Nexus 7 on CyanogenMod

At last…

I had been lazy, leaving all alone.

In February, I figured I was heading off for a chunk of the month on a cruise, hence wanting tablet for multimedia, but without network, so it was timely not to spend time fiddling with configuration with possible risk of mussing such up.

Alas, the OTA upgrade to JellyBean did a certain chunk of mussing…  It busted SuperUser access, thereby breaking Titanium Backup.  No backups went properly since :-(.

So, today seemed right timing.  I wanted backup, and needed root, the latter looking like a fight.  Ah well, go for gusto, see what we get without it…

I had to upgrade adb to support latest Android…   Got Clockwork Recovery in place, and zip files for CM10.1 and Google Apps…

The last backup was Feb 16, but happily the files still remained after fresh CM10.1 installation, so I could do a good chunk of recovery of apps, and in plenty of cases, this was basically network configuration, so apps would update their own data upon startup.  Sweet!

Superuser is nicely integrated into CM10, also sweet, no extra installation process.

I’ll need to reconfigure the launcher, due to the shift from ADW (I had a license) to built-in Trebuchet on CM10, but that seems like the “worst” irritation, and one I can well live with.

I’m not sure I can readily identify big differences between stock Android and CM10, but there are nice small creature comforts my CM10 phone has gotten me used to, like a quick “turn on/off WiFi” directly on notification screens.  Small but I like it.

Installing git-annex from Debian unstable

Installing git-annex from unstable

I happen to be a supporter of Joey Hess’ Git Annex Kickstarter project; no big bucks, but it seemed a good thing to help out.

I got in the stickers, that were my “project reward,” and figured I should start playing with the new results. I’m particularly keen on the planned Android client, but I should make some use of it before that comes available.

There’s good news, and bad news:

Good news
He has added in an assistant to provide interactive help in setting up repositories. It’s included in debian unstable, in a version released September 24th.
Bad news
I generally prefer using packages from debian testing, and it has a version released July 24th, well before any of this, and without any of Joey’s recent enhancements.

Fortunately, drawing in the September/~unstable~ version isn’t too terribly difficult. My /etc/apt/preferences.d/simple configuration has Pin-Priority values that prefer stable over testing, testing over unstable, and unstable over experimental (where enormous potential for breakage lies!).

As a consequence, installing the testing version is pretty easy, albeit involving an option I had to go looking for:

root@cbbrowne:~# apt-get -t unstable install git-annex
... leads to loading ...
Get:1 http://ftp.us.debian.org/debian/ unstable/main git-annex amd64 3.20120924 [7,411 kB]

And, with a run of % git annex webapp, it’s up and running!

Worth observing… The documentation tree includes the entirety of Joey’s blog documenting his development efforts.  Possibly excessive, but it’s certainly not to be called inadequate documentation.

Android Security

The Android permissions model is, to my mind, a goodly improvement over pretty well any of alternatives out there at present, in that it at least declares what capabilities any given application demands and expects you to grant.

Applications are unfortunately quite readily able to abuse this a fair bit; a (recent, as of August 2010) example being
Evernote.

Evernote, and Why You Need to Think About Permissions describes the problem:

The Evernote app requests a fair number of permissions. Some make sense, such as the INTERNET permission (kinda important for a Web service). Some are a bit dubious, such as needing both coarse and fine location data.

It definitely demands too much permission, with two cross-sections that are troublesome

  • It asks for “the world” up front
  • It asks for permissions it shouldn’t need For instance, it shouldn’t need access to contacts – it should merely offer to share data, which pushes data to a boundary where the user, at run time, can choose whether or not to allow the data out.

In addition, some of the permissions ought to be optional.

  1. If you want to record locations on your notes, then granting access to location data may be a reasonable thing to do.
  2. If you don’t want to record locations, then Evernote doesn’t need that access.

Unfortunately, at present, you don’t have any of those shadings, your options are mighty binary:

  1. Grant Evernote all the capabilities requested
  2. Reject the access, and don’t install it.

I suggest that there is another shading that would be useful, notably for INTERNET access (and probably also for filesystem access), which is to “tie down” what places the application can go.

  • Evernote probably only needs to access evernote.com
  • Twitter only needs access to twitter.com
  • Shuffle (a GTD-like application) may access a domain of the user’s choice to synchronize data.
  • Web Browser needs the “wide open” Internet.

I expect that filesystem access could similar be tied down:

  • A file browser (such as Astro) might legitimately access “everything”
  • Most applications should be restricted to their own directory