I recently got rid of my cable box and implemented a do-it-yourself solution. Since HBO is a premium channel and encrypted, they force you to either buy a cable box via subscription or also a cable-card (which they also charge for). This actually gives me a unique perspective on the service: would I pay for HBO to receive the HBO GO online only offering?

Starting with the online interface, I was actually very impressed with it. It is done entirely in flash and is simple to use. To receive access to HBO GO at this point, you must be a Verizon FiOS TV subscriber and also be signed up to receive HBO. HBO will eventually be offering this to other cable providers in the future as part of the TV Anywhere initiative. Once you log in you are presented with an image-rich user interface. You filter by TV show, movies and categories and everything was very intuitive. Information is available on shows and movies, including any extra available content. There is a ‘watchlist’ where you can add your content into a queue which will play through automatically.

By default, video will play in “SD” or Standard Definition. The quality is what you would expect, some graininess and compression is visible. However, there is a small switch named “Watch in HD”. The video looks simply spectacular in HD. If I had to guess I would say that it is in 720p resolution, which isn’t too bad for streaming video which has a very small buffer time.

The main drawback I saw was that the selection isn’t great, but it does give you a sample of the premium content available on HBO. It does offer HBO-only shows such as True Blood, The Sopranos, The Wire and a few more. Each category holds a dozen or so shows, and not the entire HBO library. However next to Netflix the movie selection is extremely sparse. As the service stands, I would not see it being valuable as a movie-streaming service. HBO really needs to up the ante and offer the majority of their content on their website if subscribers are paying for it. Curb Your Enthusiasm is a notable missing series.

Another technical detail I wish to touch on is how they chose to use Adobe Flash for the technology for streaming video. I have a somewhat older CPU and Machine (Athlon X2 4200 CPU) and on Adobe 10.0 I did see some significant frame dropping, especially in HD mode. Having learned about Flash 10.1 beta coming out of Adobe Labs, and knowing that it is optimized to use your GPU to play flash video, I tried upgrading and it significantly improved the video performance. Windowed performance was a little shaky but Full-Screen framerate was great. If you are running an older system, consider upgrading to the latest Flash versions for the best video performance.

There has been some talk about HBO possibly offering the HBO GO site to non-cable subscribers for a monthly fee. If they are going to be successful at offering an online-only offering, they will need to offer ALL, or at least a majority, of their shows and a larger movie library which equals their cable offerings. Without that, they are offering a restricted service which is basically just placating the growing demand for on-demand video from content providers and not setting the proper tone as a premium content provider.

The images below are screenshots from the service, to give you an idea as to how beautiful the interface is:

In summary, the HBO GO online on-demand video streaming service from HBO is a delight to use and the quality and performance is spectacular. However, the lack of content is obvious and if they wish to really attract subscribers they are going to have to offer much more. Otherwise it is just one of those extra services that might gain a few followers but isn’t going to drive users to the service in droves. I applaud HBO for dipping their toes into the online video streaming world – now they need to embrace it and lead us into the future of premium video content online.

The TinyOS source code is available for free online for many operating systems, however it takes a long time to get the environment set up and it is not portable at all. I came across XubunTOS but it did not seem to be in active development anymore, so I endeavored to install TinyOS 2.1 and 2.x from source into a regular Ubuntu image. The most help came from Matt Keally’s Blog. While doing this, I thought it might be useful to many others who wish to develop in the TinyOS framework but might not have the skills necessary to install it. Therefore, I developed this VirtualBox image so that you can install it on any system for which VirtualBox is available and supports USB passthrough for the programming of the motes. I’ve tested on Windows 7, Windows XP and it should work on any other host OS, but I would love to hear your feedback. All funny business aside, I present to the world UbunTOS:

Features

• Ubuntu 9.10 OS (patched through 2/5/2010)
• Complete TinyOS development environment
• TinyOS 2.1 Installed
• TinyOS 2.x CVS Installed (default environment)
• Portable for development in a variety of host environments
• Patched motelist for MIB520 programming board

Directions

1. Unzip the file and import into VirtualBox. I recommend at least 768M RAM
2. Boot system
3. Enable USB passthrough for the programming board. Check off the USB device in the menu as shown:
   
4. Check ‘motelist’ to see which port it has been assigned to (motelist has been patched to see MIB520 programming board)
5. Program away! TinyOS resides in /opt/

Download

MD5 sum:    9a27ba7902337139c2eae0121ec6ca4e

Download UbuntuTOS_Ubuntu-9.10_TinyOS-2.x.zip [2/8/2010]:    [ torrent | http ]

If you happen to have spare bandwidth, please send me a note and I will link to the file via http or ftp.

Notes

• The default username is wcu and password is nosecurity
• The hostname is wcu-desktop, in honor of West Chester University which is sponsoring my research into Wireless Sensor Networks.
• To switch between the TinyOS 2.x and 2.1 environment, run the shell script /opt/tinyos-2.1.0/tinyos.sh or /opt/tinyos-2.x/tinyos-2.x.sh. By default the 2.x environment is loaded via ~/.bashrc/.
• To update TinyOS 2.x with latest CVS Code:
  cd /opt; cvs -z3 -d:pserver:anonymous@tinyos.cvs.sourceforge.net:/cvsroot/tinyos co -P tinyos-2.x
• I’ve testing this using Mica2 and Micaz. Let me know if you have success with other combinations as I just do not have the hardware to test.
• Usually the programming port and the data port are on consecutive ports. In the example above, the programming device is /dev/ttyUSB0 and the data port, for serialforwarder, is /dev/ttyUSB1

Known Bugs?

If you have issues while enabling USB Passthrough, such as an error like:

Version:1.0 StartHTML:0000000105 EndHTML:0000001970 StartFragment:0000000127 EndFragment:0000001952

Reboot your host system. I believe this happens while reinstalling the passthrough driver for the USB device for the first time. Rebooting seems to fix this problem, and after the initial setup this problem seems to disappear.

If you have any other problems (or compliments!) please leave a message via the form below.

Let’s face it, you don’t want all of the content that your cable provider offers. Cable providers have fought a-la-carte programming tooth and nail for this very reason. Much of it is specialty programming, and though I admit it is nice to know it was there, my family and I rarely watched any of it. My new setup brings many new sources as well as a CHOICE to what you want to view. I am very happy with the results so far.

My Requirements

There are a few requirements I had made for myself when deciding to go this route:

• Live Broadcast TV in HD must still be possible. Bonus for being able to DVR television shows.
• Ease of Use – must be usable by my family. I don’t expect it to be as ’simple’ as a vanilla cable box, but I want it to be close
• Access to Local Media – I want to be able to stream my backed-up movies, photos, and music

Backend Systems

I have an existing network infrastructure in my house, which I admit most non-geeks would not have set up. This is necessary for the “Live TV” portion of my setup as it includes the HD Tuner cards which do not fit into my new system as well as the muscle to compress these recordings. My current setup includes:

• 10/100/1000 Gigbit router with Wireless-N
• File server with 1.5TB of RAID storage space to store movies, music and other files
• External “Computer” acting as a server for BeyondTV. This computer includes a tuner card which handles unencrypted QAM streams

The Hardware

The system is actually very simple on the hardware side. Besides the TV, only 2 pieces of hardware are needed.

Acer Aspire Revo Computer (3610)

This is a dual-core Intel Atom computer running at 1.6Ghz. My specific system included 2GB of RAM and a 320GB hard drive. It has built in Wifi-N network connectivity, a card reader, multiple USB ports, optical audio, HDMI port, VGA port and analog audio jacks.

I picked this system not only because of its low cost (~$300) but because of the Nvidia ION chipset running under it’s hood. This chipset is optimized to handle 1080p HDTV video along with high def audio. In includes the Nvidia CUDA accellerations and is optimized to work with Windows 7. This chipset is also capable of handing HD video using Flash 10.1 (currently in open beta). This means that it can handle the HD Flash video since the main Intel Atom CPU is not doing the heavy lifting on the decoding of this content.

Snapstream Firefly Remote

This is a RF Remote which is customizable via XML configuration profiles. There is a profile available for both Boxee and Snapstream BeyondTV.

The Software

I decided to run Windows 7 for the OS. Windows 7 Home Premium runs great on this system and the drivers that are currently published work very well on it. It includes Windows Media for as a possible frontend but I have decided to use Boxee due to the plethora of content available and the active development of the platform.

BeyondTV Link

This software connects via the wireless wired network to the BeyondTV server in my house which actually has the tuner cards. This offsets some tasks handled by the server such as heavy disk I/O required for recording HD video streams and compressing them into smaller video files.

I did have some problem with High Definition video at first. When I used wireless-N, which should have plenty of bandwidth to handle even HD video, I had very stuttery playback. After going through a lot of testing, it seems that even though the bandwidth is plenty, the BeyondTV software suffers from a lack of flexibility when it comes to any sort of network latency. Therefore any sort of wireless connection does not appear to support streaming HD video. 100/1000 seems to be the only way to go if you are going to view live HD video on this machine.

After a show is recorded, is is re-encoded (they call it “ShowSqueeze”) using the H.264 codec. You save about 80% of the space of a normal HD TV show and the quality if very good. The default decoder that BeyondTV uses seemed to do fine, but I also installed CoreAVC codec which is CUDA optimized for handling H.264 video decoding. CoreAVC uses nVidia CUDA optimization which the system supports.

Boxee

Boxee handles everything from internet streamed video content to local content playback. The full capabilities of the Boxee interface is beyond the scope of this post, but it has numerous features:

• Streams Hulu, Fancast, Netflix and Pandora (to mention just the big players)
• Custom “Apps” to handle many other video sources
• Local Media handles streaming from a mapped network drive. Plays many codecs and containers including: MKV, AVI, DivX, Xvid, WMV, MP3, etc.
• Social Media Connectivity
• Refined ‘10 foot’ UI

Boxee is slick. Using it with the remote is a joy and you can really stream a LOT of video and audio from MANY different sources. This also might be its downfall. Along with the big name streams there are 100s of other ones available that would not be suitable for someone used to cable TV content. Also it seems to require a lot of clicking. Television is a different beast – you set a channel and can leave it on 24/7. With Boxee you need to select your content – which is both good and bad. It is good in that you get to watch what content you want, but bad in that you are not introduced to new content in a way a television station will.

Boxee Beta works well for most content but I did find issues with online content from several different sources such as ABC and the WB. The software is in active development so if you find this issues make sure to report them to the developers.

Here is a gallery of shots of the Acer Revo 3610, BeyondTV and Boxee Beta

The Initial Results

All being said and done, some not-too-obvious strengths and weaknesses appeared from using this setup. Media companies – please pay attention to these so you can improve your offerings!

Strengths

All Boxee content is on demand. All of your media is now available on your television and in your living room. LiveTV via this method retains the all-important DVR but is a fraction of the cost, which is the real monetary benefit to moving to this system from a proprietary cable system solution.

Running BeyondTV not only gives you the ability to watch TV on any PC throughout the home (with BeyondTV Link), but allows you to stream it online – so for example if you are at work you can watch any recorded shows or live TV.

You no longer live on the timetable of the major television stations but can feel free to view content when you are ready. Content on Boxee usually appears the day after it is on live TV, but I find more and more this is how I prefer to watch TV anyway.

Weaknesses

BeyondTV development seems to have been all but abandonded by the Snapstream team, who are now focused on enterprise markets. Although it is a capable system (still) it has not been in active development for 2 or more years. The age is starting to show, and I hope Snapstream comes around and continues development. As far as alternatives go, MythTV and SageTV are both out there but I was never a fan of either. I am investigating switching to the Windows Media Center platform for television but don’t have any results of that so far.

Boxee is still in Beta status and does have some bugs. Some random crashing and the inability to stream some content it told me was available is frustrating. The wide variety of content available via a ‘10-foot’ interface more than makes up for this drawback.

The lack of premium television stations is also notable. The whole Cablecard debacle of the past 8 years shows the resistance from the industry to modernize our television systems. With more premium content available on Amazon Video on Demand and iTunes, this becomes less of an issue. Since this is actually a PC, you can play this content albeit not via the Boxee interface.

The Future

So what will the future bring? The market is prime for a Boxee app which is basically a streaming television provider. Like a traditional cable company (or FiOS), you will install this app and pay a monthly fee for television program which is streamed over the internet. Premium channels are available a-la-cart finally as well as the traditional packages. Although due to licensing restrictions it won’t be free, you will be able to save 20-30% over traditional cable provider’s television programming. It may be offered for about $40-50 a month.

Paid, on-demand video is also lacking. If Boxee got on board with Amazon Video on Demand, it would be a powerful combination. This would allow you to both “rent” and “own” movies and television from Amazon’s streaming service. Boxee recently announced that it is developing Boxee Payments which will allow payments from the content consumers, to the content providers. I am looking forward to what this will bring the platform.

I may have jumped the gun a bit since the Boxee Box is soon to be available but my system does handle a few tasks that would not be possible on a streaming media box, namely live TV with DVR. If you are happy with you current cable situation, you would not likely see a lot of benefit moving to my setup. However if you want control of your media and are tired of the big named cable companies dictating how and when you get your entertainment, then you would definitely enjoy the freedom this setup provides.

Sure we get a ton of channels from Verizon FiOS, but we hardly ever watch them. Our television viewing habits mainly consist of a few programs that my wife watches and a few programs that I watch, but we almost never watch them live. We typically DVR them and then watch them on our own time. For the few instances where we would like to watch live TV, for example when a Penn State game is on, we would like to be able to watch that. Normally the games are on ABC/NBC/Fox so premium cable channels such as ESPN aren’t necessarily needed. There will be some instances where a game may only be available on the Big 10 network or some other premium channel, but honestly I am not that big into sports and the times that this might occur will be few and far between, maybe 1 or 2 times a year, which I can deal with.

Of course the other thing I have to consider which kicking out the cable box is the “Wife Acceptance Factor” or WAF. I believe my solution has a very high WAF ratio and I am hoping she will agree.

The other main “Audience” of our TV is our kids. They shouldn’t be watching it much anyway, but let’s be honest here. They like their kids programs, but they are all DVRed and watched time-shifted anyway. For the programs they enjoy, we can either catch them on the public channels, or we can buy the DVDs and watch them that way.

The current setup:

• Verizon FiOS Premier TV Plan
• LG TV 37″
• 2-tuner HD DVR Box

So here is the tentative planned system:

• Eliminating our cable package and going with the “Local” plan at $12.99 a month. This should give us the local OTA in an Uncrypted QAM format that at a minimum our TV can decode using it’s tuner, and at best via our media streaming server. We could go with an antenna and pick them up but we are pretty far from the broadcast sources and it is questionable whether we would be able to pull them in. (~-$60/mo)
• Acer Aspire Revo 3610 Dual-Core Intel Atom machine with  Nvidia Ion Graphics. This will allow me to run the applications which I will explain further below. ($295 w/o OS, +$50 for Windows 7 [I already have a copy of Win7 to install])
• BeyondTV will be running on my main desktop system. I have a tuner card which receives QAM content. BeyondTV link, from reports, will run on this Revo system and allow me to stream HD TV to it as well as play any DVRed content. ($99 + $30)
• Hauppage WinTV tuner card. I currently have a single tuner card but if this works out will likely upgrade to a dual tuner card for more recording sources and the ability to watch a channel while recording another. (~$100)
• Snapstream FireFly remote to control the system. ($50)
• Boxee as the main non-TV user interface. ($0)
• Upgrade network to Wireless-n. Currently running B/G and I could run a physical network drop to the TV but I think just for future purposes upgrading the wireless network will be the best way to go.

The Acer Aspire Revo 3610 system is the core of the system besides the desktop which will do some of the heavy lifting with the TV tuner. It is a dual-core Intel Atom (1.6 ghz) system with the highly vaulted Nvidia Ion graphics chipset. This will allow much of the video processing to be sent to the graphics chip, which lets this little system handle 1080p video without problem, from the disk at least. One thing that is hanging out there is the question of will I be able to stream the video from my file server – so this is definitely a concern I have. From report’s I’ve seen from others, it can handle the workload but honestly until I see it working I will be skeptical. It was also recommended by the Boxee team as being a system to use and which will be supported in development in the future.

Television, both live and recorded, will be handled by Snapstream BeyondTV. My main PC upstairs contains the tuner card, and this system essentially acts as the interface for it. Anything non-television will be handled by Boxee which has a stellar interface. The Snapstream Firefly remote works with both BeyondTV and Boxee, allowing for one remote for all content.

So how do I plan on using the system:

1. Television

Using BeyondTV and BeyondTV Link, I will be able to watch Live, High Def television. Also will be able to time-shift content and have the ability to archive programs for watching later.

This beats Verizon’s HD DVR box in several ways. First of all, it is limited to 120GB which only holds several hours of HD content. We often find ourselves up against this limit. I’ve tried contacting them via multiple channels to inquire about expanding this with the built in USB/Firewire ports but they are not interested in having customers do this. Their loss.

For ‘archived’ television programs, I will be able to manually or automatically convert the programs into a higher compression format for indefinite storage. BeyondTV even includes “StreamSnip” which can cut out the commercials from your content. The alternative is doing this manually or just skipping commercials while they are playing.

For television programs that are not available via broadcast network television there are several options which this setup will supports.

Hulu

Many CBS, Fox, ABC and MTV shows are on Hulu with other networks signing up all of the time.

Fancast

This is another website, sponsored by Comcast, which includes shows from Hulu but also from other sources. There is a Boxee app which allows you to view these shows via the interface. Fancast is mainly an index of shows available online in streaming format.

iTunes/Amazon

For the remaining shows that aren’t available for free you can usually find them online in the iTunes or Amazon library. While you won’t be able to see them as they broadcast, they are usually available on the sites a day or 2 after they air. I will admit that my main holdup for switching over will be how I will not be able to see Mad Men as it airs, as it is one of my favorite shows currently airing and is only available on AMC, which doesn’t stream for free.

On the flip side, only AMC in standard definition was available via Verizon FiOS. Through the Mad Men subscription via Amazon or iTunes, the high def version will be available and also you get to keep it, without risk of ‘running out of room’ on your DVR device.

Other

You could either buy the season DVDs or acquire them through other means [torrent] if the above all fails. For some specific content, options are available online for purchasing a season or some type of other streaming pass, such as the Big10 Network.

2. Movies

We have an extensive DVD and Blu-ray collection and I am planning on ripping these for both backup purposes and to be able to access them on-demand using the media server. Boxee has a great interface for watching these movies, for example it automatically adds the disk covers.

Boxee also includes an app to allow you to stream Netflix movies to the device. If you are just looking for this feature there are several devices out there that will do it, such as Popcorn Hour, a Netflix-connected Blu-ray player, PS3/Xbox or the upcoming Boxee box. But I thought that having a machine to handle this will allow you to do other things as well.

Eventually I am hoping that Boxee will add an app to allow viewing of Amazon Video On Demand. While not currently available, this essentially gives any Boxee machine ability to view movies “On Demand” much like a cable box does. It would also allow the viewing of “Season Passes” for television shows. This is where the future is at – so I hope both Amazon and Boxee are on board with getting together on this.

I am going to keep the Blu-ray player we currently have attached, but I am hoping in the future to eliminate it either by ripping the movies to storage or by attacking a blu-ray drive to the machine.

3. Music/Audio

We did occasionally use Verizon’s music channels, but lets be honest, there are a lot of better options out there. I am a Pandora One subscriber and there is a Boxee app to connect into Pandora. There are a ton of other choices out there, and in the long run even a subscription to something like Rhapsody might be worth-while if we find outselves listening to a lot of music.

Boxee will also allow us to stream all of our downloaded music and stored MP3s, something that Verizon boxes can do but they charge $20 for their “Media Manager” package. While their setup might work for those who don’t know how to set something like this up, I thought it was a bit of a rip at $20 monthly for something you already own.

Boxee also has a great podcasting interface, and although I don’t think that I would use this feature for someone who is into podcasts this could be a neat function.

4. Other content

This is beyond the scope of this post, but via the Boxee interface there is a ton of content out there that is available for free. Everything from YouTube to OpenCourseWare to any type of video RSS feed. Developers are adding more content daily. A lot of it is niche content and not everyone will want to be navigating around the interface looking for things, but there is  TON of information that is available via the Boxee software. After I get this set up, I plan on writing a post about how my family actually uses the setup.

In Conclusion

In summary, the above is my plan for the great switchover. With the savings from not paying for Cable TV and all of those channels that I never use, I am hoping the up-front investment will pay for itself in about 6 months. I’m sure there will be some items which I forgot to include and will be last moment purchases but I think since I’ve thought this through pretty thoroughly they will keep to a mimimum.

Up front costs: $600 (personally defrayed 50% since I have most of the required software and hardware)
Monthly savings: $60

Let me know if you have any thoughts about my solutions or recommendations on anything you think I will need to add to the system. I’ll be writing  series of posts on the hardware and my progress in getting the system set up. I plan on documenting the setup, and the speedbumps, to assist others in setting up a similar system. You can also follow my progress via @ddrager.

This is due to how TCP frames data packets and optimizes them for connections. I believe by default TCP on most systems assumes about a 10mbit max capable transfer rate, so it does not show performance gains on a larger pipe without modification to the kernel options which govern TCP/IP frame size and features. Some distributions may make this change for you automatically however many will not.

To keep things short and sweet, we took the following advice from Speedguide.net on tweaking TCP parameters on linux kernel systems. This will cover Linux 2.1 and above – which means CentOS, RedHat, Ubuntu, Debian and many more distributions.

The TCP Parameters we will change are:

• /proc/sys/net/core/rmem_max - Maximum TCP Receive Window
• /proc/sys/net/core/wmem_max – Maximum TCP Send Window
• /proc/sys/net/ipv4/tcp_timestamps - (RFC 1323) timestamps add 12 bytes to the TCP header…
• /proc/sys/net/ipv4/tcp_sack – tcp selective acknowledgements.
• /proc/sys/net/ipv4/tcp_window_scaling – support for large TCP Windows (RFC 1323). Needs to be set to 1 if the Max TCP Window is over 65535.

If you recall /proc/ is the volatile portion of kernel configuration, you can change it on the fly but it will be reset on reboot unless settings are changed via an init file or setting the options in /etc/sysctl.conf. To change the settings once (to test):

echo 256960 > /proc/sys/net/core/rmem_default
echo 256960 > /proc/sys/net/core/rmem_max
echo 256960 > /proc/sys/net/core/wmem_default
echo 256960 > /proc/sys/net/core/wmem_max
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling

And to apply them for good, add the following lines to /etc/sysctl.conf:

net.core.rmem_default = 256960
net.core.rmem_max = 256960
net.core.wmem_default = 256960
net.core.wmem_max = 256960
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1

Use ’sysctl -p’ to apply the changes in this file to your running Linux instance. Feel free to experiment with these numbers to see how they impact your transfers, it depends a lot on how many and how large the files are that you transferring. These changes must be made on the SERVER side, any change on the client side would not impact the download speed from the server.

There are several other variables to consider, and these all depend on your application so change them if you know what you are attempting to do. After changing these settings, you will see speeds of about 10MB/sec (80mbps) on a 100mbps connection. The other 20mbps are lost in TCP and other network layer overhead, which is unavoidable.

Tools used:

• Unetbootin
• Ubuntu 9.10 Desktop ISO
• One flash drive, 1 gig or larger
• chntpw

Accessing the Filesystem

First we use unetbootin to install Ubuntu 9.10 to a flash drive. The flash drive needs to be at least 1GB to install the image.

Select “Diskimage” and then the .iso file we downloaded of the Ubuntu 9.10 image.

Select the USB Drive and Drive Letter to install the ISO onto. Click OK:

Once the program is done, click ‘exit’ and remove the USB Drive. You now have a bootable live image of Ubuntu 9.10.

Plug the usb drive into the target system. Boot off of the drive, you may need to change the boot options in the BIOS if it is set to boot off of the hard drive. Select “Default” in the unetbootin boot menu to boot into the Ubuntu OS. It will automatically log you in.

Once booted you already have access to the Windows filesystem since the ntfs filesystem driver is included in the kernel. This is nice and wasn’t the case not too long ago.

We chose two reasons to use unetbootin and Ubuntu 9.10. The first is the ease of use of installing a bootable image. After downloading the two packages, it is trivial to load the OS onto the drive, and since it includes ntfs drivers it allows us to access the unencrypted hard drive on boot. Since it is on a USB drive, any system made since 2000 or so should be able to boot this. You don’t need to lug around a CD or even access the CD drive.

To prevent easy access to the hard drive, encryption of the hard drive partition would be necessary using Microsoft EFS or TrueCrypt hard drive encryption software. After encrypting the hard drive, any live operating system running would not be able to decrypt the hard drive easily.

Furthermore, installation of a BIOS level password would ensure that any unauthorized users would not be able to boot alternative operating systems via USB, CDROM, Floppy or other method. The only way to defeat a BIOS level password would be to reset the BIOS (requiring entrance into the hardware of the system) or using an Evil Maid style attack.

The Evil Maid attack is performed by a theoretical malicious party that has access to the target PC without alerting the legitimate user. Without knowledge of the authorized; a root kit or device would be installed (for example, on the USB connector of the keyboard) to sniff out the password as entered on bootup. After the user boots the system and finishes her work, ostensibly shutting down the system securely, at least to her knowledge, the Evil Maid would then collect the password entered into the BIOS, thereby defeating the BIOS password security measure.

Resetting the Password

We can now reset the Administrator or any other password on this system using the tool chntpw. To install this package, ensure the system has a connection to the internet (via dhcp perhaps?) and run the command:

sudo software-properties-gtk --enable-component=universe --enable-component=multiverse; sudo apt-get update; sudo apt-get install chntpw

Alternatively, you can download the executable and place it on the USB drive to give access without connecting to the internet. chntpw is the software that modifies the SAM (Security Accounts Manager) database file. Use the terminal to change directories to the password file

cd /media/path/to/disk/WINDOWS/system32/config/

Then execute the chntpw utility:

  # sudo chntpw -u username SAM SYSTEM

View the sample output:

ubuntu@ubuntu:/media/B830C9BC30C981BC/WINDOWS/system32/config$ sudo chntpw SAM SECURITY
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0x7000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 6 pages (+ 1 headerpage)
Used for data: 255/20736 blocks/bytes, unused: 9/3648 blocks/bytes.

Hive <SECURITY> name (from header): <emRoot\System32\Config\SECURITY>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0xe000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 13 pages (+ 1 headerpage)
Used for data: 1074/49024 blocks/bytes, unused: 9/3808 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 03ec | ASPNET                         |        | dis/lock |
| 03ed | CSC603                         | ADMIN  | dis/lock |
| 01f5 | Guest                          |        | dis/lock |
| 03e8 | HelpAssistant                  |        | dis/lock |

---------------------> SYSKEY CHECK <-----------------------
SYSTEM   SecureBoot            : -1 -> Not Set (not installed, good!)
SAM      Account\F             : 1 -> key-in-registry
SECURITY PolSecretEncryptionKey: 1 -> key-in-registry

***************** SYSKEY IS ENABLED! **************
This installation very likely has the syskey passwordhash-obfuscator installed
It's currently in mode = -1, Unknown-mode
SYSKEY is on! However, DO NOT DISABLE IT UNLESS YOU HAVE TO!
This program can change passwords even if syskey is on, however
if you have lost the key-floppy or passphrase you can turn it off,
but please read the docs first!!!

** IF YOU DON'T KNOW WHAT SYSKEY IS YOU DO NOT NEED TO SWITCH IT OFF!**
NOTE: On WINDOWS 2000 it will not be possible
to turn it on again! (and other problems may also show..)

NOTE: Disabling syskey will invalidate ALL
passwords, requiring them to be reset. You should at least reset the
administrator password using this program, then the rest ought to be
done from NT.

Do you really wish to disable SYSKEY? (y/n) [n]
RID     : 0500 [01f4]
Username: Administrator
fullname:
comment : Built-in account for administering the computer/domain
homedir : 

User is member of 1 groups:
00000220 = Administrators (which has 2 members)

Account bits: 0x0210 =
[ ] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     |
[ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   |
[X] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  |
[ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  | 

Failed login count: 1, while max tries is: 0
Total  login count: 1

- - - - User Edit Menu:
 1 - Clear (blank) user password
 2 - Edit (set new) user password (careful with this on XP or Vista)
 3 - Promote user (make user an administrator)
 4 - Unlock and enable user account [probably locked now]
 q - Quit editing user, back to user select
Select: [q] >

Depending on the status of the SYSKEY password security, you may only be able to blank the password and not actually change it. I recommend blanking the password and then resetting it once you log into the system.

You can also unlock a system if the user accounts have all been locked out due to too many login attempts or any other reason. Using these tools you can gain access to almost any unencrypted Windows system, from Windows NT up to Windows 7.

As a warning, If there is data on the hard drive you wish to keep, make sure to make a backup of the hard drive before performing this password as it can corrupt the Windows installation.

1. Perform your search.

To search all archived messages and not just the inbox, do a blank search.

2. At the top of the url, add /p9999 or other sufficiently large number to go beyond the last result.

Gmail will show you an error and not display any messages.

3. Click “Refresh” – you will end up at the last page of the search result.

If anyone has an idea how to do this in an easier, less complicated way, please let me know in comments! I would hope that Google will add a sorting function to Gmail, bringing the oldest message at top, but I guess there is not a lot of demand for that.

Tip from Google Help forum.

Update 10/27/2009: Google Voice now supports adding voicemail to any old cell phone number without the “Do not disturb” trick. Simply go into ‘Settings’, Enter the ‘Phones’ tab and then click ‘Activate Google voicemail on this phone’.  It will give you directions on call forwarding, which are the same as below, customized for your provider. Disable the “Do Not Disturb” setting to set your Google Voice account back to normal. Thank you Google!

For those lucky enough to have a Google Voice account, you’ll know the advantages: forward calls to multiple phones, visual voicemail and audio to text transcriptions. But, since you are not yet able to transfer your current phone number to Google Voice, it is hard to give up your old phone number and start having family, friends and business associates use your new Google Voice number. Also, there is the whole confusion as to your outgoing caller ID, which won’t match if you switch to Google Voice. Some phone platforms have developed software that will integrate your current phone with Google Voice, while others have taken the opposite route of banning them (I’m talking to you, Apple and AT&T!). But, here is the good news: You can switch, at least your voicemail, to Google Voice on any provider and any phone, right now.

Don’t have a Google Voice Account? Google is not yet handing out invites to the service, but you can sign up to be requested into the program here.

To make this magic happen, we are going to utilize a feature that all cell phone networks, and even home phones, have – called “Call Forwarding”. This setting is used to tell the cell phone network what should happen when someone calls you in several situations: when your phone is off or otherwise unreachable, when it rings a certain amount of time with no answer, and when it is available but you are currently on another call. These situations are also known as “Conditional Forwarding”, and their names are: unreachable, not answered and busy.

Follow the two ridiculously easy steps below on How to get Google Voice working to replace your old voicemail account:

Step 1: Enable “Do Not Disturb” in Google Voice. Depreciated, See note above

In your Google Voice settings, go down to the “Do Not Disturb” setting and check it off. This makes it so it does not ring out when the number is called, it will instead send any calls to your number directly into the voicemail box (and therefore have it transcribed and sent back to your cell phone number as a txt).

Step 2: Forward Your Voicemail to Your Google Voice Number

On your Google Voice homepage, you will see your number at the top left. Write/copy this down because you will use it shortly. The next step depends on which provider you use. Since Google Voice is currently United States only, I will only include call forwarding directions for major U.S. providers below. Include a “1″ in front of the number to indication that it is a US Number you are calling to.

How to use the chart below. Find your provider. Each provider has 2 numbers listed. Your phone may also have a shortcut designed to modify these numbers, if it has this feature feel free to use it. After typing the number, hit “send” to activate it. You should receive a message or tone that indicates your command was received.

For other providers, please contact or call technical support, and ask about “Conditional Call Forwarding” and check for any fees.

After setting this up, all voicemails will now be directed to your Google Voice inbox. For even further integration, there are some options available, depending on your phone. If you have an iPhone check out GV Mobile, only available on Cydia, for excellent Google Voice/iPhone Integration. If you have an Android based phone try “GV” in the Android Market.

Let me know your experiences with setting up Google Voice! Does it work well or would you recommend it to others?

In order to do this, we first need to set up a way to pull this information from the router. The best way to do this is to install an SNMP (Simple Network Management Protocol) daemon on the system.

The main roadblock we face here is that the system mainly runs in volatile system memory, meaning that every time the system is rebooted the filesystem is reset. Fortunately Tomato provides a way to get around this using CIFS shares. Follow the steps below (as modified from here) to install an SNMP server on a Tomato router.

1. Create a network (samba, CIFS) share somewhere on the network. This computer must be on all of the time in order for Tomato to run the SNMP server.
2. Download the snmpd.zip file from one of these locations:
   [xs4all.nl]
   [systembash]

   expand the binary and .conf file into the share or a subdirectory (for example, <share name>/snmp)

   MD5 for snmpd binary is ae0d622648efdb8dceb7b3b5a63e23ac

3. Set up the shared directory on the router. Visit Administration->CIFS Client. Add the share as follows, with your correct share information:
4. Log into the Tomato router via ssh, and start SNMPd on the router by issuing the command:

   /cifs1/snmp/snmpd -c /cifs1/snmp/snmpd.conf &

5. Test that SNMP is running and can be accessed on another computer on the network. To test it, you can use snmpwalk like so:

   snmpwalk -c public -v 2c <IP Address of Router>

   If it works properly, it will list the available OIDs from the router. You do not need to take note of these, but they will be used in the graphing software later.

6. Finally, we need to launch the SNMP server when the router is restarted. You do this by adding the command to start it in the area Administration -> Scripts -> Firewall:

   sleep 30
   /cifs1/snmp/snmpd -c /cifs1/snmp/snmpd.conf -s &

   This launches the snmp server 30 seconds after the router is started or rebooted.

Thats it! SNMP is now running on the router.

Now to add this SNMP host to your graphing software. For this example, I will use Cacti, which I will assume you have already set up. If you need to set it up, please follow the directions on the Cacti site for installation.

First, add the router as a new device, using the information below (change IP to suite your needs):

After adding the device, you have several options depending on what sort of data you are looking for. For system information on the router – for example CPU usage, memory usage, etc; you can go directly to Create -> New Graphs. Select your device and then add the graph you are looking for.

The graph will show as a broken image at first, or a blank graph with “NaN” as the data source. Give it a few minutes to update, and the information should start to flow through. The ucd/net options work best, but feel free to experiment.

To get traffic stats on the interface, you first need to “Walk” the device.  Go back to your device list, and edit the device you added. Under “Associated Data Queries”, Add Data Query, add “SNMP – Interface Statistics” with Re-Index period as “Uptime goes backwards”. After adding it you should see under status something like: Success [39 Items, 6 Rows].

Since these data sources are now added, you can go back to Add a new Graph. After selecting the device, you should see a list of these new interfaces. Select the interfaces you wish to graph, and select the graph type (I suggest In/Out bits with Total).

After a few minutes, the data should start filling in. After a while, you will get a graph like this:

In conclusion, with a little work, you can get enterprise class graphing from your consumer router. The total project took me about 45 minutes, and I was trying to figure out all of the data sources and the correct way to enter everything.

Let me know your experiences, suggestions and corrections!

Both of these account compromises were caused by weak password reset questions. And although Palin certainly was/is a high profile account, the Twitter compromise was caused by a low-profile IT Administrator who happened to store sensitive company documents in their Google Docs folder. This goes to show that everyone, from the CEO of a large company, to a low-level system administrator, is accountable for the security of their accounts.

Sample (bad) Password Reset Questions:

Many e-mail accounts use a typical range of password reset questions:

• What is your mother’s maiden name?
• What was your first pet’s name?
• What is your favorite sport?
• What is your oldest daughter’s name?
• More Questions

Even questions regarded as “Good” on this list are easily guessable if you have access to the social networks of an individual. For example: What is the middle name of your youngest child? What is your oldest sibling’s middle name? Answers to these questions often appear on Facebook or other social media websites.

After coming up with the idea to write this article, I took a look at my own email account password reset question. It was set to my Father’s middle name. I had probably set this when I first signed up for a  beta account back in 2005 or so – I was not in the mindset that it would become my primary account and also be the gateway to a bevy of information. As with many folks, when I sign up for a new account on a website, it will often e-mail me my account information (including my password, boo!) to my e-mail account. And, as I suspect with most people, I do not follow best practices and use a different password for each account. Not to mention that many other accounts will send an email to your account on file in order to reset their passwords. Therefore, since not only the main account password at risk, there is a lot riding on the security of your email account. If someone can gain access to your email account, they also gain access to a lot of frequently used passwords and accounts. Domain hijacking has occurred using this method.

The Solution

The first step is that password reset questions must not be answerable by information available via social networking sites. For someone who is very active in social networking, this might be hard to come up with at first, but really is not hard.

A good password reset question is:
Not easily guessable from online or offline sources (secure)
Stays the same over a long period of time (stable)
Is readily recallable by authoritative person (obtainable)
Has only one answer (definitive)

My source for questions that satisfy these metrics is my wallet. I look for cards that have information that will stay the same for a long period of time, for example, a driver’s license, library card or other membership card.

You can then reset your password question to a value on those cards. If the site does not let you ask your own password reset question, you might try to replace a common one, such as “mother’s maiden name” with this. Just be careful you don’t get too tricky, or you might forget the correct question/response to the answer and lose access to your account for good.

For a sample answer, you might use the first 5 digits of your driver’s license ID, plus the last 6 of your gym membership card. Really you can use any information that you want that you do not share on social media websites.  Just make sure they follow the four guidelines above.

Do you have any tips for a good password reset question?