Ubuntu: Installing RRDtool 1.4.5 and php->RRDtool bindings

Installing RRDtool 1.4.5:

Ubuntu 11.04 repo only offers older RRDtool 1.4.3, so if need to have a more recent RRDtool on your system:

Run the following commands as superuser:
sudo su

apt-get install libpango1.0-dev libxml2-dev

wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.5.tar.gz
tar -zxvf rrdtool-1.4.5.tar.gz
cd rrdtool-1.4.5

mkdir /tmp/rrdbuild
export BUILD_DIR=/tmp/rrdbuild

mkdir /opt/rrdtool-1.4.5
export INSTALL_DIR=/opt/rrdtool-1.4.5

./configure –prefix=$INSTALL_DIR ; make ; make install

RRDtool is now installed in /opt/rrdtool-1.4.5

Setting up php5-RRDtool bindings

apt-get install php5-cli php5-dev

mkdir -p /usr/local/src/php-5.3.5/ext
cd /usr/local/src/php-5.3.5/ext

wget http://oss.oetiker.ch/rrdtool/pub/contrib/php_rrdtool.tar.gz
tar -zxvf php_rrdtool.tar.gz
cd rrdtool

./configure –with-rrdtool=/opt/rrdtool-1.4.5 –with-php-config=/usr/bin/php-config
make install

In /etc/php5/cli/php.ini, scroll down to “Dynamic Extensions” and add this line:

Make sure there’s no PHP warning or error:
php -v

To confirm module is loaded, find rrdtool from the output of:
php -m

Posted in Linux, Networking | 2 Comments

How to call video relay service (VRS) with Linux / Ubuntu

How to call VRS from inside Linux-based OS such as Ubuntu

Background information for people not familiar with VRS: Video Relay Service is one of the most useful service provided to deaf Americans. This service enables deaf people to initiate a phone call to hearing people by using a video application to connect with a sign language interpreter. The interpreter becomes the middleman and relays the call between the two parties.

Convo, ZVRS, Purple, Sorenson, SnapVRS are among the VRS providers offering several ways for deaf people to make phone calls.  Deaf people can call using dedicated videophones, Mac or PC applications, or even a web browser.  More recently, VRS providers have released apps for mobile platforms such as iOS or Android-based smartphones/tablets.

However, there’s a gaping hole for Linux users: there are no native applications for calling VRS!  The odds are if you’re a Linux user, you are also used to taking matters into your own hands and jumping through hoops to find a solution that works.

Convo Anywhere

Easiest Linux-based solution to initiate VRS calls: Convo Anywhere

Convo offers a flash based VRS calling application which can be run entirely inside a web browser.

Open up Chrome or Firefox with flashplugin installed then login Convo Anywhere.


After logging in, go to:


Set the permissions accordingly:

Reload Convo Anywhere and you’re all set to initiate a VRS call with your webcam and (now visible) interpreter.

While Convo Anywhere is a snap to set up and get started right away with calls, there is a trade-off:  Convo Anywhere allows you to initiate calls but not receive them from hearing people or friends who may be trying to call you back.  This is essentially one-way VRS calling application.

Which leads us to:

There is a cheat workaround that’s somewhat heavy-handed but allows the deaf person to receive calls from friends or hearing people. Instead of gunning for a native solution, there’s a virtualized solution where it’s possible to run a VRS application for the PC on an Ubuntu machine.

VirtualBox / ZVRS Z4

The approach: Install virtualbox then run a Windows virtual machine. Once inside the Windows virtual machine, download and run a VRS application for PC, such as ZVRS Z4.

Installing virtualbox:

Add the virtualbox repository to your Ubuntu machine: (Natty is currently the latest)

Inside /etc/apt/sources.list:

deb http://download.virtualbox.org/virtualbox/debian natty contrib

Run at Terminal console:

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc  \
-O- | sudo apt-key add -
sudo apt-get update
sudo apt-get install virtualbox-4.0

Your account needs to be included in vboxusers group:

sudo usermod -G vboxusers  your_username

In order to have virtualbox support USB 2.0 devices, such as webcams, you must download and install the virtualbox extension pack:

VirtualBox 4.0.8 Oracle VM VirtualBox Extension Pack

Double-click the saved file and installer will automatically add it to virtualbox.

Restart virtualbox then inside virtual machine’s USB settings:

Enable USB 2.0 (EHCI) controller

To find the ID of your webcam, open a Terminal console and type:


In virtual machine’s USB settings, add device filter for the webcam (make sure the ID matches)

Inside the device filter, Set ‘Remote’ to ‘Any’

Boot up your windows virtual machine and you should be able to see the webcam video inside  ZVRS Z4 application.  Leaving this virtual machine and application running constantly, you will be able to receive incoming calls as they come in as well as initiate out-going calls.

The VirtualBox/Z4 approach will be more taxing on the machine so it’s important to run a beefy computer with sufficiently powerful CPU and enough RAM memory to handle the extra workload.

VMware Player for top performance, video-wise:

You can also use the Linux version of VMware Player to create a Windows 7 VM to run the ZVRS Z4 softphone.

After VMware Tools is installed in the Windows 7 VM, the video inside Z4 will be very close to native performance & quality. In the screenshot above, you can also enter the VMware Unity mode to display the Z4 application inside its own window.

Posted in Linux, Video, Web/Tech | 7 Comments

H.264 codec for Linphone on Ubuntu

Tested with: Linphone 3.4.3 and Ubuntu 11.04 (Natty Narwhal)

Get and untar msx264 source code:

Make sure have all the necessary packages installed:

sudo apt-get install libmediastreamer-dev libx264-dev libavcodec-dev libswscale-dev libtheora-dev libsdl1.2-dev

Compile and install:

./configure –prefix=/usr
sudo make install

Restart Linphone and h.264 codecs will show up in Preferences — Codecs — Video Codecs.

Posted in Video | 3 Comments

VMware Ubuntu virtual machine for Android development

I’m currently gearing up to do some Android app development after making some headway through this helpful Android dev book, “Professional Android 2 Application Development.

I decided to create a small Ubuntu-based virtual machine that is dedicated solely to Android app development.  This gives me several benefits:

  • Small and clean environment dedicated only to Android development work.
  • Ability to create VM snapshots before undertaking any potentially destructive actions.
  • Extreme mobility by having the virtual machine files stored on my dropbox account so I can start up the development VM anywhere I go.

Here are the steps to create an Ubuntu virtual machine specifically for Android development.  Note: these instructions assume you already have some basic knowledge of Ubuntu and VMware workstation/fusion.

Virtual machine install
Install from 32-bit Ubuntu 10.10 ISO image to a VM with these selections: Linux version Ubuntu, 12GB vdisk, 2 vCPUs, 3GB RAM.

It’s recommended to use 32-bit OS instead of 64-bit to avoid potential problems with libraries. However, if really want to go with a 64-bit OS, need to install 32-bit compat libraries:

apt-get install ia32-libs

After a fresh install/reboot, use apt-get or the package manager to bring machine fully up to date then reboot to complete the update.

Install VMware Tools for Ubuntu for overall improved performance.
VMware Workstation menu: VM -> Install VMware Tools
Copy VMwareTools-xxx.tar.gz from the DVD to your home directory (~jared for this example)

cd ~jared
tar -zxvf VMwareTools-xxx.tar.gz
cd vmware-tools-distrib
sudo ./vmware-install.pl
install using default values

Ensure VMware Tools survives future kernel upgrades
Place this script inside /etc/rc.local

# Automatically install vmware tools modules after a kernel upgrade.
# Installing new vmware tools modules causes network to go down and up.
# (The pcnet32 module is swapped out for vmxnet driver)
# This may have adverse effect on network-aware programs already running.
# So is safer to reboot to ensure everything is working properly.
if [ ! -e /lib/modules/`uname -r`/misc/.vmware_installed ]; then
      printf "\nDetected absence of VM Tools- starting the modules compiling.\n\n"
      /usr/bin/vmware-config-tools.pl --default
      VMToolsVersion=`/usr/bin/vmware-config-tools.pl --help 2>&1 | awk '$0 ~ /^VMware Tools [0-9]/ { print $3,$4 }'`
      printf "\nNewly installed VM Tools version: $VMToolsVersion\n\n"
      touch /lib/modules/`uname -r`/misc/.vmware_installed
      depmod -a
      printf "\n  *** REBOOTING ***  Ensure a clean system with VMTools loaded.\n\n"


Create the .vmware_installed file:

touch /lib/modules/`uname -r`/misc/.vmware_installed

Change System->Preferences->Monitors to an increased resolution. I like to use 1152×864 (4:3)

Installation of software for Android development:

Install in this order:
1. Java
2. Eclipse
3. Android SDK
4. ADT plugin.

Activate the software repository for Sun Java.

note: JDK 1.4 or GCJ (GNU complier for Java) are NOT supported for Android development.

Activate the Partner repository so can include Sun’s Java software in list of available software packages. (as opposed to openJDK)

System -> Administration -> Synaptic Package Manager -> Settings-> Repositories -> Other Software -> check Canonical Partners.

Close and reload Synaptic Package Manager.

Install Sun JDK6 (not the JRE)

sudo apt-get install sun-java6-jdk

Ubuntu automatically selects java-6-openjdk for the default java, to change this:

update-java-alternatives -l
update-java-alternatives -s java-6-sun


update-alternatives --config java
# update-alternatives --config java
There are 2 choices for the alternative java (providing /usr/bin/java).
Selection    Path                                      Priority   Status
0            /usr/lib/jvm/java-6-openjdk/jre/bin/java   1061      auto mode
1            /usr/lib/jvm/java-6-openjdk/jre/bin/java   1061      manual mode
* 2            /usr/lib/jvm/java-6-sun/jre/bin/java       63        manual mode
Press enter to keep the current choice[*], or type selection number: 2
# java -version
java version "1.6.0_24"
Java(TM) SE Runtime Environment (build 1.6.0_24-b07)
Java HotSpot(TM) Server VM (build 19.1-b02, mixed mode)

Eclipse installation
At present time, Ubuntu package manager doesn’t offer >= Eclipse 3.6 (Helios) so get directly from eclipse.org/downloads and download the Eclipse Classic package: ~170MB tgz file.

move the tgz to your ~/Applications directory.
tar -zxvf eclipse-SDK-3.6.1-linux-gtk.tar.gz

double-click and run ~/Applications/eclipse/eclipse
Accept default value for workspace location.

Installing Android SDK
Download from

uncompress the tgz into ~/Applications directory
cd ~/Applications/android-sdk-linux_x86/

tools/android update sdk

My personal preference is to develop for Android 2.2 (API Level 8) or higher, so I select the SDK Platform Android APIs and the samples for these versions.  I also select the latest Documentation, Android SDK Tools and Platform-tools.

Installing the Android Development Tools (ADT) plugin
ADT plugin installation is done through Eclipse.

Start Eclipse, then select Help > Install New Software -> Add

In the “Add Repository” dialog that appears, enter “ADT Plugin” for the Name and the following URL for the Location:

In the Available Software dialog, select the checkbox next to Developer Tools and click Next.
In the next window, you’ll see a list of the tools to be downloaded. Click Next.
Read and accept the license agreements, then click Finish.
When the installation completes, restart Eclipse.

Now ADT Plugin needs to be configured:
Select Window > Preferences… to open the Preferences panel
Select Android from the left panel.

For the SDK Location in the main panel, click Browse… and locate your downloaded SDK directory at:

Click Apply, then OK.

Restart Eclipse.

After all these installations on a 12GB vdisk:

#  df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1              12G  5.4G  5.4G  50% /

There is plenty of room left over for your Android development work.

Posted in Android, Linux | 8 Comments

Fedora / RHEL: Listing all repos and which packages are offered by a repo

Commands on Fedora/RHEL systems to list all repos and which packages are available in a repo:

List all repos on the system:

[root@rhel6-vm ~]# yum repolist
Loaded plugins: refresh-packagekit, rhnplugin
repo id                          repo name                                                    status
epel                             Extra Packages for Enterprise Linux 6 - x86_64               5,518
google-chrome                    google-chrome                                                    3
rhel-x86_64-server-6             Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)     3,748
rhel-x86_64-server-optional-6    RHEL Server Optional (v. 6 64-bit x86_64)                    2,927
repolist: 12,196

View packages offered in a repo:

[root@rhel6-vm ~]# repoquery --repoid google-chrome -a
Posted in Linux | Leave a comment

Great educational video about ASL for families with a deaf child.

This is a fantastic video documentary on the importance of teaching American Sign Language to deaf children, especially in this age of deaf babies growing up with cochlear implants.

Too often, ASL is disregarded when believing the myth that learning sign language will stun the child’s potential. ASL is one of the critical components, along with other communication tools, that will help form and sustain a child’s overall well-being. Why not give a child all the tools, especially the one that will help to solidify and strengthen the relationship with parents?

Posted in Uncategorized | Leave a comment

Finding the state of a zipcode using reverse lookup with Google Geocoding API

Here’s a code snippet if you need to run a reverse lookup on a zipcode to identify which state it is located in.  Google Geocoding API version 3 is the latest at this time of post, and there’s no longer an API key required to make the geocoding call! (sorry about the overlapping across the right sidebar, but copy n’ paste still works.)

$zipcode = "20002";

$geourl = "http://maps.googleapis.com/maps/api/geocode/xml?address=$zipcode&sensor=false";

// Transfer the XML content from Google
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $geourl);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
$xmlContent = trim(curl_exec($c));

// load the XML content into a SimpleXML object for ease of acccess
$xmlObject = simplexml_load_string($xmlContent);

print header("Content-type: text/plain");
// If you want to see all the values you can use inside the object, uncomment the next line.


if ( $xmlObject->status == "OK") {
   for ($addr_comp_count=0; $addr_comp_count < sizeof($xmlObject->result->address_component); $addr_comp_count++) {
     if ( $xmlObject->result->address_component[$addr_comp_count]->type[0] == "administrative_area_level_1" ) {
       $state = $xmlObject->result->address_component[$addr_comp_count]->short_name;

print $state ;
Posted in Programming, Web/Tech | 2 Comments

Migrating from stock Epic 4G to TrulyEpic Rebirth v1.2 ROM

Tired of waiting for Samsung to update the Sprint Epic 4G to Froyo?  Wait no more, take the matter into your own hands!

Migrating from stock Epic 4G to TrulyEpic Rebirth v1.2 ROM

Starting point with all the links to the necessary files:

First, must go to Froyo and have EXT4 filesystems before can use Truly Epic ROM.

Dowload for DK28: SPH-D700-DK28.tar

Step 1.
Boot your phone into download by powering off your phone holding 1 on the keyboard and holding power til you see the little Yellow digger.

Step 2.
On your computer, launch the included odin.exe and select the included victory pit and under PDA select the included SPH-D700-DK28.tar

Step 3.
Plug in the usb cable. (if it’s done right you should see a yellow Com device.)

Step 4.
Click Start and wait.

That’s it. You’ve got DK28 Release .

To get into Clockwork, hold Volume Down Camera and Power to flash your own rom.

>> Before starting the steps below for the format to EXT4, go ahead and copy TrulyEpic ROM, leave it in it’s “.zip” format, and place it on your phone’s SD card.


Formatting to EXT4
You must have Froyo DK28 (Android 2.2) before continuing to the next step.

Download OneClickRootCWM3.zip and extract it to a folder on your Windows desktop.

On your phone, push MENU, then select Applications > Development, then enable USB debugging and connect your phone to your computer via USB.

Now double click “run.bat” in the folder

If the command prompt asks you to restart adb, you need to go into Windows Task Manager (ctrl-alt-del on your keyboard) and end adb in the process tab, then go into the folder from Step 2 and double-click on the “adb” file to restart adb.

If the command prompt says “device not connected”, disconnect the phone and reboot it, turn debugging mode back on, reconnect the phone via USB, and rerun the “run.bat” file again. If you’re still getting “device not connected”, try repeating these steps one at a time or in a different order, for example just kill adb and rerun “run.bat” or only reboot the phone and then rerun “run.bat”.

If successful, will see many “read 262144 bytes” by the time it’s done.

Reboot to clockwork, will automatically start the converting to EXT4 filesystems

After rebooting back to the phone, and it’s on USB with debugging option turned on:
Run the adb.exe on PC

adb shell mount (to confirm mounts are now EXT4 filesystems)

If need to return to RFS filesystem (Samsung’s filesystem) can use ODIN with official Epic 4G stock DI18 update, SPH-D700-DI18-8Gb-REL.tar to cleanly go back to stock.


Flashing the TrulyEpic Rebirth ROM:

Turn off your phone. Now hold volume down + camera button + power button simultaneously until you see this screen (ClockworkMod Recovery)

(Note: if instead of this screen you get a similar screen but with blue text, go to the apply update.zip option at the top and select it. This should take you into the screen you see above.)

(To navigate in Clockwork, use the volume up and volume down keys. To select options, use the camera button.)

Once you are in Clockwork, proceed to Step 2.

Step 2)
Make a backup of your current system using Clockwork (this is a safety precaution – NOT DO skip this step). Go to the 6th option of the Clockwork main screen, “backup and restore”, and select it. Then select “backup”. Once Clockwork finishes backing up your system, go to Step 3.

Step 3)
Before flashing your ROM you need to clear data in order to avoid clashes. Go to the 3rd option in the Clockwork main screen, “wipe data/factory reset”, select it, and then select “yes”.

(IMPORTANT: in Clockwork before flashing: wipe data, wipe cache, advanced>wipe dalvik-cache twice each)

Step 4)
Go to the 5th option on the main Clockwork screen, “install zip from SD card”, and select it. Go to the 2nd option on the next screen, “choose zip from sdcard”, and select it. Now navigate to the zip file of your ROM, select your zip file, and then select “yes”. Once done, reboot, and you now have a custom ROM installed on your phone. You’re all done!


To fix force closes after restoring stock apps: Settings>Applications>Manage applications>All (at the top)>(app)>Clear data and Clear cache

Fixing the broken GPS
(first test to verify that it doesn’t work by turning off wifi and leave GPS on then use Google Maps to see if can’t lock on your location)

To fix,
first get your MSL code :
Since you are running TrulyEpic ROM, you already have su access to your phone.
Run ConnectBot, in dropdown menu in lower left corner select Local
Type in any name in the nickname box
Type su then hit enter
Type this:
getprop | grep MSL (hit enter)
ril.MSL is the MSL code

Once you have your MSL Code,
remove the SD Card and
Enter ##786# on the dialer keypad.

You will see two options: View and Reset. Tap on the Reset option and you will get a prompt to enter the MSL code.

At this point you will be asked if you want to do a manufacter’s reset, enter yes.

The phone will shut down and reset itself after a few seconds.

Once the process is complete, the phone will go through the hands free activation with Sprint.

After the activation process, updates may be downloaded and installed. Now that all updates have been performed, you may check to see if your GPS is working by going to Google Maps. You should be able to lock in GPS signal in under 10 seconds. Thats it. Your GPS woes are over.

The “GPS Test” app from Market can be used to verify that your Epic 4G can see the satellites.

The screen orientation (screen should automatically orient itself when you rotate the display from portrait to landscape) doesn’t quite work right or is delayed a few seconds. This is because the sensor needs to be calibrated.

Run ConnectBot, in dropdown menu in lower left corner select Local
Type in any name in the nickname box
su (hit enter)

/system/bin/sensorcalibutil_yamaha (hit enter)

Then follow the instructions on screen to calibrate then finally reboot the phone!

Posted in Android, Uncategorized | Leave a comment

Flashing your Epic 4G back to the official stock version

Last weekend, many websites went a bit crazy about the news that Android 2.2 Froyo was finally released for the Sprint Epic 4G. At first, it was claimed that the update was in the progress of being sent OTA in a slow and controlled manner to all the end users but it could take several days to show up on all the phones. For those who didn’t want to wait, there was an alternative to get it loaded immediately on the Epic, if you were willing to go the extra mile by downloading the update and flashing it to the phone (which isn’t exactly for the faint-of-heart).

It turns out that the announcement was premature and the update isn’t officially sanctioned by Sprint.

While I was able to use my updated Epic without any major problems, there was one annoyance. The GPS wasn’t fully functional: assisted GPS (using wifi) worked fine, but the satellite-based GPS service was effectively dead.  This update which was targeted at the beta testers seemed to be near completion and it’s likely Epic users will be seeing the final release very soon.  I decided to revert my Epic back to the latest official build and wait for the real update to arrive.

After hunting for the steps (over at xda-developers.com) to revert Epic back to the official build and successfully doing it, I’ve compiled the steps below for anyone interested:

Download the (latest) official Epic 4G stock DI18 update: SPH-D700-DI18-8Gb-REL.tar.md5

md5 checksum: e5119ee70ab44151f5a0abceef321662

Odin will be used to flash the phone back to it’s original condition. Note: this means that the phone will be cleared out fully and back to factory settings. You’ll need to download your Market apps again. However, your media files on the SD card will be untouched during this procedure.

Odin : http://www.sdx-downloads.com/devs/noobnl/Odin3+v1.61andepic.pit.zip

First, make sure phone is not connected to computer and that you have the Samsung Epic 4G drivers installed on your computer.

1. Open odin

2. Put your phone in download mode (Shut it off, wait for lights to all go out, then hold 1 on the keyboard while powering up)

3. connect phone (you should see odin put a Com4 or something like that in the first box. The actual number is NOT important what is important is something popped up there when you connected your device, meaning ODIN can see it)

4. Select the victory_8G_100528.pit on the right in the pit section

5. In the PDA Section, you select  the full Stock tar (SPH-D700-DI18-8Gb-REL.tar.md5 ~250mb) for a full wipe and full return to stock

6. Hit start. It will do its thing. Doesn’t take long and you can see the progress bar.

7. Device should reboot.

8.After rebooting, you should be back to running on the DI18 release.

The screen orientation (screen should automatically orient itself when you rotate the display from portrait to landscape) doesn’t quite work right. This is because the phone needs to be calibrated. Unfortunately, there is no easy menu selection to start the calibration. You will need to root your Epic, become root and run a special command to calibrate.

9. Download and unzip, “one click root exploit” for Epic 4G. http://www.mediafire.com/file/spur4pmotd9y5ym/one.click.root.exploitv2.2.4.zip

10. Run the following rooting procedure:

Put your phone in USB debug mode, which can be enabled by checking the USB debugging option in Menu –> Settings –> Applications –> Development.

Now connect the device to your PC via USB cable and run the run.bat file in the folder you just extracted.

That’s it. Let the rooting process complete and your phone to reboot. You will have a fully rooted Epic 4G. (However, may have to run run.bat 2 or 3 times and/or reboot your phone)

11. Download Android terminal from Android market on your rooted device.

Then type…..

su (hit enter)

/system/bin/sensorcalibutil_yamaha (hit enter)

Then follow the instructions on screen to calibrate then finally reboot the phone!

Posted in Android | 6 Comments

Google and Amazon do not offer ciphers using Diffie-Hellman Ephemeral mode.

[root@jne-f14 cnark]# ./cnark.pl –host amazon.com –port 443
SSL Certificate Information…

Certificate Commmon Name: www.amazon.com

Testing SSLv2 Ciphers…
DES-CBC3-MD5 — 168 bits, High Encryption
RC2-CBC-MD5 — 128 bits, Medium Encryption
RC4-MD5 — 128 bits, Medium Encryption

DES-CBC-MD5 — 56 bits, Low Encryption
EXP-RC2-CBC-MD5 — 40 bits, Export-Grade Encryption
EXP-RC4-MD5 — 40 bits, Export-Grade Encryption

Testing SSLv3 Ciphers…
DES-CBC3-SHA — 168 bits, High Encryption
RC4-SHA — 128 bits, Medium Encryption
RC4-MD5 — 128 bits, Medium Encryption

DES-CBC-SHA — 56 bits, Low Encryption
EXP-DES-CBC-SHA — 40 bits, Export-Grade Encryption
EXP-RC4-MD5 — 40 bits, Export-Grade Encryption

Testing TLSv1 Ciphers…
AES256-SHA — 256 bits, High Encryption
DES-CBC3-SHA — 168 bits, High Encryption
AES128-SHA — 128 bits, High Encryption
RC4-SHA — 128 bits, Medium Encryption
RC4-MD5 — 128 bits, Medium Encryption

DES-CBC-SHA — 56 bits, Low Encryption
EXP-DES-CBC-SHA — 40 bits, Export-Grade Encryption
EXP-RC4-MD5 — 40 bits, Export-Grade Encryption

[root@jne-f14 cnark]# ./cnark.pl –host google.com –port 443

SSL Certificate Information…

Certificate Commmon Name: www.google.com

Testing SSLv2 Ciphers…

Testing SSLv3 Ciphers…
AES256-SHA — 256 bits, High Encryption
DES-CBC3-SHA — 168 bits, High Encryption
AES128-SHA — 128 bits, High Encryption
RC4-SHA — 128 bits, Medium Encryption
RC4-MD5 — 128 bits, Medium Encryption

Testing TLSv1 Ciphers…
AES256-SHA — 256 bits, High Encryption
DES-CBC3-SHA — 168 bits, High Encryption
AES128-SHA — 128 bits, High Encryption
RC4-SHA — 128 bits, Medium Encryption
RC4-MD5 — 128 bits, Medium Encryptio

So….where are all the ciphers incorporating DHE (Diffie-Hellman Ephemeral mode), such as DHE-RSA-AES256-SHA?

What does this mean for the typical user?

Simply put: Google and Amazon are capable of decrypting all of their HTTPS traffic using only their private keys.  Some of the possible reasons why they would prefer to use these non-DHE ciphers: ease of debugging or dealing with government subpoenas asking for detailed traffic records.

However, what if the private keys have been compromised by outsiders getting a copy of the private keys? This could be accomplished by either 0-day exploits or social engineering (including, but not limited to, bribing internal staff). These outsiders would be capable of decrypting fully captured HTTPS sessions and be able to sniff out sensitive information such as credit cards, addresses, messages, etc.

Can the users fully (and more importantly, continually) trust that the private keys are not in possession of anyone outside Google or Amazon? Ciphers using DHE go a long way to add another layer of protection against this possible scenario.  DHE ciphers could, in a way, be viewed as the last line of defense in case the server private keys have been leaked. How about it, Google and Amazon? There’s room to improve the security for your web traffic/transactions…

Posted in Web/Tech | 10 Comments

A world-class iPhone app for the deaf: Captionfish

Have you tried to find captioned movies near your home?  If so, you’ve probably visited a fantastic website called Captionfish (http://captionfish.com) which is the brainchild of a pair of deaf developer and designer: Chris Sano (software engineer at Microsoft) and Brendan Gramer (user experience designer at Amazon).

It has always been a hassle for deaf people when trying to search for suitable movies locally that are currently showing with captions. With the release of this app,  Chris and Brendan have gone above and beyond to produce an amazing app. Now finding captioned movies near your home, especially while you are on the go, is no longer painful and is actually a fun experience!

Not only can you use the app to find the locations and times of the captioned movies, the app also thoughtfully provides captioned movie trailers as well!

Adam Stone over at Deaf Echo has some additional background information from the developers.

Below are a few screen snapshots of their world-class, visually-arresting, and free iPhone app.  In iTunes store, search for “Captionfish” to download it to your iPhone.

  • (The main screen)


  • (List of local movie theaters showing captioned movies:
    RW=Rear Window, OC-DA=Open Captioned)


  • (Nice bonus: movie trailers that are captioned too!)


  • (Summary of a movie trailer. Note the “play” icon on the mini movie poster)


  • (Sample movie trailer playing with the captions visible)


Posted in Video, Web/Tech | Leave a comment

Topics of the network security class I’ll be teaching this fall.

This fall, I’ll be teaching network security class for the IT program at Gallaudet University:

Here’s an overview of the topics in order. At this time, I’m open to further suggestions and feedback.

Goals and attitude of the network security professional: “Prevention eventually fails.”

Federal Laws covering computer hacking, fraud, abuse, intrusions and unauthorized access.

Organizational/Human Factors: setting network security policy, human judgement/decision-making about possible attacks, and the insiders threat

Profiles of different types of network attackers: from script-kiddies to hacktivists (people hacking for social, political or religious causes) to state-sponsored professional teams.

Emerging trend: (APT) Advanced Persistent Threats (sophisticated adversary engaged in information warfare in support of long-term strategic goals.)

Stages of successful attack/exploitation

Cover different attack vectors, mobile smartphones (iPhone/Android), Honeypots as early warning systems, social engineering threat.

(sprinkled throughout the course) Real world scenarios and personal war stories.

Review Linux system admin skills

Explaining/demo of stack/buffer overflows (NOP slide, shellcode, polymorphic shellcode)

Refresh networking knowledge

TCP/IP headers and handshake, ICMP types

Using wireshark for packet analysis

nmap and different types of port scanning to identify open/closed ports.

Review the structure of a DNS Record, A, CNAME, MX, NS, SOA – then show a breakout of a SOA Record (Serial number Refresh Retry Expire TTL). Showing them the tools such as nslookup, dig, samspade, host etc.

arp-poisoning, DNS poisoning (malware for local /etc/hosts or break into DNS master and force trx of bad DNS entries to DNS slave servers) and other L2/L3 attacks.

Using dsniff suite with a VMWare switch in “hub” mode.

Other information gathering methods (DNS zone xfers / Google reconnaissance)

Cryptography (symmetric / asymmetric encryption)

WiFi – encryption methods and attack methods

Installing LAMP

OS hardening

Sandboxing (jails)

Firewall with iptables

XSS and SQL injection attacks, obfuscation, the hex encoding of characters to obfuscate attack code / redirected URLs.

IDS using Snort in-line with iptables

Secure network architecture/design (External/DMZ/Wireless/VPN/VLANs/etc)

Using Metasploit framework for penetration testing.

Cloud computing infrastructure- risk not any less, just shifted. (Blue pill attacks to break out of guest virtual machine to the host.)

Posted in Linux, Web/Tech | 1 Comment

iPhone video calling bandwidth burn rate and Video Relay Service (VRS)

*update 8/2/10* Installing My3G on a jailbroken iPhone4 now enables the use of FaceTime over the 3G network instead of WiFi.  The information in this post is now applicable.


Kokonut Pundit’s post brings up valid concerns regarding using video relay service (VRS) over iPhone 4’s new video calling app called FaceTime.  When you have a cellphone that is capable of making video calls such as iPhone 4 or the Sprint EVO, the service comes with a monthly bandwidth cap, beyond which the phone company will pile on extra usage charges. When you exceed your monthly bandwidth cap, the costs can skyrocket and you’ll be looking at a large phone bill at the end of the month.

However, at this time, iPhone 4 allows video calls to take place only when you are inside an area that has wifi access (typically, your home or workplace wireless network).  Any traffic that goes over wifi network doesn’t count against your monthly bandwidth cap.  Only when you are out and on the 3G wireless connection will the traffic be counted against your monthly bandwidth limit. For now, for iPhone 4 users there’s no need to worry about your FaceTime video calls having an impact on your AT&T monthly bill.

It’s rumored that iPhone 4 will eventually be able to do video calls from wherever you are, even if you aren’t in a wifi zone.  Other advanced smartphones such as Sprint EVO can already handle video calls anywhere over the 4G network. This begs the question: How many video calls can you make before you hit the monthly bandwidth limit and before you get charged additional fees?

For example, AT&T offers two possible data usage plan for the iPhone 4:

$15 for 200 MB/month
$25 for 2 GB/month

Typically for a call with good quality video, the call requires a bandwidth of 384 Kbps.  How does this translate into video call minutes?

At 384 Kbps rate, the video calls will consume 2.75 MB per minute.

On the 200MB/month plan, the plan would allow 72 minutes worth of video calls per month.  With the 2GB/month plan, it allows almost 12.5 hours of video calls per month.

Also note that these calculations doesn’t take into consideration all the other activities you may like to do on the smartphone, such as email, SMS, instant messaging, web browsing, watching or uploading photos/videos, etc which would also count against your monthly bandwidth limit (when not on a wifi network).  Also, video calls may not be running at 384 Kbps, but depending upon the video calling app itself, the rate could go lower to the minimal acceptable video quality at 256 Kbps. At this lower rate, there would be an increase in available time for video calling.

Everyone uses their phone in different ways so the above numbers for video call minutes can be taken into consideration when determining which monthly plan fits you the best. Of course, for the iPhone 4 users, all this is moot until FaceTime app is capable of making video calls outside wifi zones and on 3G/4G wireless networks.

Posted in Video, Web/Tech | 9 Comments

Ubuntu: Problems booting up with no display device on Sony VAIO laptop with NVIDIA drivers

First of all, I’ve had great experience on several previous laptops loading the Ubuntu desktop with NVIDIA video drivers.  These drivers make the desktop experience on Linux much more pleasant to the eyes.  Ubuntu, particularly, makes it brain-dead simple to install the drivers without a hitch and upon a reboot, there’s the GNOME X environment with hardware 3D acceleration and in its full Compiz glory.

Recently, I became an owner of a Sony VAIO laptop and the changes in the latest NVIDIA Linux video drivers have been a near nightmare on the laptop. There is one significant problem that’s full of irony: simply detecting the LCD screen!  The NVIDIA drivers are unable to detect the LCD screen attached to the laptop and boots up to a blank screen with a warning saying that “No display device was found.”  However, if you connect an external monitor to the standard VGA port on the side of the laptop, you are able to get the 3D accelerated environment. Obviously, there’s no problems with the 310M video card, it’s just that the LCD screen isn’t being detected in the first place!

Using my Google ninja skills, I was able to piece together the necessary fixes which I list below:

The short story:

The Linux OS makes available inside /proc the Extended Display Identification Data (EDID) which describes the capabilities of the monitor to a video card. For whatever reasons, the NVIDIA Linux video drivers do not process the EDID automatically during the detection of Sony Vaio LCD screens.  This results in a blank screen with a warning “no display device found”, unless you happen to have an external monitor attached to the VGA port, in which case, the detection works fine.

In order to work around this, you need to explicitly tell NVIDIA driver the EDID data of the LCD screen and make the connection to the display.

So how to get the EDID data?

One way is to use SoftMCCS for Windows: http://www.entechtaiwan.com/lib/softmccs.shtm

Dump the data to lcd_edid.bin file and transfer it to your Ubuntu machine.

[There’s also the read-edid package for Linux that will allow you to run parse-edid on  /proc/acpi/video/NGFX/LCD/EDID but I didn’t try this.]

Modify the xorg.conf and include the path to the EDID binary file.

# nvidia-settings: X configuration file generated by nvidia-settings
# nvidia-settings: version 1.0 (buildd@yellow) Fri Apr 9 11:51:21 UTC 2010

Section "ServerLayout"
Identifier "Layout0"
Screen 0 "Screen0" 0 0
InputDevice "Keyboard0" "CoreKeyboard"
InputDevice "Mouse0" "CorePointer"
Option "Xinerama" "0"

Section "Files"

Section "InputDevice"
# generated from default
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "auto"
Option "Device" "/dev/psaux"
Option "Emulate3Buttons" "no"
Option "ZAxisMapping" "4 5"

Section “InputDevice”
# generated from default
Identifier “Keyboard0”
Driver “kbd”

Section “Monitor”
# HorizSync source: edid, VertRefresh source: edid
Identifier “Monitor0”
VendorName “Unknown”
ModelName “Sony Nvidia Default Flat Panel”
HorizSync 54.0 – 55.4
VertRefresh 50.0 – 60.0
Option “DPMS”

Section “Device”
Identifier “Device0”
Driver “nvidia”
VendorName “NVIDIA Corporation”
BoardName “GeForce 310M”
Option “ConnectedMonitor” “DFP-0”
Option “CustomEDID” “DFP-0:/etc/X11/lcd_edid.bin”


Section "Screen"
Identifier "Screen0"
Device "Device0"
Monitor "Monitor0"
DefaultDepth 24
Option "TwinView" "0"
Option "TwinViewXineramaInfoOrder" "DFP-0"
Option "metamodes" "DFP-0: nvidia-auto-select +0+0"
SubSection "Display"
Depth 24

Of course, you probably would also like to use the VGA port and connect the external monitor for extra desktop real estate.  Here’s the revised xorg.conf:

# nvidia-settings: X configuration file generated by nvidia-settings
# nvidia-settings: version 1.0 (buildd@yellow) Fri Apr 9 11:51:21 UTC 2010

Section "ServerLayout"
Identifier "Layout0"
Screen 0 "Screen0" 0 0
InputDevice "Keyboard0" "CoreKeyboard"
InputDevice "Mouse0" "CorePointer"
Option "Xinerama" "0"

Section “Files”

Section “InputDevice”
# generated from default
Identifier “Mouse0”
Driver “mouse”
Option “Protocol” “auto”
Option “Device” “/dev/psaux”
Option “Emulate3Buttons” “no”
Option “ZAxisMapping” “4 5”

Section “InputDevice”
# generated from default
Identifier “Keyboard0”
Driver “kbd”

Section “Monitor”
# HorizSync source: xconfig, VertRefresh source: xconfig
Identifier “Monitor0”
VendorName “Unknown”
ModelName “CRT-0”
HorizSync 30.0 – 83.0
VertRefresh 56.0 – 75.0
Option “DPMS”

Section “Device”
Identifier “Device0”
Driver “nvidia”
VendorName “NVIDIA Corporation”
BoardName “GeForce 310M”
Option “ConnectedMonitor” “DFP-0,, CRT”
Option “CustomEDID” “DFP-0:/etc/X11/lcd_edid.bin”

Section "Screen"
Identifier "Screen0"
Device "Device0"
Monitor "Monitor0"
DefaultDepth 24
Option "TwinView" "1"
Option "TwinViewXineramaInfoOrder" "DFP-0"
Option "metamodes" "CRT: 1680x1050_60 +1600+0, DFP: nvidia-auto-select +0+0"
SubSection "Display"
Depth 24

Man, after all this work, I can say I feel sorry for Linux newbies who have to grit their teeth on Sony VAIO laptops. I’m hopeful that NVIDIA will take note and spruce things up on their end to make all this painlessly automatic.

Posted in Linux | 11 Comments

Converting CHM files to text files

I find that it’s extremely useful to have a folder containing ebooks in the form of PDFs and CHMs (compiled HTML).  Often, when I can’t remember the exact command, coding, or configuration parameter, these ebooks are an excellent source to hit upon before heading out to Google to filter out websites with the correct answers.

The ebooks are stored across different directories according to their primary subject matter: Linux/FreeBSD, Security, Programming, Networking, Database, VOIP, etc.

While it’s all and good to have electronic reference books handy and ready at a moment’s notice, I wanted to take it one step further and make these ebooks searchable.

Enter Google Desktop which can be set to index files inside specific folders.  However, after installing and configuring Google Desktop, I noticed that the application doesn’t have deep indexing capability for PDFs and CHMs.  The desktop application cannot search the text inside these files and return the successful hits in the Desktop search results.

As a workaround, PDFs and CHMs can be exported or converted to regular text files.  After the corresponding text files are dumped into the same directory as the PDFs and CHMs,  Google Desktop has no problems indexing all the words inside the text files. This enhances the ability to perform keyword searching to find any ebooks containing the search string.

Fortunately, the current incarnation of Adobe PDF Reader allows you to export a PDF to text file, so that takes care of the PDF files.

CHM (compiled HTML) is a different story and isn’t as easily converted to a text file. CHM is basically a file composing of many HTML files that have been bundled together.  Fortunately, it’s possible to convert CHM into a single text file.  Archmage can be used to decompile CHM and break it up back to the original mess of HTML files. After the CHM decompiling,  lynx is run in a batch job to open each of these HTML files one by one and append the text output into a single text file.

Here’s the process and shell script to do the CHM to text conversion:

archmage ebook.chm
(a HTML directory is automatically created with all the HTML files)

cd  to the html directory

ls | sort -n > filelist
(this generates a file with sorted list of all the files in the directory. Most of the time, the files are numerically ordered so the sort -n helps to rapidly reorder them)

Edit filelist to get the right order from beginning to end:  It’s a good idea to have the TOC (Table Of Content), preface, main files at the top and followed by the correct order of chapters/sections. Remove any filenames (such as the alphabetized index) that shouldn’t be processed into the final converted text file.  Finally join all the filenames into a single line, separated by a space character (hint: vi editor makes this very easy via the command ‘J’).

Copy and paste the single line into the script below and run it.


# archmage can be used to decompile chm into html files
# First generate the list of files and order them to be processed correctly.
# ls | sort -n > filelist.txt
# edit filelist.txt , remove unnecessary files , rearrange order of files then join them all into one line.
# then paste & replace the line of files below

for i in main.html toc.html part01.html part02.html
lynx -dump $i >> final1.txt

#Do some post-processing to further clean up the file.

# Remove all “jared” , “Previous Page” , “Next Page” , “References” , “Visible links” , “Hidden links”
grep -v -e “\(jared\)\|\(Next Page\)\|\(Previous Page\)\|\(^References$\)\|\(Visible links\)\|\(Hidden links\)” final1.txt > final2.txt

# Replace all [digits] with a space character
sed “s/\[[0-9]*\]/ /g” final2.txt > final3.txt

final3.txt will be the final sanitized text file which can be dumped into the same directory of the original CHM file and indexed by Google Desktop.  It’s also a good idea to double-check the post-processing of the text file to customize the clean-up process to get cleaner results (will be different for each CHM file).

Posted in Web/Tech | 1 Comment