OneNote for Android–What the Actual F—?

I have recently joined the cult of OneNote. I am extremely impressed with OneNote 2016 and have been using it extensively the past few weeks. So I thought I’d install the Android app–and uninstalled it about 15 minutes later.

The OneNote app for Android lacks an undo function. Let me repeat that–the OneNote app for Android lacks an undo function.

So imagine you login on OneNote for Android and accidentally delete an import section of a notebook. Or maybe you delete specific text, photos or other items. There is no way, from the Android app, to fix that.

That is insane. What makes it even more insane is that this has been the case for the Android OneNote app since it released in 2012.

If the information that a user accidentally deletes or edits had been previously synced, it is possible in some cases to go the Desktop version of OneNote and revert the changes. But this “feature” of the Android app has absolutely caused people to lose important data. For example, on this thread at, one user wrote in September 2016,

I just lost a huge amount of client meeing note data that I cannot recover.  Sync occurred after the part of my notes was somehow deleted, and without “Undo” I have no way to get it back.  Starting to realized how gimped the Android version of OneNote really is.

If you use Android, please do not use the OneNote app. Also, users should consider this a one star rating and highlighting this issue to let Microsoft know how unacceptable this is.

Acoustic Eavesdropping on Keystrokes in Voice-Over-IP Calls

Using audio recordings to later determine what someone was typing has been previously demonstrated, but a group of security researchers recently published a paper analyzing the feasibility of doing so over a voice-over-IP call, such as a Skype call.

According to the abstract,

In this paper, we investigate a new and practical keyboard acoustic eavesdropping attack, called Skype & Type (S&T), which is based on Voice-over-IP (VoIP). S&T relaxes prior strong adversary assumptions. Our work is motivated by the simple observation that people often engage in secondary activities (including typing) while participating in VoIP calls. VoIP software can acquire acoustic emanations of pressed keystrokes (which might include passwords and other sensitive information) and transmit them to others involved in the call. In fact, we show that very popular VoIP software (Skype) conveys enough audio information to reconstruct the victim’s input – keystrokes typed on the remote keyboard. In particular, our results demonstrate that, given some knowledge on the victim’s typing style and the keyboard, the attacker attains top-5 accuracy of 91.7% in guessing a random key pressed by the victim. (The accuracy goes down to still alarming 41.89% if the attacker is oblivious to both the typing style and the keyboard). Finally, we provide evidence that Skype & Type attack is robust to various VoIP issues (e.g., Internet bandwidth fluctuations and presence of voice over keystrokes), thus confirming feasibility of this attack.

I participate in quite a few conference calls and do two things to avoid issues like this: a) always mute the microphone except when I am actually talking, and b) limit typing as much as possible when my microphone is live (along with the potential security issues, it is annoying to hear people typing while on a call).

A bigger concern is still people recording and then decoding what someone is typing during a physical meeting. One of the advantages of many physical meetings is there are often multiple people typing on laptop keyboards. Switching to a low noise keyboard, like the sort of keyboards used with the iPad Pro or the Surface Pro, are also a way of minimizing how much data can be captured.

(Of course, I’m typing this on a Unicomp mechanical keyboard which I assume would be trivial to eavesdrop on from down the street).

Qubes OS 3.2 Released

The open source, security-oriented Qubes OS team recently announced the release of Qubes OS 3.2,

One major feature that we’ve improved upon in this release is our integrated management infrastructure, which was introduced in Qubes 3.1. Whereas before it was only possible to manage whole VMs, it is now possible to manage theinsides of VMs as well.

The principal challenge we faced was how to allow such a tight integration of the management stack (for which we useSalt) with potentially untrusted VMs without opening a large attack surface on the (complex) management code. We believe we found an elegant solution to this problem, which we’ve implemented in Qubes 3.2.

We now use this management functionality for basic system setup during installation, for preparing our automatic tests, and for applying various custom configurations. In the future, we envision a simple GUI application allowing users to download ready-to-use Salt recipes for setting up various things, for example:

  • Pre-configured apps optimized to take advantage of Qubes’ compartmentalization, such as Thunderbird with Qubes Split GPG
  • UI and system-wide customizations for specific use cases
  • Corporate remote management and integration

These features are planned for the upcoming Qubes 4.x releases.

In Qubes 3.2, we’re also introducing USB passthrough, which allows one to assign individual USB devices, such as cameras, Bitcoin hardware wallets, and various FTDI devices, to AppVMs. This means that it’s now possible to use Skype and other video conferencing software on Qubes!

The Flip Flopping Genital Olympics

The Verge digs in to the complaints that the FCC received from viewers over the Olympics broadcast. This hilarious complaint from someone in Attelboro, Massachusetts, takes the cake,

In today’s world and what’s considered entertainment it’s very tough to enjoy wholesome programing as a family, from the heavily rotated sexual content on every program to overplayed ED commercials it’s tough to enjoy a program as a family without being uncomfortable. I thought the Olympic try outs last night would provide us the opportunity as a family to enjoy something together. The track and field events are nothing short of minor pornography and should be rated R to NC17 clothing that is to tight exposing male genitals is NOT what I had in mind when sitting with my family last night. Something needs to be done. Less Camera time and Slow Motion Of These Runners flip Flopping their way accross [sic] the finish line. These athletes should be required to wear an ahleletic [sic] supporter or precautions should be put in place by the broadcasting network to create a more comfortable family friendly program

Michael Pachter: “PC Gamers Are Like Racists”

Video game industry analyst Michael Pachter gave an interview to the British tabloid Daily Star in which he used an analogy to describe PC gamers’ disdain for consoles,

Daily Star: “For gamers that are more traditionally PC who have seen the announcement (PS4 Pro) may they be more inclined to maybe go for that?

Michael Pachter: PC gamers are like racists where they only like their own kind and they have no interest in venturing out and mixing with other races. PC Gamers are arrogant twits who are convinced that what they do is better than anyone else could possibly do.”

On Twitter a lot of the GamerGate types who rage against political correctness were outraged. How dare Pachter compare gamers to racists! He should watch what he says.

This reminds me of the kerfuffle over the “PC Master Race” phrase. I would not use either phrase or analogy, but all the pearl clutching is a bit much.

The only quibble I have with Pachter here is when he says PC gamers “are convinced that what they do is better than anyone else could do.” Since PC gaming is objectively better than consoles, this isn’t arrogance but simply recognizing the facts on the ground.