Why is my {mysql, htpassswd, getpass} prompts not showing?

June 21st, 2009

I had problem on a VM running linux of password prompts not showing. What would happen is that the mysql command would just say wrong password without prompting even if I added the -p switch. Furthermore, the less command and man pages were broken as well! As a programmer I set out to narrow down the scope of the problem via looking a source code. I traced down the offending function as getpass(). Having searched every where on the web, I finally came across a reference telling the tty might be broken and to run:

mknod /dev/tty c 5 0

That immediately fixed it! device nodes are a bit of mystery to me, tty’s more so. One day I’ll understand it thoroughly.

Posted in Uncategorized | No Comments »

Stinger Root Certificate for Windows Mobile

June 7th, 2009

What’s a ‘Stinger Root Certificate’? I’m not really sure, but it’s the certificate that Microsoft uses to sign a number of software components that they release for Windows CE and mobile devices, for example, the Application Verifier for Windows CE and Windows Mobile 5.0 or MSMQ. The certificate is installed part of the Windows Mobile 5 emulator image, but on phones, like the HTC diamond, they aren’t installed. Hence running the Application Verifier, because it needs to load the Stinger signed kernel module, Shim Engine (shimeng.dll), it would not work on the HTC as it doesn’t have the certificate “Stinger Root Certificate” installed.

You can actually see the certificates installed by connecting your mobile device and in Visual Studio (2008), going to Tools > Device Security Manager. There was the old Security Configuration Manager which I tried but crashed on me on start up, so don’t use that. In it you can see all the certificates installed and you can also change your device security level.

Anyway, I wanted to install the root certificate but I could not find it distributed anywhere on the internet. In the end, using the Device Security Manager I managed to extract it out of the emulator ROM, by copy and pasting the certificate base64 value. After that was just a matter of building a cab install package and defining the certificate installation in setup XML.

The result is available here

Tags:
Posted in Uncategorized | 1 Comment »

Why is my cron not sending emails?

June 5th, 2009

I’ve been getting a strange problem where my cron daemon (dcron in this case) was not sending emails of scheduled tasks output. Searching google yielded no useful or relevant result. Turns out in my case, I was missing the symlink /usr/lib/sendmail to my exim installation, as complained in my cron.log

Problem solved.

Posted in Uncategorized | No Comments »

Don’t ever put CNAME on the root domain (esp. if you want MX to work)

March 31st, 2009

I was changing name servers for one of my domains. When testing the mail setup, I kept getting mail sent to the web server rather than the mail server. It turns out that if the mail server can’t find mx records, it falls back to A (or CNAME) records. So why was the mail server falling back to using the A/CNAME record when I had a perfectly good MX record assigned to the domain? After many hours of debugging and comparing working domain with non-working ones, the only difference I found was that I has a CNAME for the domain eg.

domain.com. 3600 IN CNAME www.domain.com

Turns out that if you have a CNAME for the domain, it redirects the lookup not just for A but for every record. So from dig, it looks fine if you query the authorative name servers directly – you see the mx and cname record – but it falls flat when queried on the recursive nameserver. Indeed after looking at RFC 1034, it states that “If a CNAME RR is present at a node, no other data should be present”. So setting the CNAME on the domain also consequently redirected requests for NS and SOA records, which made the domain quite invalid, although the subdomain records still resolved. Bottom line, don’t ever put CNAME on the root domain.

I was trying to be smart and save on retyping the IP by using CNAME… but turns out I was too smart.

Tags: , , ,
Posted in Uncategorized | No Comments »

How to use the WAN port on WRT54G or WRT610n as a LAN port

January 1st, 2009

I have a WRT54G at home but I don’t use its routing capabilities, only wireless and LAN. There are only 5 ports on the device and one is dedicated as the WAN port. I want to turn the WAN port into a LAN port so I can make use of all 5 ports. How do you do it? As long as you have shell access (obtained by telnet on custom firmwares like dd-wrt or openwrt), just type in these commands:

For WRT-54G

nvram set vlan0ports="0 1 2 3 4 5*"
nvram set vlan1ports="5"
nvram commit

For WRT-610N:

nvram set vlan1ports="0 1 2 3 4 8*"
nvram set vlan2ports="8"
nvram commit

Then reboot the router. What we’re doing is assigning the (former) WAN port (0) to the LAN vlan, instead of the WAN vlan.

Tags: ,
Posted in Uncategorized | No Comments »

Play MythTV recordings in VLC

December 30th, 2008

UPDATE 28/11/2010: VLC 1.1.5 now supported

For the Christmas holidays I’ve decided to embark on the project to build a MythTV plugin for the VideoLan Client (VLC) such that you will be able to view TV recordings without the need for SMB shares or mythfrontend itself. My primary computer is Windows which can’t run mythfrontend, so to view recordings I have to resort to using samba shares and I can’t watch live TV either. With the development of MythTV Player, you could now watch recordings and even live TV. However development seemed to have stagnated. There are features like teletext that are available in VLC, but not in the MythTV Player. Wouldn’t be great if VLC could directly access MythTV, so you can watch recordings and enjoy the features like telx subtitles? That’s what I did. I made a MythTV access plugin for VLC. Currently only available for Windows:

Download it

To install it, just extract the zip and move libaccess_myth_plugin.dll to your VLC/plugins directory. This was built against VLC 0.9.8a, so you should use that. It only supports myth protocol 40 (so only works with mythTV 0.21) at the moment.

To use it, open VLC (duh), go to the menu Media > Advanced Open file. Then click the network tab and enter a myth URL ie. myth://192.168.0.10:6543/1022_20081229212500.mpg

Open MythTV URL

Open MythTV URL

You can also browse recordings as well. Set up your myth backend url first by going to the preferences and selecting show settings: all. Then expand Input/Codecs > Access modules > MythTV. For the Backend Server URL option, enter something like: myth://192.168.0.10/

Set the myth backend URL

Set the myth backend URL

After saving the settings, click the menu Playlist > Additional Sources > Myth TV library. Then open the Playlist (Playlist > Show playlist) and you should see a MythTV option on the left. Click that and all your shows should be there.

Play List

Play List

http://siphon9.net/loune/2010/11/mythtv-vlc-plugin-now-supports-vlc-1-1-5/

Tags: ,
Posted in mythtv-vlc | 11 Comments »

A radical vision for Thunderbird

November 3rd, 2007

After hearing about the recent plans of Mozilla Co. spinning off Thunderbird into a new organisation, I can’t help but add my 2c. I see an opportunity for radical change in the direction of Thunderbird. I’ve personally used Thunderbird since the 1.0 days and it’s been an invaluable tool to manage of my email. However, there in lies the problem. With more and more people using online email these days, the role of Thunderbird is diminishing. If we step back and look at the fundamental problem which Thunderbird, which email, solves – It’s the communication between users. We now have many more forms of communication and interaction between users. More and more email is taking a backstage to more contemporary mediums such as IM and even social networking sites like MySpace and Facebook. So why are we still looking at email? There seems to be a general consensus that Thunderbird should grow into a PIM/Email client. A email/personal organiser is good, but why would you want to create something that’s already available? We shouldn’t be chasing the tail lights of Outlook and Evolution.

What I’m suggesting here I guess is to rethink Thinderbird – lose the focus on mail, in favour of more interesting communication mediums like IM, Facebook and MySpace. With the launch of OpenSocial from Google, connecting to social networks should be made much more easily. Thunderbird can utilise these APIs to bring users of social networks what it brought to email users in the past. There is a growing user base of social networks and it’s only getting larger. With many users part of several networks, managing their identities across these networks can become a painful and time-consuming. An application that manages multiple networks, a social network aggregator if you will, is something that we be desired of from these users. Thunderbird can handle multiple email accounts and it doesn’t take much to see that a natural evolution would be handling multiple social network accounts.

The new functionality, like managing social networks can’t be tacked on like an extra arm to the email functionality. There has to be a rethink from ground up. Right now the interface of Thunderbird is that of traditional email clients. You have accounts and folders and emails. This legacy model will be hard and awkward to reconcile with newer social networking models. Classification of messages/emails are no longer done with folders but with tags that allow them to he connected to multiple categories. Instead of the ‘address book’ you now have ‘friends’ and you certainly want to tag them.

Whether this new application, be it Thunderbird or a something brand new, there exists an opportunity to fill an enormous and growing void. Thunderbird is at crossroads and if there is a better time for a new direction, it would be now. In the post, I’ve mainly talked about one facet, which is social networking, but there are many other facets (IM/VoIP/Cal?) I believe should be part of the broader Thunderbird strategy. Aggregating all the different types of communication is surely a role that fits a next generation Thunderbird. This idea is not new and some members of the community share similar views.

Remember, as the /. meme goes, in Korea, only old people use email.

Posted in mozilla | No Comments »

Simple lightweight NTLM in PHP

October 23rd, 2007

Many months ago I made a PHP script that could read NTLM authentication information from your browser. What’s NTLM? Basically, if you’re using Microsoft Windows, your browser can automatically send your windows login information to a website (if you agree to it). This means that without needing to enter additional username or passwords, you can be authenticated at the website you’re visiting. This is quite convenient especially for company intranets. NTLM should work with all major browsers (Internet Explorer, Firefox and Opera).

The PHP code I wrote is simple and can be inserted into the top of any PHP script. The key output is $user $domain $workstation, which is the information advertised by the user. Be warned though, the script does NOT authenticate the user and merely assumes that the user is who they say they are. This is akin to a user entering only a username with no password required. I plan to add password/hash verification possibly in conjuction with samba in the future.

A limitation is that the PHP script relies on apache_request_headers() which is only available if you run PHP as a apache module. (Update 2010, newer code doesn’t have this issue)

<?php

// loune 25/3/2006, updated 22/08/2009
// For more information see:
// http://siphon9.net/loune/2007/10/simple-lightweight-ntlm-in-php/
//
// This script is obsolete, you should see
// http://siphon9.net/loune/2009/09/ntlm-authentication-in-php-now-with-ntlmv2-hash-checking/
//

// NTLM specs http://davenport.sourceforge.net/ntlm.html

$headers = apache_request_headers();

if (!isset($headers['Authorization'])){
	header('HTTP/1.1 401 Unauthorized');
	header('WWW-Authenticate: NTLM');
	exit;
}

$auth = $headers['Authorization'];

if (substr($auth,0,5) == 'NTLM ') {
	$msg = base64_decode(substr($auth, 5));
	if (substr($msg, 0, 8) != "NTLMSSP\x00")
		die('error header not recognised');

	if ($msg[8] == "\x01") {
		$msg2 = "NTLMSSP\x00\x02\x00\x00\x00".
		    "\x00\x00\x00\x00". // target name len/alloc
			"\x00\x00\x00\x00". // target name offset
			"\x01\x02\x81\x00". // flags
			"\x00\x00\x00\x00\x00\x00\x00\x00". // challenge
			"\x00\x00\x00\x00\x00\x00\x00\x00". // context
			"\x00\x00\x00\x00\x00\x00\x00\x00"; // target info len/alloc/offset

		header('HTTP/1.1 401 Unauthorized');
		header('WWW-Authenticate: NTLM '.trim(base64_encode($msg2)));
		exit;
	}
	else if ($msg[8] == "\x03") {
		function get_msg_str($msg, $start, $unicode = true) {
			$len = (ord($msg[$start+1]) * 256) + ord($msg[$start]);
			$off = (ord($msg[$start+5]) * 256) + ord($msg[$start+4]);
			if ($unicode)
				return str_replace("\0", '', substr($msg, $off, $len));
			else
				return substr($msg, $off, $len);
		}
		$user = get_msg_str($msg, 36);
		$domain = get_msg_str($msg, 28);
		$workstation = get_msg_str($msg, 44);

		print "You are $user from $domain/$workstation";
	}
}

?>

If you try the script in Firefox (on windows), you will notice that you get prompted for a username and password when encountering an NTLM challenge. This is because sending your windows credentials to any unscrupulous website poses a real security risk. To make it automatically use your windows credentials for sites you trust, you can add the website to a whitelist.

The whitelist is located at Firefox’s about:config (type that into the address bar), which allows the editing of all of the browser’s preferences. Find the preference entry network.automatic-ntlm-auth.trusted-uris, double click on it and type the hostname of the site (ie http://www.abc.com) that you want in your whitelist. Multiple entries are seperated by commas. After doing that, Firefox should send your windows creds automatically.

Update 20/09/2009. The above script is outdated, anyone wishing to use NTLM should see the new post: Part 2 – Now with hash checking

Tags: ,
Posted in php-ntlm | 32 Comments »

The longest and shortest days of the year

October 23rd, 2007

You would think everyday of the year has twenty-four hours right? That’s what I thought while writing a typical function to calculate the time difference between two dates. As I found out, especially in this time of year, this is a horribly flawed assumption. In a lot of timezones, one day of the year has 23 hours while another day has 25 hours. Some of you might have gathered by now that I’m talking about Daylight Saving Time. The marvellous invention, epitome of temporal manipulation that makes it so that this Sunday, there would be only be one hour between 1AM and 3AM. In summary, 3-1 = 1. Those of you on northern hemisphere will find that you will experience 2AM twice.

Once upon a time, I used to a backup cron job that runs on 2AM. 2AM seems to be a nice time as everyone is asleep so that the server could use the spare processing power for the menial task. In one day of the year it ran twice. In one day of the year it never ran. Now all my backups run at 4AM.

As a programmer, I hate DST.

Posted in Uncategorized | No Comments »

Multiple Cookie Containers for Firefox

May 14th, 2007

A few weeks ago I began work on modifying the cookie system on Firefox to support multiple “containers”. Multiple Containers enables users to log in to many websites as multiple users on the same Firefox session. It is very useful for web developers who require this functionality to test their user account systems. Another use is for people who have multiple web mail accounts with the same provider that they want simultaneously logged on to. This is an oft-requested feature that Internet Explorer partially supports. (See bug #117222)

I’m happy to say that this is now ready for testing. Below is a working build for Windows. It is based on the latest Trunk plus the cookie patch and extension. Unfortunately for Mac and Linux users that wish to try the patch, they will have to manually compile Firefox with the patch below.

Read the rest of this entry »

Posted in mozilla | 5 Comments »

« Older Entries
Newer Entries »