As soon as I heard PayPal would be offering a $5 Security Key for additional security while logging in, I jumped on it. A few days later, it arrived in the mail. It’s a great idea, but I decided that carrying a little secure key that generates special numbers for the 3 times a month I login to PayPal just wasn’t worth it.

For the uninitiated, two-factor authentication is when two separate methods are used to verify an identity. For example, a thumbprint and a codeword, or a eye scan and a smart card. The most useful in my and many other’s opinion is a One Time password token, like the Paypal/Verisign security key. This device, which is meant to be carried with you at all times (think, belongs on your keychain, and you keep it in your pocket like a key) generates a series of numbers which depend on what time it is. This number, when combined with your password, provides a much more secure way of authenticating that it is really you who is logging into PayPal, and not just some guy from across the world who happens to have guessed, or phished your password.

OpenID is a relatively new technology where you store your personal information at a site called an OpenID Provider, and then other sites authenticate to that site. You then tell the OpenID provider that it is ok to let your target website use your information and itself to authenticate you. After that, when you want to login to this target site, you just need to be logged into your OpenID provider. Maybe this video will clear things up for you.

Some popular OpenID Providers are: MyOpenID, Verisign Labs PIP, and many, many more. I personally use Verisign Labs PIP, simply because I trust Verisign, and established security company, more than many of the other ‘mom and pop’ websites who now all of a sudden are OpenID providers. Call me elitist if you want but that is just how I feel.

So, good idea in theory, but I had a pretty big reservation about it. What if someone was able to get your OpenID username and password? All of a sudden, they have access to ALL of your websites that you use OpenID with, and you are worse off than if you just used seperate usernames and passwords for each one. You do use different passwords for your website logins, right?

So, just today, I thought to myself: wouldn’t it be great to be able to use that Verisign Branded PayPal Security Key with my Verisign Labs PIP account? Lo and behold, a google query later, and I find out that they are one of the only OpenID providers to provide two factor authentication, and that my old PayPal Security key works with it! Bingo!

I didn’t really find too much information online about how to hook the two up, so I thought I would put up an explanation to help others realize the security that this provides them.

1. Get a PayPal Security Key

All you need to do is go to the PayPal Security Key Website, sign in, and place an order for it. A few days later you get a little package with your key, and then you can feel special too.

2. Login or Create an Account at Verisign PIP

The Verisign Labs PIP website has all of the information you need for signing up. Go through all of the steps needed to activate your account before proceeding to the next step.

3. Add your Security Key Credentials to your account.

Go to the “My Account” page, and at the bottom there is a section that says “VIP Credential”.

You will then be asked to enter the credential ID (which are the letters/numbers on the back of your key) and also to push the button to generate a one-time key.

Click add, and you are done!

Next time you log into your OpenID at PIP, you will see the following challenge after you enter your username and password:

At this point, you might be asking what happens if you don’t have your Security Key with you? Well, there is an alternative. They will send you a one-time pin either to your cell phone via text, or to the e-mail account that you have on file with them.

This ensures that even if you don’t have your key with you, access to your websites can still be had. Just make sure your e-mail password is different than your OpenID password!

As an added bonus, they offer a firefox plugin called “Seatbelt” that automatically fills in your OpenID location for you on sites that support OpenID. It’s nice to not have to remember your OpenID URL, which is username.pip.verisignlabs.com. It’s not overly difficult to remember but they definately could use a more catchy URL.

So that is about it - with these two things, you should be sailing along with OpenID using two-factor authentication and minimal effort and money spent!

This great post over at Internet Tablet Talk describes how to pair the Nintento Wii control (wiimote) to the Maemo OS2008 using Bluetooth.

Functionality is pretty limited at the moment, but I was able to play lxdoom using the wii remote. That is pretty damn cool and opens up a lot of gaming possibilites with the N800, since a bunch of emulators have already been ported to it! Old NES games, here I come!

In case you were wondering, I just invented the phrase PVPN - Personal Virtual Private Network.

I use Hamachi to connect my work, home and laptop PCs and I’ve found it invaluable over the past few years for a number of reasons. Music over VPN, Remote Desktop/VNC over VPN, and more. So now, I’d like to join my N800 to this growing network to make easy and secure access and file transfer wherever I am connected.

Fortunately the folks at Logmein have compiled a client for the N770, and this also works on OS2008 on the N800 (Let me know on the N810).

This is an alternate take on the wiki article at Logmeinwiki.

Note: For the commands below I will have assumed that you have already installed the openssh server so you can access the N800 via an SSH client with root access. You can also use the built in Xterm and gainroot but it is a pain in the ass typing all of those commands in via the touchpad. If you are using gainroot some of the directories below will change, for example Hamachi will install in /home/user/.hamachi instead of /root/.hamachi. Also I downloaded the client to my memory card in /media/mmc2/ but you can put it anywhere.

Your login should look like this:

BusyBox v1.6.1 (2007-09-27 18:08:59 EEST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

Nokia-N800-51-3:~#

Make sure wget is installed:

apt-get install wget

Make to get the latest Logmein Client from http://files.hamachi.cc/linux/nokia-770/.

Just follow my process below for installing the Hamachi client and joining your network.

Nokia-N800-51-3:/media/mmc2/tmp# wget http://files.hamachi.cc/linux/nokia-770/hamachi-0.9.9.9-20-lnx-n770.tar.gz
--10:31:47-- http://files.hamachi.cc/linux/nokia-770/hamachi-0.9.9.9-20-lnx-n770.tar.gz
= `hamachi-0.9.9.9-20-lnx-n770.tar.gz'
Resolving files.hamachi.cc... 72.5.76.16
Connecting to files.hamachi.cc|72.5.76.16|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 116,020 (113K) [text/plain]

Authentication information has been created. Hamachi can now be started with
'hamachi start' command and then brought online with 'hamachi login'.
Nokia-N800-51-3:~# hamachi start
Starting Hamachi hamachi-lnx-n770-0.9.9.9-20 .. ok
Nokia-N800-51-3:~#

Hamachi is now running on our little tablet!

But it has not joined our network at this point, so we follow the logmein Hamachi documentation to do so.

Nokia-N800-51-3:~# hamachi set-nick DaveN800
Setting nickname .. ok
Nokia-N800-51-3:~# hamachi login
Logging in ....>....... ok
Nokia-N800-51-3:~# hamachi join YourNetwork
Password:
Joining YourNetwork .. ok
Nokia-N800-51-3:~# hamachi go-online YourNetwork
Going online in YourNetwork .. ok
Nokia-N800-51-3:~#

And now…checking other Hamachi clients, shows our little device is online!

Now we need to tell our tablet to put hamachi online whenever we restart the system and also set the keepalive lower.

To lower the keepalive:

Nokia-N800-51-3:~/.hamachi# echo "KeepAlive 20" >> ~/.hamachi/config

<code>/sbin/tuncfg;/usr/bin/hamachi -c /root/.hamachi start

In order to do this, use VI.

vi /etc/init.d/rcS

• Press capitol ‘G‘ to scroll to bottom of the file
• type ‘i‘ to enter insert mode
• hit up a few times to a blank line before exit 0, or hit enter at the beginning of the line to create a new line.
• Paste the above line into the file
• Press “esc” using the special xterm button, or hit escape if you are using ssh.
• type “:wq!” — this command enters the command, mode, tells it to write the file, then quit and execute

That should be all you need! Power off the N800 and power it back up. After restarting your N800 you should see it connect to your PVPN Hamachi network and be online!

Let me know if you have any problems or comments about the above installation procedure!

Adding swap space is pretty easy. This will add more, but slower ram; helping you when dealing with large files. In general, linux likes to have twice the amount of swap space as RAM. Since the N800 has 128M memory, I’m adding 256M. We’ll see how this perform in the long run.

Before, no swap in use:

Nokia-N800-51-3:~# free
total used free shared buffers
Mem: 126828 87248 39580 0 1012
Swap: 0 0 0
Total: 126828 87248 39580

Performing commands to add swap file and use it on reboots:

Nokia-N800-51-3:~# cd /media/mmc2/
Nokia-N800-51-3:/media/mmc2# dd if=/dev/zero of=./.swap bs=1024 count=262144
262144+0 records in
262144+0 records out
Nokia-N800-51-3:/media/mmc2# mkswap /media/mmc2/.swap
Setting up swapspace version 1, size = 268431361 bytes
Nokia-N800-51-3:/media/mmc2# swapon /media/mmc2/.swap
Nokia-N800-51-3:/media/mmc2# echo "/media/mmc2/.swap none swap sw 0 0" >> /etc/fstab
Nokia-N800-51-3:/media/mmc2# cat /etc/fstab
rootfs / rootfs defaults,errors=remount-ro,noatime 0 0
/dev/mmcblk0p1 /media/mmc1 vfat rw,noauto,nodev,noexec,nosuid,utf8,uid=29999 0 0
/media/mmc2/.swap none swap sw 0 0
Nokia-N800-51-3:/media/mmc2# vi /etc/init.d/rcS

The system is going down for reboot NOW!


Swap file is now in use:

Nokia-N800-51-3:~# free
total used free shared buffers
Mem: 126828 98020 28808 0 1044
Swap: 262136 0 262136
Total: 388964 98020 290944

Also, you can add up to 128k by going into Settings->Memory. But that is a little too easy isn’t it?

When I bought the Nokia N800 a key feature is not only the ability to surf the internet with Wifi but also to pair it with your phone via bluetooth and access the internet anywhere. have a Cingular 8525 (I guess now an AT&T 8525) which has 3G internet available, but it did not work out of the box with the N800.

To begin with some definitions, there are 2 ways that you typically connect to a phone for internet. Bluetooth DUN (Dial Up Networking) and Bluetooth PAN (Personal Area Network). Bluetooth DUN is the “old” way to connect, and some of the updates Microsoft is pushing out to their Windows Mobile devices are disabling it. Unfortunately, this is the way that the N800 uses to connect to the internet.

To fix this problem, some maemo hackers put together a package called “maemo-pan“. This package enables the ability to connect to a bluetooth PAN and use the shared internet. The announcement and directions are here. In summary:

• Go to the system preferences and add your phone in the phone settings. Do not enter the wizard for configuring the dialup settings. PAN does not use them.
• Start internet sharing on your phone. It depends on your phone how and where to do this. On Windows Mobile 5, open the Start menu and select “internet connection sharing” from there.
• Make sure that Bluetooth is enabled on your internet tablet. Now open the connection dialog and you will see that there is a new connection called “Bluetooth-PAN”. Select it and you will be connected to the internet via PAN.
• When you’re finished, just close the connection the usual way. Wasn’t this easy?

Now on the 8525, this didn’t work for me flat out. I was using rom named “vp3G” which was Windows Mobile 6.0 which was released before the official AT&T one. I don’t know if this was causing my problem or not. I couldn’t get the N800 to find the 8525. I could get the 8525 to find the N800 but I still could not get bluetooth pan working.

I decided to flash the 8525 to a new cooked rom, because it had been several months since I had done so. To hedge my bets, I picked a ROM that included the old Bluetooth DUN package. There is an excellent webpage with far more information than I could provide on the subject of Flashing your 8525/Hermes - see MrVanx’s ROM Flashing Guide here. I chose Schap’s WM6.1 4.40 ROM. After the flash was complete - I tried to pair the two and had much better results.

I first paired them and it seemed to take this time. After that, I click “Internet Sharing” in the Programs on the 8525 and enabled it. Then I went onto the N800 and selected “bluetooth-pan” as the type of connection. Voila - it worked! I was surfing on a nice 3G connection. So for anyone out there trying to get this work without success - keep trying! It definately works but takes some configuration.

On a side note - being able to access an internet tablet via SSH is very cool. Here is top while playing Borat:

Mem: 124908K used, 1920K free, 0K shrd, 8K buff, 39452K cached
Load average: 1.56 1.20 0.98
PID USER STATUS VSZ PPID %CPU %MEM COMMAND
1574 user RW 26000 1573 69.7 20.4 mplayer
742 root SW< 15132 331 5.5 11.9 Xomap
864 root SW< 2176 331 2.3 1.7 esd
1573 user SW 11788 1 1.1 9.2 atabake
1592 root RW 1960 1578 0.9 1.5 top
1556 user SW 24556 1 0.3 19.3 python
788 root SW< 0 6 0.3 0.0 dsp/0
594 messagebus SW< 2428 331 0.1 1.9 dbus-daemon
1018 user SW< 40840 943 0.0 32.1 maemo-launcher