As soon as I heard PayPal would be offering a $5 Security Key for additional security while logging in, I jumped on it. A few days later, it arrived in the mail. It’s a great idea, but I decided that carrying a little secure key that generates special numbers for the 3 times a month I login to PayPal just wasn’t worth it.

For the uninitiated, two-factor authentication is when two separate methods are used to verify an identity. For example, a thumbprint and a codeword, or a eye scan and a smart card. The most useful in my and many other’s opinion is a One Time password token, like the Paypal/Verisign security key. This device, which is meant to be carried with you at all times (think, belongs on your keychain, and you keep it in your pocket like a key) generates a series of numbers which depend on what time it is. This number, when combined with your password, provides a much more secure way of authenticating that it is really you who is logging into PayPal, and not just some guy from across the world who happens to have guessed, or phished your password.

OpenID is a relatively new technology where you store your personal information at a site called an OpenID Provider, and then other sites authenticate to that site. You then tell the OpenID provider that it is ok to let your target website use your information and itself to authenticate you. After that, when you want to login to this target site, you just need to be logged into your OpenID provider. Maybe this video will clear things up for you.

Some popular OpenID Providers are: MyOpenID, Verisign Labs PIP, and many, many more. I personally use Verisign Labs PIP, simply because I trust Verisign, and established security company, more than many of the other ‘mom and pop’ websites who now all of a sudden are OpenID providers. Call me elitist if you want but that is just how I feel.

So, good idea in theory, but I had a pretty big reservation about it. What if someone was able to get your OpenID username and password? All of a sudden, they have access to ALL of your websites that you use OpenID with, and you are worse off than if you just used seperate usernames and passwords for each one. You do use different passwords for your website logins, right?

So, just today, I thought to myself: wouldn’t it be great to be able to use that Verisign Branded PayPal Security Key with my Verisign Labs PIP account? Lo and behold, a google query later, and I find out that they are one of the only OpenID providers to provide two factor authentication, and that my old PayPal Security key works with it! Bingo!

I didn’t really find too much information online about how to hook the two up, so I thought I would put up an explanation to help others realize the security that this provides them.

1. Get a PayPal Security Key

All you need to do is go to the PayPal Security Key Website, sign in, and place an order for it. A few days later you get a little package with your key, and then you can feel special too.

2. Login or Create an Account at Verisign PIP

The Verisign Labs PIP website has all of the information you need for signing up. Go through all of the steps needed to activate your account before proceeding to the next step.

3. Add your Security Key Credentials to your account.

Go to the “My Account” page, and at the bottom there is a section that says “VIP Credential”.

You will then be asked to enter the credential ID (which are the letters/numbers on the back of your key) and also to push the button to generate a one-time key.

Click add, and you are done!

Next time you log into your OpenID at PIP, you will see the following challenge after you enter your username and password:

At this point, you might be asking what happens if you don’t have your Security Key with you? Well, there is an alternative. They will send you a one-time pin either to your cell phone via text, or to the e-mail account that you have on file with them.

This ensures that even if you don’t have your key with you, access to your websites can still be had. Just make sure your e-mail password is different than your OpenID password!

As an added bonus, they offer a firefox plugin called “Seatbelt” that automatically fills in your OpenID location for you on sites that support OpenID. It’s nice to not have to remember your OpenID URL, which is username.pip.verisignlabs.com. It’s not overly difficult to remember but they definately could use a more catchy URL.

So that is about it - with these two things, you should be sailing along with OpenID using two-factor authentication and minimal effort and money spent!

Wow - I get so frustrated when I try to copy some files over old ones and I get:

[root@server1 wordpress]# cp -Rf * ../public_html/
cp: overwrite `../public_html/license.txt'? y

-R is recursive, but -f is supposed to copy over without confirmation. What could it be?!

Check out your alias command using ‘alias’:

[root@server1 wordpress]# alias
alias cp='cp -i'

Sure enough - alias is set on Redhat Based systems into -i, or interactive mode. Remove this alias with ‘unalias cp’ and it will be removed.

Happy copying!

In case you were wondering, I just invented the phrase PVPN - Personal Virtual Private Network.

I use Hamachi to connect my work, home and laptop PCs and I’ve found it invaluable over the past few years for a number of reasons. Music over VPN, Remote Desktop/VNC over VPN, and more. So now, I’d like to join my N800 to this growing network to make easy and secure access and file transfer wherever I am connected.

Fortunately the folks at Logmein have compiled a client for the N770, and this also works on OS2008 on the N800 (Let me know on the N810).

This is an alternate take on the wiki article at Logmeinwiki.

Note: For the commands below I will have assumed that you have already installed the openssh server so you can access the N800 via an SSH client with root access. You can also use the built in Xterm and gainroot but it is a pain in the ass typing all of those commands in via the touchpad. If you are using gainroot some of the directories below will change, for example Hamachi will install in /home/user/.hamachi instead of /root/.hamachi. Also I downloaded the client to my memory card in /media/mmc2/ but you can put it anywhere.

Your login should look like this:

BusyBox v1.6.1 (2007-09-27 18:08:59 EEST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

Nokia-N800-51-3:~#

Make sure wget is installed:

apt-get install wget

Make to get the latest Logmein Client from http://files.hamachi.cc/linux/nokia-770/.

Just follow my process below for installing the Hamachi client and joining your network.

Nokia-N800-51-3:/media/mmc2/tmp# wget http://files.hamachi.cc/linux/nokia-770/hamachi-0.9.9.9-20-lnx-n770.tar.gz
--10:31:47-- http://files.hamachi.cc/linux/nokia-770/hamachi-0.9.9.9-20-lnx-n770.tar.gz
= `hamachi-0.9.9.9-20-lnx-n770.tar.gz'
Resolving files.hamachi.cc... 72.5.76.16
Connecting to files.hamachi.cc|72.5.76.16|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 116,020 (113K) [text/plain]

Authentication information has been created. Hamachi can now be started with
'hamachi start' command and then brought online with 'hamachi login'.
Nokia-N800-51-3:~# hamachi start
Starting Hamachi hamachi-lnx-n770-0.9.9.9-20 .. ok
Nokia-N800-51-3:~#

Hamachi is now running on our little tablet!

But it has not joined our network at this point, so we follow the logmein Hamachi documentation to do so.

Nokia-N800-51-3:~# hamachi set-nick DaveN800
Setting nickname .. ok
Nokia-N800-51-3:~# hamachi login
Logging in ....>....... ok
Nokia-N800-51-3:~# hamachi join YourNetwork
Password:
Joining YourNetwork .. ok
Nokia-N800-51-3:~# hamachi go-online YourNetwork
Going online in YourNetwork .. ok
Nokia-N800-51-3:~#

And now…checking other Hamachi clients, shows our little device is online!

Now we need to tell our tablet to put hamachi online whenever we restart the system and also set the keepalive lower.

To lower the keepalive:

Nokia-N800-51-3:~/.hamachi# echo "KeepAlive 20" >> ~/.hamachi/config

<code>/sbin/tuncfg;/usr/bin/hamachi -c /root/.hamachi start

In order to do this, use VI.

vi /etc/init.d/rcS

• Press capitol ‘G‘ to scroll to bottom of the file
• type ‘i‘ to enter insert mode
• hit up a few times to a blank line before exit 0, or hit enter at the beginning of the line to create a new line.
• Paste the above line into the file
• Press “esc” using the special xterm button, or hit escape if you are using ssh.
• type “:wq!” — this command enters the command, mode, tells it to write the file, then quit and execute

That should be all you need! Power off the N800 and power it back up. After restarting your N800 you should see it connect to your PVPN Hamachi network and be online!

Let me know if you have any problems or comments about the above installation procedure!

Adding swap space is pretty easy. This will add more, but slower ram; helping you when dealing with large files. In general, linux likes to have twice the amount of swap space as RAM. Since the N800 has 128M memory, I’m adding 256M. We’ll see how this perform in the long run.

Before, no swap in use:

Nokia-N800-51-3:~# free
total used free shared buffers
Mem: 126828 87248 39580 0 1012
Swap: 0 0 0
Total: 126828 87248 39580

Performing commands to add swap file and use it on reboots:

Nokia-N800-51-3:~# cd /media/mmc2/
Nokia-N800-51-3:/media/mmc2# dd if=/dev/zero of=./.swap bs=1024 count=262144
262144+0 records in
262144+0 records out
Nokia-N800-51-3:/media/mmc2# mkswap /media/mmc2/.swap
Setting up swapspace version 1, size = 268431361 bytes
Nokia-N800-51-3:/media/mmc2# swapon /media/mmc2/.swap
Nokia-N800-51-3:/media/mmc2# echo "/media/mmc2/.swap none swap sw 0 0" >> /etc/fstab
Nokia-N800-51-3:/media/mmc2# cat /etc/fstab
rootfs / rootfs defaults,errors=remount-ro,noatime 0 0
/dev/mmcblk0p1 /media/mmc1 vfat rw,noauto,nodev,noexec,nosuid,utf8,uid=29999 0 0
/media/mmc2/.swap none swap sw 0 0
Nokia-N800-51-3:/media/mmc2# vi /etc/init.d/rcS

The system is going down for reboot NOW!


Swap file is now in use:

Nokia-N800-51-3:~# free
total used free shared buffers
Mem: 126828 98020 28808 0 1044
Swap: 262136 0 262136
Total: 388964 98020 290944

Also, you can add up to 128k by going into Settings->Memory. But that is a little too easy isn’t it?

When I bought the Nokia N800 a key feature is not only the ability to surf the internet with Wifi but also to pair it with your phone via bluetooth and access the internet anywhere. have a Cingular 8525 (I guess now an AT&T 8525) which has 3G internet available, but it did not work out of the box with the N800.

To begin with some definitions, there are 2 ways that you typically connect to a phone for internet. Bluetooth DUN (Dial Up Networking) and Bluetooth PAN (Personal Area Network). Bluetooth DUN is the “old” way to connect, and some of the updates Microsoft is pushing out to their Windows Mobile devices are disabling it. Unfortunately, this is the way that the N800 uses to connect to the internet.

To fix this problem, some maemo hackers put together a package called “maemo-pan“. This package enables the ability to connect to a bluetooth PAN and use the shared internet. The announcement and directions are here. In summary:

• Go to the system preferences and add your phone in the phone settings. Do not enter the wizard for configuring the dialup settings. PAN does not use them.
• Start internet sharing on your phone. It depends on your phone how and where to do this. On Windows Mobile 5, open the Start menu and select “internet connection sharing” from there.
• Make sure that Bluetooth is enabled on your internet tablet. Now open the connection dialog and you will see that there is a new connection called “Bluetooth-PAN”. Select it and you will be connected to the internet via PAN.
• When you’re finished, just close the connection the usual way. Wasn’t this easy?

Now on the 8525, this didn’t work for me flat out. I was using rom named “vp3G” which was Windows Mobile 6.0 which was released before the official AT&T one. I don’t know if this was causing my problem or not. I couldn’t get the N800 to find the 8525. I could get the 8525 to find the N800 but I still could not get bluetooth pan working.

I decided to flash the 8525 to a new cooked rom, because it had been several months since I had done so. To hedge my bets, I picked a ROM that included the old Bluetooth DUN package. There is an excellent webpage with far more information than I could provide on the subject of Flashing your 8525/Hermes - see MrVanx’s ROM Flashing Guide here. I chose Schap’s WM6.1 4.40 ROM. After the flash was complete - I tried to pair the two and had much better results.

I first paired them and it seemed to take this time. After that, I click “Internet Sharing” in the Programs on the 8525 and enabled it. Then I went onto the N800 and selected “bluetooth-pan” as the type of connection. Voila - it worked! I was surfing on a nice 3G connection. So for anyone out there trying to get this work without success - keep trying! It definately works but takes some configuration.

On a side note - being able to access an internet tablet via SSH is very cool. Here is top while playing Borat:

Mem: 124908K used, 1920K free, 0K shrd, 8K buff, 39452K cached
Load average: 1.56 1.20 0.98
PID USER STATUS VSZ PPID %CPU %MEM COMMAND
1574 user RW 26000 1573 69.7 20.4 mplayer
742 root SW< 15132 331 5.5 11.9 Xomap
864 root SW< 2176 331 2.3 1.7 esd
1573 user SW 11788 1 1.1 9.2 atabake
1592 root RW 1960 1578 0.9 1.5 top
1556 user SW 24556 1 0.3 19.3 python
788 root SW< 0 6 0.3 0.0 dsp/0
594 messagebus SW< 2428 331 0.1 1.9 dbus-daemon
1018 user SW< 40840 943 0.0 32.1 maemo-launcher

If you upload those new fancy-shmancy file formats to your web server - namely .docx, .pptx and .xlsx - and you are running Apache; chances are that your web server doesn’t know how to serve those files because they are unknown file formats. Your browser may try to download them as a .zip file (IE) or just display the binary format (Firefox) which ends up looking like jibberish with some XML data.

It’s relatively easy to fix this problem, you just need to tell apache how to handle those files.

Find the file mime.types, this may be in /etc/ or in /etc/httpd/conf/.

Add the following line to this file:

application/vnd.openxmlformats docx pptx xlsx

In one line:

echo "application/vnd.openxmlformats docx pptx xlsx" >> /etc/httpd/conf/mime.types

Restart both Apache and your web browser. Clearing the cache doesn’t work (I learned the hard way :))

Your file should now be downloaded properly to your PC.

Clients using Symantec Antivirus Corporate Edition requires a password while uninstalling the client. The default password out of the box is symantec. If you have changed this password within the Symantec System Center - then you need to use that password. If you have changed the uninstall password and you no longer have access to this password - well then shame on you. Fortunately there is a workaround:

1) Open Regedit

2) Browse to HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\ VirusProtect6\CurrentVersion\Administrator Only\Security\

3) Change the value for this key from 1 to 0

useVPuninstallpassword

4) Close the registry and retry the uninstall

[From Experts Exchange]

When doing a PostgreSQL database server upgrade, you first need to backup all of the databases because the format changes from version to version.

Postgresql documentation states you need to run the command:

pg_dumpall > outputfile

I ran this, and received the error message:

pg_dumpall: could not connect to database "template1": FATAL: role "root" does not exist

So after some head scratching and googling without any results; I noticed that I had created a user for postgres; namely ‘postgres’. I sued to that user and ran the command - what do you know - it works fine! I’m glad that error message was so clear.

So, the thing that the documentation does not state - make sure you are running under the Postgresql user before running the backup command.

For those of you, or those of you with clients, who have MSDOS based programs like Wordperfect and you want to print to a networked printer, this is all you need. This also works for other printers who use USB ports or something other than LPT.

The solution was to map the share to an LPT port using [I]net use[/I]. For example:

[I]net use lpt1 \\printserver\sharename /persistent:yes[/I]

If the USB printer is on your local machine, you can share it and then map this same printer locally to an LPT port.

From Microsoft KB314499

I recently formatted my laptop and installed Windows first, using half of the hard drive, and then installing Ubuntu 7.10 on the other half. It had been a while since I tried Ubuntu - it has a come a long way - but that is another story.

The install worked fine, however at the end, it just sort of hung while installing grub. GREAT. I reboot and it kicks me to a (grub) standard prompt.

It took me a while to figure this out, but you can manually boot Ubuntu via the grub prompt. The tricky part is finding out the right commands since your system is totally inaccessible.

You can find your available hard drive name by typing:

> root ( <tab>

pressing tab will list your available hard drives and partitions and hopefully your Ubuntu ext3 partition.

Continue setting the root boot partition. This includes your partition with all /boot files. For example, mine was installed onto the root / filesystem, and not a separate filesystem.

> root (hd0,2)
>

This sets your root that grub uses.

You then need to set the kernel. Use:

> kernel /boot/vmlin <tab>

Tab will show you the available files to use. Also you can use this at any level to explore your filesystem. So for example:

> kernel /boot/vmlinuz-2.6.15-20-386

But wait before you hit enter!

You will get a pivot root error - the kernel doesn’t know where the rest of your file system is. In a file called device.map in your /boot directory, this location should be specified. In my case, it is listed as /dev/sda3. This is important for your kernel. Fortunately, GRUB has a ‘cat’ command you use to get the text output of this file. We also set this to a read-only filesystem - Ubuntu takes care of setting it back to rw when it boots.

So the final kernel line is:

> kernel /boot/vmlinuz-2.6.15-20-386 root=/dev/sda3 ro
>

Now we need to set the initrd file - hopefully you by now know to use to find this if you do not know it off of the top of your head:

> initrd /initrd.img-2.6.15-20-386
>

And finally, type ‘boot’ to begin the boot process:

> boot

Hopefully ubuntu will boot for you now without problems. Again, if you get a pivot root or ‘unable to mount root VFS’ error - you need to check the root=/dev/sda3 line part of the grub commands. This means that the kernel could not find your main filesystem.

Once you are logged into Ubuntu - use the following command to regenerate menu.lst for you. Once this is rebuilt, you will be presented with the normal Grub menu and you won’t need to follow the process above!

sudo update-grub