Solving a Verizon issue (Nexus 5X)

I solved a problem today and figured that I’d document it for the rest of the world. Every time someone left me a voicemail on Verizon, I would get a cryptic text from Verizon at 900080006202 that looked like “//VZWVVM:SYNC:ev=NM;id=1;c=1;t=v;s=1XXXXXXXXXX;dt=18/01/2016 13:40-0900;l=13;dev_t=5” or “//VZWVVM:SYNC:ev=MBU;dev_t=5”.

Here’s what happened. It turns out that Verizon has three kinds of voicemail: basic voicemail (free), basic visual voicemail (also free), and premium visual voicemail ($2.99/month). I have a Nexus 5X and I recently switched from an unlimited Verizon data plan to a different plan (long story).

As part of that shift, it looks like Verizon switched me to visual voicemail. I suspect a lot of phones that you get at a Verizon store have some sort of visual voicemail app pre-installed. That app probably intercepts those cryptic texts and uses them to show a voicemail indicator. Ever wondered how the voicemail indicator disappears so fast after you call voicemail? I suspect that’s also because of a Verizon text that is interpreted by your phone.

But a Nexus 5X doesn’t have Verizon’s voicemail app, so it just presents texts from Verizon. To fix this issue, I stopped by a Verizon store and had a rep change me from “basic visual voicemail” to “basic voicemail,” and that fixed the issue. I don’t think you can toggle that setting yourself on Verizon’s website. Added: A friend told me that he got his voicemail changed to basic voicemail by chatting with a Verizon representative online. That might be easier/faster than visiting a Verizon store in person.

Nexus 5X rocks!

By the way, I love my Nexus 5X. It fits well in my hand, the camera is superb, and the fingerprint reader is blazingly fast. Also, the speed and accuracy of voice recognition on the Nexus 5X is amazing.

A final nice feature is that you can insert a Nano SIM card from any of the major carriers in the US. I often switch my Nexus 5X over to Google Fi in various situations; for example, Fi is great if you’re traveling outside the US.

HD Voice

One last tip if you’re still on Verizon: you can get HD Voice for free, but you have to enable it. HD Voice works via Voice over LTE, or VoLTE. HD Voice should have much better audio than a regular cell phone as long as both phones support it. On Verizon’s site, go to My Verizon->My Plan & Services->My Plan->Products & Apps->Manage Products & Apps and then click Free Products. Enable HD Voice on all your compatible lines on the website.

Then you need to enable HD Voice on each of your phones. On recent Android phones, look for Settings->More->Cellular networks->Enhanced 4G LTE Mode. On iPhones, look for Settings->Cellular->Enable LTE and select Voice & Data. More info on HD Voice and Advanced Calling on Verizon is in these FAQs.

What phone are you rocking right now, and how do you like it?

Fixing “full path disclosure” issues

Whether you’re running a web service or a blog, you should always keep your software fully patched to prevent attacks and minimize your attack surface. Another smart step is to prevent full path disclosures. For example, if your blog or service throws an error like

“Warning: require(ABSPATHwp-includes/load.php) [function.require]: failed to open stream: No such file or directory in /home/horace/public_html/wp-settings.php on line 21”

then by noting the full pathname from that error, an attacker could reasonably infer that your username is “horace” and use that try to guess your password. It’s not the end of the world if your attacker has that information, but why not make an attack as hard as possible?

For WordPress, here’s a couple ways to prevent full path disclosure vulnerabilities:
– In a php.ini file, you can add a line like “display_errors = off” (without the quotes).
– In an .htaccess file, you can add a line that says “php_flag display_errors off” (without the quotes).

It sounds like the php.ini approach might be slightly better, because some web hosts run PHP in CGI mode which might not allow php_flag or php_value directives in .htaccess files.

After you’ve made this change, php errors shouldn’t be shown to web clients. If you’re developing live code on a PHP installation, that can make debugging slightly less easy. But if you’re running (say) a blog, it’s probably better to turn off display errors for a little extra protection against attacking hackers.

css.php