The Mobile Office

I’ve been waiting to try this for a while, and this week while on a business trip I’ve finally been able to give it a go.

image

Presenting my mobile office! A Nexus 7, a plastic stand and a bluetooth keyboard. While I generally travel with a laptop for work, most of the evening is taken up with note-writing, media and Skype. In the spirit of testing out these things I wanted to know whether I could get by with just these devices. I have to say, I’ve covered most bases here, and am very happy not to have to lug about the heavy(/ier) laptop in the evenings back and forward to the hotel.

Very impressed with the Anker Bluetooth keyboard, which works from a couple of AAA batteries. I got the black one for about twenty quid for aesthetic reasons 🙂 It’s a US keyboard. Unless you’re reaching for the pound sign or double quotes all the time this shouldn’t be too much of a problem (actually the Nexus doesn’t yet support UK keyboards natively anyway). Some of the function keys are iPad specific, but the usual volume up/down and copy/paste shortcuts work. It’s big enough for my fat fingers … I can even touch type on it, and connectivity has been very good so far.

The plastic stand for the Nexus was about three pounds (but currently sold out, so no link) and is fine for the
price. For about a fiver you could probably do a bit better.

Hopefully the Nexus 7 needs no introduction 🙂 I got mine shortly after they first came out and I can’t imagine life without it now.

Incidentally, in the background you may also see my wireless hotspot. This is the TP-Link MR3040 and put shortly, it’s a wireless router which can route Internet from either an Ethernet cable or a USB modem. I am currently in a hotel which only supplies cabled Internet … pretty useless for tablets! With this device, I can connect to the Internet from my phone, tablet or laptop with ease. I also have a USB 3G modem which I use in the UK (with a Three sim-card) although more often than not I use the Wi-Fi hotspot function on my phone to tether.

I hope to write more about each device in the coming weeks, with practical guides, notes and thoughts. This three-day trip is also not nearly enough to test the setup to completion – I’ll be continuing to try out new ways of working and writing to see what is comfortable and shall report back in due course. Let us be clear about one thing though – this is a tiny yet practical mobile workstation for two hundred pounds.

HTTPS over public wifi

LinkedIn supports HTTPS connections. If you go to https://www.linkedin.com/ your connection will be secure and your session & data kept private.

This is fine, and works well, until you click View Profile or click on a Notification. At this point it appears the site dives back to plain old HTTP. If you’re not paying attention, you won’t even notice.

Why is this a possible cause for concern? First, this suggests the cookie does not have its secure flag set, which means the authentication cookie is also being sent in ‘plain text’ and is therefore sniffable by a third party.

Second, any website being transmitted over HTTP is susceptible to manipulation. For instance, a third party could act as a proxy on a public wifi network and inject a piece of HTML or Javascript to, say, pop-up a dialog window asking you to re-authenticate.

Note – this is all a fair amount of conjecture – I need to build a proof-of-concept (actually, I’m sure many already exist), and LinkedIn is certainly not the only example. I should also point out that at least this website asks for reauthentication when viewing/editing sensitive data, which is a plus point.

Crash a Mac

It seems that typing File:/// in a Mac application will crash the Mac (OS X Mountain Lion). Most applications appear to be vulnerable, and this is something to do with URI handlers.

A long time ago, there was a bug in Windows which caused a blue screen … accessing C:\CON\CON\ would immediately cause a BSOD. Something to do with DOS redirects for comms ports.

In my foolish youth days, I turned this into a bit of a cruel prank against some friends, by sending them a link to a website which would then attempt to open the above path. Sure enough, it would crash Windows. I then stupidly fell for it myself …

Anyway, it seems this is fine in Chrome and Firefox, but it looks like Safari is vulnerable. Can any Mac users confirm (once you’ve saved all your files!) if the following link successfully crashes the browser? Here it is.

I don’t have a Mac to test, but it looks like the bug is more to do with text entry than anything else … so perhaps creating an INPUT type=text field and autopopulating the field would also work?