Nexus 5X Does Not Start: Solution

My Nexus 5X just went blank the other day and would not start any more.

I read a lot about faulty connections and tricks, but non helped, and some were so absurd I did not even try.

Here's what worked for me, and it might for you as well:

• Charge the dead phone for 30 minutes - this is necessary, because the screen may be black and the phone unresponsive, but I noticed that in this state, it will still drain the battery
• Disconnect the phone from the charger
• Now press the ON button really long - I mean really, really long, keep it pressed for way more that a minute.

I can only estimate this, but I reckon after two minutes, my phone booted again.

I have had this situation three times now, something is definitely wrong with my phone, but it is out of warranty and I am glad that so far the above process has always brought it back to life.

The Iran Contract is Dead Already

You may notice that the headline say "contract", not "deal". I hate the word "deal", it sounds a bit like a shady car dealership to me, and "contract" makes it more clear that there is a legally binding (in theory) document that had been written after careful negotiations, and there was no rip-off as in so many "deals" there is.

Anyway, after the US illegally backing out and illegally and very rudely telling the EU that they can choose between wither dealing with Iran of the US, it seems the EU, and in particular Germany have not grasped the situation yet.

They tell Iran in all seriousness that the EU will honor the contract and ask Iran to do the same. Are they blind, deaf, brain-dead, or all of the above?

The trade between the EU and Iran is but a small fraction (about 3%) of the volume they trade with the US. Do they seriously think that companies will happily give up 500 billion in trade in favor of the 15 billion they trade with Iran?

Companies are neither political, nor are they empathic, they are run for the sole purpose of makin profits, and they will simply look for the bigger chunk.

I am not sure what the EU are playing at here. They can of course politically honor the contract, but their industry will nevertheless cease operations with Iran - bottom-line there it will make no difference whether the EU breaks the contract as well, and imposes new sanctions.

Of course, by politically staying in the contract, they can (and do) urge Iran, to also honor its commitments.

Albeit, as mentioned above, for Iran it does not really matter what the EU does - they will just loose their imports and exports, including those from/to the EU.

Can you honestly expect Iran to stay with the contract, when all the benefits are gone anyway?

Israel, Saudi Arabia, and last bit not least the US are tightening the military screws as well. What other realistic choice does Iran have that to build weapons to defend itself, when all benefits of not doing so have already been taken away?

Of course it is this very reaction the Trump administration is counting on. In this event they will join forces with Israel and Saudi Arabia and declare war on Iran, which is what they have been planning all along, such as Trump's "security advisor" John Bolton, who publicly said hat he wants to see a "regime change" in Iran in 2018.

Despite this very obvious plot, I am afraid that what I just outlined above is exactly what is going to happen. Iran is already caught in a "mouse trap" an cannot choose its actions freely any longer.

I don't care for governments and politics at all, least of all for the Iranian*, but this prospect really makes me sad for a beautiful country and its innocent and likeable inhabitants.


*: maybe one exception: the Israeli government

Netflix and IMDb

When looking for movies or series worth watching on, I used to spend hours with a growing sense of frustration.

Of course, the shows need to be a mix, one, to server different audiences, but most importantly, second, to stay within budget. However, I cannot help the feeling, that the largest part of the offerings are, well, crap. On the other hand, there is some really good stuff there, too.

Only, how do I find the good stuff more quickly? There used to be great Grasemonke/Tamptermonkey user scripts, that would show ratings from Rotten Tomatoes, IMDb and the like alongside the movies on Netflix. Unfortunately, all of them stopped working after some time, and I was left again looking for the needle in the haystack.

That is, until I recently found a user script that shows those IMDb ratings again. It is admittedly a little more work that just click-install (you have to get a free key and put it in the code yourself), but it works, and that's all that matters for me.

It does not show ratings for all items (no idea why), and I am a pick person, so I don't want to watch anything that got less that a 7.0 on IMDb, but even with these restrictions is took me only 30 minutes to fill my list with 10 titles I want to watch.

As you can see, my ratio of watching versus searching has improved considerably :-)

If you are looking for a similar treat, you check the user script out yourselves here.

Verifying a Playstore in-app purchase with PHP

Of course you can verify an IAB purchase in your Android app, but that means you have to have your API key somewhere in the app. In the worst case, hackers can get your key, at the very least it is easy to tamper with your verification code through reverse-engineering of the app.

This is why Google recommend checking purchases on the server. Here is how to do this in PHP.

First of all, you have to get your key from the Play Console:

Save the key to a text file. The following code assumes the file is in the same directory as the PHP script and is named "Publishing-API-Key":

function verifyPurchaseSignature($data, $signature)
{
    $key = file_get_contents("Publishing-API-Key");
    $key = openssl_get_publickey($key);

    if(null === $key)
    {
        reportError("Cannot verify purchase: invalid API key!");
        exit();
    }

    $result = openssl_verify($data, base64_decode($signature), $key, OPENSSL_ALGO_SHA1);

    if(0 === $result)
    {
        return false;
    }
    else
    {
        return true;
    }
}

The data parameter contains the JSON data from the play store purchase (do not re-format or add newlines).
The signature parameter contains the signature from the play store purchase. which is a Base64 string.

If you host this code on a web server, make sure that the file containing your API key is not externally accessible!

Debugging an Android App that uses In-App Purchasing

In order to get In-App Purchasing to work in the first place, make sure you meet the following requirements:

• Manifest file must include com.android.vending.BILLING permission.
• APK is
• built in release mode
• signed with the release certificate
• uploaded to alpha/beta distribution channel in the Developer Console
• published to testers
• in-app products are published in the Developer Console and their status is set to active.
• Test account is added in Developer Console. You cannot test the purchasing process with your developer account!
• Test account is opted-in as a tester and it's linked to a valid payment method.

Now, to debug the application with in-app purchasing working, you need to change few things:

In the Manifest add the following as an attribute to the application node:

android:debuggable="true"
tools:ignore="HardcodedDebugMode"

In your Build.gradle file (for the app module) under android > buildTypes > release, add:

debuggable true

Compile your app. Because of the previous changes, it will be debuggable now, even if you build it in release mode. Ensure that this APK:

• is built n release mode
• has the same versionCode as the one uploaded to Developer Console.
• is signed with the same certificate as the one uploaded to Developer Console.

Now you can debug the app from from Android Studio as if you had built a debug version, and in-app purchasing will work. Change the code, recompile, everything works fine as long as you stick to release mode.

To test in an Adroid Virtual Machine or emulator, you need to pick an image that includes Play Store. As of this writing, the only images that do so are Nexus 5 and Nexus 5X. You may find a way to install Play Store on other images, e. g. from GApps, but I avoided that hassle.

Important: before you build a version to officially release to PlayStore, remember to revert the above changes! You don't want to make it too easy for hackers/pirates ...

Sources:

https://stackoverflow.com/questions/11068686/this-version-of-the-application-is-not-configured-for-billing-through-google-pla

https://stackoverflow.com/questions/36113347/is-it-possible-to-debug-locally-google-plays-in-app-billing-in-android-studio

https://developer.android.com/google/play/billing/billing_testing

Farbige Punkte und Streifen auf Edelstahl aus der Spülmaschine

Oft haben mein Besteck und Töpfe aus Edelstahl farbige, meist blaue Punkte und Streifen, wenn ich sie aus der Spülmaschine hole.

Nach einigen Recherchen bei Produktherstellern und Internet-Foren sowie eigenen Versuchen über ein halbes Jahr komme ich für mich (ohne Anspruch auf Allgemeingültigkeit) zu folgenden Ergebnissen:

• ob ich Produkte unterschiedlicher Hersteller oder nur eines Herstellers nutze, macht keinen Unterschied, auch wenn einige Hersteller dies (aus sehr durchschaubaren Gründen) behaupten
• geänderte Dosierungen von Salz und/oder Klarspüler brachten keinen Erfolg
• die Verfärbungen sind nach manchen Speisen stärker. Wenn ich z.B. Teller mit Kartoffelresten in derselben Maschine wasche, sind die Verfärbungen an Topfen erheblich stärker.
• der Hersteller des Edelstahls (No-Name oder Markenhersteller) ist völlig unerheblich

Letztendlich muss ich mich also mit den Flecken arrangieren. Laut einigen Herstellern von Töpfen handelt es sich hierbei um eine "Schutzschicht", die der Edelstahl bildet, die aber gesundheitlich völlig unbedenklich sei.

Kochergebnis und Geschmack werden durch die Flecken nicht beeinträchtigt. Gesundheitsrisiken habe ich für mich mal ausgeschlossen, allerdings handelt es sich hier um keine Langzeitstudie :-)

Wenn die Flecken stören, sind sie sehr leicht zu entfernen. Un man benötigt keine Spezialreiniger oder gar Scheuermittel dazu, auch wenn ich diesen "Tipp" oft gefunden habe. So geht es ganz einfach:

• Warmes Wasser, Spülmittel und einen guten Schuss Essig in den Topf füllen
• 5-10 Minuten einwirken lassen
• Mit einem Lappen oder Schwamm (die raue Seite kommt nicht zum Einsatz) auswischen
• Fertig!

Wie gesagt, das mag nicht für jeden funktionieren, speziell wenn die Spülmaschine vielleicht doch falsch eingestellt ist. Ich kann auf diese Weise prima damit leben: mit leichten Verfärbungen lebe ich, und wenn es mir zu viel wird, sind sie schnell entfernt.

Vielleicht hilft diese Zusammenfassung meiner Experimente ja dem einen oder anderen auch.

Adding libsodium to an Android Studio Project

The following Github repository has a JNI build of libsodium that can be added to an Android project: https://github.com/joshjdevl/libsodium-jni

Scroll to the bottom of the page where you will find the Android Archive (AAR) details:

    com.github.joshjdevl.libsodiumjni

    libsodium-jni-aar

    1.0.8

    aar

From this, you will need to create the following string:

com.github.joshjdevl.libsodiumjni:libsodium-jni-aar:1.0.8

We will need this string later, so Android Studio can pull the AAR from Maven.

First of all, enable Maven for your project. In Project Exlorer open your project’s build.gradle file. You will find “repositories” near the top, add the following line between the curly brackets:

mavenCentral()

The “repositories” item will now look similar to this:

repositories {
    google()
    jcenter()
    mavenCentral()
}

Maven is now enabled, save and close the file.

Next, add the libsodium AAR to your module’s dependencies. In Project Exlorer open your module’s build.gradle file. Towards the bottom you will find “dependencies”. Remember the string we constructed above, we will now add it to the list of dependencies like so:

compile 'com.github.joshjdevl.libsodiumjni:libsodium-jni-aar:1.0.8'

The updates dependencies will now look similar to this:

dependencies {
    implementation fileTree(dir: 'libs', include: ['*.jar'])
    implementation 'com.android.support:appcompat-v7:26.1.0'
    implementation 'com.android.support.constraint:constraint-layout:1.0.2'
    implementation 'com.android.support:design:26.1.0'
    testImplementation 'junit:junit:4.12'
    compile 'com.github.joshjdevl.libsodiumjni:libsodium-jni-aar:1.0.8'
    androidTestImplementation 'com.android.support.test:runner:1.0.1'
    androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.1'
}

Save and close the file. Resync your project.

Finally, you need to change your AndroidManifest.xml. The reason for this is that the libsodium AAR has been built with a setting of allowBakckup: no, while your Android project wants to allow backups. You can decide whether you want no backups, or your project’s settings to override the libsodium settings.

To disallow backups for your project as well, locate the “” tag and change

android:allowBackup="true"

to

android:allowBackup="false"

Instead, to override libsodium settings and allow backups, again locate the “” tag and add the following line inside the tag:

tools:replace="android:allowBackup"

In all likelihood the “tools” namespace has not been declared yet, so add the following inside the “” tag of the document:

xmlns:tools="http://schemas.android.com/tools"

That’s it. Save and close again. Now you can use libsodium from your project.

Here is some sample code; for more code examples your will have to look at unit test in this Github project: https://github.com/joshjdevl/libsodium-jni As the JNI version does not have all the high-level stuff that libsodium offers, this is the best “documentation” I found.

Sodium sodium = NaCl.sodium();

long alice_publickeylen = Sodium.crypto_box_publickeybytes();
long alice_privatekeylen = Sodium.crypto_box_secretkeybytes();
byte[] alice_public_key = new byte[(int) alice_publickeylen];
byte[] alice_private_key = new byte[(int) alice_privatekeylen];
System.out.println("Generating keypair");
int ret = Sodium.crypto_box_keypair(alice_public_key, alice_private_key);
Assert.assertEquals(0, ret);
System.out.println(ret);
System.out.println("Generated keyapir");

long bob_publickeylen = Sodium.crypto_box_publickeybytes();
long bob_privatekeylen = Sodium.crypto_box_secretkeybytes();
byte[] bob_public_key = new byte[(int) bob_publickeylen];
byte[] bob_private_key = new byte[(int) bob_privatekeylen];
System.out.println("Generating keypair");
ret = Sodium.crypto_box_keypair(bob_public_key, bob_private_key);
Assert.assertEquals(0, ret);
System.out.println(ret);
System.out.println("Generated keyapir");

byte[] message = "test".getBytes();
long noncelen = Sodium.crypto_box_noncebytes();
byte[] nonce = new byte[(int) noncelen];
long ciphertextlen = Sodium.crypto_box_macbytes() + message.length;
byte[] ciphertext = new byte[(int) ciphertextlen];

Sodium.randombytes_buf(nonce, (int) noncelen);
ret = Sodium.crypto_box_easy(ciphertext, message, message.length, nonce, bob_public_key, alice_private_key);
Assert.assertEquals(0, ret);

byte[] decrypted = new byte[ciphertext.length - Sodium.crypto_box_macbytes()];
ret = Sodium.crypto_box_open_easy(decrypted, ciphertext, (int) ciphertext.length, nonce,
        alice_public_key, bob_private_key);
Assert.assertEquals(0, ret);
System.out.println("Recovered message=" + new String(decrypted));

Kudos to the people who maintain all the Github repositories involved here, from NaCl, which is the bases of Sodium, the creator of Sodium, Robosodium, which allows to create the JNI interface in an automated fashion, and not least the maintainer(s) of the AAR version, so not everyone has to go through the whole build process.

Closing note: If you are really paranoid, of course, (and you should be, if you work with cryptography), you should not trust any 3rd parties. You will need to pull the original source code and cross-compile it for all platforms yourself.