Apr 17

Using the PayPal/Verisign Security Key with OpenID for Two-Factor Authentication

5 comments - Post a comment

As soon as I heard PayPal would be offering a $5 Security Key for additional security while logging in, I jumped on it. A few days later, it arrived in the mail. It’s a great idea, but I decided that carrying a little secure key that generates special numbers for the 3 times a month I login to PayPal just wasn’t worth it.

For the uninitiated, two-factor authentication is when two separate methods are used to verify an identity. For example, a thumbprint and a codeword, or a eye scan and a smart card. The most useful in my and many other’s opinion is a One Time password token, like the Paypal/Verisign security key. This device, which is meant to be carried with you at all times (think, belongs on your keychain, and you keep it in your pocket like a key) generates a series of numbers which depend on what time it is. This number, when combined with your password, provides a much more secure way of authenticating that it is really you who is logging into PayPal, and not just some guy from across the world who happens to have guessed, or phished your password.

OpenID is a relatively new technology where you store your personal information at a site called an OpenID Provider, and then other sites authenticate to that site. You then tell the OpenID provider that it is ok to let your target website use your information and itself to authenticate you. After that, when you want to login to this target site, you just need to be logged into your OpenID provider. Maybe this video will clear things up for you.

Some popular OpenID Providers are: MyOpenID, Verisign Labs PIP, and many, many more. I personally use Verisign Labs PIP, simply because I trust Verisign, and established security company, more than many of the other ‘mom and pop’ websites who now all of a sudden are OpenID providers. Call me elitist if you want but that is just how I feel.

So, good idea in theory, but I had a pretty big reservation about it. What if someone was able to get your OpenID username and password? All of a sudden, they have access to ALL of your websites that you use OpenID with, and you are worse off than if you just used seperate usernames and passwords for each one. You do use different passwords for your website logins, right?

So, just today, I thought to myself: wouldn’t it be great to be able to use that Verisign Branded PayPal Security Key with my Verisign Labs PIP account? Lo and behold, a google query later, and I find out that they are one of the only OpenID providers to provide two factor authentication, and that my old PayPal Security key works with it! Bingo!

I didn’t really find too much information online about how to hook the two up, so I thought I would put up an explanation to help others realize the security that this provides them.

1. Get a PayPal Security Key

All you need to do is go to the PayPal Security Key Website, sign in, and place an order for it. A few days later you get a little package with your key, and then you can feel special too.

2. Login or Create an Account at Verisign PIP

The Verisign Labs PIP website has all of the information you need for signing up. Go through all of the steps needed to activate your account before proceeding to the next step.

3. Add your Security Key Credentials to your account.

Go to the “My Account” page, and at the bottom there is a section that says “VIP Credential”.

You will then be asked to enter the credential ID (which are the letters/numbers on the back of your key) and also to push the button to generate a one-time key.

Click add, and you are done!

Next time you log into your OpenID at PIP, you will see the following challenge after you enter your username and password:

At this point, you might be asking what happens if you don’t have your Security Key with you? Well, there is an alternative. They will send you a one-time pin either to your cell phone via text, or to the e-mail account that you have on file with them.

This ensures that even if you don’t have your key with you, access to your websites can still be had. Just make sure your e-mail password is different than your OpenID password!

As an added bonus, they offer a firefox plugin called “Seatbelt” that automatically fills in your OpenID location for you on sites that support OpenID. It’s nice to not have to remember your OpenID URL, which is username.pip.verisignlabs.com. It’s not overly difficult to remember but they definately could use a more catchy URL.

So that is about it - with these two things, you should be sailing along with OpenID using two-factor authentication and minimal effort and money spent!

Jan 30

Use PHP, GD and .htaccess to Watermark All Images in a Directory

1 comment - Post a comment

The goal here is to watermark all images in a certain directory, except for thumbnails or other selection. You can either do this on each file prior to placing on your webserver - which is probably wise for CPU load issues - but let’s just say you want to do this for all files served in a single directory dynamically, a gallery for example.

The first step is to create a .png file with transparency which holds your watermark image. For this exercise, I’ve created this image:

tbwm.png

(I’ve added the border to stand the image out from the background of the page).

Here is the original image we are going to test with:

boratwow.jpg

After we have our watermark and sample image, we need to write a php file to use PHP’s GD function to apply this image to our original image. The particular function we use is imagecopy(). Here is the code I am using, I name it w.php:

<?php

$basedir="/home/user/public_html/com/gallery/";
$watermarkimage="tbwm.png";

$file=basename($_GET['i']);

$image = $basedir."/".$file;
$watermark = $basedir."/".$watermarkimage;

$im = imagecreatefrompng($watermark);

$ext = substr($image, -3);

if (strtolower($ext) == "gif") {
if (!$im2 = imagecreatefromgif($image)) {
echo "Error opening $image!"; exit;
}
} else if(strtolower($ext) == "jpg") {
if (!$im2 = imagecreatefromjpeg($image)) {
echo "Error opening $image!"; exit;
}
} else if(strtolower($ext) == "png") {
if (!$im2 = imagecreatefrompng($image)) {
echo "Error opening $image!"; exit;
}
} else {
die;
}
imagefilledrectangle($im2, 0 , (imagesy($im2))-(imagesy($im)) , imagesx($im2) , imagesy($im2) , imagecolorallocatealpha($im2, 0, 0, 0, 100) );
imagecopy($im2, $im, (imagesx($im2)-(imagesx($im))), (imagesy($im2))-(imagesy($im)), 0, 0, imagesx($im), imagesy($im));

$last_modified = gmdate('D, d M Y H:i:s T', filemtime ($image));

header("Last-Modified: $last_modified");
header("Content-Type: image/jpeg");
imagejpeg($im2,NULL,95);
imagedestroy($im);
imagedestroy($im2);

?>

This file is placed in the images directory.

Also in the images, create an .htaccess file with the following code:

RewriteEngine on
RewriteRule ^([^thumb].*\.[jJ].*)$ /com/gallery/w.php?i=$1

This tells the web server that instead of serving jpg files out of this directory, that we should instead process the filename with w.php and then serve to the browser. It also adds in a clause that if it starts with thumb_, that it will not run on this file. This is so it does not run on thumbnails.

Here is the resulting image, with watermark! This is served right out of an image directory with no watermark on the original picture:

Borat with watermark from php

Dec 27

Dell SP2008WFP 20″ LCD Widescreen Monitor /w Webcam Review

4 comments - Post a comment

For Christmas my wife and I decided to replace our aging circa 1998 19″ CRT with a new LCD Monitor. After searching the web and reading numerous reviews, I decided to purchase the Dell SP2008WFP LCD Monitor. Some of the major features of this monitor are:

  • 20″ Widescreen HD LCD Monitor
  • 2000:1 Dynamic Contrast Ratio
  • 1680 x 1050 native resolution
  • 2ms Response time
  • Built in 2MP webcam
  • 2 side facing USB ports and 2 bottom facing rear ports

For full specs please see the Full Product Page.

For the first time ever I’ve compiled a quick video review of the Dell SP2008WFP - press play to watch the review. Look below for more in depth analysis.






Dell’s monitors come with a 3-yr advance shipment replacement policy, which means that if your monitor goes bad, they will ship you a replacement after you send your defective one back. This is one of the main reasons I ordered directly from dell rather than one of my other favorite places for PC Hardware - Newegg.

First Impressions

Upon first unboxing and turning on this monitor - my first thought was “WOW”! It looks so much sharper and brighter than my old CRT monitor, and even compared to my other Dell LCD monitors at work it looks very sharp. I even had to turn the brightness levels down a bit.

I put on a movie to test it out - when - CRAP! A stuck pixel! There was a stuck blue pixel right in the middle of the screen. Since this was my first experience with a stuck pixel, I was a bit discouraged. Furthermore, I read on Dell’s site that they will only replace a monitor if there are 6 or more dead/stuck pixels. Note that a ‘dead’ pixel is one that is black, and a ’stuck’ pixel is one that is red, blue or green. Upon doing some research - I found out that a ’stuck’ pixel is normally fixable and isn’t as bad as having a dead pixel. After using some methods that I had discovered, it did end up fixing itself after a day or 2, and hasn’t returned since.

Daily use

For daily use the SP2008WFP really excels. The brightness really makes your screen ‘pop’ and everything is extremely sharp. It is best to run at the screen’s native resolution - 1680 x 1050. Depending on your eyesight and how far the monitor is from your seat - you may find fonts to be a bit too small. This can be fixed by modifying the window’s default font size to ‘large’ and setting the default Firefox or IE font size. Personally I had no problems reading the font at this resolution but my wife said it made her eyes twitchy after a while.

The two side USB ports really come in handy for those who use USB Keychains (that includes me!). The bottom ones can be used for a wireless keyboard/mouse dongle or for other USB peripherals.

I added the optional speaker for this monitor. I realize that the audio coming out of it is not spectacular, but since we have a child I wanted to do away with my BASS BOOSTER powered system and this does nicely. The speaker is powered, and has a blue light to let you know it is on. The right side includes a volume control and the left side has inputs for headphones and a microphone. Another nice feature is that the volume control works for the headphone volume, thus eliminating the need to change the volume on the system. My one ‘gripe’ on the speaker is the the volume control does not let you mute the volume without turning it off completely. That meaning that it gets down low and then click off. I wish it would go all the way down to mute and then turn off.

Video

Video looks great on this monitor, even in a bright room. In a darkened room, I did notice some LCD backlight leaking through on the edges on dark scenes in movies. This effect wasn’t overwhelming and I only noticed it when I was looking for it. In a bright room, the blacks look very black and the colors still very crisp.

Webcam

The 2 Megapixel webcam is pretty decent. The drivers indicate that it is actually a Creative webcam built in. The quality is really pretty good, and worked right out of the box for me in programs such as Skype. The built in software allows you to record video, capture images, run motion detection (security) capture, remote monitoring, and ‘time lapse’ video. These functions are neat but not usable for me, so I disable this software to prevent it from adding unneeded system programs. Also, if this software is actually running, it will interfere with other capture programs such as Skype. If you need to run more than one program with your webcam, use Splitcam.

Conclusion

This monitor is a great upgrade from someone moving from a CRT and even from a smaller LCD. The price you can find on Dell’s website is not the cheapest 20″ Widescreen LCD, however it is one of the only non-iMac monitors you can find which includes this webcam ability - which other monitor manufacturers will surely follow. For my own personal uses, it seemed like I could get a 22″ plain LCD or a 20″ with webcam. Time will tell if this was a good purchase, but I think my desk really thanks me in that I have consolidated almost every item on my desk into this one item (excluding my scanner - I don’t think they will be merging monitors and flatbed scanners anytime soon).

At $289 this monitor seems like a good deal and I would recommend the purchase to anyone looking for a new monitor! I figure if I want more desk space in the future, I will move to a dual monitor setup and get a cheap 22″.

May 01

Review: BTC’s 9019 URF Wireless Keyboard / Mouse

1 comment - Post a comment

BTC 9019 URF

If you have an HTPC which uses software such as BeyondTV you can use a remote for the majority of the time but there are times where you will want a good old fashioned keyboard, for surfing the web or other PC maintenance tasks. Sure you could use a wired keyboard or mouse, but who really wants to be tied to your Television which might be across the room. Typical wireless keyboards may only work several feet away from your PC. The 9019URF works at least 3.5 meters (10.5 feet) away from your PC, and in my experience it worked in another room on a different level, through the walls. It uses Radio Frequencies (RF) which can go through walls and does not require line of sight.


The box contains everything you need to use the keyboard:

  • Wireless RF Keyboard
  • USB PC Interface
  • CD with optional drivers and manual
  • 2 x AA batteries for the keyboard


Box contents

Installing the keyboard is as simple as installing the batteries, and plugging the USB PC connector. The keyboard works out of the box in this setup. However, if you want to use the special “media” keys to launch your internet browser or e-mail, you will need to install the software which came on the CD, or download them from BTC’s website.

As I have hinted above, the BTC 9019 includes a pointing device right on the keyboard.

9019 mouse

This pointer works fairly well while using your keyboard. It also has left click built in - if you wish to use right click, you will need to use the button to the immediate right of the pointer. Also to the immediate left, a scroll up and scroll down button have been placed. This is very handy while you are viewing any web pages.

Integration with any HTPC or DVR software, such as BeyondTV, works just as well as with any other keyboard. It is nice to be able to use the finess of keyboard/mouse combo when controlling BTV, or your system in general.

btv

I had a small issue with the receiver where it seemed to lose its connection when I held the keyboard at a certain angle. This only seemed to be at a certain range, and moving the angle of the keyboard always fixed the issue. After moving the receiver on top of my entertainment system, rather than behind, the issue seemed to go away. This indicates to me that this keyboard might be susceptible to RF interference from components. When placing the receiver, make sure it is as far away from components as possible.

Overall the keyboard feels solid and not as cheap as I expected considering it’s bargain pricetag. At $35 as of 5/2007 from the SnapStream Store, it is a great deal.

I give this keyboard a:



Highly Recommended

Would Recommend to Family and Friends


Provided by: SnapStream
Review Date: 5/1/2007

Apr 05

Must have Windows Mobile Applications

2 comments - Post a comment

I recently purchased the Cingular 8525 Windows Mobile 5.0 phone. The base applications are alright, but if you really want to use it to it’s full potential there are several “Must have” applications for it. I couldn’t find any sites that had a list like this, so I thought I would put one together.

System Administration

1. PHM Registry editor - (free) - This allows you to edit your registry, along with backing up and restoring it. I would recommend doing a backup as soon as you get your phone in case something goes wrong!

2. .NET VNC Viewer - (free) - Allows you to connect to a PC with VNC Server over the network.


Usability

3. rlToday - (free) - Adds a clock, calendar, and more to your today screen. Fully skinnable to your liking. Also displays registry keys, which then allows you to show if you have new messages or your phone signal.

4. PhoneAlarm - (US$24.95) - Skinnable today screen plugin which shows new messages, voicemails, missed called. Can also control Bluetooth and Wifi. Also allows you to schedule profiles for your phone, which control volume, message alerts and the like. It is great because you can have your phone automatically turn off rings for nighttime, or quickly set to a “Meeting” mode which sets your phone to vibrate.

5. SPB Mobile Shell - (US$29.95) - If you want to forgo designing your plugins to make the today screen a simple information screen (as I have) this this software is a good drop-in replacement. When you wake up your phone, it shows a clock, signal information, mails, weather, and upcoming appointments. It also replaces your normal menu with a “large font” version that makes it easy to navigate with one hand. However, there is a problem with this software. On my Cingular 8525 it causes the phone to freeze frequently, making a soft reset necessary. So, try out the demo before purchasing this software.

Internet Applications

6. Opera Mobile - (US$24, Demo available) - This mobile browser kicks Pocket Internet Explorer’s ass. Opera Mobile has single column rendering, javascript support, and more, all of which PIE lacks.

opera.jpg

7. Google Maps Mobile - (free) - This mapping software kicks ass. You can get directions, display a road or aerial map, search for businesses, show traffic, connect your GPS, and more. All for one low cost price.

gmaps.jpg

8. Microsoft Live Search for Mobile - (free) - A really nice mobile suite. Give you one hand access to a Category search (for example: restaurants, shopping, transportation, etc.), mapping (road or aerial), directions, and more. GPS access is also included. Live Search has a slight edge over Google Maps Mobile. It has the ability to go full screen, and also includes a nicer interface to the keys on the phone, allowing better one handed map browsing.

livesearch.jpg

9. Boopsie - (free) - This little known application is one of the best things since sliced bread. If you are a nerd like me, sometimes you have contests with your friends to see who can look up a movie name, or who was that guy in some movie, or where in the world is Estonia. Using this software, you launch the program, select your search category, such as Wikipedia, IMDB, Amazon, Dictionary.com and many more, and start typing your search term. As you are typing, it will narrow down the words so as soon as there is one entry left, you hit enter and it will bring up the page on that term. It is a really fast way to search for any kind of information you can think of. Highly recommended.

boopsie.jpg

Multimedia

10. Orb.com - (free) - First you install Orb to your home PC. Then you poke holes through your firewall to allow access to your digital media. Then you access the Orb portal at mycast.orb.com. You can stream any media you want off of your home PC, and onto your mobile device. This includes LIVE TV if you have a tuner card in your PC. The only tricky part is that you need to use a web browser to access your media, so it is not exactly easy to access your content if you have a large library.

Bonus - if you have a Wii, Orb has customized their portal to work with Wii. It will play your local content over the Internet Channel using a flash applet. It plays all of your music (with album art) and also video and Live TV.

11. PocketPlayer - (US$19.95, Demo Available) - This is the best music player I’ve found for Windows Mobile. It has “iPod” like menus which allow you to scroll through your music on your memory card. But, unlike what the iPod is capable of doing, it has many other functions. You can add Podcasts, which it will download and stream over your net connection, it will play some video (mostly WMV, it is not a great video player, see the next item) and also play music over uPnP so you can play music off of your Orb server, for example.

pocketplayer2.jpg pocketplayer1.jpg

12. CorePlayer - (US$19.95) - This media player is not free, but it is hands down the best video player for Windows Media. It supports a lot of codecs, including H.264 (AVC), MKV, MPEG-1, MPEG-4 part 2 (ASP), DivX, XviD, WMV, MJPEG, Matroska, TS, PS, 3GPP, MOV, AVI, MPEG-4, NSV. It also plays audio files, but it does not seem to have a library function and I found PocketPlayer to be superior in this regard. I’ve heard that you can use TCPMP (which is no longer seems to be in development and who’s website is currently down) plus a few plugins, but I found this media player to be much better and worth it for the time you would have spent.

Games

13. ScummVM - (free) - The SCUMM (Script Creation Utility for Maniac Mansion) Engine runs classic games such as Maniac Mansion, Day of the Tentacle, Sam and Max, and Indiana Jones and the Fate of Atlantis. Since these games are not made for high resolution, they are perfect for the QVGA resolution of a Windows Mobile screen.

14. Pocket UFO - (free) - PocketUFO is a “pixel perfect” remake of the game X-COM UFO Defense (X-COM Enemy Unknown), which is one of the best games of all time. Like SCUMMVM, these games were not meant for the high resolution screens of today, but translate perfectly to the PocketPC.

Windows Desktop

15. ActiveSync - (free) - You probably already have this installed if you have a Windows Mobile device but I thought that this list would be incomplete without it.

16. ThemeGenCE - (free) - This is a little complicated to use but you can really cusomize your Windows Mobile theme. It allows you to grab the current screen from your device, and completely customize the colors and background for free. There is a tutorial for ThemeGenCE which describes how to use it a bit better if you are lost.

17. GetPDAScreen - (free) - Allows you to take screen captures from your PocketPC to a PC connected via ActiveSync.

Mar 09

T-Mobile will unlock your Motorola phone (for free!)

5 comments - Post a comment

V360

Phones come in two ways, locked or unlocked. If a phone is locked, then you can only use it with one provider, such as T-Mobile or Cingular/AT&T. If it is unlocked, you can put a sim card in from another carrier, and use the phone just as normal. Phones are locked because a carrier typically gives you the phone for cheap, and in return you need to stay with them for a certain amount of time. Reasons you might want to have an unlocked phone include: using your phone on a separate carrier, international travel and using a country’s native GSM network, and fetching a higher “unlocked” phone price at auction.

Different phone models have different ways of being unlocked. With Nokias and SonyEricsson, as far as I know, you can generate an unlock code based on the IMEI (Unique identifier) of the phone. These generators can be found for free around the net, just ask google or other trusted source.

Motorola phones are different, they require a unique number that is apparently stored on a secure database which you need to pay to gain access to. I’ve typically found these online services for about $25 per phone.

If you are with T-Mobile, you are in luck. They have one of the most generous unlocking policies for their phones. I’ve heard experiences with other providers are hit or miss. T-mobile has a clearly spelled out policy:

SIM Unlock:

T-Mobile branded phones operating on the T-Mobile network may only use T-Mobile SIM cards. To use a T-Mobile branded phone on another wireless carrier’s network with a non-T-Mobile SIM card, you must first request a “SIM Unlock” code from T-Mobile. Conversely, if you have a phone from another North American wireless carrier, you may need to request a “SIM Unlock” code from that carrier before being able to use a T-Mobile SIM card on the T-Mobile network.

SIM Unlock Requests:

T-Mobile customers must meet the following eligibility requirements before contacting Customer Service to request your SIM Unlock code.

The following restrictions apply to all account types:

* T-Mobile can provide SIM Unlock Codes only for handsets sold by T-Mobile USA, with the exception of Danger Sidekick devices. T-Mobile can obtain SIM Unlock Codes for companies acquired by t-Mobile USA (VoiceStream, Aerial, Omnipoint, SOL, Digiph, PCS One, and Powertel).
* SIM Unlock Codes will only be provided after your account has been active for 90 days. Only one unlock code may be provided per customer every 90 days.
* No SIM Unlock Codes will be provided within the 14-Day Buyer’s Remorse period. Customers who purchase phones in CA California or via Amazon.com are granted a 30-Day Buyer’s Remorse Period.
* SIM Unlock Codes are not always available from the Manufacturer. However, T-Mobile will make a dedicated effort to obtain the SIM Unlock code. Note: Other restrictions may apply depending on account type.

To get your Motorola phone unlocked, simple call T-Mobile Customer Service. Tell them you’d like to unlock your phone, and then they will ask for the make and module, and verify that you are eligible for the unlock code (you must have been an active customer for 90 days). They will then have you tell them the IMEI number on your phone, and provide an e-mail address. They may also ask the reason you are requesting the code - I felt bad telling them I was moving to Cingular, so I said I wanted to use my phone internationally. The reason you normally do this internationally, is that rather than

Within 24 hours, you should receive an e-mail that looks similar to the following:

T-Mobile Sim Unlock Request
Sim Unlock Reference: 095XXXX
IMEI: 356866XXXXXXXX
Unlock Code: 54907825

Thank you for taking the time to contact T-Mobile. Below you will see the Instructions for unlocking your Motorola device.

Before you start you must have a foreign (non-T Mobile) SIM card entered into the handset. If the display reads “Enter Special Code”, enter the unlock code and press “OK”. If the display does not ask for Special code, please enter the instructions below.

1.Press the Menu key on the keypad, and then quickly press 073887*.You should see the Enter Security Code screen.
2.Enter 000000 and select OK.
3.Scroll to Unlock SIM select it.
4.Enter the SIM unlock code and select OK.
5.Press the End key to return to the main screen.

NOTE: If the phone displays, “Please wait to enter special code” or “Contact service provider,” you will have to wait for it to change back. Please be aware that the phone must stay powered on to do this. If the battery is low, be sure to plug it in. It could take 15 minutes to an hour to change back. If the phone does not change back, the handset will need to be replaced.

Thank You,

Sim Unlock Department
T-Mobile USA, Inc.

This e-mail will change depending on your model of phone.

To sum things up, if you have been with T-mobile more than 90 days and wish to unlock your phone, give them a call! T-mobile has the best customer service around, and if they had good coverage in my area I would definitely be staying with them.

Technorati Tags: , , , ,
Feb 08

Mirror: Using Skype and Unlocking your T-Mobile SDA

9 comments - Post a comment

Editor’s note: This post was not written by me, it was written by Ken who’s website is sixpixelsapart.com, and is currently down. The original link to this post is here. I grabbed this post from a google cache of his page. Use at your own risk!

Introduction

Today I have a special treat for any of you
with a T-Mobile SDA
like my own. I’ve decided to write a nice little article about how to
unlock your SDA
so that you can use it with any provider (T-Mobile, Cingular,
Verizon, any provider with SIM cards). The added bonus here, however,
is the piece of this article that explains how to overclock your SDA
and install SKYPE for use over your WLAN network. Skype is a VoIP
(Voice over Internet Protocol) program that, when you add some money
to the account ($12 worked for me for about 6 months) allows you to
get your own Skype phone number (dialable from any landline or other
cell phone) and place calls to any landline or cellphone for a
fraction of the cost of regular T-Mobile cell phone minutes. Well, I
think that sums it up, so let’s get on to the how to: Unlocking
Your SDA
for FREE To unlock your SDA,
you’ll require the following things:



  • A PC running Windows (Windows XP
    is best, if you can swing it)

  • Your T-Mobile SDA

  • A USB-to-Mini USB cable (the one
    that connects your SDA
    to your computer)

  • Some amount of sanity

  • A desire to be free of (or have the ability to be free of)
    your current network


WARNING: What you are about to do will
almost certainly void your warranty. Don’t try it unless you know
what you are doing. I take no responsibility for your bricked cell
phone. Once again: don’t try this unless you know what you’re doing.
If you don’t have Microsoft’s ActiveSync installed and configured
already, do so by installing it from the CD that came with your SDA,
or by downloading it here.
If you’re downloading it, you should just be able to install it from
the file you’ve downloaded. –> Test the connection between your
computer and SDA
by plugging in your USB cable to the phone and PC. They should begin
synchronizing. Allow them to do so, and when they’re finished, leave
the SDA
plugged into the PC <– Now that you have ActiveSync configured,
you’ll need to download some software that will assist you in
unlocking your SDA.
The first tool, SDA_ApplicationUnlock, removes the phone’s lock
against running unsigned applications. An unsigned application is an
application that was not created by a reputable company (in this
case, T-Mobile). SDA_ApplicationUnlock was created by the spectacular
NovoMobile. –> Download
SDA_ApplicationUnlock <– Next, you’ll need to get the
SPV-Services toolset, which is provided free-of-charge by the
wonderful developers over at SPV-Developers.com.
The SPV-Services toolset will allow SPV-Developers.com’s server to
interface with your phone and unlock it for you. Download the toolset
as a ZIP file, and extract it to a new folder with a name of your
choice on your desktop. –> Download
the SPV-Services toolset <– Now that you have the software
necessary to unlock your phone, you’ll need to do two things before
you can start doing so: Begin by running the SDA_ApplicationUnlock
program with your phone still plugged in. Just do what the program
tells you. You should get a message telling you that your phone was
successfully unlocked. Next, you’ll need to install the Cert.cab file
on your phone. The Cert.cab file can be installed by copying it to
your phone using the "explore device" button in ActiveSync.
Next, simply use the File Explorer program on your SDA
to browse to the file and open it. That’s it. Now, open the
SPV-Services toolset folder that you created on your desktop. Inside
is a file called SPVServices.exe. Start it, and use the sidebar on
the left to select "SIM lock" or something similar. Follow
the instructions on the page, and click the button to unlock the
phone. The process should be fairly instantanious. DO NOT AT ANY TIME
UNPLUG YOUR PHONE. You can also change your CID if you feel the need
to. Assuming everything has gone on without a hitch, that’s all you
had to do! Your phone is now unlocked and can be used with any
network!

Installing and Using SKYPE to Make Phone Calls Over
Your Wireless LAN

Now here’s the exciting part — the one
that saves you money! A lovely company called Skype allows you to
make calls to other Skype members over the internet. However, if you
add some money to your Skype account, you get SkypeOut and SkypeIn -
services that, respectively, allow you to make calls to outside
numbers (landline and cell phone numbers) and recieve calls (at your
own personal phone number just like any other). This part of the
tutorial will guide you in installing Skype on your SDA,
and overclocking it so that lag is minimized. If you complete this
tutorial successfully, you’ll be able to make phone calls (almost for
free) to anywhere in the world over your home, work, or school
wireless networks. WARNING: This part of
the the tutorial will involve manually modifying the software and
operating system of the SDA.
It will also involve overclocking (or increasing the speed of) the
SDA
to potentially unsafe levels. As tested, I haven’t had any problems.
You should be okay, but there is always a possibility (as with
anything you do) that your SDA
will be damaged. I assume no responsibility for this or any other
modification you make to your SDA.
Following these instructions as closely as possible will minimize
risks to your person or phone. That said, let’s get started! Begin by
downloading
the Skype cab file, and extracting and renaming its contents. If
you have Windows XP, you can simply double-click on the .CAB file to
open it. If you don’t have XP, you’ll need WinZip or an something or
something of the like. Extract the contents of the .CAB file to a new
folder on your desktop, and rename the files as shown:



  • 000Boing.002 becomes
    Boing.wav

  • 000Skype.001 becomes
    Skype.exe

  • SKYPED~1.003 becomes SkypeDialer.dll


Without overclocking the SDA,
Skype has a 10-second delay when calling a landline. You’ll want to
overclock yours up to 240 MHz. You can do so by downloading a nifty
little program called OmapClock, which you can find here. You can
simply move it to the /Windows folder on your SDA
via the "explore device" button in ActiveSync. When it has
been transferred to your SDA,
execute it by selecting it using the "file manager" program
on the SDA.
If it does not run correctly, chances are that you didn’t
application-unlock your SDA.
Do so by following the first part of this tutorial. Change the
processor speed to 240 MHz (NO MORE, NO LESS) and save your
settings using the left soft-button menu. After you’ve done so, move
the Boing.wav, Skype.exe, and SkypeDialer.dll files to the SDA
using ActiveSync’s "explore device" functionality. You’ll
want to put them in the "/Windows" folder. Congrads, skype
is installed. Unfortunately, you still have to configure it, which is
made harder by the fact that the SDA
doesn’t have a touchscreen. You’ll have to use a neat program called
Pocket Controller Pro to actually tap Skype’s "Sign In"
button (because it was designed for Pocket PCs with touchscreens).
Luckily, you’ll never have to use this program again (unless you need
to reconfigure it). You can download
Pocket Controller Pro here (as a trial with full functionality).
Install Pocket Controller Pro, open Skype on your device, and enter
your Skype account information - using your PC’s mouse to click on
the "Sign In" button. Make sure that you’ve told Skype to
remember your sign-in information (sign-in automatically on startup).
That’s it! You should have working Skype! Optional: If you’re like
me, you have/hate the dreaded T-Zones button on your phone. We can
change the functionality of that button so that it opens Skype
instead! To do so, open a new notepad (.txt) file and paste
"19#/Windows/Skype.exe" (without the quotes) on the first
line of the file. Save the file as "Short_AP1.lnk" and move
that file to the /Windows folder of your SDA
using ActiveSync’s "explore device" functionality. It
should ask if you want to overwrite a file with the same name. Click
"yes" or "yes to all". That should do it! Hope
you’ve enjoyed this little tutorial!!! ALSO: There have been some
follow-ups! Look through the posts at the top of my homepage.
The follow-ups basically answer any questions you submit in your
comments.

Jan 31

Map a drive letter to a SFTP / SSH Server

1 comment - Post a comment

My preferred server platform is linux. I have not yet been able to move to a linux-based system for my daily work, and trust me I’ve tried a number of times to move to a Fedora or Ubuntu desktop. Windows is still best for productivity and day-to-day tasks, as well as compatibility with other office workers. However that brings up the question of how to access resources on a linux system, securely, and easily enough to not take too much time out of your workflow.

I have previously used the free WinSCP to do this. However, much like the FTP clients of yore, you need to transfer the file to your local PC, do the actual editing on your workstation (I prefer PSPad by the way), and then transfer the file back to the server.

Windows fixed this particular issue by adding in Mapped drives, which can connect to an FTP source. This is all great, and it works fine, but it is not a secure way to transfer files which may or may not include sensitive information in them.

Recently a few programs have come out that connect to an SSH server via SFTP and map a drive on your system. The two that I have found and are viable are called Webdrive and SftpDrive. Both products offer a secure connection to your SSH server, including a mapped drive letter. Below is a short review of each product:

SftpDrive

Sftpdrive

SftpDrive is a program that does one thing and it does one thing well - it connects you to your server via SFTP. In my testing the speed was very fast, it seemed faster than my WinSCP connection even. It does not do caching, which in my mind is a good thing because it can cause problems with different versions of files moving between your system and the server source.

Their support is top notch - contacting them resulted in an immediate email back. They also have some great forums for user interaction, and the owner frequents there as well.

Price: $39 - unlimited upgrades to future versions

Webdrive

The other alternative is Webdrive. This software has a few more bells and whistles - notably:

  • Ability to map WebDAV and FTP in addition to SFTP servers
  • Caches remote directories locally

If you have the need to map a WebDAV or FTP connection, you can manage this right inside of this program. In this regards, this software will be a ‘one stop shop’ for mapping drives on your system.

It also can cache files on your local system. This has both advantages and disadvantages. The advantage, especially on a slower connection / link, is that when you edit a file on the drive you will actually be editing a file on your local PC, speeding up this process. The disadvantage with this, is that your server files may not be updated right away, adding a delay to when you edit a file and actually having it live on the server. This could add confusion when dealing with a configuration issue or other problem and adds a layer of complexity.

Price: $59.95 /w 1 year of upgrades, $79.95 /w 2 years of upgrades

Final Verdict
It was a close race but Sftpdrive comes out on top for my needs. Unless your organization has a need to keep mapped drives all under the same software, or you are working with a very slow connection, Sftpdrive will work fine for your needs. Also edging it closer to the win is the cheaper price, and the ability to receive upgrades to the software in the future without paying an additional fee. Using this software will increase the overall security of your day-to-day system administration tasks while reducing your time involved.

I would strongly recommend downloading a trial version of each software package and see which one fits your needs!

  • WebDrive - A 20-day demo version
  • SftpDrive - Get a trial 45-day key and download software

Note 1:
If you need an automated backup solution, I strongly recommend SyncBackSE. Using this backup software + Sftpdrive, you can have an automated, safe backup to an offsite location. Not only will your transfers be secure, but SyncBackSE will encrypt the contents of your backup on the remote location. This is great if you are using a server or other remote service to store your backups - although most services are reputable I wouldn’t want anyone to have access to my financial or other personal information.

Notes 2:
The faster your UPLOAD speed to the internet, the better performance you will see on your mapped SFTP drive. Currently the ISP which has the best upload speeds for the value in my area (Philadelphia) is Verizon Fios. Their lowest package offers 5mbit download, and 2mbit upload. This compares to Comcast which only offers a 384kbps upload on their basic package.

Technorati Tags: , , , , , , ,
Oct 02

Apache’s mod_proxy with Exchange’s Outlook Web Access

No comment - Post a comment

Apache’s mod_proxy module is simply one of the best Apache modules out there. With it, you can do all sorts of things that you usually would not be able to do if you are behind a firewall or other limited network situations.

A problem that recently came up for me was how Microsoft Outlook Web Access (OWA) needs to run on an exchange server, however my linux server is the one that faces the internet (I have the firewall forward the ports to this server). I also purchased an SSL certificate for one domain, so I wanted to use this certificate to access OWA with a proper validating certificate.

All sounds well and good. Using this mod_proxy configuration should work:
ProxyPreserveHost On

#OWA % character in email subject fix
RewriteEngine On
RewriteMap percentsubject int:escape
RewriteCond $1 ^/exchange/.*\%.*$
RewriteRule (/exchange/.*) ${percentsubject:$1} [P]

#OWA
ProxyPass /exchange https://exchangserver.example.com/exchange
ProxyPassReverse /exchange https://exchangeserver.example.com/exchange
ProxyPass /Exchange https://exchangeserver.example.com/exchange
ProxyPassReverse /Exchange https://exchangeserver.example.com/exchange
ProxyPass /exchweb https://exchangeserver.example.com/exchweb
ProxyPassReverse /exchweb https://exchangeserver.example.com/exchweb
ProxyPass /public https://exchangeserver.example.com/public
ProxyPassReverse /public https://exchangeserver.example.com/public
ProxyPass /iisadmpwd https://exchangeserver.example.com/iisadmpwd
ProxyPassReverse /iisadmpwd https://exchangeserver.example.com/iisadmpwd

Problem - it works ok - except in IE it will prompt you for the password indefinately and not allow you in. In Firefox (Mozilla) it rejects your password, until you hit cancel, then enter your password and it finally allows you in.

To fix this issue, you need to disable “Integrated Windows Authentication”. In the IIS administration panel, go to the website for your exchange server (”Default site” by default) and find the exchange share (This is most likely “Exchange” and “Public”). From there, right click, go to Properties->Directory Security->Anonymous Access and Authentication Control. Make sure “Basic Authentication” is checked while “Integrated Windows Authentication” is unchecked. Do this for any other Exchange shares. This allows authentication to work OK.

Second problem… in OWA, in Internet Explorer only, when you try to view your inbox the “Loading…” message appears indefinately. Microsoft’s Knowledgebase Article 280823 has a few workarounds for this problem, none of which worked for me. OWA apparently has two modes that it runs in, “rich” and “reach” modes. The “rich” client, which it uses for Internet Explorer, can have issues when running behind a firewall. It uses http-dav components which are not passed through correctly.

Now a fix, let’s make sure all clients run in “reach” mode! Using apache, we can hard-code the User agent that will hit the Exchange server. We use the mod_header module of apache, so make sure you compile it in with –enable-headers. Note: this only works with Apache 2.0. Once you have this compiled in, let’s set the User agent:
RequestHeader set User-Agent "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7)"
You can use whatever you’d like in the user-agent string, as long as Outlook Web Access does not think it is IE, then it will serve the “reach” client.

After correcting all of the above issues, Outlook Web Access finally works in both Internet Explorer and Firefox.

Technorati Tags: , , , , , , , , ,
Sep 24

Third Party Drivers in Remote Windows Installation

No comment - Post a comment

There is this great software for doing remote unattended Windows installs called, well, Unattended. It allows you to boot/install different windows versions without any intervention which is great if you are doing a number of Windows installs. This is a bit different than MSFN’s Unattended install which mainly is done off of CD media. MSFN’s site is still a great source of information on these types of installs but we are focusing on the network Unattended software since we are too lazy to have to/want to physically be at the datacenter to do the installs!

If the windows included drivers.cab does not include your drivers, then once unattended (I’ll refer to the sourceforge network version of unattended from now on) installs windows, you will not be able to use the network card to access the PC any more. Therefore, you need a way to install 3rd party drivers directly into the install I386 directory on your server. This article explains the process from a CD standpoint. But let me clarify for our network Unattended install.

First you need to locate the driver that the hardware needs to be usable on this system. Once you are positive which driver the system needs, place the files into /usr/local/unattended/install/os/INSTALLDIR/I386/$OEM/$1/Drivers/DRIVERNAME
Where INSTALLDIR is the name of the windows version you are installing (w2k3 for example) and DRIVERNAME is a unique name for the driver.

Now, according to the previous article you may think that you need to modify the WINNT.SIF file in the I386 directory. However for our remote unattended install server, this file is not used. You need to modify the /usr/local/unattended/install/site/unattend.txt file.

In the [Unattended] section, add the following lines if you do not have them:

OemPreinstall = "Yes"
OemPnpDriversPath= "Drivers\DRIVERNAME;Drivers\SOMEOTHERDRIVER"
DriverSigningPolicy = Ignore

Add each driver using this syntax, separate them using the semi-colon. During the install, it will copy the files in the $OEM$\$1\Drivers directory to C:\Drivers, and because we placed the above lines in unattend.txt, Windows knows to use these drivers during the PNP phase of the install.

Also to clarify the driver types, there are 2 different kinds of drivers during the windows install. The TEXT (TXT) mode drivers are used in the initial phase of the install (like where you hit F6 to install 3rd party drivers), and then there are Plug-and-Play (PNP) mode drivers. The PNP drivers are loaded later in the install process once the system goes to set up the network configuration.

Feel free to contact me if you have any questions on this!

  • Welcome to systemBash, a technology and system administration blog by David Drager. If you enjoy this sort of content, can can subscribe to the RSS using the link to the right.