide real background, for multiple os and even with custom files


webex

called as video background it is for suce possible to add custom background, since a few days also for iOS devices


… and many many more

technology

gather ios device logs on the fly without a mac

it usually requires a mac with configurator installed to gather iOS device logs while troubleshooting an issue, there a some alternatives around…

#1 virtualize macOS

… and use apple’s configurator on windows, read more how to establish this below

touch @macos

apple introduced the “all news” touch bar in 2017 for macbook pro, but what most mac users missing is a touchscreen – the addon airbar, extra hardware attached to the screen, looks unbeautiful every smartpsmartsmaand a lot other notebook own a touchdisplayt, so what to do if you don’t want to run or carry separate device – vitualize… Continue reading touch @macos

#2 itools

as an alternative software for iTunes, it it further able to access device logs and is supported at windows & macOS for the following devices

iPhone X, iPhone 8,iPhone 5, iPhone 6, iPhone SE, iPhone 7,iPhone 5C,iPhone 5S, iPhone 6S,iPhone 6 plus, iPhone 6S plus, iPhone 7 Plus, iPod touch, iPad 4,iPad Mini 4, iPad Mini 3 and iPad Mini 2,iPad Pro (9.7 , 12.9 inch),iPad Air and iPad Air 2


#3 buildin analystics

even directly from the device it self it’s possible to gather debug information, with this workaround

  • enable AssistiveTouch
  • select analytics
  • press virtual Homebutton
  • reproduce the issue/crash
  • upload logs
google

android bloatware in business

android device arrive with alot of preinstalled app like facebook, flipboard, skype and for sure google service (youtube,maps,gmail,etc.) – for private use this is anoying, but for business it is essential to secure the usecase

android enterprise

when enabling Android Enterprise for Kiosk/Company devices, during setup the default apps could be disabled with this switch – PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED – Samsung offers this with it’s KNOX Mobile Enrollment and google with buildin zero-touch service

be aware that you loose the native camera app if your usecase require one

device management

after your device is enrolled in mobile device managment system (emm, uem or whatever) your able to restrict installed apps by package name, apps differ from device manufaturer and os level, package names also useful to arrange/allow in kiosk setup, for samsung XCover4s these are:

  • com.samsung.android.messaging
  • com.sec.android.app.samsungapps
  • com.samsung.android.calendar
  • com.samsung.android.email.provider
  • com.sec.android.app.myfiles
  • com.sec.android.gallery3d
  • com.sec.android.app.clockpackage.clockpackage
  • com.sec.android.app.clockpackage.alarm.alarmalert
  • com.google.android.gm
  • com.google.android.youtube
  • com.google.android.googlequicksearchbox
  • com.sec.android.app.fm
  • com.google.android.apps.maps
  • com.samsung.android.contacts
  • com.samsung.android.dialer
  • com.samsung.android.game.gamehome
  • com.sec.factory.camera
  • com.sec.android.app.camera
  • com.sec.android.app.clockpackage
  • com.sec.android.app.sbrowser
  • com.microsoft.skydrive
  • com.facebook.katana

adb tools

remove bloatware from a single device or find from from a reference device locally connected

  1. install USB drivers for your device
  2. download & install ADB tools
  3. enable Developer Options & USB debugging
  4. plug in your device into the computer
  5. open a terminal and type: adb devices
  6. will return the ID of your device
  7. in adb shell with: adb shell
  8. list all installed packages: pm list packages
  9. to remove packages type: pm uninstall -k -user 0 <package name>

take care to not disable system critical apps of android, check here