Category Archives: Tech

Let’s Encrypt!

It’s been quite a while since I’ve updated this blog eh? It’s been quite the whirlwind but that doesn’t mean changes haven’t been made to the website through my “inactivity”. One thing you may realize is that all the pages and links that you visit are now HTTPS enabled.

You might ask: “hey, isn’t this super expensive? SSL signing is quite expensive!” To this, I reply to my dear readers, “not at all! In fact it’s free!!”

Enter Let’s Encrypt

As the public’s appetite for securing everything, especially after the Snowden revelation and the rise of cybercrime, everyone and their mother have been alarmed at how easy it is for nefarious actors to steal personal information on the Internet. This problem has only been exacerbated with the rise of the cloud, where everyone is uploading their data be it their homework due the next morning, taxation information or their personal photos, someone is uploading something that can be used to build a profile of them for identity fraud.

Unfortunately, most of the websites are not encrypted. Why is this? It’s because SSL certificates have been traditionally prohibitive to the average website operator. These certificates can range from $45/year all the way to $1300/year depending on what kind of website you’re operating. For most people, especially bloggers like me who don’t generate revenue from our websites at all, it doesn’t really make much sense to pay for an SSL certificate, even though security minded folks like me really prefer to encrypt everything but not feasible, we’re already paying for hosting and the domain name as is just to have an online presence.

So how do we solve this problem? Fortunately, there’s Let’s Encrypt.

Let’s Encrypt is a Linux Foundation project sponsored by major technology entities such as OVH.com, Mozilla Foundation, Cisco, Google, Automattic, Facebook and many more! The goal of this project is to provide free automated SSL certificates for websites for any size, to increase the security behind these websites even if they are not ecommerce websites.

Why Let’s Encrypt? Why even bother encrypting?

The main draw is that it’s free and that it’s automatic! What do I mean by it being automatic? Once you install the Let’s Encrypt Client, it will generate SSL certificates for you. Web hosts can even integrate Let’s Encrypt into control panel software like the world renown cPanel in order to allow shared hosting or VPS customers deploy SSL certificates with only a few button clicks. Even for those who run their own Linux servers can easily deploy SSL certificates with just 2 command lines!

So why is encrypting websites important? Even if you don’t process any credit card transactions, it can increase the amount of privacy and keep important information confidential. If you’re say running your own WordPress site, even without using a ecommerce plugin like WooCommerce, whenever you do anything on the backend, the data will be sent unencrypted through the network, this includes data such as login credentials. This can potentially be a big problem as people who may have their networks tapped, the credentials can be captured by malicious actors.

Yes, encrypting your site may not be paramount if you’re not processing credit cards, but why not add the security measures if they’re just a simple click away?

Learn more about Let’s Encrypt: https://letsencrypt.org/

Backing Up Your Photos to Google+

We’ve all been in this situation, your phone suddenly dies and it doesn’t have a microSD slot or you didn’t select the proper setting to save them to your microSD card. Photos are probably one of the most precious things that we store on our mobile devices and companies know this. As such, many cloud service providers like Google, Microsoft, Dropbox, Copy and etc. provide mechanisms for you to easily back these precious photos seamlessly and with ease.

Google provides such a mechanism with its Google+ Photos app that is included with every single Android device that is sold on the market today with Android 4.0+. Your Google account comes with a generous 15 GB of free storage which can also be expanded up to 30 TB with Google’s paid options. Unlike other cloud services, Google provides unlimited storage for photos and videos as long as they’re smaller than 2048 x 2048 pixels for photos and under 15 minutes long per video. So as long as your photo or video meets these requirements, it won’t count towards your Google storage quota. That’s rather generous as no other cloud storage provider offer this.

Table of Contents

Enabling Auto Backup on Android

  1. Navigate to the Photos app that’s preinstalled on your Android device
  2. If this is the first time you’ve launched the app, it’ll ask you to sign in to your Google account. Once the app launches, press the triple dot menu on the top right hand corner of the screen.
  3. Once you’re in the settings menu, select the Auto Backup button.
  4. Select the toggle on the top right hand corner to turn on/off the Auto Backup function of the Photos app. Under Photo Size, it gives you 2 options: full size and standard size. The difference between these 2 options is that when Full size is selected, the app will upload the photos at their native resolution, whereas the Standard size option will shrink the image to fit within the 2048 x 2048px limit. By choosing full size, any photos that are larger than 2048 x 2048px will be counted towards your Google storage quota. By selecting standard size, you will be well within Google’s unlimited photo storage option. For best quality, choose full size.

    In this menu,  there’s also the option to select on what type of connection to backup your photos. By default, the Photos app will only backup your photos automatically when you’re connected over WiFi. However, if you press the button, you can also choose to backup your photos over your mobile data connection. There’s also an option of Backup all which will backup all your media to the cloud and just only future media that you store on the device.

Viewing Photos on Your Computer

So now that you’ve backed up your precious photos and videos to Google’s cloud storage, now how do we get to view our photos and videos and/or download them to our computer? That’s quite easy too! You can easily view your photos on the web as the Photos app backs your photos up to Google+. All the photos you back up are for your eyes only, and only visible to others when you choose to share them. To view your photos and videos, go to: https://plus.google.com/photos!

There are 2 ways to download your photos, either as a single photo  or for a whole album. For auto backup, your photos are sorted by upload date. Each upload date is an album. As such you can download the whole day’s worth of photos in one click. To download your album in Google+ Photos, scroll to the date or album you want, when you roll your mouse over the album, it will pop up 3 buttons: Tag, Share and a downward pointing arrow. Choose the arrow and it’ll open up a menu. Choose download to download the album. It will automatically zip all your photos and present you the download dialog in your browser.

To just download a single image, simply press the image you want in Google+ Photos, the photo will then expand in the photo viewer. on the top is a menu of options, choose the More… button and Download Photo. There will now be 2 options, Original or Enhanced. Original is the original photo you took, it will look exactly like how you took the photo. Enhanced is with Google’s photo enhancements or the enhancements you’ve made in Google+ Photos.

Final Thoughts

With Google+ Photos and its seamless automatic backup mechanism, losing photos is now a thing of the past. You’ll never need to fear of losing those precious moments ever again. Let me know what you think in the comments below. How do you like Google+ Photos?

Changing DNS

I was recently notified that there has been Internet issues with my ISP and that a simple change of the DNS entry will fix the issue. If you're having this issue with your ISP, then follow along.

This tutorial is for Windows 7/8 as these two are now installed on most PCs, I will post a Mac version if there's a demand for it.

Windows 7/8

For Windows 7 Users:

  1. Press your Start Button
  2. Press Control Panel

For Windows 8 Users:

  1. Move your mouse cursor to the top right hand corner of your screen
  2. Once the Charms Bar comes out, press Settings
  3. Press Control Panel

For both Windows 7/8:

  1. On the top right hand corner, next to “View By”, change the dropbox from Category to Large IconsWindows 8 Control Panel - Category View
  2. Once in Large Icons view, it should look like this:
    Windows 8 Control Panel - Large Icons View
  3. Scroll down and select “Network and Sharing Center”
    Network and Sharing Center in Windows 8
  4. On the left hand side, select “Change Adapter Settings”
    Network Connections in Windows 8
  5. Find your network adapter (depending if you're using wireless or not)
  6. Right click the Adapter and press Properties
  7. Once your Properties window comes out, it will look like this:
    Ethernet Properties in Windows 8
  8. Select Internet Protocol Version 4 (TCP/IPv4) and press Properties
  9. The Properties window will show up as shown below:
    IPv4 Properties in Windows 8
  10. As shown above, select “Use the following DNS server addresses”. Fill in the following (Google DNS servers):
    Preferred DNS server: 8.8.8.8
    Alternate DNS server: 8.8.4.4 
  11. Press OK to this Properties window and the one underneath that.
  12. Internet should work now.

Hopefully this will resolve your issue.

Supercharging Android WiFi and 3G data speeds

During the past week, I have been playing with my Google Nexus S phone (I9020T), I finally took the chance to root it, install a custom ROM and a new kernel to take advantage of the entire hardware. Those who know me well, would know that I wouldn’t just stop there. I’m a tinkerer so I dove in and tweaked Android more, scouring XDA developers and started to tweak different aspects of my phone.

One neat little tweak I found was to increase the TCP buffer size that seems like it doesn’t fragment the TCP packets as much, thus allowing higher download/upload speeds no matter if it’s WiFi or 3G data speeds.

In order to do this, you must have a rooted Android device. I’ve personally only tested this on my Nexus S, but in theory should work on any Android 4.x device. You must first extract the build.prop in the /system folder on your Android device. On your computer, open your favourite file editor and insert these lines at the end of the file:

# Network Tweaks
net.tcp.buffersize.default=4096,87380,256960,4096,16384,256960 net.tcp.buffersize.wifi=4096,87380,256960,4096,16384,256960 net.tcp.buffersize.umts=4096,87380,256960,4096,16384,256960 net.tcp.buffersize.gprs=4096,87380,256960,4096,16384,256960 net.tcp.buffersize.edge=4096,87380,256960,4096,16384,256960

By applying this code, you increase the buffer size for the TCP connections. There doesn’t seem to be settings for UDP, but I’m going to dig into more of this when I have time. Do note, that you must reboot your phone in order to have these changes take effect.

Here’s what it looks like after applying the tweak:

Android TCP tweaks

First result is with the code above, second result is without the code above.

Let me know if this helps in the comment section below!

Experiment: Neighbourhood Wireless Security

Everyone loves wireless, now-a-days we have wireless keyboards, mice, controllers, remotes, headsets, phones, networks and much much more. What people don’t usually realize is that a lot of these wireless devices can be hijacked or intercepted by malicious users who may have happen to drive or walk by your wireless devices and your device may be hijacked right then and there without you noticing that had happened.

The most common target for these wireless hijackings are wireless networks because they are everywhere and the attacker can access to a lot of information that may be useful for him or her. Some people may just do it for fun for the hell of it. Once an attacker gains access to a wireless network, he or she may do a lot of damage such as monitor the traffic flow of your computer’s network transactions. There are free and legal tools available that just do that. A very popular open source tool called Wireshark was created to listen to traffic on a network its host is connected to and is popular among malicious users and network experts alike. Other malicious uses may be just to drain you of your bandwidth. Since the late 2000s, a lot of Canadian Internet Service Providers (ISP) have been capping users on how much bandwidth they are allowed to use per month. When your bandwidth cap is drained, the user is charged extra for the overusage. There’s no limit to the damage an attacker may incur on your network and systems that reside on the network that has been compromised.

Wireless networks are very easy to sniff and it is actually completely legal since you’re not trespassing on people’s property. So out of curiosity, I set out to find out how many people would take the effort to create a secure wireless network. The methodology is that I turn on a piece of software, in this case I used KisMac, and have it take over my wireless radio to listen on all wireless routers broadcasting their networks. This technique is called wardriving and I achieved this by taking the bus and leaving my laptop on and have it listen in on the wireless network broadcasts in my neighbourhood. I collected a total of 311 networks in about a 5 km stretch of suburban neighbourhood north of Toronto.

Out of 311 networks that I scanned, I found out that:

  • 29 networks were left open for anyone to access
  • 127 networks used WEP encryption
  • 114 networks used WPA encryption
  • 41 networks used WPA2 encryption

Number of networks sorted by encryption method used.

This means there’s a whopping 9.3% of networks that are totally unprotected and is riped for pickings for a lot of hackers. Now, you might ask, well, how about the 90.7% who actually protected their networks. Doesn’t that mean that a lot of people have good wireless network security and this experiment is pretty much a futile exercise on your part? Nope. Not at all. Even though 90.7% of wireless networks I scanned were protected, 40.8% uses a very old encryption method called Wired Equivalent Privacy. While only the other 49.9% uses the newer encryption methods. Even so, only 13.2% uses the most secure encryption method.

Wired Equivalent Privacy (WEP) is a very old encryption method that was used when wireless networks started popping up during the late 1990s (before it became a popular household item). It was intended to provide the same confidentiality as wired connections. However, it was soon found out that WEP protected networks could be easily cracked and gain access to. This is why the networking industry has replaced WEP with a newer encryption method in 2003 called Wi-Fi Protected Access (WPA). Even with the introduction of WPA in 2003, it was soon superceded by WPA2 which is an upgrade to the WPA encryption method. All routers sold after 2006 must have WPA2 capability.

So now you might ask, why is there so many WEP networks still around? It is because of lack of education and just sheer laziness of people to set up their networks to use WPA2. There is however, a reason why there are networks that don’t run in WPA though. This is because there are a large array of devices that do not have proper WPA2 support since they were only mandatory in 2006. The majority of network owners don’t understand the risks behind WEP. They tend to think, “well, the network equipment manufacturer’s default choice of encryption is WEP, so it must be good right?” This is further from the truth. In fact, if there’s a willing attacker, he or she can crack WEP encryption within an hour or two. Worst case scenario is that they can be cracked in a few minutes. Running a WEP network is almost like running a network without any protection at all.

Even WPA is vulnerable to attacks, there are known ways to crack WPA passwords since the encryption of WPA was a workaround to solve the deficiencies of WEP. It tries to maintain as much backwards compatibility. Due to this compatibility, it makes it easier for attackers to crack the encryption. However, WPA is still much more secure than WEP since it is a lot more complex and takes a lot longer than WEP to crack. On the other hand, WPA2 uses a more advanced encryption method that is used industry wide in other applications called Advanced Encryption Standard (AES). So far, it’s impractical to crack an AES encrypted network. It’ll take months or even years to do so.

So if you’re like 50.1% of the networks surveyed who either have no protection or very weak protection, it is highly recommended that you should switch the encryption method on your home networking equipment. If all possible, switch your network to WPA2. It might solve your “why is my bandwidth usage so high all of a sudden?” or “where’s all my files?” conundrum. A secured network is a happy network. It makes everyone happy. By now, people shouldn’t even run opened or weak networks because it’s just ill-advised and a lot of equipment already have the safety features to safe guard people’s data and yet people don’t take advantage of them. 9.3% unprotected is very high and I was surprised. So next time if you stumble upon an open or WEP protected network and you know the owner of said network, you should tell them to secure their network properly before something bad happens to their systems!

fglrx + patched Linux kernels

So lately, I have noticed that people, including myself have been running into a fatal error which prevents your fglrx (ATi proprietary drivers) to compile due to the fact that the kernel developers decided to patch a critical vulnerability with a GPL only solution which meant that the library that fglrx requires no longer exist.

You would usually get an error like this when you try to compile the fglrx kernel module:

/usr/src/kernel-modules/fglrx /
make: Entering directory `/usr/src/packages/BUILD/kernel-2.6.35.50.3desktop'
  LD      /usr/src/kernel-modules/fglrx/built-in.o
  CC [M]  /usr/src/kernel-modules/fglrx/firegl_public.o
/usr/src/kernel-modules/fglrx/firegl_public.c: In function ‘KCL_GetInitKerPte’:
/usr/src/kernel-modules/fglrx/firegl_public.c:2378:5: warning: return makes integer from pointer without a cast
/usr/src/kernel-modules/fglrx/firegl_public.c:2379:5: warning: return makes integer from pointer without a cast
/usr/src/kernel-modules/fglrx/firegl_public.c:2380:5: warning: return makes integer from pointer without a cast
/usr/src/kernel-modules/fglrx/firegl_public.c: In function ‘KCL_GetPageTableByVirtAddr’:
/usr/src/kernel-modules/fglrx/firegl_public.c:2425:5: warning: return makes integer from pointer without a cast
/usr/src/kernel-modules/fglrx/firegl_public.c:2428:5: warning: return makes integer from pointer without a cast
/usr/src/kernel-modules/fglrx/firegl_public.c:2429:5: warning: return makes integer from pointer without a cast
/usr/src/kernel-modules/fglrx/firegl_public.c: In function ‘KCL_TestAndClearPageDirtyFlag’:
/usr/src/kernel-modules/fglrx/firegl_public.c:2598:5: warning: return makes integer from pointer without a cast
/usr/src/kernel-modules/fglrx/firegl_public.c: In function ‘KCL_GetDmaPhysAddr’:
/usr/src/kernel-modules/fglrx/firegl_public.c:2636:5: warning: return makes integer from pointer without a cast
/usr/src/kernel-modules/fglrx/firegl_public.c:2637:5: warning: return makes integer from pointer without a cast
/usr/src/kernel-modules/fglrx/firegl_public.c:2638:5: warning: return makes integer from pointer without a cast
/usr/src/kernel-modules/fglrx/firegl_public.c:2640:5: warning: return makes integer from pointer without a cast
  CC [M]  /usr/src/kernel-modules/fglrx/kcl_acpi.o
  CC [M]  /usr/src/kernel-modules/fglrx/kcl_agp.o
  CC [M]  /usr/src/kernel-modules/fglrx/kcl_debug.o
  CC [M]  /usr/src/kernel-modules/fglrx/kcl_ioctl.o
/usr/src/kernel-modules/fglrx/kcl_ioctl.c: In function ‘KCL_IOCTL_AllocUserSpace32’:
/usr/src/kernel-modules/fglrx/kcl_ioctl.c:196:5: error: implicit declaration of function ‘compat_alloc_user_space’
/usr/src/kernel-modules/fglrx/kcl_ioctl.c:196:5: warning: return makes pointer from integer without a cast
make[1]: *** [/usr/src/kernel-modules/fglrx/kcl_ioctl.o] Error 1
make: *** [_module_/usr/src/kernel-modules/fglrx] Error 2
make: Leaving directory `/usr/src/packages/BUILD/kernel-2.6.35.50.3desktop'

 

Fortunately, there is a solution to this and it took me days to find this oh so very simple solution, apparently all you need to do is to go into the /usr/src/kernel-modules/fglrx/kcl_ioctl.c file (each distribution may vary) and on line 197, change it from:

void* ATI_API_CALL KCL_IOCTL_AllocUserSpace32(long size)
{
    return compat_alloc_user_space(size);
}

#endif // __x86_64__

 

to this:

void* ATI_API_CALL KCL_IOCTL_AllocUserSpace32(long size)
{
    return arch_compat_alloc_user_space(size);
}

#endif // __x86_64__

Save the file and then recompile the kernel module by running /usr/bin/fglrx-kernel-build.sh and you should get your kernel module building again. After recompiling your kernel, reboot your machine and fglrx will then load and boot.

It's just that simple, only 5 extra characters that makes that big of a difference.

Hope this helps!

Do note that I did not discover this fix and was discovered by others. I'm just simply posting it to help others. I do not take any credit for this fix.

My distribution information :

OpenSUSE 11.3 x86_64
Linux kernel 2.6.35.5 (custom compilation) 
fglrx 8.771 (Catalyst 10.9) 

Adobe Flash “Square” Preview – First Impressions

Today Adobe Labs released a new test version of Adobe Flash codenamed “Square”. It's basically Adobe Flash 10.2. The release page doesn't really contain much about what's new about the beta.

However, what caught most people's attention is the fact that the company has released a 64-bit version of its Flash player for all of the large platforms (Windows, Mac, and Linux). This is absolutely big news and will definitely help browser makers to start pumping out 64-bit versions. Microsoft and Mozilla have both released 64-bit betas with Microsoft being the first to release a stable 64-bit version with the release of Windows XP Professional x64 Edition back in 2005. Two of the major players who are Google and Opera are lagging behind in creating 64-bit browsers. With the release of Flash 10.2, we can finally see a real push for 64-bit browsing. In fact, I'm using the Minefield x64 development build for Windows which is the development version of the upcoming Mozilla Firefox 4.0 while typing this.

There's really not much to note about this Flash release since there's really no real special features. Although, this new Flash build is a bit choppy when its playing Flash video but perhaps this is because it's a beta build. Hopefully, Adobe will fix this before the shipping version of Flash 10.2. All the features of 10.1 have been baked into this release and seeing how there's so little new features, this release was named correctly, it's just a minor update to 10.1. However, this is not to say that Adobe can't add more features along the way. Perhaps this is going to be Flash 11? Who knows.

YouTube is a bit choppy especially when playing at resolutions 720p or higher and trying to access the video player's controls. It slows down the video but not to the point where your browser would assume that Flash has crashed. Hardware acceleration is definitely noticeable since the video played smoothly without tearing either which is really good.

This “Square” preview is definitely recommended if you want to see what Adobe's up to for 64-bit browsing, but another point for them releasing this was because of Internet Explorer 9 which I will test soon.

The current version of this “Square” preview is: 10.2 d161, and the plugin file for the 64-bit build for Windows is called: NPSWF64_10_2_161.dll. You can download the build here.