It’s been several years since I got a new phone. My old Eten M700 was starting to look a bit dated and the battery would only last for several minutes of talk time. T-Mobile’s Touch Pro 2 looked like the perfect replacement since I was already a customer. The TP2 immediately felt like a huge upgrade with a large bright screen, a battery that lasted several days with casual usage, and a 3G Internet connection. Also, unlike with earlier Windows Mobile phones, not much tweaking was required to get started.

Trouble With Time
For me, the biggest annoyance on the phone is that the time constantly got reset (see forum thread). This happened occasionally when the phone would automatically connect to the Internet to check mail or weather etc… This problem appears to be local specific and is caused by the T-Mobile network. Turning the phone’s data connection off/on would reset the time properly but this wasn’t a good solution for me (if you are checking the phone to get the time, how do you know if it is wrong). What worked for me was disabling all automatic clock updates by going to phone settings–>time zones.

Google Sync
Around this time Google had just released Sync which simulated a Microsoft Exchange server and enabled push e-mail and synchronization of contacts between Gmail and Windows Mobile devices. I found that this service worked well for e-mail but was not usable to synchronization of contacts. Every time a changed contact entry was synchronized, the system incremented the contact’s birthday by one day. It appears that this issue has very recently been resolved.

Screen Protector
The screen protector that came with the phone got scratched up pretty quickly. I also didn’t install it carefully enough so I ended up with a few air pockets that did go away after several months. I got the ClearProtector as a replacement. At first, I didn’t like the replacement. This protector was much softer that the one that came with the phone so I wasn’t sure if it would last. Also, applying the protector required wetting the clear plastic to activate the adhesive (I thought that was a bit unorthodox since we are putting moisture on a electronic device). The worst part about it was the amount of bubbles (several large spots and many tiny dots) that resulted when I first applied the protector. However, after a few days of use, I started to appreciate this design. Because the protector was softer it gave the phone a better tactile feel. Also, the material was permeable, so after a few days, all the bubbles disappeared and the screen became crystal clear. The best part is that, after a month of use, there are no visible scratches on the protector either.

Car Navigation
There is some concern on web forums that the latest versions of TomTom don’t work on the TP2. All I can say is that it works for me just fine (and it would have been a deal breaker if it didn’t).

Useful Links
You may find the following links useful for setting up the phone:

• T-Mobile TP2 Forum
• XDA Developers TP2 Forum
• HTC TP2 Support Site
• HTC TP2 Forum

Update 1/25/2010: I just updated the phone to Windows Mobile 6.5. The update is available free from T-mobile.

• The biggest improvement for me was that the phone no longer forces locking the screen based on MS Exchange Server policy. The new eye-candy is nice but I appreciate WinMo 6.5’s added configuration options and back-end features for working with MS Exchange etc… much more.
• I did notice the same memory-leak/performance issue as a number of other users (memory usage jumps to over 80% after a few hours of usage. Setting the registry key HKLM/Software/HTC/ResProxy/ShareMemSize to 0 as discussed in this thread seems to have addressed the problem.
• I’m indifferent about WinMo 6.5’s honeycomb start menu; however, I don’t like the amount of junk application that T-mobile put there with this ROM. I deleted the extra application shortcuts from /Windows/StartMenu/Programs using Resco File Explorer. Note that most of these shortcuts were marked as system files and hidden by default so you have to enable viewing system files in the File Browser’s options to be able to do this.
• GPS still works (Google Maps, TomTom but not Bing) but the phone seems to have a weaker GPS reception than before the update.

Designing an entertainment center from scratch can be a daunting tasks, especially if you care about quality and aren’t looking to spend more than 5K. Here are some of the considerations that I’ve made when designing the media center in my new home.

Display
The TV is the heart of the entertainment center. There are many specifications that you can consider when choosing the display but the most important one is whether you like the image quality. At this point, most LCD’s look very similar on paper (1080p HDTV, HDMI, 120Hz etc…) and posted specifications such as contrast ratios can be questionable at best (especially when comparing different manufacturers). New technologies such as OLED displays exist but I don’t think they have matured yet for mass market consumption. Besides, being on the cutting edge can quickly put you over budget. I went with a Sharp Aquos LCD TV. Getting a projector was another consideration but the image quality just isn’t the same.

Mounting a flat screen on the wall is nice convenience. When choosing a wall mount, make sure that it can support the size/weight of your TV and that it has a solid construction (especially if it pivots). The mounts with dual-arm constructions tend to feel much more rigid so I think they are worth the extra price.
(more…)

I bought the MX860 printer because I knew it had Linux support but getting it setup was a bit harder than I had anticipated. The fist step was getting the proper drivers (since the CD that came with the printer only had Windows and MacOS drivers). Luckily the Linux drivers were available on the Canon Europe page at the following link.

The drivers are available in 3 formats: RPM package, Deb package, and the source code. After several failed attempts at getting the source code to compile, I tried installing the RPM package. Unfortunately, I run a 64-bit system and the packages were compiled for a 32-bit. The drivers essentially provide two CUPS backends: cnijnet and ncijusb. However, these files were placed in /usr/lib/cups/backend instead of in /usr/lib64/cups/backend where I needed them. Copying the files to the proper location allowed CUPS to see the drivers and I was pleasantly surprised that this actually worked. Similarly the RPM installed a CUPS filter pstocanonij into /usr/lib/cups/filter instead of into /usr/lib64/cups/filter so this file needs to be copied as well. Just make sure to restart the CUPS server using the following command before continuing to the next step: /etc/init.d/cups restart

Before playing with the CUPS configuration, I wanted to test that the drivers were installed properly and could find the printer on the network. To do this just run /usr/lib/cups/backend/cnijnet from the command prompt and it should return the device URI for the printer. If this works, just open to the CUPS config page in your browser of choice at http://localhost:631/ and add the new printer. The Canon MX860 series Ver.3.10 driver should be available in the pick-list. If the test page does not come out, check your firewall settings. You may also find other discussions on setting up the MX860 in Linux useful. Good luck.

When I wrote my earlier article on Managing Users in a PHP Web Application, I neglected to mention that the authentication mechanism is only acceptable when users are connected over a secure connected (HTTPS) or are on a trusted network (such as a corporate intranet). We went through great lengths ensuring that the passwords are stored securely in the database and that the site is not susceptible to SQL injection or XSS techniques. However, when the login form is submitted over an unsecured internet connection the password is sent back to the server in plain text. Anyone lurking on the network can easily get the login credentials using a network sniffer such as Wireshark. The solution to this problem is to hash the password using MD5 on the client side prior to submitting the login page. This is similar to how we hashed the password stored in the database to prevent people with access to the table from viewing users’ passwords.

The following article goes over the technique of securing client-side passwords using a JavaScript implementation of MD5. The key to take away from the article (besides the JavaScript code for MD5) is that the user’s password is hashed and submitted in hashed form only. In my case, I simply replace the clear text password with the hashed version prior to submitting the login form. This is the only change required to the login form code implemented in the previous article.

<input onclick="document.form.txtPW.value=MD5(document.form.txtPW.value)" name="Login" type="submit" value="Login" />

Note that this solution will only work if the client has JavaScript enabled on their browser. You can use FireBug’s network panel to verify that the clear-text password is not transmitted.

Recently, I was forced to relocate my Linux server so I decided to try out 1&1’s Shared Web Hosting package. This option was a lot cheaper then paying collocation fees at a server farm and provided a solution that is a bit easier to maintain. The challenge was setting up the environment to have the same functionality that I used to have on the LAMP server in 1&1’s restricted environment. I’ll describe some of the challenges and solutions bellow. This is a follow-up to an earlier guide that I wrote on Configuring a 1&1 Shared Host. (more…)

Background
The goal was to create a simple and secure way to distribute and synchronize bookmarks across multiple desktops, different browsers, and different operating systems anywhere in the world. I run Linux as my primary desktop and Konqueror as the default browser (which I used to collect hundreds of links). I have tried using services like Del.icio.us and various Firefox plugins but none were ideal. Services require settings up an account on a public server which present some privacy concerns. Even if the account is private, the host will use your data for marketing and social networking. Why would you want someone knowing what stores you shop at and which financial institutions you use (even if they claim to be anonymous)? Plugins have their own problems by limiting users to a particular browser and requiring importing/exporting the Bookmarks on each browser.

The solution involves distributing the Bookmarks over a secure RSS feed and using Firefox’s Live Bookmarks feature to display the feed. Since Firefox displays the RSS feeds directly in the Bookmarks menu, the list of links looks like it was there all along. Fortunately, other browsers are starting to implement similar functionality and the Bookmarks can even be published on online RSS readers.

Security
I wanted to keep my Bookmarks private so security was a concern. The RSS Feed can be distributed over a secured connection (HTTPS) and password protected using Basic Access Authentication. Until recently, secured RSS feeds were not universally supported by RSS readers; but, as of Firefox 3, this setup works as it should. Firefox even tracks login credentials so you will not be prompted to login each time that the Live Bookmarks folder is opened.

Implementation
I implemented the RSS feed using PHP and an Apache Web Server. There are plenty of guides for publishing RSS feeds using PHP so I won’t get into the details here. Settings up a secure web server and Basic Authentication is fairly straight forward in Apache. I guess this solution is less then ideal if you don’t already have a working Web server with PHP support.

The brunt of the work involved reading the configuration file containing the bookmarks from Konqueror into a PHP array and outputting it in Atom 2.0 format.

Limitations
It would have been great if different channels in a single RSS feed showed up in their own sub-folder. Unfortunately Firefox does not support having sub-folders as part of a Live Bookmarks feed. Firefox only loads the first “channel” section of the XML file, ignoring the rest.

To compensate for this shortcoming, I prefixed each link with the desired folder name(s) such that each link was a canonical path. Another solution is to pass query string parameters to the the script that generates the RSS feed to indicate which Bookmarks folder to load. With this approach, you can even implement a dynamic search of your bookmarks.

Unison is a universal tool for synchronizing files. Although the program is no longer actively developed, it has enough useful features to make it my tool of choice for many tasks and projects. Here are a few scenarios for which I find Unison to be particularly useful:

Application Deployment
While Unison is in no way a replacement for version control, it can be used to release (web/intranet) applications from staging to production environments. This approach has several advantages. First, it is faster (and safer) than doing a full copy of a large site. Before the changes are committed, the program displays a summary of changed files and allows you to use diff to view/confirm the changes that were made. Since, platforms like ASP.NET can compile pages on-the-fly (in memory) synchronizing only the changed files saves the server processing time and improves the users’ experience. Also, synchronization is bidirectional (unlike rsync) so changes made directly on the production copy can be detected (just don’t ask who made them). Of course all of this can be achieved by writing custom deployment scripts but running Unison is far easier (especially if you have a frequent release schedule).

Synchronizing Documents with Mobile Gadgets
I run a central file server that hosts all of my documents. Although I can access the documents remotely, I often make create replicas for my laptop, PDA, and flash drive (as needed) for times when I am not connected or the internet connection is too slow. Unison is particularly useful here because it is available for Windows, Linux, and Mac and can synchronize local files (for flash drive), network shares, and over SSH. This was the only tool that I found that can safely and securely synchronize files from my Linux server to my windows laptop without compromising any functionality on either platform. Furthermore, if you have more than two replicas of the same files, you can safely synchronize the replicas two at a time to propagate changes.

Backup
There are many backup and disaster recovery solutions; however on Unix/Linux, everything is just a file. It’s often easier and more useful to just make a copy of everything to an external disk and maintain it by synchronizing. To recover, just copy the files back. I wouldn’t recommend this approach on a critical corporate server; but, for a personal server I find this approach is good enough.

Unison is free. Give it a shot.

Recently, the power supply on my server failed damaging the motherboard and all attached hard drives. I used many precautionary measures to protect the data on the server but they were not enough to avoid going through data recovery. The data was on a journaling file system (ReiserFS v.3) but that doesn’t help when the disks are fried and un-readable. The data was also mirrored across two 250GB drives which, as luck would have it, were both unusable. Sure there were several server backups as well but none were recent or complete enough to be usable.

My data recovery quest started with some anecdotal attempts to get the drives to work. The USB SATA adaptors did not work nor did the trick of putting the disks in the freezer (as silly as that sounds some have had luck with this approach so I figured is was worth a shot). It was time to enlist professional help so I contacted CBL Data Recovery who have had a long history recovering data from various disasters.

Pros:

• CBL performs an assessment of the damage and only charges you if they are able to recover the data.
• The prices are reasonable compared to other services that I have seen that change 10K and above.
• Friendly service

Cons:

• The recovery process took over a week. Apparently, the disk platters got damaged as well as the disk circuit board.
• The customer service representatives were not very helpful and did not appear technically inclined. The CBL engineers that I talked to were much more aware of the situation.
• Many of recovered text files had some binary data after the EOF flag which caused some Linux programs to crash when opening the files. This was fixable but time consuming.

Ultimately, CBL was able to recover all the data from the drives. Time to rebuild my server and think of a better backup strategy.

WordPressis a great blogging engine. It’s flexible, scalable, and easy to tweak/configure to integrate into an existing PHP site. However, if you have an existing site with available user authentication and management capabilities, getting WordPress to accept those credentials (in a single sign-on fashion) can be a bit of a challenge.

Before we proceed, I should note that there are a number of available plugins that enable WordPress to integrate with some of the popular content management systems out there. Our requirement is a bit different however. We want to bypass WordPress’ authentication mechanism all together and have users login through the main portion of the site. In fact, in a well integrated site, the interface should make navigating between WordPress pages and the rest of the site seamless to the user. Our goal is to write a WordPress plug-in that will automatically authenticate a user who is already logged into the parent site (and, consequently, grant the user access to edit the blog’s content). All other users will have the rights of an unregistered visitor.

In my setup, the main site has role-based permissions and the WordPress setup only has one account for each role (i.e. admin, editor, user etc…). The plugin first checks the role of the user logged in to the main site and then simulates a WordPress login anytime the user navigates to the blog. You should be able to customize this method for your own needs.

function auto_login() {
    if (!is_user_logged_in()) {
        //determine WordPress user account to impersonate
        $user_login = 'guest'; 

        //get users password
        $user = new WP_User(0, $user_login);
        $user_pass = md5($user->user_pass); 

        //login, set cookies, and set current user
        wp_login($user_login, $user_pass, true);
        wp_setcookie($user_login, $user_pass, true);
        wp_set_current_user($user->ID, $user_login);
    }
}
add_action('init', 'auto_login');

Additional notes and caveats for the attentive reader

• There is a wp-include/pluggable.phpfile that defines all the functions that you can override and hook into. The WordPress API documentation is not very thorough so you may need to review the actual code.
• WordPress uses a double MD5 hash of the password to authenticate the user. In the database, the password is stored as a single hash. We need to hash that password again before passing it into the wp_login() function (and set the third parameter to indicate that the password is already hashed). Obviously hard coding the actual password would be a big no-no.

We did all this work to login but what about logging out? We have several options. First, we can call WordPress’ logout method which is wp_clearcookie()from the main site.  The drawback to this approach is that we need to include all the WordPress libraries into our main site for this to work (too much unnecessary overhead IMHO). The other approach is to not use cookies at all thus alleviating the need to logout. To do this we simply remove the call to wp_setcookie()in out plugin and override the auth_redirect()function to do nothing. This works because we impersonate the user on every page load and the only WordPress code that checks the cookie was in auth_redirect()until we got rid of it. Another side effect of this is that un-authenticated WordPress users will no longer be taken to the WordPress login page (but we didn’t want that anyway).

Update 6/4/08: There were a few changes to the WordPress API as of version 2.5 and some of the functions I used above became depreciated. The API documentation has also improved. A better way to implement the auto_login() function above is as follows.

function auto_login() {
    if (!is_user_logged_in()) {
        //determine WordPress user account to impersonate
        $user_login = 'guest';

       //get user's ID
        $user = get_userdatabylogin($user_login);
        $user_id = $user->ID;
  
        //login
        wp_set_current_user($user_id, $user_login);
        wp_set_auth_cookie($user_id);
        do_action('wp_login', $user_login);
    }
} 
add_action('init', 'auto_login');

Recently, I was working on a project to setup a new website on a 1 & 1 shared host. Shared hosts are a cheap alternative to VPS and managed servers but they come with a mixed bag of restrictions that limit your ability to configure the server. I was looking for a host for under $10/month that offered SSH access and had a typical LAMP setup. This is how I configured the rest. (more…)