Google has released the next version of the Nexus S OS (Gingerbread 2.3.6 – GRK39F), and once again, I am posting it directly here — mostly for people who have not received it yet, people who are using a jailbroken phone, or people outside of the US who do not get the updates.

If you are on GRJ22 (2.3.4), you can apply only the small update:
(md5: efd33eba8eb42ab77b0d279547bf76d1)


Again, this is directly from google (it is even linked to google), and you should follow the 7 steps from the article.

Please note that the above update is the ~18MB update, and it will only work if you are on 2.3.4 GRJ22. This is NOT for people who are running jailbroken/custom roms.


If the above doesn’t work, OR if you are using a jailbroken/custom rom, then I suggest doing the full 2.3.6 (GRK39F) flash:
(md5: c3d6341f18e2723d748e1dea10623d43)

This is the ~98 MB image. You can use the same 7 steps from the link above, OR you can use any custom installer (including ClockWork).
If you are having problems with the update above, this is the full factory restore and it should work without any problems.

Please post comments if you have any problems, or if you just want to post that it works!

UPDATE: Please check out latest version from my git repo: – project name: “pandora”

It seems that Pandora is not putting too much time or thought into how they provide and access music online through their website. I really hope they fix this since it’s irresponsible as far as the the DMCA is concerned. Each song is simply an encoded token, and it’s pulled down directly from, presumably, one of their proxy server. If you look at the stream while playing songs on, you will notice something like this (ex: not real):

Some assumptions: the “version=4” is high quality or what used to be CD quality (192 kbps). The “lid=#####” is the “login id”, or your unique user number. The “token=…” is the actual song, encoded. By finding the host of these requests, and putting it all together, where the lid is completely optional, you will have a full request URL to a song.

Imagine putting it together like this: (example as a POC, like this)

Then having something that parses this “buffer”:

One way for them to fix this would be to session encode the requests. You should not be able to make requests that originate from outside of directly to the servers. Also, the requests should be authenticated. As an addition, they could potentially be checked against what is “played” and controlled for streaming mechanisms. I really hope this fix this as soon as possible.

[updated: Dec 20th, 2012 | Updated script to deal with new URL and pulling short descriptions now]

UPDATE: Please check out latest version from my git repo: – project name: “wordpress”

UPDATE2: Forgot to mention – a MUCH nicer fork of this + many improvements by Droidzone:

Please take a look at his version!

I already created a script to upgrade wordpress installations automatically. You can find it here: Recently, the same general problem came about when it came to plugins. The biggest problem I had is that I had to log-into wordpress, see a number of plugins that were outdated, and then go hunt each one down by generally just copying the name and pasting it into google . Even thought most of the time, the plugin was the first hit, I then had to download the latest version, extract it, and clean it up. Imagine doing this for 10+ plugins for 5+ blogs — constantly. It was just time consuming and frustrating.

Here is my solution in the form of a perl script:

This script can be used in one of two ways:

1.) You can simply run it, and it will update everything that you have listed in the @plugins array.

2.) You can give it a parameter of a registered plugin name. This does 2 jobs — upgrades an existing plugin, AND installs new ones.

You can definitely add an extension to this. For #1, you can go a step further by making it scan your plugin directory and populating the list from there. If you want to be even fancier, you can relatively easily keep version tracks of what you have installed and what’s currently available, so that you don’t just blindly download new plugins. For me this is sufficient. If anyone is interested in getting help implementing any of these extra additions, feel free to ask and I’ll help as much as I can.

This post is a bit different, but I think some people will find it very interesting. What got me to write this was an interesting article posted by Kevin Mitnick via his twitter account: Kevin’s claim is that “Any 15-year-old that knows how to write a simple script can find a VoIP provider that spoofs caller ID and set this up in about 30 minutes”, and my only question is: what will you do with the other 25 minutes?

Spoofing your Caller ID is legal in the US only if done via VOIP services for legal and legitimate uses, or to block sending your caller ID, but again, only if it is used for legal purposes. An example of a legitimate use is spoofing your own home/cell phone number when making outbound calls via VOIP/SIP. Another example would be spoofing an outgoing number (a bit like NATing) when sitting at a private (let’s say for example 2,3,4, or 5 digit) extension. There are many scenarios where this is absolutely needed — like offices, enterprises, remote employees/road warriors, and phone support.
Spoofing your Caller ID is not legal for false identity, threatening/harassing someone, pranking, lying, or other such negative and immoral actions. If you are interested in some more information, you can find some here:, and here: This said, I am providing this information for anyone who wants to learn about how this is done, or/and is interested in setting it up for their business or personal use, but ONLY for legal and legitimate uses. I am in no way responsible if you do something stupid or illegal. Here is a good background/history and more information on Caller ID Spoofing:

The assumption here is that you have some things already setup and working. The article is titled “Spoofing Caller ID on the fly from any phone” and not “how to spoof your Caller ID”. I am assuming that you have: a sip trunk provider with an outgoing plan, a DID, a SIP server with some advanced features (Asterisk and OpenPBX, or something like TrixBox), and most of all — a working setup. The first step is getting DISA (Direct Inward System Access – The idea is that you will dial your DID phone number, and the sip trunk provider will route it to your IP address. From there, your server will handle the call and connect you inside your system. I absolutely suggest setting up a DISA password/passcode, otherwise, you leave yourself open to abuse and other people will be able to potentially make calls and use your sip account. It is also important to note that generally, you can simply set a from name and number right here in the DISA outbound options. But again, the idea is to make this dynamic. Ones you dial into your system, the next step is to setup an extension that will handle the rest of this. Leave your context “from-internal” if you want to be able to make external calls by default — necessary in order to bridge the active call to your destination. If you are using Asterisk or TrixBox, go to /etc/asterisk/extensions_custom.conf, and enter something like this:

Now here’s what’s happening: When you get your DID, you get the DISA context. From there, after you authenticate yourself with a pin and now you are in your system. At this point, you would hook in your custom context, in this case called “proof-of-concept-custom”. Make sure that the word “custom” is present somewhere. At this point, your recipe will be executed. The first thing you want to do is answer. You can look up each of these commands at the website. For example, Answer: The next step is to wait 2 seconds. Then you will speak out the current caller ID. This is really just so you know where you are coming from – it is not neccessary. The play (mp3/wav/etc…) play is not really necessary either, but it can be used to queue up different actions. If you will play something, the suggestion is to Answer the channel before hand, and pause/wait for a bit. The next step is to read 10 digits into the “digito” variable. For good measure, and to prevent a mistake, you can speak out the digits again, and then set them as the current Caller ID (the spoofing part). At this point, you can play another sound to queue up the next action. As an extra precaution/security-by-obscurity step, you can prompt for another pin. In this case, it’s “98765”. After the pin has been successfully entered, you can signal via a sound, and then dial and bridge the call to the same number that you set as your Caller ID (impractical, but just for the purpose of a proof of concept). You can very easily modify this to ask for a destination number and call that destination number instead. Please note that this will charge you a twice from the point that you dial the call and bridge it — once for the current/already active call, and once for the new call that you are making to your destination.

Again, there are many legitimate and absolutely necessary cases for this. If you work in any company, most of the time they will not disclose private numbers. If the company is very large, they might simply not have/want to buy individual “routable” phone numbers. Your desk extension of “1234” can be masked behind a general number which routes to “directory/support” when called back. Another great case is someone who works from remote. Say that you work from home and are part of a support group. A customer calls you and reports a problem. Now you want to call the customer back, but you don’t want him to have your personal home number/cellphone – you can spoof your support number and call the customer back.

Something interesting to note is that VOIP/SIP system can choose to not respect Caller ID (cid) blocking/spoofing, and and 1-800/other TOLL-FREE numbers simply do not respect it.

The only point of this article is to demonstrate how easy it is to achieve this dynamically. Again, this is something that you can very easily set statically in the extension or DISA settings. This is not something new or mind blowing. You could have done this over 10 years ago. The point is that you can have a setup which can be activated from any phone and within 30 seconds or less, you can have a dynamically spoofed Caller ID number.

Apple has always been known for their innovation and technology. I recently read an article about how they don’t believe in a “for the people by the people” model, but instead follow one that’s “for the professionals by the professionals”. This has both positive and negative outcomes. Everything that apple produces is extremely clean, professional, and very well polished. However, it forces them to be selective, limited, and exclusive, which is all negative when it comes to the internet. Freedom of expression simply does not exist within Apple. You might think you are free to express yourself, but only according to how, when, and where Apple tells you to.

With this information in the back of your mind, Apple recently sued Amazon for calling its app store Appstore. It has publicly lectured competitors to “create their own original technology, not steal ours”.

Then Apple turned around and blatantly stole Greg Hughes’, Wi-Fi Sync App — but only after first rejecting it from the Apple App Store. Infact, they not only stole the idea/concept and name, but they also ripped off the icon. Greg has sold his app in the Cydia app store at $9.99 and he has reportedly sold over 50,000 copies in the last year. Can you imagine how many more copies he would have sold in the regular Apple App Store? Greg has also reported that when his app was rejected from the Apple store, a developer from Apple called him to tell him how great his app was and how the entire Apple dev team was extremely impressed with it.

I think that Apple needs to decide where they stand. If they truly believe in copyright and patents, they have to use the same stick when judging themselves. They cannot steal other’s work, and then turn around and preach how you should not steal innovation, designs, and code.

If you want to read the full article, you can find it at:

UPDATE: Please check out latest version from my git repo: – project name: “wordpress”

When you host a WordPress installation for yourself, and there is some sort of an update about every month, it can get annoying doing all the upgrade steps manually (for the people who do not have a CPANEL or FTP account). Now imagine  hosting 5-6 WordPress installations. Now imagine 500+. Welcome to my nightmare. Eventually I caved in and wrote this:

So, to summarize, this will download the latest version of wordpress, unzip it, and move the new things accordingly. At the end, it will remind you to upgrade your DB, just in case. I highly suggest backing up your primary blog before you begin this, just because it’s the “safe thing” to do.

If you just started reading this directly and didn’t read my “what is Tasker”, please read my short post: (

If you are running ICS 4.0, please read: (

Don’t let the length of this post scare you — I just wanted to provide the technical/developer details. You can get this to work in less than a couple of minutes by downloading the zip file and ONLY reading the “GETTING STARTED” section.



0.) Please download the zip file bellow if you haven’t done so already –

1.) First, if you haven’t already, install Tasker (you can use the Android Market, or the guys’ website). You can play with it for 7 days for free.
2.) It will create a “Tasker” folder on your SD card. Under that you will find “tasks” and “profiles” folders (if they don’t exist yet, create them).
3.) Download the zip to your computer, mount your phone’s SD card and go into the main “Tasker” folder under the sdcard. If the file ends in .prf, put it in the “profiles” folder. If it ends in “.tsk”, place it in the “tasks” folder. Unmount, disconnect your phone.
4.) Now that you have them, you need to load what you want/need into the program. Open up Tasker (program), hit Menu, and go to “Profile Data”. Do a “Import One Profile” or “Import One Task” select one of the “tabs” (Profiles, Tasks, Scenes), and hold it — an “Import” option will present itself, which will let you import a Profile or Task (or not relevant here – a Scene). This is because Tasker changed the way profiles and tasks (and Scenes) are imported . As soon as you select that, you will see all the files in the directory that you copied. Now you can import whatever you want.

You should import the “Volume Buttons” Profiles (note: this is a profile), at least the “Normal” and “Sleep” tasks (note: these are tasks). The volume buttons profile is honestly a life saver since any time you tap a volume button, it will actually restore to the sound-profile task you have selected.

Now to use them,

5.) Hold down on the home screen, select Widget (for ICS 4, Widgets are created by going to Applications, and shifting over to widgets), select Task. It will show you a list of your tasks. Select “Normal” for example. It will show it to you (in case you have to make any changes last minute — don’t do it this way, always make them in editor), now select the green check and you are Done! You can now use it as a “program” on your home screen. Add at least 2 this way, and select them. Wait 1-2 seconds. You will see how it select/enables each, and then after it enables it, hit the volume keys on purpose, and then wait 1-2 seconds again to see how it restores it.

END OF GETTING STARTED – THAT’S IT! You have it working!



Ahh, you’ve continued reading and you haven’t skipped this…Clearly you care about some of the theory…

One of the biggest problems with Android is the sound profiles. I will start off with the main sound profile BUG:

Try setting your Settings -> Sound -> Vibrate to “Only when in Silent”, and then hold the power key, change the “Silent mode” to ON. Now hold the power key again, and change the “Silent mode” to OFF. Check your Settings -> Sounds -> Vibrate mode — it is changed incorrectly to “Always”. This renders the built-in “sound profiles” completely useless.

Here are bug reports that are all for the same thing: Issue 20463 and Issue 13732

UPDATE: Please note that Google “sort of” fixed this, to a point, where we can now correctly implement the functionality using Tasker at least. It’s not there by default, but the “Silent Mode” now works for on (sleep), off, and vibrate, and there’s a separate toggle-able Ring+Vibrate feature.

Pretty much, half of these are the same issue. The main problem is that the Silent and Vibrate options for android, are really one single “Silent Mode”. The problem arises because Sound -> Vibrate settings only apply for “Silent Mode”. This means that you cannot have a completely silent profile and a vibrate only profile, and a “normal” profile. This is the most evident to anyone coming from a blackberry, where the sound profiles are flawless. I’ve read thousands and thousands of questions asking “how do I get sound profiles like on the blackberry”. Personally, this was the first thing that drove me crazy when I moved away from the blackberry.

Most people default to using a program which creates “Profiles” — setting bundles which simply toggle each Sound option (In-Call volume, Media, Ring Tone, Notification, Alarm, and System). The best one I’ve seen is AudioGuru, which is great, but it does lack some customization. The one additional step that most programs lack also is some sort of a guard for the volume buttons which toggle the ringtone.

My goal when thinking about all of this was to create a solution that was simple, extendable, and complete. The main points I was going after was to have profiles that are completely stand-alone, extendable/fully customizable, and completely scriptable. The end result was what I call “Blackberry Sound Profiles for Android”.


First off, here’s the download:
(md5: 71d0701ce63a6953a997145c758753c8)

(don’t forget to go to Settings -> Sound -> and UNCHECK “Use incoming call volume for notifications”. Also, Settings -> Language & keyboard -> Android keyboard -> and CHECK “Sound on keypress”)

The logic becomes part of 3 sections. The FIRST SECTION is the Tasker sound profile tasks. These are “stand alone” tasks, which simply encompass every aspect of a sound profile. Let me walk through one of them:


0.) Set a default icon (used grey star in this case)
1.) Wait – 2 seconds
[note – for ICS 4, there is an extra step in here turning off the Ring+Vibrate fixed feature]
2.) Silent  Mode – off
3.) In-Call Volume – 5
4.) Media Volume – 9
5.) Ringer Volume – 5
6.) Notification Volume – 5
7.) System Volume – 6
8.) Alarm Volume – 7
9.) Set Widget Icon (to %PROFILE – used default grey star)
10.) Variable Set (%PROFILE to “Normal”)
11.) Set Widget Icon (to %PROFILE – used the grey sound icon)
12.) Notify – %PROFILE
13.) Wait – 1 second
14.) Notify Cancel – %PROFILE

Let me clarify some key things:
step #9 is needed in order to clear the old Icon back to a star.
step #10 sets the global variable to the name of this profile
step #11 activates the pressed/toggled widget

I’ve also included a “Sleep” sound-profile task (toggles all down except alarm and media), a “Work” sound-profile task (same as “Normal” sound-profile task, but the notification is less and the system sound is less so the keyboard is not obnoxious), a “Loud” sound-profile task (makes everything as loud as possible basically), a “Vibrate” sound-profile task (like sleep, but has vibrate on), and a “On-Call” sound-profile task (like sleep, but ring tone is low).

I am not sure if you are already picking up what’s going on, but basically, the idea is that you have a few of these sound-profile tasks, and you create widgets on the home screen. They all show up as grey stars. When you press “Normal” or “Sleep” for example, it changes the star to the correct icon (Sound Icon, or Muted Icon), and shows it on your home screen and notify’s in your notification bar (after which, a second later, it clears the notification bar). Now, go through the other profiles to see what they do. They are all pretty much the same, except the Vibrate profile, which uses step #2 to select the official Android “Silent” mode, with a Vibrate outlet.

Now, the SECOND SECTION is a single Tasker task called “Sound Profile” which has one step:

1.) Perform Task – %PROFILE

And now you see why step #10 from section one is needed. When this task is called, it will change the current Sound profile to the global variable (%PROFILE). Please import this task too. Why is this needed you ask? Because of my clever hack in the THIRD SECTION:

Here is where you have a Tasker Profile. It is called “Volume Buttons”. The basic logic is as follows:

1.) If Variable Set %VOLR (ringer volume), then call the “Sound Profile”

This essentially achieves a volume-reset every time you accidentally hit the volume up or down keys. Now you can see why the “Wait – 2 seconds” was needed. The key part about this is that it uses your global variable, and it resets your volume to the last Sound profile that you selected. Great huh? Please make sure you import the “Volume Buttons” profile into Tasker.

At last you are Done! You now have individual Tasker tasks which you can make widgets out of. I have the 3 that I use the most – Normal, Silent, and Work (work being a bit quieter on the notification and system sound for the keyboard noise) on my main home screen. Then I have the Loud, Vibrate, and On-Call on another screen since I use them less often.


For the people interested, the ‘On-Call’ task works in a super elegant way: it silences everything except the ring tone (which it lowers), the alarm, and the media volume. The media volume is the key here. Let’s say you want SMS notifications but not emails while you are on-call. They both use the “notification” system, so there’s no way to do this by default (yet another ex-blackbery annoyance). What you can do is write a Tasker profile which interprets a “Notification Messaging, *” notify, (you can check the time if you are only on-call during the night or day) and then have the action for the task for the profile call the “Music Play” action which simply plays your SMS sound as an MP3. This essentially lets you isolate one application from another, by using the fact that you can play the selected notification through the media outlet. Beautiful Eh?

I hope all of this helps people out.

UPDATE – Added “One Ring” Task and Profile Monitor

I’ve updated the zip pack with two additions: a task which will provide you with a “One-Ring” sound-profile task — it’s basically the normal profile, but it brings the Ringer Volume to 0, and it increases the Media Volume up to 11. Also, I’ve added a “One_Ring_Monitor” profile, which intercepts calls, and plays a music file (mp3, wav, ogg, others…) — giving you the ability to play a notification — thus a single beep/sound.

If you just started reading this directly and didn’t read my “what is Tasker”, please read my short post (

Let’s start with the problem – I can’t stand unlocking my phone every 10-15 minutes when I decide to look at the screen either because I heard a beep, or because I want to check for a work email/SMS. The obvious solution: get rid of the lock screen. The new problem: now my phone is not secure. I need something to toggle this functionality on a “need basis”. Solution: use Tasker to create a task which will be created into a widget.

Here’s the logic:

0.) Set a default icon (used key in this case)
1.) Keyguard – toggle
2.) Notify – KEYGUARD IS OFF, if %KEYG is off
3.) Notify – KEYGUARD IS ON, if %KEYG is on
4.) Wait – 1 second
5.) Notify Cancel – KEYGUARD IS OFF, if %KEYG is off
6.) Notify Cancel – KEYGUARD IS ON, if %KEYG is on
7.) Set Widget Icon – Unlocked Lock, if %KEYG is off
8.) Set Widget Icon – Locked Lock, if %KEYG is on

Download Takser task: (md5: 0e2f2fd8cdaa5ff71a1fd5b0329bdfe6)
Please unzip it, copy it to your device, and then import it into Tasker.

Make it into a widget, press it, the icon will change to an unlocked keylock, and your lock screen goes away. Hit power, check to see that when you hit power again, your lock screen is not there. The volume keys will turn on the screen too. If you press the widget again, the icon will change to a locked keylock, and now you will have your lock screen. What I personally do is use the pin lock screen, and then toggle it this way while I am at work. As soon as I step out or anything like this, I toggle my lock back on.

My opinion of Tasker in one sentence: “This is the first app that you should install on every android phone“.

A few months ago I needed an “automation” app. I was going to default to Locale which I had used when it was still free (this was before there was an official app store for Android), but the $10 cost made me look at my options — I figured if I was going to pay that amount, I might as well get the best app to do this. My problem with Locale is that it’s simply not that powerful, it doesn’t have tons of features, and all the good pluggins, instead of being built in, are additional paid add-ons. I am really glad I looked else where because I stumbled upon Tasker ( The official description for Tasker states that “Tasker is an application for Android which performs Tasks (sets of Actions) based on Contexts (application, time, date, location, event, gesture) in user-defined Profiles, or in clickable or timer home screen widgets.” I am not sure that I can describe it any better, so let’s leave it at that. If you want to learn more about Tasker, start here:

One thing that immediately popped about Tasker was the insane amount of built-in contexts, settings, options, detections, notifications, and actions. One thing led to another, and I started using Tasker for everything. I realized it had so much potential that I went back to stock 2.3.4 and just used Tasker to gain all the cyanogenmod functionality (that I needed at least).

The reason I decided to even write this post is in order to share two “programs” that I wrote, which I think are extremely helpful. The first one is called “Keyguard”. The second one is “Blackberry Sound Profiles”. I am putting these two in their own posts so that they can easily be indexed and searched url wise. I know personally that the most sought after thing on Android is the blackberry sound profile functionality. Well, it’s finally here! See my next two posts for all the information.

Since it seems like people are really interested in this information (especially those out side of the US where updates are not pushed out), I will continue with the updates regarding the Nexus S. Here’s the next (no pun) operating system update: 2.3.4: (md5: 92b0f0a0b57a7cf10d2d70610c8bb9fb)

Again, this is directly from google (it is even linked to google), and you should follow the 7 steps from the article.

Please note that the update WILL work if you are running “GRI40” (build number in Settings -> About Phone)
The biggest update when it comes to new features seems to be that Google Talk has voice chat! There are a lot of bug fixes.
For the bug fixes, check out:



Please just grab the FULL 2.3.3 ( system, install it and then try again. It will work!


IF YOU JUST WANT THE RADIO UPDATE: (md5: 57659f04148ebfa849ef523544f2a3dd)

Note: I personally couldn’t update just the radio update from 2.3.3 (with GRI40) – kept getting the status 7 signature verification, so I used the 2.3.4 update to get the radio patches. I’ve seen people who have been able to apply the radio update to 2.3.3 without any problems.