Firefox bugs(?) + AV software + Blog trackbacks

Firefox problem number 1:
When I first installed firefox I did not notice masterpassword setting at once. So I had some passwords saved on a few sites without it. I’ve noticed though that even if I use a masterpassword now…If I don’t enter a password and visit those few sites, firefox auto-completes my username and password. If it’s not something I am doing wrong I consider this a bug. Since I’ve set a masterpassword why not protect ALL previous passwords ? Anyway…my temp solution was to delete those passwords from firefox’s internal database and enter them again after I have typed a masterpassword. Firefox now never auto-completes them without the masterpassword. I hope I have time later on to figure out how firefox descriminates passwords prior and after masterpassword being set.

Firefox problem number 2:
I used to have great problems watching wmv videos inside webpages. I could see .mov movies fine with firefox…but wmv was a real pain. They sometime played…they sometimes did not…Most times firefox crashed after loading a page with a wmv inside. When it did not, it filled my memmory and reached more than 200Mb of VM Size in Windows. I had this idea today to check on the dll that is responsible for wmv files.
So, I typed about:plugins, scrolled down…and there it was
C:/Program Files/Windows Media Player/npdsplay.dll
Then was the time to find an update.

Windows Media Player Plug-in for Netscape Navigator

That did the trick…Firefox now doesn’t crash and stays at normal VM size.

Another thing I changed was the Antivirus software I use. I changed from Norton to Kaspersky. I think Kaspersky is much much lighter than norton and my system gained some “fresh air”.

I’ve also had new “comment” attacks on my blog using trackbacks. So, I had to disable trackbacks. WordPress enables each blog entry to have its own rules about trackbacks and comments…so I had to change all previous rules of my previous posts to disable trackback. That’s easy to do with a small sql command:

UPDATE `wp_posts` SET `ping_status` = ‘closed’ WHERE `ID` >0

That’s it for now…

Various stuff I have in my mind

I have exams lately…so I need a place to express some stuff I am thinking and doing. And this is the place. Bare with me for another 10 days…then exams are over 🙂

Here’s a list of interesting stuff I have done/seen lately:
1) Kost-it: It’s a post-it like small proggie for windows. VERY usefull if you have lots of stuff in your head. I write them down there…and I remember to do them when I have to…or when I can. At least I don’t forget them. The bad thing about kost-it is that it’s developer has removed it from his site..(he’s probably insane or whatever). But since it was free, I downloaded it for free, I can provide it to you for free…I hope. Well if he’s got probs with this he can tell me.
Here’s the link to Kost-it version 1.87!

#Edit 08/02/2005
Read this post where I explain why the “kost-it” download link was removed from my blog. Blame 3M.

2) Firefox extensions
I introduced firefox to some people and of course I got feedback. One of them was using the Avant broswer so far and she was used to double clicking on tabs to get rid of them. There should have been a extension like that I thought…and there is! Tab Clicking Options!
Neeeeeeeeext.
Another one was barking on my ear about empty tabs being opened when you download something. I had noticed that too…I think it’s really silly. Oh well, there’s an extension that solves this too. And this must go inside the firefox source. What’s the reason for opening new tabs when u won’t use them ?
Disable Targets For Downloads. Neeeeeeeeext.

3) I’ve also played with IP-aliasing on linux for our local wireless network. It was fun…but the reason I did it is quite complicated, so I’ll blog about it when I have more time.

4) I’ve also set up some QOS rules for our local wireless network using tc and packet mangling from iptables. I change some TOS bytes for certain services using iptables and have created some simple filters to handle traffic using tc. It looks like our Cisco 340APs are aware of TOS bytes because people inside the wireless community have noticed a slight improvement when it came to concurrent downloading and voice chatting with a group of people on teamspeak or end-to-end voice over IP using h323. I’ll have a thorough look at it when I have time…I was happy that there was an improvement after all with those rules I’ve entered. I had no previous experience with these tricks on linux and I am not sure how I can “monitor” improvements. I’ll post my rules (both tc and iptables) when it’s finished, until then you can check on Wondershaper. We shall see what I’ll manage to come up with in the next couple of weeks…

5) ISDN call monitor.
I wanted a proggie that would tell me who’s calling me. I am really getting annoyed by certain people calling me to tell me how to do this and how to do that…and why doesn’t that work …and blablabla. Finally I have a way to monitor who called me when I was not at home and a way to avoid stupid people making stupid questions and eating up all my time. I know it sounds egoistic…but hey…if they would call you at 1 o’clock after midnight to ask you how to setup a prog on windows wouldn’t you be annoyed ? This is the answer I’ve found: ISDNCid. If you have a better one…PLEASE tell me.

That’s it for now…wish me luck, I’ll need it!

A new telecommunications era is rising ?

What if you could make phone calls from your home at Berlin to New York from someone’s phone actually living in N.Y ? And what if he got free minutes to do the call and both of you had internet connections ? Let me think…


Berlin--> VoIP (free) -->N.Y.--> Traditional Call (free)

|-------------------------------FREE--------------------------------------|

Is that an end-to-end free call ? Is it ? Oh yes…Baaad users…using technology to cut down costs ? baaaaaaaad.

Now, take a look at Bellster. It’s what I’ve just told you…but in a p2p form. You register yourself in the network…you donate your “free minutes” and you can call WHEREVER you want in the world for …. free! Everything is based on Asterisk opensource PBX. What Bellster only does is choose from which PBX-gateway your call is going to go through. So let’s say I can donate 5E per month for local calls (you define where the calls can only go to, you can restrict it to city wide, or nation wide or whatever you want). I frequently call my parents or my friends in my hometown. If just one of them places an asterisk and we both on the bellster…then we have national calls cut down to local, not just for me and them…but all the other bellster users. Imagine this getting bigger and bigger by the day. It’s a MASSIVE blow for telcos. The only downside of the project is that Asterisk needs an almost dedicated linux machine, and it is not the easiest thing in the world to configure. But I bet that while this is getting larger and larger asterisk will get both easier to configure and with even more capabilities.

Is this awesome or what ? We are getting robbed by telcos for over-paying something that is relatively cheap. Now it’s the time for them to feel like we did all those years…I know that it is really hard for this Bellster network to expand because it needs some tech backround…but there are millions of ppl nowdays that can surely set this baby working.

Go Go Pulver!

Phrack is dead

With an announcement made on friday phrack magazine announced that they will publish only one more issue.
For some people Phrack magazine may mean nothing at all. For others it was a must read during times where it was quite harder than now to find sources of usefull technical information on various subjects. Phrack was a magazine not only about computer hacking (or cracking possibly) but about a certain technology lifestyle.
Everyone will agree that phrack was on a decline period for several years now, older editors quitted, got bored, or whatever…and the newer ones can’t keep up with the old publishing rhythm or with the older “status” this magazine had. It’s true that for at least the latest 3 years, if not longer, phrack staff was lacking of inspiration. There were no articles to blow your mind like the “good old days”. I don’t believe that there are no interesting topics nowdays…but it looks to me as if the editors are not good enough for this job. They’ve turned the magazine to elitistic look and feel. The editors themselves don’t write anymore, and since they don’t..who will inspire the newcomers to sit down and squeeze their minds ?
It’s too bad that n00bs and l33t guys have taken over the universe. Where are the tech freaks ?

The Misuse of RC4 in Microsoft Word and Excel

There’s a nice pdf around that explains how stupid can sometimes programmers or companies be. And that of course affects the(ir) users.
MS supports encryption in word and excel documents (wowZ!) but hey…do they do it “properly” ? Of course not…so people end up believing that they are safe…when in fact they are just wide open to attackers.

Abstract. In this report, we point out a serious security flaw in Microsoft
Word and Excel. The stream cipher RC4 [9] with key length up
to 128 bits is used in MicrosoftWord and Excel to protect the documents.
But when an encrypted document gets modified and saved, the initialization
vector remains the same and thus the same keystream generated
from RC4 is applied to encrypt the different versions of that document.
The consequence is disastrous since a lot of information of the document
could be recovered easily.

This analysis is pretty well written and explains a lot of stuff in a step by step mode. Give your self the chance to find out how you must learn not to trust anyone who provides you “security” and “encryption” services.

Go GO GOOOOOO MS! You did it again!

Looks like RC4 isn’t Microsoft’s favorite algorithm…http://seclists.org/lists/bugtraq/1995/Dec/0004.html
Are they SO dumb ? or do they do it on purpose?

Crimson Rivers 2: Angels of the Apocalypse

Les Rivières pourpres 2 – Les anges de l’apocalypse is a sequel to a great movie but unfortunately this movie is BAD. It was supposed to be a thriller…and noone in the cinema made a slight sound to express fear. IMHO, it’s mostly a cop adventure. A bad immitation of american cop movies. It reminded me of some of Morgan Freeman’s movies where there’s some dark evil and the policemen are always behind it but can’t catch it and blah blah blah. The plot was hilarious…someone should tell the producers that rain from itself doesn’t make a movie spooky. It rained constantly during the movie…and that’s too cliché for a cop movie. The cops were STUPID. They had the bad guys in front of them (3m away facing front)…but hey…we never shoot…let them run away again…another 5minutes of running people on the screen. Actors should get extra payed for this movie…they seemed to run lots of kilometres. The movie has more than 15minutes of running people (the producer must be a fan of Lola rennt), it has another 5 minutes of a french cop playing karate with another bad guy and so on…The humour that existed in the movie was “hollywood cops” style, dumb jokes for dumb people. Oh, and something else…I didn’t know that amphetamine made people run and jump like spiderman…I’ll go to the local drugstore to buy some and then jump from roof to roof…seemed like lots of fun…

Don’t go see it…don’t even rent it…AND don’t download it (omg ppl download movies from the net ? unbelievable). IT’S CRAP.

I was lucky to go see it on non-rush hour and payed just 5 euros instead of 7. I saved 2 euros…pheeeewwww.

MRTG Traffic Totalizers

It’s been a few months since I am gathering stats from our local wireless network using mrtg. Last night was the BIG night…the day I wanted to see some stats. Some real stats from the data each client transfered.
1) Change to RRDtool. Okie it was my fault not having it done from the very first time but no data were lost during the swap 🙂
2) Get yourself 14all.cgi to graph your collected stats (just like simple MRTG produces pngs…14all.cgi produces pngs from rrd files. If you can’t get what I am talking about visit RRDtool homepage and study..).
3) Get MRTS (example)
4) Get mrtg_total.pl (example)

Now configure all these…and you will have really beautiful stats and total traffic reports. How to configure ? RTFM.

Btw…I had some prob with rrdtool and 14all.cgi. If some entries in your apache error_log look like this:

/usr/bin/perl: relocation error: /usr/local/rrdtool-1.0.49/lib/perl//auto/RRDs/RRDs.so: undefined symbol: Perl_Gthr_key_ptr

Then you have a perl “version” problem. You might have more than one installed. Check whether the first line of 14all.cgi points to the proper perl binary.

jabberd

Ok jabber is cool…really cool features…but which server should one install if he wants a server for a medium sized network ?
I wanted to setup a jabber server for our local wireless network. I first tried jabberd2. It’s kinda easy to install it with basic settings. If you just want basic stuff it’s great…but I wanted conference support. In order to install conference support I had to download mu-conference which is based on Jabber Component Runtime. But JCR needs special glib version and crap like that. Simply PATHETIC. I tried to install it with the current version I had in the server (which was newer than I should have…pfff) and I constantly got segfaults and when I managed to stop them then I could not create any conference room. PATHETIC again.
So I searched for another server. I found ejabberd

ejabberd is a Free and Open Source distributed fault-tolerant Jabber server. It’s mostly written in Erlang, and works on many platforms (tested on Linux, FreeBSD, NetBSD, Solaris and Windows NT/2000/XP).

Ok…now what’s erlang ? damn… I had never heard about it before…anyway, I installed erlang and then compiled ejabberd. It has a pretty straightforward configuration file..and the only thing I had to do was create an ssl certificate for TLS auth. I don’t know how “secure” this server is…but I don’t mind that much after all…if anyone wants to install another more secure server…he is FREE to do so…

Acinonyx dlink ap900+ firmware [more changes]

Acinonyx did it again. He made more changes to the firmware of the dwl-900ap+ and added some more features.
New Additions:
1) Power output control from 0dbm to 18dbm in steps of 2dbm
2) Extra Channels (Japanese 14 and Europe 12,13) for those with the US version.

Enjoy this great firmware here:
Download dwl-AP900+ firmware 3.06_mod_0.6
or here: Download dwl-AP900+ firmware 3.06_mod_0.6

new horde of installations

Yesterday I decided to install the new IMP webmail client on a server that I administrate. I used to have Horde 2.2.X rel and IMP 3.2.X versions along with some other goodies that horde project offers (mnemo, kronolith, etc) but the new IMP 4.X needs a newer horde platform (version 3.X). I started downloading the necessary tarballs and then unpacking them. I thought that an “upgrade” would be feasible…and it was…until I did “something” wrong. I was fiddling with the new webbased configuration of the new horde…I had already made IMP 4.X work with the new horde…when I did something and everything stopped. I tried to recovery some backup config…but without results.
So I started from the beggining making a clean install. After about an hour everything was working great apart from some cosmetic bugs but all looks great now. I’ve also imported some horde preferences from the old installation (I had kept an sql backup of that database before I dropped it) so that some users did not lose their filters.
Most interesting feature of the new IMP is (for me) the pgp/s-mime support. I think it’s the first webmail client that supports pgp/s-mime encryption/decryption/signing using your keys. I’ve used it’s pgp features and it works great. No problems at all with any operations I’ve tried.

great work by the horde project. I recommend the update from any old imp to the newer version to anyone using his webmail for something more than just “funny emails”.

happy 2k5

Hello all and happy new year 🙂

I am still at holidays so there’s not much to write…just some wishes..
My only news is that my mobile phone (siemens sl45i) is slowly dying after more than 2.5 years and I’m trying to find which one to buy now. I’m probably going to buy sony-ericson K700i when I gather the money it needs…Any other suggestions in that category (from 250E to 350E)?

new dlink AP900+ firmware hack

A guy from Athens Wireless Metropolitan Network with nickname Acinonyx published his hacked firmware for dlink AP900+ rev C that:

  • is fixed so that the transmitting and receiving antenna is the same and the one you pick from the web interface
  • changes left -right antenna with internal-external
  • One can specify the power output from max (17dbm) to min (1dbm) in both Access Point mode AND client mode!!!
  • Changed stats to display total packets instead of “good packets”
  • If you can read Greek check here: http://www.awmn.net/forum/viewtopic.php?t=10601
    To DOWNLOAD the firmware: http://www.awmn.net/forum/download.php?id=4109

    a screenshot: http://www.awmn.net/forum/download.php?id=4108

    software improvements

    In order to read rss feeds in windows I have a client called Abilon (and yes it’s freeware!). I really like it’s clean design and it’s features. It’s neither bloated nor lacking features.
    I had a problem with it though when it came to reading some rss feeds that were on https sites. So I thought I should give it a try and contact the author. I have done this with many other progs …but I never got such friendly and fast answers as the Abilon programmer gave me. The problem was fixed within a day…and it’s christmas! (the new version available on the site “2.5.3 build 196” has got no probs with https sites any more, at least all my sites are working perfectly right now)
    It’s great when you send your suggestions to improve a program that you use and like and the programmer responds in a very polite and helpfull manner. It’s a big big + (plus) for Abilon that it’s programmer listens to people suggesting him some changes. Imho it’s the only way to improve a program…listening to requests…

    Abilon

    8bit xmas wishes

    While browsing the net I came up with this music collection for xmas made on old machines 🙂

    Featuring the sounds of Yerzmyey on the Spectrum, Nullsleep on the NES, Vim on the VIC20, Paul Slocum on the Atari 2600, Bit Shifter on the GameBoy, Goto80 on the C64, Dma-Sc on the Atari ST, and Hally on the X68000

    You can download all the files for free…I might check the rest of the songs there as well 🙂

    Have fun ppl 🙂

    yahoo! privacy!

    It may sound weird…but looks like yahoo! is protecting its users privacy quite firmly. Reading this cnn article I totally agree with yahoo! . If that soldier wanted his mom to read his email he should have cc’ed or bcc’ed all his email to her. Since he didn’t…his emails go with him. I’d certainly not want anyone reading my files/emails, or whatever other personal I have, after my death. I have chosen to publicize parts of what I think and write and that’s all, nothing more nothing less.

    If they want their sons’ emails they should hack his account … and they’ve got 90days to do so 🙂